AMCertStore.java revision ce4d3fddc8fe2eddd68a20af9570b3cc63ece5ab
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: AMCertStore.java,v 1.5 2009/01/28 05:35:12 ww203982 Exp $
*
* Portions Copyrighted 2014-2015 ForgeRock AS.
*/
/**
* The class is used to manage certificate store in LDAP server
* This class does get certificate with specified attr name and
* value. This class should be used in order to manage certificate
* store in LDAP
**/
public class AMCertStore {
static {
try {
} catch (CertificateException e) {
}
}
/**
* Class AMCertStore is special cased Certificate store for LDAP.
* A AMCertStore instance has to have all the information for ldap.
*
* @param param
*/
storeParam = param;
}
/**
* Return ldap connection for ldap certificate store, or null if an error occured when connecting.
*/
synchronized Connection getConnection() {
/*
* Setup the LDAP certificate directory service context for
* use in verification of the users certificates.
*/
// Regardless of SSL on connection, we will use authentication
if (storeParam.isSecure()) {
try {
} catch (GeneralSecurityException e) {
return null;
}
} else { // non-ssl
}
}
try {
return ldapconn.getConnection();
} catch (LdapException e) {
return null;
}
}
/**
* Return matched ldap result from ldap certificate store, or null if either no results or an error occured.
*
* @param ldc The ldap connection
*/
/*
* Retrieve the DN of the signer of the certificate and
* extract the CN information so we can search the LDAP
* certficate directory.
*/
try {
results = ldc.search(storeParam.getStartLoc(), SearchScope.SUBORDINATES, storeParam.getSearchFilter(),
/*
* The search based on the cn yielded no results
* so return a status of verfication was false.
*/
return null;
}
} catch (Exception e) {
return null;
}
return results;
}
/**
* Return matched ldap entry from ldap certificate store
*
* @param ldc The connection.
*/
/*
* Retrieve the DN of the signer of the certificate and
* extract the CN information so we can search the LDAP
* certficate directory.
*/
try {
} catch (Exception e) {
return null;
}
}
/**
* Return matched certificate from ldap certificate store
*
* @param cert
*/
X509Certificate c = getCertificate();
return c;
}
return null;
}
/**
* Return matched certificate from ldap certificate store
*/
public X509Certificate getCertificate () {
/*
* Lookup the certificate in the LDAP certificate
* directory and compare the values.
*/
return null;
}
// "Found search results for: " + cn , 2);
/*
* Retrieve the certificate from the store
*/
if (certAttribute == null) {
if (certAttribute == null) {
// an end-entity certificate can be a CA certificate
if (certAttribute == null) {
}
if (certAttribute == null) {
continue;
}
}
}
X509Certificate c = null;
try {
} catch (CertificateParsingException e) {
"Error in Certificate parsing : ", e);
}
if (c != null) {
return c;
}
} // inner while
} else {
}
} // outer while
} catch (Exception e) {
"Certificate - Error finding registered certificate = ", e);
}
return null;
}
/**
* Return value of certificate Issuer DN.
*
* @param certificate
* @return The Issuer's DN as String.
*/
}
/**
* Return value of certificate subject DN.
*
* @param certificate
* @return The Subject's DN as String.
*/
}
/**
* Return value of certificate subject DN
*
* @param attrName
* @param attrValue
* @return searchFilter
*/
if (debug.messageEnabled()) {
"ldc.search: using this filter: " + searchFilter);
}
return searchFilter;
}
/**
* Return ldapParam object has all config params
*
* @param serverHost
* @param serverPort
* @param principleUser
* @param principlePasswd
* @param startSearchLoc
* @param uriParamsCRL
* @param isSSL
*/
public static AMLDAPCertStoreParameters setLdapStoreParam(
/*
* Setup the LDAP certificate directory service context for
* use in verification of the users certificates.
*/
(serverHost, serverPort);
isSSL);
return ldapParam;
}
/**
* Return Issuer Certificate if the ldap entry has one
*
* @param ldapParam
* @param cert
* @param attrName
*/
public static X509Certificate getIssuerCertificate (
return null;
}
}
/**
* Return X509 Certificate if the ldap entry has the same one
*
* @param ldapParam
* @param cert
* @param attrName
*/
public static X509Certificate getRegisteredCertificate (
X509Certificate c = null;
return null;
}
if (debug.messageEnabled()) {
}
return c;
} else {
return null;
}
}
/**
* Return X509 Certificate if the ldap entry has one
*
* @param ldapParam
* @param attrName
* @param attrValue
*/
public static X509Certificate getCertificate (
return null;
/*
* Lookup the certificate in the LDAP certificate
* directory and compare the values.
*/
try {
} catch (Exception e) {
if (debug.messageEnabled()) {
"Error finding registered certificate = " , e);
}
}
return ldapcert;
}
/**
* Return true if it is self signed ROOT CA
*
* @param cert
*/
}
}