org.bouncycastle.jce.provider.X509StoreLDAPCerts Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of bcprov-jdk14 Show documentation
Show all versions of bcprov-jdk14 Show documentation
The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.4.
package org.bouncycastle.jce.provider; import java.util.Collection; import java.util.Collections; import java.util.HashSet; import java.util.Iterator; import java.util.Set; import org.bouncycastle.jce.X509LDAPCertStoreParameters; import org.bouncycastle.util.Selector; import org.bouncycastle.util.StoreException; import org.bouncycastle.x509.X509CertPairStoreSelector; import org.bouncycastle.x509.X509CertStoreSelector; import org.bouncycastle.x509.X509CertificatePair; import org.bouncycastle.x509.X509StoreParameters; import org.bouncycastle.x509.X509StoreSpi; import org.bouncycastle.x509.util.LDAPStoreHelper; /** * A SPI implementation of Bouncy Castle X509Store
for getting * certificates form a LDAP directory. * * @see org.bouncycastle.x509.X509Store */ public class X509StoreLDAPCerts extends X509StoreSpi { private LDAPStoreHelper helper; public X509StoreLDAPCerts() { } /** * Initializes this LDAP cert store implementation. * * @param params X509LDAPCertStoreParameters. * @throws IllegalArgumentException if params is not an instance of * X509LDAPCertStoreParameters. */ public void engineInit(X509StoreParameters params) { if (!(params instanceof X509LDAPCertStoreParameters)) { throw new IllegalArgumentException( "Initialization parameters must be an instance of " + X509LDAPCertStoreParameters.class.getName() + "."); } helper = new LDAPStoreHelper((X509LDAPCertStoreParameters)params); } /** * Returns a collection of matching certificates from the LDAP location. ** The selector must be a of type X509CertStoreSelector. If * it is not an empty collection is returned. *
* The implementation searches only for CA certificates, if the method * {@link java.security.cert.X509CertSelector#getBasicConstraints()} is * greater or equal to 0. If it is -2 only end certificates are searched. *
* The subject and the serial number for end certificates should be * reasonable criterias for a selector. *
* @param selector The selector to use for finding. * @return A collection with the matches. * @throws StoreException if an exception occurs while searching. */ public Collection engineGetMatches(Selector selector) throws StoreException { if (!(selector instanceof X509CertStoreSelector)) { return Collections.EMPTY_SET; } X509CertStoreSelector xselector = (X509CertStoreSelector)selector; Set set = new HashSet(); // test if only CA certificates should be selected if (xselector.getBasicConstraints() > 0) { set.addAll(helper.getCACertificates(xselector)); set.addAll(getCertificatesFromCrossCertificatePairs(xselector)); } // only end certificates should be selected else if (xselector.getBasicConstraints() == -2) { set.addAll(helper.getUserCertificates(xselector)); } // nothing specified else { set.addAll(helper.getUserCertificates(xselector)); set.addAll(helper.getCACertificates(xselector)); set.addAll(getCertificatesFromCrossCertificatePairs(xselector)); } return set; } private Collection getCertificatesFromCrossCertificatePairs( X509CertStoreSelector xselector) throws StoreException { Set set = new HashSet(); X509CertPairStoreSelector ps = new X509CertPairStoreSelector(); ps.setForwardSelector(xselector); ps.setReverseSelector(new X509CertStoreSelector()); Set crossCerts = new HashSet(helper.getCrossCertificatePairs(ps)); Set forward = new HashSet(); Set reverse = new HashSet(); Iterator it = crossCerts.iterator(); while (it.hasNext()) { X509CertificatePair pair = (X509CertificatePair)it.next(); if (pair.getForward() != null) { forward.add(pair.getForward()); } if (pair.getReverse() != null) { reverse.add(pair.getReverse()); } } set.addAll(forward); set.addAll(reverse); return set; } }