author | shade |
Tue, 01 Oct 2019 15:38:27 +0200 | |
changeset 58429 | eba8b29bf528 |
parent 48575 | 2ce508de5c77 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
48575 | 2 |
* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
||
4039
afadb206ca44
6889552: Sun provider should not require LDAP CertStore to be present
alanb
parents:
2
diff
changeset
|
26 |
package sun.security.provider.certpath.ldap; |
2 | 27 |
|
28 |
import java.net.URI; |
|
29 |
import java.security.*; |
|
30 |
import java.security.cert.*; |
|
32502
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
30506
diff
changeset
|
31 |
import java.util.*; |
2 | 32 |
import sun.security.util.Cache; |
33 |
import sun.security.util.Debug; |
|
34 |
||
35 |
/** |
|
36 |
* A <code>CertStore</code> that retrieves <code>Certificates</code> and |
|
37 |
* <code>CRL</code>s from an LDAP directory, using the PKIX LDAP V2 Schema |
|
38 |
* (RFC 2587): |
|
39 |
* <a href="http://www.ietf.org/rfc/rfc2587.txt"> |
|
40 |
* http://www.ietf.org/rfc/rfc2587.txt</a>. |
|
41 |
* <p> |
|
42 |
* Before calling the {@link #engineGetCertificates engineGetCertificates} or |
|
43 |
* {@link #engineGetCRLs engineGetCRLs} methods, the |
|
44 |
* {@link #LDAPCertStore(CertStoreParameters) |
|
45 |
* LDAPCertStore(CertStoreParameters)} constructor is called to create the |
|
46 |
* <code>CertStore</code> and establish the DNS name and port of the LDAP |
|
47 |
* server from which <code>Certificate</code>s and <code>CRL</code>s will be |
|
48 |
* retrieved. |
|
49 |
* <p> |
|
50 |
* <b>Concurrent Access</b> |
|
51 |
* <p> |
|
52 |
* As described in the javadoc for <code>CertStoreSpi</code>, the |
|
53 |
* <code>engineGetCertificates</code> and <code>engineGetCRLs</code> methods |
|
54 |
* must be thread-safe. That is, multiple threads may concurrently |
|
55 |
* invoke these methods on a single <code>LDAPCertStore</code> object |
|
56 |
* (or more than one) with no ill effects. This allows a |
|
57 |
* <code>CertPathBuilder</code> to search for a CRL while simultaneously |
|
58 |
* searching for further certificates, for instance. |
|
59 |
* <p> |
|
60 |
* This is achieved by adding the <code>synchronized</code> keyword to the |
|
61 |
* <code>engineGetCertificates</code> and <code>engineGetCRLs</code> methods. |
|
62 |
* <p> |
|
63 |
* This classes uses caching and requests multiple attributes at once to |
|
64 |
* minimize LDAP round trips. The cache is associated with the CertStore |
|
65 |
* instance. It uses soft references to hold the values to minimize impact |
|
66 |
* on footprint and currently has a maximum size of 750 attributes and a |
|
67 |
* 30 second default lifetime. |
|
68 |
* <p> |
|
69 |
* We always request CA certificates, cross certificate pairs, and ARLs in |
|
70 |
* a single LDAP request when any one of them is needed. The reason is that |
|
71 |
* we typically need all of them anyway and requesting them in one go can |
|
72 |
* reduce the number of requests to a third. Even if we don't need them, |
|
73 |
* these attributes are typically small enough not to cause a noticeable |
|
74 |
* overhead. In addition, when the prefetchCRLs flag is true, we also request |
|
75 |
* the full CRLs. It is currently false initially but set to true once any |
|
76 |
* request for an ARL to the server returns an null value. The reason is |
|
77 |
* that CRLs could be rather large but are rarely used. This implementation |
|
78 |
* should improve performance in most cases. |
|
79 |
* |
|
80 |
* @see java.security.cert.CertStore |
|
81 |
* |
|
82 |
* @since 1.4 |
|
83 |
* @author Steve Hanna |
|
84 |
* @author Andreas Sterbenz |
|
85 |
*/ |
|
10782
01689c7b34ac
6953295: Move few sun.security.{util, x509, pkcs} classes used by keytool/jarsigner to another package
mullan
parents:
10369
diff
changeset
|
86 |
public final class LDAPCertStore extends CertStoreSpi { |
2 | 87 |
|
88 |
private static final Debug debug = Debug.getInstance("certpath"); |
|
89 |
||
30506
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
90 |
private String ldapDN; |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
91 |
|
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
92 |
private LDAPCertStoreImpl impl; |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
93 |
|
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
94 |
public LDAPCertStore(CertStoreParameters params) |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
95 |
throws InvalidAlgorithmParameterException { |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
96 |
super(params); |
2 | 97 |
|
30506
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
98 |
String serverName; |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
99 |
int port; |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
100 |
String dn = null; |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
101 |
if (params == null) { |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
102 |
throw new InvalidAlgorithmParameterException( |
32502
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
30506
diff
changeset
|
103 |
"Parameters required for LDAP certstore"); |
30506
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
104 |
} |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
105 |
if (params instanceof LDAPCertStoreParameters) { |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
106 |
LDAPCertStoreParameters p = (LDAPCertStoreParameters) params; |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
107 |
serverName = p.getServerName(); |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
108 |
port = p.getPort(); |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
109 |
} else if (params instanceof URICertStoreParameters) { |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
110 |
URICertStoreParameters p = (URICertStoreParameters) params; |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
111 |
URI u = p.getURI(); |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
112 |
if (!u.getScheme().equalsIgnoreCase("ldap")) { |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
113 |
throw new InvalidAlgorithmParameterException( |
32502
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
30506
diff
changeset
|
114 |
"Unsupported scheme '" + u.getScheme() |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
30506
diff
changeset
|
115 |
+ "', only LDAP URIs are supported " |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
30506
diff
changeset
|
116 |
+ "for LDAP certstore"); |
30506
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
117 |
} |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
118 |
// Use the same default values as in LDAPCertStoreParameters |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
119 |
// if unspecified in URI |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
120 |
serverName = u.getHost(); |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
121 |
if (serverName == null) { |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
122 |
serverName = "localhost"; |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
123 |
} |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
124 |
port = u.getPort(); |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
125 |
if (port == -1) { |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
126 |
port = 389; |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
127 |
} |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
128 |
dn = u.getPath(); |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
129 |
if (dn != null && dn.charAt(0) == '/') { |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
130 |
dn = dn.substring(1); |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
131 |
} |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
132 |
} else { |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
133 |
throw new InvalidAlgorithmParameterException( |
32502
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
30506
diff
changeset
|
134 |
"Parameters must be either LDAPCertStoreParameters or " |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
30506
diff
changeset
|
135 |
+ "URICertStoreParameters, but instance of " |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
30506
diff
changeset
|
136 |
+ params.getClass().getName() + " passed"); |
30506
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
137 |
} |
2 | 138 |
|
48575 | 139 |
SecurityManager security = System.getSecurityManager(); |
140 |
if (security != null) { |
|
141 |
security.checkConnect(serverName, port); |
|
142 |
} |
|
143 |
||
30506
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
144 |
Key k = new Key(serverName, port); |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
145 |
LDAPCertStoreImpl lci = certStoreCache.get(k); |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
146 |
if (lci == null) { |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
147 |
this.impl = new LDAPCertStoreImpl(serverName, port); |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
148 |
certStoreCache.put(k, impl); |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
149 |
} else { |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
150 |
this.impl = lci; |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
151 |
if (debug != null) { |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
152 |
debug.println("LDAPCertStore.getInstance: cache hit"); |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
153 |
} |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
154 |
} |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
155 |
this.ldapDN = dn; |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
156 |
} |
2 | 157 |
|
30506
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
158 |
private static class Key { |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
159 |
volatile int hashCode; |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
160 |
|
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
161 |
String serverName; |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
162 |
int port; |
2 | 163 |
|
30506
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
164 |
Key(String serverName, int port) { |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
165 |
this.serverName = serverName; |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
166 |
this.port = port; |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
167 |
} |
22089
ba496138fa35
8030813: Signed applet fails to load when CRLs are stored in an LDAP directory
mullan
parents:
10785
diff
changeset
|
168 |
|
30506
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
169 |
@Override |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
170 |
public boolean equals(Object obj) { |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
171 |
if (!(obj instanceof Key)) { |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
172 |
return false; |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
173 |
} |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
174 |
Key key = (Key) obj; |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
175 |
return (port == key.port && |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
176 |
serverName.equalsIgnoreCase(key.serverName)); |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
177 |
} |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
178 |
|
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
179 |
@Override |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
180 |
public int hashCode() { |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
181 |
if (hashCode == 0) { |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
182 |
int result = 17; |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
183 |
result = 37*result + port; |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
184 |
result = 37*result + |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
185 |
serverName.toLowerCase(Locale.ENGLISH).hashCode(); |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
186 |
hashCode = result; |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
187 |
} |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
188 |
return hashCode; |
2 | 189 |
} |
190 |
} |
|
191 |
||
192 |
/** |
|
30506
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
193 |
* Returns an LDAPCertStoreImpl object. This method consults a cache of |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
194 |
* LDAPCertStoreImpl objects (shared per JVM) using the corresponding |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
195 |
* LDAP server name and port info as a key. |
2 | 196 |
*/ |
30506
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
197 |
private static final Cache<Key, LDAPCertStoreImpl> |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
198 |
certStoreCache = Cache.newSoftMemoryCache(185); |
2 | 199 |
|
30506
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
200 |
// Exist solely for regression test for ensuring that caching is done |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
201 |
static synchronized LDAPCertStoreImpl getInstance(LDAPCertStoreParameters params) |
2 | 202 |
throws NoSuchAlgorithmException, InvalidAlgorithmParameterException { |
30506
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
203 |
String serverName = params.getServerName(); |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
204 |
int port = params.getPort(); |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
205 |
Key k = new Key(serverName, port); |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
206 |
LDAPCertStoreImpl lci = certStoreCache.get(k); |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
207 |
if (lci == null) { |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
208 |
lci = new LDAPCertStoreImpl(serverName, port); |
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
209 |
certStoreCache.put(k, lci); |
2 | 210 |
} else { |
211 |
if (debug != null) { |
|
212 |
debug.println("LDAPCertStore.getInstance: cache hit"); |
|
213 |
} |
|
214 |
} |
|
30506
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
215 |
return lci; |
2 | 216 |
} |
217 |
||
218 |
/** |
|
219 |
* Returns a <code>Collection</code> of <code>Certificate</code>s that |
|
220 |
* match the specified selector. If no <code>Certificate</code>s |
|
221 |
* match the selector, an empty <code>Collection</code> will be returned. |
|
222 |
* <p> |
|
223 |
* It is not practical to search every entry in the LDAP database for |
|
224 |
* matching <code>Certificate</code>s. Instead, the <code>CertSelector</code> |
|
225 |
* is examined in order to determine where matching <code>Certificate</code>s |
|
226 |
* are likely to be found (according to the PKIX LDAPv2 schema, RFC 2587). |
|
227 |
* If the subject is specified, its directory entry is searched. If the |
|
228 |
* issuer is specified, its directory entry is searched. If neither the |
|
229 |
* subject nor the issuer are specified (or the selector is not an |
|
230 |
* <code>X509CertSelector</code>), a <code>CertStoreException</code> is |
|
231 |
* thrown. |
|
232 |
* |
|
233 |
* @param selector a <code>CertSelector</code> used to select which |
|
234 |
* <code>Certificate</code>s should be returned. |
|
235 |
* @return a <code>Collection</code> of <code>Certificate</code>s that |
|
236 |
* match the specified selector |
|
237 |
* @throws CertStoreException if an exception occurs |
|
238 |
*/ |
|
32502
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
30506
diff
changeset
|
239 |
@Override |
2 | 240 |
public synchronized Collection<X509Certificate> engineGetCertificates |
241 |
(CertSelector selector) throws CertStoreException { |
|
242 |
if (debug != null) { |
|
243 |
debug.println("LDAPCertStore.engineGetCertificates() selector: " |
|
244 |
+ String.valueOf(selector)); |
|
245 |
} |
|
246 |
if (selector == null) { |
|
247 |
selector = new X509CertSelector(); |
|
30506
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
248 |
} else if (!(selector instanceof X509CertSelector)) { |
32502
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
30506
diff
changeset
|
249 |
throw new CertStoreException("Need X509CertSelector to find certs, " |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
30506
diff
changeset
|
250 |
+ "but instance of " + selector.getClass().getName() |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
30506
diff
changeset
|
251 |
+ " passed"); |
2 | 252 |
} |
30506
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
253 |
return impl.getCertificates((X509CertSelector) selector, ldapDN); |
2 | 254 |
} |
255 |
||
256 |
/** |
|
257 |
* Returns a <code>Collection</code> of <code>CRL</code>s that |
|
258 |
* match the specified selector. If no <code>CRL</code>s |
|
259 |
* match the selector, an empty <code>Collection</code> will be returned. |
|
260 |
* <p> |
|
261 |
* It is not practical to search every entry in the LDAP database for |
|
262 |
* matching <code>CRL</code>s. Instead, the <code>CRLSelector</code> |
|
263 |
* is examined in order to determine where matching <code>CRL</code>s |
|
264 |
* are likely to be found (according to the PKIX LDAPv2 schema, RFC 2587). |
|
265 |
* If issuerNames or certChecking are specified, the issuer's directory |
|
266 |
* entry is searched. If neither issuerNames or certChecking are specified |
|
267 |
* (or the selector is not an <code>X509CRLSelector</code>), a |
|
268 |
* <code>CertStoreException</code> is thrown. |
|
269 |
* |
|
270 |
* @param selector A <code>CRLSelector</code> used to select which |
|
271 |
* <code>CRL</code>s should be returned. Specify <code>null</code> |
|
272 |
* to return all <code>CRL</code>s. |
|
273 |
* @return A <code>Collection</code> of <code>CRL</code>s that |
|
274 |
* match the specified selector |
|
275 |
* @throws CertStoreException if an exception occurs |
|
276 |
*/ |
|
32502
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
30506
diff
changeset
|
277 |
@Override |
2 | 278 |
public synchronized Collection<X509CRL> engineGetCRLs(CRLSelector selector) |
279 |
throws CertStoreException { |
|
280 |
if (debug != null) { |
|
281 |
debug.println("LDAPCertStore.engineGetCRLs() selector: " |
|
282 |
+ selector); |
|
283 |
} |
|
284 |
// Set up selector and collection to hold CRLs |
|
285 |
if (selector == null) { |
|
286 |
selector = new X509CRLSelector(); |
|
30506
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
287 |
} else if (!(selector instanceof X509CRLSelector)) { |
32502
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
30506
diff
changeset
|
288 |
throw new CertStoreException("Need X509CRLSelector to find CRLs, " |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
30506
diff
changeset
|
289 |
+ "but instance of " + selector.getClass().getName() |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
30506
diff
changeset
|
290 |
+ " passed"); |
2 | 291 |
} |
30506
1998a5644f50
8038084: CertStore needs a way to add new CertStore types
valeriep
parents:
28429
diff
changeset
|
292 |
return impl.getCRLs((X509CRLSelector) selector, ldapDN); |
2 | 293 |
} |
294 |
} |