Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
   package org.bouncycastle.x509.util;
   
   import java.io.IOException;
   import java.sql.Date;
  import java.util.HashMap;
  import java.util.HashSet;
  import java.util.List;
  import java.util.Map;
  import java.util.Set;
  
  
This is a general purpose implementation to get X.509 certificates, CRLs, attribute certificates and cross certificates from a LDAP location.

At first a search is performed in the ldap*AttributeNames of the org.bouncycastle.jce.X509LDAPCertStoreParameters with the given information of the subject (for all kind of certificates) or issuer (for CRLs), respectively, if a org.bouncycastle.x509.X509CertStoreSelector or org.bouncycastle.x509.X509AttributeCertificate is given with that details.

For the used schemes see:

  • RFC 2587
  • Internet X.509 Public Key Infrastructure Additional LDAP Schema for PKIs and PMIs
  
  public class LDAPStoreHelper
  {
  
      // TODO: cache results
  
      private X509LDAPCertStoreParameters params;
  
      public LDAPStoreHelper(X509LDAPCertStoreParameters params)
      {
          this. = params;
      }

    
Initial Context Factory.
  
      private static String LDAP_PROVIDER = "com.sun.jndi.ldap.LdapCtxFactory";

    
Processing referrals..
  
      private static String REFERRALS_IGNORE = "ignore";

    
Security level to be used for LDAP connections.
  
      private static final String SEARCH_SECURITY_LEVEL = "none";

    
Package Prefix for loading URL context factories.
  
      private static final String URL_CONTEXT_PREFIX = "com.sun.jndi.url";
  
      private DirContext connectLDAP() throws NamingException
      {
         Properties props = new Properties();
         props.setProperty(."0");
 
         props.setProperty(..getLdapURL());
         props.setProperty(.);
             );
 
         DirContext ctx = new InitialDirContext(props);
         return ctx;
     }
 
     private String parseDN(String subjectString dNAttributeName)
     {
         String temp = subject;
         int begin = temp.toLowerCase().indexOf(
             dNAttributeName.toLowerCase() + "=");
         if (begin == -1)
         {
             return "";
         }
         temp = temp.substring(begin + dNAttributeName.length());
         int end = temp.indexOf(',');
         if (end == -1)
         {
             end = temp.length();
         }
         while (temp.charAt(end - 1) == '\\')
         {
             end = temp.indexOf(','end + 1);
             if (end == -1)
             {
                 end = temp.length();
             }
         }
         temp = temp.substring(0, end);
         begin = temp.indexOf('=');
         temp = temp.substring(begin + 1);
         if (temp.charAt(0) == ' ')
         {
             temp = temp.substring(1);
         }
         if (temp.startsWith("\""))
         {
             temp = temp.substring(1);
         }
         if (temp.endsWith("\""))
         {
             temp = temp.substring(0, temp.length() - 1);
         }
         return temp;
     }
 
     private Set createCerts(List listX509CertStoreSelector xselector)
         throws StoreException
     {
         Set certSet = new HashSet();
 
         Iterator it = list.iterator();
         X509CertParser parser = new X509CertParser();
         while (it.hasNext())
         {
             try
             {
                 parser.engineInit(new ByteArrayInputStream((byte[])it
                     .next()));
                 X509Certificate cert = (X509Certificate)parser
                     .engineRead();
                 if (xselector.match((Object)cert))
                 {
                     certSet.add(cert);
                 }
 
             }
             catch (Exception e)
             {
 
             }
         }
 
         return certSet;
     }

    
Can use the subject and serial and the subject and serialNumber of the certificate of the given of the X509CertStoreSelector. If a certificate for checking is given this has higher precedence.

Parameters:
xselector The selector with the search criteria.
attrs Attributes which contain the certificates in the LDAP directory.
attrNames Attribute names in teh LDAP directory which correspond to the subjectAttributeNames.
subjectAttributeNames Subject attribute names (like "CN", "O", "OU") to use to search in the LDAP directory
Returns:
A list of found DER encoded certificates.
Throws:
org.bouncycastle.util.StoreException if an error occurs while searching.
 
     private List certSubjectSerialSearch(X509CertStoreSelector xselector,
                                          String[] attrsString attrNames[], String subjectAttributeNames[])
         throws StoreException
     {
         // TODO: support also subjectAltNames?
         List list = new ArrayList();
 
         String subject = null;
         String serial = null;
 
         subject = getSubjectAsString(xselector);
 
         if (xselector.getSerialNumber() != null)
         {
             serial = xselector.getSerialNumber().toString();
         }
         if (xselector.getCertificate() != null)
         {
             subject = xselector.getCertificate().getSubjectX500Principal().getName("RFC1779");
             serial = xselector.getCertificate().getSerialNumber().toString();
         }
 
         String attrValue = null;
         if (subject != null)
         {
             for (int i = 0; i < subjectAttributeNames.lengthi++)
             {
                 attrValue = parseDN(subjectsubjectAttributeNames[i]);
                 list
                     .addAll(search(attrNames"*" + attrValue + "*",
                         attrs));
             }
         }
         if (serial != null && .getSearchForSerialNumberIn() != null)
         {
             attrValue = serial;
             list.addAll(search(
                 splitString(.getSearchForSerialNumberIn()),
                                                   attrValueattrs));
         }
         if (serial == null && subject == null)
         {
             list.addAll(search(attrNames"*"attrs));
         }
 
         return list;
     }



    
Can use the subject of the forward certificate of the set certificate pair or the subject of the forward org.bouncycastle.x509.X509CertStoreSelector of the given selector.

Parameters:
xselector The selector with the search criteria.
attrs Attributes which contain the attribute certificates in the LDAP directory.
attrNames Attribute names in the LDAP directory which correspond to the subjectAttributeNames.
subjectAttributeNames Subject attribute names (like "CN", "O", "OU") to use to search in the LDAP directory
Returns:
A list of found DER encoded certificate pairs.
Throws:
org.bouncycastle.util.StoreException if an error occurs while searching.
 
         X509CertPairStoreSelector xselectorString[] attrs,
         String attrNames[], String subjectAttributeNames[])
         throws StoreException
     {
         List list = new ArrayList();
 
         // search for subject
         String subject = null;
 
         if (xselector.getForwardSelector() != null)
         {
             subject = getSubjectAsString(xselector.getForwardSelector());
         }
         if (xselector.getCertPair() != null)
         {
             if (xselector.getCertPair().getForward() != null)
             {
                 subject = xselector.getCertPair().getForward()
                     .getSubjectX500Principal().getName("RFC1779");
             }
         }
         String attrValue = null;
         if (subject != null)
         {
             for (int i = 0; i < subjectAttributeNames.lengthi++)
             {
                 attrValue = parseDN(subjectsubjectAttributeNames[i]);
                 list
                     .addAll(search(attrNames"*" + attrValue + "*",
                         attrs));
             }
         }
         if (subject == null)
         {
             list.addAll(search(attrNames"*"attrs));
         }
 
         return list;
     }

    
Can use the entityName of the holder of the attribute certificate, the serialNumber of attribute certificate and the serialNumber of the associated certificate of the given of the X509AttributeCertSelector.

Parameters:
xselector The selector with the search criteria.
attrs Attributes which contain the attribute certificates in the LDAP directory.
attrNames Attribute names in the LDAP directory which correspond to the subjectAttributeNames.
subjectAttributeNames Subject attribute names (like "CN", "O", "OU") to use to search in the LDAP directory
Returns:
A list of found DER encoded attribute certificates.
Throws:
org.bouncycastle.util.StoreException if an error occurs while searching.
 
         X509AttributeCertStoreSelector xselectorString[] attrs,
         String attrNames[], String subjectAttributeNames[])
         throws StoreException
     {
         List list = new ArrayList();
 
         // search for serialNumber of associated cert,
         // serialNumber of the attribute certificate or DN in the entityName
         // of the holder
 
         String subject = null;
         String serial = null;
 
         Collection serials = new HashSet();
         Principal principals[] = null;
         if (xselector.getHolder() != null)
         {
             // serialNumber of associated cert
             if (xselector.getHolder().getSerialNumber() != null)
             {
                 serials.add(xselector.getHolder().getSerialNumber()
                     .toString());
             }
             // DN in the entityName of the holder
             if (xselector.getHolder().getEntityNames() != null)
             {
                 principals = xselector.getHolder().getEntityNames();
             }
         }
 
         if (xselector.getAttributeCert() != null)
         {
             if (xselector.getAttributeCert().getHolder().getEntityNames() != null)
             {
                 principals = xselector.getAttributeCert().getHolder()
                     .getEntityNames();
             }
             // serialNumber of the attribute certificate
             serials.add(xselector.getAttributeCert().getSerialNumber()
                 .toString());
         }
         if (principals != null)
         {
             // only first should be relevant
             if (principals[0] instanceof X500Principal)
             {
                 subject = ((X500Principal)principals[0])
                     .getName("RFC1779");
             }
             else
             {
                 // strange ...
                 subject = principals[0].getName();
             }
         }
         if (xselector.getSerialNumber() != null)
         {
             serials.add(xselector.getSerialNumber().toString());
         }
 
         String attrValue = null;
         if (subject != null)
         {
             for (int i = 0; i < subjectAttributeNames.lengthi++)
             {
                 attrValue = parseDN(subjectsubjectAttributeNames[i]);
                 list
                     .addAll(search(attrNames"*" + attrValue + "*",
                         attrs));
             }
         }
         if (serials.size() > 0
             && .getSearchForSerialNumberIn() != null)
         {
             Iterator it = serials.iterator();
             while (it.hasNext())
             {
                 serial = (String)it.next();
                 list.addAll(search(splitString(.getSearchForSerialNumberIn()), serialattrs));
             }
         }
         if (serials.size() == 0 && subject == null)
         {
             list.addAll(search(attrNames"*"attrs));
         }
 
         return list;
     }

    
Can use the issuer of the given of the X509CRLStoreSelector.

Parameters:
xselector The selector with the search criteria.
attrs Attributes which contain the attribute certificates in the LDAP directory.
attrNames Attribute names in the LDAP directory which correspond to the subjectAttributeNames.
issuerAttributeNames Issuer attribute names (like "CN", "O", "OU") to use to search in the LDAP directory
Returns:
A list of found DER encoded CRLs.
Throws:
org.bouncycastle.util.StoreException if an error occurs while searching.
 
     private List cRLIssuerSearch(X509CRLStoreSelector xselector,
                                  String[] attrsString attrNames[], String issuerAttributeNames[])
         throws StoreException
     {
         List list = new ArrayList();
 
         String issuer = null;
         Collection issuers = new HashSet();
         if (xselector.getIssuers() != null)
         {
             issuers.addAll(xselector.getIssuers());
         }
         if (xselector.getCertificateChecking() != null)
         {
             issuers.add(getCertificateIssuer(xselector.getCertificateChecking()));
         }
         if (xselector.getAttrCertificateChecking() != null)
         {
             Principal principals[] = xselector.getAttrCertificateChecking().getIssuer().getPrincipals();
             for (int i=0; i<principals.lengthi++)
             {
                 if (principals[iinstanceof X500Principal)
                 {
                     issuers.add(principals[i]);        
                 }
             }
         }
         Iterator it = issuers.iterator();
         while (it.hasNext())
         {
             issuer = ((X500Principal)it.next()).getName("RFC1779");
             String attrValue = null;
 
             for (int i = 0; i < issuerAttributeNames.lengthi++)
             {
                 attrValue = parseDN(issuerissuerAttributeNames[i]);
                 list
                     .addAll(search(attrNames"*" + attrValue + "*",
                         attrs));
             }
         }
         if (issuer == null)
         {
             list.addAll(search(attrNames"*"attrs));
         }
 
         return list;
     }

    
Returns a List of encodings of the certificates, attribute certificates, CRL or certificate pairs.

Parameters:
attributeNames The attribute names to look for in the LDAP.
attributeValue The value the attribute name must have.
attrs The attributes in the LDAP which hold the certificate, attribute certificate, certificate pair or CRL in a found entry.
Returns:
A List of byte arrays with the encodings.
Throws:
org.bouncycastle.util.StoreException if an error occurs getting the results from the LDAP directory.
 
     private List search(String attributeNames[], String attributeValue,
                         String[] attrsthrows StoreException
     {
         String filter = null;
         if (attributeNames == null)
         {
             filter = null;
         }
         else
         {
             filter = "";
             if (attributeValue.equals("**"))
             {
                 attributeValue = "*";
             }
             for (int i = 0; i < attributeNames.lengthi++)
             {
                 filter += "(" + attributeNames[i] + "=" + attributeValue + ")";
             }
             filter = "(|" + filter + ")";
         }
         String filter2 = "";
         for (int i = 0; i < attrs.lengthi++)
         {
             filter2 += "(" + attrs[i] + "=*)";
         }
         filter2 = "(|" + filter2 + ")";
 
         String filter3 = "(&" + filter + "" + filter2 + ")";
         if (filter == null)
         {
             filter3 = filter2;
         }
         List list;
         list = getFromCache(filter3);
         if (list != null)
         {
             return list;
         }
         DirContext ctx = null;
         list = new ArrayList();
         try
         {
 
             ctx = connectLDAP();
 
             SearchControls constraints = new SearchControls();
             constraints.setSearchScope(.);
             constraints.setCountLimit(0);
             constraints.setReturningAttributes(attrs);
             NamingEnumeration results = ctx.search(.getBaseDN(), filter3,
                 constraints);
             while (results.hasMoreElements())
             {
                 SearchResult sr = (SearchResult)results.next();
                 NamingEnumeration enumeration = ((Attribute)(sr
                     .getAttributes().getAll().next())).getAll();
                 while (enumeration.hasMore())
                 {
                     list.add(enumeration.next());
                 }
             }
             addToCache(filter3list);
         }
         catch (NamingException e)
         {
             // skip exception, unfortunately if an attribute type is not
             // supported an exception is thrown
 
         }
         finally
         {
             try
             {
                 if (null != ctx)
                 {
                     ctx.close();
                 }
             }
             catch (Exception e)
             {
             }
         }
         return list;
     }
 
     private Set createCRLs(List listX509CRLStoreSelector xselector)
         throws StoreException
     {
         Set crlSet = new HashSet();
 
         X509CRLParser parser = new X509CRLParser();
         Iterator it = list.iterator();
         while (it.hasNext())
         {
             try
             {
                 parser.engineInit(new ByteArrayInputStream((byte[])it
                     .next()));
                 X509CRL crl = (X509CRL)parser.engineRead();
                 if (xselector.match((Object)crl))
                 {
                     crlSet.add(crl);
                 }
             }
             catch (StreamParsingException e)
             {
 
             }
         }
 
         return crlSet;
     }
 
     private Set createCrossCertificatePairs(List list,
                                             X509CertPairStoreSelector xselectorthrows StoreException
     {
         Set certPairSet = new HashSet();
 
         int i = 0;
         while (i < list.size())
         {
             X509CertificatePair pair;
             try
             {
                 // first try to decode it as certificate pair
                 try
                 {
                     X509CertPairParser parser = new X509CertPairParser();
                     parser.engineInit(new ByteArrayInputStream(
                         (byte[])list.get(i)));
                     pair = (X509CertificatePair)parser.engineRead();
                 }
                 catch (StreamParsingException e)
                 {
                     // now try it to construct it the forward and reverse
                     // certificate
                     byte[] forward = (byte[])list.get(i);
                     byte[] reverse = (byte[])list.get(i + 1);
                     pair = new X509CertificatePair(new CertificatePair(
                         Certificate
                             .getInstance(new ASN1InputStream(
                             forward).readObject()),
                         Certificate
                             .getInstance(new ASN1InputStream(
                                 reverse).readObject())));
                     i++;
                 }
                 if (xselector.match((Object)pair))
                 {
                     certPairSet.add(pair);
                 }
             }
             catch (CertificateParsingException e)
             {
                 // try next
             }
             catch (IOException e)
             {
                 // try next
             }
             i++;
         }
 
         return certPairSet;
     }
 
     private Set createAttributeCertificates(List list,
                                             X509AttributeCertStoreSelector xselectorthrows StoreException
     {
         Set certSet = new HashSet();
 
         Iterator it = list.iterator();
         X509AttrCertParser parser = new X509AttrCertParser();
         while (it.hasNext())
         {
             try
             {
                 parser.engineInit(new ByteArrayInputStream((byte[])it
                     .next()));
                 X509AttributeCertificate cert = (X509AttributeCertificate)parser
                     .engineRead();
                 if (xselector.match((Object)cert))
                 {
                     certSet.add(cert);
                 }
             }
             catch (StreamParsingException e)
             {
 
             }
         }
 
         return certSet;
     }

    
Returns the CRLs for issued certificates for other CAs matching the given selector.
The authorityRevocationList attribute includes revocation information regarding certificates issued to other CAs.

Parameters:
selector The CRL selector to use to find the CRLs.
Returns:
A possible empty collection with CRLs
Throws:
org.bouncycastle.util.StoreException
 
         throws StoreException
     {
         String attrNames[] = splitString(
             .getLdapAuthorityRevocationListAttributeName());
         String issuerAttributeNames[] = splitString(
 
         List list = cRLIssuerSearch(selectorattrsattrNames,
             issuerAttributeNames);
         Set resultSet = createCRLs(listselector);
         if (resultSet.size() == 0)
         {
             X509CRLStoreSelector emptySelector = new X509CRLStoreSelector();
             list = cRLIssuerSearch(emptySelectorattrsattrNames,
                 issuerAttributeNames);
 
             resultSet.addAll(createCRLs(listselector));
         }
         return resultSet;
     }

    
Returns the revocation list for revoked attribute certificates.

The attributeCertificateRevocationList holds a list of attribute certificates that have been revoked.

Parameters:
selector The CRL selector to use to find the CRLs.
Returns:
A possible empty collection with CRLs.
Throws:
org.bouncycastle.util.StoreException
 
         X509CRLStoreSelector selectorthrows StoreException
     {
         String[] attrs = splitString(
         String attrNames[] = splitString(
         String issuerAttributeNames[] = splitString(
 
         List list = cRLIssuerSearch(selectorattrsattrNames,
             issuerAttributeNames);
         Set resultSet = createCRLs(listselector);
         if (resultSet.size() == 0)
         {
             X509CRLStoreSelector emptySelector = new X509CRLStoreSelector();
             list = cRLIssuerSearch(emptySelectorattrsattrNames,
                 issuerAttributeNames);
 
             resultSet.addAll(createCRLs(listselector));
         }
         return resultSet;
     }

    
Returns the revocation list for revoked attribute certificates for an attribute authority

The attributeAuthorityList holds a list of AA certificates that have been revoked.

Parameters:
selector The CRL selector to use to find the CRLs.
Returns:
A possible empty collection with CRLs
Throws:
org.bouncycastle.util.StoreException
 
         X509CRLStoreSelector selectorthrows StoreException
     {
         String attrNames[] = splitString(
         String issuerAttributeNames[] = splitString(
 
         List list = cRLIssuerSearch(selectorattrsattrNames,
             issuerAttributeNames);
         Set resultSet = createCRLs(listselector);
         if (resultSet.size() == 0)
         {
             X509CRLStoreSelector emptySelector = new X509CRLStoreSelector();
             list = cRLIssuerSearch(emptySelectorattrsattrNames,
                 issuerAttributeNames);
 
             resultSet.addAll(createCRLs(listselector));
         }
         return resultSet;
     }

    
Returns cross certificate pairs.

Parameters:
selector The selector to use to find the cross certificates.
Returns:
A possible empty collection with org.bouncycastle.x509.X509CertificatePairs
Throws:
org.bouncycastle.util.StoreException
 
         X509CertPairStoreSelector selectorthrows StoreException
     {
         String[] attrs = splitString(.getCrossCertificateAttribute());
         String attrNames[] = splitString(.getLdapCrossCertificateAttributeName());
         String subjectAttributeNames[] = splitString(
             .getCrossCertificateSubjectAttributeName());
         List list = crossCertificatePairSubjectSearch(selectorattrs,
             attrNamessubjectAttributeNames);
         Set resultSet = createCrossCertificatePairs(listselector);
         if (resultSet.size() == 0)
         {
             X509CertStoreSelector emptyCertselector = new X509CertStoreSelector();
             X509CertPairStoreSelector emptySelector = new X509CertPairStoreSelector();
 
             emptySelector.setForwardSelector(emptyCertselector);
             emptySelector.setReverseSelector(emptyCertselector);
             list = crossCertificatePairSubjectSearch(emptySelectorattrs,
                 attrNamessubjectAttributeNames);
             resultSet.addAll(createCrossCertificatePairs(listselector));
         }
         return resultSet;
     }

    
Returns end certificates.

The attributeDescriptorCertificate is self signed by a source of authority and holds a description of the privilege and its delegation rules.

Parameters:
selector The selector to find the certificates.
Returns:
A possible empty collection with certificates.
Throws:
org.bouncycastle.util.StoreException
 
         throws StoreException
     {
         String[] attrs = splitString(.getUserCertificateAttribute());
         String attrNames[] = splitString(.getLdapUserCertificateAttributeName());
         String subjectAttributeNames[] = splitString(
             .getUserCertificateSubjectAttributeName());
 
         List list = certSubjectSerialSearch(selectorattrsattrNames,
             subjectAttributeNames);
         Set resultSet = createCerts(listselector);
         if (resultSet.size() == 0)
         {
             X509CertStoreSelector emptySelector = new X509CertStoreSelector();
             list = certSubjectSerialSearch(emptySelectorattrsattrNames,
                 subjectAttributeNames);
             resultSet.addAll(createCerts(listselector));
         }
 
         return resultSet;
     }

    
Returns attribute certificates for an attribute authority

The aAcertificate holds the privileges of an attribute authority.

Parameters:
selector The selector to find the attribute certificates.
Returns:
A possible empty collection with attribute certificates.
Throws:
org.bouncycastle.util.StoreException
 
         throws StoreException
     {
         String[] attrs = splitString(.getAACertificateAttribute());
         String attrNames[] = splitString(.getLdapAACertificateAttributeName());
         String subjectAttributeNames[] = splitString(.getAACertificateSubjectAttributeName());
 
         List list = attrCertSubjectSerialSearch(selectorattrsattrNames,
             subjectAttributeNames);
         Set resultSet = createAttributeCertificates(listselector);
         if (resultSet.size() == 0)
         {
             X509AttributeCertStoreSelector emptySelector = new X509AttributeCertStoreSelector();
             list = attrCertSubjectSerialSearch(emptySelectorattrsattrNames,
                 subjectAttributeNames);
             resultSet.addAll(createAttributeCertificates(listselector));
         }
 
         return resultSet;
     }

    
Returns an attribute certificate for an authority

The attributeDescriptorCertificate is self signed by a source of authority and holds a description of the privilege and its delegation rules.

Parameters:
selector The selector to find the attribute certificates.
Returns:
A possible empty collection with attribute certificates.
Throws:
org.bouncycastle.util.StoreException
 
         X509AttributeCertStoreSelector selectorthrows StoreException
     {
         String attrNames[] = splitString(
         String subjectAttributeNames[] = splitString(
 
         List list = attrCertSubjectSerialSearch(selectorattrsattrNames,
             subjectAttributeNames);
         Set resultSet = createAttributeCertificates(listselector);
         if (resultSet.size() == 0)
         {
             X509AttributeCertStoreSelector emptySelector = new X509AttributeCertStoreSelector();
             list = attrCertSubjectSerialSearch(emptySelectorattrsattrNames,
                 subjectAttributeNames);
             resultSet.addAll(createAttributeCertificates(listselector));
         }
 
         return resultSet;
     }

    
Returns CA certificates.

The cACertificate attribute of a CA's directory entry shall be used to store self-issued certificates (if any) and certificates issued to this CA by CAs in the same realm as this CA.

Parameters:
selector The selector to find the certificates.
Returns:
A possible empty collection with certificates.
Throws:
org.bouncycastle.util.StoreException
 
         throws StoreException
     {
         String[] attrs = splitString(.getCACertificateAttribute());
         String attrNames[] = splitString(.getLdapCACertificateAttributeName());
         String subjectAttributeNames[] = splitString(
             .getCACertificateSubjectAttributeName());
         List list = certSubjectSerialSearch(selectorattrsattrNames,
             subjectAttributeNames);
         Set resultSet = createCerts(listselector);
         if (resultSet.size() == 0)
         {
             X509CertStoreSelector emptySelector = new X509CertStoreSelector();
             list = certSubjectSerialSearch(emptySelectorattrsattrNames,
                 subjectAttributeNames);
             resultSet.addAll(createCerts(listselector));
         }
         return resultSet;
     }

    
Returns the delta revocation list for revoked certificates.

Parameters:
selector The CRL selector to use to find the CRLs.
Returns:
A possible empty collection with CRLs.
Throws:
org.bouncycastle.util.StoreException
 
         X509CRLStoreSelector selectorthrows StoreException
     {
         String[] attrs = splitString(.getDeltaRevocationListAttribute());
         String issuerAttributeNames[] = splitString(
             .getDeltaRevocationListIssuerAttributeName());
         List list = cRLIssuerSearch(selectorattrsattrNames,
             issuerAttributeNames);
         Set resultSet = createCRLs(listselector);
         if (resultSet.size() == 0)
         {
             X509CRLStoreSelector emptySelector = new X509CRLStoreSelector();
             list = cRLIssuerSearch(emptySelectorattrsattrNames,
                 issuerAttributeNames);
 
             resultSet.addAll(createCRLs(listselector));
         }
         return resultSet;
     }

    
Returns an attribute certificate for an user.

The attributeCertificateAttribute holds the privileges of a user

Parameters:
selector The selector to find the attribute certificates.
Returns:
A possible empty collection with attribute certificates.
Throws:
org.bouncycastle.util.StoreException
 
         X509AttributeCertStoreSelector selectorthrows StoreException
     {
         String attrNames[] = splitString(
         String subjectAttributeNames[] = splitString(
         List list = attrCertSubjectSerialSearch(selectorattrsattrNames,
             subjectAttributeNames);
         Set resultSet = createAttributeCertificates(listselector);
         if (resultSet.size() == 0)
         {
             X509AttributeCertStoreSelector emptySelector = new X509AttributeCertStoreSelector();
             list = attrCertSubjectSerialSearch(emptySelectorattrsattrNames,
                 subjectAttributeNames);
             resultSet.addAll(createAttributeCertificates(listselector));
         }
 
         return resultSet;
    }

    
Returns the certificate revocation lists for revoked certificates.

Parameters:
selector The CRL selector to use to find the CRLs.
Returns:
A possible empty collection with CRLs.
Throws:
org.bouncycastle.util.StoreException
        X509CRLStoreSelector selectorthrows StoreException
    {
        String attrNames[] = splitString(
        String issuerAttributeNames[] = splitString(
        List list = cRLIssuerSearch(selectorattrsattrNames,
            issuerAttributeNames);
        Set resultSet = createCRLs(listselector);
        if (resultSet.size() == 0)
        {
            X509CRLStoreSelector emptySelector = new X509CRLStoreSelector();
            list = cRLIssuerSearch(emptySelectorattrsattrNames,
                issuerAttributeNames);
            resultSet.addAll(createCRLs(listselector));
        }
        return resultSet;
    }
    private Map cacheMap = new HashMap();
    private static int cacheSize = 32;
    private static long lifeTime = 60 * 1000;
    private synchronized void addToCache(String searchCriteriaList list)
    {
        Date now = new Date(System.currentTimeMillis());
        List cacheEntry = new ArrayList();
        cacheEntry.add(now);
        cacheEntry.add(list);
        if (.containsKey(searchCriteria))
        {
            .put(searchCriteriacacheEntry);
        }
        else
        {
            if (.size() >= )
            {
                // replace oldest
                Iterator it = .entrySet().iterator();
                long oldest = now.getTime();
                Object replace = null;
                while (it.hasNext())
                {
                    Map.Entry entry = (Map.Entry)it.next();
                    long current = ((Date)((List)entry.getValue()).get(0))
                        .getTime();
                    if (current < oldest)
                    {
                        oldest = current;
                        replace = entry.getKey();
                    }
                }
                .remove(replace);
            }
            .put(searchCriteriacacheEntry);
        }
    }
    private List getFromCache(String searchCriteria)
    {
        List entry = (List).get(searchCriteria);
        long now = System.currentTimeMillis();
        if (entry != null)
        {
            // too old
            if (((Date)entry.get(0)).getTime() < (now - ))
            {
                return null;
            }
            return (List)entry.get(1);
        }
        return null;
    }
    /*
     * spilt string based on spaces
     */
    private String[] splitString(String str)
    {
        return str.split("\\s+");
    }
    {
        try
        {
            byte[] encSubject = xselector.getSubjectAsBytes();
            if (encSubject != null)
            {
                return new X500Principal(encSubject).getName("RFC1779");
            }
        }
        catch (IOException e)
        {
            throw new StoreException("exception processing name: " + e.getMessage(), e);
        }
        return null;
    }
    {
        return cert.getIssuerX500Principal();
    }
New to GrepCode? Check out our FAQ X