Class ZCertStore

java.lang.Object

org.zeromq.ZCertStore

public class ZCertStore
extends Object

To authenticate new clients using the ZeroMQ CURVE security mechanism, we have to check that the client's public key matches a key we know and accept. There are numerous ways to store accepted client public keys. The mechanism CZMQ implements is "certificates" (plain text files) held in a "certificate store" (a disk directory). This class works with such certificate stores, and lets you easily load them from disk, and check if a given client public key is known or not. The ZCert class does the work of managing a single certificate.

Those files need to be in ZMP-Format which is created by ZConfig

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static interface	ZCertStore.Fingerprinter
static final class	ZCertStore.Hasher
private static interface	ZCertStore.IFileVisitor
static final class	ZCertStore.Timestamper

Field Summary

Fields

Modifier and Type	Field	Description
private final ZCertStore.Fingerprinter	finger
private final Map<File,byte[]>	fingerprints
private final File	location
private final Map<String, ZMetadata>	publicKeys

Constructor Summary

Constructors

Constructor	Description
ZCertStore(String location)	Create a Certificate Store at that file system folder location
ZCertStore(String location, ZCertStore.Fingerprinter fingerprinter)

Method Summary

Modifier and Type	Method	Description
(package private) boolean	checkForChanges()	Check if files in the certificate folders have been added or removed.
boolean	containsPublicKey(byte[] publicKey)	Check if a public key is in the certificate store.
boolean	containsPublicKey(String publicKey)	check if a z85-based public key is in the certificate store.
(package private) int	getCertificatesCount()
ZMetadata	getMetadata(String publicKey)
private void	loadFiles()
private boolean	modified(byte[] fingerprint, File path)
(package private) boolean	reloadIfNecessary()
private boolean	traverseDirectory(File root, ZCertStore.IFileVisitor visitor)

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

location

private final File location

fingerprints

private final Map<File,byte[]> fingerprints

publicKeys

private final Map<String, ZMetadata> publicKeys

finger

private final ZCertStore.Fingerprinter finger

Constructor Details

ZCertStore

public ZCertStore(String location)

Create a Certificate Store at that file system folder location

Parameters:

location -

ZCertStore

public ZCertStore(String location,
 ZCertStore.Fingerprinter fingerprinter)

Method Details

traverseDirectory

private boolean traverseDirectory(File root,
 ZCertStore.IFileVisitor visitor)

containsPublicKey

public boolean containsPublicKey(byte[] publicKey)

Check if a public key is in the certificate store.

Parameters:

publicKey - needs to be a 32 byte array representing the public key

containsPublicKey

public boolean containsPublicKey(String publicKey)

check if a z85-based public key is in the certificate store. This method will scan the folder for changes on every call

Parameters:

publicKey -

getMetadata

public ZMetadata getMetadata(String publicKey)

loadFiles

private void loadFiles()

getCertificatesCount

int getCertificatesCount()

reloadIfNecessary

boolean reloadIfNecessary()

checkForChanges

boolean checkForChanges()

Check if files in the certificate folders have been added or removed.

modified

private boolean modified(byte[] fingerprint,
 File path)