All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.bouncycastle.jce.provider.X509StoreLDAPCerts Maven / Gradle / Ivy

Go to download

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.6.

There is a newer version: 1.46
Show newest version
package org.bouncycastle.jce.provider;

import org.bouncycastle.jce.X509LDAPCertStoreParameters;
import org.bouncycastle.util.Selector;
import org.bouncycastle.util.StoreException;
import org.bouncycastle.x509.X509CertPairStoreSelector;
import org.bouncycastle.x509.X509CertStoreSelector;
import org.bouncycastle.x509.X509CertificatePair;
import org.bouncycastle.x509.X509StoreParameters;
import org.bouncycastle.x509.X509StoreSpi;
import org.bouncycastle.x509.util.LDAPStoreHelper;

import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;

/**
 * A SPI implementation of Bouncy Castle X509Store for getting
 * certificates form a LDAP directory.
 *
 * @see org.bouncycastle.x509.X509Store
 */
public class X509StoreLDAPCerts
    extends X509StoreSpi
{

    private LDAPStoreHelper helper;

    public X509StoreLDAPCerts()
    {
    }

    /**
     * Initializes this LDAP cert store implementation.
     *
     * @param params X509LDAPCertStoreParameters.
     * @throws IllegalArgumentException if params is not an instance of
     *                                  X509LDAPCertStoreParameters.
     */
    public void engineInit(X509StoreParameters params)
    {
        if (!(params instanceof X509LDAPCertStoreParameters))
        {
            throw new IllegalArgumentException(
                "Initialization parameters must be an instance of "
                    + X509LDAPCertStoreParameters.class.getName() + ".");
        }
        helper = new LDAPStoreHelper((X509LDAPCertStoreParameters)params);
    }

    /**
     * Returns a collection of matching certificates from the LDAP location.
     * 

* The selector must be a of type X509CertStoreSelector. If * it is not an empty collection is returned. *

* The implementation searches only for CA certificates, if the method * {@link java.security.cert.X509CertSelector#getBasicConstraints()} is * greater or equal to 0. If it is -2 only end certificates are searched. *

* The subject and the serial number for end certificates should be * reasonable criterias for a selector. * * @param selector The selector to use for finding. * @return A collection with the matches. * @throws StoreException if an exception occurs while searching. */ public Collection engineGetMatches(Selector selector) throws StoreException { if (!(selector instanceof X509CertStoreSelector)) { return Collections.EMPTY_SET; } X509CertStoreSelector xselector = (X509CertStoreSelector)selector; Set set = new HashSet(); // test if only CA certificates should be selected if (xselector.getBasicConstraints() > 0) { set.addAll(helper.getCACertificates(xselector)); set.addAll(getCertificatesFromCrossCertificatePairs(xselector)); } // only end certificates should be selected else if (xselector.getBasicConstraints() == -2) { set.addAll(helper.getUserCertificates(xselector)); } // nothing specified else { set.addAll(helper.getUserCertificates(xselector)); set.addAll(helper.getCACertificates(xselector)); set.addAll(getCertificatesFromCrossCertificatePairs(xselector)); } return set; } private Collection getCertificatesFromCrossCertificatePairs( X509CertStoreSelector xselector) throws StoreException { Set set = new HashSet(); X509CertPairStoreSelector ps = new X509CertPairStoreSelector(); ps.setForwardSelector(xselector); ps.setReverseSelector(new X509CertStoreSelector()); Set crossCerts = new HashSet(helper.getCrossCertificatePairs(ps)); Set forward = new HashSet(); Set reverse = new HashSet(); Iterator it = crossCerts.iterator(); while (it.hasNext()) { X509CertificatePair pair = (X509CertificatePair)it.next(); if (pair.getForward() != null) { forward.add(pair.getForward()); } if (pair.getReverse() != null) { reverse.add(pair.getReverse()); } } set.addAll(forward); set.addAll(reverse); return set; } }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy