From e452213b7bb66956522cf74fbd255f8970678525 Mon Sep 17 00:00:00 2001
From: tknall <tknall@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c>
Date: Thu, 4 Dec 2008 19:16:33 +0000
Subject: LDAP implementation enhanced.
git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@316 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c
---
.../wag/egov/egiz/ldap/api/LDAPAPIImpl.java | 25 ++++++-------
.../egov/egiz/ldap/client/LDAPClientFactory.java | 23 ++++--------
.../egiz/ldap/client/LDAPClientFactoryImpl.java | 39 ++++++++++++--------
.../wag/egov/egiz/ldap/client/LDAPClientImpl.java | 3 +-
.../egov/egiz/ldap/client/LDAPMappingStore.java | 33 +++++++----------
.../at/knowcenter/wag/egov/egiz/sig/LDAPAPI.java | 7 ----
src/main/resources/DefaultConfiguration.zip | Bin 180785 -> 181257 bytes
work/cfg/config.properties | 41 +++++++++++++++++++++
8 files changed, 100 insertions(+), 71 deletions(-)
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIImpl.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIImpl.java
index 1409ae8..4099297 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIImpl.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIImpl.java
@@ -91,24 +91,21 @@ public class LDAPAPIImpl implements LDAPAPI {
}
}
- public String getURL(String issuer) {
- this.initializeFactoryImpl();
- String url = null;
- try {
- LDAPClient client = this.ldapClientFactory.createClient(issuer);
- url = client.getUrl().toString();
- } catch (LDAPException e) {
- this.log.error(e.getMessage(), e);
- }
- return url;
- }
-
public byte[] loadBase64CertificateFromLDAP(String serialNumber, String issuer) {
this.initializeFactoryImpl();
byte[] base64CertData = null;
try {
- LDAPClient client = this.ldapClientFactory.createClient(issuer);
- X509Certificate x509certificate = client.retrieveCertificate(new BigInteger(serialNumber));
+ List clients = this.ldapClientFactory.createClients(issuer);
+ Iterator clientIt = clients.iterator();
+ X509Certificate x509certificate = null;
+ while (clientIt.hasNext() && x509certificate == null) {
+ LDAPClient client = (LDAPClient) clientIt.next();
+ try {
+ x509certificate = client.retrieveCertificate(new BigInteger(serialNumber));
+ } catch (LDAPException e) {
+ this.log.error(e.getMessage(), e);
+ }
+ }
if (x509certificate != null) {
base64CertData = Util.Base64Encode(x509certificate.toByteArray());
}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactory.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactory.java
index 7cd98c6..1aa7ff1 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactory.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactory.java
@@ -3,6 +3,7 @@ package at.knowcenter.wag.egov.egiz.ldap.client;
import iaik.asn1.structures.Name;
import java.util.Hashtable;
+import java.util.List;
import org.apache.log4j.Logger;
@@ -29,12 +30,12 @@ public abstract class LDAPClientFactory {
this.ldapMappingStore = new LDAPMappingStore();
}
- public LDAPMapping getMapping(String issuerName) throws LDAPException {
- return this.ldapMappingStore.getMapping(issuerName);
+ public List getMappings(String issuerName) throws LDAPException {
+ return this.ldapMappingStore.getMappings(issuerName);
}
- public LDAPMapping getMapping(Name name) {
- return this.ldapMappingStore.getMapping(name);
+ public List getMapping(Name name) {
+ return this.ldapMappingStore.getMappings(name);
}
public void resetMappings() {
@@ -45,16 +46,8 @@ public abstract class LDAPClientFactory {
return !this.ldapMappingStore.isEmpty();
}
-// public synchronized void registerMappings(Iterable<LDAPMapping> iterable) {
-// public synchronized void registerMappings(Iterable iterable) {
-// if (!iterable.iterator().hasNext()) {
-// log.warn("There were no ldap mappings provided.");
-// }
-// this.ldapMappingStore.storeMappings(iterable);
-// }
-
public synchronized void registerMapping(LDAPMapping ldapMapping) {
- this.ldapMappingStore.storeMapping(ldapMapping);
+ this.ldapMappingStore.addMapping(ldapMapping);
}
public void setLDAPIssuerNameFilter(LDAPIssuerNameFilter filter) throws LDAPException {
@@ -67,7 +60,7 @@ public abstract class LDAPClientFactory {
public boolean isLDAPIssuerNameFilter() {
return this.ldapMappingStore.isLDAPIssuerNameFilter();
}
-
+
public static synchronized LDAPClientFactory getInstance(String idenfifier) {
LDAPClientFactory ldapClientFactoryInstance = (LDAPClientFactory) ldapClientFactoryInstances.get(idenfifier);
if (ldapClientFactoryInstance == null) {
@@ -81,6 +74,6 @@ public abstract class LDAPClientFactory {
return getInstance(DEFAULT_IDENTIFIER);
}
- public abstract LDAPClient createClient(String issuerName) throws LDAPException;
+ public abstract List createClients(String issuerName) throws LDAPException;
}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactoryImpl.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactoryImpl.java
index 1390202..ec5548b 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactoryImpl.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactoryImpl.java
@@ -5,8 +5,13 @@ import iaik.asn1.structures.Name;
import iaik.utils.RFC2253NameParser;
import iaik.utils.RFC2253NameParserException;
+import java.util.ArrayList;
+import java.util.Collections;
import java.util.Hashtable;
+import java.util.Iterator;
+import java.util.List;
+import org.apache.commons.lang.ArrayUtils;
import org.apache.log4j.Logger;
/**
@@ -16,7 +21,6 @@ public final class LDAPClientFactoryImpl extends LDAPClientFactory {
private final Logger log = Logger.getLogger(getClass());
-// private Hashtable<String, LDAPClient> ldapClients;
private Hashtable ldapClients;
protected LDAPClientFactoryImpl() {
@@ -43,13 +47,13 @@ public final class LDAPClientFactoryImpl extends LDAPClientFactory {
return rfc2253Name2Domain(nameParser.parse());
}
- private LDAPClient instantiateLDAPClient(String issuerName) throws LDAPException {
+ private List instantiateLDAPClients(String issuerName) throws LDAPException {
if (!super.hasBeenConfigured()) {
log.warn(super.getClass().getName() + " has not been configured yet.");
}
- LDAPClient client = null;
- LDAPMapping mapping = super.getMapping(issuerName);
- if (mapping == null) {
+ List ldapClients = new ArrayList();
+ List mappings = super.getMappings(issuerName);
+ if (mappings == null || mappings.isEmpty()) {
try {
String alternativeURLString = rfc2253Name2Domain(issuerName);
if (alternativeURLString == null || alternativeURLString.length() == 0) {
@@ -57,30 +61,35 @@ public final class LDAPClientFactoryImpl extends LDAPClientFactory {
}
alternativeURLString = "ldap://" + alternativeURLString;
log.warn("Issuer name \"" + issuerName + "\" has not been registered; trying to instantiate client for url \"" + alternativeURLString + "\"...");
- client = new LDAPClientImpl(alternativeURLString);
+ LDAPClient client = new LDAPClientImpl(alternativeURLString);
+ ldapClients.add(client);
} catch (RFC2253NameParserException e) {
throw new LDAPException(e);
}
} else {
- log.debug("Instantiating LDAP client for " + mapping + ".");
- client = new LDAPClientImpl(mapping);
+ log.debug("Instantiating LDAP clients for " + ArrayUtils.toString(mappings.toArray()) + ".");
+ Iterator mappingIt = mappings.iterator();
+ while (mappingIt.hasNext()) {
+ LDAPMapping mapping = (LDAPMapping) mappingIt.next();
+ ldapClients.add(new LDAPClientImpl(mapping));
+ }
}
- return client;
+ return ldapClients;
}
- public synchronized LDAPClient createClient(String issuerName) throws LDAPException {
+ public synchronized List createClients(String issuerName) throws LDAPException {
if (issuerName == null) {
throw new NullPointerException("Issuer name must not be null.");
}
if (issuerName.length() == 0) {
throw new IllegalArgumentException("Issuer name must not be empty.");
}
- LDAPClient ldapClient = (LDAPClient) ldapClients.get(issuerName);
- if (ldapClient == null) {
- ldapClient = instantiateLDAPClient(issuerName);
- ldapClients.put(issuerName, ldapClient);
+ List ldapClientList = (List) ldapClients.get(issuerName);
+ if (ldapClientList == null) {
+ ldapClientList = instantiateLDAPClients(issuerName);
+ ldapClients.put(issuerName, ldapClientList);
}
- return ldapClient;
+ return Collections.unmodifiableList(ldapClientList);
}
}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java
index 2794c99..c5e2ad2 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java
@@ -139,8 +139,9 @@ public final class LDAPClientImpl implements LDAPClient {
);
// connect to the ldap server an read results
- log.debug("Connecting to \"" + this.url.toString() + "\"...");
+ log.debug("Connecting to \"" + this.url.toString() + "\".");
certs = (X509Certificate[]) ldapURLConnection.getContent();
+ log.debug("Result of LDAP query received (" + (certs != null ? certs.length : 0) + " result(s)).");
} catch (IOException e) {
this.timeStampForBlackList = System.currentTimeMillis();
log.warn("Unable to get certificate from \"" + this.getUrl().toString() + "\". LDAPClient is now blocking that URL for " + TIME_ON_BLACKLIST_IN_SECONDS + " seconds.");
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMappingStore.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMappingStore.java
index 4416649..b1074e7 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMappingStore.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMappingStore.java
@@ -4,8 +4,9 @@ import iaik.asn1.structures.Name;
import iaik.utils.RFC2253NameParser;
import iaik.utils.RFC2253NameParserException;
+import java.util.ArrayList;
import java.util.Hashtable;
-import java.util.Iterator;
+import java.util.List;
import org.apache.log4j.Logger;
@@ -40,34 +41,28 @@ public class LDAPMappingStore {
return this.issuerNameFilter != null;
}
- public void storeMapping(LDAPMapping mapping) {
+ public void addMapping(LDAPMapping mapping) {
Name name = mapping.getIssuerName();
if (issuerNameFilter != null) {
name = this.issuerNameFilter.applyFilter(name);
}
- if (this.storedMappings.containsKey(name)) {
- log.warn("Skipping mapping \"" + mapping + "\" because is has already been stored under \"" + name.getName() + "\".");
- } else {
- log.debug("Storing mapping \"" + mapping + "\" under \"" + name.getName() + "\".");
- this.storedMappings.put(name, mapping);
- }
+ List mappingList = (List) this.storedMappings.get(name);
+ if (mappingList == null) {
+ mappingList = new ArrayList();
+ this.storedMappings.put(name, mappingList);
+ }
+ log.debug("Adding mapping \"" + mapping + "\" for \"" + name.getName() + "\".");
+ mappingList.add(mapping);
}
-// public void storeMappings(Iterable iterable) {
-// Iterator it = iterable.iterator();
-// while (it.hasNext()) {
-// this.storeMapping((LDAPMapping) it.next());
-// }
-// }
-
- public LDAPMapping getMapping(Name name) {
+ public List getMappings(Name name) {
if (issuerNameFilter != null) {
name = this.issuerNameFilter.applyFilter(name);
}
- return (LDAPMapping) this.storedMappings.get(name);
+ return (List) this.storedMappings.get(name);
}
- public LDAPMapping getMapping(String nameString) throws LDAPException {
+ public List getMappings(String nameString) throws LDAPException {
RFC2253NameParser parser = new RFC2253NameParser(nameString);
Name name;
try {
@@ -78,7 +73,7 @@ public class LDAPMappingStore {
if (issuerNameFilter != null) {
name = this.issuerNameFilter.applyFilter(name);
}
- return getMapping(name);
+ return this.getMappings(name);
}
}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/LDAPAPI.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/LDAPAPI.java
index f61c7e6..6101632 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/LDAPAPI.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/LDAPAPI.java
@@ -10,13 +10,6 @@ public interface LDAPAPI {
public static final String SYS_PROP_IMPLEMENTATION = "pdfas.ldapapi.impl";
- /**
- * Returns the url of the ldap server.
- * @param issuer The issuer name.
- * @return The ldap url.
- */
- public String getURL(String issuer);
-
/**
* Retrieves an certificate from the ldap server identified by serial number and issuer name.
* @param serialNumber The serial number.
diff --git a/src/main/resources/DefaultConfiguration.zip b/src/main/resources/DefaultConfiguration.zip
index 278ef78..a8c4e6a 100644
Binary files a/src/main/resources/DefaultConfiguration.zip and b/src/main/resources/DefaultConfiguration.zip differ
diff --git a/work/cfg/config.properties b/work/cfg/config.properties
index 872f2c4..765a548 100644
--- a/work/cfg/config.properties
+++ b/work/cfg/config.properties
@@ -522,5 +522,46 @@ ldap_mapping.asign_corp_light03.issuer_name=CN=a-sign-corporate-light-03,OU=a-si
ldap_mapping.asign_corp_light03.url=ldap://ldap.a-trust.at/ou=a-sign-corporate-light-03,o=A-Trust,c=at
ldap_mapping.asign_corp_light03.serial_attr=eidCertificateSerialNumber
+ldap_mapping.acert_freecert.issuer_name=EMAIL=-,CN=FREECERT,O=ARGE DATEN - Oesterreichische Gesellschaft fuer Datenschutz,L=Wien,ST=-,C=AT
+ldap_mapping.acert_freecert.url=ldap://ldap.a-cert.at/ou=A-CERT FREECERT,o=A-CERT,c=AT
+ldap_mapping.acert_freecert.serial_attr=serialNumber
+
+ldap_mapping.acert_globaltrust_neu.issuer_name=EMAIL=info@a-cert.at,CN=A-CERT GLOBALTRUST,O=ARGE DATEN - Austrian Society for Data Protection and Privacy,L=Vienna,ST=-,C=AT
+ldap_mapping.acert_globaltrust_neu.url=ldap://ldap.a-cert.at/ou=A-CERT GLOBALTRUST NEU,o=A-CERT,c=AT
+ldap_mapping.acert_globaltrust_neu.serial_attr=serialNumber
+
+ldap_mapping.acert_government.issuer_name=EMAIL=a-cert@a-cert.at,CN=A-CERT GOVERNMENT,O=ARGE DATEN - �sterreichische Gesellschaft f�r Datenschutz,L=Wien,ST=Wien,C=AT
+ldap_mapping.acert_government.url=ldap://ldap.a-cert.at/ou=A-CERT GOVERNMENT,o=A-CERT,c=AT
+ldap_mapping.acert_government.serial_attr=serialNumber
+
+ldap_mapping.acert_advanced.issuer_name=EMAIL=info@a-cert.at,CN=A-CERT ADVANCED,OU=A-CERT Certification Service,O=ARGE DATEN - Austrian Society for Data Protection,L=Vienna,ST=Austria,C=AT
+ldap_mapping.acert_advanced.url=ldap://ldap.a-cert.at/ou=A-CERT ADVANCED,o=A-CERT,c=AT
+ldap_mapping.acert_advanced.serial_attr=serialNumber
+
+ldap_mapping.acert_globaltrust.issuer_name=EMAIL=a-cert@argedaten.at,O=Arge Daten Oesterreichische Gesellschaft fuer Datenschutz,L=Vienna,ST=Austria,C=AT
+ldap_mapping.acert_globaltrust.url=ldap://ldap.a-cert.at/ou=A-CERT GLOBALTRUST,o=A-CERT,c=AT
+ldap_mapping.acert_globaltrust.serial_attr=serialNumber
+
+ldap_mapping.acert_company.issuer_name=EMAIL=info@a-cert.at,CN=A-CERT ADVANCED,OU=A-CERT Certification Service,O=ARGE DATEN - Austrian Society for Data Protection,L=Vienna,ST=Austria,C=AT
+ldap_mapping.acert_company.url=ldap://ldap.a-cert.at/ou=A-CERT COMPANY,o=A-CERT,c=AT
+ldap_mapping.acert_company.serial_attr=serialNumber
+
+ldap_mapping.globaltrust.issuer_name=EMAIL=info@globaltrust.info,CN=GLOBALTRUST,OU=GLOBALTRUST Certification Service,O=ARGE DATEN - Austrian Society for Data Protection,ST=Austria,L=Vienna,C=AT
+ldap_mapping.globaltrust.url=ldap://ldap.a-cert.at/ou=GLOBALTRUST,o=A-CERT,c=AT
+ldap_mapping.globaltrust.serial_attr=serialNumber
+
+ldap_mapping.acert_client.issuer_name=EMAIL=a-cert@a-cert.at,CN=A-CERT CLIENT,O=ARGE DATEN - Oesterreichische Gesellschaft fuer Datenschutz,L=Wien,ST=Wien,C=AT
+ldap_mapping.acert_client.url=ldap://ldap.a-cert.at/ou=A-CERT CLIENT,o=A-CERT,c=AT
+ldap_mapping.acert_client.serial_attr=serialNumber
+
+ldap_mapping.globaltrust_demointern.issuer_name=EMAIL=a-cert@a-cert.at,CN=GLOBALTRUST DEMOINTERN,O=ARGE DATEN - �sterreichische Gesellschaft f�r Datenschutz,L=Wien,ST=Wien,C=AT
+ldap_mapping.globaltrust_demointern.url=ldap://ldap.a-cert.at/ou=GLOBALTRUST DEMOINTERN,o=A-CERT,c=AT
+ldap_mapping.globaltrust_demointern.serial_attr=serialNumber
+
+ldap_mapping.acert_government2.issuer_name=EMAIL=a-cert@a-cert.at,CN=A-CERT GOVERNMENT,O=ARGE DATEN - �sterreichische Gesellschaft f�r Datenschutz,L=Wien,ST=Wien,C=AT
+ldap_mapping.acert_government2.url=ldap://ldap.a-cert.at/ou=A-CERT GOVERNMENT 2,o=A-CERT,c=AT
+ldap_mapping.acert_government2.serial_attr=serialNumber
+
+
# end LDAP-Mappings
#############################################
--
cgit v1.2.3