|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.bouncycastle.x509.util.LDAPStoreHelper
public class LDAPStoreHelper
This is a general purpose implementation to get X.509 certificates, CRLs, attribute certificates and cross certificates from a LDAP location.
At first a search is performed in the ldap*AttributeNames of theX509LDAPCertStoreParameters
with the given
information of the subject (for all kind of certificates) or issuer (for
CRLs), respectively, if a X509CertStoreSelector
or
X509AttributeCertificate
is given with that
details.
For the used schemes see:
Field Summary | |
---|---|
private java.util.Map |
cacheMap
|
private static int |
cacheSize
|
private static java.lang.String |
LDAP_PROVIDER
Initial Context Factory. |
private static long |
lifeTime
|
private X509LDAPCertStoreParameters |
params
|
private static java.lang.String |
REFERRALS_IGNORE
Processing referrals.. |
private static java.lang.String |
SEARCH_SECURITY_LEVEL
Security level to be used for LDAP connections. |
private static java.lang.String |
URL_CONTEXT_PREFIX
Package Prefix for loading URL context factories. |
Constructor Summary | |
---|---|
LDAPStoreHelper(X509LDAPCertStoreParameters params)
|
Method Summary | |
---|---|
private void |
addToCache(java.lang.String searchCriteria,
java.util.List list)
|
private java.util.List |
attrCertSubjectSerialSearch(X509AttributeCertStoreSelector xselector,
java.lang.String[] attrs,
java.lang.String[] attrNames,
java.lang.String[] subjectAttributeNames)
Can use the entityName of the holder of the attribute certificate, the serialNumber of attribute certificate and the serialNumber of the associated certificate of the given of the X509AttributeCertSelector. |
private java.util.List |
certSubjectSerialSearch(X509CertStoreSelector xselector,
java.lang.String[] attrs,
java.lang.String[] attrNames,
java.lang.String[] subjectAttributeNames)
Can use the subject and serial and the subject and serialNumber of the certificate of the given of the X509CertStoreSelector. |
private javax.naming.directory.DirContext |
connectLDAP()
|
private java.util.Set |
createAttributeCertificates(java.util.List list,
X509AttributeCertStoreSelector xselector)
|
private java.util.Set |
createCerts(java.util.List list,
X509CertStoreSelector xselector)
|
private java.util.Set |
createCRLs(java.util.List list,
X509CRLStoreSelector xselector)
|
private java.util.Set |
createCrossCertificatePairs(java.util.List list,
X509CertPairStoreSelector xselector)
|
private java.util.List |
cRLIssuerSearch(X509CRLStoreSelector xselector,
java.lang.String[] attrs,
java.lang.String[] attrNames,
java.lang.String[] issuerAttributeNames)
Can use the issuer of the given of the X509CRLStoreSelector. |
private java.util.List |
crossCertificatePairSubjectSearch(X509CertPairStoreSelector xselector,
java.lang.String[] attrs,
java.lang.String[] attrNames,
java.lang.String[] subjectAttributeNames)
Can use the subject of the forward certificate of the set certificate pair or the subject of the forward X509CertStoreSelector of the given
selector. |
java.util.Collection |
getAACertificates(X509AttributeCertStoreSelector selector)
Returns attribute certificates for an attribute authority The aAcertificate holds the privileges of an attribute authority. |
java.util.Collection |
getAttributeAuthorityRevocationLists(X509CRLStoreSelector selector)
Returns the revocation list for revoked attribute certificates for an attribute authority The attributeAuthorityList holds a list of AA certificates that have been revoked. |
java.util.Collection |
getAttributeCertificateAttributes(X509AttributeCertStoreSelector selector)
Returns an attribute certificate for an user. |
java.util.Collection |
getAttributeCertificateRevocationLists(X509CRLStoreSelector selector)
Returns the revocation list for revoked attribute certificates. |
java.util.Collection |
getAttributeDescriptorCertificates(X509AttributeCertStoreSelector selector)
Returns an attribute certificate for an authority The attributeDescriptorCertificate is self signed by a source of authority and holds a description of the privilege and its delegation rules. |
java.util.Collection |
getAuthorityRevocationLists(X509CRLStoreSelector selector)
Returns the CRLs for issued certificates for other CAs matching the given selector. |
java.util.Collection |
getCACertificates(X509CertStoreSelector selector)
Returns CA certificates. |
private javax.security.auth.x500.X500Principal |
getCertificateIssuer(java.security.cert.X509Certificate cert)
|
java.util.Collection |
getCertificateRevocationLists(X509CRLStoreSelector selector)
Returns the certificate revocation lists for revoked certificates. |
java.util.Collection |
getCrossCertificatePairs(X509CertPairStoreSelector selector)
Returns cross certificate pairs. |
java.util.Collection |
getDeltaCertificateRevocationLists(X509CRLStoreSelector selector)
Returns the delta revocation list for revoked certificates. |
private java.util.List |
getFromCache(java.lang.String searchCriteria)
|
private java.lang.String |
getSubjectAsString(X509CertStoreSelector xselector)
|
java.util.Collection |
getUserCertificates(X509CertStoreSelector selector)
Returns end certificates. |
private java.lang.String |
parseDN(java.lang.String subject,
java.lang.String dNAttributeName)
|
private java.util.List |
search(java.lang.String[] attributeNames,
java.lang.String attributeValue,
java.lang.String[] attrs)
Returns a List of encodings of the certificates, attribute
certificates, CRL or certificate pairs. |
private java.lang.String[] |
splitString(java.lang.String str)
|
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
private X509LDAPCertStoreParameters params
private static java.lang.String LDAP_PROVIDER
private static java.lang.String REFERRALS_IGNORE
private static final java.lang.String SEARCH_SECURITY_LEVEL
private static final java.lang.String URL_CONTEXT_PREFIX
private java.util.Map cacheMap
private static int cacheSize
private static long lifeTime
Constructor Detail |
---|
public LDAPStoreHelper(X509LDAPCertStoreParameters params)
Method Detail |
---|
private javax.naming.directory.DirContext connectLDAP() throws javax.naming.NamingException
javax.naming.NamingException
private java.lang.String parseDN(java.lang.String subject, java.lang.String dNAttributeName)
private java.util.Set createCerts(java.util.List list, X509CertStoreSelector xselector) throws StoreException
StoreException
private java.util.List certSubjectSerialSearch(X509CertStoreSelector xselector, java.lang.String[] attrs, java.lang.String[] attrNames, java.lang.String[] subjectAttributeNames) throws StoreException
xselector
- The selector with the search criteria.attrs
- Attributes which contain the certificates in the LDAP
directory.attrNames
- Attribute names in teh LDAP directory which correspond to the
subjectAttributeNames.subjectAttributeNames
- Subject attribute names (like "CN", "O", "OU") to use to
search in the LDAP directory
StoreException
- if an error occurs while searching.private java.util.List crossCertificatePairSubjectSearch(X509CertPairStoreSelector xselector, java.lang.String[] attrs, java.lang.String[] attrNames, java.lang.String[] subjectAttributeNames) throws StoreException
X509CertStoreSelector
of the given
selector.
xselector
- The selector with the search criteria.attrs
- Attributes which contain the attribute certificates in the
LDAP directory.attrNames
- Attribute names in the LDAP directory which correspond to the
subjectAttributeNames.subjectAttributeNames
- Subject attribute names (like "CN", "O", "OU") to use to
search in the LDAP directory
StoreException
- if an error occurs while searching.private java.util.List attrCertSubjectSerialSearch(X509AttributeCertStoreSelector xselector, java.lang.String[] attrs, java.lang.String[] attrNames, java.lang.String[] subjectAttributeNames) throws StoreException
xselector
- The selector with the search criteria.attrs
- Attributes which contain the attribute certificates in the
LDAP directory.attrNames
- Attribute names in the LDAP directory which correspond to the
subjectAttributeNames.subjectAttributeNames
- Subject attribute names (like "CN", "O", "OU") to use to
search in the LDAP directory
StoreException
- if an error occurs while searching.private java.util.List cRLIssuerSearch(X509CRLStoreSelector xselector, java.lang.String[] attrs, java.lang.String[] attrNames, java.lang.String[] issuerAttributeNames) throws StoreException
xselector
- The selector with the search criteria.attrs
- Attributes which contain the attribute certificates in the
LDAP directory.attrNames
- Attribute names in the LDAP directory which correspond to the
subjectAttributeNames.issuerAttributeNames
- Issuer attribute names (like "CN", "O", "OU") to use to search
in the LDAP directory
StoreException
- if an error occurs while searching.private java.util.List search(java.lang.String[] attributeNames, java.lang.String attributeValue, java.lang.String[] attrs) throws StoreException
List
of encodings of the certificates, attribute
certificates, CRL or certificate pairs.
attributeNames
- The attribute names to look for in the LDAP.attributeValue
- The value the attribute name must have.attrs
- The attributes in the LDAP which hold the certificate,
attribute certificate, certificate pair or CRL in a found
entry.
List
of byte arrays with the encodings.
StoreException
- if an error occurs getting the results from the LDAP
directory.private java.util.Set createCRLs(java.util.List list, X509CRLStoreSelector xselector) throws StoreException
StoreException
private java.util.Set createCrossCertificatePairs(java.util.List list, X509CertPairStoreSelector xselector) throws StoreException
StoreException
private java.util.Set createAttributeCertificates(java.util.List list, X509AttributeCertStoreSelector xselector) throws StoreException
StoreException
public java.util.Collection getAuthorityRevocationLists(X509CRLStoreSelector selector) throws StoreException
selector
- The CRL selector to use to find the CRLs.
StoreException
public java.util.Collection getAttributeCertificateRevocationLists(X509CRLStoreSelector selector) throws StoreException
selector
- The CRL selector to use to find the CRLs.
StoreException
public java.util.Collection getAttributeAuthorityRevocationLists(X509CRLStoreSelector selector) throws StoreException
selector
- The CRL selector to use to find the CRLs.
StoreException
public java.util.Collection getCrossCertificatePairs(X509CertPairStoreSelector selector) throws StoreException
selector
- The selector to use to find the cross certificates.
X509CertificatePair
s
StoreException
public java.util.Collection getUserCertificates(X509CertStoreSelector selector) throws StoreException
selector
- The selector to find the certificates.
StoreException
public java.util.Collection getAACertificates(X509AttributeCertStoreSelector selector) throws StoreException
selector
- The selector to find the attribute certificates.
StoreException
public java.util.Collection getAttributeDescriptorCertificates(X509AttributeCertStoreSelector selector) throws StoreException
selector
- The selector to find the attribute certificates.
StoreException
public java.util.Collection getCACertificates(X509CertStoreSelector selector) throws StoreException
selector
- The selector to find the certificates.
StoreException
public java.util.Collection getDeltaCertificateRevocationLists(X509CRLStoreSelector selector) throws StoreException
selector
- The CRL selector to use to find the CRLs.
StoreException
public java.util.Collection getAttributeCertificateAttributes(X509AttributeCertStoreSelector selector) throws StoreException
selector
- The selector to find the attribute certificates.
StoreException
public java.util.Collection getCertificateRevocationLists(X509CRLStoreSelector selector) throws StoreException
selector
- The CRL selector to use to find the CRLs.
StoreException
private void addToCache(java.lang.String searchCriteria, java.util.List list)
private java.util.List getFromCache(java.lang.String searchCriteria)
private java.lang.String[] splitString(java.lang.String str)
private java.lang.String getSubjectAsString(X509CertStoreSelector xselector)
private javax.security.auth.x500.X500Principal getCertificateIssuer(java.security.cert.X509Certificate cert)
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |