diff options
Diffstat (limited to 'src/main/java')
6 files changed, 595 insertions, 0 deletions
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClient.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClient.java new file mode 100644 index 0000000..12f69fd --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClient.java @@ -0,0 +1,65 @@ +package at.knowcenter.wag.egov.egiz.ldap.client;
+
+import iaik.x509.X509Certificate;
+
+import java.math.BigInteger;
+import java.net.URL;
+
+/**
+ * @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a>
+ */
+public interface LDAPClient {
+
+ /**
+ * Returns the ldap url this client was registered for.
+ *
+ * @return The ldap url linked with this client.
+ */
+ URL getUrl();
+
+ /**
+ * Sets the ldap url this client should be registered for.
+ *
+ * @param ldapURL
+ * The ldap url linked with this client.
+ */
+ void setUrl(URL ldapURL);
+
+ /**
+ * Returns the attribute name that represents the serial number.
+ *
+ * @return The attribute name representing the serial number.
+ */
+ String getSerialNumberAttrName();
+
+ /**
+ * Sets the attribute name that represents the serial number.
+ *
+ * @param serialNumberAttrName
+ * The attribute name representing the serial number.
+ */
+ void setSerialNumberAttrName(String serialNumberAttrName);
+
+ /**
+ * Retrieves the certificate(s) matching the filter {@code filter}.
+ *
+ * @param filter
+ * The filter for the ldap request.
+ * @return An array of certificates matching the filter {@code filter}.
+ * @throws LDAPException
+ * Is thrown in case of error.
+ */
+ X509Certificate[] retrieveCertificates(String filter) throws LDAPException;
+
+ /**
+ * Retriebes the certificate with the serial number {@code serialNumber}.
+ *
+ * @param serialNumber
+ * The serial number of the required certificate.
+ * @return The certificate with the serial number {@code serialNumber}.
+ * @throws LDAPException
+ * Is thrown in case of error.
+ */
+ X509Certificate retrieveCertificate(BigInteger serialNumber) throws LDAPException;
+
+}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactory.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactory.java new file mode 100644 index 0000000..f8ce4f2 --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactory.java @@ -0,0 +1,87 @@ +package at.knowcenter.wag.egov.egiz.ldap.client;
+
+import iaik.asn1.structures.Name;
+
+import java.util.Hashtable;
+
+import org.apache.log4j.Logger;
+
+
+/**
+ * @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a>
+ */
+public abstract class LDAPClientFactory {
+
+ private final Logger log = Logger.getLogger(getClass());
+
+ protected static final String DEFAULT_IDENTIFIER = "default LDAPClientFactory";
+
+ /**
+ * Mapping of category/identifier to LDAPClientFactory.
+ * Allows the usage of multiple independently configured LDAPClientFactoryImpls.
+ */
+ private static Hashtable<String, LDAPClientFactory> ldapClientFactoryInstances = new Hashtable<String, LDAPClientFactory>();
+
+ private LDAPMappingStore ldapMappingStore;
+
+ protected LDAPClientFactory() {
+ this.ldapMappingStore = new LDAPMappingStore();
+ }
+
+ public LDAPMapping getMapping(String issuerName) throws LDAPException {
+ return this.ldapMappingStore.getMapping(issuerName);
+ }
+
+ public LDAPMapping getMapping(Name name) {
+ return this.ldapMappingStore.getMapping(name);
+ }
+
+ public void resetMappings() {
+ this.ldapMappingStore.clearStore();
+ }
+
+ public boolean hasBeenConfigured() {
+ return !this.ldapMappingStore.isEmpty();
+ }
+
+ public synchronized void registerMappings(Iterable<LDAPMapping> iterable) {
+ if (!iterable.iterator().hasNext()) {
+ log.warn("There were no ldap mappings provided.");
+ }
+ this.ldapMappingStore.storeMappings(iterable);
+ }
+
+ public synchronized void registerMapping(LDAPMapping... ldapMappings) {
+ if (ldapMappings.length == 0) {
+ log.warn("There were no ldap mappings provided.");
+ }
+ this.ldapMappingStore.storeMapping(ldapMappings);
+ }
+
+ public void setLDAPIssuerNameFilter(LDAPIssuerNameFilter filter) throws LDAPException {
+ if (this.hasBeenConfigured()) {
+ throw new LDAPException("Not allowed to set filter after registration of mappings.");
+ }
+ this.ldapMappingStore = new LDAPMappingStore(filter);
+ }
+
+ public boolean isLDAPIssuerNameFilter() {
+ return this.ldapMappingStore.isLDAPIssuerNameFilter();
+ }
+
+ public static synchronized LDAPClientFactory getInstance(String idenfifier) {
+ LDAPClientFactory ldapClientFactoryInstance = ldapClientFactoryInstances.get(idenfifier);
+ if (ldapClientFactoryInstance == null) {
+ ldapClientFactoryInstance = new LDAPClientFactoryImpl();
+ ldapClientFactoryInstances.put(idenfifier, ldapClientFactoryInstance);
+ }
+ return ldapClientFactoryInstance;
+ }
+
+ public static synchronized LDAPClientFactory getInstance() {
+ return getInstance(DEFAULT_IDENTIFIER);
+ }
+
+ public abstract LDAPClient createClient(String issuerName) throws LDAPException;
+
+}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactoryImpl.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactoryImpl.java new file mode 100644 index 0000000..eb18802 --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactoryImpl.java @@ -0,0 +1,82 @@ +package at.knowcenter.wag.egov.egiz.ldap.client;
+
+import iaik.asn1.ObjectID;
+import iaik.asn1.structures.Name;
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
+
+import java.util.Hashtable;
+
+import org.apache.log4j.Logger;
+
+/**
+ * @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a>
+ */
+public final class LDAPClientFactoryImpl extends LDAPClientFactory {
+
+ private final Logger log = Logger.getLogger(getClass());
+
+ private Hashtable<String, LDAPClient> ldapClients;
+
+ protected LDAPClientFactoryImpl() {
+ this.ldapClients = new Hashtable<String, LDAPClient>();
+ }
+
+ public static String rfc2253Name2Domain(Name name) {
+ Object[] values = name.getRDNValues(ObjectID.domainComponent);
+ if (values == null) {
+ return null;
+ }
+ StringBuffer buffer = new StringBuffer();
+ for (int i = values.length - 1; i >= 0; i--) {
+ buffer.append(values[i]);
+ if (i > 0) {
+ buffer.append(".");
+ }
+ }
+ return buffer.toString();
+ }
+
+ public static String rfc2253Name2Domain(String nameString) throws RFC2253NameParserException {
+ RFC2253NameParser nameParser = new RFC2253NameParser(nameString);
+ return rfc2253Name2Domain(nameParser.parse());
+ }
+
+ private LDAPClient instantiateLDAPClient(String issuerName) throws LDAPException {
+ if (!super.hasBeenConfigured()) {
+ log.warn(super.getClass().getSimpleName() + " has not been configured yet.");
+ }
+ LDAPClient client = null;
+ LDAPMapping mapping = super.getMapping(issuerName);
+ if (mapping == null) {
+ try {
+ String alternativeURLString = rfc2253Name2Domain(issuerName);
+ if (alternativeURLString == null || alternativeURLString.length() == 0) {
+ throw new LDAPException("Neither issuer name \"" + issuerName + "\" has been registered nor domain components were provided.");
+ }
+ alternativeURLString = "ldap://" + alternativeURLString;
+ log.warn("Issuer name \"" + issuerName + "\" has not been registered; trying to instantiate client for url \"" + alternativeURLString + "\"...");
+ client = new LDAPClientImpl(alternativeURLString);
+ } catch (RFC2253NameParserException e) {
+ throw new LDAPException(e);
+ }
+ } else {
+ log.debug("Instantiating LDAP client for " + mapping + ".");
+ client = new LDAPClientImpl(mapping);
+ }
+ return client;
+ }
+
+ public synchronized LDAPClient createClient(String issuerName) throws LDAPException {
+ if (issuerName == null || issuerName.length() == 0) {
+ throw new NullPointerException("Issuer name must not be null or empty.");
+ }
+ LDAPClient ldapClient = ldapClients.get(issuerName);
+ if (ldapClient == null) {
+ ldapClient = instantiateLDAPClient(issuerName);
+ ldapClients.put(issuerName, ldapClient);
+ }
+ return ldapClient;
+ }
+
+}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java new file mode 100644 index 0000000..f27f549 --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java @@ -0,0 +1,167 @@ +package at.knowcenter.wag.egov.egiz.ldap.client;
+
+import iaik.x509.X509Certificate;
+import iaik.x509.net.ldap.LdapURLConnection;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.net.MalformedURLException;
+import java.net.URL;
+
+public final class LDAPClientImpl implements LDAPClient {
+
+ // constants
+ protected static final String DEFAULT_LDAP_ATTR_SERIAL_NUMBER = "eidCertificateSerialNumber";
+ private static final iaik.x509.net.ldap.Handler LDAP_HANDLER = new iaik.x509.net.ldap.Handler();
+
+ // fields
+ private URL url;
+ private String serialNumberAttrName;
+
+ // constructors
+ protected LDAPClientImpl() {
+ this.setSerialNumberAttrName(DEFAULT_LDAP_ATTR_SERIAL_NUMBER);
+ }
+
+ protected LDAPClientImpl(URL url) {
+ this();
+ this.setUrl(url);
+ }
+
+ protected LDAPClientImpl(String urlString) throws LDAPException {
+ this();
+ try {
+ this.setUrl(new URL(null, urlString, LDAP_HANDLER));
+ } catch (MalformedURLException e) {
+ throw new LDAPException(e);
+ }
+ }
+
+ protected LDAPClientImpl(LDAPMapping ldapMapping) {
+ this();
+ this.setUrl(ldapMapping.getLdapURL());
+ this.setSerialNumberAttrName(ldapMapping.getSerialNumberAttrName());
+ }
+
+
+ // getter/setter
+
+ /*
+ * @see at.iaik.commons.ldap.LDAPClient#getUrl()
+ */
+ public URL getUrl() {
+ return this.url;
+ }
+
+ /*
+ * @see at.iaik.commons.ldap.LDAPClient#setUrl(java.net.URL)
+ */
+ public void setUrl(URL ldapURL) {
+ if (ldapURL == null) {
+ throw new NullPointerException("LDAP url must not be null.");
+ }
+ this.url = ldapURL;
+ }
+
+ /*
+ * @see at.iaik.commons.ldap.LDAPClient#getSerialNumberAttrName()
+ */
+ public String getSerialNumberAttrName() {
+ return this.serialNumberAttrName;
+ }
+
+ /*
+ * @see at.iaik.commons.ldap.LDAPClient#setSerialNumberAttrName(java.lang.String)
+ */
+ public void setSerialNumberAttrName(String serialNumberAttrName) {
+ if (serialNumberAttrName != null && serialNumberAttrName.length() == 0) {
+ throw new IllegalArgumentException("Serial number attribute name must not be empty");
+ }
+ this.serialNumberAttrName = serialNumberAttrName != null ? serialNumberAttrName : DEFAULT_LDAP_ATTR_SERIAL_NUMBER;
+ }
+
+ // service methods
+
+ /*
+ * @see at.iaik.commons.ldap.LDAPClient#retrieveCertificates(java.lang.String)
+ */
+ public X509Certificate[] retrieveCertificates(String filter) throws LDAPException {
+ if (filter == null) {
+ throw new NullPointerException("Filter string must not be null.");
+ }
+ if (filter.length() == 0) {
+ throw new IllegalArgumentException("Filter string must not be empty.");
+ }
+
+ X509Certificate[] certs = new X509Certificate[] { };
+ LdapURLConnection ldapURLConnection = null;
+ try {
+ this.validateData();
+ ldapURLConnection = (LdapURLConnection) this.url.openConnection();
+
+ // search for end enity certificates
+ ldapURLConnection.setRequestProperty(
+ LdapURLConnection.RP_ATTRIBUTE_DESCRIPTION,
+ LdapURLConnection.AD_USER_CERTIFICATE
+ );
+
+ // search subtree
+ ldapURLConnection.setRequestProperty(
+ LdapURLConnection.RP_SEARCH_SCOPE,
+ LdapURLConnection.SEARCH_SCOPE_SUBTREE
+ );
+
+ //set filter
+ ldapURLConnection.setRequestProperty(
+ LdapURLConnection.RP_FILTER,
+ filter
+ );
+
+ // connect to the ldap server an read results
+ certs = (X509Certificate[]) ldapURLConnection.getContent();
+ } catch (IOException e) {
+ throw new LDAPException(e);
+ } finally {
+ if (ldapURLConnection != null) {
+ ldapURLConnection.disconnect();
+ }
+ }
+ return certs;
+ }
+
+ /*
+ * @see at.iaik.commons.ldap.LDAPClient#retrieveCertificate(java.math.BigInteger)
+ */
+ public X509Certificate retrieveCertificate(BigInteger serialNumber) throws LDAPException {
+ if (serialNumber == null) {
+ throw new NullPointerException("Serial number must not be null");
+ }
+ this.validateData();
+ X509Certificate[] certs = retrieveCertificates("(" + this.serialNumberAttrName + "=" + serialNumber + ")");
+ if (certs.length > 1) {
+ throw new LDAPException("There was more than one certificate with serial number " + serialNumber + ".");
+ } else if (certs.length == 0) {
+ return null;
+ }
+ return certs[0];
+ }
+
+ // misc
+ public void validateData() throws LDAPException {
+ if (this.url == null) {
+ throw new LDAPException("LDAP URL must not be null.");
+ }
+ if (this.serialNumberAttrName == null || this.serialNumberAttrName.length() == 0) {
+ throw new LDAPException("LDAP key for serial number is null or empty.");
+ }
+ }
+
+ @Override
+ public String toString() {
+ StringBuffer buffer = new StringBuffer();
+ buffer.append("ldapURL = ").append(this.url);
+ buffer.append(", serialNumberAttrName = ").append(this.serialNumberAttrName);
+ return buffer.toString();
+ }
+
+}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPException.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPException.java new file mode 100644 index 0000000..b29f6b3 --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPException.java @@ -0,0 +1,27 @@ +package at.knowcenter.wag.egov.egiz.ldap.client;
+
+
+/**
+ * @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a>
+ */
+public class LDAPException extends Exception {
+
+ private static final long serialVersionUID = 1L;
+
+ public LDAPException() {
+ super();
+ }
+
+ public LDAPException(Exception exception) {
+ super(exception);
+ }
+
+ public LDAPException(String message, Exception exception) {
+ super(message, exception);
+ }
+
+ public LDAPException(String message) {
+ super(message);
+ }
+
+}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMapping.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMapping.java new file mode 100644 index 0000000..9fb42b8 --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMapping.java @@ -0,0 +1,167 @@ +package at.knowcenter.wag.egov.egiz.ldap.client;
+
+import iaik.asn1.structures.Name;
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
+
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.Properties;
+
+import org.apache.log4j.Logger;
+
+/**
+ * @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a>
+ */
+public class LDAPMapping {
+
+ // constants
+ public static final String PROPERTIES_KEY_ISSUER_NAME = "issuer.name";
+ public static final String PROPERTIES_KEY_LDAP_URL = "ldap.url";
+ public static final String PROPERTIES_KEY_SERIAL_ATTR_NAME = "serialnumber.attrname";
+
+ private final Logger log = Logger.getLogger(getClass());
+ private static final iaik.x509.net.ldap.Handler LDAP_HANDLER;
+
+ // fields
+ private Name issuerName;
+ private URL ldapURL;
+ private String serialNumberAttrName;
+
+ private String cachedRFC2253String;
+
+ // static initialization
+ static {
+ LDAP_HANDLER = new iaik.x509.net.ldap.Handler();
+ }
+
+ // constructors
+ protected LDAPMapping() {
+ this.setSerialNumberAttrName(LDAPClientImpl.DEFAULT_LDAP_ATTR_SERIAL_NUMBER);
+ this.cachedRFC2253String = null;
+ }
+
+ public LDAPMapping(Name issuerName, URL ldapURL) {
+ this(issuerName, ldapURL, null);
+ }
+
+ public LDAPMapping(Name issuerName, URL ldapURL, String serialNumberAttrName) {
+ this();
+ this.setIssuerName(issuerName);
+ this.setLdapURL(ldapURL);
+ this.setSerialNumberAttrName(serialNumberAttrName);
+ }
+
+ public LDAPMapping(String issuerNameString, String ldapURLString) throws LDAPException {
+ this(issuerNameString, ldapURLString, null);
+ }
+
+ public LDAPMapping(String issuerNameString, String ldapURLString, String serialNumberAttrName) throws LDAPException {
+ this();
+ this.setIssuerName(issuerNameString);
+ this.setLdapURL(ldapURLString);
+ this.setSerialNumberAttrName(serialNumberAttrName);
+ }
+
+ public LDAPMapping(Properties properties) throws LDAPException {
+ this();
+ if (properties == null) {
+ throw new NullPointerException("Properties must not be null.");
+ }
+ String in = properties.getProperty(PROPERTIES_KEY_ISSUER_NAME);
+ String sn = properties.getProperty(PROPERTIES_KEY_LDAP_URL);
+ String snan = properties.getProperty(PROPERTIES_KEY_SERIAL_ATTR_NAME);
+ if (in == null || in.length() == 0) {
+ throw new LDAPException("Property \"" + PROPERTIES_KEY_ISSUER_NAME + "\" must not be null or empty.");
+ }
+ if (sn == null || sn.length() == 0) {
+ throw new LDAPException("Property \"" + PROPERTIES_KEY_LDAP_URL + "\" must not be null or empty.");
+ }
+ this.setIssuerName(in);
+ this.setLdapURL(sn);
+ this.setSerialNumberAttrName(snan);
+ }
+
+ // getter/setter
+ public Name getIssuerName() {
+ return this.issuerName;
+ }
+
+ public String getIssuerNameAsString() {
+ return this.issuerName.getName();
+ }
+
+ public void setIssuerName(Name issuerName) {
+ if (issuerName == null) {
+ throw new NullPointerException("Issuer name must not be null.");
+ }
+ this.issuerName = issuerName;
+ try {
+ this.cachedRFC2253String = this.issuerName.getRFC2253String();
+ } catch (RFC2253NameParserException e) {
+ log.warn(e);
+ }
+ }
+
+ public void setIssuerName(String issuerNameString) throws LDAPException {
+ RFC2253NameParser parser = new RFC2253NameParser(issuerNameString.trim());
+ try {
+ this.setIssuerName(parser.parse());
+ } catch (RFC2253NameParserException e) {
+ throw new LDAPException(e);
+ }
+ }
+
+ public URL getLdapURL() {
+ return this.ldapURL;
+ }
+
+ public void setLdapURL(URL ldapURL) {
+ if (ldapURL == null) {
+ throw new NullPointerException("LDAP url must not be null.");
+ }
+ this.ldapURL = ldapURL;
+ }
+
+ public void setLdapURL(String ldapURLString) throws LDAPException {
+ try {
+ this.setLdapURL(new URL(null, ldapURLString.trim(), LDAP_HANDLER));
+ } catch (MalformedURLException e) {
+ throw new LDAPException(e);
+ }
+ }
+
+ public String getSerialNumberAttrName() {
+ return this.serialNumberAttrName;
+ }
+
+ public void setSerialNumberAttrName(String serialNumberAttrName) {
+ if (serialNumberAttrName != null && serialNumberAttrName.length() == 0) {
+ throw new IllegalArgumentException("Serial number attribute name must not be empty");
+ }
+ this.serialNumberAttrName = serialNumberAttrName != null ? serialNumberAttrName.trim() : LDAPClientImpl.DEFAULT_LDAP_ATTR_SERIAL_NUMBER;
+ }
+
+ // misc
+ public void validateData() throws LDAPException {
+ if (this.issuerName == null) {
+ throw new LDAPException("Issuer name must not be null.");
+ }
+ if (this.ldapURL == null) {
+ throw new LDAPException("LDAP url must not be null.");
+ }
+ if (serialNumberAttrName == null || serialNumberAttrName.length() == 0) {
+ throw new LDAPException("Serial number attribute name must not be null or empty");
+ }
+ }
+
+ @Override
+ public String toString() {
+ StringBuffer buffer = new StringBuffer();
+ buffer.append("issuerName = ").append(this.issuerName != null ? this.issuerName.getName() : null);
+ buffer.append(", ldapURL = ").append(this.ldapURL);
+ buffer.append(", serialNumberAttrName = ").append(this.serialNumberAttrName);
+ return buffer.toString();
+ }
+
+}
|