mitm.common.security.certstore.hibernate.X509CertStoreExtHibernate.java Source code

Java tutorial

Introduction

Here is the source code for mitm.common.security.certstore.hibernate.X509CertStoreExtHibernate.java

Source

/*
 * Copyright (c) 2008-2011, Martijn Brinkers, Djigzo.
 * 
 * This file is part of Djigzo email encryption.
 *
 * Djigzo is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License 
 * version 3, 19 November 2007 as published by the Free Software 
 * Foundation.
 *
 * Djigzo is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public 
 * License along with Djigzo. If not, see <http://www.gnu.org/licenses/>
 *
 * Additional permission under GNU AGPL version 3 section 7
 * 
 * If you modify this Program, or any covered work, by linking or 
 * combining it with aspectjrt.jar, aspectjweaver.jar, tyrex-1.0.3.jar, 
 * freemarker.jar, dom4j.jar, mx4j-jmx.jar, mx4j-tools.jar, 
 * spice-classman-1.0.jar, spice-loggerstore-0.5.jar, spice-salt-0.8.jar, 
 * spice-xmlpolicy-1.0.jar, saaj-api-1.3.jar, saaj-impl-1.3.jar, 
 * wsdl4j-1.6.1.jar (or modified versions of these libraries), 
 * containing parts covered by the terms of Eclipse Public License, 
 * tyrex license, freemarker license, dom4j license, mx4j license,
 * Spice Software License, Common Development and Distribution License
 * (CDDL), Common Public License (CPL) the licensors of this Program grant 
 * you additional permission to convey the resulting work.
 */
package mitm.common.security.certstore.hibernate;

import java.security.cert.CertSelector;
import java.security.cert.CertStoreException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Date;
import java.util.concurrent.atomic.AtomicReference;

import mitm.common.hibernate.CommitOnCloseIterator;
import mitm.common.hibernate.SessionAdapter;
import mitm.common.hibernate.SessionAdapterFactory;
import mitm.common.hibernate.SessionManager;
import mitm.common.security.certstore.CertificateAlreadyExistsException;
import mitm.common.security.certstore.Expired;
import mitm.common.security.certstore.Match;
import mitm.common.security.certstore.MissingKeyAlias;
import mitm.common.security.certstore.X509CertStoreExt;
import mitm.common.security.certstore.X509StoreEventListener;
import mitm.common.security.certstore.dao.X509CertStoreDAO;
import mitm.common.security.certstore.dao.X509CertStoreDAOHibernate;
import mitm.common.util.Check;
import mitm.common.util.CloseableIterator;

import org.hibernate.StatelessSession;
import org.hibernate.Transaction;

public class X509CertStoreExtHibernate implements X509CertStoreExt {
    /*
     * The name of this store. The database can store more than one CertStore.
     */
    private String storeName;

    /*
     * Handles the session state.
     */
    private final SessionManager sessionManager;

    /*
     * Listener that will be notified when the store changes (add or remove certificates)
     */
    private final AtomicReference<X509StoreEventListener> eventListener = new AtomicReference<X509StoreEventListener>();

    public X509CertStoreExtHibernate(String storeName, SessionManager sessionManager) {
        Check.notNull(sessionManager, "sessionManager");

        this.storeName = storeName;
        this.sessionManager = sessionManager;
    }

    public void setStoreName(String storeName) {
        this.storeName = storeName;
    }

    @Override
    public X509CertStoreEntryHibernate addCertificate(X509Certificate certificate, String keyAlias)
            throws CertStoreException, CertificateAlreadyExistsException {
        /*
         * we will check whether this certificate is already in the store because a certificate
         * may only be stored once. Adding this check does not guarantee that the certificate will 
         * be added when the transaction is committed because a 'race condition' is always 
         * possible.
         */
        X509CertStoreEntryHibernate entry = getByCertificate(certificate);

        if (entry != null) {
            throw new CertificateAlreadyExistsException("Certificate is already stored.");
        }

        entry = getDAO().addCertificate(certificate, keyAlias);

        fireChangeEvent();

        return entry;
    }

    @Override
    public X509CertStoreEntryHibernate addCertificate(X509Certificate certificate) throws CertStoreException {
        return addCertificate(certificate, null);
    }

    @Override
    public void removeCertificate(X509Certificate certificate) throws CertStoreException {
        getDAO().removeCertificate(certificate);

        fireChangeEvent();
    }

    @Override
    public void removeAllEntries() throws CertStoreException {
        getDAO().removeAllEntries();

        fireChangeEvent();
    }

    @Override
    public X509CertStoreEntryHibernate getLatest() {
        return getDAO().getLatest();
    }

    @Override
    public long size() {
        return getDAO().getRowCount();
    }

    @Override
    public long size(Expired expired, MissingKeyAlias missingKeyAlias) {
        return getDAO().getRowCount(expired, missingKeyAlias, new Date());
    }

    @Override
    public X509CertStoreEntryHibernate getByCertificate(X509Certificate certificate) throws CertStoreException {
        return getDAO().getByCertificate(certificate);
    }

    @Override
    public boolean contains(X509Certificate certificate) throws CertStoreException {
        return getDAO().getByCertificate(certificate) != null;
    }

    @Override
    public CloseableIterator<X509CertStoreEntryHibernate> getByEmail(String email, Match match, Expired expired,
            MissingKeyAlias missingKeyAlias) throws CertStoreException {
        return getByEmail(email, match, expired, missingKeyAlias, null, null);
    }

    @Override
    public CloseableIterator<X509CertStoreEntryHibernate> getByEmail(String email, Match match, Expired expired,
            MissingKeyAlias missingKeyAlias, Integer firstResult, Integer maxResults) throws CertStoreException {
        return getDAO().getByEmail(email, match, expired, missingKeyAlias, new Date(), firstResult, maxResults);
    }

    @Override
    public long getByEmailCount(String email, Match match, Expired expired, MissingKeyAlias missingKeyAlias)
            throws CertStoreException {
        return getDAO().getByEmailCount(email, match, expired, missingKeyAlias, new Date());
    }

    @Override
    public CloseableIterator<X509CertStoreEntryHibernate> searchBySubject(String subject, Expired expired,
            MissingKeyAlias missingKeyAlias, Integer firstResult, Integer maxResults) throws CertStoreException {
        return getDAO().searchBySubject(subject, expired, missingKeyAlias, new Date(), firstResult, maxResults);
    }

    @Override
    public long getSearchBySubjectCount(String subject, Expired expired, MissingKeyAlias missingKeyAlias)
            throws CertStoreException {
        return getDAO().getSearchBySubjectCount(subject, expired, missingKeyAlias, new Date());
    }

    @Override
    public CloseableIterator<X509CertStoreEntryHibernate> searchByIssuer(String issuer, Expired expired,
            MissingKeyAlias missingKeyAlias, Integer firstResult, Integer maxResults) throws CertStoreException {
        return getDAO().searchByIssuer(issuer, expired, missingKeyAlias, new Date(), firstResult, maxResults);
    }

    @Override
    public long getSearchByIssuerCount(String issuer, Expired expired, MissingKeyAlias missingKeyAlias)
            throws CertStoreException {
        return getDAO().getSearchByIssuerCount(issuer, expired, missingKeyAlias, new Date());
    }

    @Override
    public X509CertStoreEntryHibernate getByThumbprint(String thumbprint) {
        return getDAO().getByThumbprint(thumbprint);
    }

    @Override
    public CloseableIterator<X509CertStoreEntryHibernate> getCertStoreIterator(CertSelector certSelector,
            MissingKeyAlias missingKeyAlias, Integer firstResult, Integer maxResults) throws CertStoreException {
        return getDAO().getCertStoreIterator(certSelector, missingKeyAlias, firstResult, maxResults);
    }

    /*
     * A call to getCertificates can result in a lot of records being returned which can result in an 
     * out of memory because the first level cache grows with every object. There are a lot of possible
     * solutions but we will use a StatelessSession because we are only interested in the certificate
     * and not in the entry itself (StatelessSession does not load collection etc.). The drawback of 
     * this approach is that getCertificates has it's own transaction.
     * 
     * Note: Because the statelessSession uses it's own session/transaction it can happen that changes made in other
     * sessions/transactions are not seen until the transactions have been committed.
     */
    public Collection<X509Certificate> getCertificates(CertSelector certSelector, MissingKeyAlias missingKeyAlias,
            Integer firstResult, Integer maxResults) throws CertStoreException {
        StatelessSession statelessSession = sessionManager.openStatelessSession();

        Transaction tx = statelessSession.beginTransaction();

        try {
            Collection<X509Certificate> certificates = getStatelessDAO(statelessSession)
                    .getCertificates(certSelector, missingKeyAlias, firstResult, maxResults);

            tx.commit();

            return certificates;
        } catch (CertStoreException e) {
            tx.rollback();

            throw e;
        } finally {
            statelessSession.close();
        }
    }

    @Override
    public Collection<X509Certificate> getCertificates(CertSelector certSelector) throws CertStoreException {
        return getCertificates(certSelector, MissingKeyAlias.ALLOWED, null, null);
    }

    /*
     * We want to use a StatelessSession for performance and memory reasons but we do want to wrap it in it's own
     * transaction. We will therefore wrap the transaction and session into a wrapper iterator that will commit
     * the transaction and close the session when the iterator is closed. 
     * We need to support a large number of certificates (10th of thousands) and we therefore have to work with
     * StatelessSessions and iterators.
     * 
     * Note: Because the statelessSession uses it's own session/transaction it can happen that changes made in other
     * sessions/transactions are not seen until the transactions have been committed.
     */
    public CloseableIterator<X509Certificate> getCertificateIterator(CertSelector certSelector,
            MissingKeyAlias missingKeyAlias, Integer firstResult, Integer maxResults) throws CertStoreException {
        StatelessSession statelessSession = sessionManager.openStatelessSession();

        Transaction tx = statelessSession.beginTransaction();

        try {
            CloseableIterator<X509Certificate> iterator = getStatelessDAO(statelessSession)
                    .getCertificateIterator(certSelector, missingKeyAlias, firstResult, maxResults);

            CloseableIterator<X509Certificate> commitOnCloseIterator = new CommitOnCloseIterator<X509Certificate>(
                    iterator, SessionAdapterFactory.create(statelessSession), tx);

            return commitOnCloseIterator;
        } catch (CertStoreException e) {
            try {
                tx.rollback();
            } finally {
                statelessSession.close();
            }

            throw e;
        }
    }

    @Override
    public CloseableIterator<X509Certificate> getCertificateIterator(CertSelector certSelector)
            throws CertStoreException {
        return getCertificateIterator(certSelector, MissingKeyAlias.ALLOWED, null, null);
    }

    private String getStoreName() {
        if (storeName == null) {
            throw new IllegalStateException("storeName should be set.");
        }

        return storeName;
    }

    private X509CertStoreDAO getDAO() {
        SessionAdapter session = SessionAdapterFactory.create(sessionManager.getSession());

        return new X509CertStoreDAOHibernate(session, getStoreName());
    }

    private X509CertStoreDAO getStatelessDAO(StatelessSession statelessSession) {
        SessionAdapter session = SessionAdapterFactory.create(statelessSession);

        return new X509CertStoreDAOHibernate(session, getStoreName());
    }

    @Override
    public void setStoreEventListener(X509StoreEventListener eventListener) {
        this.eventListener.set(eventListener);
    }

    private void fireChangeEvent() {
        if (eventListener.get() != null) {
            eventListener.get().onChange();
        }
    }
}