public class LDAPStoreHelper
extends java.lang.Object
X509LDAPCertStoreParameters
with the given
information of the subject (for all kind of certificates) or issuer (for
CRLs), respectively, if a X509CertStoreSelector
or
X509AttributeCertificate
is given with that
details.
For the used schemes see:
Modifier and Type | Field and Description |
---|---|
private java.util.Map |
cacheMap |
private static int |
cacheSize |
private static java.lang.String |
LDAP_PROVIDER
Initial Context Factory.
|
private static long |
lifeTime |
private X509LDAPCertStoreParameters |
params |
private static java.lang.String |
REFERRALS_IGNORE
Processing referrals..
|
private static java.lang.String |
SEARCH_SECURITY_LEVEL
Security level to be used for LDAP connections.
|
private static java.lang.String |
URL_CONTEXT_PREFIX
Package Prefix for loading URL context factories.
|
Constructor and Description |
---|
LDAPStoreHelper(X509LDAPCertStoreParameters params) |
Modifier and Type | Method and Description |
---|---|
private void |
addToCache(java.lang.String searchCriteria,
java.util.List list) |
private java.util.List |
attrCertSubjectSerialSearch(X509AttributeCertStoreSelector xselector,
java.lang.String[] attrs,
java.lang.String[] attrNames,
java.lang.String[] subjectAttributeNames)
Can use the entityName of the holder of the attribute certificate, the
serialNumber of attribute certificate and the serialNumber of the
associated certificate of the given of the X509AttributeCertSelector.
|
private java.util.List |
certSubjectSerialSearch(X509CertStoreSelector xselector,
java.lang.String[] attrs,
java.lang.String[] attrNames,
java.lang.String[] subjectAttributeNames)
Can use the subject and serial and the subject and serialNumber of the
certificate of the given of the X509CertStoreSelector.
|
private javax.naming.directory.DirContext |
connectLDAP() |
private java.util.Set |
createAttributeCertificates(java.util.List list,
X509AttributeCertStoreSelector xselector) |
private java.util.Set |
createCerts(java.util.List list,
X509CertStoreSelector xselector) |
private java.util.Set |
createCRLs(java.util.List list,
X509CRLStoreSelector xselector) |
private java.util.Set |
createCrossCertificatePairs(java.util.List list,
X509CertPairStoreSelector xselector) |
private java.util.List |
cRLIssuerSearch(X509CRLStoreSelector xselector,
java.lang.String[] attrs,
java.lang.String[] attrNames,
java.lang.String[] issuerAttributeNames)
Can use the issuer of the given of the X509CRLStoreSelector.
|
private java.util.List |
crossCertificatePairSubjectSearch(X509CertPairStoreSelector xselector,
java.lang.String[] attrs,
java.lang.String[] attrNames,
java.lang.String[] subjectAttributeNames)
Can use the subject of the forward certificate of the set certificate
pair or the subject of the forward
X509CertStoreSelector of the given
selector. |
java.util.Collection |
getAACertificates(X509AttributeCertStoreSelector selector)
Returns attribute certificates for an attribute authority
The aAcertificate holds the privileges of an attribute authority.
|
java.util.Collection |
getAttributeAuthorityRevocationLists(X509CRLStoreSelector selector)
Returns the revocation list for revoked attribute certificates for an
attribute authority
The attributeAuthorityList holds a list of AA certificates that have been
revoked.
|
java.util.Collection |
getAttributeCertificateAttributes(X509AttributeCertStoreSelector selector)
Returns an attribute certificate for an user.
|
java.util.Collection |
getAttributeCertificateRevocationLists(X509CRLStoreSelector selector)
Returns the revocation list for revoked attribute certificates.
|
java.util.Collection |
getAttributeDescriptorCertificates(X509AttributeCertStoreSelector selector)
Returns an attribute certificate for an authority
The attributeDescriptorCertificate is self signed by a source of
authority and holds a description of the privilege and its delegation
rules.
|
java.util.Collection |
getAuthorityRevocationLists(X509CRLStoreSelector selector)
Returns the CRLs for issued certificates for other CAs matching the given
selector.
|
java.util.Collection |
getCACertificates(X509CertStoreSelector selector)
Returns CA certificates.
|
private javax.security.auth.x500.X500Principal |
getCertificateIssuer(java.security.cert.X509Certificate cert) |
java.util.Collection |
getCertificateRevocationLists(X509CRLStoreSelector selector)
Returns the certificate revocation lists for revoked certificates.
|
java.util.Collection |
getCrossCertificatePairs(X509CertPairStoreSelector selector)
Returns cross certificate pairs.
|
java.util.Collection |
getDeltaCertificateRevocationLists(X509CRLStoreSelector selector)
Returns the delta revocation list for revoked certificates.
|
private java.util.List |
getFromCache(java.lang.String searchCriteria) |
private java.lang.String |
getSubjectAsString(X509CertStoreSelector xselector) |
java.util.Collection |
getUserCertificates(X509CertStoreSelector selector)
Returns end certificates.
|
private java.lang.String |
parseDN(java.lang.String subject,
java.lang.String dNAttributeName) |
private java.util.List |
search(java.lang.String[] attributeNames,
java.lang.String attributeValue,
java.lang.String[] attrs)
Returns a
List of encodings of the certificates, attribute
certificates, CRL or certificate pairs. |
private java.lang.String[] |
splitString(java.lang.String str) |
private X509LDAPCertStoreParameters params
private static java.lang.String LDAP_PROVIDER
private static java.lang.String REFERRALS_IGNORE
private static final java.lang.String SEARCH_SECURITY_LEVEL
private static final java.lang.String URL_CONTEXT_PREFIX
private java.util.Map cacheMap
private static int cacheSize
private static long lifeTime
public LDAPStoreHelper(X509LDAPCertStoreParameters params)
private javax.naming.directory.DirContext connectLDAP() throws javax.naming.NamingException
javax.naming.NamingException
private java.lang.String parseDN(java.lang.String subject, java.lang.String dNAttributeName)
private java.util.Set createCerts(java.util.List list, X509CertStoreSelector xselector) throws StoreException
StoreException
private java.util.List certSubjectSerialSearch(X509CertStoreSelector xselector, java.lang.String[] attrs, java.lang.String[] attrNames, java.lang.String[] subjectAttributeNames) throws StoreException
xselector
- The selector with the search criteria.attrs
- Attributes which contain the certificates in the LDAP
directory.attrNames
- Attribute names in teh LDAP directory which correspond to the
subjectAttributeNames.subjectAttributeNames
- Subject attribute names (like "CN", "O", "OU") to use to
search in the LDAP directoryStoreException
- if an error occurs while searching.private java.util.List crossCertificatePairSubjectSearch(X509CertPairStoreSelector xselector, java.lang.String[] attrs, java.lang.String[] attrNames, java.lang.String[] subjectAttributeNames) throws StoreException
X509CertStoreSelector
of the given
selector.xselector
- The selector with the search criteria.attrs
- Attributes which contain the attribute certificates in the
LDAP directory.attrNames
- Attribute names in the LDAP directory which correspond to the
subjectAttributeNames.subjectAttributeNames
- Subject attribute names (like "CN", "O", "OU") to use to
search in the LDAP directoryStoreException
- if an error occurs while searching.private java.util.List attrCertSubjectSerialSearch(X509AttributeCertStoreSelector xselector, java.lang.String[] attrs, java.lang.String[] attrNames, java.lang.String[] subjectAttributeNames) throws StoreException
xselector
- The selector with the search criteria.attrs
- Attributes which contain the attribute certificates in the
LDAP directory.attrNames
- Attribute names in the LDAP directory which correspond to the
subjectAttributeNames.subjectAttributeNames
- Subject attribute names (like "CN", "O", "OU") to use to
search in the LDAP directoryStoreException
- if an error occurs while searching.private java.util.List cRLIssuerSearch(X509CRLStoreSelector xselector, java.lang.String[] attrs, java.lang.String[] attrNames, java.lang.String[] issuerAttributeNames) throws StoreException
xselector
- The selector with the search criteria.attrs
- Attributes which contain the attribute certificates in the
LDAP directory.attrNames
- Attribute names in the LDAP directory which correspond to the
subjectAttributeNames.issuerAttributeNames
- Issuer attribute names (like "CN", "O", "OU") to use to search
in the LDAP directoryStoreException
- if an error occurs while searching.private java.util.List search(java.lang.String[] attributeNames, java.lang.String attributeValue, java.lang.String[] attrs) throws StoreException
List
of encodings of the certificates, attribute
certificates, CRL or certificate pairs.attributeNames
- The attribute names to look for in the LDAP.attributeValue
- The value the attribute name must have.attrs
- The attributes in the LDAP which hold the certificate,
attribute certificate, certificate pair or CRL in a found
entry.List
of byte arrays with the encodings.StoreException
- if an error occurs getting the results from the LDAP
directory.private java.util.Set createCRLs(java.util.List list, X509CRLStoreSelector xselector) throws StoreException
StoreException
private java.util.Set createCrossCertificatePairs(java.util.List list, X509CertPairStoreSelector xselector) throws StoreException
StoreException
private java.util.Set createAttributeCertificates(java.util.List list, X509AttributeCertStoreSelector xselector) throws StoreException
StoreException
public java.util.Collection getAuthorityRevocationLists(X509CRLStoreSelector selector) throws StoreException
selector
- The CRL selector to use to find the CRLs.StoreException
public java.util.Collection getAttributeCertificateRevocationLists(X509CRLStoreSelector selector) throws StoreException
selector
- The CRL selector to use to find the CRLs.StoreException
public java.util.Collection getAttributeAuthorityRevocationLists(X509CRLStoreSelector selector) throws StoreException
selector
- The CRL selector to use to find the CRLs.StoreException
public java.util.Collection getCrossCertificatePairs(X509CertPairStoreSelector selector) throws StoreException
selector
- The selector to use to find the cross certificates.X509CertificatePair
sStoreException
public java.util.Collection getUserCertificates(X509CertStoreSelector selector) throws StoreException
selector
- The selector to find the certificates.StoreException
public java.util.Collection getAACertificates(X509AttributeCertStoreSelector selector) throws StoreException
selector
- The selector to find the attribute certificates.StoreException
public java.util.Collection getAttributeDescriptorCertificates(X509AttributeCertStoreSelector selector) throws StoreException
selector
- The selector to find the attribute certificates.StoreException
public java.util.Collection getCACertificates(X509CertStoreSelector selector) throws StoreException
selector
- The selector to find the certificates.StoreException
public java.util.Collection getDeltaCertificateRevocationLists(X509CRLStoreSelector selector) throws StoreException
selector
- The CRL selector to use to find the CRLs.StoreException
public java.util.Collection getAttributeCertificateAttributes(X509AttributeCertStoreSelector selector) throws StoreException
selector
- The selector to find the attribute certificates.StoreException
public java.util.Collection getCertificateRevocationLists(X509CRLStoreSelector selector) throws StoreException
selector
- The CRL selector to use to find the CRLs.StoreException
private void addToCache(java.lang.String searchCriteria, java.util.List list)
private java.util.List getFromCache(java.lang.String searchCriteria)
private java.lang.String[] splitString(java.lang.String str)
private java.lang.String getSubjectAsString(X509CertStoreSelector xselector)
private javax.security.auth.x500.X500Principal getCertificateIssuer(java.security.cert.X509Certificate cert)
Copyright © 1998-2014 Gamma Technologies. All Rights Reserved.