Reload the different stores every hours

(cherry picked from commit a40bf75) (cherry picked from commit 91217bf) Signed-off-by: Tigran Mkrtchyan <[email protected]>
abinpaul · Feb 4, 2014 · c53116d · c53116d
1 parent 068396b
commit c53116d
Showing 1 changed file with 177 additions and 90 deletions.
diff --git a/ssl-proxies/src/main/java/org/globus/gsi/stores/Stores.java b/ssl-proxies/src/main/java/org/globus/gsi/stores/Stores.java
@@ -17,9 +17,13 @@
 
 import java.io.IOException;
 import java.security.GeneralSecurityException;
+import java.security.InvalidAlgorithmParameterException;
 import java.security.KeyStore;
+import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
 import java.security.cert.CertStore;
+import java.security.cert.CertificateException;
 import java.util.HashMap;
 
 import org.globus.common.CoGProperties;
@@ -28,108 +32,102 @@
 
 /**
  * @author Jerome Revillard
- *
+ * 
  */
 public class Stores {
 	private static String defaultCAFilesPattern = "*.0";
 	private static String defaultCRLFilesPattern = "*.r*";
 	private static String defaultSigningPolicyFilesPattern = "*.signing_policy";
-	
-	private static final HashMap<String, KeyStore> TRUST_STORES = new HashMap<String, KeyStore>();
-	private static final HashMap<String, CertStore> CRL_STORES = new HashMap<String, CertStore>();
-	private static final HashMap<String, CertStore> CA_CERT_STORES = new HashMap<String, CertStore>();
+
+	private static final HashMap<String, ReloadableTrustStore> TRUST_STORES = new HashMap<String, ReloadableTrustStore>();
+	private static final HashMap<String, ReloadableCrlStore> CRL_STORES = new HashMap<String, ReloadableCrlStore>();
+	private static final HashMap<String, ReloadableCaCertStore> CA_CERT_STORES = new HashMap<String, ReloadableCaCertStore>();
 	private static final HashMap<String, ResourceSigningPolicyStore> SIGNING_POLICY_STORES = new HashMap<String, ResourceSigningPolicyStore>();
-
-	
-	public static KeyStore getDefaultTrustStore() throws  GeneralSecurityException, IOException {
+	private final static long CACHE_TIME_MILLIS = 3600 * 1000;
+
+	public static KeyStore getDefaultTrustStore() throws GeneralSecurityException, IOException {
 		String pattern = "file:" + CoGProperties.getDefault().getCaCertLocations() + "/" + defaultCAFilesPattern;
-	    return getTrustStore(pattern);
-    }
-	
-	public static KeyStore getTrustStore(String casLocationPattern) throws  GeneralSecurityException, IOException {
+		return getTrustStore(pattern);
+	}
+
+	public static KeyStore getTrustStore(String casLocationPattern) throws GeneralSecurityException, IOException {
 		synchronized (TRUST_STORES) {
-			KeyStore keyStore = TRUST_STORES.get(casLocationPattern);
-			if(keyStore != null){
-				return keyStore;
+			ReloadableTrustStore reloadableKeystore = TRUST_STORES.get(casLocationPattern);
+			if (reloadableKeystore != null) {
+				return reloadableKeystore.getTrustStore();
 			}
-	        keyStore = KeyStore.getInstance(GlobusProvider.KEYSTORE_TYPE, GlobusProvider.PROVIDER_NAME);
-	        keyStore.load(KeyStoreParametersFactory.createTrustStoreParameters(casLocationPattern));
-
-	        TRUST_STORES.put(casLocationPattern, keyStore);
-	        return keyStore;
-		}
-    }
-
-    public static CertStore getDefaultCACertStore() throws GeneralSecurityException, NoSuchAlgorithmException {
-    	String pattern = "file:" + CoGProperties.getDefault().getCaCertLocations() + "/" + defaultCAFilesPattern;
-    	return getCACertStore(pattern);
-    }
-
-
-	public static CertStore getCACertStore(String casLocationPattern) throws GeneralSecurityException, NoSuchAlgorithmException {
-    	synchronized (CA_CERT_STORES) {
-	    	CertStore caStore = CA_CERT_STORES.get(casLocationPattern);
-			if(caStore != null){
-				return caStore;
+			reloadableKeystore = new ReloadableTrustStore(casLocationPattern);
+			TRUST_STORES.put(casLocationPattern, reloadableKeystore);
+			return reloadableKeystore.getTrustStore();
+		}
+	}
+
+	public static CertStore getDefaultCACertStore() throws GeneralSecurityException, NoSuchAlgorithmException {
+		String pattern = "file:" + CoGProperties.getDefault().getCaCertLocations() + "/" + defaultCAFilesPattern;
+		return getCACertStore(pattern);
+	}
+
+	public static CertStore getCACertStore(String casLocationPattern) throws GeneralSecurityException,
+			NoSuchAlgorithmException {
+		synchronized (CA_CERT_STORES) {
+			ReloadableCaCertStore reloadableCaCertStore = CA_CERT_STORES.get(casLocationPattern);
+			if (reloadableCaCertStore == null) {
+				reloadableCaCertStore = new ReloadableCaCertStore(casLocationPattern);
+				CA_CERT_STORES.put(casLocationPattern, reloadableCaCertStore);
 			}
-			caStore = CertStore.getInstance(GlobusProvider.CERTSTORE_TYPE, new ResourceCertStoreParameters(casLocationPattern, null));
-
-	        CA_CERT_STORES.put(casLocationPattern, caStore);
-
-	        return caStore;
-    	}
-    }
-
-    public static CertStore getDefaultCRLStore() throws GeneralSecurityException, NoSuchAlgorithmException {
-    	String pattern = "file:" + CoGProperties.getDefault().getCaCertLocations() + "/" + defaultCRLFilesPattern;
-    	return getCRLStore(pattern);
-    }
-
-    public static CertStore getCRLStore(String crlsLocationPattern) throws GeneralSecurityException, NoSuchAlgorithmException {
-    	synchronized (CRL_STORES) {
-	    	CertStore crlStore = CRL_STORES.get(crlsLocationPattern);
-			if(crlStore != null){
-				return crlStore;
+			return reloadableCaCertStore.getCaCertStore();
+		}
+	}
+
+	public static CertStore getDefaultCRLStore() throws GeneralSecurityException, NoSuchAlgorithmException {
+		String pattern = "file:" + CoGProperties.getDefault().getCaCertLocations() + "/" + defaultCRLFilesPattern;
+		return getCRLStore(pattern);
+	}
+
+	public static CertStore getCRLStore(String crlsLocationPattern) throws GeneralSecurityException,
+			NoSuchAlgorithmException {
+		synchronized (CRL_STORES) {
+			ReloadableCrlStore reloadableCrlStore = CRL_STORES.get(crlsLocationPattern);
+			if (reloadableCrlStore == null) {
+				reloadableCrlStore = new ReloadableCrlStore(crlsLocationPattern);
+				CRL_STORES.put(crlsLocationPattern, reloadableCrlStore);
 			}
-	        crlStore = CertStore.getInstance(GlobusProvider.CERTSTORE_TYPE, new ResourceCertStoreParameters(null, crlsLocationPattern));
-	        
-	        CRL_STORES.put(crlsLocationPattern, crlStore);
-	        
-	        return crlStore;
-    	}
-    }
-    
-    public static ResourceSigningPolicyStore getDefaultSigningPolicyStore() throws GeneralSecurityException {
-    	String pattern = "file:" + CoGProperties.getDefault().getCaCertLocations() + "/" + defaultSigningPolicyFilesPattern;
-    	return getSigningPolicyStore(pattern);
-    }
-    
-    public static ResourceSigningPolicyStore getSigningPolicyStore(String signingPolicyLocationPattern) throws GeneralSecurityException {
-    	synchronized (SIGNING_POLICY_STORES) {
-    		ResourceSigningPolicyStore signingPolicyStore = SIGNING_POLICY_STORES.get(signingPolicyLocationPattern);
-			if(signingPolicyStore != null){
-				return signingPolicyStore;
+			return reloadableCrlStore.getCrlStore();
+		}
+	}
+
+	public static ResourceSigningPolicyStore getDefaultSigningPolicyStore() throws GeneralSecurityException {
+		String pattern = "file:" + CoGProperties.getDefault().getCaCertLocations() + "/"
+				+ defaultSigningPolicyFilesPattern;
+		return getSigningPolicyStore(pattern);
+	}
+
+	public static ResourceSigningPolicyStore getSigningPolicyStore(String signingPolicyLocationPattern)
+			throws GeneralSecurityException {
+		synchronized (SIGNING_POLICY_STORES) {
+			ResourceSigningPolicyStore signingPolicyStore = SIGNING_POLICY_STORES.get(signingPolicyLocationPattern);
+			if (signingPolicyStore == null) {
+				signingPolicyStore = new ResourceSigningPolicyStore(new ResourceSigningPolicyStoreParameters(
+						signingPolicyLocationPattern));
+				SIGNING_POLICY_STORES.put(signingPolicyLocationPattern, signingPolicyStore);
 			}
-	        signingPolicyStore = new ResourceSigningPolicyStore(new ResourceSigningPolicyStoreParameters(signingPolicyLocationPattern));
-
-	        SIGNING_POLICY_STORES.put(signingPolicyLocationPattern, signingPolicyStore) ;
-
-	        return signingPolicyStore;
-    	}
-    }
-
+			return signingPolicyStore;
+		}
+	}
+
 	public static String getDefaultCAFilesPattern() {
 		return defaultCAFilesPattern;
 	}
 
 	public static void setDefaultCAFilesPattern(String defaultCAFilesPattern) {
 		synchronized (TRUST_STORES) {
 			synchronized (CA_CERT_STORES) {
-                                if (defaultCAFilesPattern == null || Stores.defaultCAFilesPattern.equals(defaultCAFilesPattern)){
-                                    return;
-                                }
+				if (defaultCAFilesPattern == null || Stores.defaultCAFilesPattern.equals(defaultCAFilesPattern)) {
+					return;
+				}
 				Stores.defaultCAFilesPattern = defaultCAFilesPattern;
-				//Clear if we change the default pattern to prevent potential memory issue;
+				// Clear if we change the default pattern to prevent potential
+				// memory issue;
 				TRUST_STORES.clear();
 				CA_CERT_STORES.clear();
 			}
@@ -142,11 +140,12 @@ public static String getDefaultCRLFilesPattern() {
 
 	public static void setDefaultCRLFilesPattern(String defaultCRLFilesPattern) {
 		synchronized (CRL_STORES) {
-                        if(defaultCRLFilesPattern == null || Stores.defaultCRLFilesPattern.equals(defaultCRLFilesPattern)){
-                            return;
-                        }
+			if (defaultCRLFilesPattern == null || Stores.defaultCRLFilesPattern.equals(defaultCRLFilesPattern)) {
+				return;
+			}
 			Stores.defaultCRLFilesPattern = defaultCRLFilesPattern;
-			//Clear if we change the default pattern to prevent potential memory issue;
+			// Clear if we change the default pattern to prevent potential
+			// memory issue;
 			CRL_STORES.clear();
 		}
 	}
@@ -157,13 +156,101 @@ public static String getDefaultSigningPolicyFilesPattern() {
 
 	public static void setDefaultSigningPolicyFilesPattern(String defaultSigningPolicyFilesPattern) {
 		synchronized (SIGNING_POLICY_STORES) {
-                        if(defaultSigningPolicyFilesPattern == null || Stores.defaultSigningPolicyFilesPattern.equals(defaultSigningPolicyFilesPattern)){
-                            return;
-                        }
+			if (defaultSigningPolicyFilesPattern == null
+					|| Stores.defaultSigningPolicyFilesPattern.equals(defaultSigningPolicyFilesPattern)) {
+				return;
+			}
 			Stores.defaultSigningPolicyFilesPattern = defaultSigningPolicyFilesPattern;
-			//Clear if we change the default pattern to prevent potential memory issue;
+			// Clear if we change the default pattern to prevent potential
+			// memory issue;
 			SIGNING_POLICY_STORES.clear();
 		}
 	}
 
+	private static class ReloadableTrustStore {
+		private final String casLocationPattern;
+		private final KeyStore keyStore;
+		private long lastUpdateTime;
+
+		protected ReloadableTrustStore(String casLocationPattern) throws KeyStoreException, NoSuchProviderException,
+				NoSuchAlgorithmException, CertificateException, IOException {
+			this.casLocationPattern = casLocationPattern;
+			keyStore = KeyStore.getInstance(GlobusProvider.KEYSTORE_TYPE, GlobusProvider.PROVIDER_NAME);
+			reload();
+		}
+
+		private void reload() throws NoSuchAlgorithmException, CertificateException, IOException {
+			keyStore.load(KeyStoreParametersFactory.createTrustStoreParameters(casLocationPattern));
+			lastUpdateTime = System.currentTimeMillis();
+		}
+
+		protected boolean isStillValid() {
+			return lastUpdateTime + CACHE_TIME_MILLIS > System.currentTimeMillis();
+		}
+
+		protected KeyStore getTrustStore() throws NoSuchAlgorithmException, CertificateException, IOException {
+			if (!isStillValid()) {
+				reload();
+			}
+			return keyStore;
+		}
+	}
+
+	private static class ReloadableCrlStore {
+		private final String crlsLocationPattern;
+		private CertStore certStore;
+		private long lastUpdateTime;
+
+		protected ReloadableCrlStore(String crlsLocationPattern) throws InvalidAlgorithmParameterException,
+				NoSuchAlgorithmException {
+			this.crlsLocationPattern = crlsLocationPattern;
+			load();
+		}
+
+		private void load() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException {
+			certStore = CertStore.getInstance(GlobusProvider.CERTSTORE_TYPE, new ResourceCertStoreParameters(null,
+					crlsLocationPattern));
+			lastUpdateTime = System.currentTimeMillis();
+		}
+
+		protected boolean isStillValid() {
+			return lastUpdateTime + CACHE_TIME_MILLIS > System.currentTimeMillis();
+		}
+
+		protected CertStore getCrlStore() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException {
+			if (!isStillValid()) {
+				load();
+			}
+			return certStore;
+		}
+	}
+
+	private static class ReloadableCaCertStore {
+		private final String casLocationPattern;
+		private CertStore certStore;
+		private long lastUpdateTime;
+
+		protected ReloadableCaCertStore(String casLocationPattern) throws InvalidAlgorithmParameterException,
+				NoSuchAlgorithmException {
+			this.casLocationPattern = casLocationPattern;
+			load();
+		}
+
+		private void load() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException {
+			certStore = CertStore.getInstance(GlobusProvider.CERTSTORE_TYPE, new ResourceCertStoreParameters(
+					casLocationPattern, null));
+			lastUpdateTime = System.currentTimeMillis();
+		}
+
+		protected boolean isStillValid() {
+			return lastUpdateTime + CACHE_TIME_MILLIS > System.currentTimeMillis();
+		}
+
+		protected CertStore getCaCertStore() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException {
+			if (!isStillValid()) {
+				load();
+			}
+			return certStore;
+		}
+	}
 }