Package nl.nikhef.jgridstart

Class CertificateStoreWithDefault

java.lang.Object

java.util.AbstractCollection<E>

java.util.AbstractList<E>

java.util.ArrayList<T>

nl.nikhef.jgridstart.gui.util.ArrayListModel<CertificatePair>

nl.nikhef.jgridstart.CertificateStore

nl.nikhef.jgridstart.CertificateStoreWithDefault

All Implemented Interfaces:

ItemListener, Serializable, Cloneable, Iterable<CertificatePair>, Collection<CertificatePair>, EventListener, List<CertificatePair>, RandomAccess, ListModel

public class CertificateStoreWithDefault
extends CertificateStore

A CertificateStore which has the notion of a default certificate.

The default ~/.globus directory generally has key and certificate files that are used Globus and related tools. They do not support multiple certificates. To give a user a possibility to use multiple certificates anyway, the CertificateStore stores all certificates as subdirectories. This class adds the notion that one of these can be the default certificate, which means that they are copied/linked in ~/.globus.

Only if the user only has one certificate, we rather don't bother creating subdirectories, as it would only confuse the user when seeing non-standard stuff in ~/.globus.

This class handles this transparently for the developer, so that there is just a CertificateStore of which one can be the default.

The default certificate

While this store looks at subdirectories for its children, the standard globus location for key and certificate is ~/.globus/userkey.pem and ~/.globus/usercert.pem. This is an entry in this store, and is called the default certificate. This class was designed to allow multiple certificates to be present, and to be able to select one of them as the default, and switch between them easily.

A new item is added according to the following rules:

1. If the store is empty, the default location is used (no subdir)
2. If the store has a default certificate and a renewal of that is added, the old certificate is moved to a subdir and the new one is imported on the default location (no subdir).
3. If the store has a certificate and a new one is added, it is added as a subdir.

Please see setDefault(nl.nikhef.jgridstart.CertificatePair) for the behaviour when the default certificate is changed, this is directly related to this.

This behaviour satisfies the following situations:

• Empty: the user has no ~/.globus, or it is empty.
• Single: the user has imported a certificate, or created a new request. This is all done in the default certificate location, no subdirectory is needed.
• Single renewal: one certificate is present, and a renewal is created. This renewal request is made in a subdirectory of the store, while the old certificate remains in place. When the renewal certificate is obtained, the old certificate is archived into a subdirectory, and the renewed certificate is set as the default certificate.
• Dual: one certificate is present, and another one is imported. The default certificate remains such, and the new one is imported into a new subdirectory.
• With multiple certificates present, the user may want to change the default certificate (e.g. when working for a different organisation). So the current default certificate needs to be stored in a subdirectory, and the new default certificate needs to be linked/copied to the default certificate location. To be able to use select a specific certificate in scripts (if the user would want such), any certificate that has been put in a subdirectory before, remains there; if it is to become a default certificate again, a link or copy is made, and it is not counted as a separate entry in the store.

Author:

wvengen

See Also:

Serialized Form

Field Summary

Fields inherited from class java.util.AbstractList

modCount

Fields inherited from class nl.nikhef.jgridstart.gui.util.ArrayListModel

listeners, source

Fields inherited from class nl.nikhef.jgridstart.CertificateStore

defaultCert, logger, path, pwcache, userCertPrefix

Constructor Summary

Constructors

Constructor	Description
CertificateStoreWithDefault()	new empty certificate store
CertificateStoreWithDefault(File path)	new certificate store and load from path as File
CertificateStoreWithDefault(String path)	new certificate store and load from path

Method Summary

Modifier and Type	Method	Description
protected boolean	compareDefaultCertificate(CertificatePair other)	Return whether the supplied CertificatePair is equal to the default certificate.
protected CertificatePair	findDefaultCertificate()	Find the CertificatePair that is equal to the default certificate, if any.
CertificatePair	getDefault()	Return the default certificate.
String	getPath()	Return the default path.
void	itemStateChanged(ItemEvent e)	Catch it when a renewed certificate becomes available.
void	load(File f)	Load certificates from store path
protected File	newItem()
void	setDefault(CertificatePair c)	Make a CertificatePair the default certificate.

Methods inherited from class java.util.AbstractCollection

containsAll, toString

Methods inherited from class java.util.AbstractList

equals, hashCode

Methods inherited from class java.util.ArrayList

addAll, addAll, clone, contains, ensureCapacity, forEach, get, indexOf, isEmpty, iterator, lastIndexOf, listIterator, listIterator, removeAll, removeIf, replaceAll, retainAll, size, sort, spliterator, subList, toArray, toArray, trimToSize

Methods inherited from class nl.nikhef.jgridstart.gui.util.ArrayListModel

add, add, addListDataListener, clear, getElementAt, getSize, notifyChanged, remove, remove, removeListDataListener, removeRange, set

Methods inherited from class nl.nikhef.jgridstart.CertificateStore

certificateInStore, delete, delete, deletePath, generateRenewal, generateRenewal, generateRenewal, generateRenewal, generateRequest, generateRequest, importFrom, importFrom, importFrom, importFrom, load, load, newItem, notifyAdded, notifyRemoved, refresh, sort, tryAdd

Methods inherited from interface java.util.Collection

parallelStream, stream

Methods inherited from interface java.util.List

containsAll, equals, hashCode

Methods inherited from class java.lang.Object

finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

CertificateStoreWithDefault

public CertificateStoreWithDefault()

new empty certificate store

CertificateStoreWithDefault

public CertificateStoreWithDefault(String path)

new certificate store and load from path

CertificateStoreWithDefault

public CertificateStoreWithDefault(File path)

new certificate store and load from path as File

Method Detail

getPath

public String getPath()

Return the default path.

The default certificate is located in ~/.globus (or the platform's equivalent).

Returns:

Path or null if not present

load

public void load(File f)

Load certificates from store path

All subdirectories of the supplied path that start with CertificateStore.userCertPrefix are loaded as separate certificates; in addition to this, the directory itself is loaded as well.

Also, the default certificate is loaded from the store's path when it is not found in another entry in the store.

Overrides:

load in class CertificateStore

Parameters:

f - Directory to load certificates from

newItem

protected File newItem()
                throws IOException

The very first entry in the store is the default certificate.

Overrides:

newItem in class CertificateStore

Throws:

IOException

getDefault

public CertificatePair getDefault()
                           throws IOException

Return the default certificate.

The default certificate is the one in ~/.globus (or the platform's equivalent).

This can be called pretty often, so the result is cached. Updates outside of this program will not be picked up as a result while running.

Returns:

Default CertificatePair, or null if not present

Throws:

IOException

setDefault

public void setDefault(CertificatePair c)
                throws IOException

Make a CertificatePair the default certificate.

This copies the files from a CertificatePair's subdirectory to the store's path (~/.globus by default, so that Globus tools use that one).

If the default certificate (the one before it is updated) is not present in a subdirectory of this store, its files are moved to a subdirectory. This includes all ordinary files present in the store directory, but not subdirectories.

When the supplied CertificatePair is already the default, nothing happens.

See also section The default certificate.

Throws:

IOException

findDefaultCertificate

protected CertificatePair findDefaultCertificate()
                                          throws IOException

Find the CertificatePair that is equal to the default certificate, if any.

The files present in the default certificate location must be present in the store location, and they must be equal. So the store location may contain more files than the default certificate location, but not less.

In addition to this, a valid key must be present in the certificate location that is checked.

Returns:

CertificatePair in this store that is equal to the default, or null if not found

Throws:

IOException

compareDefaultCertificate

protected boolean compareDefaultCertificate(CertificatePair other)
                                     throws IOException

Return whether the supplied CertificatePair is equal to the default certificate.

Throws:

IOException

See Also:

findDefaultCertificate()

itemStateChanged

public void itemStateChanged(ItemEvent e)

Catch it when a renewed certificate becomes available.

If the parent is the current default, make the renewed certificate the default instead.

Specified by:

itemStateChanged in interface ItemListener

Overrides:

itemStateChanged in class CertificateStore