org.eblocker.certificate.validator.squid.CertificateValidationMessageReader

org.eblocker.certificate.validator.squid.CertificateValidationRequestReader

public class CertificateValidationRequestReader extends CertificateValidationMessageReader

Use this by adding the following lines into the squid config: sslcrtvalidator_program "/opt/eblocker-network/certificate-validator/bin/squid-certificate-validator.sh" sslcrtvalidator_children 1 startup=1 idle=1 concurrency=0

The protocol SEEMS to be specified here: http://wiki.squid-cache.org/Features/SslServerCertValidator As it turns out, the last delimiter byte 0x01 is not being sent by our squid version (3.5.12) even though they explicitly explain it here: "...line refers to a logical input. body may contain \n characters so each line in this format is delimited by a 0x01 byte instead of the standard \n byte...." In addition to this strange non documented behaviour, the information about the host IP address is already placed in the first line before any \n or whatsoever 'host=...'

Note: When we configure squid to not use concurrency with our ssl certificate validator (e.g. "sslcrtvalidator_children 1 startup=1 idle=1 concurrency=0") it will not send AND expect any references to IDs (i.e. no request ID and therefore no response ID, because the program is only working on one request at a time)

FIXME : report those problems with e.g. the missing 0x01 byte to the Squid community?

Nested Class Summary

Nested classes/interfaces inherited from class org.eblocker.certificate.validator.squid.CertificateValidationMessageReader
CertificateValidationMessageReader.Header
Field Summary

Fields inherited from class org.eblocker.certificate.validator.squid.CertificateValidationMessageReader
firstLinePattern, KEY_PATTERN, KEY_REGEX, useConcurrency
Constructor Summary

Constructors

Constructor

Description

CertificateValidationRequestReader(boolean useConcurrency)
Method Summary

Modifier and Type

Method

Description

protected CertificateValidationMessage

buildMessage(long ID, String messageType, Map<String,String> map)

CertificateValidationRequest

read(BufferedReader reader)

Methods inherited from class org.eblocker.certificate.validator.squid.CertificateValidationMessageReader
getCertificates, getErrorCertIds, getErrorNames, getErrorReasons, getIntegerValues, getStringValues, parseHeader, parseMessage, readKeyValues

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- CertificateValidationRequestReader
  
  public CertificateValidationRequestReader(boolean useConcurrency)
Method Details
- read
  
  public CertificateValidationRequest read(BufferedReader reader)
  
  Returns:
  
  null if end of inputstream is reached
- buildMessage
  
  protected CertificateValidationMessage buildMessage(long ID, String messageType, Map<String,String> map)
  
  Overrides:
  
  buildMessage in class CertificateValidationMessageReader

Class CertificateValidationRequestReader

Nested Class Summary

Nested classes/interfaces inherited from class org.eblocker.certificate.validator.squid.CertificateValidationMessageReader

Field Summary

Fields inherited from class org.eblocker.certificate.validator.squid.CertificateValidationMessageReader

Constructor Summary

Method Summary

Methods inherited from class org.eblocker.certificate.validator.squid.CertificateValidationMessageReader

Methods inherited from class java.lang.Object

Constructor Details

CertificateValidationRequestReader

Method Details

read

buildMessage