AbstractCRLStoreSPI.java

/*
 * Copyright (c) 2013 ICM Uniwersytet Warszawski All rights reserved.
 * See LICENCE.txt file for licensing information.
 */
package eu.emi.security.authn.x509.helpers.crl;

import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchProviderException;
import java.security.cert.CRL;
import java.security.cert.CRLSelector;
import java.security.cert.CertSelector;
import java.security.cert.CertStoreException;
import java.security.cert.CertStoreSpi;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;

import javax.security.auth.x500.X500Principal;

import org.bouncycastle.jce.provider.BouncyCastleProvider;

import eu.emi.security.authn.x509.StoreUpdateListener;
import eu.emi.security.authn.x509.StoreUpdateListener.Severity;
import eu.emi.security.authn.x509.helpers.ObserversHandler;
import eu.emi.security.authn.x509.impl.CRLParameters;

/**
 * Common code for {@link LazyOpensslCRLStoreSpi} and {@link PlainCRLStoreSpi}.
 * @author K. Benedyczak
 */
public abstract class AbstractCRLStoreSPI extends CertStoreSpi
{
	protected ObserversHandler observers;
	protected CRLParameters params;
	protected final CertificateFactory factory;
	protected long updateInterval;
	
	public AbstractCRLStoreSPI(CRLParameters params, ObserversHandler observers) throws InvalidAlgorithmParameterException
	{
		super(params);
		this.observers = observers;
		this.params = params.clone();
		try
		{
			factory = CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME);
		} catch (CertificateException e)
		{
			throw new RuntimeException("Can't find certificate fctory" +
					" for alg. X.509, JDK/BouncyCastle is misconfigured?", e);
		} catch (NoSuchProviderException e)
		{
			throw new RuntimeException("Can't load Bouncycastle CertificateFacotory" +
					" for alg. X.509, BouncyCastle is misconfigured?", e);
		}
		updateInterval = this.params.getCrlUpdateInterval();
	}

	protected void notifyObservers(String url, Severity level, Exception e)
	{
		observers.notifyObservers(url, StoreUpdateListener.CRL, level, e);
	}

	@Override
	public Collection<? extends Certificate> engineGetCertificates(
			CertSelector selector) throws CertStoreException
	{
		return Collections.emptySet();
	}

	@Override
	public Collection<? extends CRL> engineGetCRLs(CRLSelector selectorRaw)
			throws CertStoreException
	{
		if (selectorRaw instanceof X509CRLSelector)
			return getCRLs((X509CRLSelector) selectorRaw);
		else
			return getCRLWithMatcher(selectorRaw);
	}
	
	private Collection<? extends CRL> getCRLs(X509CRLSelector selector)
			throws CertStoreException
	{
		Collection<X500Principal> issuers = selector.getIssuers();
		List<X509CRL> ret = new ArrayList<X509CRL>();
		if (issuers == null)
			return ret;
		for (X500Principal issuer: issuers)
		{
			Collection<X509CRL> crls = getCRLForIssuer(issuer);
			for (X509CRL crl: crls)
				if (selector.match(crl))
					ret.add(crl);
		}
		return ret;
	}
	
	protected abstract Collection<X509CRL> getCRLForIssuer(X500Principal issuer);
	protected abstract Collection<X509CRL> getCRLWithMatcher(CRLSelector selectorRaw);
	public abstract void setUpdateInterval(long newInterval);
	public abstract void dispose();
}