org.keycloak.authentication.authenticators.x509.CertificateValidator.CRLFileLoader クラス

org.keycloak.authentication.authenticators.x509.CertificateValidator.CRLFileLoader の継承関係図

org.keycloak.authentication.authenticators.x509.CertificateValidator.CRLFileLoader 連携図

公開メンバ関数
	CRLFileLoader (String cRLPath)
	CRLFileLoader (String cRLPath, LdapContext ldapContext)
Collection< X509CRL >	getX509CRLs () throws GeneralSecurityException

非公開メンバ関数
Collection< X509CRL >	loadFromURI (CertificateFactory cf, URI remoteURI) throws GeneralSecurityException
Collection< X509CRL >	loadCRLFromLDAP (CertificateFactory cf, URI remoteURI) throws GeneralSecurityException
Collection< X509CRL >	loadCRLFromFile (CertificateFactory cf, String relativePath) throws GeneralSecurityException
X509CRL	loadFromStream (CertificateFactory cf, InputStream is) throws IOException, CRLException

非公開変数類
final String	cRLPath
final LdapContext	ldapContext

詳解

構築子と解体子

CRLFileLoader() [1/2]

org.keycloak.authentication.authenticators.x509.CertificateValidator.CRLFileLoader.CRLFileLoader ( String  cRLPath )

inline

                                             {
            this.cRLPath = cRLPath;
            ldapContext = new LdapContext();
        }

CRLFileLoader() [2/2]

org.keycloak.authentication.authenticators.x509.CertificateValidator.CRLFileLoader.CRLFileLoader ( String  cRLPath, LdapContext  ldapContext  )

inline

                                                                      {
            this.cRLPath = cRLPath;
            this.ldapContext = ldapContext;

            if (ldapContext == null)
                throw new NullPointerException("Context cannot be null");
        }

関数詳解

getX509CRLs()

Collection<X509CRL> org.keycloak.authentication.authenticators.x509.CertificateValidator.CRLFileLoader.getX509CRLs ( ) throws GeneralSecurityException

inline

                                                                                 {
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            Collection<X509CRL> crlColl = null;

            if (cRLPath != null) {
                if (cRLPath.startsWith("http") || cRLPath.startsWith("https")) {
                    // load CRL using remote URI
                    try {
                        crlColl = loadFromURI(cf, new URI(cRLPath));
                    } catch (URISyntaxException e) {
                        logger.error(e.getMessage());
                    }
                } else if (cRLPath.startsWith("ldap")) {
                    // load CRL from LDAP
                    try {
                        crlColl = loadCRLFromLDAP(cf, new URI(cRLPath));
                    } catch(URISyntaxException e) {
                        logger.error(e.getMessage());
                    }
                } else {
                    // load CRL from file
                    crlColl = loadCRLFromFile(cf, cRLPath);
                }
            }
            if (crlColl == null || crlColl.size() == 0) {
                String message = String.format("Unable to load CRL from \"%s\"", cRLPath);
                throw new GeneralSecurityException(message);
            }
            return crlColl;
        }

loadCRLFromFile()

Collection<X509CRL> org.keycloak.authentication.authenticators.x509.CertificateValidator.CRLFileLoader.loadCRLFromFile ( CertificateFactory  cf, String  relativePath  ) throws GeneralSecurityException

inlineprivate

                                                                                                                                {
            try {
                String configDir = System.getProperty("jboss.server.config.dir");
                if (configDir != null) {
                    File f = new File(configDir + File.separator + relativePath);
                    if (f.isFile()) {
                        logger.debugf("Loading CRL from %s", f.getAbsolutePath());

                        if (!f.canRead()) {
                            throw new IOException(String.format("Unable to read CRL from \"%s\"", f.getAbsolutePath()));
                        }
                        X509CRL crl = loadFromStream(cf, new FileInputStream(f.getAbsolutePath()));
                        return Collections.singleton(crl);
                    }
                }
            }
            catch(IOException ex) {
                logger.errorf(ex.getMessage());
            }
            return Collections.emptyList();
        }

loadCRLFromLDAP()

Collection<X509CRL> org.keycloak.authentication.authenticators.x509.CertificateValidator.CRLFileLoader.loadCRLFromLDAP ( CertificateFactory  cf, URI  remoteURI  ) throws GeneralSecurityException

inlineprivate

                                                                                                                          {
            Hashtable<String, String> env = new Hashtable<>(2);
            env.put(Context.INITIAL_CONTEXT_FACTORY, ldapContext.getLdapFactoryClassName());
            env.put(Context.PROVIDER_URL, remoteURI.toString());

            try {
                DirContext ctx = new InitialDirContext(env);
                try {
                    Attributes attrs = ctx.getAttributes("");
                    Attribute cRLAttribute = attrs.get("certificateRevocationList;binary");
                    byte[] data = (byte[])cRLAttribute.get();
                    if (data == null || data.length == 0) {
                        throw new CertificateException(String.format("Failed to download CRL from \"%s\"", remoteURI.toString()));
                    }
                    X509CRL crl = loadFromStream(cf, new ByteArrayInputStream(data));
                    return Collections.singleton(crl);
                } finally {
                    ctx.close();
                }
            } catch (NamingException e) {
                logger.error(e.getMessage());
            } catch(IOException e) {
                logger.error(e.getMessage());
            }

            return Collections.emptyList();
        }

loadFromStream()

X509CRL org.keycloak.authentication.authenticators.x509.CertificateValidator.CRLFileLoader.loadFromStream ( CertificateFactory  cf, InputStream  is  ) throws IOException, CRLException

inlineprivate

                                                                                                               {
            DataInputStream dis = new DataInputStream(is);
            X509CRL crl = (X509CRL)cf.generateCRL(dis);
            dis.close();
            return crl;
        }

loadFromURI()

Collection<X509CRL> org.keycloak.authentication.authenticators.x509.CertificateValidator.CRLFileLoader.loadFromURI ( CertificateFactory  cf, URI  remoteURI  ) throws GeneralSecurityException

inlineprivate

                                                                                                                      {
            try {
                logger.debugf("Loading CRL from %s", remoteURI.toString());

                URLConnection conn = remoteURI.toURL().openConnection();
                conn.setDoInput(true);
                conn.setUseCaches(false);
                X509CRL crl = loadFromStream(cf, conn.getInputStream());
                return Collections.singleton(crl);
            }
            catch(IOException ex) {
                logger.errorf(ex.getMessage());
            }
            return Collections.emptyList();

        }

メンバ詳解

cRLPath

final String org.keycloak.authentication.authenticators.x509.CertificateValidator.CRLFileLoader.cRLPath

private

ldapContext

final LdapContext org.keycloak.authentication.authenticators.x509.CertificateValidator.CRLFileLoader.ldapContext

private

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/authentication/authenticators/x509/CertificateValidator.java