org.glite.security.trustmanager
Class OpensslTrustmanagerFactory

java.lang.Object
  extended by org.glite.security.trustmanager.OpensslTrustmanagerFactory

public class OpensslTrustmanagerFactory
extends java.lang.Object

A factory class for the OpensslTrustmanager. Avoids regenerating a trustmanager for each connection, provided that the consecutive calls use the same configuration and same ID.

Author:
Joni Hahkala

Constructor Summary
OpensslTrustmanagerFactory()
           
 
Method Summary
static OpensslTrustmanager getTrustmanager(java.lang.String id, java.lang.String path, boolean crlRequired)
          If no trustmanager is created already with the same inputs as calling now, a new trustmanager is created.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

OpensslTrustmanagerFactory

public OpensslTrustmanagerFactory()
Method Detail

getTrustmanager

public static OpensslTrustmanager getTrustmanager(java.lang.String id,
                                                  java.lang.String path,
                                                  boolean crlRequired)
                                           throws java.io.IOException,
                                                  java.security.cert.CertificateException,
                                                  java.security.NoSuchProviderException,
                                                  java.text.ParseException
If no trustmanager is created already with the same inputs as calling now, a new trustmanager is created. If there is already one created with same arguments (same id or same null id, same path and same value for crlRequired), the existing one is returned. If the trustmanager was last updated more than 2 hours ago, the checkUpdate() method of it is called.

Parameters:
id - Optional id to allow using several trustmanagers with same configuration. Can be null.
path - The trust anchor directory. Can't be null.
crlRequired - set to true if CRLs are required (recommended). If set to false, failed CRLs are ignored and all certificates from the CA with failed CRL are accepted. If set to true and the CA has a bad CRL, all certificates from that CA are rejected.
Returns:
The already generated Trustmanager.
Throws:
java.io.IOException - If trustanchor file reading fails.
java.security.cert.CertificateException - If CA certificate is malformed.
java.security.NoSuchProviderException - If Bouncycastle provider is not available.
java.text.ParseException - When namespace definition parsing fails.