org.bouncycastle.jce.provider
Class X509LDAPCertStoreSpi

java.lang.Object
  java.security.cert.CertStoreSpi
      org.bouncycastle.jce.provider.X509LDAPCertStoreSpi

public class X509LDAPCertStoreSpi
extends java.security.cert.CertStoreSpi

This is a general purpose implementation to get X.509 certificates and CRLs from a LDAP location.

At first a search is performed in the ldap*AttributeNames of the X509LDAPCertStoreParameters with the given information of the subject (for all kind of certificates) or issuer (for CRLs), respectively, if a X509CertSelector is given with that details. For CRLs, CA certificates and cross certificates a coarse search is made only for entries with that content to get more possibly matchign results.

Field Summary

private static java.lang.String	LDAP_PROVIDER Initial Context Factory.
private X509LDAPCertStoreParameters	params
private static java.lang.String	REFERRALS_IGNORE Processing referrals..
private static java.lang.String	SEARCH_SECURITY_LEVEL Security level to be used for LDAP connections.
private static java.lang.String	URL_CONTEXT_PREFIX Package Prefix for loading URL context factories.

Constructor Summary

X509LDAPCertStoreSpi(java.security.cert.CertStoreParameters params)

Method Summary

private java.util.Set	certSubjectSerialSearch(java.security.cert.X509CertSelector xselector, java.lang.String[] attrs, java.lang.String attrName, java.lang.String subjectAttributeName)
private javax.naming.directory.DirContext	connectLDAP()
java.util.Collection	engineGetCertificates(java.security.cert.CertSelector selector)
java.util.Collection	engineGetCRLs(java.security.cert.CRLSelector selector)
private java.util.Set	getCACertificates(java.security.cert.X509CertSelector xselector)
private java.util.Set	getCrossCertificates(java.security.cert.X509CertSelector xselector)
private java.util.Set	getEndCertificates(java.security.cert.X509CertSelector xselector)
private java.lang.String	parseDN(java.lang.String subject, java.lang.String subjectAttributeName)
private java.util.Set	search(java.lang.String attributeName, java.lang.String attributeValue, java.lang.String[] attrs) Returns a Set of byte arrays with the certificate or CRL encodings.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

params

private X509LDAPCertStoreParameters params

LDAP_PROVIDER

private static java.lang.String LDAP_PROVIDER

Initial Context Factory.

REFERRALS_IGNORE

private static java.lang.String REFERRALS_IGNORE

Processing referrals..

SEARCH_SECURITY_LEVEL

private static final java.lang.String SEARCH_SECURITY_LEVEL

Security level to be used for LDAP connections.

See Also:

Constant Field Values

URL_CONTEXT_PREFIX

private static final java.lang.String URL_CONTEXT_PREFIX

Package Prefix for loading URL context factories.

See Also:

Constant Field Values

Constructor Detail

X509LDAPCertStoreSpi

public X509LDAPCertStoreSpi(java.security.cert.CertStoreParameters params)
                     throws java.security.InvalidAlgorithmParameterException

Throws:

java.security.InvalidAlgorithmParameterException

Method Detail

connectLDAP

private javax.naming.directory.DirContext connectLDAP()
                                               throws javax.naming.NamingException

Throws:

javax.naming.NamingException

parseDN

private java.lang.String parseDN(java.lang.String subject,
                                 java.lang.String subjectAttributeName)

engineGetCertificates

public java.util.Collection engineGetCertificates(java.security.cert.CertSelector selector)
                                           throws java.security.cert.CertStoreException

Specified by:

engineGetCertificates in class java.security.cert.CertStoreSpi

Throws:

java.security.cert.CertStoreException

certSubjectSerialSearch

private java.util.Set certSubjectSerialSearch(java.security.cert.X509CertSelector xselector,
                                              java.lang.String[] attrs,
                                              java.lang.String attrName,
                                              java.lang.String subjectAttributeName)
                                       throws java.security.cert.CertStoreException

Throws:

java.security.cert.CertStoreException

getEndCertificates

private java.util.Set getEndCertificates(java.security.cert.X509CertSelector xselector)
                                  throws java.security.cert.CertStoreException

Throws:

java.security.cert.CertStoreException

getCACertificates

private java.util.Set getCACertificates(java.security.cert.X509CertSelector xselector)
                                 throws java.security.cert.CertStoreException

Throws:

java.security.cert.CertStoreException

getCrossCertificates

private java.util.Set getCrossCertificates(java.security.cert.X509CertSelector xselector)
                                    throws java.security.cert.CertStoreException

Throws:

java.security.cert.CertStoreException

engineGetCRLs

public java.util.Collection engineGetCRLs(java.security.cert.CRLSelector selector)
                                   throws java.security.cert.CertStoreException

Specified by:

engineGetCRLs in class java.security.cert.CertStoreSpi

Throws:

java.security.cert.CertStoreException

search

private java.util.Set search(java.lang.String attributeName,
                             java.lang.String attributeValue,
                             java.lang.String[] attrs)
                      throws java.security.cert.CertStoreException

Returns a Set of byte arrays with the certificate or CRL encodings.

Parameters:

attributeName - The attribute name to look for in the LDAP.

attributeValue - The value the attribute name must have.

attrs - The attributes in the LDAP which hold the certificate, certificate pair or CRL in a found entry.

Returns:

Set of byte arrays with the certificate encodings.

Throws:

java.security.cert.CertStoreException