com.prosysopc.ua.stack.cert

Class PkiDirectoryCertificateStore

java.lang.Object

com.prosysopc.ua.stack.cert.PkiDirectoryCertificateStore

All Implemented Interfaces:

CertificateStore

public class PkiDirectoryCertificateStore
extends Object
implements CertificateStore

A CertificateStore that keeps certificates on disk.

Constructor Summary

Constructors

Constructor and Description
PkiDirectoryCertificateStore() Create a new validator using the default baseDir ("PKI\CA"), trustedDir ("certs"), rejectedDir ("rejected") and revokedDir ("crl").
PkiDirectoryCertificateStore(String baseDir) Create a new validator using a baseDir and default subdirs: trustedDir ("certs"), rejectedDir ("rejected") and revokedDir ("crl").
PkiDirectoryCertificateStore(String baseDir, String trustedDir, String rejectedDir, String revocationDir) Create a new validator using a baseDir and subdirectory names, trustedDir, rejectedDir and revocationDir.

Method Summary

Modifier and Type	Method and Description
void	addCertificate(ValidationResult type, Cert certificate) Add a certificate to the store.
void	addListener(DefaultCertificateStoreListener listener)
void	addRejectedCertificate(Cert certificate) Add a certificate to the rejected certificates.
void	addRevocationList(X509CRL crl) Add a certificate revocation list to the store.
void	addTrustedCertificate(Cert certificate) Add a certificate to the trusted certificates.
void	clear(boolean removeFiles) Clears the certificate lists.
File	getBaseDir()
static int	getDefaultMaxStoredRejectedCertificates() The default number of rejected certificates to keep.
File	getFileForCert(Cert cert) Returns File for the given Certificate.
int	getMaxStoredRejectedCertificates()
Set<Cert>	getRejectedCerts() Get all certificates that are stored as Rejected.
File	getRejectedDir()
File	getRevocationDir()
Set<X509CRL>	getRevocationLists() Get all revocation lists the store has.
Set<Cert>	getTrustedCerts() Get all certificates that are stored as Trusted.
File	getTrustedDir()
boolean	isStoreAcceptOnceCertificates()
void	refresh() Refresh certificates.
void	removeCertificate(Cert certificate) Removes a certificate from the store.
void	removeListener(DefaultCertificateStoreListener listener)
static void	setDefaultMaxStoredRejectedCertificates(int defaultMaxStoredRejectedCertificates) Set the default number of rejected certificates to keep.
void	setMaxStoredRejectedCertificates(int maxStoredRejectedCertificates) Defines the maximum amount of rejected certificates that should be stored.
void	setStoreAcceptOnceCertificates(boolean storeAcceptOnceCertificates) Defines whether certificates that are accepted with AcceptOnce status are stored in the certificate store or not.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PkiDirectoryCertificateStore

public PkiDirectoryCertificateStore()

Create a new validator using the default baseDir ("PKI\CA"), trustedDir ("certs"), rejectedDir ("rejected") and revokedDir ("crl").

PkiDirectoryCertificateStore

public PkiDirectoryCertificateStore(String baseDir)

Create a new validator using a baseDir and default subdirs: trustedDir ("certs"), rejectedDir ("rejected") and revokedDir ("crl").

Parameters:

baseDir - the path to the base directory where the certificate directories are kept.

PkiDirectoryCertificateStore

public PkiDirectoryCertificateStore(String baseDir,
                                    String trustedDir,
                                    String rejectedDir,
                                    String revocationDir)

Create a new validator using a baseDir and subdirectory names, trustedDir, rejectedDir and revocationDir.

Parameters:

baseDir - the path to the base directory where the certificate directories are kept. Use null, if you wish to define the other directories with absolute paths.

trustedDir - the name of the directory in which the trusted certificates are kept. If baseDir is defined, this is a relative path to that, e.g. a subdirectory name.

rejectedDir - the name of the directory in which the rejected certificates are kept. If baseDir is defined, this is a relative path to that, e.g. a subdirectory name.

revocationDir - the name of the directory in which revoked certificates are kept. If baseDir is defined, this is a relative path to that, e.g. a subdirectory name.

Method Detail

getDefaultMaxStoredRejectedCertificates

public static int getDefaultMaxStoredRejectedCertificates()

The default number of rejected certificates to keep. Default value 1000.

setDefaultMaxStoredRejectedCertificates

public static void setDefaultMaxStoredRejectedCertificates(int defaultMaxStoredRejectedCertificates)

Set the default number of rejected certificates to keep. Default value .

addCertificate

public void addCertificate(ValidationResult type,
                           Cert certificate)

Description copied from interface: CertificateStore

Add a certificate to the store. Note! it is implementation specific which types are stored, e.g. an implementation may choose to store only trusted certificates. Implementation should store the certificates in a persistent storage. AcceptOnce type certificates could be stored as rejected, if there is need to accept them later (using a mechanism outside of this interface).

Specified by:

addCertificate in interface CertificateStore

Parameters:

type - trusted, rejected or accept once.

certificate - the certificate to add.

addListener

public void addListener(DefaultCertificateStoreListener listener)

addRejectedCertificate

public void addRejectedCertificate(Cert certificate)

Add a certificate to the rejected certificates.

Parameters:

certificate - the certificate to add

addRevocationList

public void addRevocationList(X509CRL crl)

Add a certificate revocation list to the store. NOTE! currently it is NOT written to the disk.

Parameters:

crl - revocation list to add

addTrustedCertificate

public void addTrustedCertificate(Cert certificate)

Add a certificate to the trusted certificates.

Parameters:

certificate - the certificate to add

clear

public void clear(boolean removeFiles)

Clears the certificate lists.

Parameters:

removeFiles - if true, removes all certificate files as well. Be careful with this!

getBaseDir

public File getBaseDir()

Returns:

the baseDir

getFileForCert

public File getFileForCert(Cert cert)

Returns File for the given Certificate.

Parameters:

cert - the certificate

Returns:

File for the given Cert or null if Cert is null or cannot be found

getMaxStoredRejectedCertificates

public int getMaxStoredRejectedCertificates()

Returns:

the maxStoredRejectedCertificates

getRejectedCerts

public Set<Cert> getRejectedCerts()

Description copied from interface: CertificateStore

Get all certificates that are stored as Rejected. Note! implementers may choose to not store rejected certificates, in this case return empty set. Note! If the implementor chooses to do so, this set may also contain certificates that were previously accepted once.

Specified by:

getRejectedCerts in interface CertificateStore

Returns:

the certificates that are rejected or empty set if none. The returned set should be treated as immutable.

getRejectedDir

public File getRejectedDir()

Returns:

the rejectedDir

getRevocationDir

public File getRevocationDir()

Returns:

the revocationDir

getRevocationLists

public Set<X509CRL> getRevocationLists()

Description copied from interface: CertificateStore

Get all revocation lists the store has.

Specified by:

getRevocationLists in interface CertificateStore

Returns:

revocation lists, or empty set if none. The returned set should be treated as immutable.

getTrustedCerts

public Set<Cert> getTrustedCerts()

Description copied from interface: CertificateStore

Get all certificates that are stored as Trusted. In a directory based PKI store, this would mean that the set contains all certs in 'certs' or 'trusted' folder. It is possible and allowed to return certificates that are revoked in this set, i.e. the implementation of this method should not perform any validation, user of the CertificateStore should check the revocation against the CertificateStore.getRevocationLists() revocation lists.

Specified by:

getTrustedCerts in interface CertificateStore

Returns:

the certificates or empty set if none. The returned set should be treated as immutable.

getTrustedDir

public File getTrustedDir()

Returns:

the trustedDir

isStoreAcceptOnceCertificates

public boolean isStoreAcceptOnceCertificates()

Returns:

the storeAcceptOnceCertificates

refresh

public void refresh()

Refresh certificates. Call this method in case you change certificates outside of this instance (e.g. move files on disk) and want to refresh before a validateCertificate call happens (which does this automatically).

removeCertificate

public void removeCertificate(Cert certificate)

Removes a certificate from the store.

Parameters:

certificate - the certificate to remove

removeListener

public void removeListener(DefaultCertificateStoreListener listener)

setMaxStoredRejectedCertificates

public void setMaxStoredRejectedCertificates(int maxStoredRejectedCertificates)

Defines the maximum amount of rejected certificates that should be stored. '-1' can be used to indicate there is no limit. Default .

setStoreAcceptOnceCertificates

public void setStoreAcceptOnceCertificates(boolean storeAcceptOnceCertificates)

Defines whether certificates that are accepted with AcceptOnce status are stored in the certificate store or not. If they are stored, they are stored in the RejectedCertificates. You may want to store them to be able to validate the certificate contents later on from the file.

Default: true

Parameters:

storeAcceptOnceCertificates - true if accept once certs should be stored