diff options
author | tknall <tknall@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c> | 2006-12-13 16:00:50 +0000 |
---|---|---|
committer | tknall <tknall@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c> | 2006-12-13 16:00:50 +0000 |
commit | f1db00ea7fce12a186a3c5070d7f46298224c57a (patch) | |
tree | 57580548de8b9841aa4f4008f6b08b54f2789659 | |
parent | af0a15de2b1228e65872cb74935d933735133e5f (diff) | |
download | pdf-as-3-f1db00ea7fce12a186a3c5070d7f46298224c57a.tar.gz pdf-as-3-f1db00ea7fce12a186a3c5070d7f46298224c57a.tar.bz2 pdf-as-3-f1db00ea7fce12a186a3c5070d7f46298224c57a.zip |
ldap support improved
git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@20 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c
9 files changed, 235 insertions, 65 deletions
diff --git a/release/2.32/pdf-as-2.32.jar b/release/2.32/pdf-as-2.32.jar Binary files differindex 6fdcf7f..3a146a8 100644 --- a/release/2.32/pdf-as-2.32.jar +++ b/release/2.32/pdf-as-2.32.jar diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactory.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactory.java index ba58908..998af55 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactory.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactory.java @@ -1,6 +1,7 @@ package at.knowcenter.wag.egov.egiz.ldap.api;
import iaik.security.ecc.provider.ECCProvider;
+import at.knowcenter.wag.egov.egiz.ldap.client.LDAPIssuerNameFilter;
import at.knowcenter.wag.egov.egiz.sig.LDAPAPI;
/**
@@ -14,15 +15,15 @@ public abstract class LDAPAPIFactory { ECCProvider.addAsProvider();
}
- public static synchronized LDAPAPIFactory getInstance() {
+ public static synchronized LDAPAPIFactory getInstance(LDAPIssuerNameFilter ldapIssuerNameFilter) {
if (ldapAPIfactoryInstance == null) {
- ldapAPIfactoryInstance = new LDAPAPIFactoryImpl();
+ ldapAPIfactoryInstance = new LDAPAPIFactoryImpl(ldapIssuerNameFilter);
}
return ldapAPIfactoryInstance;
}
- public synchronized LDAPAPI createLDAPAPI() throws LDAPAPIException {
- return createLDAPAPI(null);
+ public static LDAPAPIFactory getInstance() {
+ return getInstance(null);
}
public abstract LDAPAPI createLDAPAPI(String implClassURI) throws LDAPAPIException;
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactoryImpl.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactoryImpl.java index 340b54a..9750270 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactoryImpl.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactoryImpl.java @@ -4,6 +4,7 @@ import java.util.Hashtable; import org.apache.log4j.Logger;
+import at.knowcenter.wag.egov.egiz.ldap.client.LDAPIssuerNameFilter;
import at.knowcenter.wag.egov.egiz.sig.LDAPAPI;
/**
@@ -13,13 +14,17 @@ public class LDAPAPIFactoryImpl extends LDAPAPIFactory { private static final Logger log = Logger.getLogger(LDAPAPIFactoryImpl.class);
+ // mapping <full qualified class name, LDAPAPI implementation>
private Hashtable<String, LDAPAPI> ldapImpls;
- protected LDAPAPIFactoryImpl() {
- ldapImpls = new Hashtable<String, LDAPAPI>();
+ private LDAPIssuerNameFilter ldapIssuerNameFilter;
+
+ protected LDAPAPIFactoryImpl(LDAPIssuerNameFilter ldapIssuerNameFilter) {
+ this.ldapImpls = new Hashtable<String, LDAPAPI>();
+ this.ldapIssuerNameFilter = ldapIssuerNameFilter;
}
- private static LDAPAPI instantiatelAPIImpl(String implClassURI) throws LDAPAPIException {
+ private LDAPAPI instantiatelAPIImpl(String implClassURI) throws LDAPAPIException {
if (implClassURI == null) {
throw new NullPointerException("URI of implementing class must not be null.");
}
@@ -36,6 +41,7 @@ public class LDAPAPIFactoryImpl extends LDAPAPIFactory { }
ldapAPIImpl = (LDAPAPI) ldapAPIImplObj;
log.info("LDAPAPI implementation successfully instantiated.");
+ ldapAPIImpl.setIssuerNameFilter(this.ldapIssuerNameFilter);
} catch (InstantiationException e) {
throw new LDAPAPIException("Declared implementation of \"" + LDAPAPI.class.getName() + "\" cannot be instantiated.");
} catch (IllegalAccessException e) {
@@ -46,15 +52,16 @@ public class LDAPAPIFactoryImpl extends LDAPAPIFactory { return ldapAPIImpl;
}
+ @Override
public synchronized LDAPAPI createLDAPAPI(String implClassURI) throws LDAPAPIException {
if (implClassURI == null || implClassURI.length() == 0) {
// use internal implementation
implClassURI = LDAPAPIImpl.class.getName();
}
- LDAPAPI impl = ldapImpls.get(implClassURI);
+ LDAPAPI impl = this.ldapImpls.get(implClassURI);
if (impl == null) {
- impl = instantiatelAPIImpl(implClassURI);
- ldapImpls.put(implClassURI, impl);
+ impl = this.instantiatelAPIImpl(implClassURI);
+ this.ldapImpls.put(implClassURI, impl);
}
return impl;
}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIImpl.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIImpl.java index 96409f6..6f4ca72 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIImpl.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIImpl.java @@ -10,97 +10,117 @@ import java.util.List; import org.apache.log4j.Logger;
import at.knowcenter.wag.egov.egiz.cfg.SettingsReader;
-import at.knowcenter.wag.egov.egiz.exceptions.NormalizeException;
import at.knowcenter.wag.egov.egiz.exceptions.SettingNotFoundException;
import at.knowcenter.wag.egov.egiz.exceptions.SettingsException;
import at.knowcenter.wag.egov.egiz.ldap.client.LDAPClient;
import at.knowcenter.wag.egov.egiz.ldap.client.LDAPClientFactory;
import at.knowcenter.wag.egov.egiz.ldap.client.LDAPException;
+import at.knowcenter.wag.egov.egiz.ldap.client.LDAPIssuerNameFilter;
import at.knowcenter.wag.egov.egiz.ldap.client.LDAPMapping;
import at.knowcenter.wag.egov.egiz.sig.LDAPAPI;
-import at.knowcenter.wag.egov.egiz.sig.SignatureObject;
-import at.knowcenter.wag.egov.egiz.tools.Normalizer;
/**
* @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a>
*/
public class LDAPAPIImpl implements LDAPAPI {
- private final Logger log = Logger.getLogger(getClass());
-
+ private final Logger log = Logger.getLogger(this.getClass());
+
/**
* Prefix for specific entry in config properties file.
*/
- private static final String PROP_LDAP_PREFIX = "ldap_mapping";
+ private static final String PROP_LDAP_PREFIX = "ldap_mapping";
+
private static final String PROP_ISSUER_NAME_POSTFIX = "issuer_name";
- private static final String PROP_LDAP_URL_POSTFIX = "url";
+
+ private static final String PROP_LDAP_URL_POSTFIX = "url";
+
private static final String PROP_SERIAL_ATTR_POSTFIX = "serial_attr";
-
- private static final String LDAP_FACTORY_IDENTIFIER = "PDF-AS LDAP Support";
+
+ private static final String LDAP_FACTORY_IDENTIFIER = "PDF-AS LDAP Support";
+
private LDAPClientFactory ldapClientFactory;
+ private LDAPIssuerNameFilter ldapIssuerNameFilter;
+
protected LDAPAPIImpl() {
- try {
- SettingsReader settings = SettingsReader.getInstance();
-
- ldapClientFactory = LDAPClientFactory.getInstance(LDAP_FACTORY_IDENTIFIER);
- // configure normalization of issuer according to method
- // normalizeIssuer(String) of at.knowcenter.wag.egov.egiz.sig.SignatureObject
- ldapClientFactory.setWhiteSpaceRemoval(true);
- ldapClientFactory.setNormalizer(new Normalizer().getInstance());
-
- List mappingKeys = settings.getKeys(PROP_LDAP_PREFIX);
- if (mappingKeys != null) {
- Iterator it = mappingKeys.iterator();
- while (it.hasNext()) {
- String keyPrefix = PROP_LDAP_PREFIX + "." + (String) it.next() + ".";
- String issuerName = settings.getSetting(keyPrefix + PROP_ISSUER_NAME_POSTFIX);
- String ldapURL = settings.getSetting(keyPrefix + PROP_LDAP_URL_POSTFIX);
- String serialAttr = settings.getSetting(keyPrefix + PROP_SERIAL_ATTR_POSTFIX, null);
-
- LDAPMapping ldapMapping = new LDAPMapping(issuerName, ldapURL, serialAttr);
- ldapClientFactory.registerMapping(ldapMapping);
+ this.ldapClientFactory = null;
+ this.ldapIssuerNameFilter = null;
+ }
+
+ private void initializeFactoryImpl() {
+ if (this.ldapClientFactory == null) {
+ try {
+ SettingsReader settings = SettingsReader.getInstance();
+
+ this.ldapClientFactory = LDAPClientFactory.getInstance(LDAP_FACTORY_IDENTIFIER);
+ this.ldapClientFactory.setLDAPIssuerNameFilter(this.ldapIssuerNameFilter);
+
+ List mappingKeys = settings.getKeys(PROP_LDAP_PREFIX);
+ if (mappingKeys != null) {
+ Iterator it = mappingKeys.iterator();
+ while (it.hasNext()) {
+ String keyPrefix = PROP_LDAP_PREFIX + "." + (String) it.next() + ".";
+ String issuerName = settings.getSetting(keyPrefix + PROP_ISSUER_NAME_POSTFIX);
+ String ldapURL = settings.getSetting(keyPrefix + PROP_LDAP_URL_POSTFIX);
+ String serialAttr = settings.getSetting(keyPrefix + PROP_SERIAL_ATTR_POSTFIX,
+ null);
+
+ LDAPMapping ldapMapping = new LDAPMapping(issuerName, ldapURL, serialAttr);
+ this.ldapClientFactory.registerMapping(ldapMapping);
+ }
+ } else {
+ StringBuffer buffer = new StringBuffer();
+ buffer.append(PROP_LDAP_PREFIX).append(".foo.").append(PROP_ISSUER_NAME_POSTFIX)
+ .append(", ");
+ buffer.append(PROP_LDAP_PREFIX).append(".foo.").append(PROP_LDAP_URL_POSTFIX)
+ .append(", ");
+ buffer.append(PROP_LDAP_PREFIX).append(".foo.").append(PROP_SERIAL_ATTR_POSTFIX);
+ this.log.warn("There are no LDAP mappings (" + buffer.toString()
+ + ") declared within config file.");
}
- } else {
- StringBuffer buffer = new StringBuffer();
- buffer.append(PROP_LDAP_PREFIX).append(".foo.").append(PROP_ISSUER_NAME_POSTFIX).append(", ");
- buffer.append(PROP_LDAP_PREFIX).append(".foo.").append(PROP_LDAP_URL_POSTFIX).append(", ");
- buffer.append(PROP_LDAP_PREFIX).append(".foo.").append(PROP_SERIAL_ATTR_POSTFIX);
- log.warn("There are no LDAP mappings (" + buffer.toString() + ") declared within config file.");
+
+ } catch (SettingsException e) {
+ this.log.error(e);
+ } catch (SettingNotFoundException e) {
+ this.log.error(e);
+ } catch (LDAPException e) {
+ this.log.error(e);
}
-
- } catch (SettingsException e) {
- log.error(e);
- } catch (SettingNotFoundException e) {
- log.error(e);
- } catch (LDAPException e) {
- log.error(e);
- } catch (NormalizeException e) {
- log.error(e);
- };
+ ;
+ }
}
-
+
public String getURL(String issuer) {
+ this.initializeFactoryImpl();
String url = null;
try {
- LDAPClient client = ldapClientFactory.createClient(issuer);
+ LDAPClient client = this.ldapClientFactory.createClient(issuer);
url = client.getUrl().toString();
} catch (LDAPException e) {
- log.error(e);
+ this.log.error(e);
}
return url;
}
public byte[] loadBase64CertificateFromLDAP(String serialNumber, String issuer) {
+ this.initializeFactoryImpl();
byte[] base64CertData = null;
try {
- LDAPClient client = ldapClientFactory.createClient(issuer);
+ LDAPClient client = this.ldapClientFactory.createClient(issuer);
X509Certificate x509certificate = client.retrieveCertificate(new BigInteger(serialNumber));
base64CertData = Util.Base64Encode(x509certificate.toByteArray());
} catch (LDAPException e) {
- log.error(e);
+ this.log.error(e);
}
return base64CertData;
}
+ public void setIssuerNameFilter(LDAPIssuerNameFilter filter) throws LDAPAPIException {
+ if (this.ldapClientFactory != null) {
+ throw new LDAPAPIException("LDAPIssuerNameFilter must be applied before mappings are registered.");
+ }
+ this.ldapIssuerNameFilter = filter;
+ }
+
}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPIssuerNameFilter.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPIssuerNameFilter.java new file mode 100644 index 0000000..722251c --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPIssuerNameFilter.java @@ -0,0 +1,20 @@ +package at.knowcenter.wag.egov.egiz.ldap.client;
+
+import iaik.asn1.structures.Name;
+
+/**
+ * @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a>
+ */
+public interface LDAPIssuerNameFilter {
+
+ /**
+ * Applies some kind of filtering on the distinguished name. This can be used
+ * for normalization.
+ *
+ * @param name
+ * The original distinguished name.
+ * @return The new filtered distinguished name.
+ */
+ Name applyFilter(Name name);
+
+}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMappingStore.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMappingStore.java new file mode 100644 index 0000000..324e859 --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMappingStore.java @@ -0,0 +1,85 @@ +package at.knowcenter.wag.egov.egiz.ldap.client;
+
+import iaik.asn1.structures.Name;
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
+
+import java.util.Hashtable;
+import java.util.Iterator;
+
+import org.apache.log4j.Logger;
+
+/**
+ * @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a>
+ */
+public class LDAPMappingStore {
+
+ private Hashtable<Name, LDAPMapping> storedMappings;
+ private LDAPIssuerNameFilter issuerNameFilter;
+ private Logger log = Logger.getLogger(getClass());
+
+ public LDAPMappingStore(LDAPIssuerNameFilter issuerNameFilter) {
+ this.storedMappings = new Hashtable<Name, LDAPMapping>();
+ this.issuerNameFilter = issuerNameFilter;
+ }
+
+ public LDAPMappingStore() {
+ this(null);
+ }
+
+ public void clearStore() {
+ this.storedMappings = new Hashtable<Name, LDAPMapping>();
+ }
+
+ public boolean isEmpty() {
+ return this.storedMappings.isEmpty();
+ }
+
+ public boolean isLDAPIssuerNameFilter() {
+ return this.issuerNameFilter != null;
+ }
+
+ public void storeMapping(LDAPMapping... mappings) {
+ for (LDAPMapping mapping : mappings) {
+ Name name = mapping.getIssuerName();
+ if (issuerNameFilter != null) {
+ name = this.issuerNameFilter.applyFilter(name);
+ }
+ if (this.storedMappings.containsKey(name)) {
+ log.warn("Skipping mapping \"" + mapping + "\" because is has already been stored under \"" + name.getName() + "\".");
+ } else {
+ log.debug("Storing mapping \"" + mapping + "\" under \"" + name.getName() + "\".");
+ this.storedMappings.put(name, mapping);
+ }
+ }
+ }
+
+ public void storeMappings(Iterable<LDAPMapping> iterable) {
+ Iterator<LDAPMapping> it = iterable.iterator();
+ while (it.hasNext()) {
+ this.storeMapping(it.next());
+ }
+ }
+
+ public LDAPMapping getMapping(Name name) {
+ if (issuerNameFilter != null) {
+ name = this.issuerNameFilter.applyFilter(name);
+ }
+ return this.storedMappings.get(name);
+ }
+
+ public LDAPMapping getMapping(String nameString) throws LDAPException {
+ RFC2253NameParser parser = new RFC2253NameParser(nameString);
+ Name name;
+ try {
+ name = parser.parse();
+ } catch (RFC2253NameParserException e) {
+ throw new LDAPException(e);
+ }
+ if (issuerNameFilter != null) {
+ name = this.issuerNameFilter.applyFilter(name);
+ }
+ return getMapping(name);
+ }
+
+}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/DummyLDAPAPI.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/DummyLDAPAPI.java index a8bc461..47d1d20 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/DummyLDAPAPI.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/DummyLDAPAPI.java @@ -21,6 +21,8 @@ import java.io.File; import java.io.FileInputStream;
import at.knowcenter.wag.egov.egiz.cfg.SettingsReader;
+import at.knowcenter.wag.egov.egiz.ldap.api.LDAPAPIException;
+import at.knowcenter.wag.egov.egiz.ldap.client.LDAPIssuerNameFilter;
/**
* This is just a dummy implementation until the real Egiz LDAP API is
@@ -75,4 +77,8 @@ public byte[] loadBase64CertificateFromLDAP(String serial_number, String issuer) return data;
}
+
+ public void setIssuerNameFilter(LDAPIssuerNameFilter filter) throws LDAPAPIException {
+ }
+
}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/LDAPAPI.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/LDAPAPI.java index 143c34b..f61c7e6 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/LDAPAPI.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/LDAPAPI.java @@ -1,5 +1,8 @@ package at.knowcenter.wag.egov.egiz.sig;
+import at.knowcenter.wag.egov.egiz.ldap.api.LDAPAPIException;
+import at.knowcenter.wag.egov.egiz.ldap.client.LDAPIssuerNameFilter;
+
/**
* @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a>
*/
@@ -21,5 +24,11 @@ public interface LDAPAPI { * @return BASE64 encoded certificate
*/
public byte[] loadBase64CertificateFromLDAP(String serialNumber, String issuer);
+
+ /**
+ * Sets the filter that has to be applied before trying to match the issuer name.
+ * @param filter The filter.
+ */
+ public void setIssuerNameFilter(LDAPIssuerNameFilter filter) throws LDAPAPIException;
}
\ No newline at end of file diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java index b00a3cb..9a7a036 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java @@ -17,6 +17,10 @@ */
package at.knowcenter.wag.egov.egiz.sig;
+import iaik.asn1.structures.Name;
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
+
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
@@ -43,6 +47,7 @@ import at.knowcenter.wag.egov.egiz.exceptions.SignatureTypesException; import at.knowcenter.wag.egov.egiz.framework.SignatorFactory;
import at.knowcenter.wag.egov.egiz.ldap.api.LDAPAPIException;
import at.knowcenter.wag.egov.egiz.ldap.api.LDAPAPIFactory;
+import at.knowcenter.wag.egov.egiz.ldap.client.LDAPIssuerNameFilter;
import at.knowcenter.wag.egov.egiz.table.Entry;
import at.knowcenter.wag.egov.egiz.table.Style;
import at.knowcenter.wag.egov.egiz.table.Table;
@@ -176,6 +181,25 @@ public class SignatureObject implements Serializable * </p>
*/
protected String raw_signature_response = null;
+
+ /**
+ * Filters the issuer name in order to find matches.
+ * @author tknall
+ * @see {@link normalizeIssuer}
+ */
+ private LDAPIssuerNameFilter issuerNameFilter = new LDAPIssuerNameFilter() {
+ public Name applyFilter(Name name) {
+ RFC2253NameParser parser = new RFC2253NameParser(normalizeIssuer(name.getName()));
+ try {
+ name = parser.parse();
+ } catch (RFC2253NameParserException e) {
+ logger_.error(e);
+ }
+ return name;
+ }
+ };
+
+
/**
* The empty constructor. It initilize the normlizer, load the settings and
@@ -889,13 +913,12 @@ public class SignatureObject implements Serializable * comparison with registered ldap mappings.)
* @param issuer The issuer.
* @return normalized issuer
+ * @see {@link issuerNameFilter}
* @author tknall
*/
private String normalizeIssuer(String issuer) {
issuer = normalizer_.normalize(issuer);
issuer = removeAllWhiteSpaces(issuer);
- // important note: if method is changed don't forget to adjust LDAPAPIImpl otherwise
- // ldap mappings will not match
return issuer;
}
@@ -1085,12 +1108,11 @@ public class SignatureObject implements Serializable try {
// note: in case of implClassURI==null the default implementation
// at.knowcenter.wag.egov.egiz.ldap.api.LDAPAPIImpl is used
- ldapAPIImpl = LDAPAPIFactory.getInstance().createLDAPAPI(implClassURI);
+ ldapAPIImpl = LDAPAPIFactory.getInstance(issuerNameFilter).createLDAPAPI(implClassURI);
} catch (LDAPAPIException e) {
throw new RuntimeException(e);
}
- String normalized_issuer = normalizeIssuer(issuer);
- return ldapAPIImpl.loadBase64CertificateFromLDAP(serialNumber, normalized_issuer);
+ return ldapAPIImpl.loadBase64CertificateFromLDAP(serialNumber, issuer);
// STOP modification by TK
}
|