📄 ldapstorehelper.java
字号:
return resultSet; } /** * Returns the revocation list for revoked attribute certificates for an * attribute authority * <p/> * The attributeAuthorityList holds a list of AA certificates that have been * revoked. * * @param selector The CRL selector to use to find the CRLs. * @return A possible empty collection with CRLs * @throws StoreException */ public Collection getAttributeAuthorityRevocationLists( X509CRLStoreSelector selector) throws StoreException { String[] attrs = splitString(params.getAttributeAuthorityRevocationListAttribute()); String attrNames[] = splitString(params .getLdapAttributeAuthorityRevocationListAttributeName()); String issuerAttributeNames[] = splitString(params .getAttributeAuthorityRevocationListIssuerAttributeName()); List list = cRLIssuerSearch(selector, attrs, attrNames, issuerAttributeNames); Set resultSet = createCRLs(list, selector); if (resultSet.size() == 0) { X509CRLStoreSelector emptySelector = new X509CRLStoreSelector(); list = cRLIssuerSearch(emptySelector, attrs, attrNames, issuerAttributeNames); resultSet.addAll(createCRLs(list, selector)); } return resultSet; } /** * Returns cross certificate pairs. * * @param selector The selector to use to find the cross certificates. * @return A possible empty collection with {@link X509CertificatePair}s * @throws StoreException */ public Collection getCrossCertificatePairs( X509CertPairStoreSelector selector) throws StoreException { String[] attrs = splitString(params.getCrossCertificateAttribute()); String attrNames[] = splitString(params.getLdapCrossCertificateAttributeName()); String subjectAttributeNames[] = splitString(params .getCrossCertificateSubjectAttributeName()); List list = crossCertificatePairSubjectSearch(selector, attrs, attrNames, subjectAttributeNames); Set resultSet = createCrossCertificatePairs(list, selector); if (resultSet.size() == 0) { X509CertStoreSelector emptyCertselector = new X509CertStoreSelector(); X509CertPairStoreSelector emptySelector = new X509CertPairStoreSelector(); emptySelector.setForwardSelector(emptyCertselector); emptySelector.setReverseSelector(emptyCertselector); list = crossCertificatePairSubjectSearch(emptySelector, attrs, attrNames, subjectAttributeNames); resultSet.addAll(createCrossCertificatePairs(list, selector)); } return resultSet; } /** * Returns end certificates. * <p/> * The attributeDescriptorCertificate is self signed by a source of * authority and holds a description of the privilege and its delegation * rules. * * @param selector The selector to find the certificates. * @return A possible empty collection with certificates. * @throws StoreException */ public Collection getUserCertificates(X509CertStoreSelector selector) throws StoreException { String[] attrs = splitString(params.getUserCertificateAttribute()); String attrNames[] = splitString(params.getLdapUserCertificateAttributeName()); String subjectAttributeNames[] = splitString(params .getUserCertificateSubjectAttributeName()); List list = certSubjectSerialSearch(selector, attrs, attrNames, subjectAttributeNames); Set resultSet = createCerts(list, selector); if (resultSet.size() == 0) { X509CertStoreSelector emptySelector = new X509CertStoreSelector(); list = certSubjectSerialSearch(emptySelector, attrs, attrNames, subjectAttributeNames); resultSet.addAll(createCerts(list, selector)); } return resultSet; } /** * Returns attribute certificates for an attribute authority * <p/> * The aAcertificate holds the privileges of an attribute authority. * * @param selector The selector to find the attribute certificates. * @return A possible empty collection with attribute certificates. * @throws StoreException */ public Collection getAACertificates(X509AttributeCertStoreSelector selector) throws StoreException { String[] attrs = splitString(params.getAACertificateAttribute()); String attrNames[] = splitString(params.getLdapAACertificateAttributeName()); String subjectAttributeNames[] = splitString(params.getAACertificateSubjectAttributeName()); List list = attrCertSubjectSerialSearch(selector, attrs, attrNames, subjectAttributeNames); Set resultSet = createAttributeCertificates(list, selector); if (resultSet.size() == 0) { X509AttributeCertStoreSelector emptySelector = new X509AttributeCertStoreSelector(); list = attrCertSubjectSerialSearch(emptySelector, attrs, attrNames, subjectAttributeNames); resultSet.addAll(createAttributeCertificates(list, selector)); } return resultSet; } /** * Returns an attribute certificate for an authority * <p/> * The attributeDescriptorCertificate is self signed by a source of * authority and holds a description of the privilege and its delegation * rules. * * @param selector The selector to find the attribute certificates. * @return A possible empty collection with attribute certificates. * @throws StoreException */ public Collection getAttributeDescriptorCertificates( X509AttributeCertStoreSelector selector) throws StoreException { String[] attrs = splitString(params.getAttributeDescriptorCertificateAttribute()); String attrNames[] = splitString(params .getLdapAttributeDescriptorCertificateAttributeName()); String subjectAttributeNames[] = splitString(params .getAttributeDescriptorCertificateSubjectAttributeName()); List list = attrCertSubjectSerialSearch(selector, attrs, attrNames, subjectAttributeNames); Set resultSet = createAttributeCertificates(list, selector); if (resultSet.size() == 0) { X509AttributeCertStoreSelector emptySelector = new X509AttributeCertStoreSelector(); list = attrCertSubjectSerialSearch(emptySelector, attrs, attrNames, subjectAttributeNames); resultSet.addAll(createAttributeCertificates(list, selector)); } return resultSet; } /** * Returns CA certificates. * <p/> * The cACertificate attribute of a CA's directory entry shall be used to * store self-issued certificates (if any) and certificates issued to this * CA by CAs in the same realm as this CA. * * @param selector The selector to find the certificates. * @return A possible empty collection with certificates. * @throws StoreException */ public Collection getCACertificates(X509CertStoreSelector selector) throws StoreException { String[] attrs = splitString(params.getCACertificateAttribute()); String attrNames[] = splitString(params.getLdapCACertificateAttributeName()); String subjectAttributeNames[] = splitString(params .getCACertificateSubjectAttributeName()); List list = certSubjectSerialSearch(selector, attrs, attrNames, subjectAttributeNames); Set resultSet = createCerts(list, selector); if (resultSet.size() == 0) { X509CertStoreSelector emptySelector = new X509CertStoreSelector(); list = certSubjectSerialSearch(emptySelector, attrs, attrNames, subjectAttributeNames); resultSet.addAll(createCerts(list, selector)); } return resultSet; } /** * Returns the delta revocation list for revoked certificates. * * @param selector The CRL selector to use to find the CRLs. * @return A possible empty collection with CRLs. * @throws StoreException */ public Collection getDeltaCertificateRevocationLists( X509CRLStoreSelector selector) throws StoreException { String[] attrs = splitString(params.getDeltaRevocationListAttribute()); String attrNames[] = splitString(params.getLdapDeltaRevocationListAttributeName()); String issuerAttributeNames[] = splitString(params .getDeltaRevocationListIssuerAttributeName()); List list = cRLIssuerSearch(selector, attrs, attrNames, issuerAttributeNames); Set resultSet = createCRLs(list, selector); if (resultSet.size() == 0) { X509CRLStoreSelector emptySelector = new X509CRLStoreSelector(); list = cRLIssuerSearch(emptySelector, attrs, attrNames, issuerAttributeNames); resultSet.addAll(createCRLs(list, selector)); } return resultSet; } /** * Returns an attribute certificate for an user. * <p/> * The attributeCertificateAttribute holds the privileges of a user * * @param selector The selector to find the attribute certificates. * @return A possible empty collection with attribute certificates. * @throws StoreException */ public Collection getAttributeCertificateAttributes( X509AttributeCertStoreSelector selector) throws StoreException { String[] attrs = splitString(params.getAttributeCertificateAttributeAttribute()); String attrNames[] = splitString(params .getLdapAttributeCertificateAttributeAttributeName()); String subjectAttributeNames[] = splitString(params .getAttributeCertificateAttributeSubjectAttributeName()); List list = attrCertSubjectSerialSearch(selector, attrs, attrNames, subjectAttributeNames); Set resultSet = createAttributeCertificates(list, selector); if (resultSet.size() == 0) { X509AttributeCertStoreSelector emptySelector = new X509AttributeCertStoreSelector(); list = attrCertSubjectSerialSearch(emptySelector, attrs, attrNames, subjectAttributeNames); resultSet.addAll(createAttributeCertificates(list, selector)); } return resultSet; } /** * Returns the certificate revocation lists for revoked certificates. * * @param selector The CRL selector to use to find the CRLs. * @return A possible empty collection with CRLs. * @throws StoreException */ public Collection getCertificateRevocationLists( X509CRLStoreSelector selector) throws StoreException { String[] attrs = splitString(params.getCertificateRevocationListAttribute()); String attrNames[] = splitString(params .getLdapCertificateRevocationListAttributeName()); String issuerAttributeNames[] = splitString(params .getCertificateRevocationListIssuerAttributeName()); List list = cRLIssuerSearch(selector, attrs, attrNames, issuerAttributeNames); Set resultSet = createCRLs(list, selector); if (resultSet.size() == 0) { X509CRLStoreSelector emptySelector = new X509CRLStoreSelector(); list = cRLIssuerSearch(emptySelector, attrs, attrNames, issuerAttributeNames); resultSet.addAll(createCRLs(list, selector)); } return resultSet; } private Map cacheMap = new HashMap(cacheSize); private static int cacheSize = 32; private static long lifeTime = 60 * 1000; private synchronized void addToCache(String searchCriteria, List list) { Date now = new Date(System.currentTimeMillis()); List cacheEntry = new ArrayList(); cacheEntry.add(now); cacheEntry.add(list); if (cacheMap.containsKey(searchCriteria)) { cacheMap.put(searchCriteria, cacheEntry); } else { if (cacheMap.size() >= cacheSize) { // replace oldest Iterator it = cacheMap.entrySet().iterator(); long oldest = now.getTime(); Object replace = null; while (it.hasNext()) { Map.Entry entry = (Map.Entry)it.next(); long current = ((Date)((List)entry.getValue()).get(0)) .getTime(); if (current < oldest) { oldest = current; replace = entry.getKey(); } } cacheMap.remove(replace); } cacheMap.put(searchCriteria, cacheEntry); } } private List getFromCache(String searchCriteria) { List entry = (List)cacheMap.get(searchCriteria); long now = System.currentTimeMillis(); if (entry != null) { // too old if (((Date)entry.get(0)).getTime() < (now - lifeTime)) { return null; } return (List)entry.get(1); } return null; } /* * spilt string based on spaces */ private String[] splitString(String str) { return str.split("\\s+"); } private String getSubjectAsString(X509CertStoreSelector xselector) { try { byte[] encSubject = xselector.getSubjectAsBytes(); if (encSubject != null) { return new X500Principal(encSubject).getName("RFC1779"); } } catch (IOException e) { throw new StoreException("exception processing name: " + e.getMessage(), e); } return null; } private X500Principal getCertificateIssuer(X509Certificate cert) { return cert.getIssuerX500Principal(); }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -