📄 ldapstorehelper.java
字号:
subject = principals[0].getName(); } } if (xselector.getSerialNumber() != null) { serials.add(xselector.getSerialNumber().toString()); } String attrValue = null; if (subject != null) { for (int i = 0; i < subjectAttributeNames.length; i++) { attrValue = parseDN(subject, subjectAttributeNames[i]); list .addAll(search(attrNames, "*" + attrValue + "*", attrs)); } } if (serials.size() > 0 && params.getSearchForSerialNumberIn() != null) { Iterator it = serials.iterator(); while (it.hasNext()) { serial = (String)it.next(); list.addAll(search(splitString(params.getSearchForSerialNumberIn()), serial, attrs)); } } if (serials.size() == 0 && subject == null) { list.addAll(search(attrNames, "*", attrs)); } return list; } /** * Can use the issuer of the given of the X509CRLStoreSelector. * * @param xselector The selector with the search criteria. * @param attrs Attributes which contain the attribute certificates in the * LDAP directory. * @param attrNames Attribute names in the LDAP directory which correspond to the * subjectAttributeNames. * @param issuerAttributeNames Issuer attribute names (like "CN", "O", "OU") to use to search * in the LDAP directory * @return A list of found DER encoded CRLs. * @throws StoreException if an error occurs while searching. */ private List cRLIssuerSearch(X509CRLStoreSelector xselector, String[] attrs, String attrNames[], String issuerAttributeNames[]) throws StoreException { List list = new ArrayList(); String issuer = null; Collection issuers = new HashSet(); if (xselector.getIssuers() != null) { issuers.addAll(xselector.getIssuers()); } if (xselector.getCertificateChecking() != null) { issuers.add(getCertificateIssuer(xselector.getCertificateChecking())); } if (xselector.getAttrCertificateChecking() != null) { Principal principals[] = xselector.getAttrCertificateChecking().getIssuer().getPrincipals(); for (int i=0; i<principals.length; i++) { if (principals[i] instanceof X500Principal) { issuers.add(principals[i]); } } } Iterator it = issuers.iterator(); while (it.hasNext()) { issuer = ((X500Principal)it.next()).getName("RFC1779"); String attrValue = null; for (int i = 0; i < issuerAttributeNames.length; i++) { attrValue = parseDN(issuer, issuerAttributeNames[i]); list .addAll(search(attrNames, "*" + attrValue + "*", attrs)); } } if (issuer == null) { list.addAll(search(attrNames, "*", attrs)); } return list; } /** * Returns a <code>List</code> of encodings of the certificates, attribute * certificates, CRL or certificate pairs. * * @param attributeNames The attribute names to look for in the LDAP. * @param attributeValue The value the attribute name must have. * @param attrs The attributes in the LDAP which hold the certificate, * attribute certificate, certificate pair or CRL in a found * entry. * @return A <code>List</code> of byte arrays with the encodings. * @throws StoreException if an error occurs getting the results from the LDAP * directory. */ private List search(String attributeNames[], String attributeValue, String[] attrs) throws StoreException { String filter = null; if (attributeNames == null) { filter = null; } else { filter = ""; if (attributeValue.equals("**")) { attributeValue = "*"; } for (int i = 0; i < attributeNames.length; i++) { filter += "(" + attributeNames[i] + "=" + attributeValue + ")"; } filter = "(|" + filter + ")"; } String filter2 = ""; for (int i = 0; i < attrs.length; i++) { filter2 += "(" + attrs[i] + "=*)"; } filter2 = "(|" + filter2 + ")"; String filter3 = "(&" + filter + "" + filter2 + ")"; if (filter == null) { filter3 = filter2; } List list; list = getFromCache(filter3); if (list != null) { return list; } DirContext ctx = null; list = new ArrayList(); try { ctx = connectLDAP(); SearchControls constraints = new SearchControls(); constraints.setSearchScope(SearchControls.SUBTREE_SCOPE); constraints.setCountLimit(0); constraints.setReturningAttributes(attrs); NamingEnumeration results = ctx.search(params.getBaseDN(), filter3, constraints); while (results.hasMoreElements()) { SearchResult sr = (SearchResult)results.next(); NamingEnumeration enumeration = ((Attribute)(sr .getAttributes().getAll().next())).getAll(); while (enumeration.hasMore()) { list.add(enumeration.next()); } } addToCache(filter3, list); } catch (NamingException e) { // skip exception, unfortunately if an attribute type is not // supported an exception is thrown } finally { try { if (null != ctx) { ctx.close(); } } catch (Exception e) { } } return list; } private Set createCRLs(List list, X509CRLStoreSelector xselector) throws StoreException { Set crlSet = new HashSet(); X509CRLParser parser = new X509CRLParser(); Iterator it = list.iterator(); while (it.hasNext()) { try { parser.engineInit(new ByteArrayInputStream((byte[])it .next())); X509CRL crl = (X509CRL)parser.engineRead(); if (xselector.match((Object)crl)) { crlSet.add(crl); } } catch (StreamParsingException e) { } } return crlSet; } private Set createCrossCertificatePairs(List list, X509CertPairStoreSelector xselector) throws StoreException { Set certPairSet = new HashSet(); int i = 0; while (i < list.size()) { X509CertificatePair pair; try { // first try to decode it as certificate pair try { X509CertPairParser parser = new X509CertPairParser(); parser.engineInit(new ByteArrayInputStream( (byte[])list.get(i))); pair = (X509CertificatePair)parser.engineRead(); } catch (StreamParsingException e) { // now try it to construct it the forward and reverse // certificate byte[] forward = (byte[])list.get(i); byte[] reverse = (byte[])list.get(i + 1); pair = new X509CertificatePair(new CertificatePair( X509CertificateStructure .getInstance(new ASN1InputStream( forward).readObject()), X509CertificateStructure .getInstance(new ASN1InputStream( reverse).readObject()))); i++; } if (xselector.match((Object)pair)) { certPairSet.add(pair); } } catch (CertificateParsingException e) { // try next } catch (IOException e) { // try next } i++; } return certPairSet; } private Set createAttributeCertificates(List list, X509AttributeCertStoreSelector xselector) throws StoreException { Set certSet = new HashSet(); Iterator it = list.iterator(); X509AttrCertParser parser = new X509AttrCertParser(); while (it.hasNext()) { try { parser.engineInit(new ByteArrayInputStream((byte[])it .next())); X509AttributeCertificate cert = (X509AttributeCertificate)parser .engineRead(); if (xselector.match((Object)cert)) { certSet.add(cert); } } catch (StreamParsingException e) { } } return certSet; } /** * Returns the CRLs for issued certificates for other CAs matching the given * selector. <br> * The authorityRevocationList attribute includes revocation information * regarding certificates issued to other CAs. * * @param selector The CRL selector to use to find the CRLs. * @return A possible empty collection with CRLs * @throws StoreException */ public Collection getAuthorityRevocationLists(X509CRLStoreSelector selector) throws StoreException { String[] attrs = splitString(params.getAuthorityRevocationListAttribute()); String attrNames[] = splitString(params .getLdapAuthorityRevocationListAttributeName()); String issuerAttributeNames[] = splitString(params .getAuthorityRevocationListIssuerAttributeName()); List list = cRLIssuerSearch(selector, attrs, attrNames, issuerAttributeNames); Set resultSet = createCRLs(list, selector); if (resultSet.size() == 0) { X509CRLStoreSelector emptySelector = new X509CRLStoreSelector(); list = cRLIssuerSearch(emptySelector, attrs, attrNames, issuerAttributeNames); resultSet.addAll(createCRLs(list, selector)); } return resultSet; } /** * Returns the revocation list for revoked attribute certificates. * <p/> * The attributeCertificateRevocationList holds a list of attribute * certificates that have been revoked. * * @param selector The CRL selector to use to find the CRLs. * @return A possible empty collection with CRLs. * @throws StoreException */ public Collection getAttributeCertificateRevocationLists( X509CRLStoreSelector selector) throws StoreException { String[] attrs = splitString(params .getAttributeCertificateRevocationListAttribute()); String attrNames[] = splitString(params .getLdapAttributeCertificateRevocationListAttributeName()); String issuerAttributeNames[] = splitString(params .getAttributeCertificateRevocationListIssuerAttributeName()); List list = cRLIssuerSearch(selector, attrs, attrNames, issuerAttributeNames); Set resultSet = createCRLs(list, selector); if (resultSet.size() == 0) { X509CRLStoreSelector emptySelector = new X509CRLStoreSelector(); list = cRLIssuerSearch(emptySelector, attrs, attrNames, issuerAttributeNames); resultSet.addAll(createCRLs(list, selector)); }⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -