Author: hiranya
Date: Wed Jul 31 01:41:52 2013
New Revision: 1508704
URL: http://svn.apache.org/r1508704
Log:
Some cleanup and refactoring
Modified:
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/cache/CacheController.java
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/cache/CacheManager.java
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/crl/CRLCache.java
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/crl/CRLVerifier.java
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/ocsp/OCSPCache.java
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/ocsp/OCSPVerifier.java
Modified:
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/cache/CacheController.java
URL:
http://svn.apache.org/viewvc/synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/cache/CacheController.java?rev=1508704&r1=1508703&r2=1508704&view=diff
==============================================================================
---
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/cache/CacheController.java
(original)
+++
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/cache/CacheController.java
Wed Jul 31 01:41:52 2013
@@ -19,7 +19,7 @@
package org.apache.synapse.transport.utils.sslcert.cache;
-public class CacheController implements CacheControllerMBean{
+public class CacheController implements CacheControllerMBean {
private ManageableCache cache;
private CacheManager cacheManager;
Modified:
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/cache/CacheManager.java
URL:
http://svn.apache.org/viewvc/synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/cache/CacheManager.java?rev=1508704&r1=1508703&r2=1508704&view=diff
==============================================================================
---
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/cache/CacheManager.java
(original)
+++
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/cache/CacheManager.java
Wed Jul 31 01:41:52 2013
@@ -35,12 +35,12 @@ import java.util.concurrent.TimeUnit;
* Delay should be configured such that cacheManager is not too much involved
with the cache,
* but manages it optimally.
*/
-
public class CacheManager {
private static final Log log = LogFactory.getLog(CacheManager.class);
private final boolean DO_NOT_INTERRUPT_IF_RUNNING = false;
+
private ScheduledExecutorService scheduler;
private ScheduledFuture scheduledFuture = null;
private ManageableCache cache;
@@ -56,8 +56,7 @@ public class CacheManager {
* will be removed
*/
public CacheManager(ManageableCache cache, int cacheMaxSize, int delay) {
- int NUM_THREADS = 1;
- scheduler = Executors.newScheduledThreadPool(NUM_THREADS);
+ scheduler = Executors.newSingleThreadScheduledExecutor();
this.cache = cache;
this.cacheMaxSize = cacheMaxSize;
this.cacheManagingTask = new CacheManagingTask();
@@ -70,7 +69,7 @@ public class CacheManager {
* constructor. CacheManager will run its scheduled task every "delay"
number of minutes.
*/
private boolean start() {
- if(scheduledFuture == null || (scheduledFuture.isCancelled())) {
+ if (scheduledFuture == null || (scheduledFuture.isCancelled())) {
scheduledFuture =
scheduler.scheduleWithFixedDelay(cacheManagingTask,
delay, delay, TimeUnit.MINUTES);
log.info(cache.getClass().getSimpleName()+" Cache Manager
Started");
@@ -85,8 +84,8 @@ public class CacheManager {
* @return true if successfully waken up. false otherwise.
*/
public boolean wakeUpNow(){
- if(scheduledFuture !=null) {
- if(!scheduledFuture.isCancelled()) {
+ if (scheduledFuture !=null) {
+ if (!scheduledFuture.isCancelled()) {
scheduledFuture.cancel(DO_NOT_INTERRUPT_IF_RUNNING);
}
scheduledFuture =
scheduler.scheduleWithFixedDelay(cacheManagingTask,
@@ -106,7 +105,7 @@ public class CacheManager {
public boolean changeDelay(int delay) throws IllegalArgumentException {
int min = Constants.CACHE_MIN_DELAY_MINS;
int max = Constants.CACHE_MAX_DELAY_MINS;
- if(delay < min || delay > max) {
+ if (delay < min || delay > max) {
throw new IllegalArgumentException("Delay time should should be
between " + min +
" and " + max + " minutes");
}
@@ -122,7 +121,7 @@ public class CacheManager {
* Gracefully stop cacheManager.
*/
public boolean stop(){
- if(scheduledFuture !=null && !scheduledFuture.isCancelled()){
+ if (scheduledFuture !=null && !scheduledFuture.isCancelled()){
scheduledFuture.cancel(DO_NOT_INTERRUPT_IF_RUNNING);
log.info(cache.getClass().getSimpleName()+" Cache Manager
Stopped.....");
return true;
@@ -157,8 +156,7 @@ public class CacheManager {
//Start looking at cache entries from the beginning.
cache.resetIterator();
//Iteration through the cache entries.
- while ((cacheSize--)>0) {
-
+ while ((cacheSize--) > 0) {
nextCacheValue = cache.getNextCacheValue();
if (nextCacheValue == null) {
log.debug("Cache manager iteration through Cache values
done");
@@ -172,13 +170,13 @@ public class CacheManager {
}
//There are LRU entries to be removed since cacheSize >
maxCacheSize. So collect them.
- if(numberToRemove>0) {
+ if (numberToRemove > 0) {
lruEntryCollector.collectEntriesToRemove(nextCacheValue);
}
}
//LRU entries removing
- for(ManageableCacheValue oldCacheValue: entriesToRemove) {
+ for (ManageableCacheValue oldCacheValue: entriesToRemove) {
log.debug("Removing LRU value from cache");
oldCacheValue.removeThisCacheValue();
}
@@ -210,21 +208,21 @@ public class CacheManager {
private void collectEntriesToRemove(ManageableCacheValue value) {
entriesToRemove.add(value);
- int i = entriesToRemove.size()-1;
+ int i = entriesToRemove.size() - 1;
- for(; i>0 && (value.getTimeStamp() <
entriesToRemove.get(i-1).getTimeStamp()); i--) {
+ for(; i > 0 && (value.getTimeStamp() < entriesToRemove.get(i -
1).getTimeStamp()); i--) {
entriesToRemove.remove(i);
- entriesToRemove.add(i,(entriesToRemove.get(i-1)));
+ entriesToRemove.add(i,(entriesToRemove.get(i - 1)));
}
entriesToRemove.remove(i);
entriesToRemove.add(i,value);
- /**
+ /*
* First entry in the list will be the oldest. Last will be
the earliest in the list.
* So remove the earliest since we need to collect the old
(LRU) values to remove
* from cache later
*/
- if(entriesToRemove.size() > listMaxSize) {
- entriesToRemove.remove(entriesToRemove.size() -1);
+ if (entriesToRemove.size() > listMaxSize) {
+ entriesToRemove.remove(entriesToRemove.size() - 1);
}
}
Modified:
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/crl/CRLCache.java
URL:
http://svn.apache.org/viewvc/synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/crl/CRLCache.java?rev=1508704&r1=1508703&r2=1508704&view=diff
==============================================================================
---
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/crl/CRLCache.java
(original)
+++
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/crl/CRLCache.java
Wed Jul 31 01:41:52 2013
@@ -71,7 +71,7 @@ public class CRLCache implements Managea
synchronized (CRLCache.class) {
if (cacheManager == null) {
cacheManager = new CacheManager(cache, size, delay);
- CacheController mbean = new
CacheController(cache,cacheManager);
+ CacheController mbean = new CacheController(cache,
cacheManager);
MBeanRegistrar.getInstance().registerMBean(mbean,
"CacheController",
"CRLCacheController");
}
@@ -103,7 +103,7 @@ public class CRLCache implements Managea
return hashMap.size();
}
- public void resetIterator() {
+ public synchronized void resetIterator() {
iterator = hashMap.entrySet().iterator();
}
@@ -136,14 +136,14 @@ public class CRLCache implements Managea
}
return cacheValue.getValue();
- } else
- return null;
+ }
+ return null;
}
public synchronized void setCacheValue(String crlUrl, X509CRL crl) {
CRLCacheValue cacheValue = new CRLCacheValue(crlUrl, crl);
if (log.isDebugEnabled()) {
- log.debug("Before set- HashMap size " + hashMap.size());
+ log.debug("Before set - HashMap size " + hashMap.size());
}
hashMap.put(crlUrl, cacheValue);
if (log.isDebugEnabled()) {
Modified:
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/crl/CRLVerifier.java
URL:
http://svn.apache.org/viewvc/synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/crl/CRLVerifier.java?rev=1508704&r1=1508703&r2=1508704&view=diff
==============================================================================
---
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/crl/CRLVerifier.java
(original)
+++
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/crl/CRLVerifier.java
Wed Jul 31 01:41:52 2013
@@ -42,9 +42,10 @@ import java.util.List;
*/
public class CRLVerifier implements RevocationVerifier {
- private CRLCache cache;
private static final Log log = LogFactory.getLog(CRLVerifier.class);
+ private CRLCache cache;
+
public CRLVerifier(CRLCache cache) {
this.cache = cache;
}
@@ -82,8 +83,9 @@ public class CRLVerifier implements Revo
try {
X509CRL x509CRL = downloadCRLFromWeb(crlUrl);
if (x509CRL != null) {
- if (cache != null)
+ if (cache != null) {
cache.setCacheValue(crlUrl, x509CRL);
+ }
return getRevocationStatus(x509CRL, peerCert);
}
} catch (Exception e) {
Modified:
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/ocsp/OCSPCache.java
URL:
http://svn.apache.org/viewvc/synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/ocsp/OCSPCache.java?rev=1508704&r1=1508703&r2=1508704&view=diff
==============================================================================
---
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/ocsp/OCSPCache.java
(original)
+++
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/ocsp/OCSPCache.java
Wed Jul 31 01:41:52 2013
@@ -102,7 +102,7 @@ public class OCSPCache implements Manage
return hashMap.size();
}
- public void resetIterator(){
+ public synchronized void resetIterator(){
iterator = hashMap.entrySet().iterator();
}
@@ -117,7 +117,7 @@ public class OCSPCache implements Manage
try {
String serviceUrl = cacheValue.serviceUrl;
OCSPReq request = cacheValue.request;
- OCSPResp response= ocspVerifier.getOCSPResponce(serviceUrl,
request);
+ OCSPResp response= ocspVerifier.getOCSPResponse(serviceUrl,
request);
if (OCSPRespStatus.SUCCESSFUL != response.getStatus())
throw new CertificateVerificationException("OCSP response
status not SUCCESSFUL");
Modified:
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/ocsp/OCSPVerifier.java
URL:
http://svn.apache.org/viewvc/synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/ocsp/OCSPVerifier.java?rev=1508704&r1=1508703&r2=1508704&view=diff
==============================================================================
---
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/ocsp/OCSPVerifier.java
(original)
+++
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/ocsp/OCSPVerifier.java
Wed Jul 31 01:41:52 2013
@@ -43,9 +43,10 @@ import java.util.Vector;
*/
public class OCSPVerifier implements RevocationVerifier {
- private OCSPCache cache;
private static final Log log = LogFactory.getLog(OCSPVerifier.class);
+ private OCSPCache cache;
+
public OCSPVerifier(OCSPCache cache) {
this.cache = cache;
}
@@ -81,7 +82,7 @@ public class OCSPVerifier implements Rev
SingleResp[] responses;
try {
- OCSPResp ocspResponse = getOCSPResponce(serviceUrl, request);
+ OCSPResp ocspResponse = getOCSPResponse(serviceUrl, request);
if (OCSPRespStatus.SUCCESSFUL != ocspResponse.getStatus()) {
continue; // Server didn't give the response right.
}
@@ -126,8 +127,8 @@ public class OCSPVerifier implements Rev
* @throws CertificateVerificationException
*
*/
- protected OCSPResp getOCSPResponce(String serviceUrl, OCSPReq request)
throws CertificateVerificationException {
-
+ protected OCSPResp getOCSPResponse(String serviceUrl,
+ OCSPReq request) throws
CertificateVerificationException {
try {
//Todo: Use http client.
byte[] array = request.getEncoded();
@@ -178,7 +179,8 @@ public class OCSPVerifier implements Rev
Security.addProvider(new
org.bouncycastle.jce.provider.BouncyCastleProvider());
try {
// CertID structure is used to uniquely identify certificates
that are the subject of
- // an OCSP request or response and has an ASN.1 definition. CertID
structure is defined in RFC 2560
+ // an OCSP request or response and has an ASN.1 definition. CertID
structure is defined
+ // in RFC 2560
CertificateID id = new CertificateID(CertificateID.HASH_SHA1,
issuerCert, serialNumber);
// basic request generation with nonce
@@ -187,7 +189,8 @@ public class OCSPVerifier implements Rev
// create details for nonce extension. The nonce extension is used
to bind
// a request to a response to prevent replay attacks. As the name
implies,
- // the nonce value is something that the client should only use
once within a reasonably small period.
+ // the nonce value is something that the client should only use
once within a reasonably
+ // small period.
BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis());
Vector<ASN1ObjectIdentifier> objectIdentifiers = new
Vector<ASN1ObjectIdentifier>();
Vector<X509Extension> values = new Vector<X509Extension>();
@@ -199,7 +202,8 @@ public class OCSPVerifier implements Rev
return generator.generate();
} catch (OCSPException e) {
- throw new CertificateVerificationException("Cannot generate OSCP
Request with the given certificate", e);
+ throw new CertificateVerificationException("Cannot generate OCSP
Request with the " +
+ "given certificate", e);
}
}
@@ -217,19 +221,21 @@ public class OCSPVerifier implements Rev
//Gets the DER-encoded OCTET string for the extension value for
Authority information access Points
byte[] aiaExtensionValue =
cert.getExtensionValue(X509Extensions.AuthorityInfoAccess.getId());
- if (aiaExtensionValue == null)
- throw new CertificateVerificationException("Certificate Doesnt
have Authority Information Access points");
+ if (aiaExtensionValue == null) {
+ throw new CertificateVerificationException("Certificate doesn't
have authority " +
+ "information access points");
+ }
//might have to pass an ByteArrayInputStream(aiaExtensionValue)
ASN1InputStream asn1In = new ASN1InputStream(aiaExtensionValue);
AuthorityInformationAccess authorityInformationAccess;
try {
DEROctetString aiaDEROctetString = (DEROctetString)
(asn1In.readObject());
- ASN1InputStream asn1Inoctets = new
ASN1InputStream(aiaDEROctetString.getOctets());
- ASN1Sequence aiaASN1Sequence = (ASN1Sequence)
asn1Inoctets.readObject();
- authorityInformationAccess =
AuthorityInformationAccess.getInstance(aiaASN1Sequence);//new
AuthorityInformationAccess(aiaASN1Sequence);
+ ASN1InputStream asn1InOctets = new
ASN1InputStream(aiaDEROctetString.getOctets());
+ ASN1Sequence aiaASN1Sequence = (ASN1Sequence)
asn1InOctets.readObject();
+ authorityInformationAccess =
AuthorityInformationAccess.getInstance(aiaASN1Sequence);
} catch (IOException e) {
- throw new CertificateVerificationException("Cannot read
certificate to get OSCP urls", e);
+ throw new CertificateVerificationException("Cannot read
certificate to get OCSP URLs", e);
}
List<String> ocspUrlList = new ArrayList<String>();
@@ -243,8 +249,9 @@ public class OCSPVerifier implements Rev
ocspUrlList.add(accessLocation);
}
}
- if(ocspUrlList.isEmpty())
+ if (ocspUrlList.isEmpty()) {
throw new CertificateVerificationException("Cant get OCSP urls
from certificate");
+ }
return ocspUrlList;
}