Package org.geant.idpextension.oidc.storage

Class RevocationCache

  • All Implemented Interfaces:
    net.shibboleth.utilities.java.support.component.Component, net.shibboleth.utilities.java.support.component.DestructableComponent, net.shibboleth.utilities.java.support.component.IdentifiableComponent, net.shibboleth.utilities.java.support.component.IdentifiedComponent, net.shibboleth.utilities.java.support.component.InitializableComponent
    @ThreadSafeAfterInit
public class RevocationCache
extends net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent
    Stores and checks for revocation entries.

    This class is thread-safe and uses a synchronized method to prevent race conditions within the underlying store (lacking an atomic "check and insert" operation).

    • Field Summary

      Fields 
      Modifier and Type Field Description
      private Duration expires
      Lifetime of revocation entry.
      private org.slf4j.Logger log
      Logger.
      private org.opensaml.storage.StorageService storage
      Backing storage for the replay cache.
      private boolean strict
      Flag controlling behavior on storage failure.

    • Constructor Summary

      Constructors 
      Constructor Description
      RevocationCache()
      Constructor.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void doInitialize()
      org.opensaml.storage.StorageService getStorage()
      Get the backing store for the cache.
      boolean isRevoked​(String context, String s)
      Returns false if the value has successfully been confirmed as not revoked.
      boolean isStrict()
      Get the strictness flag.
      boolean revoke​(String context, String s)
      Returns true if the value is successfully revoked.
      void setEntryExpiration​(Duration entryExpiration)
      Set the revocation entry expiration.
      void setStorage​(org.opensaml.storage.StorageService storageService)
      Set the backing store for the cache.
      void setStrict​(boolean flag)
      Set the strictness flag.

      • Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent

        setId

      • Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent

        getId

      • Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

        destroy, doDestroy, initialize, isDestroyed, isInitialized

      • Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiedComponent

        getId

    • Field Detail

      • log

        private final org.slf4j.Logger log
        Logger.

      • storage

        private org.opensaml.storage.StorageService storage
        Backing storage for the replay cache.

      • strict

        private boolean strict
        Flag controlling behavior on storage failure.

      • expires

        @Nonnull
@Positive
private Duration expires
        Lifetime of revocation entry. Default value: 6 hours

    • Constructor Detail

      • RevocationCache

        public RevocationCache()
        Constructor.

    • Method Detail

      • setEntryExpiration

        public void setEntryExpiration​(@Positive
                               Duration entryExpiration)
        Set the revocation entry expiration.
        Parameters:
        entryExpiration - lifetime of an revocation entry in milliseconds

      • getStorage

        @NonnullAfterInit
public org.opensaml.storage.StorageService getStorage()
        Get the backing store for the cache.
        Returns:
        the backing store.

      • setStorage

        public void setStorage​(@Nonnull
                       org.opensaml.storage.StorageService storageService)
        Set the backing store for the cache.
        Parameters:
        storageService - backing store to use

      • isStrict

        public boolean isStrict()
        Get the strictness flag.
        Returns:
        true iff we should treat storage failures as a replay

      • setStrict

        public void setStrict​(boolean flag)
        Set the strictness flag.
        Parameters:
        flag - true iff we should treat storage failures as a replay

      • doInitialize

        public void doInitialize()
                  throws net.shibboleth.utilities.java.support.component.ComponentInitializationException
        Overrides:
        doInitialize in class net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
        Throws:
        net.shibboleth.utilities.java.support.component.ComponentInitializationException

      • revoke

        public boolean revoke​(@Nonnull @NotEmpty
                      String context,
                      @Nonnull @NotEmpty
                      String s)
        Returns true if the value is successfully revoked. If value has already been revoked, expiration is updated.
        Parameters:
        context - a context label to subdivide the cache
        s - value to revoke
        Returns:
        true if value has successfully been listed as revoked in the cache.

      • isRevoked

        public boolean isRevoked​(@Nonnull @NotEmpty
                         String context,
                         @Nonnull @NotEmpty
                         String s)
        Returns false if the value has successfully been confirmed as not revoked.
        Parameters:
        context - a context label to subdivide the cache
        s - value to revoke
        Returns:
        false if the check value is not found in the cache