CertificateStore (jGridstart top-level 1.19)

java.lang.Object
- java.util.AbstractCollection<E>
- - java.util.AbstractList<E>
  - - java.util.ArrayList<T>
    - - nl.nikhef.jgridstart.gui.util.ArrayListModel<CertificatePair>
      - nl.nikhef.jgridstart.CertificateStore

All Implemented Interfaces:

ItemListener, Serializable, Cloneable, Iterable<CertificatePair>, Collection<CertificatePair>, EventListener, List<CertificatePair>, RandomAccess, ListModel

Direct Known Subclasses:

CertificateStoreWithDefault
```
public class CertificateStore
extends ArrayListModel<CertificatePair>
implements ItemListener
```
Management of multiple .globus-type certificates on disk
This represents a directory that has .globus-type subdirectories as its children, each of which is represented by a CertificatePair.
The default location of this store is ~/.globus (though it can be overridden by the system property x509_user_dir. The key and certificate found in this directory itself are ignored; please see CertificateStoreWithDefault for handling those.
All this is implemented to allow multiple certificates to be present, for example when one is a member of multiple organisations, or if a renewal is in progress.

Listeners
A user-interface may want to keep a list of certificates synchronised with this CertificateStore. To this end, the ItemListener interface was implemented, and the ArrayListModel was used as its parent class. The former allows one to catch changes in a CertificatePair, while the latter notifies its listeners when an item is added or removed.

Author:

wvengen

See Also:

Serialized Form

Field Summary

Fields
Modifier and Type	Field	Description
`protected CertificatePair`	`defaultCert`	Default certificate (the one copied to `~/.globus`)
`protected static Logger`	`logger`
`protected File`	`path`
`protected PasswordCache`	`pwcache`
`protected String`	`userCertPrefix`	Prefix of user certificate subdirs of `~/.globus` to load from

Fields inherited from class java.util.AbstractList
modCount

Fields inherited from class nl.nikhef.jgridstart.gui.util.ArrayListModel
listeners, source

Constructor Summary

Constructors
Constructor	Description
`CertificateStore()`	new empty certificate store
`CertificateStore(File path)`	new certificate store and load from path as File
`CertificateStore(String path)`	new certificate store and load from path

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`boolean`	`certificateInStore(CertificatePair newCert)`	Checks whether given certificate is already in store
`CertificatePair`	`delete(int index)`	Deletes a CertificatePair from the store.
`CertificatePair`	`delete(CertificatePair cert)`
`protected void`	`deletePath(File certPath)`	Deletes a path on which a CertificatePair is based from disk.
`CertificatePair`	`generateRenewal(CertificatePair oldCert)`	Renew a certificate
`CertificatePair`	`generateRenewal(CertificatePair oldCert, char[] pw)`	Renew a certificate
`CertificatePair`	`generateRenewal(CertificatePair oldCert, Properties p)`	Renew a certificate
`CertificatePair`	`generateRenewal(CertificatePair oldCert, Properties p, char[] pw)`	Renew a certificate with preset password
`CertificatePair`	`generateRequest(Properties p)`	Create a new certificate request
`CertificatePair`	`generateRequest(Properties p, char[] pw)`	Create a new certificate request with preset password
`CertificatePair`	`importFrom(File src)`	Import a PKCS#12 or PEM file as a new entry
`CertificatePair`	`importFrom(File src, boolean askNewPassword)`	Import a PKCS#12 or PEM file as a new entry
`CertificatePair`	`importFrom(File src, char[] dstpw)`	Import a PKCS#12 or PEM file as a new entry
`CertificatePair`	`importFrom(File src, char[] dstpw, boolean askNewPassword)`	Import a PKCS#12 or PEM file as a new entry
`void`	`itemStateChanged(ItemEvent e)`	ItemListener handler to catch changes in CertificatePair
`void`	`load()`	load certificates from the default directory
`void`	`load(File path)`	Load certificates from store path
`void`	`load(String path)`	Load certificates from store path
`protected File`	`newItem()`
`protected File`	`newItem(Calendar when)`	Create a new subdirectory for a CertificatePair in this store.
`protected void`	`notifyAdded(int start, int end)`	Hook parent to add an ItemListener when an item is added.
`protected void`	`notifyRemoved(int start, int end)`	Hook parent to remove an ItemListener when an item is removed
`void`	`refresh()`	refresh the certificate list from its source and each certificate as well
`void`	`sort()`	Sort the certificates in the store in (inverse) chronological order
`protected boolean`	`tryAdd(File f)`	Try to add a certificate path to this store but don't fail if an error occurs.

Methods inherited from class java.util.AbstractCollection
containsAll, toString

Methods inherited from class java.util.AbstractList
equals, hashCode

Methods inherited from class java.util.ArrayList
addAll, addAll, clone, contains, ensureCapacity, forEach, get, indexOf, isEmpty, iterator, lastIndexOf, listIterator, listIterator, removeAll, removeIf, replaceAll, retainAll, size, sort, spliterator, subList, toArray, toArray, trimToSize

Methods inherited from class nl.nikhef.jgridstart.gui.util.ArrayListModel
add, add, addListDataListener, clear, getElementAt, getSize, notifyChanged, remove, remove, removeListDataListener, removeRange, set

Methods inherited from interface java.util.Collection
parallelStream, stream

Methods inherited from interface java.util.List
containsAll, equals, hashCode

Methods inherited from class java.lang.Object
finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail
- logger
```
protected static Logger logger
```
- path
```
protected File path
```
- pwcache
```
protected PasswordCache pwcache
```
- defaultCert
```
protected CertificatePair defaultCert
```
  Default certificate (the one copied to ~/.globus)
- userCertPrefix
```
protected final String userCertPrefix
```
  Prefix of user certificate subdirs of ~/.globus to load from
  
  See Also:
  
  Constant Field Values

Constructor Detail
- CertificateStore
```
public CertificateStore()
```
  new empty certificate store
- CertificateStore
```
public CertificateStore(String path)
```
  new certificate store and load from path
- CertificateStore
```
public CertificateStore(File path)
```
  new certificate store and load from path as File

Method Detail

load
```
public void load()
```
load certificates from the default directory
This is ~/.globus by default, but if the hostname starts with "tutorial" we have something different. The system property x509_user_dir can be used to override this.
TODO move this out of jGridStart and put it in a configfile

load
```
public void load(String path)
```
Load certificates from store path
All subdirectories of the supplied path are loaded as separate certificates.

Parameters:

path - Path to load certificates from

See Also:

load(File)

load
```
public void load(File path)
```
Load certificates from store path
All subdirectories of the supplied path that start with userCertPrefix are loaded as separate certificates; in addition to this, the directory itself is loaded as well.

Parameters:

path - Directory to load certificates from

sort
```
public void sort()
```
Sort the certificates in the store in (inverse) chronological order
Certificates are ordered according to notBefore() time, in case there already is a certificate, otherwise, the current time is used.

refresh

public void refresh()
             throws GeneralSecurityException,
                    IOException,
                    CAException

refresh the certificate list from its source and each certificate as well

Throws:: GeneralSecurityException; IOException; CAException

tryAdd
```
protected boolean tryAdd(File f)
```
Try to add a certificate path to this store but don't fail if an error occurs.

Parameters:

f - File to add

Returns:

true if the certificate was succesfully added

newItem
```
protected File newItem(Calendar when)
                throws IOException
```
Create a new subdirectory for a CertificatePair in this store.
It is formatted as user-cert-YYYYddMM-xx so each item is unique and can be recognised by its creation date. When when is non-null, it will be used as the date, otherwise the current date will be used.

Parameters:

when - Creation date or start of validity period of certificate; or null.

Returns:

Newly created directory name

Throws:

IOException

newItem

protected File newItem()
                throws IOException

Throws:: IOException

notifyAdded
```
protected void notifyAdded(int start,
                           int end)
```
Hook parent to add an ItemListener when an item is added.

Overrides:

notifyAdded in class ArrayListModel<CertificatePair>

notifyRemoved
```
protected void notifyRemoved(int start,
                             int end)
```
Hook parent to remove an ItemListener when an item is removed

Overrides:

notifyRemoved in class ArrayListModel<CertificatePair>

itemStateChanged
```
public void itemStateChanged(ItemEvent e)
```
ItemListener handler to catch changes in CertificatePair

Specified by:

itemStateChanged in interface ItemListener

delete
```
public CertificatePair delete(int index)
                       throws IOException
```
Deletes a CertificatePair from the store.
This removes it permanently from disk, so be careful. In the future it may be put into an archive instead. Only files related to the certificate are removed (see CertificatePair.getRelatedFilesPossible()) and if the directory is empty afterwards, it will be removed too.
TODO should this be called 'remove' or is that too dangerous?

Throws:

IOException

deletePath
```
protected void deletePath(File certPath)
                   throws IOException
```
Deletes a path on which a CertificatePair is based from disk.

Throws:

IOException

See Also:

delete(int)

delete

public CertificatePair delete(CertificatePair cert)
                       throws IOException

Throws:: IOException

importFrom
```
public CertificatePair importFrom(File src,
                                  char[] dstpw,
                                  boolean askNewPassword)
                           throws IOException,
                                  GeneralSecurityException,
                                  CertificateCheck.CertificateCheckException
```
Import a PKCS#12 or PEM file as a new entry
A new CertificatePair is created from the imported file, and this is added as a new entry to this store.

Parameters:

src - File to import from

dstpw - password to use for private key storage, or null to use the same password as the import password

askNewPassword - whether to ask for a new password for the imported key

Returns:

Newly created CertificatePair

Throws:

IOException

GeneralSecurityException

CertificateCheck.CertificateCheckException

importFrom

public CertificatePair importFrom(File src,
                                  boolean askNewPassword)
                           throws IOException,
                                  GeneralSecurityException,
                                  CertificateCheck.CertificateCheckException

Import a PKCS#12 or PEM file as a new entry

Parameters:: src - File to import from; askNewPassword - whether to ask for a new password for the imported key
Throws:: IOException; GeneralSecurityException; CertificateCheck.CertificateCheckException
See Also:: importFrom(File, char[], boolean)

importFrom

public CertificatePair importFrom(File src,
                                  char[] dstpw)
                           throws IOException,
                                  GeneralSecurityException,
                                  CertificateCheck.CertificateCheckException

Import a PKCS#12 or PEM file as a new entry

Parameters:: src - File to import from; dstpw - password to use for private key storage, or null to use the same password as the import password
Throws:: IOException; GeneralSecurityException; CertificateCheck.CertificateCheckException
See Also:: importFrom(File, char[], boolean)

importFrom

public CertificatePair importFrom(File src)
                           throws IOException,
                                  GeneralSecurityException,
                                  CertificateCheck.CertificateCheckException

Import a PKCS#12 or PEM file as a new entry

Parameters:: src - File to import from
Throws:: IOException; GeneralSecurityException; CertificateCheck.CertificateCheckException
See Also:: importFrom(File, char[], boolean)

generateRequest

public CertificatePair generateRequest(Properties p)
                                throws IOException,
                                       GeneralSecurityException,
                                       PasswordCancelledException,
                                       CAException

Create a new certificate request

Parameters:: p - Properties to use for generation
Throws:: IOException; GeneralSecurityException; PasswordCancelledException; CAException
See Also:: CertificatePair.generateRequest(java.io.File, java.util.Properties, char[])

generateRequest

public CertificatePair generateRequest(Properties p,
                                       char[] pw)
                                throws IOException,
                                       GeneralSecurityException,
                                       PasswordCancelledException,
                                       CAException

Create a new certificate request with preset password

Parameters:: p - Properties to use for generation; pw - password to use for new private key
Throws:: IOException; GeneralSecurityException; PasswordCancelledException; CAException
See Also:: CertificatePair.generateRequest(java.io.File, java.util.Properties, char[])

generateRenewal

public CertificatePair generateRenewal(CertificatePair oldCert,
                                       Properties p,
                                       char[] pw)
                                throws IOException,
                                       GeneralSecurityException,
                                       PasswordCancelledException,
                                       CAException,
                                       CertificateCheck.CertificateCheckException

Renew a certificate with preset password

Generates a new certificate request in the store supplying password for new private key as a renewal from an existing certificate.

Parameters:: oldCert - certificate to renew; p - Properties to use for generation; pw - password to use for new private key
Throws:: IOException; GeneralSecurityException; PasswordCancelledException; CAException; CertificateCheck.CertificateCheckException

generateRenewal

public CertificatePair generateRenewal(CertificatePair oldCert,
                                       Properties p)
                                throws PasswordCancelledException,
                                       IOException,
                                       GeneralSecurityException,
                                       CAException,
                                       CertificateCheck.CertificateCheckException

Renew a certificate

Throws:: PasswordCancelledException; IOException; GeneralSecurityException; CAException; CertificateCheck.CertificateCheckException
See Also:: generateRenewal(CertificatePair, Properties, char[])

generateRenewal

public CertificatePair generateRenewal(CertificatePair oldCert,
                                       char[] pw)
                                throws PasswordCancelledException,
                                       IOException,
                                       GeneralSecurityException,
                                       CAException,
                                       CertificateCheck.CertificateCheckException

Renew a certificate

Throws:: PasswordCancelledException; IOException; GeneralSecurityException; CAException; CertificateCheck.CertificateCheckException
See Also:: generateRenewal(CertificatePair, Properties, char[])

generateRenewal

public CertificatePair generateRenewal(CertificatePair oldCert)
                                throws PasswordCancelledException,
                                       IOException,
                                       GeneralSecurityException,
                                       CAException,
                                       CertificateCheck.CertificateCheckException

Renew a certificate

Throws:: PasswordCancelledException; IOException; GeneralSecurityException; CAException; CertificateCheck.CertificateCheckException
See Also:: generateRenewal(CertificatePair, Properties, char[])

certificateInStore
```
public boolean certificateInStore(CertificatePair newCert)
```
Checks whether given certificate is already in store

Class CertificateStore

Listeners

Field Summary

Fields inherited from class java.util.AbstractList

Fields inherited from class nl.nikhef.jgridstart.gui.util.ArrayListModel

Constructor Summary

Method Summary

Methods inherited from class java.util.AbstractCollection

Methods inherited from class java.util.AbstractList

Methods inherited from class java.util.ArrayList

Methods inherited from class nl.nikhef.jgridstart.gui.util.ArrayListModel

Methods inherited from interface java.util.Collection

Methods inherited from interface java.util.List

Methods inherited from class java.lang.Object

Field Detail

logger

path

pwcache

defaultCert

userCertPrefix

Constructor Detail

CertificateStore

CertificateStore

CertificateStore

Method Detail

load

load

load

sort

refresh

tryAdd

newItem

newItem

notifyAdded

notifyRemoved

itemStateChanged

delete

deletePath

delete

importFrom

importFrom

importFrom

importFrom

generateRequest

generateRequest

generateRenewal

generateRenewal

generateRenewal

generateRenewal

certificateInStore