true if valid, false otherwise
*/
public boolean isValid();
/**
- * This method checks whether the attributes are valid in a given time passed
- * as argument. No validation is performed on the attributes.
- *
- * @param time
- * the time used for the validity check
+ * This method checks whether the attributes are valid in a given time passed as argument. No
+ * validation is performed on the attributes.
+ *
+ * @param time the time used for the validity check
* @return true if valid, false otherwise
*/
public boolean validAt(Date time);
/**
* This method returns the underlying VOMS Attribute certificate object.
- *
- * @return the underlying bouncycastle object for the VOMS attribute
- * certificate.
+ *
+ * @return the underlying bouncycastle object for the VOMS attribute certificate.
*/
public X509AttributeCertificateHolder getVOMSAC();
-
}
diff --git a/src/main/java/org/italiangrid/voms/VOMSError.java b/src/main/java/org/italiangrid/voms/VOMSError.java
index 501a8c1..e9b060d 100644
--- a/src/main/java/org/italiangrid/voms/VOMSError.java
+++ b/src/main/java/org/italiangrid/voms/VOMSError.java
@@ -6,15 +6,12 @@
/**
* The base VOMS exception class.
- *
- * @author Andrea Ceccanti
*
+ * @author Andrea Ceccanti
*/
public class VOMSError extends RuntimeException {
- /**
- *
- */
+ /** */
private static final long serialVersionUID = 1L;
public VOMSError(String message) {
diff --git a/src/main/java/org/italiangrid/voms/VOMSGenericAttribute.java b/src/main/java/org/italiangrid/voms/VOMSGenericAttribute.java
index a4bd820..891737c 100644
--- a/src/main/java/org/italiangrid/voms/VOMSGenericAttribute.java
+++ b/src/main/java/org/italiangrid/voms/VOMSGenericAttribute.java
@@ -5,34 +5,30 @@
package org.italiangrid.voms;
/**
- * A VOMS generic attribute is a name=value pair attribute augmented with a
- * context.
- *
- *
- * @author Andrea Ceccanti
+ * A VOMS generic attribute is a name=value pair attribute augmented with a context.
*
+ * @author Andrea Ceccanti
*/
public interface VOMSGenericAttribute {
/**
* This method returns the name of this generic attribute
- *
+ *
* @return the name of this generic attribute
*/
public String getName();
/**
* This method returns the value of this generic attribute
- *
+ *
* @return the value of this generic attribute
*/
public String getValue();
/**
* This method returns the context for this generic attribute
- *
+ *
* @return the context of this generic attribute
*/
public String getContext();
-
}
diff --git a/src/main/java/org/italiangrid/voms/VOMSValidators.java b/src/main/java/org/italiangrid/voms/VOMSValidators.java
index 33b5517..faac3f4 100644
--- a/src/main/java/org/italiangrid/voms/VOMSValidators.java
+++ b/src/main/java/org/italiangrid/voms/VOMSValidators.java
@@ -4,6 +4,7 @@
package org.italiangrid.voms;
+import eu.emi.security.authn.x509.X509CertChainValidatorExt;
import org.italiangrid.voms.ac.VOMSACLookupStrategy;
import org.italiangrid.voms.ac.VOMSACParser;
import org.italiangrid.voms.ac.VOMSACValidator;
@@ -12,48 +13,53 @@
import org.italiangrid.voms.ac.impl.DefaultVOMSValidator;
import org.italiangrid.voms.store.VOMSTrustStore;
-import eu.emi.security.authn.x509.X509CertChainValidatorExt;
-
/**
* A factory for VOMS attributes validators and parsers.
- *
- * @author Andrea Ceccanti
*
+ * @author Andrea Ceccanti
*/
public class VOMSValidators {
- private VOMSValidators() {
-
- }
+ private VOMSValidators() {}
public static VOMSACValidator newValidator(ValidationResultListener listener) {
- return new DefaultVOMSValidator.Builder().validationListener(listener)
- .build();
+ return new DefaultVOMSValidator.Builder().validationListener(listener).build();
}
- public static VOMSACValidator newValidator(VOMSTrustStore trustStore,
- X509CertChainValidatorExt validator, ValidationResultListener vrListener) {
-
- return new DefaultVOMSValidator.Builder().trustStore(trustStore)
- .certChainValidator(validator).validationListener(vrListener).build();
+ public static VOMSACValidator newValidator(
+ VOMSTrustStore trustStore,
+ X509CertChainValidatorExt validator,
+ ValidationResultListener vrListener) {
+ return new DefaultVOMSValidator.Builder()
+ .trustStore(trustStore)
+ .certChainValidator(validator)
+ .validationListener(vrListener)
+ .build();
}
- public static VOMSACValidator newValidator(VOMSTrustStore store,
- X509CertChainValidatorExt validator, ValidationResultListener vrListener,
- VOMSACLookupStrategy strategy) {
-
- return new DefaultVOMSValidator.Builder().trustStore(store)
- .certChainValidator(validator).validationListener(vrListener)
- .acLookupStrategy(strategy).build();
+ public static VOMSACValidator newValidator(
+ VOMSTrustStore store,
+ X509CertChainValidatorExt validator,
+ ValidationResultListener vrListener,
+ VOMSACLookupStrategy strategy) {
+
+ return new DefaultVOMSValidator.Builder()
+ .trustStore(store)
+ .certChainValidator(validator)
+ .validationListener(vrListener)
+ .acLookupStrategy(strategy)
+ .build();
}
- public static VOMSACValidator newValidator(VOMSTrustStore trustStore,
- X509CertChainValidatorExt validator) {
+ public static VOMSACValidator newValidator(
+ VOMSTrustStore trustStore, X509CertChainValidatorExt validator) {
- return new DefaultVOMSValidator.Builder().trustStore(trustStore)
- .certChainValidator(validator).build();
+ return new DefaultVOMSValidator.Builder()
+ .trustStore(trustStore)
+ .certChainValidator(validator)
+ .build();
}
public static VOMSACValidator newValidator() {
@@ -65,5 +71,4 @@ public static VOMSACParser newParser() {
return new DefaultVOMSACParser();
}
-
}
diff --git a/src/main/java/org/italiangrid/voms/ac/ACLookupListener.java b/src/main/java/org/italiangrid/voms/ac/ACLookupListener.java
index f2ffa89..8551734 100644
--- a/src/main/java/org/italiangrid/voms/ac/ACLookupListener.java
+++ b/src/main/java/org/italiangrid/voms/ac/ACLookupListener.java
@@ -7,34 +7,26 @@
import java.security.cert.X509Certificate;
/**
- * This interface is used to notify of events related to the lookup and
- * succesfull parsing of VOMS attribute certificates from a certificate chain.
- *
- * @author andreaceccanti
+ * This interface is used to notify of events related to the lookup and succesfull parsing of VOMS
+ * attribute certificates from a certificate chain.
*
+ * @author andreaceccanti
*/
public interface ACLookupListener {
/**
- * Informs that an AC is being looked for in the cert chain passed as
- * argument.
- *
- * @param chain
- * the chain where the AC is looked for
- * @param chainLevel
- * the level in the chain where the AC is being looked for
+ * Informs that an AC is being looked for in the cert chain passed as argument.
+ *
+ * @param chain the chain where the AC is looked for
+ * @param chainLevel the level in the chain where the AC is being looked for
*/
public void notifyACLookupEvent(X509Certificate[] chain, int chainLevel);
/**
- * Informs that an AC has been succesfully parsed from the cert chain passed
- * as argument
- *
- * @param chain
- * the chain from which the AC has been parsed
- * @param chainLevel
- * the level in the chain where the AC has been parsed
+ * Informs that an AC has been succesfully parsed from the cert chain passed as argument
+ *
+ * @param chain the chain from which the AC has been parsed
+ * @param chainLevel the level in the chain where the AC has been parsed
*/
public void notifyACParseEvent(X509Certificate[] chain, int chainLevel);
-
}
diff --git a/src/main/java/org/italiangrid/voms/ac/ACParsingContext.java b/src/main/java/org/italiangrid/voms/ac/ACParsingContext.java
index 783c528..2e70da9 100644
--- a/src/main/java/org/italiangrid/voms/ac/ACParsingContext.java
+++ b/src/main/java/org/italiangrid/voms/ac/ACParsingContext.java
@@ -6,25 +6,23 @@
import java.security.cert.X509Certificate;
import java.util.List;
-
import org.bouncycastle.asn1.x509.AttributeCertificate;
/**
- * This class describes the context in which a VOMS {@link AttributeCertificate}
- * has been parsed in a certificate chain.
- *
- * @author Andrea Ceccanti
+ * This class describes the context in which a VOMS {@link AttributeCertificate} has been parsed in
+ * a certificate chain.
*
+ * @author Andrea Ceccanti
*/
public class ACParsingContext {
- /** The parsed VOMS attribute certificates **/
+ /** The parsed VOMS attribute certificates * */
private ListThis method returns the possibly empty list of the validated attributes. + * + *
This method should be used in conjunction with the registration of a {@link + * ValidationResultListener} to get details about validation error and warning messages. + * + *
Use the {@link #validateWithResult(X509Certificate[])} method in case you don't want to rely
+ * on a {@link ValidationResultListener}.
+ *
+ * @param validatedChain a validated X.509 certificate chain
+ * @return a possibly empty list of {@link VOMSAttribute} object providing access to the validated
+ * VOMS attributes
*/
public List This method returns a possibly empty list of {@link VOMSValidationResult} objects which
+ * describe the outcome of the validation for each VOMS AC found in the certificate chain.
+ *
+ * This method is useful when you want to use a single call to get all details about validation
+ * without relying on the registration of a {@link ValidationResultListener}.
+ *
+ * @param validatedChain a chain of X.509 certificates
+ * @return a possibly empty list of {@link VOMSValidationResult} object providing access to
+ * validation results and related attributes
*/
- public List This strategy is responsible of creating the {@link VOMSAttribute} objects which represents
+ * the authorizative VOMS authorization information.
+ *
+ * @author Andrea Ceccanti
*/
public interface VOMSAttributesNormalizationStrategy {
/**
- * Returns the normalized view of VOMS Authorization information starting from
- * a list of VOMS Attribute certificates.
- *
- * @param acs
- * a list of {@link ACParsingContext} objects
- *
+ * Returns the normalized view of VOMS Authorization information starting from a list of VOMS
+ * Attribute certificates.
+ *
+ * @param acs a list of {@link ACParsingContext} objects
* @return a possibly empty list {@link VOMSAttribute} object
*/
public List It utilizes a {@link VOMSACLookupStrategy} to locate attribute certificates
- * within the provided chain and applies a {@link VOMSAttributesNormalizationStrategy}
- * to normalize the extracted attributes. By default, it uses {@link LeafACLookupStrategy} for lookup and
- * {@link LeafVOMSExtensionNormalizationStrategy} for normalization. It utilizes a {@link VOMSACLookupStrategy} to locate attribute certificates within the
+ * provided chain and applies a {@link VOMSAttributesNormalizationStrategy} to normalize the
+ * extracted attributes.
*
+ * By default, it uses {@link LeafACLookupStrategy} for lookup and {@link
+ * LeafVOMSExtensionNormalizationStrategy} for normalization.
*/
public class DefaultVOMSACParser implements VOMSACParser {
private final VOMSACLookupStrategy acLookupStrategy;
- private final VOMSAttributesNormalizationStrategy acNormalizationStrategy = new LeafVOMSExtensionNormalizationStrategy();
+ private final VOMSAttributesNormalizationStrategy acNormalizationStrategy =
+ new LeafVOMSExtensionNormalizationStrategy();
/**
- * Creates a new {@code DefaultVOMSACParser} with the default lookup strategy.
- * Uses {@link LeafACLookupStrategy} with a {@link NullListener} instance.
+ * Creates a new {@code DefaultVOMSACParser} with the default lookup strategy. Uses {@link
+ * LeafACLookupStrategy} with a {@link NullListener} instance.
*/
public DefaultVOMSACParser() {
@@ -42,8 +40,8 @@ public DefaultVOMSACParser() {
}
/**
- * Creates a new {@code DefaultVOMSACParser} with a specified lookup strategy.
- * Uses {@link LeafVOMSExtensionNormalizationStrategy} for attribute normalization.
+ * Creates a new {@code DefaultVOMSACParser} with a specified lookup strategy. Uses {@link
+ * LeafVOMSExtensionNormalizationStrategy} for attribute normalization.
*
* @param strategy the lookup strategy to use for locating attribute certificates
* @throws NullPointerException if the provided strategy is {@code null}
@@ -63,10 +61,9 @@ public DefaultVOMSACParser(VOMSACLookupStrategy strategy) {
@Override
public List
- * This class provides methods for creating VOMS ACs with customizable properties, including
+ *
+ * This class provides methods for creating VOMS ACs with customizable properties, including
* optional extensions and fake signature bits for testing purposes.
- *
- * It uses BouncyCastle for cryptographic operations and supports various extensions required for
+ *
+ * It uses BouncyCastle for cryptographic operations and supports various extensions required for
* VOMS attribute certificates.
- *
- * This extension normally contains the issuer's certificate chain, which may be omitted
- * if the relying party already possesses it.
- * This extension normally contains the issuer's certificate chain, which may be omitted if
+ * the relying party already possesses it.
*/
SKIP_AC_CERTS_EXTENSION,
/**
* Generates fake signature bits instead of signing the certificate with a real key.
- *
- * This is primarily used for testing purposes, as the resulting AC will not be verifiable.
- * This is primarily used for testing purposes, as the resulting AC will not be verifiable.
*/
FAKE_SIGNATURE_BITS,
/**
* Includes a fake critical extension in the generated Attribute Certificate.
- *
- * This extension is added for testing scenarios where certificate parsers need to handle
+ *
+ * This extension is added for testing scenarios where certificate parsers need to handle
* unknown critical extensions.
- *
- * This extension indicates that no revocation information is available for the AC.
- * This extension indicates that no revocation information is available for the AC.
*/
INCLUDE_CRITICAL_NO_REV_AVAIL_EXTENSION,
/**
* Includes the Authority Key Identifier (AKID) extension as a critical extension.
- *
- * The AKID extension helps in linking the AC to its issuer, making it easier for
+ *
+ * The AKID extension helps in linking the AC to its issuer, making it easier for
* verification systems to locate the issuing certificate.
- *
- * This is useful for testing scenarios where the extension is expected but contains no
+ *
+ * This is useful for testing scenarios where the extension is expected but contains no
* actual certificate information.
- *
- * This is used for testing purposes to create attribute certificates with fake signatures.
- * This is used for testing purposes to create attribute certificates with fake signatures.
*/
static class RandomContentSigner implements ContentSigner {
@@ -184,7 +171,6 @@ public byte[] getSignature() {
return sigBytes;
}
-
}
/** Fake extension OID used in testing. */
@@ -254,8 +240,8 @@ private ASN1Encodable buildACCertsExtensionContent(EnumSet Credentials are searched in the following places (in sequence):
+ *
* This class is responsible for creating an {@link SSLSocketFactory} that is configured with a
* given X.509 credential and certificate validator. It supports optional hostname verification.
- *
*/
public class SSLSocketFactoryProvider {
@@ -49,8 +45,8 @@ public class SSLSocketFactoryProvider {
* @param validator the certificate chain validator
* @param skipHostnameChecks true to disable hostname verification, false otherwise
*/
- public SSLSocketFactoryProvider(X509Credential credential, X509CertChainValidatorExt validator,
- boolean skipHostnameChecks) {
+ public SSLSocketFactoryProvider(
+ X509Credential credential, X509CertChainValidatorExt validator, boolean skipHostnameChecks) {
this.credential = credential;
this.validator = validator;
@@ -97,14 +93,19 @@ public SSLSocketFactory getSSLSockectFactory() {
KeyManager[] keyManagers = new KeyManager[] {credential.getKeyManager()};
- SocketFactoryCreator2 factory = new SocketFactoryCreator2(credential, validator,
- skipHostnameChecks ? new DisabledNameMismatchCallback()
- : new EnforcingNameMismatchCallback());
+ SocketFactoryCreator2 factory =
+ new SocketFactoryCreator2(
+ credential,
+ validator,
+ skipHostnameChecks
+ ? new DisabledNameMismatchCallback()
+ : new EnforcingNameMismatchCallback());
X509TrustManager trustManager = factory.getSSLTrustManager();
TrustManager[] trustManagers = new TrustManager[] {trustManager};
- // Using new SecureRandom instead of SecureRandom.getInstance("SHA1PRNG") to avoid unnecessary
+ // Using new SecureRandom instead of SecureRandom.getInstance("SHA1PRNG") to
+ // avoid unnecessary
// blocking
SecureRandom secureRandom = new SecureRandom();
@@ -116,5 +117,4 @@ public SSLSocketFactory getSSLSockectFactory() {
return context.getSocketFactory();
}
-
}
diff --git a/src/main/java/org/italiangrid/voms/request/VOMSACRequest.java b/src/main/java/org/italiangrid/voms/request/VOMSACRequest.java
index 5f3df51..0b06a6e 100644
--- a/src/main/java/org/italiangrid/voms/request/VOMSACRequest.java
+++ b/src/main/java/org/italiangrid/voms/request/VOMSACRequest.java
@@ -8,9 +8,8 @@
/**
* A request for a VOMS Attribute certificate.
- *
- * @author Andrea Ceccanti
*
+ * @author Andrea Ceccanti
*/
public interface VOMSACRequest {
@@ -20,14 +19,13 @@ public interface VOMSACRequest {
public int getLifetime();
/**
- * @return the list of the requested FQANs specified in this
- * {@link VOMSACRequest} object.
+ * @return the list of the requested FQANs specified in this {@link VOMSACRequest} object.
*/
public List This method returns a random shuffle of the {@link VOMSServerInfo} objects that match the
+ * input request.
+ *
* @param request the request
* @return a possibly empty {@link List} of {@link VOMSServerInfo} objects
*/
@@ -253,53 +233,37 @@ protected List This implementation looks for vomses information in the following paths:
+ *
* It supports parsing from files, directories, and readers, and ensures that
- * the VOMSES files exist and are readable before processing. It supports parsing from files, directories, and readers, and ensures that the VOMSES files
+ * exist and are readable before processing.
*
- * VOMSES files typically contain server connection information in a structured format. VOMSES files typically contain server connection information in a structured format.
*/
public class LegacyVOMSESParserImpl implements VOMSESParser {
- /**
- * Line parser used to process individual VOMSES lines.
- */
+ /** Line parser used to process individual VOMSES lines. */
private final VOMSESLineParser lineParser = new VOMSESLineParser();
/**
@@ -60,8 +57,7 @@ protected void fileSanityChecks(File f) {
* @return a {@link VOMSServerInfo} instance representing the parsed line
* @throws URISyntaxException if the URI in the line is malformed
*/
- protected VOMSServerInfo parseLine(String vomsesLine)
- throws URISyntaxException {
+ protected VOMSServerInfo parseLine(String vomsesLine) throws URISyntaxException {
return lineParser.parse(vomsesLine);
}
@@ -84,18 +80,14 @@ public List The VOMSES line format is as follows:
+ *
* The certificate chain description is a list of X.500 distinguished names encoded as strings
+ * according to the OpenSSL slash-separated format, as in: This store will be refreshed according to the value of {@link #DEFAULT_UPDATE_FREQUENCY}.
*/
public DefaultUpdatingVOMSTrustStore() {
- this(buildDefaultTrustedDirs(), DEFAULT_UPDATE_FREQUENCY,
- NullListener.INSTANCE);
+ this(buildDefaultTrustedDirs(), DEFAULT_UPDATE_FREQUENCY, NullListener.INSTANCE);
}
protected void updateFrequencySanityChecks(long updateFrequency) {
if (updateFrequency <= 0)
- throw new VOMSError(
- "Please provide a positive value for this store update frequency!");
+ throw new VOMSError("Please provide a positive value for this store update frequency!");
}
protected void scheduleUpdate() {
@@ -127,25 +103,25 @@ protected void scheduleUpdate() {
long frequency = getUpdateFrequency();
- scheduler.scheduleWithFixedDelay(new Runnable() {
+ scheduler.scheduleWithFixedDelay(
+ new Runnable() {
- // Just run update on the VOMS trust store and log any error
- public void run() {
+ // Just run update on the VOMS trust store and log any error
+ public void run() {
- update();
- }
- }, frequency, // First execution delay
- frequency, // Next iterations delay
- TimeUnit.MILLISECONDS);
+ update();
+ }
+ },
+ frequency, // First execution delay
+ frequency, // Next iterations delay
+ TimeUnit.MILLISECONDS);
} finally {
write.unlock();
}
}
- /**
- * Returns the update frequency, in milliseconds, for this store.
- */
+ /** Returns the update frequency, in milliseconds, for this store. */
public long getUpdateFrequency() {
read.lock();
@@ -156,17 +132,13 @@ public long getUpdateFrequency() {
}
}
- /**
- * Updates the information in this store
- */
+ /** Updates the information in this store */
public void update() {
loadTrustInformation();
}
- /**
- * Cancel the background tasks which updates this store.
- */
+ /** Cancel the background tasks which updates this store. */
public void cancel() {
write.lock();
@@ -176,5 +148,4 @@ public void cancel() {
write.unlock();
}
}
-
}
diff --git a/src/main/java/org/italiangrid/voms/store/impl/DefaultVOMSTrustStore.java b/src/main/java/org/italiangrid/voms/store/impl/DefaultVOMSTrustStore.java
index e91008b..f303967 100644
--- a/src/main/java/org/italiangrid/voms/store/impl/DefaultVOMSTrustStore.java
+++ b/src/main/java/org/italiangrid/voms/store/impl/DefaultVOMSTrustStore.java
@@ -4,6 +4,9 @@
package org.italiangrid.voms.store.impl;
+import eu.emi.security.authn.x509.helpers.trust.OpensslTruststoreHelper;
+import eu.emi.security.authn.x509.impl.CertificateUtils;
+import eu.emi.security.authn.x509.impl.CertificateUtils.Encoding;
import java.io.File;
import java.io.FileFilter;
import java.io.FileInputStream;
@@ -20,82 +23,68 @@
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
-
import javax.security.auth.x500.X500Principal;
-
import org.italiangrid.voms.VOMSError;
import org.italiangrid.voms.store.LSCInfo;
import org.italiangrid.voms.store.VOMSTrustStore;
import org.italiangrid.voms.store.VOMSTrustStoreStatusListener;
import org.italiangrid.voms.util.NullListener;
-import eu.emi.security.authn.x509.helpers.trust.OpensslTruststoreHelper;
-import eu.emi.security.authn.x509.impl.CertificateUtils;
-import eu.emi.security.authn.x509.impl.CertificateUtils.Encoding;
-
/**
- *
* The default implementation for the VOMS trust store. This implementation does not refresh
- * the trust information on a periodic basis. For an updating trust store see
- * {@link DefaultUpdatingVOMSTrustStore}.
- *
+ * the trust information on a periodic basis. For an updating trust store see {@link
+ * DefaultUpdatingVOMSTrustStore}.
+ *
* @author Andrea Ceccanti
- *
*/
public class DefaultVOMSTrustStore implements VOMSTrustStore {
/**
* The default directory where local VOMS trust information is rooted: {@value #DEFAULT_VOMS_DIR}
- **/
+ */
public static final String DEFAULT_VOMS_DIR = "/etc/grid-security/vomsdir";
- /**
- * The filename suffix used to match certificates in the VOMS local trust directories
- **/
+ /** The filename suffix used to match certificates in the VOMS local trust directories */
public static final String CERTIFICATE_FILENAME_SUFFIX = ".pem";
- /**
- * The filename suffix used to match LSC files in the VOMS local trust directories
- **/
+ /** The filename suffix used to match LSC files in the VOMS local trust directories */
public static final String LSC_FILENAME_SUFFIX = ".lsc";
/**
* The list of local trusted directories that is searched for trust information (certs or LSC
* files)
- **/
+ */
private final List Sets the local trusted directories to the default of {@value #DEFAULT_VOMS_DIR}.
*/
public DefaultVOMSTrustStore() {
@@ -166,8 +151,8 @@ public List The LSC file describes the certificate chain that a VOMS attribute authority
- * uses to sign a VOMS attribute certificate. The LSC mechanism helps in solving
- * the public key distribution problem for VOMS AA certificates and is used in
- * the VOMS validation process to validate the signature on the AC. It does this by
- * extracting the VOMS AA certificate included in the VOMS extension and ensuring
- * that the chain conforms to the description in the LSC file. Two {@link LSCFile} objects are considered equal if their VO and hostname fields match. The LSC file describes the certificate chain that a VOMS attribute authority uses to sign a
+ * VOMS attribute certificate. The LSC mechanism helps in solving the public key distribution
+ * problem for VOMS AA certificates and is used in the VOMS validation process to validate the
+ * signature on the AC. It does this by extracting the VOMS AA certificate included in the VOMS
+ * extension and ensuring that the chain conforms to the description in the LSC file.
+ *
+ * Two {@link LSCFile} objects are considered equal if their VO and hostname fields match.
*/
public class LSCFile implements LSCInfo {
@@ -146,23 +141,16 @@ public int hashCode() {
@Override
public boolean equals(Object obj) {
- if (this == obj)
- return true;
- if (obj == null)
- return false;
- if (getClass() != obj.getClass())
- return false;
+ if (this == obj) return true;
+ if (obj == null) return false;
+ if (getClass() != obj.getClass()) return false;
LSCFile other = (LSCFile) obj;
if (hostname == null) {
- if (other.hostname != null)
- return false;
- } else if (!hostname.equals(other.hostname))
- return false;
+ if (other.hostname != null) return false;
+ } else if (!hostname.equals(other.hostname)) return false;
if (vo == null) {
- if (other.vo != null)
- return false;
- } else if (!vo.equals(other.vo))
- return false;
+ if (other.vo != null) return false;
+ } else if (!vo.equals(other.vo)) return false;
return true;
}
@@ -174,8 +162,15 @@ public boolean equals(Object obj) {
@Override
public String toString() {
- return "LSCFile [filename=" + filename + ", vo=" + vo + ", hostname="
- + hostname + ", certChainDescription=" + certChainDescription + "]";
+ return "LSCFile [filename="
+ + filename
+ + ", vo="
+ + vo
+ + ", hostname="
+ + hostname
+ + ", certChainDescription="
+ + certChainDescription
+ + "]";
}
/**
@@ -218,6 +213,7 @@ public boolean matches(X509Certificate[] certChain) {
*/
@SuppressWarnings("deprecation")
private boolean matches(X500Principal certDn, String lscDn) {
+
return X500NameUtils.equal(certDn, OpensslNameUtils.opensslToRfc2253(lscDn));
}
}
diff --git a/src/main/java/org/italiangrid/voms/store/impl/VOMSNamedThreadFactory.java b/src/main/java/org/italiangrid/voms/store/impl/VOMSNamedThreadFactory.java
index 1af0f26..49bcf29 100644
--- a/src/main/java/org/italiangrid/voms/store/impl/VOMSNamedThreadFactory.java
+++ b/src/main/java/org/italiangrid/voms/store/impl/VOMSNamedThreadFactory.java
@@ -10,9 +10,8 @@
/**
* A simple thread factory to create named VOMS background threads.
- *
- * @author Andrea Ceccanti
*
+ * @author Andrea Ceccanti
*/
public class VOMSNamedThreadFactory implements ThreadFactory {
@@ -26,13 +25,10 @@ public VOMSNamedThreadFactory(UncaughtExceptionHandler h) {
this.handler = h;
}
- public VOMSNamedThreadFactory() {
-
- }
+ public VOMSNamedThreadFactory() {}
public Thread newThread(Runnable r) {
- return new VOMSThread(r, poolBaseName + "-" + created.incrementAndGet(),
- handler);
+ return new VOMSThread(r, poolBaseName + "-" + created.incrementAndGet(), handler);
}
}
diff --git a/src/main/java/org/italiangrid/voms/store/impl/VOMSThread.java b/src/main/java/org/italiangrid/voms/store/impl/VOMSThread.java
index fcc5604..238f150 100644
--- a/src/main/java/org/italiangrid/voms/store/impl/VOMSThread.java
+++ b/src/main/java/org/italiangrid/voms/store/impl/VOMSThread.java
@@ -5,28 +5,21 @@
package org.italiangrid.voms.store.impl;
/**
- * An helper class to create a named VOMS thread. This class just sets the name
- * for the thread and set an {@link java.lang.Thread.UncaughtExceptionHandler}
- * which logs the caught exception.
- *
- * @author Andrea Ceccanti
+ * An helper class to create a named VOMS thread. This class just sets the name for the thread and
+ * set an {@link java.lang.Thread.UncaughtExceptionHandler} which logs the caught exception.
*
+ * @author Andrea Ceccanti
*/
public class VOMSThread extends Thread {
/**
* Default constructor.
- *
- * @param target
- * the object whose The certificate fingerprint is the SHA1 hash of the DER encoding of the certificate.
*
* @return the fingerprint for this entry
* @see FingerprintHelper
@@ -346,15 +303,13 @@ public String getCertFingerprint() {
}
/**
+ * Sets the certificate finger for this entry. The certificate fingerprint is the SHA1 hash of the
+ * DER encoding of the certificate.
*
- * Sets the certificate finger for this entry. The certificate fingerprint is
- * the SHA1 hash of the DER encoding of the certificate.
- *
- * It can be computed with the
- * {@link FingerprintHelper#getFingerprint(X509Certificate)} method.
+ * It can be computed with the {@link FingerprintHelper#getFingerprint(X509Certificate)}
+ * method.
*
- * @param certFingerprint
- * a certificate fingerprint describing a certificate
+ * @param certFingerprint a certificate fingerprint describing a certificate
*/
public void setCertFingerprint(String certFingerprint) {
@@ -366,26 +321,20 @@ public int hashCode() {
final int prime = 31;
int result = 1;
- result = prime * result
- + ((certFingerprint == null) ? 0 : certFingerprint.hashCode());
+ result = prime * result + ((certFingerprint == null) ? 0 : certFingerprint.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
- if (this == obj)
- return true;
- if (obj == null)
- return false;
- if (getClass() != obj.getClass())
- return false;
+ if (this == obj) return true;
+ if (obj == null) return false;
+ if (getClass() != obj.getClass()) return false;
CachedValidationResult other = (CachedValidationResult) obj;
if (certFingerprint == null) {
- if (other.certFingerprint != null)
- return false;
- } else if (!certFingerprint.equals(other.certFingerprint))
- return false;
+ if (other.certFingerprint != null) return false;
+ } else if (!certFingerprint.equals(other.certFingerprint)) return false;
return true;
}
}
diff --git a/src/main/java/org/italiangrid/voms/util/CertificateValidatorBuilder.java b/src/main/java/org/italiangrid/voms/util/CertificateValidatorBuilder.java
index 5559d6e..c55bfe0 100644
--- a/src/main/java/org/italiangrid/voms/util/CertificateValidatorBuilder.java
+++ b/src/main/java/org/italiangrid/voms/util/CertificateValidatorBuilder.java
@@ -4,10 +4,6 @@
package org.italiangrid.voms.util;
-import java.util.Arrays;
-
-import org.italiangrid.voms.ac.impl.DefaultVOMSValidator;
-
import eu.emi.security.authn.x509.CrlCheckingMode;
import eu.emi.security.authn.x509.NamespaceCheckingMode;
import eu.emi.security.authn.x509.OCSPCheckingMode;
@@ -20,20 +16,20 @@
import eu.emi.security.authn.x509.impl.OpensslCertChainValidator;
import eu.emi.security.authn.x509.impl.RevocationParametersExt;
import eu.emi.security.authn.x509.impl.ValidatorParamsExt;
+import java.util.Arrays;
+import org.italiangrid.voms.ac.impl.DefaultVOMSValidator;
/**
- * A utility class which provides convenient methods to build a certificate
- * validator with defaults that are meaningful for VOMS usage.
- *
+ * A utility class which provides convenient methods to build a certificate validator with defaults
+ * that are meaningful for VOMS usage.
+ *
* @author cecco
- *
*/
public class CertificateValidatorBuilder {
/**
- * This enum determine which hash function is configured for the canl
- * {@link OpensslCertChainValidator} to resolve CRLs and other trust anchors
- * files.
+ * This enum determine which hash function is configured for the canl {@link
+ * OpensslCertChainValidator} to resolve CRLs and other trust anchors files.
*/
public static enum OpensslHashFunction {
MD5,
@@ -41,39 +37,28 @@ public static enum OpensslHashFunction {
};
/**
- * The default Openssl hash function value. MD5 is chosen to ensure
- * compatibility with Openssl pre 1.0 deployments.
+ * The default Openssl hash function value. MD5 is chosen to ensure compatibility with Openssl pre
+ * 1.0 deployments.
*/
public static final OpensslHashFunction DEFAULT_OPENSSL_HASH_FUNCTION = OpensslHashFunction.MD5;
- /**
- * The default CRL checking policy.
- */
+ /** The default CRL checking policy. */
public static final CrlCheckingMode DEFAULT_CRL_CHECKS = CrlCheckingMode.IF_VALID;
- /**
- * The default OCSP checking policy.
- */
+ /** The default OCSP checking policy. */
public static final OCSPCheckingMode DEFAULT_OCSP_CHECKS = OCSPCheckingMode.IGNORE;
- /**
- * The default namespace checking policy.
- */
- public static final NamespaceCheckingMode DEFAULT_NS_CHECKS = NamespaceCheckingMode.GLOBUS_EUGRIDPMA;
+ /** The default namespace checking policy. */
+ public static final NamespaceCheckingMode DEFAULT_NS_CHECKS =
+ NamespaceCheckingMode.GLOBUS_EUGRIDPMA;
- /**
- * The default trust anchors directory.
- */
+ /** The default trust anchors directory. */
public static final String DEFAULT_TRUST_ANCHORS_DIR = "/etc/grid-security/certificates";
- /**
- * By default this builder builds non-lazy validators
- */
+ /** By default this builder builds non-lazy validators */
public static final Boolean DEFAULT_VALIDATOR_IS_LAZY = Boolean.FALSE;
- /**
- * Default validator trust anchor update interval.
- */
+ /** Default validator trust anchor update interval. */
public static final long DEFAULT_TRUST_ANCHORS_UPDATE_INTERVAL = 0L;
private String trustAnchorsDir = DEFAULT_TRUST_ANCHORS_DIR;
@@ -88,20 +73,15 @@ public static enum OpensslHashFunction {
private OCSPCheckingMode ocspChecks = DEFAULT_OCSP_CHECKS;
private OpensslHashFunction opensslHashFunction = DEFAULT_OPENSSL_HASH_FUNCTION;
- public CertificateValidatorBuilder() {
-
- }
+ public CertificateValidatorBuilder() {}
/**
* Sets the openssl hash function for this builder
- *
- * @param f
- * the {@link OpensslHashFunction}
- *
+ *
+ * @param f the {@link OpensslHashFunction}
* @return the builder object
*/
- public CertificateValidatorBuilder opensslHashFunction(
- OpensslHashFunction f) {
+ public CertificateValidatorBuilder opensslHashFunction(OpensslHashFunction f) {
opensslHashFunction = f;
return this;
@@ -109,13 +89,11 @@ public CertificateValidatorBuilder opensslHashFunction(
/**
* Sets the store update listener for this builder
- *
- * @param l
- * the {@link StoreUpdateListener}
+ *
+ * @param l the {@link StoreUpdateListener}
* @return the builder object
*/
- public CertificateValidatorBuilder storeUpdateListener(
- StoreUpdateListener l) {
+ public CertificateValidatorBuilder storeUpdateListener(StoreUpdateListener l) {
storeUpdateListener = l;
return this;
@@ -123,9 +101,8 @@ public CertificateValidatorBuilder storeUpdateListener(
/**
* Sets the trust anchors dir for this builder
- *
- * @param dir
- * the trust anchors directory
+ *
+ * @param dir the trust anchors directory
* @return the builder object
*/
public CertificateValidatorBuilder trustAnchorsDir(String dir) {
@@ -136,13 +113,11 @@ public CertificateValidatorBuilder trustAnchorsDir(String dir) {
/**
* Sets the validation error listener for this builder
- *
- * @param l
- * the {@link ValidationErrorListener}
+ *
+ * @param l the {@link ValidationErrorListener}
* @return the builder object
*/
- public CertificateValidatorBuilder validationErrorListener(
- ValidationErrorListener l) {
+ public CertificateValidatorBuilder validationErrorListener(ValidationErrorListener l) {
validationErrorListener = l;
return this;
@@ -150,9 +125,8 @@ public CertificateValidatorBuilder validationErrorListener(
/**
* Sets the trust anchors update interval for this builder
- *
- * @param interval
- * the update interval
+ *
+ * @param interval the update interval
* @return the builder object
*/
public CertificateValidatorBuilder trustAnchorsUpdateInterval(long interval) {
@@ -163,11 +137,9 @@ public CertificateValidatorBuilder trustAnchorsUpdateInterval(long interval) {
/**
* Sets whether the created validator will be lazy in loading anchors
- *
- * @param lazyness
- * the boolean flag that determines if the validator will be lazy in
- * loading trust anchors
- *
+ *
+ * @param lazyness the boolean flag that determines if the validator will be lazy in loading trust
+ * anchors
* @return the builder object
*/
public CertificateValidatorBuilder lazyAnchorsLoading(boolean lazyness) {
@@ -178,13 +150,11 @@ public CertificateValidatorBuilder lazyAnchorsLoading(boolean lazyness) {
/**
* Sets the namespace checking mode for this builder
- *
- * @param nsChecks
- * the {@link NamespaceCheckingMode}
+ *
+ * @param nsChecks the {@link NamespaceCheckingMode}
* @return the builder object
*/
- public CertificateValidatorBuilder namespaceChecks(
- NamespaceCheckingMode nsChecks) {
+ public CertificateValidatorBuilder namespaceChecks(NamespaceCheckingMode nsChecks) {
namespaceChecks = nsChecks;
return this;
@@ -192,9 +162,8 @@ public CertificateValidatorBuilder namespaceChecks(
/**
* Sets the crl checking mode for this builder
- *
- * @param crl
- * the {@link CrlCheckingMode}
+ *
+ * @param crl the {@link CrlCheckingMode}
* @return the builder object
*/
public CertificateValidatorBuilder crlChecks(CrlCheckingMode crl) {
@@ -205,9 +174,8 @@ public CertificateValidatorBuilder crlChecks(CrlCheckingMode crl) {
/**
* Sets the ocsp checking mode for this builder
- *
- * @param ocsp
- * the {@link OCSPCheckingMode}
+ *
+ * @param ocsp the {@link OCSPCheckingMode}
* @return the builder object
*/
public CertificateValidatorBuilder ocspChecks(OCSPCheckingMode ocsp) {
@@ -217,329 +185,318 @@ public CertificateValidatorBuilder ocspChecks(OCSPCheckingMode ocsp) {
}
/**
- * Builds an {@link OpensslCertChainValidator} according to the parameters set
- * for this builder
- *
+ * Builds an {@link OpensslCertChainValidator} according to the parameters set for this builder
+ *
* @return the {@link X509CertChainValidatorExt}
*/
public X509CertChainValidatorExt build() {
- RevocationParametersExt revocationParameters = new RevocationParametersExt(
- crlChecks, new CRLParameters(), new OCSPParametes(ocspChecks));
+ RevocationParametersExt revocationParameters =
+ new RevocationParametersExt(crlChecks, new CRLParameters(), new OCSPParametes(ocspChecks));
- ValidatorParamsExt validationParams = new ValidatorParamsExt(
- revocationParameters, ProxySupport.ALLOW);
+ ValidatorParamsExt validationParams =
+ new ValidatorParamsExt(revocationParameters, ProxySupport.ALLOW);
- if (storeUpdateListener != null){
+ if (storeUpdateListener != null) {
validationParams.setInitialListeners(Arrays.asList(storeUpdateListener));
}
-
+
boolean openssl1xMode = false;
-
- if (opensslHashFunction == OpensslHashFunction.SHA1){
+
+ if (opensslHashFunction == OpensslHashFunction.SHA1) {
openssl1xMode = true;
}
-
- OpensslCertChainValidator validator = new OpensslCertChainValidator(
- trustAnchorsDir, openssl1xMode, namespaceChecks, trustAnchorsUpdateInterval,
- validationParams, lazyAnchorsLoading);
- if (validationErrorListener != null){
+ OpensslCertChainValidator validator =
+ new OpensslCertChainValidator(
+ trustAnchorsDir,
+ openssl1xMode,
+ namespaceChecks,
+ trustAnchorsUpdateInterval,
+ validationParams,
+ lazyAnchorsLoading);
+
+ if (validationErrorListener != null) {
validator.addValidationListener(validationErrorListener);
}
-
+
return validator;
}
/**
- * Builds an Openssl-style certificate validator configured as specified in
- * the parameters
- *
- * @param trustAnchorsDir
- * the directory where trust anchors are loaded from
- * @param validationErrorListener
- * the listener that will receive notification about validation
- * errors
- * @param storeUpdateListener
- * the listener that will receive notifications about trust store
- * update events
- * @param updateInterval
- * the trust anchor store update interval
- * @param namespaceChecks
- * the namespace checking policy
- * @param crlChecks
- * the crl checking policy
- * @param ocspChecks
- * the ocsp checking policy
- *
- * @return an Openssl-style certificate validator configured as specified in
- * the parameters
+ * Builds an Openssl-style certificate validator configured as specified in the parameters
+ *
+ * @param trustAnchorsDir the directory where trust anchors are loaded from
+ * @param validationErrorListener the listener that will receive notification about validation
+ * errors
+ * @param storeUpdateListener the listener that will receive notifications about trust store
+ * update events
+ * @param updateInterval the trust anchor store update interval
+ * @param namespaceChecks the namespace checking policy
+ * @param crlChecks the crl checking policy
+ * @param ocspChecks the ocsp checking policy
+ * @return an Openssl-style certificate validator configured as specified in the parameters
*/
public static X509CertChainValidatorExt buildCertificateValidator(
- String trustAnchorsDir, ValidationErrorListener validationErrorListener,
- StoreUpdateListener storeUpdateListener, long updateInterval,
- NamespaceCheckingMode namespaceChecks, CrlCheckingMode crlChecks,
- OCSPCheckingMode ocspChecks) {
-
- return buildCertificateValidator(trustAnchorsDir, validationErrorListener,
- storeUpdateListener, updateInterval, namespaceChecks, crlChecks,
- ocspChecks, true);
+ String trustAnchorsDir,
+ ValidationErrorListener validationErrorListener,
+ StoreUpdateListener storeUpdateListener,
+ long updateInterval,
+ NamespaceCheckingMode namespaceChecks,
+ CrlCheckingMode crlChecks,
+ OCSPCheckingMode ocspChecks) {
+
+ return buildCertificateValidator(
+ trustAnchorsDir,
+ validationErrorListener,
+ storeUpdateListener,
+ updateInterval,
+ namespaceChecks,
+ crlChecks,
+ ocspChecks,
+ true);
}
/**
- * Builds an Openssl-style certificate validator configured as specified in
- * the parameters
- *
- * @param trustAnchorsDir
- * the directory where trust anchors are loaded from
- * @param validationErrorListener
- * the listener that will receive notification about validation
- * errors
- * @param storeUpdateListener
- * the listener that will receive notifications about trust store
- * update events
- * @param updateInterval
- * the trust anchor store update interval
- * @param namespaceChecks
- * the namespace checking policy
- * @param crlChecks
- * the crl checking policy
- * @param ocspChecks
- * the ocsp checking policy
- * @param lazy
- * whether the validator should be lazy in loading crls and
- * certificates
- *
- * @return an Openssl-style certificate validator configured as specified in
- * the parameters
- *
+ * Builds an Openssl-style certificate validator configured as specified in the parameters
+ *
+ * @param trustAnchorsDir the directory where trust anchors are loaded from
+ * @param validationErrorListener the listener that will receive notification about validation
+ * errors
+ * @param storeUpdateListener the listener that will receive notifications about trust store
+ * update events
+ * @param updateInterval the trust anchor store update interval
+ * @param namespaceChecks the namespace checking policy
+ * @param crlChecks the crl checking policy
+ * @param ocspChecks the ocsp checking policy
+ * @param lazy whether the validator should be lazy in loading crls and certificates
+ * @return an Openssl-style certificate validator configured as specified in the parameters
* @deprecated Create a {@link CertificateValidatorBuilder} object instead.
*/
@Deprecated
public static X509CertChainValidatorExt buildCertificateValidator(
- String trustAnchorsDir, ValidationErrorListener validationErrorListener,
- StoreUpdateListener storeUpdateListener, long updateInterval,
- NamespaceCheckingMode namespaceChecks, CrlCheckingMode crlChecks,
- OCSPCheckingMode ocspChecks, boolean lazy) {
+ String trustAnchorsDir,
+ ValidationErrorListener validationErrorListener,
+ StoreUpdateListener storeUpdateListener,
+ long updateInterval,
+ NamespaceCheckingMode namespaceChecks,
+ CrlCheckingMode crlChecks,
+ OCSPCheckingMode ocspChecks,
+ boolean lazy) {
CertificateValidatorBuilder builder = new CertificateValidatorBuilder();
- return builder.trustAnchorsDir(trustAnchorsDir)
- .validationErrorListener(validationErrorListener)
- .storeUpdateListener(storeUpdateListener)
- .trustAnchorsUpdateInterval(updateInterval)
- .namespaceChecks(namespaceChecks).crlChecks(crlChecks)
- .ocspChecks(ocspChecks).lazyAnchorsLoading(lazy).build();
+ return builder
+ .trustAnchorsDir(trustAnchorsDir)
+ .validationErrorListener(validationErrorListener)
+ .storeUpdateListener(storeUpdateListener)
+ .trustAnchorsUpdateInterval(updateInterval)
+ .namespaceChecks(namespaceChecks)
+ .crlChecks(crlChecks)
+ .ocspChecks(ocspChecks)
+ .lazyAnchorsLoading(lazy)
+ .build();
}
/**
- * Builds an Openssl-style certificate validator configured as specified in
- * the parameters
- *
- * @param trustAnchorsDir
- * the directory where trust anchors are loaded from
- * @param validationErrorListener
- * the listener that will receive notification about validation
- * errors
- *
- * @return an Openssl-style certificate validator configured as specified in
- * the parameters
- *
+ * Builds an Openssl-style certificate validator configured as specified in the parameters
+ *
+ * @param trustAnchorsDir the directory where trust anchors are loaded from
+ * @param validationErrorListener the listener that will receive notification about validation
+ * errors
+ * @return an Openssl-style certificate validator configured as specified in the parameters
* @deprecated Create a {@link CertificateValidatorBuilder} object instead.
*/
@Deprecated
public static X509CertChainValidatorExt buildCertificateValidator(
- String trustAnchorsDir, ValidationErrorListener validationErrorListener) {
+ String trustAnchorsDir, ValidationErrorListener validationErrorListener) {
- return buildCertificateValidator(trustAnchorsDir, validationErrorListener,
- null, 0L, DEFAULT_NS_CHECKS, DEFAULT_CRL_CHECKS, DEFAULT_OCSP_CHECKS);
+ return buildCertificateValidator(
+ trustAnchorsDir,
+ validationErrorListener,
+ null,
+ 0L,
+ DEFAULT_NS_CHECKS,
+ DEFAULT_CRL_CHECKS,
+ DEFAULT_OCSP_CHECKS);
}
/**
- * Builds an Openssl-style certificate validator configured as specified in
- * the parameters
- *
- * @param trustAnchorsDir
- * the directory where trust anchors are loaded from
- * @param validationErrorListener
- * the listener that will receive notification about validation
- * errors
- * @param storeListener
- * the listener that will be informed of trust store load errors
- *
- * @return an Openssl-style certificate validator configured as specified in
- * the parameters
- *
+ * Builds an Openssl-style certificate validator configured as specified in the parameters
+ *
+ * @param trustAnchorsDir the directory where trust anchors are loaded from
+ * @param validationErrorListener the listener that will receive notification about validation
+ * errors
+ * @param storeListener the listener that will be informed of trust store load errors
+ * @return an Openssl-style certificate validator configured as specified in the parameters
* @deprecated Create a {@link CertificateValidatorBuilder} object instead.
*/
@Deprecated
public static X509CertChainValidatorExt buildCertificateValidator(
- String trustAnchorsDir, ValidationErrorListener validationErrorListener,
- StoreUpdateListener storeListener) {
+ String trustAnchorsDir,
+ ValidationErrorListener validationErrorListener,
+ StoreUpdateListener storeListener) {
- return buildCertificateValidator(trustAnchorsDir, validationErrorListener,
- storeListener, 0L, DEFAULT_NS_CHECKS, DEFAULT_CRL_CHECKS,
- DEFAULT_OCSP_CHECKS);
+ return buildCertificateValidator(
+ trustAnchorsDir,
+ validationErrorListener,
+ storeListener,
+ 0L,
+ DEFAULT_NS_CHECKS,
+ DEFAULT_CRL_CHECKS,
+ DEFAULT_OCSP_CHECKS);
}
/**
- * Builds an Openssl-style certificate validator configured as specified in
- * the parameters
- *
- * @param trustAnchorsDir
- * the directory where trust anchors are loaded from
- * @param validationErrorListener
- * the listener that will receive notification about validation
- * errors
- * @param storeListener
- * the listener that will be informed of trust store load errors
- *
- * @param updateInterval
- * the trust anchor store update interval
- *
- * @param lazy
- * whether the certificate validator should be lazy in loading crls
- * and CAs
- *
- * @return an Openssl-style certificate validator configured as specified in
- * the parameters
- *
+ * Builds an Openssl-style certificate validator configured as specified in the parameters
+ *
+ * @param trustAnchorsDir the directory where trust anchors are loaded from
+ * @param validationErrorListener the listener that will receive notification about validation
+ * errors
+ * @param storeListener the listener that will be informed of trust store load errors
+ * @param updateInterval the trust anchor store update interval
+ * @param lazy whether the certificate validator should be lazy in loading crls and CAs
+ * @return an Openssl-style certificate validator configured as specified in the parameters
* @deprecated Create a {@link CertificateValidatorBuilder} object instead.
- *
*/
@Deprecated
public static X509CertChainValidatorExt buildCertificateValidator(
- String trustAnchorsDir, ValidationErrorListener validationErrorListener,
- StoreUpdateListener storeListener, long updateInterval, boolean lazy) {
+ String trustAnchorsDir,
+ ValidationErrorListener validationErrorListener,
+ StoreUpdateListener storeListener,
+ long updateInterval,
+ boolean lazy) {
- return buildCertificateValidator(trustAnchorsDir, validationErrorListener,
- storeListener, updateInterval, DEFAULT_NS_CHECKS, DEFAULT_CRL_CHECKS,
- DEFAULT_OCSP_CHECKS, lazy);
+ return buildCertificateValidator(
+ trustAnchorsDir,
+ validationErrorListener,
+ storeListener,
+ updateInterval,
+ DEFAULT_NS_CHECKS,
+ DEFAULT_CRL_CHECKS,
+ DEFAULT_OCSP_CHECKS,
+ lazy);
}
/**
- * Builds an Openssl-style certificate validator configured as specified in
- * the parameters
- *
- * @param trustAnchorsDir
- * the directory where trust anchors are loaded from
- * @param validationErrorListener
- * the listener that will receive notification about validation
- * errors
- * @param storeListener
- * the listener that will be informed of trust store load errors
- *
- * @param updateInterval
- * the trust anchor store update interval
- *
- * @return an Openssl-style certificate validator configured as specified in
- * the parameters
- *
+ * Builds an Openssl-style certificate validator configured as specified in the parameters
+ *
+ * @param trustAnchorsDir the directory where trust anchors are loaded from
+ * @param validationErrorListener the listener that will receive notification about validation
+ * errors
+ * @param storeListener the listener that will be informed of trust store load errors
+ * @param updateInterval the trust anchor store update interval
+ * @return an Openssl-style certificate validator configured as specified in the parameters
* @deprecated Create a {@link CertificateValidatorBuilder} object instead.
- *
*/
@Deprecated
public static X509CertChainValidatorExt buildCertificateValidator(
- String trustAnchorsDir, ValidationErrorListener validationErrorListener,
- StoreUpdateListener storeListener, long updateInterval) {
+ String trustAnchorsDir,
+ ValidationErrorListener validationErrorListener,
+ StoreUpdateListener storeListener,
+ long updateInterval) {
- return buildCertificateValidator(trustAnchorsDir, validationErrorListener,
- storeListener, updateInterval, DEFAULT_NS_CHECKS, DEFAULT_CRL_CHECKS,
- DEFAULT_OCSP_CHECKS);
+ return buildCertificateValidator(
+ trustAnchorsDir,
+ validationErrorListener,
+ storeListener,
+ updateInterval,
+ DEFAULT_NS_CHECKS,
+ DEFAULT_CRL_CHECKS,
+ DEFAULT_OCSP_CHECKS);
}
/**
- * Builds an Openssl-style certificate validator configured as specified in
- * the parameters
- *
- * @param trustAnchorsDir
- * the directory where trust anchors are loaded from
- * @param validationErrorListener
- * the listener that will receive notification about validation
- * errors
- * @param updateInterval
- * the trust anchor store update interval
- * @param lazy
- * whether the certificate validator should be lazy in loading crls
- * and CAs
- *
- * @return an Openssl-style certificate validator configured as specified in
- * the parameters
- *
+ * Builds an Openssl-style certificate validator configured as specified in the parameters
+ *
+ * @param trustAnchorsDir the directory where trust anchors are loaded from
+ * @param validationErrorListener the listener that will receive notification about validation
+ * errors
+ * @param updateInterval the trust anchor store update interval
+ * @param lazy whether the certificate validator should be lazy in loading crls and CAs
+ * @return an Openssl-style certificate validator configured as specified in the parameters
* @deprecated Create a {@link CertificateValidatorBuilder} object instead.
- *
*/
@Deprecated
public static X509CertChainValidatorExt buildCertificateValidator(
- String trustAnchorsDir, ValidationErrorListener validationErrorListener,
- long updateInterval, boolean lazy) {
+ String trustAnchorsDir,
+ ValidationErrorListener validationErrorListener,
+ long updateInterval,
+ boolean lazy) {
- return buildCertificateValidator(trustAnchorsDir, validationErrorListener,
- null, updateInterval, DEFAULT_NS_CHECKS, DEFAULT_CRL_CHECKS,
- DEFAULT_OCSP_CHECKS, lazy);
+ return buildCertificateValidator(
+ trustAnchorsDir,
+ validationErrorListener,
+ null,
+ updateInterval,
+ DEFAULT_NS_CHECKS,
+ DEFAULT_CRL_CHECKS,
+ DEFAULT_OCSP_CHECKS,
+ lazy);
}
/**
- * Builds an Openssl-style certificate validator configured as specified in
- * the parameters
- *
- * @param trustAnchorsDir
- * the directory where trust anchors are loaded from
- * @param validationErrorListener
- * the listener that will receive notification about validation
- * errors
- * @param updateInterval
- * the trust anchor store update interval
- *
- * @return an Openssl-style certificate validator configured as specified in
- * the parameters
- *
+ * Builds an Openssl-style certificate validator configured as specified in the parameters
+ *
+ * @param trustAnchorsDir the directory where trust anchors are loaded from
+ * @param validationErrorListener the listener that will receive notification about validation
+ * errors
+ * @param updateInterval the trust anchor store update interval
+ * @return an Openssl-style certificate validator configured as specified in the parameters
* @deprecated Create a {@link CertificateValidatorBuilder} object instead.
- *
*/
@Deprecated
public static X509CertChainValidatorExt buildCertificateValidator(
- String trustAnchorsDir, ValidationErrorListener validationErrorListener,
- long updateInterval) {
+ String trustAnchorsDir,
+ ValidationErrorListener validationErrorListener,
+ long updateInterval) {
- return buildCertificateValidator(trustAnchorsDir, validationErrorListener,
- null, updateInterval, DEFAULT_NS_CHECKS, DEFAULT_CRL_CHECKS,
- DEFAULT_OCSP_CHECKS);
+ return buildCertificateValidator(
+ trustAnchorsDir,
+ validationErrorListener,
+ null,
+ updateInterval,
+ DEFAULT_NS_CHECKS,
+ DEFAULT_CRL_CHECKS,
+ DEFAULT_OCSP_CHECKS);
}
/**
- * Builds an Openssl-style certificate validator configured as specified in
- * the parameters
- *
- * @param trustAnchorsDir
- * the directory where trust anchors are loaded from
- *
- * @return an Openssl-style certificate validator configured as specified in
- * the parameters
- *
+ * Builds an Openssl-style certificate validator configured as specified in the parameters
+ *
+ * @param trustAnchorsDir the directory where trust anchors are loaded from
+ * @return an Openssl-style certificate validator configured as specified in the parameters
* @deprecated Create a {@link CertificateValidatorBuilder} object instead.
*/
@Deprecated
- public static X509CertChainValidatorExt buildCertificateValidator(
- String trustAnchorsDir) {
+ public static X509CertChainValidatorExt buildCertificateValidator(String trustAnchorsDir) {
- return buildCertificateValidator(trustAnchorsDir, null, null, 0L,
- DEFAULT_NS_CHECKS, DEFAULT_CRL_CHECKS, DEFAULT_OCSP_CHECKS);
+ return buildCertificateValidator(
+ trustAnchorsDir,
+ null,
+ null,
+ 0L,
+ DEFAULT_NS_CHECKS,
+ DEFAULT_CRL_CHECKS,
+ DEFAULT_OCSP_CHECKS);
}
/**
* Builds an Openssl-style certificate validator.
- *
- * @return an Openssl-style certificate validator configured as specified in
- * the parameters
- *
+ *
+ * @return an Openssl-style certificate validator configured as specified in the parameters
* @deprecated Create a {@link CertificateValidatorBuilder} object instead.
*/
@Deprecated
public static X509CertChainValidatorExt buildCertificateValidator() {
return buildCertificateValidator(
- DefaultVOMSValidator.DEFAULT_TRUST_ANCHORS_DIR, null, null, 0L,
- DEFAULT_NS_CHECKS, DEFAULT_CRL_CHECKS, DEFAULT_OCSP_CHECKS);
+ DefaultVOMSValidator.DEFAULT_TRUST_ANCHORS_DIR,
+ null,
+ null,
+ 0L,
+ DEFAULT_NS_CHECKS,
+ DEFAULT_CRL_CHECKS,
+ DEFAULT_OCSP_CHECKS);
}
}
diff --git a/src/main/java/org/italiangrid/voms/util/CredentialsUtils.java b/src/main/java/org/italiangrid/voms/util/CredentialsUtils.java
index c057e88..5c1803a 100644
--- a/src/main/java/org/italiangrid/voms/util/CredentialsUtils.java
+++ b/src/main/java/org/italiangrid/voms/util/CredentialsUtils.java
@@ -7,6 +7,10 @@
import static java.nio.file.StandardOpenOption.CREATE_NEW;
import static java.nio.file.StandardOpenOption.WRITE;
+import eu.emi.security.authn.x509.X509Credential;
+import eu.emi.security.authn.x509.helpers.CertificateHelpers;
+import eu.emi.security.authn.x509.impl.CertificateUtils;
+import eu.emi.security.authn.x509.impl.CertificateUtils.Encoding;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
@@ -28,130 +32,99 @@
import java.util.HashSet;
import java.util.Set;
-import eu.emi.security.authn.x509.X509Credential;
-import eu.emi.security.authn.x509.helpers.CertificateHelpers;
-import eu.emi.security.authn.x509.impl.CertificateUtils;
-import eu.emi.security.authn.x509.impl.CertificateUtils.Encoding;
-
/**
* An utility class for handling credentials
- *
+ *
* @author Daniele Andreotti
* @author Andrea Ceccanti
- *
*/
public class CredentialsUtils {
- /**
- *
- * The encoding used to serialize proxy credentials private key.
- *
- */
+ /** The encoding used to serialize proxy credentials private key. */
public enum PrivateKeyEncoding {
- PKCS_1, PKCS_8
+ PKCS_1,
+ PKCS_8
}
- /**
- * The default encoding used when no encoding is specified by callers.
- */
+ /** The default encoding used when no encoding is specified by callers. */
public static final PrivateKeyEncoding DEFAULT_ENCONDING = PrivateKeyEncoding.PKCS_1;
/**
* Serializes a private key to an output stream according to an encoding.
- *
- * @param os
- * the target output stream
- * @param key
- * the key to be serialized
- * @param encoding
- * the encoding
- *
- * @throws IllegalArgumentException
- * for unsupported private key encodings
- * @throws IOException
- * if write fails for any reason on the output stream
+ *
+ * @param os the target output stream
+ * @param key the key to be serialized
+ * @param encoding the encoding
+ * @throws IllegalArgumentException for unsupported private key encodings
+ * @throws IOException if write fails for any reason on the output stream
*/
- public static void savePrivateKey(OutputStream os, PrivateKey key,
- PrivateKeyEncoding encoding) throws IOException {
+ public static void savePrivateKey(OutputStream os, PrivateKey key, PrivateKeyEncoding encoding)
+ throws IOException {
switch (encoding) {
- case PKCS_1:
- savePrivateKeyPKCS1(os, key);
- break;
- case PKCS_8:
- savePrivateKeyPKCS8(os, key);
- break;
- default:
- throw new IllegalArgumentException("Unsupported private key encoding: "
- + encoding.name());
+ case PKCS_1:
+ savePrivateKeyPKCS1(os, key);
+ break;
+ case PKCS_8:
+ savePrivateKeyPKCS8(os, key);
+ break;
+ default:
+ throw new IllegalArgumentException("Unsupported private key encoding: " + encoding.name());
}
}
/**
* Serializes a private key to an output stream following the pkcs8 encoding.
- *
- * This method just delegates to canl, but provides a much more understandable
- * signature.
- *
+ *
+ * This method just delegates to canl, but provides a much more understandable signature.
+ *
* @param os
* @param key
* @throws IllegalArgumentException
* @throws IOException
*/
private static void savePrivateKeyPKCS8(OutputStream os, PrivateKey key)
- throws IllegalArgumentException, IOException {
+ throws IllegalArgumentException, IOException {
CertificateUtils.savePrivateKey(os, key, Encoding.PEM, null, null);
-
}
/**
* Serializes a private key to an output stream following the pkcs1 encoding.
- *
- * This method just delegates to canl, but provides a much more understandable
- * signature.
- *
+ *
+ * This method just delegates to canl, but provides a much more understandable signature.
+ *
* @param os
* @param key
* @throws IllegalArgumentException
* @throws IOException
*/
private static void savePrivateKeyPKCS1(OutputStream os, PrivateKey key)
- throws IllegalArgumentException, IOException {
-
- CertificateUtils.savePrivateKey(os, key, Encoding.PEM, null, new char[0],
- true);
+ throws IllegalArgumentException, IOException {
+ CertificateUtils.savePrivateKey(os, key, Encoding.PEM, null, new char[0], true);
}
/**
* Saves user credentials as a plain text PEM data.
- * This class is intended to provide simple permission validation and modification for specific
+ * This class is intended to provide simple permission validation and modification for specific
* files, such as private keys and proxy certificates. It relies on executing system commands to
* fetch and update file permissions.
- *
- * Note: This implementation is a workaround until proper support for POSIX file permissions is
+ * Note: This implementation is a workaround until proper support for POSIX file permissions is
* available in Java.
- * So the permissionString must be something like:
*
*
- * This class provides methods to generate a cryptographic fingerprint (hash) of an X.509
- * certificate using a specified digest algorithm.
- *
- * The default digest algorithm used is SHA-1.
- * This class provides methods to generate a cryptographic fingerprint (hash) of an X.509
+ * certificate using a specified digest algorithm.
*
+ * The default digest algorithm used is SHA-1.
*/
public class FingerprintHelper {
@@ -34,8 +30,9 @@ public class FingerprintHelper {
*/
private static String hexify(byte[] bytes) {
- char[] hexDigits =
- {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
+ char[] hexDigits = {
+ '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'
+ };
StringBuffer buf = new StringBuffer(bytes.length * 2);
@@ -66,5 +63,4 @@ public static String getFingerprint(X509Certificate cert)
return hexify(digest);
}
-
}
diff --git a/src/main/java/org/italiangrid/voms/util/GaParser.java b/src/main/java/org/italiangrid/voms/util/GaParser.java
index 577a143..c1cddf7 100644
--- a/src/main/java/org/italiangrid/voms/util/GaParser.java
+++ b/src/main/java/org/italiangrid/voms/util/GaParser.java
@@ -11,38 +11,37 @@
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
-
import org.italiangrid.voms.VOMSGenericAttribute;
import org.italiangrid.voms.ac.impl.VOMSGenericAttributeImpl;
-
-
public class GaParser {
-
+
private static final String GA_TOKEN_REGEXP = "\\s*([a-zA-Z][a-zA-Z0-9_-]*)\\s*=\\s*(\\S+)\\s*";
private static final Pattern GA_TOKEN_PATTERN = Pattern.compile(GA_TOKEN_REGEXP);
-
+
private GaParser() {
+
// empty constructor
}
-
+
public static Listtrue in case of validation success,
- * false otherwise
+ *
+ * @param attributes the attributes this validation result refer to
+ * @param valid true in case of validation success, false otherwise
*/
public VOMSValidationResult(VOMSAttribute attributes, boolean valid) {
@@ -44,17 +39,13 @@ public VOMSValidationResult(VOMSAttribute attributes, boolean valid) {
/**
* This constructor is used to pass in a list of validation errors as well.
- *
- * @param attributes
- * the {@link VOMSAttribute} that will be validated
- * @param valid
- * true in case of validation success,
- * false otherwise
- * @param validationErrors
- * a list of validation errors
+ *
+ * @param attributes the {@link VOMSAttribute} that will be validated
+ * @param valid true in case of validation success, false otherwise
+ * @param validationErrors a list of validation errors
*/
- public VOMSValidationResult(VOMSAttribute attributes, boolean valid,
- Listtrue in case of validation success,
- * false otherwise
+ *
+ * @return valid true in case of validation success, false otherwise
*/
public boolean isValid() {
@@ -73,9 +63,9 @@ public boolean isValid() {
}
/**
- * The attributes are to be considered valid only if the {@link #isValid()}
- * method for this {@link VOMSValidationResult} is true.
- *
+ * The attributes are to be considered valid only if the {@link #isValid()} method for this {@link
+ * VOMSValidationResult} is true.
+ *
* @return the attributes this validation result refer to
*/
public VOMSAttribute getAttributes() {
@@ -94,8 +84,12 @@ public List
- * {@code
- * InetAddress.getLocalHost().getCanonicalHostName();
- * }
- *
+ * The default implementation for localhost name resolver. The localhost name is resolved using the
+ * following code:
+ *
+ * {@code
+ * InetAddress.getLocalHost()
+ * .getCanonicalHostName();
+ * }
*/
public class DefaultLocalHostnameResolver implements LocalHostnameResolver {
@@ -23,5 +22,4 @@ public String resolveLocalHostname() throws UnknownHostException {
return InetAddress.getLocalHost().getCanonicalHostName();
}
-
}
diff --git a/src/main/java/org/italiangrid/voms/ac/impl/DefaultVOMSACParser.java b/src/main/java/org/italiangrid/voms/ac/impl/DefaultVOMSACParser.java
index 6dbbe42..cac5344 100644
--- a/src/main/java/org/italiangrid/voms/ac/impl/DefaultVOMSACParser.java
+++ b/src/main/java/org/italiangrid/voms/ac/impl/DefaultVOMSACParser.java
@@ -6,7 +6,6 @@
import java.security.cert.X509Certificate;
import java.util.List;
-
import org.italiangrid.voms.VOMSAttribute;
import org.italiangrid.voms.ac.ACParsingContext;
import org.italiangrid.voms.ac.VOMSACLookupStrategy;
@@ -15,26 +14,25 @@
import org.italiangrid.voms.util.NullListener;
/**
- * Default implementation of the VOMS attribute certificate parsing logic.
- * This class is responsible for extracting and normalizing VOMS attributes
- * from a given X.509 certificate chain.
- *
- * null if no credential
- * was found
+ *
+ * @param passwordFinder the password finder used to potentially decrypt the credential encrypted
+ * private key.
+ * @return an {@link X509Credential}, or null if no credential was found
*/
public X509Credential loadCredentials(PasswordSupplier passwordFinder);
}
diff --git a/src/main/java/org/italiangrid/voms/credential/ProxyNamingPolicy.java b/src/main/java/org/italiangrid/voms/credential/ProxyNamingPolicy.java
index ae84912..79908a3 100644
--- a/src/main/java/org/italiangrid/voms/credential/ProxyNamingPolicy.java
+++ b/src/main/java/org/italiangrid/voms/credential/ProxyNamingPolicy.java
@@ -6,21 +6,17 @@
/**
* A {@link ProxyNamingPolicy} defines the naming policy for a VOMS proxy.
- *
- * @author andreaceccanti
*
+ * @author andreaceccanti
*/
public interface ProxyNamingPolicy {
/**
* Builds the file name of a VOMS proxy
- *
- * @param tmpPath
- * the path of the temporary directory of the system
- * @param userId
- * the effective user id the user for which the proxy is created
+ *
+ * @param tmpPath the path of the temporary directory of the system
+ * @param userId the effective user id the user for which the proxy is created
* @return a {@link String} representing the proxy file name
*/
public String buildProxyFileName(String tmpPath, int userId);
-
}
diff --git a/src/main/java/org/italiangrid/voms/credential/UserCredentials.java b/src/main/java/org/italiangrid/voms/credential/UserCredentials.java
index acda708..06979c9 100644
--- a/src/main/java/org/italiangrid/voms/credential/UserCredentials.java
+++ b/src/main/java/org/italiangrid/voms/credential/UserCredentials.java
@@ -4,21 +4,19 @@
package org.italiangrid.voms.credential;
+import eu.emi.security.authn.x509.X509Credential;
import eu.emi.security.authn.x509.helpers.PasswordSupplier;
import org.italiangrid.voms.credential.impl.DefaultLoadCredentialsStrategy;
-import eu.emi.security.authn.x509.X509Credential;
-
/**
- * This class implements convenience methods to load X509 user credentials in
- * PEM or PKCS12 format.
- *
+ * This class implements convenience methods to load X509 user credentials in PEM or PKCS12 format.
+ *
* @author Andrea Ceccanti
- *
*/
public class UserCredentials {
- private static LoadCredentialsStrategy loadCredentialsStrategy = new DefaultLoadCredentialsStrategy();
+ private static LoadCredentialsStrategy loadCredentialsStrategy =
+ new DefaultLoadCredentialsStrategy();
public static void setLoadCredentialsStrategy(LoadCredentialsStrategy strategy) {
@@ -32,13 +30,14 @@ public static X509Credential loadCredentials() {
public static X509Credential loadCredentials(final char[] keyPassword) {
- PasswordSupplier pf = new PasswordSupplier() {
+ PasswordSupplier pf =
+ new PasswordSupplier() {
- public char[] getPassword() {
+ public char[] getPassword() {
- return keyPassword;
- }
- };
+ return keyPassword;
+ }
+ };
return loadCredentialsStrategy.loadCredentials(pf);
}
diff --git a/src/main/java/org/italiangrid/voms/credential/VOMSEnvironmentVariables.java b/src/main/java/org/italiangrid/voms/credential/VOMSEnvironmentVariables.java
index d198c41..5716a16 100644
--- a/src/main/java/org/italiangrid/voms/credential/VOMSEnvironmentVariables.java
+++ b/src/main/java/org/italiangrid/voms/credential/VOMSEnvironmentVariables.java
@@ -13,5 +13,4 @@ public interface VOMSEnvironmentVariables {
public static final String X509_USER_KEY = "X509_USER_KEY";
public static final String PKCS12_USER_CERT = "PKCS12_USER_CERT";
public static final String VOMS_USER_ID = "VOMS_UID";
-
-}
\ No newline at end of file
+}
diff --git a/src/main/java/org/italiangrid/voms/credential/impl/AbstractLoadCredentialsStrategy.java b/src/main/java/org/italiangrid/voms/credential/impl/AbstractLoadCredentialsStrategy.java
index 74aa221..2fecaf1 100644
--- a/src/main/java/org/italiangrid/voms/credential/impl/AbstractLoadCredentialsStrategy.java
+++ b/src/main/java/org/italiangrid/voms/credential/impl/AbstractLoadCredentialsStrategy.java
@@ -4,58 +4,47 @@
package org.italiangrid.voms.credential.impl;
+import eu.emi.security.authn.x509.X509Credential;
+import eu.emi.security.authn.x509.helpers.PasswordSupplier;
+import eu.emi.security.authn.x509.impl.KeystoreCredential;
+import eu.emi.security.authn.x509.impl.PEMCredential;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
-
-import eu.emi.security.authn.x509.helpers.PasswordSupplier;
import org.italiangrid.voms.credential.LoadCredentialsEventListener;
import org.italiangrid.voms.credential.LoadCredentialsStrategy;
import org.italiangrid.voms.credential.VOMSEnvironmentVariables;
import org.italiangrid.voms.util.FilePermissionHelper;
-import eu.emi.security.authn.x509.X509Credential;
-import eu.emi.security.authn.x509.impl.KeystoreCredential;
-import eu.emi.security.authn.x509.impl.PEMCredential;
-
/**
- * Base class for load credentials strategy providing utility classes for
- * loading credentials from the filesystem and notifying the results of load
- * operations to interested listeners (via {@link LoadCredentialsEventListener}
- * ).
- *
- * @author andreaceccanti
+ * Base class for load credentials strategy providing utility classes for loading credentials from
+ * the filesystem and notifying the results of load operations to interested listeners (via {@link
+ * LoadCredentialsEventListener} ).
*
+ * @author andreaceccanti
*/
-public abstract class AbstractLoadCredentialsStrategy implements
- LoadCredentialsStrategy, VOMSEnvironmentVariables {
+public abstract class AbstractLoadCredentialsStrategy
+ implements LoadCredentialsStrategy, VOMSEnvironmentVariables {
- /**
- * The {@link LoadCredentialsEventListener} that is notified of load
- * credentials outcome.
- */
+ /** The {@link LoadCredentialsEventListener} that is notified of load credentials outcome. */
LoadCredentialsEventListener listener;
/**
* Constructor that let client pass in a {@link LoadCredentialsEventListener}.
- *
- * @param listener
- * the listener that is notified of load credential events from this
- * {@link AbstractLoadCredentialsStrategy}.
+ *
+ * @param listener the listener that is notified of load credential events from this {@link
+ * AbstractLoadCredentialsStrategy}.
*/
- protected AbstractLoadCredentialsStrategy(
- LoadCredentialsEventListener listener) {
+ protected AbstractLoadCredentialsStrategy(LoadCredentialsEventListener listener) {
this.listener = listener;
}
/**
* Convenience method to check if a file exists and is readable
- *
- * @param filename
- * the file to be checked
- * @return true if the file exists and is readable,
- * false otherwise
+ *
+ * @param filename the file to be checked
+ * @return true if the file exists and is readable, false otherwise
*/
protected boolean fileExistsAndIsReadable(String filename) {
@@ -64,21 +53,17 @@ protected boolean fileExistsAndIsReadable(String filename) {
}
/**
- * Loads a PEM X.509 credential and notifies the registered
- * {@link LoadCredentialsEventListener} of the load operation outcome.
- *
- * @param privateKeyPath
- * the path to the private key
- * @param certificatePath
- * the path to the certificate
- * @param pf
- * a {@link PasswordSupplier} used to resolve the private key password
- * when needed
- * @return the loaded {@link X509Credential}, or null if the
- * credential couldn't be loaded
+ * Loads a PEM X.509 credential and notifies the registered {@link LoadCredentialsEventListener}
+ * of the load operation outcome.
+ *
+ * @param privateKeyPath the path to the private key
+ * @param certificatePath the path to the certificate
+ * @param pf a {@link PasswordSupplier} used to resolve the private key password when needed
+ * @return the loaded {@link X509Credential}, or null if the credential couldn't be
+ * loaded
*/
- protected X509Credential loadPEMCredential(String privateKeyPath,
- String certificatePath, PasswordSupplier pf) {
+ protected X509Credential loadPEMCredential(
+ String privateKeyPath, String certificatePath, PasswordSupplier pf) {
PEMCredential cred = null;
@@ -88,8 +73,9 @@ protected X509Credential loadPEMCredential(String privateKeyPath,
FilePermissionHelper.checkPrivateKeyPermissions(privateKeyPath);
- cred = new PEMCredential(new FileInputStream(privateKeyPath),
- new FileInputStream(certificatePath), pf);
+ cred =
+ new PEMCredential(
+ new FileInputStream(privateKeyPath), new FileInputStream(certificatePath), pf);
listener.notifyLoadCredentialSuccess(privateKeyPath, certificatePath);
@@ -99,22 +85,18 @@ protected X509Credential loadPEMCredential(String privateKeyPath,
}
return cred;
-
}
/**
- * Loads a PCKS12 X.509 credential and notifies the registered
- * {@link LoadCredentialsEventListener} of the load operation outcome.
- *
- * @param pkcs12FilePath
- * the path to the pkcs12 credential
- * @param pf
- * a {@link PasswordSupplier} used to resolve the private key password
- * @return the loaded {@link X509Credential}, or null if the
- * credential couldn't be loaded
+ * Loads a PCKS12 X.509 credential and notifies the registered {@link
+ * LoadCredentialsEventListener} of the load operation outcome.
+ *
+ * @param pkcs12FilePath the path to the pkcs12 credential
+ * @param pf a {@link PasswordSupplier} used to resolve the private key password
+ * @return the loaded {@link X509Credential}, or null if the credential couldn't be
+ * loaded
*/
- protected X509Credential loadPKCS12Credential(String pkcs12FilePath,
- PasswordSupplier pf) {
+ protected X509Credential loadPKCS12Credential(String pkcs12FilePath, PasswordSupplier pf) {
KeystoreCredential cred = null;
@@ -127,8 +109,7 @@ protected X509Credential loadPKCS12Credential(String pkcs12FilePath,
FilePermissionHelper.checkPKCS12Permissions(pkcs12FilePath);
- cred = new KeystoreCredential(pkcs12FilePath, keyPassword, keyPassword,
- null, "PKCS12");
+ cred = new KeystoreCredential(pkcs12FilePath, keyPassword, keyPassword, null, "PKCS12");
listener.notifyLoadCredentialSuccess(pkcs12FilePath);
} catch (Throwable t) {
@@ -137,20 +118,19 @@ protected X509Credential loadPKCS12Credential(String pkcs12FilePath,
}
} else
- listener.notifyLoadCredentialFailure(new FileNotFoundException(
- pkcs12FilePath + " (cannot read file)"), pkcs12FilePath);
+ listener.notifyLoadCredentialFailure(
+ new FileNotFoundException(pkcs12FilePath + " (cannot read file)"), pkcs12FilePath);
return cred;
}
/**
- * Loads an X.509 proxy credential and notifies the registered
- * {@link LoadCredentialsEventListener} of the load operation outcome.
- *
- * @param proxyPath
- * the path to the proxy credential
- * @return the loaded {@link X509Credential}, or null if the
- * credential couldn't be loaded
+ * Loads an X.509 proxy credential and notifies the registered {@link
+ * LoadCredentialsEventListener} of the load operation outcome.
+ *
+ * @param proxyPath the path to the proxy credential
+ * @return the loaded {@link X509Credential}, or null if the credential couldn't be
+ * loaded
*/
protected X509Credential loadProxyCredential(String proxyPath) {
diff --git a/src/main/java/org/italiangrid/voms/credential/impl/DefaultLoadCredentialsStrategy.java b/src/main/java/org/italiangrid/voms/credential/impl/DefaultLoadCredentialsStrategy.java
index b67cb35..336262c 100644
--- a/src/main/java/org/italiangrid/voms/credential/impl/DefaultLoadCredentialsStrategy.java
+++ b/src/main/java/org/italiangrid/voms/credential/impl/DefaultLoadCredentialsStrategy.java
@@ -4,41 +4,33 @@
package org.italiangrid.voms.credential.impl;
+import eu.emi.security.authn.x509.X509Credential;
import eu.emi.security.authn.x509.helpers.PasswordSupplier;
import org.italiangrid.voms.VOMSError;
import org.italiangrid.voms.credential.LoadCredentialsEventListener;
import org.italiangrid.voms.credential.ProxyNamingPolicy;
import org.italiangrid.voms.util.NullListener;
-import eu.emi.security.authn.x509.X509Credential;
-
/**
* The default strategy used to load user credentials when no file is explicitly pointed out by the
* user of this API.
- *
- * Credentials are searched in the following places (in sequence):
- *
+ *
+ *
- *
- *
- *
*/
public class DefaultLoadCredentialsStrategy extends AbstractLoadCredentialsStrategy {
@@ -62,16 +54,15 @@ public class DefaultLoadCredentialsStrategy extends AbstractLoadCredentialsStrat
* @param tempDir the temporary directory path
* @param listener event listener for credential loading
*/
- public DefaultLoadCredentialsStrategy(String homeFolder, String tempDir,
- LoadCredentialsEventListener listener) {
+ public DefaultLoadCredentialsStrategy(
+ String homeFolder, String tempDir, LoadCredentialsEventListener listener) {
super(listener);
this.home = homeFolder;
this.tmpDir = tempDir;
- if (home == null)
- throw new VOMSError(HOME_PROPERTY + " not found in system properties!");
+ if (home == null) throw new VOMSError(HOME_PROPERTY + " not found in system properties!");
}
/**
@@ -84,11 +75,12 @@ public DefaultLoadCredentialsStrategy(String homeFolder) {
this(homeFolder, System.getProperty(TMPDIR_PROPERTY), NullListener.INSTANCE);
}
- /**
- * Constructs a strategy using default system properties.
- */
+ /** Constructs a strategy using default system properties. */
public DefaultLoadCredentialsStrategy() {
- this(System.getProperty(HOME_PROPERTY), System.getProperty(TMPDIR_PROPERTY),
+
+ this(
+ System.getProperty(HOME_PROPERTY),
+ System.getProperty(TMPDIR_PROPERTY),
NullListener.INSTANCE);
}
@@ -98,6 +90,7 @@ public DefaultLoadCredentialsStrategy() {
* @param listener the credential loading event listener
*/
public DefaultLoadCredentialsStrategy(LoadCredentialsEventListener listener) {
+
this(System.getProperty(HOME_PROPERTY), System.getProperty(TMPDIR_PROPERTY), listener);
}
@@ -108,9 +101,9 @@ public DefaultLoadCredentialsStrategy(LoadCredentialsEventListener listener) {
* @return the property value, or null if not found
*/
public String getFromEnvOrSystemProperty(String propName) {
+
String val = System.getenv(propName);
- if (val == null)
- val = System.getProperty(propName);
+ if (val == null) val = System.getProperty(propName);
return val;
}
@@ -121,17 +114,15 @@ public String getFromEnvOrSystemProperty(String propName) {
* @return the loaded credentials
*/
public X509Credential loadCredentials(PasswordSupplier pf) {
+
if (pf == null)
throw new IllegalArgumentException("Please provide a non-null password finder!");
try {
X509Credential cred = loadPEMCredentialFromEnv(pf);
- if (cred == null)
- cred = loadPKCS12CredentialFromEnv(pf);
- if (cred == null)
- cred = loadPEMCredentialsFromGlobusDir(pf);
- if (cred == null)
- cred = loadPKCS12CredentialsFromGlobusDir(pf);
+ if (cred == null) cred = loadPKCS12CredentialFromEnv(pf);
+ if (cred == null) cred = loadPEMCredentialsFromGlobusDir(pf);
+ if (cred == null) cred = loadPKCS12CredentialsFromGlobusDir(pf);
return cred;
} catch (Exception e) {
throw new VOMSError("Error loading credential: " + e.getMessage(), e);
@@ -144,6 +135,7 @@ public X509Credential loadCredentials(PasswordSupplier pf) {
* @return the loaded proxy credential or null if not found
*/
protected X509Credential loadProxyFromUID() {
+
String uid = getFromEnvOrSystemProperty(VOMS_USER_ID);
if (uid != null) {
String proxyFile = proxyPathBuilder.buildProxyFileName(tmpDir, Integer.parseInt(uid));
@@ -158,9 +150,9 @@ protected X509Credential loadProxyFromUID() {
* @return the loaded proxy credential or null if not found
*/
protected X509Credential loadProxyFromEnv() {
+
String proxyPath = getFromEnvOrSystemProperty(X509_USER_PROXY);
- if (proxyPath != null)
- return loadProxyCredential(proxyPath);
+ if (proxyPath != null) return loadProxyCredential(proxyPath);
return null;
}
@@ -171,6 +163,7 @@ protected X509Credential loadProxyFromEnv() {
* @return the loaded credential or null if not found
*/
protected X509Credential loadPEMCredentialFromEnv(PasswordSupplier pf) {
+
String certPath = getFromEnvOrSystemProperty(X509_USER_CERT);
String keyPath = getFromEnvOrSystemProperty(X509_USER_KEY);
if (certPath != null && keyPath != null) {
@@ -186,6 +179,7 @@ protected X509Credential loadPEMCredentialFromEnv(PasswordSupplier pf) {
* @return the loaded credential or null if not found
*/
protected X509Credential loadPKCS12CredentialFromEnv(PasswordSupplier pf) {
+
String pkcs12Path = getFromEnvOrSystemProperty(PKCS12_USER_CERT);
if (pkcs12Path != null) {
return loadPKCS12Credential(pkcs12Path, pf);
@@ -200,6 +194,7 @@ protected X509Credential loadPKCS12CredentialFromEnv(PasswordSupplier pf) {
* @return the loaded credential or null if not found
*/
protected X509Credential loadPKCS12CredentialsFromGlobusDir(PasswordSupplier pf) {
+
String credPath = String.format("%s/%s", home, GLOBUS_PKCS12_CRED_PATH_SUFFIX);
return loadPKCS12Credential(credPath, pf);
}
@@ -211,6 +206,7 @@ protected X509Credential loadPKCS12CredentialsFromGlobusDir(PasswordSupplier pf)
* @return the loaded credential or null if not found
*/
protected X509Credential loadPEMCredentialsFromGlobusDir(PasswordSupplier pf) {
+
String certPath = String.format("%s/%s", home, GLOBUS_PEM_CERT_PATH_SUFFIX);
String keyPath = String.format("%s/%s", home, GLOBUS_PEM_KEY_PATH_SUFFIX);
return loadPEMCredential(keyPath, certPath, pf);
diff --git a/src/main/java/org/italiangrid/voms/credential/impl/DefaultProxyPathBuilder.java b/src/main/java/org/italiangrid/voms/credential/impl/DefaultProxyPathBuilder.java
index 9260974..a4dde23 100644
--- a/src/main/java/org/italiangrid/voms/credential/impl/DefaultProxyPathBuilder.java
+++ b/src/main/java/org/italiangrid/voms/credential/impl/DefaultProxyPathBuilder.java
@@ -12,5 +12,4 @@ public String buildProxyFileName(String tmpPath, int userId) {
return String.format("%s/x509up_u%d", tmpPath, userId);
}
-
}
diff --git a/src/main/java/org/italiangrid/voms/credential/impl/package-info.java b/src/main/java/org/italiangrid/voms/credential/impl/package-info.java
index e8a3109..ffb900d 100644
--- a/src/main/java/org/italiangrid/voms/credential/impl/package-info.java
+++ b/src/main/java/org/italiangrid/voms/credential/impl/package-info.java
@@ -4,8 +4,7 @@
/**
* This package provides the implementation of the user credentials loading APIs.
- *
- * @author andreaceccanti
*
+ * @author andreaceccanti
*/
-package org.italiangrid.voms.credential.impl;
\ No newline at end of file
+package org.italiangrid.voms.credential.impl;
diff --git a/src/main/java/org/italiangrid/voms/credential/package-info.java b/src/main/java/org/italiangrid/voms/credential/package-info.java
index 16a97a4..40b8c6b 100644
--- a/src/main/java/org/italiangrid/voms/credential/package-info.java
+++ b/src/main/java/org/italiangrid/voms/credential/package-info.java
@@ -2,8 +2,5 @@
//
// SPDX-License-Identifier: Apache-2.0
-/**
- * This package provides the API for loading user credentials.
- */
+/** This package provides the API for loading user credentials. */
package org.italiangrid.voms.credential;
-
diff --git a/src/main/java/org/italiangrid/voms/error/VOMSValidationErrorCode.java b/src/main/java/org/italiangrid/voms/error/VOMSValidationErrorCode.java
index ea894a8..415d765 100644
--- a/src/main/java/org/italiangrid/voms/error/VOMSValidationErrorCode.java
+++ b/src/main/java/org/italiangrid/voms/error/VOMSValidationErrorCode.java
@@ -6,9 +6,8 @@
/**
* VOMS validation error codes.
- *
- * @author Andrea Ceccanti
*
+ * @author Andrea Ceccanti
*/
public enum VOMSValidationErrorCode {
@@ -16,10 +15,16 @@ public enum VOMSValidationErrorCode {
acNotValidAtCurrentTime,
// LSC signature checks
- lscFileNotFound, emptyAcCertsExtension, lscDescriptionDoesntMatchAcCert, invalidAcCert, acCertFailsSignatureVerification,
+ lscFileNotFound,
+ emptyAcCertsExtension,
+ lscDescriptionDoesntMatchAcCert,
+ invalidAcCert,
+ acCertFailsSignatureVerification,
// Local AA cert signature checks
- aaCertNotFound, invalidAaCert, aaCertFailsSignatureVerification,
+ aaCertNotFound,
+ invalidAaCert,
+ aaCertFailsSignatureVerification,
// Holder checks
acHolderDoesntMatchCertChain,
diff --git a/src/main/java/org/italiangrid/voms/error/VOMSValidationErrorMessage.java b/src/main/java/org/italiangrid/voms/error/VOMSValidationErrorMessage.java
index 154efcf..64ed95d 100644
--- a/src/main/java/org/italiangrid/voms/error/VOMSValidationErrorMessage.java
+++ b/src/main/java/org/italiangrid/voms/error/VOMSValidationErrorMessage.java
@@ -9,29 +9,27 @@
import java.util.ResourceBundle;
/**
- * A VOMS validation error message class (freely inspired by the CANL validation
- * error message class).
- *
- * @author Andrea Ceccanti
+ * A VOMS validation error message class (freely inspired by the CANL validation error message
+ * class).
*
+ * @author Andrea Ceccanti
*/
public class VOMSValidationErrorMessage {
- static final String ERROR_BUNDLE = VOMSValidationErrorMessage.class
- .getPackage().getName() + "." + "validationErrors";
+ static final String ERROR_BUNDLE =
+ VOMSValidationErrorMessage.class.getPackage().getName() + "." + "validationErrors";
private VOMSValidationErrorCode errorCode;
private String message;
private Object[] parameters;
- public static VOMSValidationErrorMessage newErrorMessage(
- VOMSValidationErrorCode errorCode) {
+ public static VOMSValidationErrorMessage newErrorMessage(VOMSValidationErrorCode errorCode) {
return new VOMSValidationErrorMessage(errorCode);
}
public static VOMSValidationErrorMessage newErrorMessage(
- VOMSValidationErrorCode errorCode, Object... params) {
+ VOMSValidationErrorCode errorCode, Object... params) {
return new VOMSValidationErrorMessage(errorCode, params);
}
@@ -39,11 +37,9 @@ public static VOMSValidationErrorMessage newErrorMessage(
private VOMSValidationErrorMessage(VOMSValidationErrorCode errorCode) {
this(errorCode, (Object[]) null);
-
}
- private VOMSValidationErrorMessage(VOMSValidationErrorCode errorCode,
- Object... params) {
+ private VOMSValidationErrorMessage(VOMSValidationErrorCode errorCode, Object... params) {
this.errorCode = errorCode;
this.parameters = params;
@@ -59,7 +55,6 @@ private VOMSValidationErrorMessage(VOMSValidationErrorCode errorCode,
}
message = MessageFormat.format(template, parameters);
-
}
public VOMSValidationErrorCode getErrorCode() {
@@ -96,20 +91,14 @@ public int hashCode() {
@Override
public boolean equals(Object obj) {
- if (this == obj)
- return true;
- if (obj == null)
- return false;
- if (getClass() != obj.getClass())
- return false;
+ if (this == obj) return true;
+ if (obj == null) return false;
+ if (getClass() != obj.getClass()) return false;
VOMSValidationErrorMessage other = (VOMSValidationErrorMessage) obj;
- if (errorCode != other.errorCode)
- return false;
+ if (errorCode != other.errorCode) return false;
if (message == null) {
- if (other.message != null)
- return false;
- } else if (!message.equals(other.message))
- return false;
+ if (other.message != null) return false;
+ } else if (!message.equals(other.message)) return false;
return true;
}
}
diff --git a/src/main/java/org/italiangrid/voms/error/package-info.java b/src/main/java/org/italiangrid/voms/error/package-info.java
index 257cf9a..d4120de 100644
--- a/src/main/java/org/italiangrid/voms/error/package-info.java
+++ b/src/main/java/org/italiangrid/voms/error/package-info.java
@@ -2,8 +2,5 @@
//
// SPDX-License-Identifier: Apache-2.0
-/**
- * This package provides error code and message definitions for the VOMS API.
- */
+/** This package provides error code and message definitions for the VOMS API. */
package org.italiangrid.voms.error;
-
diff --git a/src/main/java/org/italiangrid/voms/examples/ValidationExample.java b/src/main/java/org/italiangrid/voms/examples/ValidationExample.java
index e13c384..44c8a26 100644
--- a/src/main/java/org/italiangrid/voms/examples/ValidationExample.java
+++ b/src/main/java/org/italiangrid/voms/examples/ValidationExample.java
@@ -4,6 +4,7 @@
package org.italiangrid.voms.examples;
+import eu.emi.security.authn.x509.impl.PEMCredential;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
@@ -11,39 +12,30 @@
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.List;
-
import org.italiangrid.voms.VOMSAttribute;
import org.italiangrid.voms.VOMSValidators;
import org.italiangrid.voms.ac.VOMSACValidator;
-import eu.emi.security.authn.x509.impl.PEMCredential;
-
/**
- * A simple example showing how VOMS attributes validation is done with the new
- * API
- *
- * @author Andrea Ceccanti
+ * A simple example showing how VOMS attributes validation is done with the new API
*
+ * @author Andrea Ceccanti
*/
public class ValidationExample {
- public ValidationExample() throws KeyStoreException, CertificateException,
- FileNotFoundException, IOException {
+ public ValidationExample()
+ throws KeyStoreException, CertificateException, FileNotFoundException, IOException {
VOMSACValidator validator = VOMSValidators.newValidator();
- PEMCredential c = new PEMCredential(new FileInputStream("somefile"),
- (char[]) null);
+ PEMCredential c = new PEMCredential(new FileInputStream("somefile"), (char[]) null);
X509Certificate[] chain = c.getCertificateChain();
ListX509_USER_CERT and X509_USER_KEY environment
- * variables are set, their values are used to load the user credentialsX509_USER_CERT and X509_USER_KEY system properties
- * are set, their values are used to load the user credentialsPKCS12_USER_CERT environment variable is set, its value is used to
- * load the user credentials.PKCS12_USER_CERT system property is set, its value is used to load
- * the user credentials..globus directory in the user's home is searched for a PEM
- * certificate (in the usercert.pem and userkey.pem files).usercert.p12 file).X509_USER_CERT and X509_USER_KEY environment
+ * variables are set, their values are used to load the user credentials
+ * X509_USER_CERT and X509_USER_KEY system properties
+ * are set, their values are used to load the user credentials
+ * PKCS12_USER_CERT environment variable is set, its value is used
+ * to load the user credentials.
+ * PKCS12_USER_CERT system property is set, its value is used to
+ * load the user credentials.
+ * .globus directory in the user's home is searched for a PEM
+ * certificate (in the usercert.pem and userkey.pem files).
+ * usercert.p12 file).
* true if this {@link VOMSResponse} has errors,
- * false otherwise
+ * @return true if this {@link VOMSResponse} has errors, false otherwise
*/
public boolean hasErrors();
/**
- * @return true if this {@link VOMSResponse} has warnings,
- * false otherwise
+ * @return true if this {@link VOMSResponse} has warnings, false
+ * otherwise
*/
public boolean hasWarnings();
/**
- *
* Extracts the AC from the VOMS response.
- *
+ *
* @return an array of bytes containing the AC.
*/
public byte[] getAC();
/**
* Extracts the version from the VOMS response.
- *
+ *
* @return an integer containing the AC.
*/
public abstract int getVersion();
/**
- *
* Extracts the error messages from the VOMS response.
- *
+ *
* @return an array of {@link VOMSErrorMessage} objects.
*/
public VOMSErrorMessage[] errorMessages();
/**
* Extracts the warning messags from the VOMS response.
- *
+ *
* @return an array of {@link VOMSWarningMessage} objects.
*/
public VOMSWarningMessage[] warningMessages();
/**
- *
* @return Returns the XML representation of the response as a string.
*/
public String getXMLAsString();
-
-}
\ No newline at end of file
+}
diff --git a/src/main/java/org/italiangrid/voms/request/VOMSResponseParsingStrategy.java b/src/main/java/org/italiangrid/voms/request/VOMSResponseParsingStrategy.java
index e4ccd96..4fd3992 100644
--- a/src/main/java/org/italiangrid/voms/request/VOMSResponseParsingStrategy.java
+++ b/src/main/java/org/italiangrid/voms/request/VOMSResponseParsingStrategy.java
@@ -8,20 +8,16 @@
/**
* The strategy for parsing a response coming from a VOMS service.
- *
- * @author valerioventuri
*
+ * @author valerioventuri
*/
public interface VOMSResponseParsingStrategy {
/**
- * Parse the response coming from a VOMS service and build a
- * {@link VOMSResponse} object.
- *
- * @param inputStream
- * the response from the VOMS service.
+ * Parse the response coming from a VOMS service and build a {@link VOMSResponse} object.
+ *
+ * @param inputStream the response from the VOMS service.
* @return the response object representing the response from the service.
*/
public VOMSResponse parse(InputStream inputStream);
-
}
diff --git a/src/main/java/org/italiangrid/voms/request/VOMSServerInfo.java b/src/main/java/org/italiangrid/voms/request/VOMSServerInfo.java
index d97efd3..6c88c51 100644
--- a/src/main/java/org/italiangrid/voms/request/VOMSServerInfo.java
+++ b/src/main/java/org/italiangrid/voms/request/VOMSServerInfo.java
@@ -7,45 +7,41 @@
import java.net.URI;
/**
- * This interface represents a VOMS server contact information, typically
- * provided in vomses files.
- *
+ * This interface represents a VOMS server contact information, typically provided in vomses files.
+ *
* @see VOMSESLookupStrategy
* @see VOMSESParser
- *
* @author Andrea Ceccanti
- *
*/
public interface VOMSServerInfo {
/**
* Returns the alias for this {@link VOMSServerInfo}.
- *
+ *
* @return the alias
*/
public String getAlias();
/**
* Returns the VO name for this {@link VOMSServerInfo}.
- *
+ *
* @return the vo name
*/
public String getVoName();
/**
* Returns the URL for this {@link VOMSServerInfo}.
- *
+ *
* @return the contact {@link URI}
*/
public URI getURL();
/**
- * Returns the certificate subject as listed in the VOMSES configuration for
- * this {@link VOMSServerInfo}
- *
- * @return a string containing the certificate subject, enconded following the
- * DN openssl slash-separated syntax
+ * Returns the certificate subject as listed in the VOMSES configuration for this {@link
+ * VOMSServerInfo}
+ *
+ * @return a string containing the certificate subject, enconded following the DN openssl
+ * slash-separated syntax
*/
public String getVOMSServerDN();
-
-}
\ No newline at end of file
+}
diff --git a/src/main/java/org/italiangrid/voms/request/VOMSServerInfoStore.java b/src/main/java/org/italiangrid/voms/request/VOMSServerInfoStore.java
index a053815..61401bc 100644
--- a/src/main/java/org/italiangrid/voms/request/VOMSServerInfoStore.java
+++ b/src/main/java/org/italiangrid/voms/request/VOMSServerInfoStore.java
@@ -8,38 +8,32 @@
/**
* A store containing the contact information for locally trusted VOMS servers.
- *
- * @author Andrea Ceccanti
*
+ * @author Andrea Ceccanti
*/
public interface VOMSServerInfoStore {
/**
- * Returns a set of {@link VOMSServerInfo} object matching a vo name or alias
- * passed as argument.
- *
- * @param voName
- * a VO name
- * @return a possibly empty set of {@link VOMSServerInfo} object matching the
- * vo name or alias passed as argument
+ * Returns a set of {@link VOMSServerInfo} object matching a vo name or alias passed as argument.
+ *
+ * @param voName a VO name
+ * @return a possibly empty set of {@link VOMSServerInfo} object matching the vo name or alias
+ * passed as argument
*/
public Setnull {@link AttributeCertificate} object
@@ -99,8 +81,7 @@ protected AttributeCertificate getACFromResponse(VOMSACRequest request, VOMSResp
byte[] acBytes = response.getAC();
- if (acBytes == null)
- return null;
+ if (acBytes == null) return null;
ASN1InputStream asn1InputStream = new ASN1InputStream(acBytes);
@@ -115,15 +96,15 @@ protected AttributeCertificate getACFromResponse(VOMSACRequest request, VOMSResp
} catch (Throwable e) {
- requestListener.notifyVOMSRequestFailure(request, null,
- new VOMSError("Error unmarshalling VOMS AC. Cause: " + e.getMessage(), e));
+ requestListener.notifyVOMSRequestFailure(
+ request, null, new VOMSError("Error unmarshalling VOMS AC. Cause: " + e.getMessage(), e));
return null;
}
}
- private VOMSResponse doRequest(VOMSProtocol protocol, VOMSServerInfo endpoint,
- X509Credential cred, VOMSACRequest req) {
+ private VOMSResponse doRequest(
+ VOMSProtocol protocol, VOMSServerInfo endpoint, X509Credential cred, VOMSACRequest req) {
VOMSResponse response = null;
@@ -136,46 +117,47 @@ private VOMSResponse doRequest(VOMSProtocol protocol, VOMSServerInfo endpoint,
}
return response;
-
}
/**
* Handles errors included in the VOMS response
- *
+ *
* @param request the request
* @param si the VOMS server endpoint information
* @param response the received {@link VOMSResponse}
*/
- protected void handleErrorsInResponse(VOMSACRequest request, VOMSServerInfo si,
- VOMSResponse response) {
+ protected void handleErrorsInResponse(
+ VOMSACRequest request, VOMSServerInfo si, VOMSResponse response) {
if (response.hasErrors())
requestListener.notifyErrorsInVOMSReponse(request, si, response.errorMessages());
-
}
/**
* Handles warnings included in the VOMS response
- *
+ *
* @param request the request
* @param si the VOMS server endpoint information
* @param response the received {@link VOMSResponse}
*/
- protected void handleWarningsInResponse(VOMSACRequest request, VOMSServerInfo si,
- VOMSResponse response) {
+ protected void handleWarningsInResponse(
+ VOMSACRequest request, VOMSServerInfo si, VOMSResponse response) {
if (response.hasWarnings())
requestListener.notifyWarningsInVOMSResponse(request, si, response.warningMessages());
}
- public AttributeCertificate getVOMSAttributeCertificate(X509Credential credential,
- VOMSACRequest request) {
+ public AttributeCertificate getVOMSAttributeCertificate(
+ X509Credential credential, VOMSACRequest request) {
List
- *
- *
- *
+ *
* {
* @code
- * VOMSACService acService =
- * new DefaultVOMSACService.Builder(certChainValidator).requestListener(requestListener)
- * .serverInfoStoreListener(serverInfoStoreListener)
- * .protocolListener(protocolListener)
- * .build();
+ * VOMSACService acService = new DefaultVOMSACService.Builder(
+ * certChainValidator).requestListener(requestListener)
+ * .serverInfoStoreListener(serverInfoStoreListener)
+ * .protocolListener(protocolListener)
+ * .build();
* }
*
- *
- *
*/
public static class Builder {
- /**
- * The listener that will be informed about request events
- */
+ /** The listener that will be informed about request events */
private VOMSRequestListener requestListener = NullListener.INSTANCE;
- /**
- * The listener that will be informed about low-level protocol details
- */
+ /** The listener that will be informed about low-level protocol details */
private VOMSProtocolListener protocolListener = NullListener.INSTANCE;
- /**
- * The listener that will be informed about server info store events
- */
+ /** The listener that will be informed about server info store events */
private VOMSServerInfoStoreListener storeListener = NullListener.INSTANCE;
- /**
- * The validator used for the SSL handshake
- */
+ /** The validator used for the SSL handshake */
private X509CertChainValidatorExt validator;
- /**
- * The store used to keep VOMS server contact information.
- */
+ /** The store used to keep VOMS server contact information. */
private VOMSServerInfoStore serverInfoStore;
- /**
- * The provided strategy to lookup vomses information.
- */
+ /** The provided strategy to lookup vomses information. */
private VOMSESLookupStrategy vomsesLookupStrategy;
/**
@@ -308,41 +272,29 @@ public static class Builder {
*/
private Listtrue to skip the checks, false otherwise
- *
* @return this {@link Builder} instance
*/
public Builder skipHostnameChecks(boolean s) {
@@ -447,7 +398,7 @@ public Builder skipHostnameChecks(boolean s) {
/**
* Sets the vomses lookup strategy for the {@link DefaultVOMSACService} that this builder is
* creating
- *
+ *
* @param strategy the {@link VOMSESLookupStrategy} object
* @return this {@link Builder} instance
*/
@@ -460,7 +411,7 @@ public Builder vomsesLookupStrategy(VOMSESLookupStrategy strategy) {
/**
* Sets a list of locations that will be used to build a {@link VOMSESLookupStrategy} for the
* {@link DefaultVOMSACService} that this builder is creating
- *
+ *
* @param vomsesLocations a list of paths where vomses information will be looked for
* @return this {@link Builder} instance
*/
@@ -472,7 +423,7 @@ public Builder vomsesLocations(Listtrue to enable the legacy protocol, false otherwise
- *
* @return this {@link Builder} instance
*/
public Builder legacyProtocolEnabled(boolean lpe) {
@@ -508,24 +457,20 @@ public Builder legacyProtocolEnabled(boolean lpe) {
return this;
}
- /**
- * Builds the server info store
- */
+ /** Builds the server info store */
protected void buildServerInfoStore() {
- if (serverInfoStore != null)
- return;
+ if (serverInfoStore != null) return;
serverInfoStore =
- new DefaultVOMSServerInfoStore.Builder().lookupStrategy(vomsesLookupStrategy)
- .storeListener(storeListener)
- .vomsesPaths(vomsesLocations)
- .build();
+ new DefaultVOMSServerInfoStore.Builder()
+ .lookupStrategy(vomsesLookupStrategy)
+ .storeListener(storeListener)
+ .vomsesPaths(vomsesLocations)
+ .build();
}
- /**
- * Builds default protocols if needed
- */
+ /** Builds default protocols if needed */
protected void buildProtocols() {
if (httpProtocol == null) {
@@ -535,7 +480,6 @@ protected void buildProtocols() {
p.setSkipHostnameChecks(skipHostnameChecks);
httpProtocol = p;
-
}
if (legacyProtocol == null) {
@@ -546,13 +490,12 @@ protected void buildProtocols() {
p.setSkipHostnameChecks(skipHostnameChecks);
legacyProtocol = p;
-
}
}
/**
* Builds the {@link DefaultVOMSACService}
- *
+ *
* @return a {@link DefaultVOMSACService} configured as required by this builder
*/
public DefaultVOMSACService build() {
diff --git a/src/main/java/org/italiangrid/voms/request/impl/DefaultVOMSESLookupStrategy.java b/src/main/java/org/italiangrid/voms/request/impl/DefaultVOMSESLookupStrategy.java
index b84786b..463e8d7 100644
--- a/src/main/java/org/italiangrid/voms/request/impl/DefaultVOMSESLookupStrategy.java
+++ b/src/main/java/org/italiangrid/voms/request/impl/DefaultVOMSESLookupStrategy.java
@@ -8,16 +8,16 @@
/**
* Default VOMSES information lookup strategy.
- *
- * This implementation looks for vomses information in the following paths:
+ *
+ *
- *
- *
+ *
* @author Andrea Ceccanti
- *
*/
public class DefaultVOMSESLookupStrategy extends BaseVOMSESLookupStrategy {
@@ -25,7 +25,10 @@ public class DefaultVOMSESLookupStrategy extends BaseVOMSESLookupStrategy {
public DefaultVOMSESLookupStrategy() {
- super(Arrays.asList(DEFAULT_VOMSES_DIR, System.getProperty("user.home")
- + "/.glite/vomses", System.getProperty("user.home") + "/.voms/vomses"));
+ super(
+ Arrays.asList(
+ DEFAULT_VOMSES_DIR,
+ System.getProperty("user.home") + "/.glite/vomses",
+ System.getProperty("user.home") + "/.voms/vomses"));
}
}
diff --git a/src/main/java/org/italiangrid/voms/request/impl/DefaultVOMSServerInfo.java b/src/main/java/org/italiangrid/voms/request/impl/DefaultVOMSServerInfo.java
index 55a5ef6..f984ea6 100644
--- a/src/main/java/org/italiangrid/voms/request/impl/DefaultVOMSServerInfo.java
+++ b/src/main/java/org/italiangrid/voms/request/impl/DefaultVOMSServerInfo.java
@@ -5,30 +5,28 @@
package org.italiangrid.voms.request.impl;
import java.net.URI;
-
import org.italiangrid.voms.request.VOMSServerInfo;
/**
- * The default implementation of the {@link VOMSServerInfo} endpoint
- * information.
- *
- * @author andreaceccanti
+ * The default implementation of the {@link VOMSServerInfo} endpoint information.
*
+ * @author andreaceccanti
*/
public class DefaultVOMSServerInfo implements VOMSServerInfo {
- /** The VOMS server alias **/
+ /** The VOMS server alias * */
String alias;
- /** The VO name **/
+
+ /** The VO name * */
String voName;
- /** The VOMS server URI **/
+
+ /** The VOMS server URI * */
URI URL;
- /** The VOMS server certificate subject **/
- String vomsServerDN;
- public DefaultVOMSServerInfo() {
+ /** The VOMS server certificate subject * */
+ String vomsServerDN;
- }
+ public DefaultVOMSServerInfo() {}
public String getAlias() {
@@ -78,48 +76,43 @@ public int hashCode() {
result = prime * result + ((URL == null) ? 0 : URL.hashCode());
result = prime * result + ((alias == null) ? 0 : alias.hashCode());
result = prime * result + ((voName == null) ? 0 : voName.hashCode());
- result = prime * result
- + ((vomsServerDN == null) ? 0 : vomsServerDN.hashCode());
+ result = prime * result + ((vomsServerDN == null) ? 0 : vomsServerDN.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
- if (this == obj)
- return true;
- if (obj == null)
- return false;
- if (getClass() != obj.getClass())
- return false;
+ if (this == obj) return true;
+ if (obj == null) return false;
+ if (getClass() != obj.getClass()) return false;
DefaultVOMSServerInfo other = (DefaultVOMSServerInfo) obj;
if (URL == null) {
- if (other.URL != null)
- return false;
- } else if (!URL.equals(other.URL))
- return false;
+ if (other.URL != null) return false;
+ } else if (!URL.equals(other.URL)) return false;
if (alias == null) {
- if (other.alias != null)
- return false;
- } else if (!alias.equals(other.alias))
- return false;
+ if (other.alias != null) return false;
+ } else if (!alias.equals(other.alias)) return false;
if (voName == null) {
- if (other.voName != null)
- return false;
- } else if (!voName.equals(other.voName))
- return false;
+ if (other.voName != null) return false;
+ } else if (!voName.equals(other.voName)) return false;
if (vomsServerDN == null) {
- if (other.vomsServerDN != null)
- return false;
- } else if (!vomsServerDN.equals(other.vomsServerDN))
- return false;
+ if (other.vomsServerDN != null) return false;
+ } else if (!vomsServerDN.equals(other.vomsServerDN)) return false;
return true;
}
@Override
public String toString() {
- return "VOMSServerInfo [alias=" + alias + ", voName=" + voName + ", URL="
- + URL + ", vomsServerDN=" + vomsServerDN + "]";
+ return "VOMSServerInfo [alias="
+ + alias
+ + ", voName="
+ + voName
+ + ", URL="
+ + URL
+ + ", vomsServerDN="
+ + vomsServerDN
+ + "]";
}
}
diff --git a/src/main/java/org/italiangrid/voms/request/impl/DefaultVOMSServerInfoStore.java b/src/main/java/org/italiangrid/voms/request/impl/DefaultVOMSServerInfoStore.java
index aab9638..b85b30a 100644
--- a/src/main/java/org/italiangrid/voms/request/impl/DefaultVOMSServerInfoStore.java
+++ b/src/main/java/org/italiangrid/voms/request/impl/DefaultVOMSServerInfoStore.java
@@ -11,7 +11,6 @@
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
-
import org.italiangrid.voms.request.VOMSESLookupStrategy;
import org.italiangrid.voms.request.VOMSESParser;
import org.italiangrid.voms.request.VOMSESParserFactory;
@@ -21,21 +20,19 @@
import org.italiangrid.voms.util.NullListener;
/**
- *
- * A {@link DefaultVOMSServerInfoStore} organizes voms servers found in vomses
- * configuration files in map keyed by vo alias. This way is easy to know which
- * servers acts as replicas for the same vos.
- *
+ * A {@link DefaultVOMSServerInfoStore} organizes voms servers found in vomses configuration files
+ * in map keyed by vo alias. This way is easy to know which servers acts as replicas for the same
+ * vos.
+ *
* @author Andrea Ceccanti
- *
- *
*/
public class DefaultVOMSServerInfoStore implements VOMSServerInfoStore {
private VOMSESLookupStrategy lookupStrategy;
private VOMSServerInfoStoreListener listener;
- protected Map
- *
+ *
* {
* @code
* VOMSServerInfoStore serverInfoStore = new DefaultVOMSServerInfoStore.Builder()
- * .storeListener(storeListener).vomsesPaths(vomsesLocations).build();
+ * .storeListener(storeListener)
+ * .vomsesPaths(vomsesLocations)
+ * .build();
* };
*
- *
*/
public static class Builder {
- /**
- * A list of paths where vomses information will be looked for
- */
+ /** A list of paths where vomses information will be looked for */
private List
* "alias" "hostname" "port" "server DN" "vo_name"
*
- *
- * This parser eats up whitespace and characters outside of quotes and tolerates
- * an additional quoted field ("globus_version") that was for some time needed.
- *
- *
+ *
+ * This parser eats up whitespace and characters outside of quotes and tolerates an additional
+ * quoted field ("globus_version") that was for some time needed.
+ *
* @author andreaceccanti
- *
*/
public class VOMSESLineParser {
private interface ParserState {
void parse(char c);
- };
+ }
+ ;
- private final ParserState outsideQuotes = new ParserState() {
+ private final ParserState outsideQuotes =
+ new ParserState() {
- public void parse(char c) {
+ public void parse(char c) {
- if (c == '"')
- VOMSESLineParser.this.tokenStart();
- }
- };
+ if (c == '"') VOMSESLineParser.this.tokenStart();
+ }
+ };
- private final ParserState insideQuotes = new ParserState() {
+ private final ParserState insideQuotes =
+ new ParserState() {
- public void parse(char c) {
+ public void parse(char c) {
- if (c == '"') {
- VOMSESLineParser.this.tokenEnd();
- } else {
- VOMSESLineParser.this.tokenChar(c);
- }
- }
- };
+ if (c == '"') {
+ VOMSESLineParser.this.tokenEnd();
+ } else {
+ VOMSESLineParser.this.tokenChar(c);
+ }
+ }
+ };
- static final String VOMSES_FIELD_NAMES[] = { "vo alias", "voms host",
- "voms port", "voms server DN", "vo name", "globus version" };
+ static final String VOMSES_FIELD_NAMES[] = {
+ "vo alias", "voms host", "voms port", "voms server DN", "vo name", "globus version"
+ };
- static final int VO_ALIAS = 0, VOMS_HOST = 1, VOMS_PORT = 2,
- VOMS_SERVER_DN = 3, VO_NAME = 4, GLOBUS_VERSION = 5;
+ static final int VO_ALIAS = 0,
+ VOMS_HOST = 1,
+ VOMS_PORT = 2,
+ VOMS_SERVER_DN = 3,
+ VO_NAME = 4,
+ GLOBUS_VERSION = 5;
static final int MIN_VOMSES_FIELD_COUNT = 4;
@@ -72,8 +76,7 @@ public void parse(char c) {
private void lineSanityChecks(String line) {
- if (line == null)
- throw new VOMSError("Cannot parse a null VOMSES line");
+ if (line == null) throw new VOMSError("Cannot parse a null VOMSES line");
}
private void init() {
@@ -82,8 +85,7 @@ private void init() {
currentToken = null;
tokenComplete = false;
currentState = outsideQuotes;
- for (int i = 0; i < tokens.length; i++)
- tokens[i] = null;
+ for (int i = 0; i < tokens.length; i++) tokens[i] = null;
}
public VOMSServerInfo parse(String line) {
@@ -92,8 +94,7 @@ public VOMSServerInfo parse(String line) {
lineSanityChecks(line);
- if (line.isEmpty())
- return null;
+ if (line.isEmpty()) return null;
for (int i = 0; i < line.length(); i++) {
char c = line.charAt(i);
@@ -101,23 +102,22 @@ public VOMSServerInfo parse(String line) {
}
if (!tokenComplete) {
- String msg = String.format(
- "Invalid VOMSES line: incomplete '%s' field. [line: %s]",
- VOMSES_FIELD_NAMES[tokenCount], line);
+ String msg =
+ String.format(
+ "Invalid VOMSES line: incomplete '%s' field. [line: %s]",
+ VOMSES_FIELD_NAMES[tokenCount], line);
throw new VOMSError(msg);
}
if (tokenCount < MIN_VOMSES_FIELD_COUNT) {
- String msg = String.format(
- "Invalid VOMSES line: incomplete information. [line: %s]", line);
+ String msg = String.format("Invalid VOMSES line: incomplete information. [line: %s]", line);
throw new VOMSError(msg);
}
DefaultVOMSServerInfo si = new DefaultVOMSServerInfo();
si.setAlias(tokens[VO_ALIAS]);
- String url = String.format("voms://%s:%s", tokens[VOMS_HOST],
- tokens[VOMS_PORT]);
+ String url = String.format("voms://%s:%s", tokens[VOMS_HOST], tokens[VOMS_PORT]);
validateTokens(line);
@@ -129,9 +129,9 @@ public VOMSServerInfo parse(String line) {
return si;
} catch (URISyntaxException e) {
- String msg = String.format(
- "Invalid VOMSES line: cannot build URL for voms " + "service: %s",
- e.getMessage());
+ String msg =
+ String.format(
+ "Invalid VOMSES line: cannot build URL for voms " + "service: %s", e.getMessage());
throw new VOMSError(msg);
}
@@ -144,14 +144,15 @@ private void validateTokens(String line) {
int portNo = Integer.parseInt(tokens[VOMS_PORT]);
if (portNo <= 0 || portNo > 65535) {
- String msg = String.format(
- "Invalid VOMSES line: invalid port number: %d. [line: %s]", portNo,
- line);
+ String msg =
+ String.format("Invalid VOMSES line: invalid port number: %d. [line: %s]", portNo, line);
throw new VOMSError(msg);
}
} catch (NumberFormatException e) {
- String msg = String.format("Invalid VOMSES line: invalid port number. "
- + "[line: %s]. Error: %s", line, e.getMessage());
+ String msg =
+ String.format(
+ "Invalid VOMSES line: invalid port number. " + "[line: %s]. Error: %s",
+ line, e.getMessage());
throw new VOMSError(msg, e);
}
@@ -177,17 +178,15 @@ public void tokenEnd() {
} else {
- String msg = String.format("Invalid VOMSES line: empty '%s' field.",
- VOMSES_FIELD_NAMES[tokenCount]);
+ String msg =
+ String.format("Invalid VOMSES line: empty '%s' field.", VOMSES_FIELD_NAMES[tokenCount]);
throw new VOMSError(msg);
}
-
}
public void tokenChar(char c) {
currentToken.append(c);
}
-
}
diff --git a/src/main/java/org/italiangrid/voms/request/impl/VOMSRequestFactory.java b/src/main/java/org/italiangrid/voms/request/impl/VOMSRequestFactory.java
index 6441f2d..41f55b4 100644
--- a/src/main/java/org/italiangrid/voms/request/impl/VOMSRequestFactory.java
+++ b/src/main/java/org/italiangrid/voms/request/impl/VOMSRequestFactory.java
@@ -5,11 +5,9 @@
package org.italiangrid.voms.request.impl;
import java.util.Iterator;
-
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
-
import org.italiangrid.voms.VOMSError;
import org.italiangrid.voms.request.VOMSACRequest;
import org.italiangrid.voms.request.VOMSServerInfo;
@@ -19,12 +17,9 @@
import org.w3c.dom.Element;
/**
- *
- * This class builds VOMS XML requests starting from {@link VOMSACRequest}
- * objects.
- *
+ * This class builds VOMS XML requests starting from {@link VOMSACRequest} objects.
+ *
* @author Andrea Ceccanti
- *
*/
public class VOMSRequestFactory {
@@ -36,13 +31,11 @@ public class VOMSRequestFactory {
protected DocumentBuilder docBuilder;
- public synchronized static VOMSRequestFactory instance() {
+ public static synchronized VOMSRequestFactory instance() {
- if (instance == null)
- instance = new VOMSRequestFactory();
+ if (instance == null) instance = new VOMSRequestFactory();
return instance;
-
}
private VOMSRequestFactory() {
@@ -57,7 +50,6 @@ private VOMSRequestFactory() {
} catch (ParserConfigurationException e) {
throw new VOMSError(e.getMessage());
}
-
}
public long getLifetime() {
@@ -92,11 +84,9 @@ public void setTargetString(String targetString) {
private void setOptionsForRequest(VOMSRequestFragment fragment) {
- if (orderString != null && orderString != "")
- fragment.buildOrderElement(orderString);
+ if (orderString != null && orderString != "") fragment.buildOrderElement(orderString);
- if (targetString != null && targetString != "")
- fragment.buildTargetsElement(targetString);
+ if (targetString != null && targetString != "") fragment.buildTargetsElement(targetString);
fragment.buildLifetime(lifetime);
}
@@ -142,8 +132,8 @@ public Document buildRequest(VOMSACRequest acRequest, VOMSServerInfo endpoint) {
} else if (VOMSFQANNamingScheme.isQualifiedRole(FQAN)) {
- frag.mappingCommand(VOMSFQANNamingScheme.getGroupName(FQAN),
- VOMSFQANNamingScheme.getRoleName(FQAN));
+ frag.mappingCommand(
+ VOMSFQANNamingScheme.getGroupName(FQAN), VOMSFQANNamingScheme.getRoleName(FQAN));
}
}
@@ -152,14 +142,12 @@ public Document buildRequest(VOMSACRequest acRequest, VOMSServerInfo endpoint) {
request.appendChild(frag.getFragment());
return request;
}
-
}
/**
* Helper class to manage the creation of VOMS XML requests.
- *
+ *
* @author andreaceccanti
- *
*/
class VOMSRequestFragment {
@@ -186,7 +174,6 @@ protected void buildRootElement() {
root = doc.createElement("voms");
fragment.appendChild(root);
-
}
private void appendTextChild(Element e, String text) {
@@ -198,8 +185,7 @@ private String buildCompatibleOrderString(String s) {
String[] FQANs = s.split(",");
- if (FQANs.length == 0)
- return "";
+ if (FQANs.length == 0) return "";
for (int i = 0; i < FQANs.length; i++) {
if (VOMSFQANNamingScheme.isQualifiedRole(FQANs[i]))
@@ -210,8 +196,7 @@ private String buildCompatibleOrderString(String s) {
for (int i = 0; i < FQANs.length; i++) {
fqansString.append(FQANs);
- if (i < FQANs.length - 1)
- fqansString.append(",");
+ if (i < FQANs.length - 1) fqansString.append(",");
}
return fqansString.toString();
@@ -239,7 +224,6 @@ void buildTargetsElement(String targetString) {
targets = doc.createElement("targets");
appendTextChild(targets, targetString);
root.appendChild(targets);
-
}
void buildLifetime(long lifetime) {
@@ -281,13 +265,11 @@ public void groupCommand(String groupName) {
public void roleCommand(String roleName) {
buildCommandElement("R" + roleName);
-
}
public void mappingCommand(String groupName, String roleName) {
buildCommandElement("B" + groupName + ":" + roleName);
-
}
public void allCommand() {
diff --git a/src/main/java/org/italiangrid/voms/request/impl/package-info.java b/src/main/java/org/italiangrid/voms/request/impl/package-info.java
index f32e99c..80e09f8 100644
--- a/src/main/java/org/italiangrid/voms/request/impl/package-info.java
+++ b/src/main/java/org/italiangrid/voms/request/impl/package-info.java
@@ -2,8 +2,5 @@
//
// SPDX-License-Identifier: Apache-2.0
-/**
- * This package provides the implementation logic for VOMS attributes requests.
- */
+/** This package provides the implementation logic for VOMS attributes requests. */
package org.italiangrid.voms.request.impl;
-
diff --git a/src/main/java/org/italiangrid/voms/request/package-info.java b/src/main/java/org/italiangrid/voms/request/package-info.java
index 2398944..1b6010b 100644
--- a/src/main/java/org/italiangrid/voms/request/package-info.java
+++ b/src/main/java/org/italiangrid/voms/request/package-info.java
@@ -2,8 +2,5 @@
//
// SPDX-License-Identifier: Apache-2.0
-/**
- * This package provides the API for requesting VOMS attribtues from a remote VOMS server.
- */
+/** This package provides the API for requesting VOMS attribtues from a remote VOMS server. */
package org.italiangrid.voms.request;
-
diff --git a/src/main/java/org/italiangrid/voms/store/LSCFileParser.java b/src/main/java/org/italiangrid/voms/store/LSCFileParser.java
index 67d0a0a..7764033 100644
--- a/src/main/java/org/italiangrid/voms/store/LSCFileParser.java
+++ b/src/main/java/org/italiangrid/voms/store/LSCFileParser.java
@@ -6,47 +6,35 @@
import java.io.File;
import java.io.InputStream;
-
import org.italiangrid.voms.VOMSError;
import org.italiangrid.voms.store.impl.LSCFile;
/**
* This interface defines a parser for VOMS LSC files.
- *
- * @author Andrea Ceccanti
*
+ * @author Andrea Ceccanti
*/
public interface LSCFileParser {
/**
* Parses an LSC file.
- *
- * @param vo
- * the name of the VO this LSC file is about
- * @param hostname
- * the name of host this LSC file is about
- * @param file
- * the LSC file
+ *
+ * @param vo the name of the VO this LSC file is about
+ * @param hostname the name of host this LSC file is about
+ * @param file the LSC file
* @return an {@link LSCFile} object
- * @throws VOMSError
- * in case of parsing errors
+ * @throws VOMSError in case of parsing errors
*/
public LSCFile parse(String vo, String hostname, File file);
/**
* Parses an LSC file from a generic input stream.
- *
- * @param vo
- * the name of the VO this LSC file is about
- * @param hostname
- * the name of host this LSC file is about
- * @param is
- * an {@link InputStream} that contains the LSC information
- *
+ *
+ * @param vo the name of the VO this LSC file is about
+ * @param hostname the name of host this LSC file is about
+ * @param is an {@link InputStream} that contains the LSC information
* @return an {@link LSCFile} object
- * @throws VOMSError
- * in case of parsing errors
+ * @throws VOMSError in case of parsing errors
*/
public LSCFile parse(String vo, String hostname, InputStream is);
-
}
diff --git a/src/main/java/org/italiangrid/voms/store/LSCInfo.java b/src/main/java/org/italiangrid/voms/store/LSCInfo.java
index ef3bc0f..6d92871 100644
--- a/src/main/java/org/italiangrid/voms/store/LSCInfo.java
+++ b/src/main/java/org/italiangrid/voms/store/LSCInfo.java
@@ -9,66 +9,57 @@
/**
* The VOMS LSC information.
- *
- * @author Andrea Ceccanti
*
+ * @author Andrea Ceccanti
*/
public interface LSCInfo {
/**
* Sets the name of the file from where this LSC info was parsed from.
- *
- * @param filename
- * the name of the file from where this LSC info was parsed from.
+ *
+ * @param filename the name of the file from where this LSC info was parsed from.
*/
public void setFilename(String filename);
/**
* Returns the name of file from where this LSC info was parsed from.
- *
+ *
* @return the name of the file from where this LSC info was parsed from.
*/
public String getFilename();
/**
* Returns the VO name this LSC info applies to.
- *
+ *
* @return the VO name this LSC info applies to
*/
public String getVOName();
/**
* Returns the host name of the VOMS AA this LSC info applies to.
- *
+ *
* @return the host name of the VOMS AA this LSC info applies to
*/
public String getHostname();
/**
- * Returns the certificate chain description of the VOMS AA for the given VO
- * and hostname.
- *
- * The certificate chain description is a list of X.500 distinguished names
- * encoded as strings according to the OpenSSL slash-separated format, as in:
- * /C=IT/O=INFN/CN=INFN CA
- *
- * The first element in the description is the leaf certificate, while the
- * last is the CA certificate.
- *
- * @return the certificate chain description of the VOMS AA for the given VO
- * and hostname.
+ * Returns the certificate chain description of the VOMS AA for the given VO and hostname.
+ *
+ * /C=IT/O=INFN/CN=INFN CA
+ * The first element in the description is the leaf certificate, while the last is the CA
+ * certificate.
+ *
+ * @return the certificate chain description of the VOMS AA for the given VO and hostname.
*/
public Listtrue if the description matches, false
- * otherwise
+ * Checks if the certificate chain description maintained in the LSC information matches the
+ * certificate chain passed as argument.
+ *
+ * @param certChain the certificate chain to be checked
+ * @return true if the description matches, false otherwise
*/
public boolean matches(X509Certificate[] certChain);
-
}
diff --git a/src/main/java/org/italiangrid/voms/store/Updateable.java b/src/main/java/org/italiangrid/voms/store/Updateable.java
index ded8187..c2b3adf 100644
--- a/src/main/java/org/italiangrid/voms/store/Updateable.java
+++ b/src/main/java/org/italiangrid/voms/store/Updateable.java
@@ -5,28 +5,20 @@
package org.italiangrid.voms.store;
/**
- * Represents an object which can be periodically updated according to an update
- * frequency.
- *
- * @author Andrea Ceccanti
+ * Represents an object which can be periodically updated according to an update frequency.
*
+ * @author Andrea Ceccanti
*/
public interface Updateable {
/**
- * @return the frequency (in milliseconds) currently set for this
- * {@link Updateable} object.
+ * @return the frequency (in milliseconds) currently set for this {@link Updateable} object.
*/
public long getUpdateFrequency();
- /**
- * Updates the object.
- */
+ /** Updates the object. */
public void update();
- /**
- * Cancels the future updates of this {@link Updateable} object.
- */
+ /** Cancels the future updates of this {@link Updateable} object. */
public void cancel();
-
}
diff --git a/src/main/java/org/italiangrid/voms/store/UpdatingVOMSTrustStore.java b/src/main/java/org/italiangrid/voms/store/UpdatingVOMSTrustStore.java
index d9f4320..c632928 100644
--- a/src/main/java/org/italiangrid/voms/store/UpdatingVOMSTrustStore.java
+++ b/src/main/java/org/italiangrid/voms/store/UpdatingVOMSTrustStore.java
@@ -6,10 +6,7 @@
/**
* A VOMS trust store that can be periodically refreshed.
- *
- * @author Andrea Ceccanti
*
+ * @author Andrea Ceccanti
*/
-public interface UpdatingVOMSTrustStore extends VOMSTrustStore, Updateable {
-
-}
+public interface UpdatingVOMSTrustStore extends VOMSTrustStore, Updateable {}
diff --git a/src/main/java/org/italiangrid/voms/store/VOMSTrustStore.java b/src/main/java/org/italiangrid/voms/store/VOMSTrustStore.java
index 33e12bf..0a57747 100644
--- a/src/main/java/org/italiangrid/voms/store/VOMSTrustStore.java
+++ b/src/main/java/org/italiangrid/voms/store/VOMSTrustStore.java
@@ -8,81 +8,68 @@
import java.util.List;
import java.util.Map;
import java.util.Set;
-
import javax.security.auth.x500.X500Principal;
/**
- * The VOMS trust store takes care of parsing local trusted information (being
- * certificates or LSC files) for known VOMS servers.
- *
- * @author Andrea Ceccanti
+ * The VOMS trust store takes care of parsing local trusted information (being certificates or LSC
+ * files) for known VOMS servers.
*
+ * @author Andrea Ceccanti
*/
public interface VOMSTrustStore {
/**
- * Returns the locally trusted directories where VOMS trust information (being
- * VOMS server certificates or LSC files) are searched for.
- *
+ * Returns the locally trusted directories where VOMS trust information (being VOMS server
+ * certificates or LSC files) are searched for.
+ *
* @return a {@link List} of local paths
*/
public Listrun method is called.
- * @param name
- * the name of the new thread.
- * @param handler
- * the {@link java.lang.Thread.UncaughtExceptionHandler}
- * used for this thread
+ *
+ * @param target the object whose run method is called.
+ * @param name the name of the new thread.
+ * @param handler the {@link java.lang.Thread.UncaughtExceptionHandler} used for this thread
*/
- public VOMSThread(Runnable target, String name,
- UncaughtExceptionHandler handler) {
+ public VOMSThread(Runnable target, String name, UncaughtExceptionHandler handler) {
super(target, name);
setUncaughtExceptionHandler(handler);
diff --git a/src/main/java/org/italiangrid/voms/store/impl/package-info.java b/src/main/java/org/italiangrid/voms/store/impl/package-info.java
index 10ca200..1081c66 100644
--- a/src/main/java/org/italiangrid/voms/store/impl/package-info.java
+++ b/src/main/java/org/italiangrid/voms/store/impl/package-info.java
@@ -2,8 +2,5 @@
//
// SPDX-License-Identifier: Apache-2.0
-/**
- * This package provides the implementation of VOMS trust store management.
- */
+/** This package provides the implementation of VOMS trust store management. */
package org.italiangrid.voms.store.impl;
-
diff --git a/src/main/java/org/italiangrid/voms/store/package-info.java b/src/main/java/org/italiangrid/voms/store/package-info.java
index 61c1526..4097ff6 100644
--- a/src/main/java/org/italiangrid/voms/store/package-info.java
+++ b/src/main/java/org/italiangrid/voms/store/package-info.java
@@ -2,8 +2,5 @@
//
// SPDX-License-Identifier: Apache-2.0
-/**
- * This package provides the API for managing VOMS trust stores.
- */
+/** This package provides the API for managing VOMS trust stores. */
package org.italiangrid.voms.store;
-
diff --git a/src/main/java/org/italiangrid/voms/util/CachingCertificateValidator.java b/src/main/java/org/italiangrid/voms/util/CachingCertificateValidator.java
index 3f05e4d..1533eaa 100644
--- a/src/main/java/org/italiangrid/voms/util/CachingCertificateValidator.java
+++ b/src/main/java/org/italiangrid/voms/util/CachingCertificateValidator.java
@@ -4,13 +4,6 @@
package org.italiangrid.voms.util;
-import java.security.cert.CertPath;
-import java.security.cert.X509Certificate;
-import java.util.concurrent.ConcurrentHashMap;
-import java.util.concurrent.ConcurrentMap;
-
-import org.italiangrid.voms.VOMSError;
-
import eu.emi.security.authn.x509.ProxySupport;
import eu.emi.security.authn.x509.RevocationParameters;
import eu.emi.security.authn.x509.StoreUpdateListener;
@@ -19,43 +12,36 @@
import eu.emi.security.authn.x509.X509CertChainValidatorExt;
import eu.emi.security.authn.x509.impl.CertificateUtils;
import eu.emi.security.authn.x509.impl.FormatMode;
+import java.security.cert.CertPath;
+import java.security.cert.X509Certificate;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
+import org.italiangrid.voms.VOMSError;
/**
- * A Certificate validator that caches validation results for a configurable
- * period of time. The cache is keyed by the fingerprint of the certificate at
- * the top of the chain (likely the EEC).
- *
+ * A Certificate validator that caches validation results for a configurable period of time. The
+ * cache is keyed by the fingerprint of the certificate at the top of the chain (likely the EEC).
*
* @author andreaceccanti
- *
*/
public class CachingCertificateValidator implements X509CertChainValidatorExt {
- /**
- * Simple concurrent cache for validation results
- */
+ /** Simple concurrent cache for validation results */
protected final ConcurrentMaptrue when expired, false otherwise
*/
- public boolean cachedValidationResultHasExpired(CachedValidationResult cvr,
- long referenceTime) {
+ public boolean cachedValidationResultHasExpired(CachedValidationResult cvr, long referenceTime) {
return (referenceTime - cvr.getTimestamp() > cacheEntryLifetimeMsec);
}
@@ -82,17 +65,14 @@ public boolean cachedValidationResultHasExpired(CachedValidationResult cvr,
/**
* Gets a validation result from the memory cache
*
- * @param certFingerprint
- * the certificate fingerprint for the certificate at the top of the
- * chain
+ * @param certFingerprint the certificate fingerprint for the certificate at the top of the chain
* @return the validation result, if found. null otherwise.
*/
protected ValidationResult getCachedResult(String certFingerprint) {
CachedValidationResult cvr = validationResultsCache.get(certFingerprint);
- if (cvr == null)
- return null;
+ if (cvr == null) return null;
if (!cachedValidationResultHasExpired(cvr, System.currentTimeMillis())) {
return cvr.getResult();
@@ -105,27 +85,24 @@ protected ValidationResult getCachedResult(String certFingerprint) {
/**
* Obvious sanity checks on input certificate chain
*
- * @param certChain
- * the chain to be checked
+ * @param certChain the chain to be checked
*/
private void certChainSanityChecks(X509Certificate[] certChain) {
- if (certChain == null)
- throw new IllegalArgumentException("Cannot validate a null cert chain.");
+ if (certChain == null) throw new IllegalArgumentException("Cannot validate a null cert chain.");
if (certChain.length == 0)
- throw new IllegalArgumentException(
- "Cannot validate a cert chain of length 0.");
+ throw new IllegalArgumentException("Cannot validate a cert chain of length 0.");
}
/**
- * Validates a certificate chain using the wrapped validator, caching the
- * result for future validation calls.
+ * Validates a certificate chain using the wrapped validator, caching the result for future
+ * validation calls.
*
- * @param certChain
- * the certificate chain that will be validated
+ * @param certChain the certificate chain that will be validated
* @return a possibly cached {@link ValidationResult}
- * @see eu.emi.security.authn.x509.X509CertChainValidator#validate(java.security.cert.X509Certificate[])
+ * @see
+ * eu.emi.security.authn.x509.X509CertChainValidator#validate(java.security.cert.X509Certificate[])
*/
public ValidationResult validate(X509Certificate[] certChain) {
@@ -134,30 +111,27 @@ public ValidationResult validate(X509Certificate[] certChain) {
String certFingerprint = null;
try {
- certFingerprint = FingerprintHelper
- .getFingerprint(certChain[certChain.length - 1]);
+ certFingerprint = FingerprintHelper.getFingerprint(certChain[certChain.length - 1]);
} catch (Throwable t) {
- String errorMsg = String.format("Error computing fingerprint for "
- + "certificate: %s. Cause: %s",
- CertificateUtils.format(certChain[0], FormatMode.COMPACT_ONE_LINE),
- t.getMessage());
+ String errorMsg =
+ String.format(
+ "Error computing fingerprint for " + "certificate: %s. Cause: %s",
+ CertificateUtils.format(certChain[0], FormatMode.COMPACT_ONE_LINE), t.getMessage());
throw new VOMSError(errorMsg, t);
-
}
ValidationResult res = getCachedResult(certFingerprint);
if (res == null) {
res = validator.validate(certChain);
- validationResultsCache.putIfAbsent(certFingerprint,
- new CachedValidationResult(certFingerprint, res));
+ validationResultsCache.putIfAbsent(
+ certFingerprint, new CachedValidationResult(certFingerprint, res));
}
return res;
-
}
/**
@@ -178,8 +152,7 @@ public ProxySupport getProxySupport() {
}
/**
- * @param certPath
- * the certificate path that will be validated
+ * @param certPath the certificate path that will be validated
* @return the {@link ValidationResult}
* @see eu.emi.security.authn.x509.X509CertChainValidator#validate(java.security.cert.CertPath)
*/
@@ -207,10 +180,9 @@ public X509Certificate[] getTrustedIssuers() {
}
/**
- * @param listener
- * the {@link ValidationErrorListener} to be added to this validator
- *
- * @see eu.emi.security.authn.x509.X509CertChainValidator#addValidationListener(eu.emi.security.authn.x509.ValidationErrorListener)
+ * @param listener the {@link ValidationErrorListener} to be added to this validator
+ * @see
+ * eu.emi.security.authn.x509.X509CertChainValidator#addValidationListener(eu.emi.security.authn.x509.ValidationErrorListener)
*/
public void addValidationListener(ValidationErrorListener listener) {
@@ -218,10 +190,9 @@ public void addValidationListener(ValidationErrorListener listener) {
}
/**
- * @param listener
- * the {@link ValidationErrorListener} that must be removed from
- * this validator
- * @see eu.emi.security.authn.x509.X509CertChainValidator#removeValidationListener(eu.emi.security.authn.x509.ValidationErrorListener)
+ * @param listener the {@link ValidationErrorListener} that must be removed from this validator
+ * @see
+ * eu.emi.security.authn.x509.X509CertChainValidator#removeValidationListener(eu.emi.security.authn.x509.ValidationErrorListener)
*/
public void removeValidationListener(ValidationErrorListener listener) {
@@ -229,11 +200,9 @@ public void removeValidationListener(ValidationErrorListener listener) {
}
/**
- * @param listener
- * the {@link StoreUpdateListener} that must be added to this
- * validator
- *
- * @see eu.emi.security.authn.x509.X509CertChainValidator#addUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener)
+ * @param listener the {@link StoreUpdateListener} that must be added to this validator
+ * @see
+ * eu.emi.security.authn.x509.X509CertChainValidator#addUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener)
*/
public void addUpdateListener(StoreUpdateListener listener) {
@@ -241,50 +210,43 @@ public void addUpdateListener(StoreUpdateListener listener) {
}
/**
- * @param listener
- * the {@link StoreUpdateListener} that must be removed from this
- * validator
- *
- * @see eu.emi.security.authn.x509.X509CertChainValidator#removeUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener)
+ * @param listener the {@link StoreUpdateListener} that must be removed from this validator
+ * @see
+ * eu.emi.security.authn.x509.X509CertChainValidator#removeUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener)
*/
public void removeUpdateListener(StoreUpdateListener listener) {
validator.removeUpdateListener(listener);
}
-
}
/**
* A validation result cache entry.
*
* @author cecco
- *
*/
class CachedValidationResult {
/**
* Default constructor.
*
- * @param certificateFingerprint
- * the certificate fingerprint for this entry
- * @param res
- * the validation result
+ * @param certificateFingerprint the certificate fingerprint for this entry
+ * @param res the validation result
*/
- public CachedValidationResult(String certificateFingerprint,
- ValidationResult res) {
+ public CachedValidationResult(String certificateFingerprint, ValidationResult res) {
certFingerprint = certificateFingerprint;
result = res;
timestamp = System.currentTimeMillis();
}
- /** The certificate fingerprint for this cache entry **/
+ /** The certificate fingerprint for this cache entry * */
private String certFingerprint;
- /** The validation result for this cache entry **/
+ /** The validation result for this cache entry * */
private ValidationResult result;
- /** The cache entry creation timestamp **/
+ /** The cache entry creation timestamp * */
private long timestamp;
/**
@@ -300,8 +262,7 @@ public ValidationResult getResult() {
/**
* Sets the validation result for this entry
*
- * @param result
- * a {@link ValidationResult}
+ * @param result a {@link ValidationResult}
*/
public void setResult(ValidationResult result) {
@@ -321,8 +282,7 @@ public long getTimestamp() {
/**
* Sets this entry creation timestamp (in milliseconds since the epoch).
*
- * @param timestamp
- * the timestamp
+ * @param timestamp the timestamp
*/
public void setTimestamp(long timestamp) {
@@ -332,10 +292,7 @@ public void setTimestamp(long timestamp) {
/**
* Returns the certificate fingerprint for this entry.
*
- * The certificate fingerprint is the SHA1 hash of the DER encoding of the
- * certificate.
- *
- *
+ *
* Writes the user certificate chain first, then the user key.
- *
- * @param os
- * the output stream
- * @param uc
- * the user credential that must be serialized
- * @param encoding
- * the private key encoding
- *
- *
- * @throws IOException
- * in case of errors writing on the output stream
+ *
+ * @param os the output stream
+ * @param uc the user credential that must be serialized
+ * @param encoding the private key encoding
+ * @throws IOException in case of errors writing on the output stream
*/
- public static void saveProxyCredentials(OutputStream os, X509Credential uc,
- PrivateKeyEncoding encoding) throws IOException {
+ public static void saveProxyCredentials(
+ OutputStream os, X509Credential uc, PrivateKeyEncoding encoding) throws IOException {
- X509Certificate[] chain = CertificateHelpers.sortChain(Arrays.asList(uc
- .getCertificateChain()));
+ X509Certificate[] chain = CertificateHelpers.sortChain(Arrays.asList(uc.getCertificateChain()));
PrivateKey key = uc.getKey();
X509Certificate cert = uc.getCertificate();
CertificateUtils.saveCertificate(os, cert, Encoding.PEM);
- if (key != null)
- savePrivateKey(os, key, encoding);
+ if (key != null) savePrivateKey(os, key, encoding);
X509Certificate c = null;
for (int index = 1; index < chain.length; index++) {
@@ -161,52 +134,39 @@ public static void saveProxyCredentials(OutputStream os, X509Credential uc,
int basicConstraints = c.getBasicConstraints();
// Only save non-CA certs to proxy file
- if (basicConstraints < 0){
+ if (basicConstraints < 0) {
CertificateUtils.saveCertificate(os, c, Encoding.PEM);
}
-
}
os.flush();
}
/**
- *
* Saves user credentials as a plain text PEM data.
- * Writes the user certificate chain first, then the user key, using the
- * default encoding specified in {@link #DEFAULT_ENCONDING}.
+ * Writes the user certificate chain first, then the user key, using the default encoding
+ * specified in {@link #DEFAULT_ENCONDING}.
*
- * @param os
- * the output stream for the saved proxy
- *
- * @param uc
- * the user credential
- *
- * @throws IOException
- * in case of errors writing to the output stream
- *
+ * @param os the output stream for the saved proxy
+ * @param uc the user credential
+ * @throws IOException in case of errors writing to the output stream
*/
- public static void saveProxyCredentials(OutputStream os, X509Credential uc)
- throws IOException {
+ public static void saveProxyCredentials(OutputStream os, X509Credential uc) throws IOException {
saveProxyCredentials(os, uc, DEFAULT_ENCONDING);
}
/**
- * Saves proxy credentials to a file. This method ensures that the stored
- * proxy is saved with the appropriate file permissions.
- *
- * @param proxyFileName
- * the file where the proxy will be saved
- * @param uc
- * the credential to be saved
- * @param encoding
- * the private key encoding
- * @throws IOException
- * in case of errors writing to the proxy file
+ * Saves proxy credentials to a file. This method ensures that the stored proxy is saved with the
+ * appropriate file permissions.
+ *
+ * @param proxyFileName the file where the proxy will be saved
+ * @param uc the credential to be saved
+ * @param encoding the private key encoding
+ * @throws IOException in case of errors writing to the proxy file
*/
- public static void saveProxyCredentials(String proxyFileName, X509Credential uc,
- PrivateKeyEncoding encoding) throws IOException {
+ public static void saveProxyCredentials(
+ String proxyFileName, X509Credential uc, PrivateKeyEncoding encoding) throws IOException {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
saveProxyCredentials(baos, uc, encoding);
@@ -232,21 +192,16 @@ public static void saveProxyCredentials(String proxyFileName, X509Credential uc,
}
/**
- *
- * Saves proxy credentials to a file. This method ensures that the stored
- * proxy is saved with the appropriate file permissions, using the default
- * encoding specified in {@link #DEFAULT_ENCONDING}.
- *
- * @param proxyFileName
- * the file where the proxy will be saved
- * @param uc
- * the credential to be saved
- *
- * @throws IOException
- * in case of errors writing the credential to the proxy file
+ * Saves proxy credentials to a file. This method ensures that the stored proxy is saved with the
+ * appropriate file permissions, using the default encoding specified in {@link
+ * #DEFAULT_ENCONDING}.
+ *
+ * @param proxyFileName the file where the proxy will be saved
+ * @param uc the credential to be saved
+ * @throws IOException in case of errors writing the credential to the proxy file
*/
- public static void saveProxyCredentials(String proxyFileName,
- X509Credential uc) throws IOException {
+ public static void saveProxyCredentials(String proxyFileName, X509Credential uc)
+ throws IOException {
saveProxyCredentials(proxyFileName, uc, DEFAULT_ENCONDING);
}
diff --git a/src/main/java/org/italiangrid/voms/util/FilePermissionHelper.java b/src/main/java/org/italiangrid/voms/util/FilePermissionHelper.java
index 60fce65..78514de 100644
--- a/src/main/java/org/italiangrid/voms/util/FilePermissionHelper.java
+++ b/src/main/java/org/italiangrid/voms/util/FilePermissionHelper.java
@@ -9,41 +9,33 @@
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.EnumSet;
-
import org.italiangrid.voms.VOMSError;
import org.italiangrid.voms.credential.FilePermissionError;
/**
* A helper class for performing basic Unix file permission checks.
*
- *
* -rw-------
@@ -182,7 +166,8 @@ public static void matchesFilePermissions(String filename, PosixFilePermission e
if (!filePerms.startsWith(expectedPerm.statForm())) {
throw new FilePermissionError(
- String.format("Wrong file permissions on file %s. Expected: %s",
+ String.format(
+ "Wrong file permissions on file %s. Expected: %s",
filename, expectedPerm.chmodForm()));
}
}
@@ -280,5 +265,4 @@ public static void setFilePermissions(String filename, PosixFilePermission perm)
throw new VOMSError("Error setting file permissions for " + filename, e);
}
}
-
}
diff --git a/src/main/java/org/italiangrid/voms/util/FingerprintHelper.java b/src/main/java/org/italiangrid/voms/util/FingerprintHelper.java
index ceaac81..5f6627d 100644
--- a/src/main/java/org/italiangrid/voms/util/FingerprintHelper.java
+++ b/src/main/java/org/italiangrid/voms/util/FingerprintHelper.java
@@ -11,15 +11,11 @@
/**
* A utility class for computing fingerprints of X.509 certificates.
- * true, if the time is in the given range, false otherwise
*/
- public static boolean checkTimeInRangeWithSkew(Date timeToCheck, Date startDate, Date endDate,
- int skewInMinutes) {
+ public static boolean checkTimeInRangeWithSkew(
+ Date timeToCheck, Date startDate, Date endDate, int skewInMinutes) {
if (startDate.after(endDate) || startDate.equals(endDate)) {
- String msg = String.format(
- "Illegal time interval: start date must be before end date. [start date: %s, end date: %s]",
- startDate, endDate);
+ String msg =
+ String.format(
+ "Illegal time interval: start date must be before end date. [start date: %s, end date: %s]",
+ startDate, endDate);
throw new IllegalArgumentException(msg);
}
@@ -64,19 +61,18 @@ public static boolean checkTimeInRangeWithSkew(Date timeToCheck, Date startDate,
Date skewedEndDate = cal.getTime();
return skewedEndDate.after(timeToCheck) && skewedStartDate.before(timeToCheck);
-
}
-
/**
* Parses a date from string
- *
+ *
* @param date the date string representation;
* @return the parsed date
* @throws NullPointerException if date is null
* @throws java.time.format.DateTimeParseException if the date is in the wrong format
*/
public static Date parseDate(String date) {
+
if (isNull(date)) {
throw new NullPointerException("Cannot parse a null date");
}
@@ -84,5 +80,4 @@ public static Date parseDate(String date) {
LocalDateTime dateTime = LocalDateTime.parse(date, DATE_FORMATTER);
return Date.from(dateTime.atZone(ZoneOffset.UTC).toInstant());
}
-
}
diff --git a/src/main/java/org/italiangrid/voms/util/VOMSBase64Decoder.java b/src/main/java/org/italiangrid/voms/util/VOMSBase64Decoder.java
index 624593c..3fddd2f 100644
--- a/src/main/java/org/italiangrid/voms/util/VOMSBase64Decoder.java
+++ b/src/main/java/org/italiangrid/voms/util/VOMSBase64Decoder.java
@@ -1,98 +1,89 @@
-// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare
-//
-// SPDX-License-Identifier: Apache-2.0
-
-package org.italiangrid.voms.util;
-
-// Gidon Moont
-// Imperial College London
-// Copyright (C) April 2006
-
-// Voms uses a non-standard Base-64 algorithm. Hmmm...
-
-import org.bouncycastle.util.encoders.Base64;
-
-/**
- *
- * This class implements a decoder for the non-standard Base-64 algorithm used
- * by voms.
- *
- *
- * @author Gidon Moont
- * @author Vincenzo Ciaschini
- *
- */
-public class VOMSBase64Decoder {
-
- // matrix out of src/common/xml.c
- private static int[] decodemapint = new int[] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 52, 53, 54, 55, 56, 57, 58, 59, 60,
- 61, 0, 0, 0, 0, 0, 0, 0, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37,
- 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 62, 0, 63, 0, 0, 0,
- 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20,
- 21, 22, 23, 24, 25, 0, 0, 0, 0, 0 };
-
- private static byte[] decodemapbyte = new byte[128];
- static {
- for (int i = 0; i < 128; i++) {
- decodemapbyte[i] = (byte) decodemapint[i];
- }
- }
-
- public static byte[] decode(String s) {
-
- if (s.indexOf('\n') != -1) {
- return Base64.decode(s.trim().replaceAll("\n", ""));
- } else
- return mydecode(s);
- }
-
- private static byte[] mydecode(String s) {
-
- char[] in = s.toCharArray();
-
- int iLen = in.length;
-
- // cuts off end - do I need this?
- // while (iLen > 0 && in[iLen-1] == '=') iLen--;
-
- int oLen = (iLen * 3) / 4;
- byte[] out = new byte[oLen];
- int ip = 0;
- int op = 0;
- while (ip < iLen) {
- int i0 = in[ip++];
- int i1 = in[ip++];
- int i2 = ip < iLen ? in[ip++] : 'A';
- int i3 = ip < iLen ? in[ip++] : 'A';
-
- if (i0 > 127 || i1 > 127 || i2 > 127 || i3 > 127)
- throw new IllegalArgumentException(
- "Illegal character in Base64 encoded data.");
-
- int b0 = decodemapbyte[i0];
- int b1 = decodemapbyte[i1];
- int b2 = decodemapbyte[i2];
- int b3 = decodemapbyte[i3];
- if (b0 < 0 || b1 < 0 || b2 < 0 || b3 < 0)
- throw new IllegalArgumentException(
- "Illegal character in Base64 encoded data.");
-
- // ????????????
- int o0 = (b0 << 2) | (b1 >>> 4);
- int o1 = ((b1 & 0xf) << 4) | (b2 >>> 2);
- int o2 = ((b2 & 3) << 6) | b3;
-
- out[op++] = (byte) o0;
- if (op < oLen)
- out[op++] = (byte) o1;
- if (op < oLen)
- out[op++] = (byte) o2;
-
- }
-
- return out;
-
- }
-}
+// SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package org.italiangrid.voms.util;
+
+// Gidon Moont
+// Imperial College London
+// Copyright (C) April 2006
+
+// Voms uses a non-standard Base-64 algorithm. Hmmm...
+
+import org.bouncycastle.util.encoders.Base64;
+
+/**
+ * This class implements a decoder for the non-standard Base-64 algorithm used by voms.
+ *
+ * @author Gidon Moont
+ * @author Vincenzo Ciaschini
+ */
+public class VOMSBase64Decoder {
+
+ // matrix out of src/common/xml.c
+ private static int[] decodemapint =
+ new int[] {
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61,
+ 0, 0, 0, 0, 0, 0, 0, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43,
+ 44, 45, 46, 47, 48, 49, 50, 51, 62, 0, 63, 0, 0, 0, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11,
+ 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 0, 0, 0, 0, 0
+ };
+
+ private static byte[] decodemapbyte = new byte[128];
+
+ static {
+ for (int i = 0; i < 128; i++) {
+ decodemapbyte[i] = (byte) decodemapint[i];
+ }
+ }
+
+ public static byte[] decode(String s) {
+
+ if (s.indexOf('\n') != -1) {
+ return Base64.decode(s.trim().replaceAll("\n", ""));
+ } else return mydecode(s);
+ }
+
+ private static byte[] mydecode(String s) {
+
+ char[] in = s.toCharArray();
+
+ int iLen = in.length;
+
+ // cuts off end - do I need this?
+ // while (iLen > 0 && in[iLen-1] == '=') iLen--;
+
+ int oLen = (iLen * 3) / 4;
+ byte[] out = new byte[oLen];
+ int ip = 0;
+ int op = 0;
+ while (ip < iLen) {
+ int i0 = in[ip++];
+ int i1 = in[ip++];
+ int i2 = ip < iLen ? in[ip++] : 'A';
+ int i3 = ip < iLen ? in[ip++] : 'A';
+
+ if (i0 > 127 || i1 > 127 || i2 > 127 || i3 > 127)
+ throw new IllegalArgumentException("Illegal character in Base64 encoded data.");
+
+ int b0 = decodemapbyte[i0];
+ int b1 = decodemapbyte[i1];
+ int b2 = decodemapbyte[i2];
+ int b3 = decodemapbyte[i3];
+ if (b0 < 0 || b1 < 0 || b2 < 0 || b3 < 0)
+ throw new IllegalArgumentException("Illegal character in Base64 encoded data.");
+
+ // ????????????
+ int o0 = (b0 << 2) | (b1 >>> 4);
+ int o1 = ((b1 & 0xf) << 4) | (b2 >>> 2);
+ int o2 = ((b2 & 3) << 6) | b3;
+
+ out[op++] = (byte) o0;
+ if (op < oLen) out[op++] = (byte) o1;
+ if (op < oLen) out[op++] = (byte) o2;
+ }
+
+ return out;
+ }
+}
diff --git a/src/main/java/org/italiangrid/voms/util/VOMSFQANNamingScheme.java b/src/main/java/org/italiangrid/voms/util/VOMSFQANNamingScheme.java
index 11c8a52..ea541c7 100644
--- a/src/main/java/org/italiangrid/voms/util/VOMSFQANNamingScheme.java
+++ b/src/main/java/org/italiangrid/voms/util/VOMSFQANNamingScheme.java
@@ -6,21 +6,19 @@
import java.util.regex.Matcher;
import java.util.regex.Pattern;
-
import org.italiangrid.voms.VOMSError;
/**
- * This class provides utility methods that are used for parsing, matching voms
- * FQANs (Fully Qualified Attribute Names).
- *
+ * This class provides utility methods that are used for parsing, matching voms FQANs (Fully
+ * Qualified Attribute Names).
+ *
* @author Karoly Lorentey
* @author Andrea Ceccanti
- *
- *
*/
public class VOMSFQANNamingScheme {
- public static final String fqanSyntax = "^(/[\\w.-]+)+|((/[\\w.-]+)+/)?(Role=[\\w.-]+)|(Capability=[\\w\\s.-]+)$";
+ public static final String fqanSyntax =
+ "^(/[\\w.-]+)+|((/[\\w.-]+)+/)?(Role=[\\w.-]+)|(Capability=[\\w\\s.-]+)$";
public static final String groupSyntax = "^(/[\\w.-]+)+$";
@@ -36,41 +34,29 @@ public class VOMSFQANNamingScheme {
public static final Pattern rolePattern = Pattern.compile(roleSyntax);
- public static final Pattern qualifiedRolePattern = Pattern
- .compile(qualifiedRoleSyntax);
+ public static final Pattern qualifiedRolePattern = Pattern.compile(qualifiedRoleSyntax);
- public static final Pattern capabilityPattern = Pattern
- .compile(capabilitySyntax);
+ public static final Pattern capabilityPattern = Pattern.compile(capabilitySyntax);
/**
- * This methods checks that the string passed as argument complies with the
- * voms FQAN syntax.
- *
- * @param fqan
- * the string that must be checked for compatibility with FQAN
- * syntax.
- * @throws VOMSError
- * If there's an error in the FQAN syntax.
+ * This methods checks that the string passed as argument complies with the voms FQAN syntax.
+ *
+ * @param fqan the string that must be checked for compatibility with FQAN syntax.
+ * @throws VOMSError If there's an error in the FQAN syntax.
*/
public static void checkSyntax(String fqan) {
- if (fqan.length() > 255)
- throw new VOMSError("fqan.length() > 255");
+ if (fqan.length() > 255) throw new VOMSError("fqan.length() > 255");
- if (!fqanPattern.matcher(fqan).matches())
- throw new VOMSError("Syntax error in fqan: " + fqan);
+ if (!fqanPattern.matcher(fqan).matches()) throw new VOMSError("Syntax error in fqan: " + fqan);
}
/**
- *
- * This methods checks that the fqan passed as argument complies with the
- * syntax used by voms to identify groups.
- *
- * @param fqan
- * the string that has to be checked.
- * @throws VOMSError
- * If the string passed as argument doens not comply with the voms
- * sytax.
+ * This methods checks that the fqan passed as argument complies with the syntax used by voms to
+ * identify groups.
+ *
+ * @param fqan the string that has to be checked.
+ * @throws VOMSError If the string passed as argument doens not comply with the voms sytax.
*/
public static void checkGroup(String fqan) {
@@ -81,35 +67,29 @@ public static void checkGroup(String fqan) {
}
/**
- * This methods checks that the string passed as argument complies with the
- * syntax used by voms to identify roles.
- *
- *
- * @param roleName
- * the name of the role
- * @throws VOMSError
- * If the string passed as argument doens not comply with the voms
- * sytax.
+ * This methods checks that the string passed as argument complies with the syntax used by voms to
+ * identify roles.
+ *
+ * @param roleName the name of the role
+ * @throws VOMSError If the string passed as argument doens not comply with the voms sytax.
*/
public static void checkRole(String roleName) {
- if (roleName.length() > 255)
- throw new VOMSError("roleName.length()>255");
+ if (roleName.length() > 255) throw new VOMSError("roleName.length()>255");
if (!rolePattern.matcher(roleName).matches())
throw new VOMSError("Syntax error in role name: " + roleName);
}
/**
- * This methods checks that the FQAN passed as argument identifies a voms
- * group.
- *
- * @param groupName
- * the string to check.
- * @return
- *
+ * This methods checks that the FQAN passed as argument identifies a voms group.
+ *
+ * @param groupName the string to check.
+ * @return
+ *
+ *
*/
public static boolean isGroup(String groupName) {
@@ -119,15 +99,14 @@ public static boolean isGroup(String groupName) {
}
/**
- * This methods checks that the FQAN passed as argument identifies a voms
- * role.
- *
- * @param roleName
- * the string to check.
- * @return
- *
+ * This methods checks that the FQAN passed as argument identifies a voms role.
+ *
+ * @param roleName the string to check.
+ * @return
+ *
+ *
*/
public static boolean isRole(String roleName) {
@@ -136,16 +115,15 @@ public static boolean isRole(String roleName) {
}
/**
- * This methods checks that the FQAN passed as argument identifies a qualified
- * voms role, i.e., a role defined in the context of a voms group.
- *
- * @param fqan
- * the string to check.
- * @return
- *
+ * This methods checks that the FQAN passed as argument identifies a qualified voms role, i.e., a
+ * role defined in the context of a voms group.
+ *
+ * @param fqan the string to check.
+ * @return
+ *
+ *
*/
public static boolean isQualifiedRole(String fqan) {
@@ -154,47 +132,40 @@ public static boolean isQualifiedRole(String fqan) {
}
/**
- * This method extracts the role name information from the FQAN passed as
- * argument.
- *
- * @param containerName
- * the FQAN
- * @return
- *
+ * This method extracts the role name information from the FQAN passed as argument.
+ *
+ * @param containerName the FQAN
+ * @return
+ *
+ *
*/
public static String getRoleName(String containerName) {
if (!isRole(containerName) && !isQualifiedRole(containerName))
- throw new VOMSError("No role specified in \"" + containerName
- + "\" voms syntax.");
+ throw new VOMSError("No role specified in \"" + containerName + "\" voms syntax.");
Matcher m = fqanPattern.matcher(containerName);
if (m.matches()) {
String roleGroup = m.group(4);
- return roleGroup
- .substring(roleGroup.indexOf('=') + 1, roleGroup.length());
-
+ return roleGroup.substring(roleGroup.indexOf('=') + 1, roleGroup.length());
}
return null;
}
/**
- * This method extracts group name information from the FQAN passed as
- * argument.
- *
- * @param containerName
- * the FQAN
- * @return
- *
+ * This method extracts group name information from the FQAN passed as argument.
+ *
+ * @param containerName the FQAN
+ * @return
+ *
+ *
*/
public static String getGroupName(String containerName) {
@@ -203,18 +174,15 @@ public static String getGroupName(String containerName) {
// If it's a container and it's not a role or a qualified role, then
// it's a group!
- if (!isRole(containerName) && !isQualifiedRole(containerName))
- return containerName;
+ if (!isRole(containerName) && !isQualifiedRole(containerName)) return containerName;
Matcher m = fqanPattern.matcher(containerName);
if (m.matches()) {
String groupName = m.group(2);
- if (groupName.endsWith("/"))
- return groupName.substring(0, groupName.length() - 1);
- else
- return groupName;
+ if (groupName.endsWith("/")) return groupName.substring(0, groupName.length() - 1);
+ else return groupName;
}
return null;
@@ -228,6 +196,5 @@ public static String toOldQualifiedRoleSyntax(String qualifiedRole) {
throw new VOMSError("String passed as argument is not a qualified role!");
return getGroupName(qualifiedRole) + ":" + getRoleName(qualifiedRole);
-
}
}
diff --git a/src/main/java/org/italiangrid/voms/util/XMLUtils.java b/src/main/java/org/italiangrid/voms/util/XMLUtils.java
index c08330e..9374f61 100644
--- a/src/main/java/org/italiangrid/voms/util/XMLUtils.java
+++ b/src/main/java/org/italiangrid/voms/util/XMLUtils.java
@@ -5,13 +5,11 @@
package org.italiangrid.voms.util;
import java.io.StringWriter;
-
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
-
import org.italiangrid.voms.VOMSError;
import org.w3c.dom.Document;
@@ -20,8 +18,7 @@ public class XMLUtils {
public static String documentAsString(Document doc) {
try {
- Transformer transformer = TransformerFactory.newInstance()
- .newTransformer();
+ Transformer transformer = TransformerFactory.newInstance().newTransformer();
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
StreamResult result = new StreamResult(new StringWriter());
DOMSource source = new DOMSource(doc);
@@ -31,6 +28,5 @@ public static String documentAsString(Document doc) {
} catch (Throwable e) {
throw new VOMSError(e.getMessage(), e);
}
-
}
}
diff --git a/src/main/java/org/italiangrid/voms/util/package-info.java b/src/main/java/org/italiangrid/voms/util/package-info.java
index 3de2284..3d2be3f 100644
--- a/src/main/java/org/italiangrid/voms/util/package-info.java
+++ b/src/main/java/org/italiangrid/voms/util/package-info.java
@@ -2,8 +2,5 @@
//
// SPDX-License-Identifier: Apache-2.0
-/**
- * This package provides utility classes used in other packages.
- */
+/** This package provides utility classes used in other packages. */
package org.italiangrid.voms.util;
-
diff --git a/src/test/java/org/italiangrid/voms/test/TestDefaultVOMSTrustStore.java b/src/test/java/org/italiangrid/voms/test/TestDefaultVOMSTrustStore.java
index 3483d0d..a5fab1c 100644
--- a/src/test/java/org/italiangrid/voms/test/TestDefaultVOMSTrustStore.java
+++ b/src/test/java/org/italiangrid/voms/test/TestDefaultVOMSTrustStore.java
@@ -2,9 +2,7 @@
//
// SPDX-License-Identifier: Apache-2.0
-/**
- *
- */
+/** */
package org.italiangrid.voms.test;
import static org.junit.Assert.assertEquals;
@@ -12,6 +10,8 @@
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
+import eu.emi.security.authn.x509.impl.CertificateUtils;
+import eu.emi.security.authn.x509.impl.CertificateUtils.Encoding;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
@@ -19,18 +19,13 @@
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
-
import org.italiangrid.voms.VOMSError;
import org.italiangrid.voms.store.impl.DefaultVOMSTrustStore;
import org.italiangrid.voms.util.NullListener;
import org.junit.Test;
-import eu.emi.security.authn.x509.impl.CertificateUtils;
-import eu.emi.security.authn.x509.impl.CertificateUtils.Encoding;
-
/**
* @author Andrea Ceccanti
- *
*/
public class TestDefaultVOMSTrustStore {
@@ -39,7 +34,6 @@ public void testEmptyTrustDirsFailure() {
@SuppressWarnings({"unused", "unchecked"})
DefaultVOMSTrustStore store = new DefaultVOMSTrustStore(Collections.EMPTY_LIST);
-
}
@Test(expected = VOMSError.class)
@@ -63,7 +57,6 @@ public void testDefaultTrustDir() {
assertEquals(1, trustDirs.size());
assertEquals(DefaultVOMSTrustStore.DEFAULT_VOMS_DIR, trustDirs.get(0));
-
}
@Test
@@ -73,7 +66,6 @@ public void testEmptyTrustDir() {
@SuppressWarnings("unused")
DefaultVOMSTrustStore store = new DefaultVOMSTrustStore(trustDirs);
-
}
@Test
@@ -90,8 +82,9 @@ public void testCertificateParsing() throws FileNotFoundException, IOException {
assertEquals(1, store.getLocalAACertificates().size());
- assertTrue(cert.getSubjectX500Principal()
- .equals(store.getLocalAACertificates().get(0).getSubjectX500Principal()));
+ assertTrue(
+ cert.getSubjectX500Principal()
+ .equals(store.getLocalAACertificates().get(0).getSubjectX500Principal()));
}
@Test
@@ -104,7 +97,6 @@ public void testAllLSCInStore() {
assertNotNull(store.getLSC("test.vo", "test-host.cnaf.infn.it"));
assertNotNull(store.getLSC("test.vo", "test-multichain.cnaf.infn.it"));
assertNotNull(store.getLSC("test.vo.1", "wilco.cnaf.infn.it"));
-
}
@Test
@@ -118,10 +110,7 @@ public void testLSCForVoInStore() {
assertNotNull(store.getLSC("test.vo", "test-host.cnaf.infn.it"));
assertNotNull(store.getLSC("test.vo", "test-multichain.cnaf.infn.it"));
assertNull(store.getLSC("test.vo.1", "wilco.cnaf.infn.it"));
-
}
- public void testUpdatingVOMSTrustStore() {
-
- }
+ public void testUpdatingVOMSTrustStore() {}
}
diff --git a/src/test/java/org/italiangrid/voms/test/TestFilePermissionHelper.java b/src/test/java/org/italiangrid/voms/test/TestFilePermissionHelper.java
index 38b25f3..f8288c5 100644
--- a/src/test/java/org/italiangrid/voms/test/TestFilePermissionHelper.java
+++ b/src/test/java/org/italiangrid/voms/test/TestFilePermissionHelper.java
@@ -5,7 +5,6 @@
package org.italiangrid.voms.test;
import java.io.IOException;
-
import org.italiangrid.voms.credential.FilePermissionError;
import org.italiangrid.voms.util.FilePermissionHelper;
import org.italiangrid.voms.util.FilePermissionHelper.PosixFilePermission;
@@ -28,14 +27,10 @@ public static void setupPermissions() {
FilePermissionHelper.setPrivateKeyPermissions(keyWithRightPerms);
FilePermissionHelper.setPKCS12Permissions(p12WithRightPerms);
- FilePermissionHelper.setFilePermissions(keyWithWrongPerms,
- PosixFilePermission.ALL_PERMS);
- FilePermissionHelper.setFilePermissions(p12WithWrongPerms,
- PosixFilePermission.ALL_PERMS);
-
- FilePermissionHelper.setFilePermissions(keyWith600Perms,
- PosixFilePermission.USER_RW);
+ FilePermissionHelper.setFilePermissions(keyWithWrongPerms, PosixFilePermission.ALL_PERMS);
+ FilePermissionHelper.setFilePermissions(p12WithWrongPerms, PosixFilePermission.ALL_PERMS);
+ FilePermissionHelper.setFilePermissions(keyWith600Perms, PosixFilePermission.USER_RW);
}
@Test
@@ -44,7 +39,6 @@ public void testFilePermissions() throws IOException {
FilePermissionHelper.checkPrivateKeyPermissions(keyWithRightPerms);
FilePermissionHelper.checkPrivateKeyPermissions(keyWith600Perms);
FilePermissionHelper.checkPKCS12Permissions(p12WithRightPerms);
-
}
@Test(expected = FilePermissionError.class)
@@ -58,5 +52,4 @@ public void testFilePermissionsFailureP12() throws IOException {
FilePermissionHelper.checkPKCS12Permissions(p12WithWrongPerms);
}
-
}
diff --git a/src/test/java/org/italiangrid/voms/test/TestFingerprint.java b/src/test/java/org/italiangrid/voms/test/TestFingerprint.java
index 9d6c0b1..0143098 100644
--- a/src/test/java/org/italiangrid/voms/test/TestFingerprint.java
+++ b/src/test/java/org/italiangrid/voms/test/TestFingerprint.java
@@ -4,18 +4,16 @@
package org.italiangrid.voms.test;
+import eu.emi.security.authn.x509.impl.PEMCredential;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
-
import org.italiangrid.voms.util.FingerprintHelper;
import org.junit.Test;
-import eu.emi.security.authn.x509.impl.PEMCredential;
-
public class TestFingerprint {
public static final String keyPassword = "pass";
@@ -24,18 +22,19 @@ public class TestFingerprint {
public static final String pemKey = "src/test/resources/certs/test0.key.pem";
@Test
- public void testGetFingerprint() throws KeyStoreException,
- CertificateException, FileNotFoundException, IOException,
- NoSuchAlgorithmException {
+ public void testGetFingerprint()
+ throws KeyStoreException,
+ CertificateException,
+ FileNotFoundException,
+ IOException,
+ NoSuchAlgorithmException {
- PEMCredential cred = new PEMCredential(new FileInputStream(pemKey),
- new FileInputStream(pemCert), keyPassword.toCharArray());
+ PEMCredential cred =
+ new PEMCredential(
+ new FileInputStream(pemKey), new FileInputStream(pemCert), keyPassword.toCharArray());
- String fingerprint = FingerprintHelper
- .getFingerprint(cred.getCertificate());
+ String fingerprint = FingerprintHelper.getFingerprint(cred.getCertificate());
System.out.println(fingerprint);
-
}
-
}
diff --git a/src/test/java/org/italiangrid/voms/test/TestLSCParser.java b/src/test/java/org/italiangrid/voms/test/TestLSCParser.java
index 2aa9d42..6ec52cb 100644
--- a/src/test/java/org/italiangrid/voms/test/TestLSCParser.java
+++ b/src/test/java/org/italiangrid/voms/test/TestLSCParser.java
@@ -11,7 +11,6 @@
import java.io.ByteArrayInputStream;
import java.io.File;
-
import org.italiangrid.voms.VOMSError;
import org.italiangrid.voms.store.impl.DefaultLSCFileParser;
import org.italiangrid.voms.store.impl.LSCFile;
@@ -24,12 +23,14 @@ public void testParse() {
DefaultLSCFileParser parser = new DefaultLSCFileParser();
- String lscContent = "# First line is a comment \n"
- + "--- second line should skipped \n" + "/C=it/O=org/CN=commonName\n"
- + " \t\n" + "/C=it/O=org/CN=CA\n";
+ String lscContent =
+ "# First line is a comment \n"
+ + "--- second line should skipped \n"
+ + "/C=it/O=org/CN=commonName\n"
+ + " \t\n"
+ + "/C=it/O=org/CN=CA\n";
- LSCFile f = parser.parse("vo", "host",
- new ByteArrayInputStream(lscContent.getBytes()));
+ LSCFile f = parser.parse("vo", "host", new ByteArrayInputStream(lscContent.getBytes()));
assertNull(f.getFilename());
@@ -43,36 +44,33 @@ public void testParse() {
assertEquals("/C=it/O=org/CN=commonName", f.getCertificateChainDescription().get(0));
assertEquals("/C=it/O=org/CN=CA", f.getCertificateChainDescription().get(1));
-
}
@Test
public void testOddLSCFileParseError() {
- String singleEntryLSCFile = "# This is a comment \n"
- + "/C=it/O=org/CN=commonName\n";
+ String singleEntryLSCFile = "# This is a comment \n" + "/C=it/O=org/CN=commonName\n";
- String errorMessage = "LSC file parsing error: "
- + "Malformed LSC file (vo=vo, host=host): "
- + "Odd number of distinguished name entries.";
+ String errorMessage =
+ "LSC file parsing error: "
+ + "Malformed LSC file (vo=vo, host=host): "
+ + "Odd number of distinguished name entries.";
DefaultLSCFileParser parser = new DefaultLSCFileParser();
try {
@SuppressWarnings("unused")
- LSCFile f = parser.parse("vo", "host", new ByteArrayInputStream(
- singleEntryLSCFile.getBytes()));
+ LSCFile f =
+ parser.parse("vo", "host", new ByteArrayInputStream(singleEntryLSCFile.getBytes()));
} catch (VOMSError e) {
assertEquals(errorMessage, e.getMessage());
return;
-
}
fail("No error caught for malformed, single line LSC file parsing.");
-
}
@Test
@@ -82,15 +80,15 @@ public void testEmptyLSCFileParseError() {
String emptyLSCContent = "# This is a comment";
- String errorMessage = "LSC file parsing error: "
- + "Malformed LSC file (vo=vo, host=host): "
- + "No distinguished name entries found.";
+ String errorMessage =
+ "LSC file parsing error: "
+ + "Malformed LSC file (vo=vo, host=host): "
+ + "No distinguished name entries found.";
try {
@SuppressWarnings("unused")
- LSCFile f = parser.parse("vo", "host", new ByteArrayInputStream(
- emptyLSCContent.getBytes()));
+ LSCFile f = parser.parse("vo", "host", new ByteArrayInputStream(emptyLSCContent.getBytes()));
} catch (VOMSError e) {
assertEquals(errorMessage, e.getMessage());
@@ -118,16 +116,20 @@ public void testUnsupportedMultichainLSCFileParseSuccess() {
DefaultLSCFileParser parser = new DefaultLSCFileParser();
- String multichainLSCContent = "/C=IT/O=IGI/CN=test-host.cnaf.infn.it\n"
- + "/C=IT/O=IGI/CN=Test CA\n" + "------NEXT CHAIN------\n"
- + "/C=IT/O=IGI/CN=test-host2.cnaf.infn.it\n" + "/C=IT/O=IGI/CN=Test CA";
+ String multichainLSCContent =
+ "/C=IT/O=IGI/CN=test-host.cnaf.infn.it\n"
+ + "/C=IT/O=IGI/CN=Test CA\n"
+ + "------NEXT CHAIN------\n"
+ + "/C=IT/O=IGI/CN=test-host2.cnaf.infn.it\n"
+ + "/C=IT/O=IGI/CN=Test CA";
try {
LSCFile f =
parser.parse("vo", "host", new ByteArrayInputStream(multichainLSCContent.getBytes()));
assertEquals(2, f.getCertificateChainDescription().size());
- assertEquals("/C=IT/O=IGI/CN=test-host.cnaf.infn.it", f.getCertificateChainDescription().get(0));
+ assertEquals(
+ "/C=IT/O=IGI/CN=test-host.cnaf.infn.it", f.getCertificateChainDescription().get(0));
assertEquals("/C=IT/O=IGI/CN=Test CA", f.getCertificateChainDescription().get(1));
} catch (VOMSError e) {
@@ -136,7 +138,6 @@ public void testUnsupportedMultichainLSCFileParseSuccess() {
}
}
-
@Test
public void testNonExistingFileParse() {
@@ -151,14 +152,11 @@ public void testNonExistingFileParse() {
} catch (VOMSError e) {
- assertEquals("LSC file does not exist: " + nonExistentFile,
- e.getMessage());
+ assertEquals("LSC file does not exist: " + nonExistentFile, e.getMessage());
return;
-
}
fail("VOMS error not thrown for non existing LSC file parsing attempt.");
-
}
}
diff --git a/src/test/java/org/italiangrid/voms/test/TestOpensslHashFunction.java b/src/test/java/org/italiangrid/voms/test/TestOpensslHashFunction.java
index 97b9d79..63c52d6 100644
--- a/src/test/java/org/italiangrid/voms/test/TestOpensslHashFunction.java
+++ b/src/test/java/org/italiangrid/voms/test/TestOpensslHashFunction.java
@@ -4,19 +4,17 @@
package org.italiangrid.voms.test;
+import eu.emi.security.authn.x509.ValidationResult;
+import eu.emi.security.authn.x509.impl.PEMCredential;
import java.io.IOException;
import java.security.KeyStoreException;
import java.security.cert.CertificateException;
-
import org.italiangrid.voms.util.CertificateValidatorBuilder;
import org.italiangrid.voms.util.CertificateValidatorBuilder.OpensslHashFunction;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
-import eu.emi.security.authn.x509.ValidationResult;
-import eu.emi.security.authn.x509.impl.PEMCredential;
-
public class TestOpensslHashFunction {
static final String trustAnchorsDir = "src/test/resources/trust-anchors";
@@ -30,8 +28,7 @@ public class TestOpensslHashFunction {
static PEMCredential cred;
@BeforeClass
- public static void init()
- throws KeyStoreException, CertificateException, IOException {
+ public static void init() throws KeyStoreException, CertificateException, IOException {
cred = new PEMCredential(userKey, userCert, keyPassword.toCharArray());
}
@@ -42,22 +39,18 @@ public void testDefaultHashIsMD5() {
CertificateValidatorBuilder builder = new CertificateValidatorBuilder();
builder.trustAnchorsDir(md5TrustAnchorsDir);
- ValidationResult result = builder.build()
- .validate(cred.getCertificateChain());
+ ValidationResult result = builder.build().validate(cred.getCertificateChain());
Assert.assertTrue(result.isValid());
-
}
@Test
public void testSHA1Hash() {
CertificateValidatorBuilder builder = new CertificateValidatorBuilder();
- builder.trustAnchorsDir(sha1TrustAnchorsDir)
- .opensslHashFunction(OpensslHashFunction.SHA1);
+ builder.trustAnchorsDir(sha1TrustAnchorsDir).opensslHashFunction(OpensslHashFunction.SHA1);
- ValidationResult result = builder.build()
- .validate(cred.getCertificateChain());
+ ValidationResult result = builder.build().validate(cred.getCertificateChain());
Assert.assertTrue(result.isValid());
}
@@ -68,47 +61,43 @@ public void testMD5HashFailsOnSHA1Dir() {
CertificateValidatorBuilder builder = new CertificateValidatorBuilder();
builder.trustAnchorsDir(sha1TrustAnchorsDir);
- ValidationResult result = builder.build()
- .validate(cred.getCertificateChain());
+ ValidationResult result = builder.build().validate(cred.getCertificateChain());
Assert.assertFalse(result.isValid());
Assert.assertEquals(2, result.getErrors().size());
Assert.assertEquals(
- "No trusted CA certificate was found for the certificate chain",
- result.getErrors().get(0).getMessage());
+ "No trusted CA certificate was found for the certificate chain",
+ result.getErrors().get(0).getMessage());
Assert.assertEquals(
- "Trusted issuer of this certificate was not established",
- result.getErrors().get(1).getMessage());
-
- Assert.assertEquals(cred.getCertificate().getSubjectX500Principal(),
- result.getErrors().get(1).getChain()[0].getSubjectX500Principal());
+ "Trusted issuer of this certificate was not established",
+ result.getErrors().get(1).getMessage());
+ Assert.assertEquals(
+ cred.getCertificate().getSubjectX500Principal(),
+ result.getErrors().get(1).getChain()[0].getSubjectX500Principal());
}
@Test
public void testSHA1FailsOnMD5Dir() {
CertificateValidatorBuilder builder = new CertificateValidatorBuilder();
- builder.trustAnchorsDir(md5TrustAnchorsDir)
- .opensslHashFunction(OpensslHashFunction.SHA1);
+ builder.trustAnchorsDir(md5TrustAnchorsDir).opensslHashFunction(OpensslHashFunction.SHA1);
- ValidationResult result = builder.build()
- .validate(cred.getCertificateChain());
+ ValidationResult result = builder.build().validate(cred.getCertificateChain());
Assert.assertFalse(result.isValid());
Assert.assertEquals(2, result.getErrors().size());
Assert.assertEquals(
- "No trusted CA certificate was found for the certificate chain",
- result.getErrors().get(0).getMessage());
+ "No trusted CA certificate was found for the certificate chain",
+ result.getErrors().get(0).getMessage());
Assert.assertEquals(
- "Trusted issuer of this certificate was not established",
- result.getErrors().get(1).getMessage());
-
- Assert.assertEquals(cred.getCertificate().getSubjectX500Principal(),
- result.getErrors().get(1).getChain()[0].getSubjectX500Principal());
+ "Trusted issuer of this certificate was not established",
+ result.getErrors().get(1).getMessage());
+ Assert.assertEquals(
+ cred.getCertificate().getSubjectX500Principal(),
+ result.getErrors().get(1).getChain()[0].getSubjectX500Principal());
}
-
}
diff --git a/src/test/java/org/italiangrid/voms/test/TestTimeUtils.java b/src/test/java/org/italiangrid/voms/test/TestTimeUtils.java
index 25e9c44..77a24ce 100644
--- a/src/test/java/org/italiangrid/voms/test/TestTimeUtils.java
+++ b/src/test/java/org/italiangrid/voms/test/TestTimeUtils.java
@@ -6,10 +6,8 @@
import java.util.Calendar;
import java.util.Date;
-
-import org.junit.Assert;
-
import org.italiangrid.voms.util.TimeUtils;
+import org.junit.Assert;
import org.junit.Test;
public class TestTimeUtils {
@@ -23,9 +21,7 @@ public void testSuccessfulCompute() {
Date nowPlus1Minute = cal.getTime();
- Assert.assertTrue(TimeUtils.checkTimeInRangeWithSkew(now, now,
- nowPlus1Minute, 1));
-
+ Assert.assertTrue(TimeUtils.checkTimeInRangeWithSkew(now, now, nowPlus1Minute, 1));
}
@Test(expected = IllegalArgumentException.class)
@@ -62,11 +58,8 @@ public void testLowerBound() {
Date inOneYear = cal.getTime();
- Assert.assertFalse(TimeUtils.checkTimeInRangeWithSkew(now, nowPlus2minute,
- inOneYear, 2));
- Assert.assertTrue(TimeUtils.checkTimeInRangeWithSkew(now, nowPlus2minute,
- inOneYear, 3));
-
+ Assert.assertFalse(TimeUtils.checkTimeInRangeWithSkew(now, nowPlus2minute, inOneYear, 2));
+ Assert.assertTrue(TimeUtils.checkTimeInRangeWithSkew(now, nowPlus2minute, inOneYear, 3));
}
@Test
@@ -79,11 +72,7 @@ public void testUpperBound() {
Date oneYearAgo = cal.getTime();
- Assert.assertFalse(TimeUtils.checkTimeInRangeWithSkew(now, oneYearAgo, now,
- 0));
- Assert.assertTrue(TimeUtils.checkTimeInRangeWithSkew(now, oneYearAgo, now,
- 1));
-
+ Assert.assertFalse(TimeUtils.checkTimeInRangeWithSkew(now, oneYearAgo, now, 0));
+ Assert.assertTrue(TimeUtils.checkTimeInRangeWithSkew(now, oneYearAgo, now, 1));
}
-
}
diff --git a/src/test/java/org/italiangrid/voms/test/TestVOMSESLineParser.java b/src/test/java/org/italiangrid/voms/test/TestVOMSESLineParser.java
index 37cb530..1ac6f90 100644
--- a/src/test/java/org/italiangrid/voms/test/TestVOMSESLineParser.java
+++ b/src/test/java/org/italiangrid/voms/test/TestVOMSESLineParser.java
@@ -11,7 +11,6 @@
import static org.junit.Assert.fail;
import java.net.URISyntaxException;
-
import org.italiangrid.voms.VOMSError;
import org.italiangrid.voms.request.VOMSServerInfo;
import org.italiangrid.voms.request.impl.VOMSESLineParser;
@@ -43,7 +42,6 @@ public void emptyLineReturnsNull() throws URISyntaxException {
VOMSESLineParser p = new VOMSESLineParser();
VOMSServerInfo i = p.parse(line);
assertNull(i);
-
}
@Test
@@ -149,7 +147,8 @@ public void whitespaceHandling() {
@Test
public void tooManyFields() {
- String line = "\t\"a\" \"voms.cern.ch\" \t \"15000\" \"DN=Illo\" \"alice\" \"24\" \"Too much\"";
+ String line =
+ "\t\"a\" \"voms.cern.ch\" \t \"15000\" \"DN=Illo\" \"alice\" \"24\" \"Too much\"";
try {
VOMSESLineParser p = new VOMSESLineParser();
@@ -159,7 +158,6 @@ public void tooManyFields() {
assertNotNull("Got a null error message", e.getMessage());
assertTrue(e.getMessage().contains("Invalid VOMSES line: too many fields!"));
}
-
}
@Test
@@ -175,7 +173,6 @@ public void invalidPort() {
assertNotNull("Got a null error message", e.getMessage());
assertTrue(e.getMessage().contains("Invalid VOMSES line: invalid port number."));
}
-
}
@Test
diff --git a/src/test/java/org/italiangrid/voms/test/TestVOMSESLookupStrategy.java b/src/test/java/org/italiangrid/voms/test/TestVOMSESLookupStrategy.java
index dfba329..62efa6f 100644
--- a/src/test/java/org/italiangrid/voms/test/TestVOMSESLookupStrategy.java
+++ b/src/test/java/org/italiangrid/voms/test/TestVOMSESLookupStrategy.java
@@ -7,11 +7,9 @@
import java.io.File;
import java.util.Arrays;
import java.util.List;
-
-import org.junit.Assert;
-
import org.italiangrid.voms.request.VOMSESLookupStrategy;
import org.italiangrid.voms.request.impl.BaseVOMSESLookupStrategy;
+import org.junit.Assert;
import org.junit.Test;
public class TestVOMSESLookupStrategy {
@@ -19,14 +17,13 @@ public class TestVOMSESLookupStrategy {
@Test
public void testLookupVomsesInfo() {
- VOMSESLookupStrategy strategy = new BaseVOMSESLookupStrategy(Arrays.asList(
- "src/test/resources/vomses", "/non/existent/path"));
+ VOMSESLookupStrategy strategy =
+ new BaseVOMSESLookupStrategy(
+ Arrays.asList("src/test/resources/vomses", "/non/existent/path"));
List