aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/at/knowcenter/wag/egov/egiz/ldap
diff options
context:
space:
mode:
authortknall <tknall@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c>2006-12-13 10:31:02 +0000
committertknall <tknall@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c>2006-12-13 10:31:02 +0000
commitc9f44ea347a9d7a1c1372693bffcfa3901c48dc4 (patch)
treeca53d9f2bc3cd5fa12cfeff86060912b29debb79 /src/main/java/at/knowcenter/wag/egov/egiz/ldap
parent5831b59334060bd49739c1c49365da16cff49c96 (diff)
downloadpdf-as-3-c9f44ea347a9d7a1c1372693bffcfa3901c48dc4.tar.gz
pdf-as-3-c9f44ea347a9d7a1c1372693bffcfa3901c48dc4.tar.bz2
pdf-as-3-c9f44ea347a9d7a1c1372693bffcfa3901c48dc4.zip
LDAP support added
git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@17 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c
Diffstat (limited to 'src/main/java/at/knowcenter/wag/egov/egiz/ldap')
-rw-r--r--src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIException.java55
-rw-r--r--src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactory.java30
-rw-r--r--src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactoryImpl.java62
-rw-r--r--src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIImpl.java106
-rw-r--r--src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClient.java65
-rw-r--r--src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactory.java119
-rw-r--r--src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactoryImpl.java85
-rw-r--r--src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java175
-rw-r--r--src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPException.java26
-rw-r--r--src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMapping.java155
10 files changed, 878 insertions, 0 deletions
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIException.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIException.java
new file mode 100644
index 0000000..4f2e363
--- /dev/null
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIException.java
@@ -0,0 +1,55 @@
+package at.knowcenter.wag.egov.egiz.ldap.api;
+
+/**
+ * @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a>
+ */
+public class LDAPAPIException extends Exception {
+
+ private static final long serialVersionUID = 1L;
+
+ private Exception exception;
+
+ public Exception getException() {
+ return this.exception;
+ }
+
+ public String getMessage() {
+ String message = super.getMessage();
+ if (message == null && exception != null) {
+ return exception.getMessage();
+ } else {
+ return message;
+ }
+ }
+
+ public LDAPAPIException(String message, Exception exception) {
+ super(message);
+ this.exception = exception;
+ }
+
+ public LDAPAPIException(String message) {
+ super(message);
+ this.exception = null;
+ }
+
+ public LDAPAPIException(Exception exception) {
+ super();
+ this.exception = exception;
+ }
+
+ public LDAPAPIException() {
+ super();
+ this.exception = null;
+
+ }
+
+ @Override
+ public String toString() {
+ if (exception != null) {
+ return exception.toString();
+ } else {
+ return super.toString();
+ }
+ }
+
+}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactory.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactory.java
new file mode 100644
index 0000000..ba58908
--- /dev/null
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactory.java
@@ -0,0 +1,30 @@
+package at.knowcenter.wag.egov.egiz.ldap.api;
+
+import iaik.security.ecc.provider.ECCProvider;
+import at.knowcenter.wag.egov.egiz.sig.LDAPAPI;
+
+/**
+ * @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a>
+ */
+public abstract class LDAPAPIFactory {
+
+ private static LDAPAPIFactory ldapAPIfactoryInstance;
+
+ protected LDAPAPIFactory() {
+ ECCProvider.addAsProvider();
+ }
+
+ public static synchronized LDAPAPIFactory getInstance() {
+ if (ldapAPIfactoryInstance == null) {
+ ldapAPIfactoryInstance = new LDAPAPIFactoryImpl();
+ }
+ return ldapAPIfactoryInstance;
+ }
+
+ public synchronized LDAPAPI createLDAPAPI() throws LDAPAPIException {
+ return createLDAPAPI(null);
+ }
+
+ public abstract LDAPAPI createLDAPAPI(String implClassURI) throws LDAPAPIException;
+
+}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactoryImpl.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactoryImpl.java
new file mode 100644
index 0000000..340b54a
--- /dev/null
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactoryImpl.java
@@ -0,0 +1,62 @@
+package at.knowcenter.wag.egov.egiz.ldap.api;
+
+import java.util.Hashtable;
+
+import org.apache.log4j.Logger;
+
+import at.knowcenter.wag.egov.egiz.sig.LDAPAPI;
+
+/**
+ * @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a>
+ */
+public class LDAPAPIFactoryImpl extends LDAPAPIFactory {
+
+ private static final Logger log = Logger.getLogger(LDAPAPIFactoryImpl.class);
+
+ private Hashtable<String, LDAPAPI> ldapImpls;
+
+ protected LDAPAPIFactoryImpl() {
+ ldapImpls = new Hashtable<String, LDAPAPI>();
+ }
+
+ private static LDAPAPI instantiatelAPIImpl(String implClassURI) throws LDAPAPIException {
+ if (implClassURI == null) {
+ throw new NullPointerException("URI of implementing class must not be null.");
+ }
+ if (implClassURI.length() == 0) {
+ throw new IllegalArgumentException("URI of implementing class must not be empty.");
+ }
+ log.info("Trying to instantiate \"" + LDAPAPI.class.getName() + "\" implementation \"" + implClassURI + "\"...");
+ LDAPAPI ldapAPIImpl = null;
+ try {
+ Class clazz = Class.forName(implClassURI);
+ Object ldapAPIImplObj = clazz.newInstance();
+ if (!(ldapAPIImplObj instanceof LDAPAPI)) {
+ throw new LDAPAPIException("Declared class does not implement \"" + LDAPAPI.class.getName() + "\".");
+ }
+ ldapAPIImpl = (LDAPAPI) ldapAPIImplObj;
+ log.info("LDAPAPI implementation successfully instantiated.");
+ } catch (InstantiationException e) {
+ throw new LDAPAPIException("Declared implementation of \"" + LDAPAPI.class.getName() + "\" cannot be instantiated.");
+ } catch (IllegalAccessException e) {
+ throw new LDAPAPIException("Declared implementation of \"" + LDAPAPI.class.getName() + "\" cannot be instantiated (illegal access).");
+ } catch (ClassNotFoundException e) {
+ throw new LDAPAPIException("Unable to find class \"" + implClassURI + "\" as implementation of \"" + LDAPAPI.class.getName() + "\".");
+ }
+ return ldapAPIImpl;
+ }
+
+ public synchronized LDAPAPI createLDAPAPI(String implClassURI) throws LDAPAPIException {
+ if (implClassURI == null || implClassURI.length() == 0) {
+ // use internal implementation
+ implClassURI = LDAPAPIImpl.class.getName();
+ }
+ LDAPAPI impl = ldapImpls.get(implClassURI);
+ if (impl == null) {
+ impl = instantiatelAPIImpl(implClassURI);
+ ldapImpls.put(implClassURI, impl);
+ }
+ return impl;
+ }
+
+}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIImpl.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIImpl.java
new file mode 100644
index 0000000..96409f6
--- /dev/null
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIImpl.java
@@ -0,0 +1,106 @@
+package at.knowcenter.wag.egov.egiz.ldap.api;
+
+import iaik.utils.Util;
+import iaik.x509.X509Certificate;
+
+import java.math.BigInteger;
+import java.util.Iterator;
+import java.util.List;
+
+import org.apache.log4j.Logger;
+
+import at.knowcenter.wag.egov.egiz.cfg.SettingsReader;
+import at.knowcenter.wag.egov.egiz.exceptions.NormalizeException;
+import at.knowcenter.wag.egov.egiz.exceptions.SettingNotFoundException;
+import at.knowcenter.wag.egov.egiz.exceptions.SettingsException;
+import at.knowcenter.wag.egov.egiz.ldap.client.LDAPClient;
+import at.knowcenter.wag.egov.egiz.ldap.client.LDAPClientFactory;
+import at.knowcenter.wag.egov.egiz.ldap.client.LDAPException;
+import at.knowcenter.wag.egov.egiz.ldap.client.LDAPMapping;
+import at.knowcenter.wag.egov.egiz.sig.LDAPAPI;
+import at.knowcenter.wag.egov.egiz.sig.SignatureObject;
+import at.knowcenter.wag.egov.egiz.tools.Normalizer;
+
+/**
+ * @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a>
+ */
+public class LDAPAPIImpl implements LDAPAPI {
+
+ private final Logger log = Logger.getLogger(getClass());
+
+ /**
+ * Prefix for specific entry in config properties file.
+ */
+ private static final String PROP_LDAP_PREFIX = "ldap_mapping";
+ private static final String PROP_ISSUER_NAME_POSTFIX = "issuer_name";
+ private static final String PROP_LDAP_URL_POSTFIX = "url";
+ private static final String PROP_SERIAL_ATTR_POSTFIX = "serial_attr";
+
+ private static final String LDAP_FACTORY_IDENTIFIER = "PDF-AS LDAP Support";
+ private LDAPClientFactory ldapClientFactory;
+
+ protected LDAPAPIImpl() {
+ try {
+ SettingsReader settings = SettingsReader.getInstance();
+
+ ldapClientFactory = LDAPClientFactory.getInstance(LDAP_FACTORY_IDENTIFIER);
+ // configure normalization of issuer according to method
+ // normalizeIssuer(String) of at.knowcenter.wag.egov.egiz.sig.SignatureObject
+ ldapClientFactory.setWhiteSpaceRemoval(true);
+ ldapClientFactory.setNormalizer(new Normalizer().getInstance());
+
+ List mappingKeys = settings.getKeys(PROP_LDAP_PREFIX);
+ if (mappingKeys != null) {
+ Iterator it = mappingKeys.iterator();
+ while (it.hasNext()) {
+ String keyPrefix = PROP_LDAP_PREFIX + "." + (String) it.next() + ".";
+ String issuerName = settings.getSetting(keyPrefix + PROP_ISSUER_NAME_POSTFIX);
+ String ldapURL = settings.getSetting(keyPrefix + PROP_LDAP_URL_POSTFIX);
+ String serialAttr = settings.getSetting(keyPrefix + PROP_SERIAL_ATTR_POSTFIX, null);
+
+ LDAPMapping ldapMapping = new LDAPMapping(issuerName, ldapURL, serialAttr);
+ ldapClientFactory.registerMapping(ldapMapping);
+ }
+ } else {
+ StringBuffer buffer = new StringBuffer();
+ buffer.append(PROP_LDAP_PREFIX).append(".foo.").append(PROP_ISSUER_NAME_POSTFIX).append(", ");
+ buffer.append(PROP_LDAP_PREFIX).append(".foo.").append(PROP_LDAP_URL_POSTFIX).append(", ");
+ buffer.append(PROP_LDAP_PREFIX).append(".foo.").append(PROP_SERIAL_ATTR_POSTFIX);
+ log.warn("There are no LDAP mappings (" + buffer.toString() + ") declared within config file.");
+ }
+
+ } catch (SettingsException e) {
+ log.error(e);
+ } catch (SettingNotFoundException e) {
+ log.error(e);
+ } catch (LDAPException e) {
+ log.error(e);
+ } catch (NormalizeException e) {
+ log.error(e);
+ };
+ }
+
+ public String getURL(String issuer) {
+ String url = null;
+ try {
+ LDAPClient client = ldapClientFactory.createClient(issuer);
+ url = client.getUrl().toString();
+ } catch (LDAPException e) {
+ log.error(e);
+ }
+ return url;
+ }
+
+ public byte[] loadBase64CertificateFromLDAP(String serialNumber, String issuer) {
+ byte[] base64CertData = null;
+ try {
+ LDAPClient client = ldapClientFactory.createClient(issuer);
+ X509Certificate x509certificate = client.retrieveCertificate(new BigInteger(serialNumber));
+ base64CertData = Util.Base64Encode(x509certificate.toByteArray());
+ } catch (LDAPException e) {
+ log.error(e);
+ }
+ return base64CertData;
+ }
+
+}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClient.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClient.java
new file mode 100644
index 0000000..12f69fd
--- /dev/null
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClient.java
@@ -0,0 +1,65 @@
+package at.knowcenter.wag.egov.egiz.ldap.client;
+
+import iaik.x509.X509Certificate;
+
+import java.math.BigInteger;
+import java.net.URL;
+
+/**
+ * @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a>
+ */
+public interface LDAPClient {
+
+ /**
+ * Returns the ldap url this client was registered for.
+ *
+ * @return The ldap url linked with this client.
+ */
+ URL getUrl();
+
+ /**
+ * Sets the ldap url this client should be registered for.
+ *
+ * @param ldapURL
+ * The ldap url linked with this client.
+ */
+ void setUrl(URL ldapURL);
+
+ /**
+ * Returns the attribute name that represents the serial number.
+ *
+ * @return The attribute name representing the serial number.
+ */
+ String getSerialNumberAttrName();
+
+ /**
+ * Sets the attribute name that represents the serial number.
+ *
+ * @param serialNumberAttrName
+ * The attribute name representing the serial number.
+ */
+ void setSerialNumberAttrName(String serialNumberAttrName);
+
+ /**
+ * Retrieves the certificate(s) matching the filter {@code filter}.
+ *
+ * @param filter
+ * The filter for the ldap request.
+ * @return An array of certificates matching the filter {@code filter}.
+ * @throws LDAPException
+ * Is thrown in case of error.
+ */
+ X509Certificate[] retrieveCertificates(String filter) throws LDAPException;
+
+ /**
+ * Retriebes the certificate with the serial number {@code serialNumber}.
+ *
+ * @param serialNumber
+ * The serial number of the required certificate.
+ * @return The certificate with the serial number {@code serialNumber}.
+ * @throws LDAPException
+ * Is thrown in case of error.
+ */
+ X509Certificate retrieveCertificate(BigInteger serialNumber) throws LDAPException;
+
+}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactory.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactory.java
new file mode 100644
index 0000000..3a5ec2d
--- /dev/null
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactory.java
@@ -0,0 +1,119 @@
+package at.knowcenter.wag.egov.egiz.ldap.client;
+
+import java.util.Hashtable;
+import java.util.Iterator;
+
+import org.apache.log4j.Logger;
+
+import at.knowcenter.wag.egov.egiz.tools.Normalize;
+
+
+/**
+ * @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a>
+ */
+public abstract class LDAPClientFactory {
+
+ private final Logger log = Logger.getLogger(getClass());
+
+ private static Hashtable<String, LDAPClientFactory> ldapClientFactoryInstances = new Hashtable<String, LDAPClientFactory>();
+
+ protected static final String DEFAULT_IDENTIFIER = "DEFAULT_IDENTIFIER";
+
+ private Hashtable<String, LDAPMapping> registeredMappings;
+ private boolean hasBeenConfigured;
+ private Normalize normalizer;
+ private boolean whiteSpaceRemoval;
+
+ protected LDAPClientFactory() {
+ this.registeredMappings = new Hashtable<String, LDAPMapping>();
+ this.hasBeenConfigured = false;
+ this.normalizer = null;
+ this.whiteSpaceRemoval = false;
+ }
+
+ public void resetMappings() {
+ this.registeredMappings = new Hashtable<String, LDAPMapping>();
+ this.hasBeenConfigured = false;
+ }
+
+ public boolean hasBeenConfigured() {
+ return this.hasBeenConfigured;
+ }
+
+ public LDAPMapping getMapping(String issuerName) {
+ return this.registeredMappings.get(applyFilter(issuerName));
+ }
+
+ protected Normalize getNormalizer() {
+ return this.normalizer;
+ }
+
+ public synchronized void registerMappings(Iterable<LDAPMapping> iterable) {
+ Iterator<LDAPMapping> it = iterable.iterator();
+ if (!it.hasNext()) {
+ log.warn("There were no ldap mappings provided.");
+ } else {
+ this.hasBeenConfigured = true;
+ }
+ while (it.hasNext()) {
+ this.registerMapping(it.next());
+ }
+ }
+
+ public synchronized void registerMapping(LDAPMapping... ldapMappings) {
+ if (ldapMappings.length == 0) {
+ log.warn("There were no ldap mappings provided.");
+ } else {
+ this.hasBeenConfigured = true;
+ }
+ for (LDAPMapping ldapMapping : ldapMappings) {
+ log.debug("Registering Mapping for " + LDAPClientFactory.class.getSimpleName() + ": " + ldapMapping + ".");
+ String issuerName = applyFilter(ldapMapping.getIssuerName().getName());
+ if (this.registeredMappings.containsKey(issuerName)) {
+ log.warn("Skipping mapping for issuer name \"" + issuerName + "\" because it has already been registered.");
+ } else {
+ this.registeredMappings.put(issuerName, ldapMapping);
+ }
+ }
+ }
+
+ public void setNormalizer(Normalize normalizer) throws LDAPException {
+ if (this.hasBeenConfigured) {
+ throw new LDAPException("It is not allowed to set a normalizer after mappings have been defined.");
+ }
+ this.normalizer = normalizer;
+ }
+
+ public void setWhiteSpaceRemoval(boolean whiteSpaceRemoval) throws LDAPException {
+ if (this.hasBeenConfigured) {
+ throw new LDAPException("It is not allowed to set whitespace removal after mappings have been defined.");
+ }
+ this.whiteSpaceRemoval = whiteSpaceRemoval;
+ }
+
+ private String applyFilter(String text) {
+ if (this.normalizer != null) {
+ text = this.normalizer.normalize(text);
+ }
+ if (this.whiteSpaceRemoval) {
+ text = text.replaceAll("\\s", "");
+ }
+ return text;
+ }
+
+ public static synchronized LDAPClientFactory getInstance(String idenfifier) {
+ LDAPClientFactory ldapClientFactoryInstance = ldapClientFactoryInstances.get(idenfifier);
+ if (ldapClientFactoryInstance == null) {
+ ldapClientFactoryInstance = new LDAPClientFactoryImpl();
+ ldapClientFactoryInstances.put(idenfifier, ldapClientFactoryInstance);
+ }
+ return ldapClientFactoryInstance;
+ }
+
+ public static synchronized LDAPClientFactory getInstance() {
+ return getInstance(DEFAULT_IDENTIFIER);
+ }
+
+ public abstract LDAPClient createClient(String issuerName) throws LDAPException;
+
+}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactoryImpl.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactoryImpl.java
new file mode 100644
index 0000000..88e39c8
--- /dev/null
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactoryImpl.java
@@ -0,0 +1,85 @@
+package at.knowcenter.wag.egov.egiz.ldap.client;
+
+import iaik.asn1.ObjectID;
+import iaik.asn1.structures.Name;
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
+
+import java.util.Hashtable;
+
+import org.apache.log4j.Logger;
+
+/**
+ * @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a>
+ */
+public final class LDAPClientFactoryImpl extends LDAPClientFactory {
+
+ private final Logger log = Logger.getLogger(getClass());
+
+ private Hashtable<String, LDAPClient> ldapClients;
+
+ protected LDAPClientFactoryImpl() {
+ this.ldapClients = new Hashtable<String, LDAPClient>();
+ }
+
+ public static String rfc2253Name2Domain(String nameString) throws RFC2253NameParserException {
+ RFC2253NameParser nameParser = new RFC2253NameParser(nameString);
+ return rfc2253Name2Domain(nameParser.parse());
+ }
+
+ public static String rfc2253Name2Domain(Name name) {
+ Object[] values = name.getRDNValues(ObjectID.domainComponent);
+ if (values == null) {
+ return null;
+ }
+ StringBuffer buffer = new StringBuffer();
+ for (int i = values.length - 1; i >= 0; i--) {
+ buffer.append(values[i]);
+ if (i > 0) {
+ buffer.append(".");
+ }
+ }
+ return buffer.toString();
+ }
+
+ private LDAPClient instantiateLDAPClient(String issuerName) throws LDAPException {
+ if (!super.hasBeenConfigured()) {
+ log.warn(super.getClass().getSimpleName() + " has not been configured yet.");
+ }
+ LDAPClient client = null;
+ LDAPMapping mapping = super.getMapping(issuerName);
+ if (mapping == null) {
+ try {
+ String alternativeURLString = rfc2253Name2Domain(issuerName);
+ if (alternativeURLString == null || alternativeURLString.length() == 0) {
+ throw new LDAPException("Neither issuer name \"" + issuerName + "\" has been registered nor domain components were provided.");
+ }
+ alternativeURLString = "ldap://" + alternativeURLString;
+ log.warn("Issuer name \"" + issuerName + "\" has not been registered; trying to instantiate client for url \"" + alternativeURLString + "\"...");
+ client = new LDAPClientImpl(alternativeURLString);
+ } catch (RFC2253NameParserException e) {
+ throw new LDAPException(e);
+ }
+ } else {
+ log.debug("Instantiating LDAP client for " + mapping + ".");
+ client = new LDAPClientImpl(mapping);
+ }
+ return client;
+ }
+
+ public synchronized LDAPClient createClient(String issuerName) throws LDAPException {
+ if (issuerName == null || issuerName.length() == 0) {
+ throw new NullPointerException("Issuer name must not be null or empty.");
+ }
+ if (super.getNormalizer() != null) {
+ issuerName = super.getNormalizer().normalize(issuerName);
+ }
+ LDAPClient ldapClient = ldapClients.get(issuerName);
+ if (ldapClient == null) {
+ ldapClient = instantiateLDAPClient(issuerName);
+ ldapClients.put(issuerName, ldapClient);
+ }
+ return ldapClient;
+ }
+
+}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java
new file mode 100644
index 0000000..3dae9ae
--- /dev/null
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java
@@ -0,0 +1,175 @@
+package at.knowcenter.wag.egov.egiz.ldap.client;
+
+import iaik.x509.X509Certificate;
+import iaik.x509.net.ldap.LdapURLConnection;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.net.MalformedURLException;
+import java.net.URL;
+
+public final class LDAPClientImpl implements LDAPClient {
+
+ // constants
+ protected static final String DEFAULT_LDAP_ATTR_SERIAL_NUMBER = "eidCertificateSerialNumber";
+ private static final iaik.x509.net.ldap.Handler LDAP_HANDLER = new iaik.x509.net.ldap.Handler();
+
+ // fields
+ private URL url;
+ private String serialNumberAttrName;
+
+ // constructors
+ protected LDAPClientImpl() {
+ this.setSerialNumberAttrName(DEFAULT_LDAP_ATTR_SERIAL_NUMBER);
+ }
+
+ protected LDAPClientImpl(URL url) {
+ this();
+ this.setUrl(url);
+ }
+
+ protected LDAPClientImpl(String urlString) throws LDAPException {
+ this();
+ try {
+ this.setUrl(new URL(null, urlString, LDAP_HANDLER));
+ } catch (MalformedURLException e) {
+ throw new LDAPException(e);
+ }
+ }
+
+ protected LDAPClientImpl(LDAPMapping ldapMapping) {
+ this();
+ this.setUrl(ldapMapping.getLdapURL());
+ this.setSerialNumberAttrName(ldapMapping.getSerialNumberAttrName());
+ }
+
+
+ // getter/setter
+
+ /*
+ * @see at.iaik.commons.ldap.LDAPClient#getUrl()
+ */
+ public URL getUrl() {
+ return this.url;
+ }
+
+ /*
+ * @see at.iaik.commons.ldap.LDAPClient#setUrl(java.net.URL)
+ */
+ public void setUrl(URL ldapURL) {
+ if (ldapURL == null) {
+ throw new NullPointerException("LDAP url must not be null.");
+ }
+ this.url = ldapURL;
+ }
+
+ /*
+ * @see at.iaik.commons.ldap.LDAPClient#getSerialNumberAttrName()
+ */
+ public String getSerialNumberAttrName() {
+ return this.serialNumberAttrName;
+ }
+
+ /*
+ * @see at.iaik.commons.ldap.LDAPClient#setSerialNumberAttrName(java.lang.String)
+ */
+ public void setSerialNumberAttrName(String serialNumberAttrName) {
+ if (serialNumberAttrName != null && serialNumberAttrName.length() == 0) {
+ throw new IllegalArgumentException("Serial number attribute name must not be empty");
+ }
+ this.serialNumberAttrName = serialNumberAttrName != null ? serialNumberAttrName : DEFAULT_LDAP_ATTR_SERIAL_NUMBER;
+ }
+
+ // service methods
+
+ /*
+ * @see at.iaik.commons.ldap.LDAPClient#retrieveCertificates(java.lang.String)
+ */
+ public X509Certificate[] retrieveCertificates(String filter) throws LDAPException {
+ if (filter == null) {
+ throw new NullPointerException("Filter string must not be null.");
+ }
+ if (filter.length() == 0) {
+ throw new IllegalArgumentException("Filter string must not be empty.");
+ }
+
+ X509Certificate[] certs = new X509Certificate[] { };
+ LdapURLConnection ldapURLConnection = null;
+ try {
+ this.validateData();
+ ldapURLConnection = (LdapURLConnection) this.url.openConnection();
+
+ // search for end enity certificates
+ ldapURLConnection.setRequestProperty(
+ LdapURLConnection.RP_ATTRIBUTE_DESCRIPTION,
+ LdapURLConnection.AD_USER_CERTIFICATE
+ );
+
+ // search subtree
+ ldapURLConnection.setRequestProperty(
+ LdapURLConnection.RP_SEARCH_SCOPE,
+ LdapURLConnection.SEARCH_SCOPE_SUBTREE
+ );
+
+ //set filter
+ ldapURLConnection.setRequestProperty(
+ LdapURLConnection.RP_FILTER,
+ filter
+ );
+
+ // connect to the ldap server an read results
+ certs = (X509Certificate[]) ldapURLConnection.getContent();
+ } catch (IOException e) {
+ throw new LDAPException(e);
+ } finally {
+ if (ldapURLConnection != null) {
+ ldapURLConnection.disconnect();
+ }
+ }
+ return certs;
+ }
+
+ /*
+ * @see at.iaik.commons.ldap.LDAPClient#retrieveCertificate(java.math.BigInteger)
+ */
+ public X509Certificate retrieveCertificate(BigInteger serialNumber) throws LDAPException {
+ if (serialNumber == null) {
+ throw new NullPointerException("Serial number must not be null");
+ }
+ this.validateData();
+ X509Certificate[] certs = retrieveCertificates("(" + this.serialNumberAttrName + "=" + serialNumber + ")");
+ if (certs.length > 1) {
+ throw new LDAPException("There was more than one certificate with serial number " + serialNumber + ".");
+ } else if (certs.length == 0) {
+ return null;
+ }
+ return certs[0];
+ }
+
+ // misc
+ public void validateData() throws LDAPException {
+ if (this.url == null) {
+ throw new LDAPException("LDAP URL must not be null.");
+ }
+ if (this.serialNumberAttrName == null || this.serialNumberAttrName.length() == 0) {
+ throw new LDAPException("LDAP key for serial number is null or empty.");
+ }
+ }
+
+ @Override
+ public String toString() {
+ StringBuffer buffer = new StringBuffer();
+ buffer.append("ldapURL = ").append(this.url);
+ buffer.append(", serialNumberAttrName = ").append(this.serialNumberAttrName);
+ boolean dataValid;
+ try {
+ this.validateData();
+ dataValid = true;
+ } catch (LDAPException e) {
+ dataValid = false;
+ }
+ buffer.append("; data seems to be ").append(dataValid ? "valid" : "invalid");
+ return buffer.toString();
+ }
+
+}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPException.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPException.java
new file mode 100644
index 0000000..ed897ea
--- /dev/null
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPException.java
@@ -0,0 +1,26 @@
+package at.knowcenter.wag.egov.egiz.ldap.client;
+
+/**
+ * @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a>
+ */
+public class LDAPException extends Exception {
+
+ private static final long serialVersionUID = 1L;
+
+ public LDAPException() {
+ super();
+ }
+
+ public LDAPException(Exception exception) {
+ super(exception);
+ }
+
+ public LDAPException(String message, Exception exception) {
+ super(message, exception);
+ }
+
+ public LDAPException(String message) {
+ super(message);
+ }
+
+}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMapping.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMapping.java
new file mode 100644
index 0000000..8a4ea93
--- /dev/null
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMapping.java
@@ -0,0 +1,155 @@
+package at.knowcenter.wag.egov.egiz.ldap.client;
+
+import iaik.asn1.structures.Name;
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
+
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.Properties;
+
+import org.apache.log4j.Logger;
+
+/**
+ * @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a>
+ */
+public class LDAPMapping {
+
+ // constants
+ public static final String PROPERTIES_KEY_ISSUER_NAME = "issuer.name";
+ public static final String PROPERTIES_KEY_LDAP_URL = "ldap.url";
+ public static final String PROPERTIES_KEY_SERIAL_ATTR_NAME = "serialnumber.attrname";
+
+ private final Logger log = Logger.getLogger(getClass());
+ private static final iaik.x509.net.ldap.Handler LDAP_HANDLER;
+
+ // fields
+ private Name issuerName;
+ private URL ldapURL;
+ private String serialNumberAttrName;
+
+ // static initialization
+ static {
+ LDAP_HANDLER = new iaik.x509.net.ldap.Handler();
+ }
+
+ // constructors
+ protected LDAPMapping() {
+ this.setSerialNumberAttrName(LDAPClientImpl.DEFAULT_LDAP_ATTR_SERIAL_NUMBER);
+ }
+
+ public LDAPMapping(Name issuerName, URL ldapURL) {
+ this(issuerName, ldapURL, null);
+ }
+
+ public LDAPMapping(Name issuerName, URL ldapURL, String serialNumberAttrName) {
+ this();
+ this.setIssuerName(issuerName);
+ this.setLdapURL(ldapURL);
+ this.setSerialNumberAttrName(serialNumberAttrName);
+ }
+
+ public LDAPMapping(String issuerNameString, String ldapURLString) throws LDAPException {
+ this(issuerNameString, ldapURLString, null);
+ }
+
+ public LDAPMapping(String issuerNameString, String ldapURLString, String serialNumberAttrName) throws LDAPException {
+ this();
+ this.setIssuerName(issuerNameString);
+ this.setLdapURL(ldapURLString);
+ this.setSerialNumberAttrName(serialNumberAttrName);
+ }
+
+ public LDAPMapping(Properties properties) throws LDAPException {
+ this();
+ if (properties == null) {
+ throw new NullPointerException("Properties must not be null.");
+ }
+ String in = properties.getProperty(PROPERTIES_KEY_ISSUER_NAME);
+ String sn = properties.getProperty(PROPERTIES_KEY_LDAP_URL);
+ String snan = properties.getProperty(PROPERTIES_KEY_SERIAL_ATTR_NAME);
+ if (in == null || in.length() == 0) {
+ throw new LDAPException("Property \"" + PROPERTIES_KEY_ISSUER_NAME + "\" must not be null or empty.");
+ }
+ if (sn == null || sn.length() == 0) {
+ throw new LDAPException("Property \"" + PROPERTIES_KEY_LDAP_URL + "\" must not be null or empty.");
+ }
+ this.setIssuerName(in);
+ this.setLdapURL(sn);
+ this.setSerialNumberAttrName(snan);
+ }
+
+ // getter/setter
+ public Name getIssuerName() {
+ return this.issuerName;
+ }
+
+ public void setIssuerName(Name issuerName) {
+ if (issuerName == null) {
+ throw new NullPointerException("Issuer name must not be null.");
+ }
+ this.issuerName = issuerName;
+ }
+
+ public void setIssuerName(String issuerNameString) throws LDAPException {
+ RFC2253NameParser parser = new RFC2253NameParser(issuerNameString.trim());
+ try {
+ this.setIssuerName(parser.parse());
+ } catch (RFC2253NameParserException e) {
+ throw new LDAPException(e);
+ }
+ }
+
+ public URL getLdapURL() {
+ return this.ldapURL;
+ }
+
+ public void setLdapURL(URL ldapURL) {
+ if (ldapURL == null) {
+ throw new NullPointerException("LDAP url must not be null.");
+ }
+ this.ldapURL = ldapURL;
+ }
+
+ public void setLdapURL(String ldapURLString) throws LDAPException {
+ try {
+ this.setLdapURL(new URL(null, ldapURLString.trim(), LDAP_HANDLER));
+ } catch (MalformedURLException e) {
+ throw new LDAPException(e);
+ }
+ }
+
+ public String getSerialNumberAttrName() {
+ return this.serialNumberAttrName;
+ }
+
+ public void setSerialNumberAttrName(String serialNumberAttrName) {
+ if (serialNumberAttrName != null && serialNumberAttrName.length() == 0) {
+ throw new IllegalArgumentException("Serial number attribute name must not be empty");
+ }
+ this.serialNumberAttrName = serialNumberAttrName != null ? serialNumberAttrName.trim() : LDAPClientImpl.DEFAULT_LDAP_ATTR_SERIAL_NUMBER;
+ }
+
+ // misc
+ public void validateData() throws LDAPException {
+ if (this.issuerName == null) {
+ throw new LDAPException("Issuer name must not be null.");
+ }
+ if (this.ldapURL == null) {
+ throw new LDAPException("LDAP url must not be null.");
+ }
+ if (serialNumberAttrName == null || serialNumberAttrName.length() == 0) {
+ throw new LDAPException("Serial number attribute name must not be null or empty");
+ }
+ }
+
+ @Override
+ public String toString() {
+ StringBuffer buffer = new StringBuffer();
+ buffer.append("issuerName = ").append(this.issuerName != null ? this.issuerName.getName() : null);
+ buffer.append(", ldapURL = ").append(this.ldapURL);
+ buffer.append(", serialNumberAttrName = ").append(this.serialNumberAttrName);
+ return buffer.toString();
+ }
+
+}