aboutsummaryrefslogtreecommitdiffstats
path: root/libraries/spongycastle/prov/src/main/java/org/spongycastle/jce/provider/X509StoreLDAPCerts.java
diff options
context:
space:
mode:
Diffstat (limited to 'libraries/spongycastle/prov/src/main/java/org/spongycastle/jce/provider/X509StoreLDAPCerts.java')
-rw-r--r--libraries/spongycastle/prov/src/main/java/org/spongycastle/jce/provider/X509StoreLDAPCerts.java128
1 files changed, 128 insertions, 0 deletions
diff --git a/libraries/spongycastle/prov/src/main/java/org/spongycastle/jce/provider/X509StoreLDAPCerts.java b/libraries/spongycastle/prov/src/main/java/org/spongycastle/jce/provider/X509StoreLDAPCerts.java
new file mode 100644
index 000000000..ac6ea191f
--- /dev/null
+++ b/libraries/spongycastle/prov/src/main/java/org/spongycastle/jce/provider/X509StoreLDAPCerts.java
@@ -0,0 +1,128 @@
+package org.spongycastle.jce.provider;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import org.spongycastle.jce.X509LDAPCertStoreParameters;
+import org.spongycastle.util.Selector;
+import org.spongycastle.util.StoreException;
+import org.spongycastle.x509.X509CertPairStoreSelector;
+import org.spongycastle.x509.X509CertStoreSelector;
+import org.spongycastle.x509.X509CertificatePair;
+import org.spongycastle.x509.X509StoreParameters;
+import org.spongycastle.x509.X509StoreSpi;
+import org.spongycastle.x509.util.LDAPStoreHelper;
+
+/**
+ * A SPI implementation of Bouncy Castle <code>X509Store</code> for getting
+ * certificates form a LDAP directory.
+ *
+ * @see org.spongycastle.x509.X509Store
+ */
+public class X509StoreLDAPCerts
+ extends X509StoreSpi
+{
+
+ private LDAPStoreHelper helper;
+
+ public X509StoreLDAPCerts()
+ {
+ }
+
+ /**
+ * Initializes this LDAP cert store implementation.
+ *
+ * @param params <code>X509LDAPCertStoreParameters</code>.
+ * @throws IllegalArgumentException if <code>params</code> is not an instance of
+ * <code>X509LDAPCertStoreParameters</code>.
+ */
+ public void engineInit(X509StoreParameters params)
+ {
+ if (!(params instanceof X509LDAPCertStoreParameters))
+ {
+ throw new IllegalArgumentException(
+ "Initialization parameters must be an instance of "
+ + X509LDAPCertStoreParameters.class.getName() + ".");
+ }
+ helper = new LDAPStoreHelper((X509LDAPCertStoreParameters)params);
+ }
+
+ /**
+ * Returns a collection of matching certificates from the LDAP location.
+ * <p/>
+ * The selector must be a of type <code>X509CertStoreSelector</code>. If
+ * it is not an empty collection is returned.
+ * <p/>
+ * The implementation searches only for CA certificates, if the method
+ * {@link java.security.cert.X509CertSelector#getBasicConstraints()} is
+ * greater or equal to 0. If it is -2 only end certificates are searched.
+ * <p/>
+ * The subject and the serial number for end certificates should be
+ * reasonable criterias for a selector.
+ *
+ * @param selector The selector to use for finding.
+ * @return A collection with the matches.
+ * @throws StoreException if an exception occurs while searching.
+ */
+ public Collection engineGetMatches(Selector selector) throws StoreException
+ {
+ if (!(selector instanceof X509CertStoreSelector))
+ {
+ return Collections.EMPTY_SET;
+ }
+ X509CertStoreSelector xselector = (X509CertStoreSelector)selector;
+ Set set = new HashSet();
+ // test if only CA certificates should be selected
+ if (xselector.getBasicConstraints() > 0)
+ {
+ set.addAll(helper.getCACertificates(xselector));
+ set.addAll(getCertificatesFromCrossCertificatePairs(xselector));
+ }
+ // only end certificates should be selected
+ else if (xselector.getBasicConstraints() == -2)
+ {
+ set.addAll(helper.getUserCertificates(xselector));
+ }
+ // nothing specified
+ else
+ {
+ set.addAll(helper.getUserCertificates(xselector));
+ set.addAll(helper.getCACertificates(xselector));
+ set.addAll(getCertificatesFromCrossCertificatePairs(xselector));
+ }
+ return set;
+ }
+
+ private Collection getCertificatesFromCrossCertificatePairs(
+ X509CertStoreSelector xselector) throws StoreException
+ {
+ Set set = new HashSet();
+ X509CertPairStoreSelector ps = new X509CertPairStoreSelector();
+
+ ps.setForwardSelector(xselector);
+ ps.setReverseSelector(new X509CertStoreSelector());
+
+ Set crossCerts = new HashSet(helper.getCrossCertificatePairs(ps));
+ Set forward = new HashSet();
+ Set reverse = new HashSet();
+ Iterator it = crossCerts.iterator();
+ while (it.hasNext())
+ {
+ X509CertificatePair pair = (X509CertificatePair)it.next();
+ if (pair.getForward() != null)
+ {
+ forward.add(pair.getForward());
+ }
+ if (pair.getReverse() != null)
+ {
+ reverse.add(pair.getReverse());
+ }
+ }
+ set.addAll(forward);
+ set.addAll(reverse);
+ return set;
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-13 18:05:11 +0000