From c9f44ea347a9d7a1c1372693bffcfa3901c48dc4 Mon Sep 17 00:00:00 2001 From: tknall Date: Wed, 13 Dec 2006 10:31:02 +0000 Subject: LDAP support added git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@17 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c --- .../wag/egov/egiz/ldap/client/LDAPClientImpl.java | 175 +++++++++++++++++++++ 1 file changed, 175 insertions(+) create mode 100644 src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java (limited to 'src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java') diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java new file mode 100644 index 0000000..3dae9ae --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java @@ -0,0 +1,175 @@ +package at.knowcenter.wag.egov.egiz.ldap.client; + +import iaik.x509.X509Certificate; +import iaik.x509.net.ldap.LdapURLConnection; + +import java.io.IOException; +import java.math.BigInteger; +import java.net.MalformedURLException; +import java.net.URL; + +public final class LDAPClientImpl implements LDAPClient { + + // constants + protected static final String DEFAULT_LDAP_ATTR_SERIAL_NUMBER = "eidCertificateSerialNumber"; + private static final iaik.x509.net.ldap.Handler LDAP_HANDLER = new iaik.x509.net.ldap.Handler(); + + // fields + private URL url; + private String serialNumberAttrName; + + // constructors + protected LDAPClientImpl() { + this.setSerialNumberAttrName(DEFAULT_LDAP_ATTR_SERIAL_NUMBER); + } + + protected LDAPClientImpl(URL url) { + this(); + this.setUrl(url); + } + + protected LDAPClientImpl(String urlString) throws LDAPException { + this(); + try { + this.setUrl(new URL(null, urlString, LDAP_HANDLER)); + } catch (MalformedURLException e) { + throw new LDAPException(e); + } + } + + protected LDAPClientImpl(LDAPMapping ldapMapping) { + this(); + this.setUrl(ldapMapping.getLdapURL()); + this.setSerialNumberAttrName(ldapMapping.getSerialNumberAttrName()); + } + + + // getter/setter + + /* + * @see at.iaik.commons.ldap.LDAPClient#getUrl() + */ + public URL getUrl() { + return this.url; + } + + /* + * @see at.iaik.commons.ldap.LDAPClient#setUrl(java.net.URL) + */ + public void setUrl(URL ldapURL) { + if (ldapURL == null) { + throw new NullPointerException("LDAP url must not be null."); + } + this.url = ldapURL; + } + + /* + * @see at.iaik.commons.ldap.LDAPClient#getSerialNumberAttrName() + */ + public String getSerialNumberAttrName() { + return this.serialNumberAttrName; + } + + /* + * @see at.iaik.commons.ldap.LDAPClient#setSerialNumberAttrName(java.lang.String) + */ + public void setSerialNumberAttrName(String serialNumberAttrName) { + if (serialNumberAttrName != null && serialNumberAttrName.length() == 0) { + throw new IllegalArgumentException("Serial number attribute name must not be empty"); + } + this.serialNumberAttrName = serialNumberAttrName != null ? serialNumberAttrName : DEFAULT_LDAP_ATTR_SERIAL_NUMBER; + } + + // service methods + + /* + * @see at.iaik.commons.ldap.LDAPClient#retrieveCertificates(java.lang.String) + */ + public X509Certificate[] retrieveCertificates(String filter) throws LDAPException { + if (filter == null) { + throw new NullPointerException("Filter string must not be null."); + } + if (filter.length() == 0) { + throw new IllegalArgumentException("Filter string must not be empty."); + } + + X509Certificate[] certs = new X509Certificate[] { }; + LdapURLConnection ldapURLConnection = null; + try { + this.validateData(); + ldapURLConnection = (LdapURLConnection) this.url.openConnection(); + + // search for end enity certificates + ldapURLConnection.setRequestProperty( + LdapURLConnection.RP_ATTRIBUTE_DESCRIPTION, + LdapURLConnection.AD_USER_CERTIFICATE + ); + + // search subtree + ldapURLConnection.setRequestProperty( + LdapURLConnection.RP_SEARCH_SCOPE, + LdapURLConnection.SEARCH_SCOPE_SUBTREE + ); + + //set filter + ldapURLConnection.setRequestProperty( + LdapURLConnection.RP_FILTER, + filter + ); + + // connect to the ldap server an read results + certs = (X509Certificate[]) ldapURLConnection.getContent(); + } catch (IOException e) { + throw new LDAPException(e); + } finally { + if (ldapURLConnection != null) { + ldapURLConnection.disconnect(); + } + } + return certs; + } + + /* + * @see at.iaik.commons.ldap.LDAPClient#retrieveCertificate(java.math.BigInteger) + */ + public X509Certificate retrieveCertificate(BigInteger serialNumber) throws LDAPException { + if (serialNumber == null) { + throw new NullPointerException("Serial number must not be null"); + } + this.validateData(); + X509Certificate[] certs = retrieveCertificates("(" + this.serialNumberAttrName + "=" + serialNumber + ")"); + if (certs.length > 1) { + throw new LDAPException("There was more than one certificate with serial number " + serialNumber + "."); + } else if (certs.length == 0) { + return null; + } + return certs[0]; + } + + // misc + public void validateData() throws LDAPException { + if (this.url == null) { + throw new LDAPException("LDAP URL must not be null."); + } + if (this.serialNumberAttrName == null || this.serialNumberAttrName.length() == 0) { + throw new LDAPException("LDAP key for serial number is null or empty."); + } + } + + @Override + public String toString() { + StringBuffer buffer = new StringBuffer(); + buffer.append("ldapURL = ").append(this.url); + buffer.append(", serialNumberAttrName = ").append(this.serialNumberAttrName); + boolean dataValid; + try { + this.validateData(); + dataValid = true; + } catch (LDAPException e) { + dataValid = false; + } + buffer.append("; data seems to be ").append(dataValid ? "valid" : "invalid"); + return buffer.toString(); + } + +} -- cgit v1.2.3