OpensslCRLStoreSpi.java

/*
 * Copyright (c) 2011-2012 ICM Uniwersytet Warszawski All rights reserved.
 * See LICENCE.txt file for licensing information.
 */
package eu.emi.security.authn.x509.helpers.crl;

import java.io.File;
import java.net.URL;
import java.security.InvalidAlgorithmParameterException;
import java.security.cert.X509CRL;
import java.util.Collections;
import java.util.Timer;

import eu.emi.security.authn.x509.StoreUpdateListener.Severity;
import eu.emi.security.authn.x509.helpers.ObserversHandler;
import eu.emi.security.authn.x509.helpers.trust.OpensslTruststoreHelper;
import eu.emi.security.authn.x509.impl.CRLParameters;


/**
 *
 * Implementation of the CRL store which uses CRLs from a single directory 
 * in OpenSSL format. Each CRL should be stored in a file named HASH.rNUM,
 * where HASH is an 8 digit hex number, with 8 least significant digits of the MD5
 * hash of the CRL issuer subject in DER format. The NUM must be a number, starting from 0.
 * <p>
 * This class is extending the {@link PlainCRLStoreSpi} and restricts 
 * the CRLs which are loaded.
 * @author K. Benedyczak
 */
public class OpensslCRLStoreSpi extends PlainCRLStoreSpi
{
	public static final String CRL_WILDCARD = "????????.r*";
	private boolean openssl1Mode;
	
	public OpensslCRLStoreSpi(String path, long crlUpdateInterval, Timer t,	ObserversHandler observers,
			boolean openssl1Mode) throws InvalidAlgorithmParameterException
	{
		super(new CRLParameters(Collections.singletonList(
				path+File.separator+CRL_WILDCARD),
				crlUpdateInterval, 0, null), t, observers);
		this.openssl1Mode = openssl1Mode;
		super.start();
	}
	
	/**
	 * Tries to load a CRL
	 */
	@Override
	protected X509CRL reloadCRL(URL location)
	{
		String fileHash = OpensslTruststoreHelper.getFileHash(location.getPath(), 
				"^([0-9a-fA-F]{8})\\.r[\\d]+$");
		if (fileHash == null)
			return null;

		X509CRL crl;
		try
		{
			crl = loadCRL(location);
		} catch (Exception e)
		{
			notifyObservers(location.toExternalForm(), Severity.ERROR, e);
			return null;
		}
		String crlHash = OpensslTruststoreHelper.getOpenSSLCAHash(
				crl.getIssuerX500Principal(), openssl1Mode);
		if (!fileHash.equalsIgnoreCase(crlHash))
		{
			return null;
		}
		notifyObservers(location.toExternalForm(), Severity.NOTIFICATION, null);
		addCRL(crl, location);
		return crl;
	}
}