ItemListener
, Serializable
, Cloneable
, Iterable<CertificatePair>
, Collection<CertificatePair>
, EventListener
, List<CertificatePair>
, RandomAccess
, ListModel
CertificateStoreWithDefault
public class CertificateStore extends ArrayListModel<CertificatePair> implements ItemListener
.globus
-type certificates on disk
This represents a directory that has .globus
-type subdirectories as
its children, each of which is represented by a CertificatePair
.
The default location of this store is ~/.globus
(though it can be
overridden by the system property x509_user_dir
. The key and
certificate found in this directory itself are ignored; please see
CertificateStoreWithDefault
for handling those.
All this is implemented to allow multiple certificates to be present, for example when one is a member of multiple organisations, or if a renewal is in progress.
ItemListener
interface was implemented, and the ArrayListModel
was used as its
parent class. The former allows one to catch changes in a
CertificatePair, while the latter notifies its listeners when
an item is added or removed.
Modifier and Type | Field | Description |
---|---|---|
protected CertificatePair |
defaultCert |
Default certificate (the one copied to
~/.globus ) |
protected static Logger |
logger |
|
protected File |
path |
|
protected PasswordCache |
pwcache |
|
protected String |
userCertPrefix |
Prefix of user certificate subdirs of
~/.globus to load from |
modCount
listeners, source
Constructor | Description |
---|---|
CertificateStore() |
new empty certificate store
|
CertificateStore(File path) |
new certificate store and load from path as File
|
CertificateStore(String path) |
new certificate store and load from path
|
Modifier and Type | Method | Description |
---|---|---|
boolean |
certificateInStore(CertificatePair newCert) |
Checks whether given certificate is already in store
|
CertificatePair |
delete(int index) |
Deletes a CertificatePair from the store.
|
CertificatePair |
delete(CertificatePair cert) |
|
protected void |
deletePath(File certPath) |
Deletes a path on which a CertificatePair is based from disk.
|
CertificatePair |
generateRenewal(CertificatePair oldCert) |
Renew a certificate
|
CertificatePair |
generateRenewal(CertificatePair oldCert,
char[] pw) |
Renew a certificate
|
CertificatePair |
generateRenewal(CertificatePair oldCert,
Properties p) |
Renew a certificate
|
CertificatePair |
generateRenewal(CertificatePair oldCert,
Properties p,
char[] pw) |
Renew a certificate with preset password
|
CertificatePair |
generateRequest(Properties p) |
Create a new certificate request
|
CertificatePair |
generateRequest(Properties p,
char[] pw) |
Create a new certificate request with preset password
|
CertificatePair |
importFrom(File src) |
Import a PKCS#12 or PEM file as a new entry
|
CertificatePair |
importFrom(File src,
boolean askNewPassword) |
Import a PKCS#12 or PEM file as a new entry
|
CertificatePair |
importFrom(File src,
char[] dstpw) |
Import a PKCS#12 or PEM file as a new entry
|
CertificatePair |
importFrom(File src,
char[] dstpw,
boolean askNewPassword) |
Import a PKCS#12 or PEM file as a new entry
|
void |
itemStateChanged(ItemEvent e) |
ItemListener handler to catch changes in CertificatePair
|
void |
load() |
load certificates from the default directory
|
void |
load(File path) |
Load certificates from store path
|
void |
load(String path) |
Load certificates from store path
|
protected File |
newItem() |
|
protected File |
newItem(Calendar when) |
Create a new subdirectory for a CertificatePair in this store.
|
protected void |
notifyAdded(int start,
int end) |
Hook parent to add an ItemListener when an item is added.
|
protected void |
notifyRemoved(int start,
int end) |
Hook parent to remove an ItemListener when an item is removed
|
void |
refresh() |
refresh the certificate list from its source and each certificate as well
|
void |
sort() |
Sort the certificates in the store in (inverse) chronological order
|
protected boolean |
tryAdd(File f) |
Try to add a certificate path to this store but don't fail if an error occurs.
|
containsAll, toString
equals, hashCode
addAll, addAll, clone, contains, ensureCapacity, forEach, get, indexOf, isEmpty, iterator, lastIndexOf, listIterator, listIterator, removeAll, removeIf, replaceAll, retainAll, size, sort, spliterator, subList, toArray, toArray, trimToSize
add, add, addListDataListener, clear, getElementAt, getSize, notifyChanged, remove, remove, removeListDataListener, removeRange, set
parallelStream, stream
containsAll, equals, hashCode
protected static Logger logger
protected File path
protected PasswordCache pwcache
protected CertificatePair defaultCert
~/.globus
)protected final String userCertPrefix
~/.globus
to load frompublic CertificateStore()
public CertificateStore(String path)
public CertificateStore(File path)
public void load()
This is ~/.globus
by default, but if the hostname starts
with "tutorial" we have something different. The system property
x509_user_dir
can be used to override this.
TODO move this out of jGridStart and put it in a configfile
public void load(String path)
All subdirectories of the supplied path are loaded as separate certificates.
path
- Path to load certificates fromload(File)
public void load(File path)
All subdirectories of the supplied path that start with
userCertPrefix
are loaded as separate certificates; in
addition to this, the directory itself is loaded as well.
path
- Directory to load certificates frompublic void sort()
Certificates are ordered according to notBefore() time, in case there already is a certificate, otherwise, the current time is used.
public void refresh() throws GeneralSecurityException, IOException, CAException
protected boolean tryAdd(File f)
f
- File to addprotected File newItem(Calendar when) throws IOException
It is formatted as user-cert-YYYYddMM-xx
so each item is unique and
can be recognised by its creation date. When when
is non-null, it will
be used as the date, otherwise the current date will be used.
when
- Creation date or start of validity period of certificate; or null.IOException
protected File newItem() throws IOException
IOException
protected void notifyAdded(int start, int end)
notifyAdded
in class ArrayListModel<CertificatePair>
protected void notifyRemoved(int start, int end)
notifyRemoved
in class ArrayListModel<CertificatePair>
public void itemStateChanged(ItemEvent e)
itemStateChanged
in interface ItemListener
public CertificatePair delete(int index) throws IOException
This removes it permanently from disk, so be careful.
In the future it may be put into an archive instead.
Only files related to the certificate are removed (see
CertificatePair.getRelatedFilesPossible()
) and if the
directory is empty afterwards, it will be removed too.
TODO should this be called 'remove' or is that too dangerous?
IOException
protected void deletePath(File certPath) throws IOException
IOException
delete(int)
public CertificatePair delete(CertificatePair cert) throws IOException
IOException
public CertificatePair importFrom(File src, char[] dstpw, boolean askNewPassword) throws IOException, GeneralSecurityException, CertificateCheck.CertificateCheckException
A new CertificatePair is created from the imported file, and this is added as a new entry to this store.
src
- File to import fromdstpw
- password to use for private key storage, or null
to use the
same password as the import passwordaskNewPassword
- whether to ask for a new password for the imported
keyIOException
GeneralSecurityException
CertificateCheck.CertificateCheckException
public CertificatePair importFrom(File src, boolean askNewPassword) throws IOException, GeneralSecurityException, CertificateCheck.CertificateCheckException
src
- File to import fromaskNewPassword
- whether to ask for a new password for the imported
keyIOException
GeneralSecurityException
CertificateCheck.CertificateCheckException
importFrom(File, char[], boolean)
public CertificatePair importFrom(File src, char[] dstpw) throws IOException, GeneralSecurityException, CertificateCheck.CertificateCheckException
src
- File to import fromdstpw
- password to use for private key storage, or null
to use the
same password as the import passwordIOException
GeneralSecurityException
CertificateCheck.CertificateCheckException
importFrom(File, char[], boolean)
public CertificatePair importFrom(File src) throws IOException, GeneralSecurityException, CertificateCheck.CertificateCheckException
src
- File to import fromIOException
GeneralSecurityException
CertificateCheck.CertificateCheckException
importFrom(File, char[], boolean)
public CertificatePair generateRequest(Properties p) throws IOException, GeneralSecurityException, PasswordCancelledException, CAException
p
- Properties to use for generationIOException
GeneralSecurityException
PasswordCancelledException
CAException
CertificatePair.generateRequest(java.io.File, java.util.Properties, char[])
public CertificatePair generateRequest(Properties p, char[] pw) throws IOException, GeneralSecurityException, PasswordCancelledException, CAException
p
- Properties to use for generationpw
- password to use for new private keyIOException
GeneralSecurityException
PasswordCancelledException
CAException
CertificatePair.generateRequest(java.io.File, java.util.Properties, char[])
public CertificatePair generateRenewal(CertificatePair oldCert, Properties p, char[] pw) throws IOException, GeneralSecurityException, PasswordCancelledException, CAException, CertificateCheck.CertificateCheckException
Generates a new certificate request in the store supplying password for new private key as a renewal from an existing certificate.
oldCert
- certificate to renewp
- Properties to use for generationpw
- password to use for new private keyIOException
GeneralSecurityException
PasswordCancelledException
CAException
CertificateCheck.CertificateCheckException
public CertificatePair generateRenewal(CertificatePair oldCert, Properties p) throws PasswordCancelledException, IOException, GeneralSecurityException, CAException, CertificateCheck.CertificateCheckException
public CertificatePair generateRenewal(CertificatePair oldCert, char[] pw) throws PasswordCancelledException, IOException, GeneralSecurityException, CAException, CertificateCheck.CertificateCheckException
public CertificatePair generateRenewal(CertificatePair oldCert) throws PasswordCancelledException, IOException, GeneralSecurityException, CAException, CertificateCheck.CertificateCheckException
public boolean certificateInStore(CertificatePair newCert)
Copyright © 2010-2018 Nikhef / Stichting FOM. All Rights Reserved.