print Print
Logo: Stiftung Secure Information and Communication Technologies SIC Stiftung Secure Information and Communication Technologies SIC

LDAP Search

IAIK-JCE class LdapURLConnection  allows to easily search an ldap directory for certificates, attribute certificates or certificate revocation lists in a way as accustomed from the java.net URL framework. In its most simple case you only will have to create an LdapURLConnection object by calling method openConnection on an LDAP URL object, set -- if required -- any request properties, and finally call method getInputStream or getContent for reading the search result, e.g.:

System.getProperties().put("java.protocol.handler.pkgs",
                           "iaik.x509.net");
// the ldap url
 URL url = new URL("ldap://...");
 // open connection
 LdapURLConnection con = (LdapURLConnection)url.openConnection();
 ...
 // set any request properties (if required)
 ...
 // connect to the ldap server and read the result:
 X509CRL crl = (X509CRL)con.getContent();

For downloading a CRL from its (http or ldap) distribution point you simple can use method loadCrl of the DistributionPoint class. With this method you can download any referenced CRL(s) immediately while stepping through the distribution points contained in an CRLDistributionPoints extension of a certificate, e.g.:

X509Certificate cert = ...;
 ...
 // get CRLDistributionPoints extension
 CRLDistributionPoints cRLDistributionPoints = cert.getExtension(CRLDistributionPoints.oid);
 if (cRLDistributionPoints != null) {
   // get DistributionPoints
   Enumeration e = cRLDistributionPoints.getDistributionPoints();
     while (e.hasMoreElements()) {
     DistributionPoint dp = (DistributionPoint)e.nextElement();
     if (dp.containsUriDpName()) {
       // download crl
       X509CRL crl = dp.loadCrl();
       ...
     }
   }
 }

IAIK-JCE also contains command line utilities (see sub-directory cmd/ldapSearch of the IAIK-JCE distribution) for searching an LDAP directory for certificates, attribute certificates and certificate revocation lists.

See also tech tip "LDAP for the Java™ NET URL framework" Part 1 and Part 2 .

 

print Print