diff options
Diffstat (limited to 'src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java')
| -rw-r--r-- | src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java | 175 |
1 files changed, 175 insertions, 0 deletions
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java new file mode 100644 index 0000000..3dae9ae --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java @@ -0,0 +1,175 @@ +package at.knowcenter.wag.egov.egiz.ldap.client;
+
+import iaik.x509.X509Certificate;
+import iaik.x509.net.ldap.LdapURLConnection;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.net.MalformedURLException;
+import java.net.URL;
+
+public final class LDAPClientImpl implements LDAPClient {
+
+ // constants
+ protected static final String DEFAULT_LDAP_ATTR_SERIAL_NUMBER = "eidCertificateSerialNumber";
+ private static final iaik.x509.net.ldap.Handler LDAP_HANDLER = new iaik.x509.net.ldap.Handler();
+
+ // fields
+ private URL url;
+ private String serialNumberAttrName;
+
+ // constructors
+ protected LDAPClientImpl() {
+ this.setSerialNumberAttrName(DEFAULT_LDAP_ATTR_SERIAL_NUMBER);
+ }
+
+ protected LDAPClientImpl(URL url) {
+ this();
+ this.setUrl(url);
+ }
+
+ protected LDAPClientImpl(String urlString) throws LDAPException {
+ this();
+ try {
+ this.setUrl(new URL(null, urlString, LDAP_HANDLER));
+ } catch (MalformedURLException e) {
+ throw new LDAPException(e);
+ }
+ }
+
+ protected LDAPClientImpl(LDAPMapping ldapMapping) {
+ this();
+ this.setUrl(ldapMapping.getLdapURL());
+ this.setSerialNumberAttrName(ldapMapping.getSerialNumberAttrName());
+ }
+
+
+ // getter/setter
+
+ /*
+ * @see at.iaik.commons.ldap.LDAPClient#getUrl()
+ */
+ public URL getUrl() {
+ return this.url;
+ }
+
+ /*
+ * @see at.iaik.commons.ldap.LDAPClient#setUrl(java.net.URL)
+ */
+ public void setUrl(URL ldapURL) {
+ if (ldapURL == null) {
+ throw new NullPointerException("LDAP url must not be null.");
+ }
+ this.url = ldapURL;
+ }
+
+ /*
+ * @see at.iaik.commons.ldap.LDAPClient#getSerialNumberAttrName()
+ */
+ public String getSerialNumberAttrName() {
+ return this.serialNumberAttrName;
+ }
+
+ /*
+ * @see at.iaik.commons.ldap.LDAPClient#setSerialNumberAttrName(java.lang.String)
+ */
+ public void setSerialNumberAttrName(String serialNumberAttrName) {
+ if (serialNumberAttrName != null && serialNumberAttrName.length() == 0) {
+ throw new IllegalArgumentException("Serial number attribute name must not be empty");
+ }
+ this.serialNumberAttrName = serialNumberAttrName != null ? serialNumberAttrName : DEFAULT_LDAP_ATTR_SERIAL_NUMBER;
+ }
+
+ // service methods
+
+ /*
+ * @see at.iaik.commons.ldap.LDAPClient#retrieveCertificates(java.lang.String)
+ */
+ public X509Certificate[] retrieveCertificates(String filter) throws LDAPException {
+ if (filter == null) {
+ throw new NullPointerException("Filter string must not be null.");
+ }
+ if (filter.length() == 0) {
+ throw new IllegalArgumentException("Filter string must not be empty.");
+ }
+
+ X509Certificate[] certs = new X509Certificate[] { };
+ LdapURLConnection ldapURLConnection = null;
+ try {
+ this.validateData();
+ ldapURLConnection = (LdapURLConnection) this.url.openConnection();
+
+ // search for end enity certificates
+ ldapURLConnection.setRequestProperty(
+ LdapURLConnection.RP_ATTRIBUTE_DESCRIPTION,
+ LdapURLConnection.AD_USER_CERTIFICATE
+ );
+
+ // search subtree
+ ldapURLConnection.setRequestProperty(
+ LdapURLConnection.RP_SEARCH_SCOPE,
+ LdapURLConnection.SEARCH_SCOPE_SUBTREE
+ );
+
+ //set filter
+ ldapURLConnection.setRequestProperty(
+ LdapURLConnection.RP_FILTER,
+ filter
+ );
+
+ // connect to the ldap server an read results
+ certs = (X509Certificate[]) ldapURLConnection.getContent();
+ } catch (IOException e) {
+ throw new LDAPException(e);
+ } finally {
+ if (ldapURLConnection != null) {
+ ldapURLConnection.disconnect();
+ }
+ }
+ return certs;
+ }
+
+ /*
+ * @see at.iaik.commons.ldap.LDAPClient#retrieveCertificate(java.math.BigInteger)
+ */
+ public X509Certificate retrieveCertificate(BigInteger serialNumber) throws LDAPException {
+ if (serialNumber == null) {
+ throw new NullPointerException("Serial number must not be null");
+ }
+ this.validateData();
+ X509Certificate[] certs = retrieveCertificates("(" + this.serialNumberAttrName + "=" + serialNumber + ")");
+ if (certs.length > 1) {
+ throw new LDAPException("There was more than one certificate with serial number " + serialNumber + ".");
+ } else if (certs.length == 0) {
+ return null;
+ }
+ return certs[0];
+ }
+
+ // misc
+ public void validateData() throws LDAPException {
+ if (this.url == null) {
+ throw new LDAPException("LDAP URL must not be null.");
+ }
+ if (this.serialNumberAttrName == null || this.serialNumberAttrName.length() == 0) {
+ throw new LDAPException("LDAP key for serial number is null or empty.");
+ }
+ }
+
+ @Override
+ public String toString() {
+ StringBuffer buffer = new StringBuffer();
+ buffer.append("ldapURL = ").append(this.url);
+ buffer.append(", serialNumberAttrName = ").append(this.serialNumberAttrName);
+ boolean dataValid;
+ try {
+ this.validateData();
+ dataValid = true;
+ } catch (LDAPException e) {
+ dataValid = false;
+ }
+ buffer.append("; data seems to be ").append(dataValid ? "valid" : "invalid");
+ return buffer.toString();
+ }
+
+}
|