Package org.bouncycastle.x509.util

Class LDAPStoreHelper

java.lang.Object
org.bouncycastle.x509.util.LDAPStoreHelper
public class LDAPStoreHelper extends Object
This is a general purpose implementation to get X.509 certificates, CRLs, attribute certificates and cross certificates from a LDAP location.

At first a search is performed in the ldap*AttributeNames of the X509LDAPCertStoreParameters with the given information of the subject (for all kind of certificates) or issuer (for CRLs), respectively, if a X509CertStoreSelector or X509AttributeCertificate is given with that details.

For the used schemes see:

  • Constructor Details

  • Method Details

    • getAuthorityRevocationLists

      public Collection getAuthorityRevocationLists(X509CRLStoreSelector selector) throws StoreException
      Returns the CRLs for issued certificates for other CAs matching the given selector.
      The authorityRevocationList attribute includes revocation information regarding certificates issued to other CAs.
      Parameters:
      selector - The CRL selector to use to find the CRLs.
      Returns:
      A possible empty collection with CRLs
      Throws:
      StoreException

    • getAttributeCertificateRevocationLists

      public Collection getAttributeCertificateRevocationLists(X509CRLStoreSelector selector) throws StoreException
      Returns the revocation list for revoked attribute certificates.

      The attributeCertificateRevocationList holds a list of attribute certificates that have been revoked.

      Parameters:
      selector - The CRL selector to use to find the CRLs.
      Returns:
      A possible empty collection with CRLs.
      Throws:
      StoreException

    • getAttributeAuthorityRevocationLists

      public Collection getAttributeAuthorityRevocationLists(X509CRLStoreSelector selector) throws StoreException
      Returns the revocation list for revoked attribute certificates for an attribute authority

      The attributeAuthorityList holds a list of AA certificates that have been revoked.

      Parameters:
      selector - The CRL selector to use to find the CRLs.
      Returns:
      A possible empty collection with CRLs
      Throws:
      StoreException

    • getCrossCertificatePairs

      public Collection getCrossCertificatePairs(X509CertPairStoreSelector selector) throws StoreException
      Returns cross certificate pairs.
      Parameters:
      selector - The selector to use to find the cross certificates.
      Returns:
      A possible empty collection with X509CertificatePairs
      Throws:
      StoreException

    • getUserCertificates

      public Collection getUserCertificates(X509CertStoreSelector selector) throws StoreException
      Returns end certificates.

      The attributeDescriptorCertificate is self signed by a source of authority and holds a description of the privilege and its delegation rules.

      Parameters:
      selector - The selector to find the certificates.
      Returns:
      A possible empty collection with certificates.
      Throws:
      StoreException

    • getAACertificates

      public Collection getAACertificates(X509AttributeCertStoreSelector selector) throws StoreException
      Returns attribute certificates for an attribute authority

      The aAcertificate holds the privileges of an attribute authority.

      Parameters:
      selector - The selector to find the attribute certificates.
      Returns:
      A possible empty collection with attribute certificates.
      Throws:
      StoreException

    • getAttributeDescriptorCertificates

      public Collection getAttributeDescriptorCertificates(X509AttributeCertStoreSelector selector) throws StoreException
      Returns an attribute certificate for an authority

      The attributeDescriptorCertificate is self signed by a source of authority and holds a description of the privilege and its delegation rules.

      Parameters:
      selector - The selector to find the attribute certificates.
      Returns:
      A possible empty collection with attribute certificates.
      Throws:
      StoreException

    • getCACertificates

      public Collection getCACertificates(X509CertStoreSelector selector) throws StoreException
      Returns CA certificates.

      The cACertificate attribute of a CA's directory entry shall be used to store self-issued certificates (if any) and certificates issued to this CA by CAs in the same realm as this CA.

      Parameters:
      selector - The selector to find the certificates.
      Returns:
      A possible empty collection with certificates.
      Throws:
      StoreException

    • getDeltaCertificateRevocationLists

      public Collection getDeltaCertificateRevocationLists(X509CRLStoreSelector selector) throws StoreException
      Returns the delta revocation list for revoked certificates.
      Parameters:
      selector - The CRL selector to use to find the CRLs.
      Returns:
      A possible empty collection with CRLs.
      Throws:
      StoreException

    • getAttributeCertificateAttributes

      public Collection getAttributeCertificateAttributes(X509AttributeCertStoreSelector selector) throws StoreException
      Returns an attribute certificate for an user.

      The attributeCertificateAttribute holds the privileges of a user

      Parameters:
      selector - The selector to find the attribute certificates.
      Returns:
      A possible empty collection with attribute certificates.
      Throws:
      StoreException

    • getCertificateRevocationLists

      public Collection getCertificateRevocationLists(X509CRLStoreSelector selector) throws StoreException
      Returns the certificate revocation lists for revoked certificates.
      Parameters:
      selector - The CRL selector to use to find the CRLs.
      Returns:
      A possible empty collection with CRLs.
      Throws:
      StoreException