Package org.bouncycastle.x509.util

Source Code of org.bouncycastle.x509.util.LDAPStoreHelper

package org.bouncycastle.x509.util;

import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.x509.CertificatePair;
import org.bouncycastle.asn1.x509.X509CertificateStructure;
import org.bouncycastle.jce.X509LDAPCertStoreParameters;
import org.bouncycastle.jce.provider.X509AttrCertParser;
import org.bouncycastle.jce.provider.X509CRLParser;
import org.bouncycastle.jce.provider.X509CertPairParser;
import org.bouncycastle.jce.provider.X509CertParser;
import org.bouncycastle.util.StoreException;
import org.bouncycastle.x509.X509AttributeCertStoreSelector;
import org.bouncycastle.x509.X509AttributeCertificate;
import org.bouncycastle.x509.X509CRLStoreSelector;
import org.bouncycastle.x509.X509CertPairStoreSelector;
import org.bouncycastle.x509.X509CertStoreSelector;
import org.bouncycastle.x509.X509CertificatePair;

import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import java.sql.Date;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;

* This is a general purpose implementation to get X.509 certificates, CRLs,
* attribute certificates and cross certificates from a LDAP location.
* <p/>
* At first a search is performed in the ldap*AttributeNames of the
* {@link org.bouncycastle.jce.X509LDAPCertStoreParameters} with the given
* information of the subject (for all kind of certificates) or issuer (for
* CRLs), respectively, if a {@link org.bouncycastle.x509.X509CertStoreSelector} or
* {@link org.bouncycastle.x509.X509AttributeCertificate} is given with that
* details.
* <p/>
* For the used schemes see:
* <ul>
* <li><a href="">RFC 2587</a>
* <li><a
* href="">Internet
* X.509 Public Key Infrastructure Additional LDAP Schema for PKIs and PMIs</a>
* </ul>
public class LDAPStoreHelper

    // TODO: cache results

    private X509LDAPCertStoreParameters params;

    public LDAPStoreHelper(X509LDAPCertStoreParameters params)
        this.params = params;

     * Initial Context Factory.
    private static String LDAP_PROVIDER = "com.sun.jndi.ldap.LdapCtxFactory";

     * Processing referrals..
    private static String REFERRALS_IGNORE = "ignore";

     * Security level to be used for LDAP connections.
    private static final String SEARCH_SECURITY_LEVEL = "none";

     * Package Prefix for loading URL context factories.
    private static final String URL_CONTEXT_PREFIX = "com.sun.jndi.url";

    private DirContext connectLDAP() throws NamingException
        Properties props = new Properties();
        props.setProperty(Context.INITIAL_CONTEXT_FACTORY, LDAP_PROVIDER);
        props.setProperty(Context.BATCHSIZE, "0");

        props.setProperty(Context.PROVIDER_URL, params.getLdapURL());
        props.setProperty(Context.URL_PKG_PREFIXES, URL_CONTEXT_PREFIX);
        props.setProperty(Context.REFERRAL, REFERRALS_IGNORE);

        DirContext ctx = new InitialDirContext(props);
        return ctx;

    private String parseDN(String subject, String dNAttributeName)
        String temp = subject;
        int begin = temp.toLowerCase().indexOf(
            dNAttributeName.toLowerCase() + "=");
        if (begin == -1)
            return "";
        temp = temp.substring(begin + dNAttributeName.length());
        int end = temp.indexOf(',');
        if (end == -1)
            end = temp.length();
        while (temp.charAt(end - 1) == '\\')
            end = temp.indexOf(',', end + 1);
            if (end == -1)
                end = temp.length();
        temp = temp.substring(0, end);
        begin = temp.indexOf('=');
        temp = temp.substring(begin + 1);
        if (temp.charAt(0) == ' ')
            temp = temp.substring(1);
        if (temp.startsWith("\""))
            temp = temp.substring(1);
        if (temp.endsWith("\""))
            temp = temp.substring(0, temp.length() - 1);
        return temp;

    private Set createCerts(List list, X509CertStoreSelector xselector)
        throws StoreException
        Set certSet = new HashSet();

        Iterator it = list.iterator();
        X509CertParser parser = new X509CertParser();
        while (it.hasNext())
                parser.engineInit(new ByteArrayInputStream((byte[])it
                X509Certificate cert = (X509Certificate)parser
                if (xselector.match((Object)cert))

            catch (Exception e)


        return certSet;

     * Can use the subject and serial and the subject and serialNumber of the
     * certificate of the given of the X509CertStoreSelector. If a certificate
     * for checking is given this has higher precedence.
     * @param xselector             The selector with the search criteria.
     * @param attrs                 Attributes which contain the certificates in the LDAP
     *                              directory.
     * @param attrNames             Attribute names in teh LDAP directory which correspond to the
     *                              subjectAttributeNames.
     * @param subjectAttributeNames Subject attribute names (like "CN", "O", "OU") to use to
     *                              search in the LDAP directory
     * @return A list of found DER encoded certificates.
     * @throws StoreException if an error occurs while searching.
    private List certSubjectSerialSearch(X509CertStoreSelector xselector,
                                         String[] attrs, String attrNames[], String subjectAttributeNames[])
        throws StoreException
        // TODO: support also subjectAltNames?
        List list = new ArrayList();

        String subject = null;
        String serial = null;

        subject = getSubjectAsString(xselector);

        if (xselector.getSerialNumber() != null)
            serial = xselector.getSerialNumber().toString();
        if (xselector.getCertificate() != null)
            subject = xselector.getCertificate().getSubjectX500Principal().getName("RFC1779");
            serial = xselector.getCertificate().getSerialNumber().toString();

        String attrValue = null;
        if (subject != null)
            for (int i = 0; i < subjectAttributeNames.length; i++)
                attrValue = parseDN(subject, subjectAttributeNames[i]);
                    .addAll(search(attrNames, "*" + attrValue + "*",
        if (serial != null && params.getSearchForSerialNumberIn() != null)
            attrValue = serial;
                                                  attrValue, attrs));
        if (serial == null && subject == null)
            list.addAll(search(attrNames, "*", attrs));

        return list;

     * Can use the subject of the forward certificate of the set certificate
     * pair or the subject of the forward
     * {@link org.bouncycastle.x509.X509CertStoreSelector} of the given
     * selector.
     * @param xselector             The selector with the search criteria.
     * @param attrs                 Attributes which contain the attribute certificates in the
     *                              LDAP directory.
     * @param attrNames             Attribute names in the LDAP directory which correspond to the
     *                              subjectAttributeNames.
     * @param subjectAttributeNames Subject attribute names (like "CN", "O", "OU") to use to
     *                              search in the LDAP directory
     * @return A list of found DER encoded certificate pairs.
     * @throws StoreException if an error occurs while searching.
    private List crossCertificatePairSubjectSearch(
        X509CertPairStoreSelector xselector, String[] attrs,
        String attrNames[], String subjectAttributeNames[])
        throws StoreException
        List list = new ArrayList();

        // search for subject
        String subject = null;

        if (xselector.getForwardSelector() != null)
            subject = getSubjectAsString(xselector.getForwardSelector());
        if (xselector.getCertPair() != null)
            if (xselector.getCertPair().getForward() != null)
                subject = xselector.getCertPair().getForward()
        String attrValue = null;
        if (subject != null)
            for (int i = 0; i < subjectAttributeNames.length; i++)
                attrValue = parseDN(subject, subjectAttributeNames[i]);
                    .addAll(search(attrNames, "*" + attrValue + "*",
        if (subject == null)
            list.addAll(search(attrNames, "*", attrs));

        return list;

     * Can use the entityName of the holder of the attribute certificate, the
     * serialNumber of attribute certificate and the serialNumber of the
     * associated certificate of the given of the X509AttributeCertSelector.
     * @param xselector             The selector with the search criteria.
     * @param attrs                 Attributes which contain the attribute certificates in the
     *                              LDAP directory.
     * @param attrNames             Attribute names in the LDAP directory which correspond to the
     *                              subjectAttributeNames.
     * @param subjectAttributeNames Subject attribute names (like "CN", "O", "OU") to use to
     *                              search in the LDAP directory
     * @return A list of found DER encoded attribute certificates.
     * @throws StoreException if an error occurs while searching.
    private List attrCertSubjectSerialSearch(
        X509AttributeCertStoreSelector xselector, String[] attrs,
        String attrNames[], String subjectAttributeNames[])
        throws StoreException
        List list = new ArrayList();

        // search for serialNumber of associated cert,
        // serialNumber of the attribute certificate or DN in the entityName
        // of the holder

        String subject = null;
        String serial = null;

        Collection serials = new HashSet();
        Principal principals[] = null;
        if (xselector.getHolder() != null)
            // serialNumber of associated cert
            if (xselector.getHolder().getSerialNumber() != null)
            // DN in the entityName of the holder
            if (xselector.getHolder().getEntityNames() != null)
                principals = xselector.getHolder().getEntityNames();

        if (xselector.getAttributeCert() != null)
            if (xselector.getAttributeCert().getHolder().getEntityNames() != null)
                principals = xselector.getAttributeCert().getHolder()
            // serialNumber of the attribute certificate
        if (principals != null)
            // only first should be relevant
            if (principals[0] instanceof X500Principal)
                subject = ((X500Principal)principals[0])
                // strange ...
                subject = principals[0].getName();
        if (xselector.getSerialNumber() != null)

        String attrValue = null;
        if (subject != null)
            for (int i = 0; i < subjectAttributeNames.length; i++)
                attrValue = parseDN(subject, subjectAttributeNames[i]);
                    .addAll(search(attrNames, "*" + attrValue + "*",
        if (serials.size() > 0
            && params.getSearchForSerialNumberIn() != null)
            Iterator it = serials.iterator();
            while (it.hasNext())
                serial = (String);
                list.addAll(search(splitString(params.getSearchForSerialNumberIn()), serial, attrs));
        if (serials.size() == 0 && subject == null)
            list.addAll(search(attrNames, "*", attrs));

        return list;

     * Can use the issuer of the given of the X509CRLStoreSelector.
     * @param xselector            The selector with the search criteria.
     * @param attrs                Attributes which contain the attribute certificates in the
     *                             LDAP directory.
     * @param attrNames            Attribute names in the LDAP directory which correspond to the
     *                             subjectAttributeNames.
     * @param issuerAttributeNames Issuer attribute names (like "CN", "O", "OU") to use to search
     *                             in the LDAP directory
     * @return A list of found DER encoded CRLs.
     * @throws StoreException if an error occurs while searching.
    private List cRLIssuerSearch(X509CRLStoreSelector xselector,
                                 String[] attrs, String attrNames[], String issuerAttributeNames[])
        throws StoreException
        List list = new ArrayList();

        String issuer = null;
        Collection issuers = new HashSet();
        if (xselector.getIssuers() != null)
        if (xselector.getCertificateChecking() != null)
        if (xselector.getAttrCertificateChecking() != null)
            Principal principals[] = xselector.getAttrCertificateChecking().getIssuer().getPrincipals();
            for (int i=0; i<principals.length; i++)
                if (principals[i] instanceof X500Principal)
        Iterator it = issuers.iterator();
        while (it.hasNext())
            issuer = ((X500Principal)"RFC1779");
            String attrValue = null;

            for (int i = 0; i < issuerAttributeNames.length; i++)
                attrValue = parseDN(issuer, issuerAttributeNames[i]);
                    .addAll(search(attrNames, "*" + attrValue + "*",
        if (issuer == null)
            list.addAll(search(attrNames, "*", attrs));

        return list;

     * Returns a <code>List</code> of encodings of the certificates, attribute
     * certificates, CRL or certificate pairs.
     * @param attributeNames The attribute names to look for in the LDAP.
     * @param attributeValue The value the attribute name must have.
     * @param attrs          The attributes in the LDAP which hold the certificate,
     *                       attribute certificate, certificate pair or CRL in a found
     *                       entry.
     * @return A <code>List</code> of byte arrays with the encodings.
     * @throws StoreException if an error occurs getting the results from the LDAP
     *                        directory.
    private List search(String attributeNames[], String attributeValue,
                        String[] attrs) throws StoreException
        String filter = null;
        if (attributeNames == null)
            filter = null;
            filter = "";
            if (attributeValue.equals("**"))
                attributeValue = "*";
            for (int i = 0; i < attributeNames.length; i++)
                filter += "(" + attributeNames[i] + "=" + attributeValue + ")";
            filter = "(|" + filter + ")";
        String filter2 = "";
        for (int i = 0; i < attrs.length; i++)
            filter2 += "(" + attrs[i] + "=*)";
        filter2 = "(|" + filter2 + ")";

        String filter3 = "(&" + filter + "" + filter2 + ")";
        if (filter == null)
            filter3 = filter2;
        List list;
        list = getFromCache(filter3);
        if (list != null)
            return list;
        DirContext ctx = null;
        list = new ArrayList();

            ctx = connectLDAP();

            SearchControls constraints = new SearchControls();
            NamingEnumeration results =, filter3,
            while (results.hasMoreElements())
                SearchResult sr = (SearchResult);
                NamingEnumeration enumeration = ((Attribute)(sr
                while (enumeration.hasMore())
            addToCache(filter3, list);
        catch (NamingException e)
            // skip exception, unfortunately if an attribute type is not
            // supported an exception is thrown

                if (null != ctx)
            catch (Exception e)
        return list;

    private Set createCRLs(List list, X509CRLStoreSelector xselector)
        throws StoreException
        Set crlSet = new HashSet();

        X509CRLParser parser = new X509CRLParser();
        Iterator it = list.iterator();
        while (it.hasNext())
                parser.engineInit(new ByteArrayInputStream((byte[])it
                X509CRL crl = (X509CRL)parser.engineRead();
                if (xselector.match((Object)crl))
            catch (StreamParsingException e)


        return crlSet;

    private Set createCrossCertificatePairs(List list,
                                            X509CertPairStoreSelector xselector) throws StoreException
        Set certPairSet = new HashSet();

        int i = 0;
        while (i < list.size())
            X509CertificatePair pair;
                // first try to decode it as certificate pair
                    X509CertPairParser parser = new X509CertPairParser();
                    parser.engineInit(new ByteArrayInputStream(
                    pair = (X509CertificatePair)parser.engineRead();
                catch (StreamParsingException e)
                    // now try it to construct it the forward and reverse
                    // certificate
                    byte[] forward = (byte[])list.get(i);
                    byte[] reverse = (byte[])list.get(i + 1);
                    pair = new X509CertificatePair(new CertificatePair(
                            .getInstance(new ASN1InputStream(
                            .getInstance(new ASN1InputStream(
                if (xselector.match((Object)pair))
            catch (CertificateParsingException e)
                // try next
            catch (IOException e)
                // try next

        return certPairSet;

    private Set createAttributeCertificates(List list,
                                            X509AttributeCertStoreSelector xselector) throws StoreException
        Set certSet = new HashSet();

        Iterator it = list.iterator();
        X509AttrCertParser parser = new X509AttrCertParser();
        while (it.hasNext())
                parser.engineInit(new ByteArrayInputStream((byte[])it
                X509AttributeCertificate cert = (X509AttributeCertificate)parser
                if (xselector.match((Object)cert))
            catch (StreamParsingException e)


        return certSet;

     * Returns the CRLs for issued certificates for other CAs matching the given
     * selector. <br>
     * The authorityRevocationList attribute includes revocation information
     * regarding certificates issued to other CAs.
     * @param selector The CRL selector to use to find the CRLs.
     * @return A possible empty collection with CRLs
     * @throws StoreException
    public Collection getAuthorityRevocationLists(X509CRLStoreSelector selector)
        throws StoreException
        String[] attrs = splitString(params.getAuthorityRevocationListAttribute());
        String attrNames[] = splitString(params
        String issuerAttributeNames[] = splitString(params

        List list = cRLIssuerSearch(selector, attrs, attrNames,
        Set resultSet = createCRLs(list, selector);
        if (resultSet.size() == 0)
            X509CRLStoreSelector emptySelector = new X509CRLStoreSelector();
            list = cRLIssuerSearch(emptySelector, attrs, attrNames,

            resultSet.addAll(createCRLs(list, selector));
        return resultSet;

     * Returns the revocation list for revoked attribute certificates.
     * <p/>
     * The attributeCertificateRevocationList holds a list of attribute
     * certificates that have been revoked.
     * @param selector The CRL selector to use to find the CRLs.
     * @return A possible empty collection with CRLs.
     * @throws StoreException
    public Collection getAttributeCertificateRevocationLists(
        X509CRLStoreSelector selector) throws StoreException
        String[] attrs = splitString(params
        String attrNames[] = splitString(params
        String issuerAttributeNames[] = splitString(params

        List list = cRLIssuerSearch(selector, attrs, attrNames,
        Set resultSet = createCRLs(list, selector);
        if (resultSet.size() == 0)
            X509CRLStoreSelector emptySelector = new X509CRLStoreSelector();
            list = cRLIssuerSearch(emptySelector, attrs, attrNames,

            resultSet.addAll(createCRLs(list, selector));
        return resultSet;

     * Returns the revocation list for revoked attribute certificates for an
     * attribute authority
     * <p/>
     * The attributeAuthorityList holds a list of AA certificates that have been
     * revoked.
     * @param selector The CRL selector to use to find the CRLs.
     * @return A possible empty collection with CRLs
     * @throws StoreException
    public Collection getAttributeAuthorityRevocationLists(
        X509CRLStoreSelector selector) throws StoreException
        String[] attrs = splitString(params.getAttributeAuthorityRevocationListAttribute());
        String attrNames[] = splitString(params
        String issuerAttributeNames[] = splitString(params

        List list = cRLIssuerSearch(selector, attrs, attrNames,
        Set resultSet = createCRLs(list, selector);
        if (resultSet.size() == 0)
            X509CRLStoreSelector emptySelector = new X509CRLStoreSelector();
            list = cRLIssuerSearch(emptySelector, attrs, attrNames,

            resultSet.addAll(createCRLs(list, selector));
        return resultSet;

     * Returns cross certificate pairs.
     * @param selector The selector to use to find the cross certificates.
     * @return A possible empty collection with {@link X509CertificatePair}s
     * @throws StoreException
    public Collection getCrossCertificatePairs(
        X509CertPairStoreSelector selector) throws StoreException
        String[] attrs = splitString(params.getCrossCertificateAttribute());
        String attrNames[] = splitString(params.getLdapCrossCertificateAttributeName());
        String subjectAttributeNames[] = splitString(params
        List list = crossCertificatePairSubjectSearch(selector, attrs,
            attrNames, subjectAttributeNames);
        Set resultSet = createCrossCertificatePairs(list, selector);
        if (resultSet.size() == 0)
            X509CertStoreSelector emptyCertselector = new X509CertStoreSelector();
            X509CertPairStoreSelector emptySelector = new X509CertPairStoreSelector();

            list = crossCertificatePairSubjectSearch(emptySelector, attrs,
                attrNames, subjectAttributeNames);
            resultSet.addAll(createCrossCertificatePairs(list, selector));
        return resultSet;

     * Returns end certificates.
     * <p/>
     * The attributeDescriptorCertificate is self signed by a source of
     * authority and holds a description of the privilege and its delegation
     * rules.
     * @param selector The selector to find the certificates.
     * @return A possible empty collection with certificates.
     * @throws StoreException
    public Collection getUserCertificates(X509CertStoreSelector selector)
        throws StoreException
        String[] attrs = splitString(params.getUserCertificateAttribute());
        String attrNames[] = splitString(params.getLdapUserCertificateAttributeName());
        String subjectAttributeNames[] = splitString(params

        List list = certSubjectSerialSearch(selector, attrs, attrNames,
        Set resultSet = createCerts(list, selector);
        if (resultSet.size() == 0)
            X509CertStoreSelector emptySelector = new X509CertStoreSelector();
            list = certSubjectSerialSearch(emptySelector, attrs, attrNames,
            resultSet.addAll(createCerts(list, selector));

        return resultSet;

     * Returns attribute certificates for an attribute authority
     * <p/>
     * The aAcertificate holds the privileges of an attribute authority.
     * @param selector The selector to find the attribute certificates.
     * @return A possible empty collection with attribute certificates.
     * @throws StoreException
    public Collection getAACertificates(X509AttributeCertStoreSelector selector)
        throws StoreException
        String[] attrs = splitString(params.getAACertificateAttribute());
        String attrNames[] = splitString(params.getLdapAACertificateAttributeName());
        String subjectAttributeNames[] = splitString(params.getAACertificateSubjectAttributeName());

        List list = attrCertSubjectSerialSearch(selector, attrs, attrNames,
        Set resultSet = createAttributeCertificates(list, selector);
        if (resultSet.size() == 0)
            X509AttributeCertStoreSelector emptySelector = new X509AttributeCertStoreSelector();
            list = attrCertSubjectSerialSearch(emptySelector, attrs, attrNames,
            resultSet.addAll(createAttributeCertificates(list, selector));

        return resultSet;

     * Returns an attribute certificate for an authority
     * <p/>
     * The attributeDescriptorCertificate is self signed by a source of
     * authority and holds a description of the privilege and its delegation
     * rules.
     * @param selector The selector to find the attribute certificates.
     * @return A possible empty collection with attribute certificates.
     * @throws StoreException
    public Collection getAttributeDescriptorCertificates(
        X509AttributeCertStoreSelector selector) throws StoreException
        String[] attrs = splitString(params.getAttributeDescriptorCertificateAttribute());
        String attrNames[] = splitString(params
        String subjectAttributeNames[] = splitString(params

        List list = attrCertSubjectSerialSearch(selector, attrs, attrNames,
        Set resultSet = createAttributeCertificates(list, selector);
        if (resultSet.size() == 0)
            X509AttributeCertStoreSelector emptySelector = new X509AttributeCertStoreSelector();
            list = attrCertSubjectSerialSearch(emptySelector, attrs, attrNames,
            resultSet.addAll(createAttributeCertificates(list, selector));

        return resultSet;

     * Returns CA certificates.
     * <p/>
     * The cACertificate attribute of a CA's directory entry shall be used to
     * store self-issued certificates (if any) and certificates issued to this
     * CA by CAs in the same realm as this CA.
     * @param selector The selector to find the certificates.
     * @return A possible empty collection with certificates.
     * @throws StoreException
    public Collection getCACertificates(X509CertStoreSelector selector)
        throws StoreException
        String[] attrs = splitString(params.getCACertificateAttribute());
        String attrNames[] = splitString(params.getLdapCACertificateAttributeName());
        String subjectAttributeNames[] = splitString(params
        List list = certSubjectSerialSearch(selector, attrs, attrNames,
        Set resultSet = createCerts(list, selector);
        if (resultSet.size() == 0)
            X509CertStoreSelector emptySelector = new X509CertStoreSelector();
            list = certSubjectSerialSearch(emptySelector, attrs, attrNames,
            resultSet.addAll(createCerts(list, selector));
        return resultSet;

     * Returns the delta revocation list for revoked certificates.
     * @param selector The CRL selector to use to find the CRLs.
     * @return A possible empty collection with CRLs.
     * @throws StoreException
    public Collection getDeltaCertificateRevocationLists(
        X509CRLStoreSelector selector) throws StoreException
        String[] attrs = splitString(params.getDeltaRevocationListAttribute());
        String attrNames[] = splitString(params.getLdapDeltaRevocationListAttributeName());
        String issuerAttributeNames[] = splitString(params
        List list = cRLIssuerSearch(selector, attrs, attrNames,
        Set resultSet = createCRLs(list, selector);
        if (resultSet.size() == 0)
            X509CRLStoreSelector emptySelector = new X509CRLStoreSelector();
            list = cRLIssuerSearch(emptySelector, attrs, attrNames,

            resultSet.addAll(createCRLs(list, selector));
        return resultSet;

     * Returns an attribute certificate for an user.
     * <p/>
     * The attributeCertificateAttribute holds the privileges of a user
     * @param selector The selector to find the attribute certificates.
     * @return A possible empty collection with attribute certificates.
     * @throws StoreException
    public Collection getAttributeCertificateAttributes(
        X509AttributeCertStoreSelector selector) throws StoreException
        String[] attrs = splitString(params.getAttributeCertificateAttributeAttribute());
        String attrNames[] = splitString(params
        String subjectAttributeNames[] = splitString(params
        List list = attrCertSubjectSerialSearch(selector, attrs, attrNames,
        Set resultSet = createAttributeCertificates(list, selector);
        if (resultSet.size() == 0)
            X509AttributeCertStoreSelector emptySelector = new X509AttributeCertStoreSelector();
            list = attrCertSubjectSerialSearch(emptySelector, attrs, attrNames,
            resultSet.addAll(createAttributeCertificates(list, selector));

        return resultSet;

     * Returns the certificate revocation lists for revoked certificates.
     * @param selector The CRL selector to use to find the CRLs.
     * @return A possible empty collection with CRLs.
     * @throws StoreException
    public Collection getCertificateRevocationLists(
        X509CRLStoreSelector selector) throws StoreException
        String[] attrs = splitString(params.getCertificateRevocationListAttribute());
        String attrNames[] = splitString(params
        String issuerAttributeNames[] = splitString(params
        List list = cRLIssuerSearch(selector, attrs, attrNames,
        Set resultSet = createCRLs(list, selector);
        if (resultSet.size() == 0)
            X509CRLStoreSelector emptySelector = new X509CRLStoreSelector();
            list = cRLIssuerSearch(emptySelector, attrs, attrNames,

            resultSet.addAll(createCRLs(list, selector));
        return resultSet;

    private Map cacheMap = new HashMap(cacheSize);

    private static int cacheSize = 32;

    private static long lifeTime = 60 * 1000;

    private synchronized void addToCache(String searchCriteria, List list)
        Date now = new Date(System.currentTimeMillis());
        List cacheEntry = new ArrayList();
        if (cacheMap.containsKey(searchCriteria))
            cacheMap.put(searchCriteria, cacheEntry);
            if (cacheMap.size() >= cacheSize)
                // replace oldest
                Iterator it = cacheMap.entrySet().iterator();
                long oldest = now.getTime();
                Object replace = null;
                while (it.hasNext())
                    Map.Entry entry = (Map.Entry);
                    long current = ((Date)((List)entry.getValue()).get(0))
                    if (current < oldest)
                        oldest = current;
                        replace = entry.getKey();
            cacheMap.put(searchCriteria, cacheEntry);

    private List getFromCache(String searchCriteria)
        List entry = (List)cacheMap.get(searchCriteria);
        long now = System.currentTimeMillis();
        if (entry != null)
            // too old
            if (((Date)entry.get(0)).getTime() < (now - lifeTime))
                return null;
            return (List)entry.get(1);
        return null;

     * spilt string based on spaces
    private String[] splitString(String str)
        return str.split("\\s+");

    private String getSubjectAsString(X509CertStoreSelector xselector)
            byte[] encSubject = xselector.getSubjectAsBytes();
            if (encSubject != null)
                return new X500Principal(encSubject).getName("RFC1779");
        catch (IOException e)
            throw new StoreException("exception processing name: " + e.getMessage(), e);
        return null;

    private X500Principal getCertificateIssuer(X509Certificate cert)
        return cert.getIssuerX500Principal();

Related Classes of org.bouncycastle.x509.util.LDAPStoreHelper

Copyright © 2018 All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact