diff options
Diffstat (limited to 'libraries/spongycastle/prov/src/main/java/org/spongycastle/jce/provider/X509StoreLDAPCerts.java')
-rw-r--r-- | libraries/spongycastle/prov/src/main/java/org/spongycastle/jce/provider/X509StoreLDAPCerts.java | 128 |
1 files changed, 128 insertions, 0 deletions
diff --git a/libraries/spongycastle/prov/src/main/java/org/spongycastle/jce/provider/X509StoreLDAPCerts.java b/libraries/spongycastle/prov/src/main/java/org/spongycastle/jce/provider/X509StoreLDAPCerts.java new file mode 100644 index 000000000..ac6ea191f --- /dev/null +++ b/libraries/spongycastle/prov/src/main/java/org/spongycastle/jce/provider/X509StoreLDAPCerts.java @@ -0,0 +1,128 @@ +package org.spongycastle.jce.provider; + +import java.util.Collection; +import java.util.Collections; +import java.util.HashSet; +import java.util.Iterator; +import java.util.Set; + +import org.spongycastle.jce.X509LDAPCertStoreParameters; +import org.spongycastle.util.Selector; +import org.spongycastle.util.StoreException; +import org.spongycastle.x509.X509CertPairStoreSelector; +import org.spongycastle.x509.X509CertStoreSelector; +import org.spongycastle.x509.X509CertificatePair; +import org.spongycastle.x509.X509StoreParameters; +import org.spongycastle.x509.X509StoreSpi; +import org.spongycastle.x509.util.LDAPStoreHelper; + +/** + * A SPI implementation of Bouncy Castle <code>X509Store</code> for getting + * certificates form a LDAP directory. + * + * @see org.spongycastle.x509.X509Store + */ +public class X509StoreLDAPCerts + extends X509StoreSpi +{ + + private LDAPStoreHelper helper; + + public X509StoreLDAPCerts() + { + } + + /** + * Initializes this LDAP cert store implementation. + * + * @param params <code>X509LDAPCertStoreParameters</code>. + * @throws IllegalArgumentException if <code>params</code> is not an instance of + * <code>X509LDAPCertStoreParameters</code>. + */ + public void engineInit(X509StoreParameters params) + { + if (!(params instanceof X509LDAPCertStoreParameters)) + { + throw new IllegalArgumentException( + "Initialization parameters must be an instance of " + + X509LDAPCertStoreParameters.class.getName() + "."); + } + helper = new LDAPStoreHelper((X509LDAPCertStoreParameters)params); + } + + /** + * Returns a collection of matching certificates from the LDAP location. + * <p/> + * The selector must be a of type <code>X509CertStoreSelector</code>. If + * it is not an empty collection is returned. + * <p/> + * The implementation searches only for CA certificates, if the method + * {@link java.security.cert.X509CertSelector#getBasicConstraints()} is + * greater or equal to 0. If it is -2 only end certificates are searched. + * <p/> + * The subject and the serial number for end certificates should be + * reasonable criterias for a selector. + * + * @param selector The selector to use for finding. + * @return A collection with the matches. + * @throws StoreException if an exception occurs while searching. + */ + public Collection engineGetMatches(Selector selector) throws StoreException + { + if (!(selector instanceof X509CertStoreSelector)) + { + return Collections.EMPTY_SET; + } + X509CertStoreSelector xselector = (X509CertStoreSelector)selector; + Set set = new HashSet(); + // test if only CA certificates should be selected + if (xselector.getBasicConstraints() > 0) + { + set.addAll(helper.getCACertificates(xselector)); + set.addAll(getCertificatesFromCrossCertificatePairs(xselector)); + } + // only end certificates should be selected + else if (xselector.getBasicConstraints() == -2) + { + set.addAll(helper.getUserCertificates(xselector)); + } + // nothing specified + else + { + set.addAll(helper.getUserCertificates(xselector)); + set.addAll(helper.getCACertificates(xselector)); + set.addAll(getCertificatesFromCrossCertificatePairs(xselector)); + } + return set; + } + + private Collection getCertificatesFromCrossCertificatePairs( + X509CertStoreSelector xselector) throws StoreException + { + Set set = new HashSet(); + X509CertPairStoreSelector ps = new X509CertPairStoreSelector(); + + ps.setForwardSelector(xselector); + ps.setReverseSelector(new X509CertStoreSelector()); + + Set crossCerts = new HashSet(helper.getCrossCertificatePairs(ps)); + Set forward = new HashSet(); + Set reverse = new HashSet(); + Iterator it = crossCerts.iterator(); + while (it.hasNext()) + { + X509CertificatePair pair = (X509CertificatePair)it.next(); + if (pair.getForward() != null) + { + forward.add(pair.getForward()); + } + if (pair.getReverse() != null) + { + reverse.add(pair.getReverse()); + } + } + set.addAll(forward); + set.addAll(reverse); + return set; + } +} |