org.bouncycastle.x509.util
Class LDAPStoreHelper
java.lang.Object
org.bouncycastle.x509.util.LDAPStoreHelper
public class LDAPStoreHelper
extends java.lang.Object
This is a general purpose implementation to get X.509 certificates, CRLs,
attribute certificates and cross certificates from a LDAP location.
At first a search is performed in the ldap*AttributeNames of the
X509LDAPCertStoreParameters
with the given
information of the subject (for all kind of certificates) or issuer (for
CRLs), respectively, if a
X509CertStoreSelector
or
X509AttributeCertificate
is given with that
details.
For the used schemes see:
getAACertificates
public Collection getAACertificates(X509AttributeCertStoreSelector selector)
throws org.bouncycastle.util.StoreException
Returns attribute certificates for an attribute authority
The aAcertificate holds the privileges of an attribute authority.
selector
- The selector to find the attribute certificates.
- A possible empty collection with attribute certificates.
org.bouncycastle.util.StoreException
-
getAttributeAuthorityRevocationLists
public Collection getAttributeAuthorityRevocationLists(X509CRLStoreSelector selector)
throws org.bouncycastle.util.StoreException
Returns the revocation list for revoked attribute certificates for an
attribute authority
The attributeAuthorityList holds a list of AA certificates that have been
revoked.
selector
- The CRL selector to use to find the CRLs.
- A possible empty collection with CRLs
org.bouncycastle.util.StoreException
-
getAttributeCertificateAttributes
public Collection getAttributeCertificateAttributes(X509AttributeCertStoreSelector selector)
throws org.bouncycastle.util.StoreException
Returns an attribute certificate for an user.
The attributeCertificateAttribute holds the privileges of a user
selector
- The selector to find the attribute certificates.
- A possible empty collection with attribute certificates.
org.bouncycastle.util.StoreException
-
getAttributeCertificateRevocationLists
public Collection getAttributeCertificateRevocationLists(X509CRLStoreSelector selector)
throws org.bouncycastle.util.StoreException
Returns the revocation list for revoked attribute certificates.
The attributeCertificateRevocationList holds a list of attribute
certificates that have been revoked.
selector
- The CRL selector to use to find the CRLs.
- A possible empty collection with CRLs.
org.bouncycastle.util.StoreException
-
getAttributeDescriptorCertificates
public Collection getAttributeDescriptorCertificates(X509AttributeCertStoreSelector selector)
throws org.bouncycastle.util.StoreException
Returns an attribute certificate for an authority
The attributeDescriptorCertificate is self signed by a source of
authority and holds a description of the privilege and its delegation
rules.
selector
- The selector to find the attribute certificates.
- A possible empty collection with attribute certificates.
org.bouncycastle.util.StoreException
-
getAuthorityRevocationLists
public Collection getAuthorityRevocationLists(X509CRLStoreSelector selector)
throws org.bouncycastle.util.StoreException
Returns the CRLs for issued certificates for other CAs matching the given
selector.
The authorityRevocationList attribute includes revocation information
regarding certificates issued to other CAs.
selector
- The CRL selector to use to find the CRLs.
- A possible empty collection with CRLs
org.bouncycastle.util.StoreException
-
getCACertificates
public Collection getCACertificates(X509CertStoreSelector selector)
throws org.bouncycastle.util.StoreException
Returns CA certificates.
The cACertificate attribute of a CA's directory entry shall be used to
store self-issued certificates (if any) and certificates issued to this
CA by CAs in the same realm as this CA.
selector
- The selector to find the certificates.
- A possible empty collection with certificates.
org.bouncycastle.util.StoreException
-
getCertificateRevocationLists
public Collection getCertificateRevocationLists(X509CRLStoreSelector selector)
throws org.bouncycastle.util.StoreException
Returns the certificate revocation lists for revoked certificates.
selector
- The CRL selector to use to find the CRLs.
- A possible empty collection with CRLs.
org.bouncycastle.util.StoreException
-
getCrossCertificatePairs
public Collection getCrossCertificatePairs(X509CertPairStoreSelector selector)
throws org.bouncycastle.util.StoreException
Returns cross certificate pairs.
selector
- The selector to use to find the cross certificates.
org.bouncycastle.util.StoreException
-
getDeltaCertificateRevocationLists
public Collection getDeltaCertificateRevocationLists(X509CRLStoreSelector selector)
throws org.bouncycastle.util.StoreException
Returns the delta revocation list for revoked certificates.
selector
- The CRL selector to use to find the CRLs.
- A possible empty collection with CRLs.
org.bouncycastle.util.StoreException
-
getUserCertificates
public Collection getUserCertificates(X509CertStoreSelector selector)
throws org.bouncycastle.util.StoreException
Returns end certificates.
The attributeDescriptorCertificate is self signed by a source of
authority and holds a description of the privilege and its delegation
rules.
selector
- The selector to find the certificates.
- A possible empty collection with certificates.
org.bouncycastle.util.StoreException
-