From e452213b7bb66956522cf74fbd255f8970678525 Mon Sep 17 00:00:00 2001 From: tknall Date: Thu, 4 Dec 2008 19:16:33 +0000 Subject: LDAP implementation enhanced. git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@316 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c --- .../wag/egov/egiz/ldap/api/LDAPAPIImpl.java | 25 ++++++------- .../egov/egiz/ldap/client/LDAPClientFactory.java | 23 ++++-------- .../egiz/ldap/client/LDAPClientFactoryImpl.java | 39 ++++++++++++-------- .../wag/egov/egiz/ldap/client/LDAPClientImpl.java | 3 +- .../egov/egiz/ldap/client/LDAPMappingStore.java | 33 +++++++---------- .../at/knowcenter/wag/egov/egiz/sig/LDAPAPI.java | 7 ---- src/main/resources/DefaultConfiguration.zip | Bin 180785 -> 181257 bytes work/cfg/config.properties | 41 +++++++++++++++++++++ 8 files changed, 100 insertions(+), 71 deletions(-) diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIImpl.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIImpl.java index 1409ae8..4099297 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIImpl.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIImpl.java @@ -91,24 +91,21 @@ public class LDAPAPIImpl implements LDAPAPI { } } - public String getURL(String issuer) { - this.initializeFactoryImpl(); - String url = null; - try { - LDAPClient client = this.ldapClientFactory.createClient(issuer); - url = client.getUrl().toString(); - } catch (LDAPException e) { - this.log.error(e.getMessage(), e); - } - return url; - } - public byte[] loadBase64CertificateFromLDAP(String serialNumber, String issuer) { this.initializeFactoryImpl(); byte[] base64CertData = null; try { - LDAPClient client = this.ldapClientFactory.createClient(issuer); - X509Certificate x509certificate = client.retrieveCertificate(new BigInteger(serialNumber)); + List clients = this.ldapClientFactory.createClients(issuer); + Iterator clientIt = clients.iterator(); + X509Certificate x509certificate = null; + while (clientIt.hasNext() && x509certificate == null) { + LDAPClient client = (LDAPClient) clientIt.next(); + try { + x509certificate = client.retrieveCertificate(new BigInteger(serialNumber)); + } catch (LDAPException e) { + this.log.error(e.getMessage(), e); + } + } if (x509certificate != null) { base64CertData = Util.Base64Encode(x509certificate.toByteArray()); } diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactory.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactory.java index 7cd98c6..1aa7ff1 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactory.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactory.java @@ -3,6 +3,7 @@ package at.knowcenter.wag.egov.egiz.ldap.client; import iaik.asn1.structures.Name; import java.util.Hashtable; +import java.util.List; import org.apache.log4j.Logger; @@ -29,12 +30,12 @@ public abstract class LDAPClientFactory { this.ldapMappingStore = new LDAPMappingStore(); } - public LDAPMapping getMapping(String issuerName) throws LDAPException { - return this.ldapMappingStore.getMapping(issuerName); + public List getMappings(String issuerName) throws LDAPException { + return this.ldapMappingStore.getMappings(issuerName); } - public LDAPMapping getMapping(Name name) { - return this.ldapMappingStore.getMapping(name); + public List getMapping(Name name) { + return this.ldapMappingStore.getMappings(name); } public void resetMappings() { @@ -45,16 +46,8 @@ public abstract class LDAPClientFactory { return !this.ldapMappingStore.isEmpty(); } -// public synchronized void registerMappings(Iterable iterable) { -// public synchronized void registerMappings(Iterable iterable) { -// if (!iterable.iterator().hasNext()) { -// log.warn("There were no ldap mappings provided."); -// } -// this.ldapMappingStore.storeMappings(iterable); -// } - public synchronized void registerMapping(LDAPMapping ldapMapping) { - this.ldapMappingStore.storeMapping(ldapMapping); + this.ldapMappingStore.addMapping(ldapMapping); } public void setLDAPIssuerNameFilter(LDAPIssuerNameFilter filter) throws LDAPException { @@ -67,7 +60,7 @@ public abstract class LDAPClientFactory { public boolean isLDAPIssuerNameFilter() { return this.ldapMappingStore.isLDAPIssuerNameFilter(); } - + public static synchronized LDAPClientFactory getInstance(String idenfifier) { LDAPClientFactory ldapClientFactoryInstance = (LDAPClientFactory) ldapClientFactoryInstances.get(idenfifier); if (ldapClientFactoryInstance == null) { @@ -81,6 +74,6 @@ public abstract class LDAPClientFactory { return getInstance(DEFAULT_IDENTIFIER); } - public abstract LDAPClient createClient(String issuerName) throws LDAPException; + public abstract List createClients(String issuerName) throws LDAPException; } diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactoryImpl.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactoryImpl.java index 1390202..ec5548b 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactoryImpl.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactoryImpl.java @@ -5,8 +5,13 @@ import iaik.asn1.structures.Name; import iaik.utils.RFC2253NameParser; import iaik.utils.RFC2253NameParserException; +import java.util.ArrayList; +import java.util.Collections; import java.util.Hashtable; +import java.util.Iterator; +import java.util.List; +import org.apache.commons.lang.ArrayUtils; import org.apache.log4j.Logger; /** @@ -16,7 +21,6 @@ public final class LDAPClientFactoryImpl extends LDAPClientFactory { private final Logger log = Logger.getLogger(getClass()); -// private Hashtable ldapClients; private Hashtable ldapClients; protected LDAPClientFactoryImpl() { @@ -43,13 +47,13 @@ public final class LDAPClientFactoryImpl extends LDAPClientFactory { return rfc2253Name2Domain(nameParser.parse()); } - private LDAPClient instantiateLDAPClient(String issuerName) throws LDAPException { + private List instantiateLDAPClients(String issuerName) throws LDAPException { if (!super.hasBeenConfigured()) { log.warn(super.getClass().getName() + " has not been configured yet."); } - LDAPClient client = null; - LDAPMapping mapping = super.getMapping(issuerName); - if (mapping == null) { + List ldapClients = new ArrayList(); + List mappings = super.getMappings(issuerName); + if (mappings == null || mappings.isEmpty()) { try { String alternativeURLString = rfc2253Name2Domain(issuerName); if (alternativeURLString == null || alternativeURLString.length() == 0) { @@ -57,30 +61,35 @@ public final class LDAPClientFactoryImpl extends LDAPClientFactory { } alternativeURLString = "ldap://" + alternativeURLString; log.warn("Issuer name \"" + issuerName + "\" has not been registered; trying to instantiate client for url \"" + alternativeURLString + "\"..."); - client = new LDAPClientImpl(alternativeURLString); + LDAPClient client = new LDAPClientImpl(alternativeURLString); + ldapClients.add(client); } catch (RFC2253NameParserException e) { throw new LDAPException(e); } } else { - log.debug("Instantiating LDAP client for " + mapping + "."); - client = new LDAPClientImpl(mapping); + log.debug("Instantiating LDAP clients for " + ArrayUtils.toString(mappings.toArray()) + "."); + Iterator mappingIt = mappings.iterator(); + while (mappingIt.hasNext()) { + LDAPMapping mapping = (LDAPMapping) mappingIt.next(); + ldapClients.add(new LDAPClientImpl(mapping)); + } } - return client; + return ldapClients; } - public synchronized LDAPClient createClient(String issuerName) throws LDAPException { + public synchronized List createClients(String issuerName) throws LDAPException { if (issuerName == null) { throw new NullPointerException("Issuer name must not be null."); } if (issuerName.length() == 0) { throw new IllegalArgumentException("Issuer name must not be empty."); } - LDAPClient ldapClient = (LDAPClient) ldapClients.get(issuerName); - if (ldapClient == null) { - ldapClient = instantiateLDAPClient(issuerName); - ldapClients.put(issuerName, ldapClient); + List ldapClientList = (List) ldapClients.get(issuerName); + if (ldapClientList == null) { + ldapClientList = instantiateLDAPClients(issuerName); + ldapClients.put(issuerName, ldapClientList); } - return ldapClient; + return Collections.unmodifiableList(ldapClientList); } } diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java index 2794c99..c5e2ad2 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java @@ -139,8 +139,9 @@ public final class LDAPClientImpl implements LDAPClient { ); // connect to the ldap server an read results - log.debug("Connecting to \"" + this.url.toString() + "\"..."); + log.debug("Connecting to \"" + this.url.toString() + "\"."); certs = (X509Certificate[]) ldapURLConnection.getContent(); + log.debug("Result of LDAP query received (" + (certs != null ? certs.length : 0) + " result(s))."); } catch (IOException e) { this.timeStampForBlackList = System.currentTimeMillis(); log.warn("Unable to get certificate from \"" + this.getUrl().toString() + "\". LDAPClient is now blocking that URL for " + TIME_ON_BLACKLIST_IN_SECONDS + " seconds."); diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMappingStore.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMappingStore.java index 4416649..b1074e7 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMappingStore.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMappingStore.java @@ -4,8 +4,9 @@ import iaik.asn1.structures.Name; import iaik.utils.RFC2253NameParser; import iaik.utils.RFC2253NameParserException; +import java.util.ArrayList; import java.util.Hashtable; -import java.util.Iterator; +import java.util.List; import org.apache.log4j.Logger; @@ -40,34 +41,28 @@ public class LDAPMappingStore { return this.issuerNameFilter != null; } - public void storeMapping(LDAPMapping mapping) { + public void addMapping(LDAPMapping mapping) { Name name = mapping.getIssuerName(); if (issuerNameFilter != null) { name = this.issuerNameFilter.applyFilter(name); } - if (this.storedMappings.containsKey(name)) { - log.warn("Skipping mapping \"" + mapping + "\" because is has already been stored under \"" + name.getName() + "\"."); - } else { - log.debug("Storing mapping \"" + mapping + "\" under \"" + name.getName() + "\"."); - this.storedMappings.put(name, mapping); - } + List mappingList = (List) this.storedMappings.get(name); + if (mappingList == null) { + mappingList = new ArrayList(); + this.storedMappings.put(name, mappingList); + } + log.debug("Adding mapping \"" + mapping + "\" for \"" + name.getName() + "\"."); + mappingList.add(mapping); } -// public void storeMappings(Iterable iterable) { -// Iterator it = iterable.iterator(); -// while (it.hasNext()) { -// this.storeMapping((LDAPMapping) it.next()); -// } -// } - - public LDAPMapping getMapping(Name name) { + public List getMappings(Name name) { if (issuerNameFilter != null) { name = this.issuerNameFilter.applyFilter(name); } - return (LDAPMapping) this.storedMappings.get(name); + return (List) this.storedMappings.get(name); } - public LDAPMapping getMapping(String nameString) throws LDAPException { + public List getMappings(String nameString) throws LDAPException { RFC2253NameParser parser = new RFC2253NameParser(nameString); Name name; try { @@ -78,7 +73,7 @@ public class LDAPMappingStore { if (issuerNameFilter != null) { name = this.issuerNameFilter.applyFilter(name); } - return getMapping(name); + return this.getMappings(name); } } diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/LDAPAPI.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/LDAPAPI.java index f61c7e6..6101632 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/LDAPAPI.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/LDAPAPI.java @@ -10,13 +10,6 @@ public interface LDAPAPI { public static final String SYS_PROP_IMPLEMENTATION = "pdfas.ldapapi.impl"; - /** - * Returns the url of the ldap server. - * @param issuer The issuer name. - * @return The ldap url. - */ - public String getURL(String issuer); - /** * Retrieves an certificate from the ldap server identified by serial number and issuer name. * @param serialNumber The serial number. diff --git a/src/main/resources/DefaultConfiguration.zip b/src/main/resources/DefaultConfiguration.zip index 278ef78..a8c4e6a 100644 Binary files a/src/main/resources/DefaultConfiguration.zip and b/src/main/resources/DefaultConfiguration.zip differ diff --git a/work/cfg/config.properties b/work/cfg/config.properties index 872f2c4..765a548 100644 --- a/work/cfg/config.properties +++ b/work/cfg/config.properties @@ -522,5 +522,46 @@ ldap_mapping.asign_corp_light03.issuer_name=CN=a-sign-corporate-light-03,OU=a-si ldap_mapping.asign_corp_light03.url=ldap://ldap.a-trust.at/ou=a-sign-corporate-light-03,o=A-Trust,c=at ldap_mapping.asign_corp_light03.serial_attr=eidCertificateSerialNumber +ldap_mapping.acert_freecert.issuer_name=EMAIL=-,CN=FREECERT,O=ARGE DATEN - Oesterreichische Gesellschaft fuer Datenschutz,L=Wien,ST=-,C=AT +ldap_mapping.acert_freecert.url=ldap://ldap.a-cert.at/ou=A-CERT FREECERT,o=A-CERT,c=AT +ldap_mapping.acert_freecert.serial_attr=serialNumber + +ldap_mapping.acert_globaltrust_neu.issuer_name=EMAIL=info@a-cert.at,CN=A-CERT GLOBALTRUST,O=ARGE DATEN - Austrian Society for Data Protection and Privacy,L=Vienna,ST=-,C=AT +ldap_mapping.acert_globaltrust_neu.url=ldap://ldap.a-cert.at/ou=A-CERT GLOBALTRUST NEU,o=A-CERT,c=AT +ldap_mapping.acert_globaltrust_neu.serial_attr=serialNumber + +ldap_mapping.acert_government.issuer_name=EMAIL=a-cert@a-cert.at,CN=A-CERT GOVERNMENT,O=ARGE DATEN - Österreichische Gesellschaft für Datenschutz,L=Wien,ST=Wien,C=AT +ldap_mapping.acert_government.url=ldap://ldap.a-cert.at/ou=A-CERT GOVERNMENT,o=A-CERT,c=AT +ldap_mapping.acert_government.serial_attr=serialNumber + +ldap_mapping.acert_advanced.issuer_name=EMAIL=info@a-cert.at,CN=A-CERT ADVANCED,OU=A-CERT Certification Service,O=ARGE DATEN - Austrian Society for Data Protection,L=Vienna,ST=Austria,C=AT +ldap_mapping.acert_advanced.url=ldap://ldap.a-cert.at/ou=A-CERT ADVANCED,o=A-CERT,c=AT +ldap_mapping.acert_advanced.serial_attr=serialNumber + +ldap_mapping.acert_globaltrust.issuer_name=EMAIL=a-cert@argedaten.at,O=Arge Daten Oesterreichische Gesellschaft fuer Datenschutz,L=Vienna,ST=Austria,C=AT +ldap_mapping.acert_globaltrust.url=ldap://ldap.a-cert.at/ou=A-CERT GLOBALTRUST,o=A-CERT,c=AT +ldap_mapping.acert_globaltrust.serial_attr=serialNumber + +ldap_mapping.acert_company.issuer_name=EMAIL=info@a-cert.at,CN=A-CERT ADVANCED,OU=A-CERT Certification Service,O=ARGE DATEN - Austrian Society for Data Protection,L=Vienna,ST=Austria,C=AT +ldap_mapping.acert_company.url=ldap://ldap.a-cert.at/ou=A-CERT COMPANY,o=A-CERT,c=AT +ldap_mapping.acert_company.serial_attr=serialNumber + +ldap_mapping.globaltrust.issuer_name=EMAIL=info@globaltrust.info,CN=GLOBALTRUST,OU=GLOBALTRUST Certification Service,O=ARGE DATEN - Austrian Society for Data Protection,ST=Austria,L=Vienna,C=AT +ldap_mapping.globaltrust.url=ldap://ldap.a-cert.at/ou=GLOBALTRUST,o=A-CERT,c=AT +ldap_mapping.globaltrust.serial_attr=serialNumber + +ldap_mapping.acert_client.issuer_name=EMAIL=a-cert@a-cert.at,CN=A-CERT CLIENT,O=ARGE DATEN - Oesterreichische Gesellschaft fuer Datenschutz,L=Wien,ST=Wien,C=AT +ldap_mapping.acert_client.url=ldap://ldap.a-cert.at/ou=A-CERT CLIENT,o=A-CERT,c=AT +ldap_mapping.acert_client.serial_attr=serialNumber + +ldap_mapping.globaltrust_demointern.issuer_name=EMAIL=a-cert@a-cert.at,CN=GLOBALTRUST DEMOINTERN,O=ARGE DATEN - Österreichische Gesellschaft für Datenschutz,L=Wien,ST=Wien,C=AT +ldap_mapping.globaltrust_demointern.url=ldap://ldap.a-cert.at/ou=GLOBALTRUST DEMOINTERN,o=A-CERT,c=AT +ldap_mapping.globaltrust_demointern.serial_attr=serialNumber + +ldap_mapping.acert_government2.issuer_name=EMAIL=a-cert@a-cert.at,CN=A-CERT GOVERNMENT,O=ARGE DATEN - Österreichische Gesellschaft für Datenschutz,L=Wien,ST=Wien,C=AT +ldap_mapping.acert_government2.url=ldap://ldap.a-cert.at/ou=A-CERT GOVERNMENT 2,o=A-CERT,c=AT +ldap_mapping.acert_government2.serial_attr=serialNumber + + # end LDAP-Mappings ############################################# -- cgit v1.2.3