org.opcfoundation.ua.cert
Class PkiDirectoryCertificateStore

java.lang.Object
  extended by org.opcfoundation.ua.cert.PkiDirectoryCertificateStore
All Implemented Interfaces:
CertificateStore

public class PkiDirectoryCertificateStore
extends Object
implements CertificateStore


Constructor Summary
PkiDirectoryCertificateStore()
          Create a new validator using the default baseDir ("PKI\CA"), trustedDir ("certs"), rejectedDir ("rejected") and revokedDir ("crl").
PkiDirectoryCertificateStore(String baseDir)
          Create a new validator using a baseDir and default subdirs: trustedDir ("certs"), rejectedDir ("rejected") and revokedDir ("crl").
PkiDirectoryCertificateStore(String baseDir, String trustedDir, String rejectedDir, String revocationDir)
          Create a new validator using a baseDir and subdirectory names, trustedDir, rejectedDir and revocationDir.
 
Method Summary
 void addCertificate(ValidationResult type, Cert certificate)
          Add a certificate to the store.
 void addListener(DefaultCertificateStoreListener listener)
           
 void addRejectedCertificate(Cert certificate)
          Add a certificate to the rejected certificates.
 void addRevocationList(X509CRL crl)
          Add a certificate revocation list to the store.
 void addTrustedCertificate(Cert certificate)
          Add a certificate to the trusted certificates.
 void clear(boolean removeFiles)
          Clears the certificate lists.
 File getBaseDir()
           
 File getFileForCert(Cert cert)
          Returns File for the given Certificate.
 Set<Cert> getRejectedCerts()
          Get all certificates that are stored as Rejected.
 File getRejectedDir()
           
 File getRevocationDir()
           
 Set<X509CRL> getRevocationLists()
          Get all revocation lists the store has.
 Set<Cert> getTrustedCerts()
          Get all certificates that are stored as Trusted.
 File getTrustedDir()
           
 boolean isStoreAcceptOnceCertificates()
           
 void refresh()
          Refresh certificates.
 void removeListener(DefaultCertificateStoreListener listener)
           
 void setStoreAcceptOnceCertificates(boolean keepAcceptOnceCerts)
          Defines whether certificates that are accepted with AcceptOnce status are stored in the certificate store or not.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PkiDirectoryCertificateStore

public PkiDirectoryCertificateStore()
Create a new validator using the default baseDir ("PKI\CA"), trustedDir ("certs"), rejectedDir ("rejected") and revokedDir ("crl").


PkiDirectoryCertificateStore

public PkiDirectoryCertificateStore(String baseDir)
Create a new validator using a baseDir and default subdirs: trustedDir ("certs"), rejectedDir ("rejected") and revokedDir ("crl").

Parameters:
baseDir - the path to the base directory where the certificate directories are kept.

PkiDirectoryCertificateStore

public PkiDirectoryCertificateStore(String baseDir,
                                    String trustedDir,
                                    String rejectedDir,
                                    String revocationDir)
Create a new validator using a baseDir and subdirectory names, trustedDir, rejectedDir and revocationDir.

Parameters:
baseDir - the path to the base directory where the certificate directories are kept. Use null, if you wish to define the other directories with absolute paths.
trustedDir - the name of the directory in which the trusted certificates are kept. If baseDir is defined, this is a relative path to that, e.g. a subdirectory name.
rejectedDir - the name of the directory in which the rejected certificates are kept. If baseDir is defined, this is a relative path to that, e.g. a subdirectory name.
revocationDir - the name of the directory in which revoked certificates are kept. If baseDir is defined, this is a relative path to that, e.g. a subdirectory name.
Method Detail

addListener

public void addListener(DefaultCertificateStoreListener listener)

addRejectedCertificate

public void addRejectedCertificate(Cert certificate)
Add a certificate to the rejected certificates.

Parameters:
certificate - the certificate to add

addRevocationList

public void addRevocationList(X509CRL crl)
Add a certificate revocation list to the store. NOTE! currently it is NOT written to the disk.

Parameters:
crl - revocation list to add

addTrustedCertificate

public void addTrustedCertificate(Cert certificate)
Add a certificate to the trusted certificates.

Parameters:
certificate - the certificate to add

getTrustedCerts

public Set<Cert> getTrustedCerts()
Description copied from interface: CertificateStore
Get all certificates that are stored as Trusted. In a directory based PKI store, this would mean that the set contains all certs in 'certs' or 'trusted' folder. It is possible and allowed to return certificates that are revoked in this set, i.e. the implementation of this method should not perform any validation, user of the CertificateStore should check the revocation against the CertificateStore.getRevocationLists() revocation lists.

Specified by:
getTrustedCerts in interface CertificateStore
Returns:
the certificates or empty set if none. The returned set should be treated as immutable.

getRejectedCerts

public Set<Cert> getRejectedCerts()
Description copied from interface: CertificateStore
Get all certificates that are stored as Rejected. Note! implementers may choose to not store rejected certificates, in this case return empty set. Note! If the implementor chooses to do so, this set may also contain certificates that were previously accepted once.

Specified by:
getRejectedCerts in interface CertificateStore
Returns:
the certificates that are rejected or empty set if none. The returned set should be treated as immutable.

getRevocationLists

public Set<X509CRL> getRevocationLists()
Description copied from interface: CertificateStore
Get all revocation lists the store has.

Specified by:
getRevocationLists in interface CertificateStore
Returns:
revocation lists, or empty set if none. The returned set should be treated as immutable.

addCertificate

public void addCertificate(ValidationResult type,
                           Cert certificate)
Description copied from interface: CertificateStore
Add a certificate to the store. Note! it is implementation specific which types are stored, e.g. an implementation may choose to store only trusted certificates. Implementation should store the certificates in a persistent storage. AcceptOnce type certificates could be stored as rejected, if there is need to accept them later (using a mechanism outside of this interface).

Specified by:
addCertificate in interface CertificateStore
Parameters:
type - trusted, rejected or accept once.
certificate - the certificate to add.

getTrustedDir

public File getTrustedDir()
Returns:
the trustedDir

getRejectedDir

public File getRejectedDir()
Returns:
the rejectedDir

getRevocationDir

public File getRevocationDir()
Returns:
the revocationDir

isStoreAcceptOnceCertificates

public boolean isStoreAcceptOnceCertificates()
Returns:
the storeAcceptOnceCertificates

removeListener

public void removeListener(DefaultCertificateStoreListener listener)

getFileForCert

public File getFileForCert(Cert cert)
Returns File for the given Certificate.

Parameters:
cert - the certificate
Returns:
File for the given Cert or null if Cert is null or cannot be found

setStoreAcceptOnceCertificates

public void setStoreAcceptOnceCertificates(boolean keepAcceptOnceCerts)
Defines whether certificates that are accepted with AcceptOnce status are stored in the certificate store or not. If they are stored, they are stored in the RejectedCertificates. You may want to store them to be able to validate the certificate contents later on from the file.

Default: true

Parameters:
keepAcceptOnceCerts - true if accept once certs should be stored

refresh

public void refresh()
Refresh certificates. Call this method in case you change certificates outside of this instance (e.g. move files on disk) and want to refresh before a validateCertificate call happens (which does this automatically).


getBaseDir

public File getBaseDir()
Returns:
the baseDir

clear

public void clear(boolean removeFiles)
Clears the certificate lists.

Parameters:
removeFiles - if true, removes all certificate files as well. Be careful with this!


Copyright © 2018. All rights reserved.