org.glite.security.voms
Class BasicVOMSTrustStore

java.lang.Object
  extended byorg.glite.security.voms.BasicVOMSTrustStore
All Implemented Interfaces:
ACTrustStore

public final class BasicVOMSTrustStore
extends java.lang.Object
implements ACTrustStore

Implementation of a AC trust store for use with VOMS. The store keeps an in-memory cache of issuer certificates, which can be refreshed periodically.

Author:
mulmo

Field Summary
static java.lang.String DEFAULT_TRUST_STORE_LISTING
           
 
Constructor Summary
BasicVOMSTrustStore()
          Creates a default VOMS trust store.
BasicVOMSTrustStore(java.lang.String trustedDirList, long refreshPeriod)
          Creates and manages an in-memory cache of VOMS issuers by periodically scanning a directory containing the trusted issuers.
 
Method Summary
 java.security.cert.X509Certificate[] getAACandidate(javax.security.auth.x500.X500Principal issuer)
          Returns an array of issuer candidates, by performing a name comparison of the AC's issuer and the subject names of the certificates in the trust store.
 void refresh()
          Refreshes the in-memory cache of trusted signer certificates.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

DEFAULT_TRUST_STORE_LISTING

public static final java.lang.String DEFAULT_TRUST_STORE_LISTING
See Also:
Constant Field Values
Constructor Detail

BasicVOMSTrustStore

public BasicVOMSTrustStore()
Creates a default VOMS trust store. Equivalent to
new BasicVOMSTrustStore(DEFAULT_TRUST_STORE_LISTING, 300000);


BasicVOMSTrustStore

public BasicVOMSTrustStore(java.lang.String trustedDirList,
                           long refreshPeriod)
Creates and manages an in-memory cache of VOMS issuers by periodically scanning a directory containing the trusted issuers. If refreshPeriod is 0, it never refreshes.

Parameters:
trustedDirList - directory listing containing trusted VOMS certs
refreshPeriod - refresh period in milliseconds
See Also:
DirectoryList
Method Detail

refresh

public void refresh()
Refreshes the in-memory cache of trusted signer certificates.


getAACandidate

public java.security.cert.X509Certificate[] getAACandidate(javax.security.auth.x500.X500Principal issuer)
Description copied from interface: ACTrustStore
Returns an array of issuer candidates, by performing a name comparison of the AC's issuer and the subject names of the certificates in the trust store.
NOTE: No actual verification or validation of signature takes place in this function.

Specified by:
getAACandidate in interface ACTrustStore
Returns:
an array of issuer candidates, or null in case of an error.