diff options
author | tknall <tknall@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c> | 2013-01-09 15:41:29 +0000 |
---|---|---|
committer | tknall <tknall@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c> | 2013-01-09 15:41:29 +0000 |
commit | 535a04fa05f739ec16dd81666e3b0f82dfbd442d (patch) | |
tree | 0804f301c1a9ceb303a8441b7b29244fc8eb7ff0 /pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap | |
parent | 1efaf6fd5619dfa95c9d7e8c71eda4c2ffba4998 (diff) | |
download | pdf-as-3-535a04fa05f739ec16dd81666e3b0f82dfbd442d.tar.gz pdf-as-3-535a04fa05f739ec16dd81666e3b0f82dfbd442d.tar.bz2 pdf-as-3-535a04fa05f739ec16dd81666e3b0f82dfbd442d.zip |
pdf-as-lib maven project files moved to pdf-as-lib
git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/pdf-as/trunk@926 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c
Diffstat (limited to 'pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap')
12 files changed, 1270 insertions, 0 deletions
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIException.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIException.java new file mode 100644 index 0000000..9074ded --- /dev/null +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIException.java @@ -0,0 +1,77 @@ +/**
+ * <copyright> Copyright 2006 by Know-Center, Graz, Austria </copyright>
+ * PDF-AS has been contracted by the E-Government Innovation Center EGIZ, a
+ * joint initiative of the Federal Chancellery Austria and Graz University of
+ * Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.knowcenter.wag.egov.egiz.ldap.api;
+
+/**
+ * @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a>
+ */
+public class LDAPAPIException extends Exception {
+
+ private static final long serialVersionUID = 1L;
+
+ private Exception exception;
+
+ public Exception getException() {
+ return this.exception;
+ }
+
+ public String getMessage() {
+ String message = super.getMessage();
+ if (message == null && exception != null) {
+ return exception.getMessage();
+ } else {
+ return message;
+ }
+ }
+
+ public LDAPAPIException(String message, Exception exception) {
+ super(message);
+ this.exception = exception;
+ }
+
+ public LDAPAPIException(String message) {
+ super(message);
+ this.exception = null;
+ }
+
+ public LDAPAPIException(Exception exception) {
+ super();
+ this.exception = exception;
+ }
+
+ public LDAPAPIException() {
+ super();
+ this.exception = null;
+
+ }
+
+ public String toString() {
+ if (exception != null) {
+ return exception.toString();
+ } else {
+ return super.toString();
+ }
+ }
+
+}
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactory.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactory.java new file mode 100644 index 0000000..51ae84f --- /dev/null +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactory.java @@ -0,0 +1,55 @@ +/**
+ * <copyright> Copyright 2006 by Know-Center, Graz, Austria </copyright>
+ * PDF-AS has been contracted by the E-Government Innovation Center EGIZ, a
+ * joint initiative of the Federal Chancellery Austria and Graz University of
+ * Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.knowcenter.wag.egov.egiz.ldap.api;
+
+import org.apache.log4j.Logger;
+
+import at.knowcenter.wag.egov.egiz.ldap.client.LDAPIssuerNameFilter;
+import at.knowcenter.wag.egov.egiz.sig.LDAPAPI;
+
+/**
+ * @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a>
+ */
+public abstract class LDAPAPIFactory {
+
+ private static LDAPAPIFactory ldapAPIfactoryInstance;
+ private final Logger log = Logger.getLogger(LDAPAPIFactory.class);
+
+ protected LDAPAPIFactory() {
+ }
+
+ public static synchronized LDAPAPIFactory getInstance(LDAPIssuerNameFilter ldapIssuerNameFilter) {
+ if (ldapAPIfactoryInstance == null) {
+ ldapAPIfactoryInstance = new LDAPAPIFactoryImpl(ldapIssuerNameFilter);
+ }
+ return ldapAPIfactoryInstance;
+ }
+
+ public static LDAPAPIFactory getInstance() {
+ return getInstance(null);
+ }
+
+ public abstract LDAPAPI createLDAPAPI(String implClassURI) throws LDAPAPIException;
+
+}
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactoryImpl.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactoryImpl.java new file mode 100644 index 0000000..61fbaed --- /dev/null +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactoryImpl.java @@ -0,0 +1,92 @@ +/**
+ * <copyright> Copyright 2006 by Know-Center, Graz, Austria </copyright>
+ * PDF-AS has been contracted by the E-Government Innovation Center EGIZ, a
+ * joint initiative of the Federal Chancellery Austria and Graz University of
+ * Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.knowcenter.wag.egov.egiz.ldap.api;
+
+import java.util.Hashtable;
+
+import org.apache.log4j.Logger;
+
+import at.knowcenter.wag.egov.egiz.ldap.client.LDAPIssuerNameFilter;
+import at.knowcenter.wag.egov.egiz.sig.LDAPAPI;
+
+/**
+ * @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a>
+ */
+public class LDAPAPIFactoryImpl extends LDAPAPIFactory {
+
+ private static final Logger log = Logger.getLogger(LDAPAPIFactoryImpl.class);
+
+ // mapping <full qualified class name, LDAPAPI implementation>
+// private Hashtable<String, LDAPAPI> ldapImpls;
+ private Hashtable ldapImpls;
+
+ private LDAPIssuerNameFilter ldapIssuerNameFilter;
+
+ protected LDAPAPIFactoryImpl(LDAPIssuerNameFilter ldapIssuerNameFilter) {
+ this.ldapImpls = new Hashtable();
+ this.ldapIssuerNameFilter = ldapIssuerNameFilter;
+ }
+
+ private LDAPAPI instantiatelAPIImpl(String implClassURI) throws LDAPAPIException {
+ if (implClassURI == null) {
+ throw new NullPointerException("URI of implementing class must not be null.");
+ }
+ if (implClassURI.length() == 0) {
+ throw new IllegalArgumentException("URI of implementing class must not be empty.");
+ }
+ log.info("Trying to instantiate \"" + LDAPAPI.class.getName() + "\" implementation \"" + implClassURI + "\"...");
+ LDAPAPI ldapAPIImpl = null;
+ try {
+ Class clazz = Class.forName(implClassURI);
+ Object ldapAPIImplObj = clazz.newInstance();
+ if (!(ldapAPIImplObj instanceof LDAPAPI)) {
+ throw new LDAPAPIException("Declared class does not implement \"" + LDAPAPI.class.getName() + "\".");
+ }
+ ldapAPIImpl = (LDAPAPI) ldapAPIImplObj;
+ log.info("LDAPAPI implementation successfully instantiated.");
+ ldapAPIImpl.setIssuerNameFilter(this.ldapIssuerNameFilter);
+ } catch (InstantiationException e) {
+ throw new LDAPAPIException("Declared implementation of \"" + LDAPAPI.class.getName() + "\" cannot be instantiated.");
+ } catch (IllegalAccessException e) {
+ throw new LDAPAPIException("Declared implementation of \"" + LDAPAPI.class.getName() + "\" cannot be instantiated (illegal access).");
+ } catch (ClassNotFoundException e) {
+ throw new LDAPAPIException("Unable to find class \"" + implClassURI + "\" as implementation of \"" + LDAPAPI.class.getName() + "\".");
+ }
+ return ldapAPIImpl;
+ }
+
+ public synchronized LDAPAPI createLDAPAPI(String implClassURI) throws LDAPAPIException {
+ if (implClassURI == null || implClassURI.length() == 0) {
+ // use internal implementation
+ implClassURI = LDAPAPIImpl.class.getName();
+ }
+ LDAPAPI impl = (LDAPAPI) this.ldapImpls.get(implClassURI);
+ if (impl == null) {
+ impl = this.instantiatelAPIImpl(implClassURI);
+ this.ldapImpls.put(implClassURI, impl);
+ }
+ return impl;
+ }
+
+}
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIImpl.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIImpl.java new file mode 100644 index 0000000..57c471f --- /dev/null +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIImpl.java @@ -0,0 +1,148 @@ +/**
+ * <copyright> Copyright 2006 by Know-Center, Graz, Austria </copyright>
+ * PDF-AS has been contracted by the E-Government Innovation Center EGIZ, a
+ * joint initiative of the Federal Chancellery Austria and Graz University of
+ * Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.knowcenter.wag.egov.egiz.ldap.api;
+
+import iaik.utils.Util;
+import iaik.x509.X509Certificate;
+
+import java.math.BigInteger;
+import java.util.Iterator;
+import java.util.List;
+
+import org.apache.log4j.Logger;
+
+import at.knowcenter.wag.egov.egiz.cfg.SettingsReader;
+import at.knowcenter.wag.egov.egiz.exceptions.SettingNotFoundException;
+import at.knowcenter.wag.egov.egiz.exceptions.SettingsException;
+import at.knowcenter.wag.egov.egiz.ldap.client.LDAPClient;
+import at.knowcenter.wag.egov.egiz.ldap.client.LDAPClientFactory;
+import at.knowcenter.wag.egov.egiz.ldap.client.LDAPException;
+import at.knowcenter.wag.egov.egiz.ldap.client.LDAPIssuerNameFilter;
+import at.knowcenter.wag.egov.egiz.ldap.client.LDAPMapping;
+import at.knowcenter.wag.egov.egiz.sig.LDAPAPI;
+
+/**
+ * @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a>
+ */
+public class LDAPAPIImpl implements LDAPAPI {
+
+ private final Logger log = Logger.getLogger(this.getClass());
+
+ /**
+ * Prefix for specific entry in config properties file.
+ */
+ private static final String PROP_LDAP_PREFIX = "ldap_mapping";
+
+ private static final String PROP_ISSUER_NAME_POSTFIX = "issuer_name";
+
+ private static final String PROP_LDAP_URL_POSTFIX = "url";
+
+ private static final String PROP_SERIAL_ATTR_POSTFIX = "serial_attr";
+
+ private static final String LDAP_FACTORY_IDENTIFIER = "PDF-AS LDAP Support";
+
+ private LDAPClientFactory ldapClientFactory;
+
+ private LDAPIssuerNameFilter ldapIssuerNameFilter;
+
+ protected LDAPAPIImpl() {
+ this.ldapClientFactory = null;
+ this.ldapIssuerNameFilter = null;
+ }
+
+ private void initializeFactoryImpl() {
+ if (this.ldapClientFactory == null) {
+ try {
+ SettingsReader settings = SettingsReader.getInstance();
+
+ this.ldapClientFactory = LDAPClientFactory.getInstance(LDAP_FACTORY_IDENTIFIER);
+ this.ldapClientFactory.setLDAPIssuerNameFilter(this.ldapIssuerNameFilter);
+
+ List mappingKeys = settings.getKeys(PROP_LDAP_PREFIX);
+ if (mappingKeys != null) {
+ Iterator it = mappingKeys.iterator();
+ while (it.hasNext()) {
+ String keyPrefix = PROP_LDAP_PREFIX + "." + (String) it.next() + ".";
+ String issuerName = settings.getSetting(keyPrefix + PROP_ISSUER_NAME_POSTFIX);
+ String ldapURL = settings.getSetting(keyPrefix + PROP_LDAP_URL_POSTFIX);
+ String serialAttr = settings.getSetting(keyPrefix + PROP_SERIAL_ATTR_POSTFIX,
+ null);
+
+ LDAPMapping ldapMapping = new LDAPMapping(issuerName, ldapURL, serialAttr);
+ this.ldapClientFactory.registerMapping(ldapMapping);
+ }
+ } else {
+ StringBuffer buffer = new StringBuffer();
+ buffer.append(PROP_LDAP_PREFIX).append(".foo.").append(PROP_ISSUER_NAME_POSTFIX)
+ .append(", ");
+ buffer.append(PROP_LDAP_PREFIX).append(".foo.").append(PROP_LDAP_URL_POSTFIX)
+ .append(", ");
+ buffer.append(PROP_LDAP_PREFIX).append(".foo.").append(PROP_SERIAL_ATTR_POSTFIX);
+ this.log.warn("There are no LDAP mappings (" + buffer.toString()
+ + ") declared within config file.");
+ }
+
+ } catch (SettingsException e) {
+ this.log.error(e.getMessage(), e);
+ } catch (SettingNotFoundException e) {
+ this.log.error(e.getMessage(), e);
+ } catch (LDAPException e) {
+ this.log.error(e.getMessage(), e);
+ }
+ ;
+ }
+ }
+
+ public byte[] loadBase64CertificateFromLDAP(String serialNumber, String issuer) {
+ this.initializeFactoryImpl();
+ byte[] base64CertData = null;
+ try {
+ List clients = this.ldapClientFactory.createClients(issuer);
+ Iterator clientIt = clients.iterator();
+ X509Certificate x509certificate = null;
+ while (clientIt.hasNext() && x509certificate == null) {
+ LDAPClient client = (LDAPClient) clientIt.next();
+ try {
+ x509certificate = client.retrieveCertificate(new BigInteger(serialNumber));
+ } catch (LDAPException e) {
+ this.log.error(e.getMessage(), e);
+ }
+ }
+ if (x509certificate != null) {
+ base64CertData = Util.Base64Encode(x509certificate.toByteArray());
+ }
+ } catch (LDAPException e) {
+ this.log.error(e.getMessage(), e);
+ }
+ return base64CertData;
+ }
+
+ public void setIssuerNameFilter(LDAPIssuerNameFilter filter) throws LDAPAPIException {
+ if (this.ldapClientFactory != null) {
+ throw new LDAPAPIException("LDAPIssuerNameFilter must be applied before mappings are registered.");
+ }
+ this.ldapIssuerNameFilter = filter;
+ }
+
+}
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClient.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClient.java new file mode 100644 index 0000000..1425856 --- /dev/null +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClient.java @@ -0,0 +1,88 @@ +/**
+ * <copyright> Copyright 2006 by Know-Center, Graz, Austria </copyright>
+ * PDF-AS has been contracted by the E-Government Innovation Center EGIZ, a
+ * joint initiative of the Federal Chancellery Austria and Graz University of
+ * Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.knowcenter.wag.egov.egiz.ldap.client;
+
+import iaik.x509.X509Certificate;
+
+import java.math.BigInteger;
+import java.net.URL;
+
+/**
+ * @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a>
+ */
+public interface LDAPClient {
+
+ /**
+ * Returns the ldap url this client was registered for.
+ *
+ * @return The ldap url linked with this client.
+ */
+ URL getUrl();
+
+ /**
+ * Sets the ldap url this client should be registered for.
+ *
+ * @param ldapURL
+ * The ldap url linked with this client.
+ */
+ void setUrl(URL ldapURL);
+
+ /**
+ * Returns the attribute name that represents the serial number.
+ *
+ * @return The attribute name representing the serial number.
+ */
+ String getSerialNumberAttrName();
+
+ /**
+ * Sets the attribute name that represents the serial number.
+ *
+ * @param serialNumberAttrName
+ * The attribute name representing the serial number.
+ */
+ void setSerialNumberAttrName(String serialNumberAttrName);
+
+ /**
+ * Retrieves the certificate(s) matching the filter {@code filter}.
+ *
+ * @param filter
+ * The filter for the ldap request.
+ * @return An array of certificates matching the filter {@code filter}.
+ * @throws LDAPException
+ * Is thrown in case of error.
+ */
+ X509Certificate[] retrieveCertificates(String filter) throws LDAPException;
+
+ /**
+ * Retriebes the certificate with the serial number {@code serialNumber}.
+ *
+ * @param serialNumber
+ * The serial number of the required certificate.
+ * @return The certificate with the serial number {@code serialNumber}.
+ * @throws LDAPException
+ * Is thrown in case of error.
+ */
+ X509Certificate retrieveCertificate(BigInteger serialNumber) throws LDAPException;
+
+}
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactory.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactory.java new file mode 100644 index 0000000..d88d0b8 --- /dev/null +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactory.java @@ -0,0 +1,102 @@ +/**
+ * <copyright> Copyright 2006 by Know-Center, Graz, Austria </copyright>
+ * PDF-AS has been contracted by the E-Government Innovation Center EGIZ, a
+ * joint initiative of the Federal Chancellery Austria and Graz University of
+ * Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.knowcenter.wag.egov.egiz.ldap.client;
+
+import iaik.asn1.structures.Name;
+
+import java.util.Hashtable;
+import java.util.List;
+
+import org.apache.log4j.Logger;
+
+
+/**
+ * @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a>
+ */
+public abstract class LDAPClientFactory {
+
+ private final Logger log = Logger.getLogger(getClass());
+
+ protected static final String DEFAULT_IDENTIFIER = "default LDAPClientFactory";
+
+ /**
+ * Mapping of category/identifier to LDAPClientFactory.
+ * Allows the usage of multiple independently configured LDAPClientFactoryImpls.
+ */
+// private static Hashtable<String, LDAPClientFactory> ldapClientFactoryInstances = new Hashtable<String, LDAPClientFactory>();
+ private static Hashtable ldapClientFactoryInstances = new Hashtable();
+
+ private LDAPMappingStore ldapMappingStore;
+
+ protected LDAPClientFactory() {
+ this.ldapMappingStore = new LDAPMappingStore();
+ }
+
+ public List getMappings(String issuerName) throws LDAPException {
+ return this.ldapMappingStore.getMappings(issuerName);
+ }
+
+ public List getMapping(Name name) {
+ return this.ldapMappingStore.getMappings(name);
+ }
+
+ public void resetMappings() {
+ this.ldapMappingStore.clearStore();
+ }
+
+ public boolean hasBeenConfigured() {
+ return !this.ldapMappingStore.isEmpty();
+ }
+
+ public synchronized void registerMapping(LDAPMapping ldapMapping) {
+ this.ldapMappingStore.addMapping(ldapMapping);
+ }
+
+ public void setLDAPIssuerNameFilter(LDAPIssuerNameFilter filter) throws LDAPException {
+ if (this.hasBeenConfigured()) {
+ throw new LDAPException("Not allowed to set filter after registration of mappings.");
+ }
+ this.ldapMappingStore = new LDAPMappingStore(filter);
+ }
+
+ public boolean isLDAPIssuerNameFilter() {
+ return this.ldapMappingStore.isLDAPIssuerNameFilter();
+ }
+
+ public static synchronized LDAPClientFactory getInstance(String identifier) {
+ LDAPClientFactory ldapClientFactoryInstance = (LDAPClientFactory) ldapClientFactoryInstances.get(identifier);
+ if (ldapClientFactoryInstance == null) {
+ ldapClientFactoryInstance = new LDAPClientFactoryImpl();
+ ldapClientFactoryInstances.put(identifier, ldapClientFactoryInstance);
+ }
+ return ldapClientFactoryInstance;
+ }
+
+ public static synchronized LDAPClientFactory getInstance() {
+ return getInstance(DEFAULT_IDENTIFIER);
+ }
+
+ public abstract List createClients(String issuerName) throws LDAPException;
+
+}
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactoryImpl.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactoryImpl.java new file mode 100644 index 0000000..ae3cbc1 --- /dev/null +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactoryImpl.java @@ -0,0 +1,118 @@ +/**
+ * <copyright> Copyright 2006 by Know-Center, Graz, Austria </copyright>
+ * PDF-AS has been contracted by the E-Government Innovation Center EGIZ, a
+ * joint initiative of the Federal Chancellery Austria and Graz University of
+ * Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.knowcenter.wag.egov.egiz.ldap.client;
+
+import iaik.asn1.ObjectID;
+import iaik.asn1.structures.Name;
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Hashtable;
+import java.util.Iterator;
+import java.util.List;
+
+import org.apache.commons.lang.ArrayUtils;
+import org.apache.log4j.Logger;
+
+/**
+ * @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a>
+ */
+public final class LDAPClientFactoryImpl extends LDAPClientFactory {
+
+ private final Logger log = Logger.getLogger(getClass());
+
+ private Hashtable ldapClients;
+
+ protected LDAPClientFactoryImpl() {
+ this.ldapClients = new Hashtable();
+ }
+
+ public static String rfc2253Name2Domain(Name name) {
+ Object[] values = name.getRDNValues(ObjectID.domainComponent);
+ if (values == null) {
+ return null;
+ }
+ StringBuffer buffer = new StringBuffer();
+ for (int i = 0; i < values.length; i++) {
+ buffer.append(values[i]);
+ if (i+1 < values.length) {
+ buffer.append(".");
+ }
+ }
+ return buffer.toString();
+ }
+
+ public static String rfc2253Name2Domain(String nameString) throws RFC2253NameParserException {
+ RFC2253NameParser nameParser = new RFC2253NameParser(nameString);
+ return rfc2253Name2Domain(nameParser.parse());
+ }
+
+ private List instantiateLDAPClients(String issuerName) throws LDAPException {
+ if (!super.hasBeenConfigured()) {
+ log.warn(super.getClass().getName() + " has not been configured yet.");
+ }
+ List ldapClients = new ArrayList();
+ List mappings = super.getMappings(issuerName);
+ if (mappings == null || mappings.isEmpty()) {
+ try {
+ String alternativeURLString = rfc2253Name2Domain(issuerName);
+ if (alternativeURLString == null || alternativeURLString.length() == 0) {
+ throw new LDAPException("Neither issuer name \"" + issuerName + "\" has been registered nor domain components were provided.");
+ }
+ alternativeURLString = "ldap://" + alternativeURLString;
+ log.warn("Issuer name \"" + issuerName + "\" has not been registered; trying to instantiate client for url \"" + alternativeURLString + "\"...");
+ LDAPClient client = new LDAPClientImpl(alternativeURLString);
+ ldapClients.add(client);
+ } catch (RFC2253NameParserException e) {
+ throw new LDAPException(e);
+ }
+ } else {
+ log.debug("Instantiating LDAP clients for " + ArrayUtils.toString(mappings.toArray()) + ".");
+ Iterator mappingIt = mappings.iterator();
+ while (mappingIt.hasNext()) {
+ LDAPMapping mapping = (LDAPMapping) mappingIt.next();
+ ldapClients.add(new LDAPClientImpl(mapping));
+ }
+ }
+ return ldapClients;
+ }
+
+ public synchronized List createClients(String issuerName) throws LDAPException {
+ if (issuerName == null) {
+ throw new NullPointerException("Issuer name must not be null.");
+ }
+ if (issuerName.length() == 0) {
+ throw new IllegalArgumentException("Issuer name must not be empty.");
+ }
+ List ldapClientList = (List) ldapClients.get(issuerName);
+ if (ldapClientList == null) {
+ ldapClientList = instantiateLDAPClients(issuerName);
+ ldapClients.put(issuerName, ldapClientList);
+ }
+ return Collections.unmodifiableList(ldapClientList);
+ }
+
+}
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java new file mode 100644 index 0000000..808a345 --- /dev/null +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java @@ -0,0 +1,214 @@ +/**
+ * <copyright> Copyright 2006 by Know-Center, Graz, Austria </copyright>
+ * PDF-AS has been contracted by the E-Government Innovation Center EGIZ, a
+ * joint initiative of the Federal Chancellery Austria and Graz University of
+ * Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.knowcenter.wag.egov.egiz.ldap.client;
+
+import iaik.x509.X509Certificate;
+import iaik.x509.net.ldap.LdapURLConnection;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.net.MalformedURLException;
+import java.net.URL;
+
+import org.apache.log4j.Logger;
+
+public final class LDAPClientImpl implements LDAPClient {
+
+ // constants
+ protected static final String DEFAULT_LDAP_ATTR_SERIAL_NUMBER = "eidCertificateSerialNumber";
+ private static final iaik.x509.net.ldap.Handler LDAP_HANDLER = new iaik.x509.net.ldap.Handler();
+
+ private static final long TIME_ON_BLACKLIST_IN_SECONDS = 300; // block failed urls for 5 min
+ private static final int READ_TIMEOUT = 15;
+ private static final int CONNECTION_TIMEOUT = 15;
+
+ private Logger log = Logger.getLogger(getClass());
+
+ // fields
+ private URL url;
+ private String serialNumberAttrName;
+ private long timeStampForBlackList;
+
+ // constructors
+ protected LDAPClientImpl() {
+ this.setSerialNumberAttrName(DEFAULT_LDAP_ATTR_SERIAL_NUMBER);
+ this.timeStampForBlackList = 0;
+ }
+
+ protected LDAPClientImpl(URL url) {
+ this();
+ this.setUrl(url);
+ }
+
+ protected LDAPClientImpl(String urlString) throws LDAPException {
+ this();
+ try {
+ this.setUrl(new URL(null, urlString, LDAP_HANDLER));
+ } catch (MalformedURLException e) {
+ throw new LDAPException(e);
+ }
+ }
+
+ protected LDAPClientImpl(LDAPMapping ldapMapping) {
+ this();
+ this.setUrl(ldapMapping.getLdapURL());
+ this.setSerialNumberAttrName(ldapMapping.getSerialNumberAttrName());
+ }
+
+
+ // getter/setter
+
+ /*
+ * @see at.iaik.commons.ldap.LDAPClient#getUrl()
+ */
+ public URL getUrl() {
+ return this.url;
+ }
+
+ /*
+ * @see at.iaik.commons.ldap.LDAPClient#setUrl(java.net.URL)
+ */
+ public void setUrl(URL ldapURL) {
+ if (ldapURL == null) {
+ throw new NullPointerException("LDAP url must not be null.");
+ }
+ this.url = ldapURL;
+ }
+
+ /*
+ * @see at.iaik.commons.ldap.LDAPClient#getSerialNumberAttrName()
+ */
+ public String getSerialNumberAttrName() {
+ return this.serialNumberAttrName;
+ }
+
+ /*
+ * @see at.iaik.commons.ldap.LDAPClient#setSerialNumberAttrName(java.lang.String)
+ */
+ public void setSerialNumberAttrName(String serialNumberAttrName) {
+ if (serialNumberAttrName != null && serialNumberAttrName.length() == 0) {
+ throw new IllegalArgumentException("Serial number attribute name must not be empty");
+ }
+ this.serialNumberAttrName = serialNumberAttrName != null ? serialNumberAttrName : DEFAULT_LDAP_ATTR_SERIAL_NUMBER;
+ }
+
+ // service methods
+
+ /*
+ * @see at.iaik.commons.ldap.LDAPClient#retrieveCertificates(java.lang.String)
+ */
+ public X509Certificate[] retrieveCertificates(String filter) throws LDAPException {
+ if (filter == null) {
+ throw new NullPointerException("Filter string must not be null.");
+ }
+ if (filter.length() == 0) {
+ throw new IllegalArgumentException("Filter string must not be empty.");
+ }
+
+ X509Certificate[] certs = new X509Certificate[] { };
+
+ long now = System.currentTimeMillis();
+ if (this.timeStampForBlackList + TIME_ON_BLACKLIST_IN_SECONDS * 1000 >= now) {
+ long remaining = TIME_ON_BLACKLIST_IN_SECONDS - ((now - this.timeStampForBlackList) / 1000);
+ log.warn("LDAP connections to URL \"" + this.getUrl().toString() + "\" are blocked for " + remaining + " (" + TIME_ON_BLACKLIST_IN_SECONDS + ") seconds due to previous errors.");
+ return certs;
+ }
+
+ LdapURLConnection ldapURLConnection = null;
+ try {
+ this.validateData();
+ ldapURLConnection = (LdapURLConnection) this.url.openConnection();
+ log.debug("Setting timeout for LDAPClient: connection timeout = " + CONNECTION_TIMEOUT + " seconds, read timeout = " + READ_TIMEOUT + " seconds.");
+ ldapURLConnection.setReadTimeout(READ_TIMEOUT * 1000);
+ ldapURLConnection.setConnectTimeout(CONNECTION_TIMEOUT * 1000);
+
+ // search for end enity certificates
+ ldapURLConnection.setRequestProperty(
+ LdapURLConnection.RP_ATTRIBUTE_DESCRIPTION,
+ LdapURLConnection.AD_USER_CERTIFICATE
+ );
+
+ // search subtree
+ ldapURLConnection.setRequestProperty(
+ LdapURLConnection.RP_SEARCH_SCOPE,
+ LdapURLConnection.SEARCH_SCOPE_SUBTREE
+ );
+
+ //set filter
+ ldapURLConnection.setRequestProperty(
+ LdapURLConnection.RP_FILTER,
+ filter
+ );
+
+ // connect to the ldap server an read results
+ log.debug("Connecting to \"" + this.url.toString() + "\".");
+ certs = (X509Certificate[]) ldapURLConnection.getContent();
+ log.debug("Result of LDAP query received (" + (certs != null ? certs.length : 0) + " result(s)).");
+ } catch (IOException e) {
+ this.timeStampForBlackList = System.currentTimeMillis();
+ log.warn("Unable to get certificate from \"" + this.getUrl().toString() + "\". LDAPClient is now blocking that URL for " + TIME_ON_BLACKLIST_IN_SECONDS + " seconds.");
+ throw new LDAPException(e);
+ } finally {
+ if (ldapURLConnection != null) {
+ ldapURLConnection.disconnect();
+ }
+ }
+ return certs;
+ }
+
+ /*
+ * @see at.iaik.commons.ldap.LDAPClient#retrieveCertificate(java.math.BigInteger)
+ */
+ public X509Certificate retrieveCertificate(BigInteger serialNumber) throws LDAPException {
+ if (serialNumber == null) {
+ throw new NullPointerException("Serial number must not be null");
+ }
+ this.validateData();
+ X509Certificate[] certs = retrieveCertificates("(" + this.serialNumberAttrName + "=" + serialNumber + ")");
+ if (certs.length > 1) {
+ throw new LDAPException("There was more than one certificate with serial number " + serialNumber + ".");
+ } else if (certs.length == 0) {
+ return null;
+ }
+ return certs[0];
+ }
+
+ // misc
+ public void validateData() throws LDAPException {
+ if (this.url == null) {
+ throw new LDAPException("LDAP URL must not be null.");
+ }
+ if (this.serialNumberAttrName == null || this.serialNumberAttrName.length() == 0) {
+ throw new LDAPException("LDAP key for serial number is null or empty.");
+ }
+ }
+
+ public String toString() {
+ StringBuffer buffer = new StringBuffer();
+ buffer.append("ldapURL = ").append(this.url);
+ buffer.append(", serialNumberAttrName = ").append(this.serialNumberAttrName);
+ return buffer.toString();
+ }
+
+}
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPException.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPException.java new file mode 100644 index 0000000..3b36e6d --- /dev/null +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPException.java @@ -0,0 +1,50 @@ +/**
+ * <copyright> Copyright 2006 by Know-Center, Graz, Austria </copyright>
+ * PDF-AS has been contracted by the E-Government Innovation Center EGIZ, a
+ * joint initiative of the Federal Chancellery Austria and Graz University of
+ * Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.knowcenter.wag.egov.egiz.ldap.client;
+
+
+/**
+ * @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a>
+ */
+public class LDAPException extends Exception {
+
+ private static final long serialVersionUID = 1L;
+
+ public LDAPException() {
+ super();
+ }
+
+ public LDAPException(Exception exception) {
+ super(exception);
+ }
+
+ public LDAPException(String message, Exception exception) {
+ super(message, exception);
+ }
+
+ public LDAPException(String message) {
+ super(message);
+ }
+
+}
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPIssuerNameFilter.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPIssuerNameFilter.java new file mode 100644 index 0000000..e483d2c --- /dev/null +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPIssuerNameFilter.java @@ -0,0 +1,43 @@ +/**
+ * <copyright> Copyright 2006 by Know-Center, Graz, Austria </copyright>
+ * PDF-AS has been contracted by the E-Government Innovation Center EGIZ, a
+ * joint initiative of the Federal Chancellery Austria and Graz University of
+ * Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.knowcenter.wag.egov.egiz.ldap.client;
+
+import iaik.asn1.structures.Name;
+
+/**
+ * @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a>
+ */
+public interface LDAPIssuerNameFilter {
+
+ /**
+ * Applies some kind of filtering on the distinguished name. This can be used
+ * for normalization.
+ *
+ * @param name
+ * The original distinguished name.
+ * @return The new filtered distinguished name.
+ */
+ Name applyFilter(Name name);
+
+}
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMapping.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMapping.java new file mode 100644 index 0000000..502d88b --- /dev/null +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMapping.java @@ -0,0 +1,181 @@ +/**
+ * <copyright> Copyright 2006 by Know-Center, Graz, Austria </copyright>
+ * PDF-AS has been contracted by the E-Government Innovation Center EGIZ, a
+ * joint initiative of the Federal Chancellery Austria and Graz University of
+ * Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.knowcenter.wag.egov.egiz.ldap.client;
+
+import iaik.asn1.structures.Name;
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
+
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.Properties;
+
+import org.apache.log4j.Logger;
+
+/**
+ * @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a>
+ */
+public class LDAPMapping {
+
+ // constants
+ public static final String PROPERTIES_KEY_ISSUER_NAME = "issuer.name";
+ public static final String PROPERTIES_KEY_LDAP_URL = "ldap.url";
+ public static final String PROPERTIES_KEY_SERIAL_ATTR_NAME = "serialnumber.attrname";
+
+ private final Logger log = Logger.getLogger(getClass());
+ private static final iaik.x509.net.ldap.Handler LDAP_HANDLER;
+
+ // fields
+ private Name issuerName;
+ private URL ldapURL;
+ private String serialNumberAttrName;
+
+ // static initialization
+ static {
+ LDAP_HANDLER = new iaik.x509.net.ldap.Handler();
+ }
+
+ // constructors
+ protected LDAPMapping() {
+ this.setSerialNumberAttrName(LDAPClientImpl.DEFAULT_LDAP_ATTR_SERIAL_NUMBER);
+ }
+
+ public LDAPMapping(Name issuerName, URL ldapURL) {
+ this(issuerName, ldapURL, null);
+ }
+
+ public LDAPMapping(Name issuerName, URL ldapURL, String serialNumberAttrName) {
+ this();
+ this.setIssuerName(issuerName);
+ this.setLdapURL(ldapURL);
+ this.setSerialNumberAttrName(serialNumberAttrName);
+ }
+
+ public LDAPMapping(String issuerNameString, String ldapURLString) throws LDAPException {
+ this(issuerNameString, ldapURLString, null);
+ }
+
+ public LDAPMapping(String issuerNameString, String ldapURLString, String serialNumberAttrName) throws LDAPException {
+ this();
+ this.setIssuerName(issuerNameString);
+ this.setLdapURL(ldapURLString);
+ this.setSerialNumberAttrName(serialNumberAttrName);
+ }
+
+ public LDAPMapping(Properties properties) throws LDAPException {
+ this();
+ if (properties == null) {
+ throw new NullPointerException("Properties must not be null.");
+ }
+ String in = properties.getProperty(PROPERTIES_KEY_ISSUER_NAME);
+ String sn = properties.getProperty(PROPERTIES_KEY_LDAP_URL);
+ String snan = properties.getProperty(PROPERTIES_KEY_SERIAL_ATTR_NAME);
+ if (in == null || in.length() == 0) {
+ throw new LDAPException("Property \"" + PROPERTIES_KEY_ISSUER_NAME + "\" must not be null or empty.");
+ }
+ if (sn == null || sn.length() == 0) {
+ throw new LDAPException("Property \"" + PROPERTIES_KEY_LDAP_URL + "\" must not be null or empty.");
+ }
+ this.setIssuerName(in);
+ this.setLdapURL(sn);
+ this.setSerialNumberAttrName(snan);
+ }
+
+ // getter/setter
+ public Name getIssuerName() {
+ return this.issuerName;
+ }
+
+ public String getIssuerNameAsString() {
+ return this.issuerName.getName();
+ }
+
+ public void setIssuerName(Name issuerName) {
+ if (issuerName == null) {
+ throw new NullPointerException("Issuer name must not be null.");
+ }
+ this.issuerName = issuerName;
+ }
+
+ public void setIssuerName(String issuerNameString) throws LDAPException {
+ RFC2253NameParser parser = new RFC2253NameParser(issuerNameString.trim());
+ try {
+ this.setIssuerName(parser.parse());
+ } catch (RFC2253NameParserException e) {
+ throw new LDAPException(e);
+ }
+ }
+
+ public URL getLdapURL() {
+ return this.ldapURL;
+ }
+
+ public void setLdapURL(URL ldapURL) {
+ if (ldapURL == null) {
+ throw new NullPointerException("LDAP url must not be null.");
+ }
+ this.ldapURL = ldapURL;
+ }
+
+ public void setLdapURL(String ldapURLString) throws LDAPException {
+ try {
+ this.setLdapURL(new URL(null, ldapURLString.trim(), LDAP_HANDLER));
+ } catch (MalformedURLException e) {
+ throw new LDAPException(e);
+ }
+ }
+
+ public String getSerialNumberAttrName() {
+ return this.serialNumberAttrName;
+ }
+
+ public void setSerialNumberAttrName(String serialNumberAttrName) {
+ if (serialNumberAttrName != null && serialNumberAttrName.length() == 0) {
+ throw new IllegalArgumentException("Serial number attribute name must not be empty");
+ }
+ this.serialNumberAttrName = serialNumberAttrName != null ? serialNumberAttrName.trim() : LDAPClientImpl.DEFAULT_LDAP_ATTR_SERIAL_NUMBER;
+ }
+
+ // misc
+ public void validateData() throws LDAPException {
+ if (this.issuerName == null) {
+ throw new LDAPException("Issuer name must not be null.");
+ }
+ if (this.ldapURL == null) {
+ throw new LDAPException("LDAP url must not be null.");
+ }
+ if (serialNumberAttrName == null || serialNumberAttrName.length() == 0) {
+ throw new LDAPException("Serial number attribute name must not be null or empty");
+ }
+ }
+
+ public String toString() {
+ StringBuffer buffer = new StringBuffer();
+ buffer.append("issuerName = ").append(this.issuerName != null ? this.issuerName.getName() : null);
+ buffer.append(", ldapURL = ").append(this.ldapURL);
+ buffer.append(", serialNumberAttrName = ").append(this.serialNumberAttrName);
+ return buffer.toString();
+ }
+
+}
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMappingStore.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMappingStore.java new file mode 100644 index 0000000..f36dc8c --- /dev/null +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMappingStore.java @@ -0,0 +1,102 @@ +/**
+ * <copyright> Copyright 2006 by Know-Center, Graz, Austria </copyright>
+ * PDF-AS has been contracted by the E-Government Innovation Center EGIZ, a
+ * joint initiative of the Federal Chancellery Austria and Graz University of
+ * Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.knowcenter.wag.egov.egiz.ldap.client;
+
+import iaik.asn1.structures.Name;
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
+
+import java.util.ArrayList;
+import java.util.Hashtable;
+import java.util.List;
+
+import org.apache.log4j.Logger;
+
+/**
+ * @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a>
+ */
+public class LDAPMappingStore {
+
+// private Hashtable<Name, LDAPMapping> storedMappings;
+ private Hashtable storedMappings;
+ private LDAPIssuerNameFilter issuerNameFilter;
+ private Logger log = Logger.getLogger(getClass());
+
+ public LDAPMappingStore(LDAPIssuerNameFilter issuerNameFilter) {
+ this.storedMappings = new Hashtable();
+ this.issuerNameFilter = issuerNameFilter;
+ }
+
+ public LDAPMappingStore() {
+ this(null);
+ }
+
+ public void clearStore() {
+ this.storedMappings = new Hashtable();
+ }
+
+ public boolean isEmpty() {
+ return this.storedMappings.isEmpty();
+ }
+
+ public boolean isLDAPIssuerNameFilter() {
+ return this.issuerNameFilter != null;
+ }
+
+ public void addMapping(LDAPMapping mapping) {
+ Name name = mapping.getIssuerName();
+ if (issuerNameFilter != null) {
+ name = this.issuerNameFilter.applyFilter(name);
+ }
+ List mappingList = (List) this.storedMappings.get(name);
+ if (mappingList == null) {
+ mappingList = new ArrayList();
+ this.storedMappings.put(name, mappingList);
+ }
+ log.debug("Adding mapping \"" + mapping + "\" for \"" + name.getName() + "\".");
+ mappingList.add(mapping);
+ }
+
+ public List getMappings(Name name) {
+ if (issuerNameFilter != null) {
+ name = this.issuerNameFilter.applyFilter(name);
+ }
+ return (List) this.storedMappings.get(name);
+ }
+
+ public List getMappings(String nameString) throws LDAPException {
+ RFC2253NameParser parser = new RFC2253NameParser(nameString);
+ Name name;
+ try {
+ name = parser.parse();
+ } catch (RFC2253NameParserException e) {
+ throw new LDAPException(e);
+ }
+ if (issuerNameFilter != null) {
+ name = this.issuerNameFilter.applyFilter(name);
+ }
+ return this.getMappings(name);
+ }
+
+}
|