org.spongycastle.jce.provider.X509StoreLDAPCerts Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of prov Show documentation
Show all versions of prov Show documentation
Spongy Castle is a package-rename (org.bouncycastle.* to org.spongycastle.*) of Bouncy Castle
intended for the Android platform. Android unfortunately ships with a stripped-down version of
Bouncy Castle, which prevents easy upgrades - Spongy Castle overcomes this and provides a full,
up-to-date version of the Bouncy Castle cryptographic libs.
The newest version!
package org.spongycastle.jce.provider;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.spongycastle.jce.X509LDAPCertStoreParameters;
import org.spongycastle.util.Selector;
import org.spongycastle.util.StoreException;
import org.spongycastle.x509.X509CertPairStoreSelector;
import org.spongycastle.x509.X509CertStoreSelector;
import org.spongycastle.x509.X509CertificatePair;
import org.spongycastle.x509.X509StoreParameters;
import org.spongycastle.x509.X509StoreSpi;
import org.spongycastle.x509.util.LDAPStoreHelper;
/**
* A SPI implementation of Bouncy Castle X509Store
for getting
* certificates form a LDAP directory.
*
* @see org.spongycastle.x509.X509Store
*/
public class X509StoreLDAPCerts
extends X509StoreSpi
{
private LDAPStoreHelper helper;
public X509StoreLDAPCerts()
{
}
/**
* Initializes this LDAP cert store implementation.
*
* @param params X509LDAPCertStoreParameters
.
* @throws IllegalArgumentException if params
is not an instance of
* X509LDAPCertStoreParameters
.
*/
public void engineInit(X509StoreParameters params)
{
if (!(params instanceof X509LDAPCertStoreParameters))
{
throw new IllegalArgumentException(
"Initialization parameters must be an instance of "
+ X509LDAPCertStoreParameters.class.getName() + ".");
}
helper = new LDAPStoreHelper((X509LDAPCertStoreParameters)params);
}
/**
* Returns a collection of matching certificates from the LDAP location.
*
* The selector must be a of type X509CertStoreSelector
. If
* it is not an empty collection is returned.
*
* The implementation searches only for CA certificates, if the method
* {@link java.security.cert.X509CertSelector#getBasicConstraints()} is
* greater or equal to 0. If it is -2 only end certificates are searched.
*
* The subject and the serial number for end certificates should be
* reasonable criterias for a selector.
*
* @param selector The selector to use for finding.
* @return A collection with the matches.
* @throws StoreException if an exception occurs while searching.
*/
public Collection engineGetMatches(Selector selector) throws StoreException
{
if (!(selector instanceof X509CertStoreSelector))
{
return Collections.EMPTY_SET;
}
X509CertStoreSelector xselector = (X509CertStoreSelector)selector;
Set set = new HashSet();
// test if only CA certificates should be selected
if (xselector.getBasicConstraints() > 0)
{
set.addAll(helper.getCACertificates(xselector));
set.addAll(getCertificatesFromCrossCertificatePairs(xselector));
}
// only end certificates should be selected
else if (xselector.getBasicConstraints() == -2)
{
set.addAll(helper.getUserCertificates(xselector));
}
// nothing specified
else
{
set.addAll(helper.getUserCertificates(xselector));
set.addAll(helper.getCACertificates(xselector));
set.addAll(getCertificatesFromCrossCertificatePairs(xselector));
}
return set;
}
private Collection getCertificatesFromCrossCertificatePairs(
X509CertStoreSelector xselector) throws StoreException
{
Set set = new HashSet();
X509CertPairStoreSelector ps = new X509CertPairStoreSelector();
ps.setForwardSelector(xselector);
ps.setReverseSelector(new X509CertStoreSelector());
Set crossCerts = new HashSet(helper.getCrossCertificatePairs(ps));
Set forward = new HashSet();
Set reverse = new HashSet();
Iterator it = crossCerts.iterator();
while (it.hasNext())
{
X509CertificatePair pair = (X509CertificatePair)it.next();
if (pair.getForward() != null)
{
forward.add(pair.getForward());
}
if (pair.getReverse() != null)
{
reverse.add(pair.getReverse());
}
}
set.addAll(forward);
set.addAll(reverse);
return set;
}
}