org.bouncycastle.x509.util

Class LDAPStoreHelper

java.lang.Object

org.bouncycastle.x509.util.LDAPStoreHelper

public class LDAPStoreHelper
extends java.lang.Object

This is a general purpose implementation to get X.509 certificates, CRLs, attribute certificates and cross certificates from a LDAP location.

At first a search is performed in the ldap*AttributeNames of the X509LDAPCertStoreParameters with the given information of the subject (for all kind of certificates) or issuer (for CRLs), respectively, if a X509CertStoreSelector or X509AttributeCertificate is given with that details.

For the used schemes see:

• RFC 2587
• Internet X.509 Public Key Infrastructure Additional LDAP Schema for PKIs and PMIs

Constructor Summary

Constructors

Constructor and Description
LDAPStoreHelper(X509LDAPCertStoreParameters params)

Method Summary

Modifier and Type	Method and Description
java.util.Collection	getAACertificates(X509AttributeCertStoreSelector selector) Returns attribute certificates for an attribute authority
java.util.Collection	getAttributeAuthorityRevocationLists(X509CRLStoreSelector selector) Returns the revocation list for revoked attribute certificates for an attribute authority
java.util.Collection	getAttributeCertificateAttributes(X509AttributeCertStoreSelector selector) Returns an attribute certificate for an user.
java.util.Collection	getAttributeCertificateRevocationLists(X509CRLStoreSelector selector) Returns the revocation list for revoked attribute certificates.
java.util.Collection	getAttributeDescriptorCertificates(X509AttributeCertStoreSelector selector) Returns an attribute certificate for an authority
java.util.Collection	getAuthorityRevocationLists(X509CRLStoreSelector selector) Returns the CRLs for issued certificates for other CAs matching the given selector.
java.util.Collection	getCACertificates(X509CertStoreSelector selector) Returns CA certificates.
java.util.Collection	getCertificateRevocationLists(X509CRLStoreSelector selector) Returns the certificate revocation lists for revoked certificates.
java.util.Collection	getCrossCertificatePairs(X509CertPairStoreSelector selector) Returns cross certificate pairs.
java.util.Collection	getDeltaCertificateRevocationLists(X509CRLStoreSelector selector) Returns the delta revocation list for revoked certificates.
java.util.Collection	getUserCertificates(X509CertStoreSelector selector) Returns end certificates.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

LDAPStoreHelper

public LDAPStoreHelper(X509LDAPCertStoreParameters params)

Method Detail

getAuthorityRevocationLists

public java.util.Collection getAuthorityRevocationLists(X509CRLStoreSelector selector)
                                                 throws StoreException

Returns the CRLs for issued certificates for other CAs matching the given selector.
The authorityRevocationList attribute includes revocation information regarding certificates issued to other CAs.

Parameters:

selector - The CRL selector to use to find the CRLs.

Returns:

A possible empty collection with CRLs

Throws:

StoreException

getAttributeCertificateRevocationLists

public java.util.Collection getAttributeCertificateRevocationLists(X509CRLStoreSelector selector)
                                                            throws StoreException

Returns the revocation list for revoked attribute certificates.

The attributeCertificateRevocationList holds a list of attribute certificates that have been revoked.

Parameters:

selector - The CRL selector to use to find the CRLs.

Returns:

A possible empty collection with CRLs.

Throws:

StoreException

getAttributeAuthorityRevocationLists

public java.util.Collection getAttributeAuthorityRevocationLists(X509CRLStoreSelector selector)
                                                          throws StoreException

Returns the revocation list for revoked attribute certificates for an attribute authority

The attributeAuthorityList holds a list of AA certificates that have been revoked.

Parameters:

selector - The CRL selector to use to find the CRLs.

Returns:

A possible empty collection with CRLs

Throws:

StoreException

getCrossCertificatePairs

public java.util.Collection getCrossCertificatePairs(X509CertPairStoreSelector selector)
                                              throws StoreException

Returns cross certificate pairs.

Parameters:

selector - The selector to use to find the cross certificates.

Returns:

A possible empty collection with X509CertificatePairs

Throws:

StoreException

getUserCertificates

public java.util.Collection getUserCertificates(X509CertStoreSelector selector)
                                         throws StoreException

Returns end certificates.

The attributeDescriptorCertificate is self signed by a source of authority and holds a description of the privilege and its delegation rules.

Parameters:

selector - The selector to find the certificates.

Returns:

A possible empty collection with certificates.

Throws:

StoreException

getAACertificates

public java.util.Collection getAACertificates(X509AttributeCertStoreSelector selector)
                                       throws StoreException

Returns attribute certificates for an attribute authority

The aAcertificate holds the privileges of an attribute authority.

Parameters:

selector - The selector to find the attribute certificates.

Returns:

A possible empty collection with attribute certificates.

Throws:

StoreException

getAttributeDescriptorCertificates

public java.util.Collection getAttributeDescriptorCertificates(X509AttributeCertStoreSelector selector)
                                                        throws StoreException

Returns an attribute certificate for an authority

The attributeDescriptorCertificate is self signed by a source of authority and holds a description of the privilege and its delegation rules.

Parameters:

selector - The selector to find the attribute certificates.

Returns:

A possible empty collection with attribute certificates.

Throws:

StoreException

getCACertificates

public java.util.Collection getCACertificates(X509CertStoreSelector selector)
                                       throws StoreException

Returns CA certificates.

The cACertificate attribute of a CA's directory entry shall be used to store self-issued certificates (if any) and certificates issued to this CA by CAs in the same realm as this CA.

Parameters:

selector - The selector to find the certificates.

Returns:

A possible empty collection with certificates.

Throws:

StoreException

getDeltaCertificateRevocationLists

public java.util.Collection getDeltaCertificateRevocationLists(X509CRLStoreSelector selector)
                                                        throws StoreException

Returns the delta revocation list for revoked certificates.

Parameters:

selector - The CRL selector to use to find the CRLs.

Returns:

A possible empty collection with CRLs.

Throws:

StoreException

getAttributeCertificateAttributes

public java.util.Collection getAttributeCertificateAttributes(X509AttributeCertStoreSelector selector)
                                                       throws StoreException

Returns an attribute certificate for an user.

The attributeCertificateAttribute holds the privileges of a user

Parameters:

selector - The selector to find the attribute certificates.

Returns:

A possible empty collection with attribute certificates.

Throws:

StoreException

getCertificateRevocationLists

public java.util.Collection getCertificateRevocationLists(X509CRLStoreSelector selector)
                                                   throws StoreException

Returns the certificate revocation lists for revoked certificates.

Parameters:

selector - The CRL selector to use to find the CRLs.

Returns:

A possible empty collection with CRLs.

Throws:

StoreException