LDAP Search
IAIK-JCE class
LdapURLConnection
allows to easily search an ldap directory for certificates, attribute certificates or certificate revocation lists in a way as accustomed from the java.net URL framework. In its most simple case you only will have to create an
LdapURLConnection
object by calling method
openConnection
on an LDAP URL object, set -- if required -- any request properties, and finally call method
getInputStream
or
getContent
for reading the search result, e.g.:
System.getProperties().put("java.protocol.handler.pkgs",
"iaik.x509.net");
// the ldap url
URL url = new URL("ldap://...");
// open connection
LdapURLConnection con = (LdapURLConnection)url.openConnection();
...
// set any request properties (if required)
...
// connect to the ldap server and read the result:
X509CRL crl = (X509CRL)con.getContent();
For downloading a CRL from its (http or ldap) distribution point you simple can use method
loadCrl
of the
DistributionPoint
class. With this method you can download any referenced CRL(s) immediately while stepping through the distribution points contained in an
CRLDistributionPoints
extension of a certificate, e.g.:
X509Certificate cert = ...;
...
// get CRLDistributionPoints extension
CRLDistributionPoints cRLDistributionPoints = cert.getExtension(CRLDistributionPoints.oid);
if (cRLDistributionPoints != null) {
// get DistributionPoints
Enumeration e = cRLDistributionPoints.getDistributionPoints();
while (e.hasMoreElements()) {
DistributionPoint dp = (DistributionPoint)e.nextElement();
if (dp.containsUriDpName()) {
// download crl
X509CRL crl = dp.loadCrl();
...
}
}
}
IAIK-JCE also contains command line utilities (see sub-directory
cmd/ldapSearch
of the IAIK-JCE distribution) for searching an LDAP directory for
certificates
,
attribute certificates
and
certificate revocation lists
.
See also tech tip "LDAP for the Java™ NET URL framework"
Part 1
and
Part 2
.
