From c9f44ea347a9d7a1c1372693bffcfa3901c48dc4 Mon Sep 17 00:00:00 2001 From: tknall Date: Wed, 13 Dec 2006 10:31:02 +0000 Subject: LDAP support added git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@17 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c --- .../wag/egov/egiz/ldap/api/LDAPAPIException.java | 55 +++++++ .../wag/egov/egiz/ldap/api/LDAPAPIFactory.java | 30 ++++ .../wag/egov/egiz/ldap/api/LDAPAPIFactoryImpl.java | 62 ++++++++ .../wag/egov/egiz/ldap/api/LDAPAPIImpl.java | 106 +++++++++++++ .../wag/egov/egiz/ldap/client/LDAPClient.java | 65 ++++++++ .../egov/egiz/ldap/client/LDAPClientFactory.java | 119 ++++++++++++++ .../egiz/ldap/client/LDAPClientFactoryImpl.java | 85 ++++++++++ .../wag/egov/egiz/ldap/client/LDAPClientImpl.java | 175 +++++++++++++++++++++ .../wag/egov/egiz/ldap/client/LDAPException.java | 26 +++ .../wag/egov/egiz/ldap/client/LDAPMapping.java | 155 ++++++++++++++++++ 10 files changed, 878 insertions(+) create mode 100644 src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIException.java create mode 100644 src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactory.java create mode 100644 src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactoryImpl.java create mode 100644 src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIImpl.java create mode 100644 src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClient.java create mode 100644 src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactory.java create mode 100644 src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactoryImpl.java create mode 100644 src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java create mode 100644 src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPException.java create mode 100644 src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMapping.java (limited to 'src/main/java/at/knowcenter/wag') diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIException.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIException.java new file mode 100644 index 0000000..4f2e363 --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIException.java @@ -0,0 +1,55 @@ +package at.knowcenter.wag.egov.egiz.ldap.api; + +/** + * @author Thomas Knall + */ +public class LDAPAPIException extends Exception { + + private static final long serialVersionUID = 1L; + + private Exception exception; + + public Exception getException() { + return this.exception; + } + + public String getMessage() { + String message = super.getMessage(); + if (message == null && exception != null) { + return exception.getMessage(); + } else { + return message; + } + } + + public LDAPAPIException(String message, Exception exception) { + super(message); + this.exception = exception; + } + + public LDAPAPIException(String message) { + super(message); + this.exception = null; + } + + public LDAPAPIException(Exception exception) { + super(); + this.exception = exception; + } + + public LDAPAPIException() { + super(); + this.exception = null; + + } + + @Override + public String toString() { + if (exception != null) { + return exception.toString(); + } else { + return super.toString(); + } + } + +} diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactory.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactory.java new file mode 100644 index 0000000..ba58908 --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactory.java @@ -0,0 +1,30 @@ +package at.knowcenter.wag.egov.egiz.ldap.api; + +import iaik.security.ecc.provider.ECCProvider; +import at.knowcenter.wag.egov.egiz.sig.LDAPAPI; + +/** + * @author Thomas Knall + */ +public abstract class LDAPAPIFactory { + + private static LDAPAPIFactory ldapAPIfactoryInstance; + + protected LDAPAPIFactory() { + ECCProvider.addAsProvider(); + } + + public static synchronized LDAPAPIFactory getInstance() { + if (ldapAPIfactoryInstance == null) { + ldapAPIfactoryInstance = new LDAPAPIFactoryImpl(); + } + return ldapAPIfactoryInstance; + } + + public synchronized LDAPAPI createLDAPAPI() throws LDAPAPIException { + return createLDAPAPI(null); + } + + public abstract LDAPAPI createLDAPAPI(String implClassURI) throws LDAPAPIException; + +} diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactoryImpl.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactoryImpl.java new file mode 100644 index 0000000..340b54a --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactoryImpl.java @@ -0,0 +1,62 @@ +package at.knowcenter.wag.egov.egiz.ldap.api; + +import java.util.Hashtable; + +import org.apache.log4j.Logger; + +import at.knowcenter.wag.egov.egiz.sig.LDAPAPI; + +/** + * @author Thomas Knall + */ +public class LDAPAPIFactoryImpl extends LDAPAPIFactory { + + private static final Logger log = Logger.getLogger(LDAPAPIFactoryImpl.class); + + private Hashtable ldapImpls; + + protected LDAPAPIFactoryImpl() { + ldapImpls = new Hashtable(); + } + + private static LDAPAPI instantiatelAPIImpl(String implClassURI) throws LDAPAPIException { + if (implClassURI == null) { + throw new NullPointerException("URI of implementing class must not be null."); + } + if (implClassURI.length() == 0) { + throw new IllegalArgumentException("URI of implementing class must not be empty."); + } + log.info("Trying to instantiate \"" + LDAPAPI.class.getName() + "\" implementation \"" + implClassURI + "\"..."); + LDAPAPI ldapAPIImpl = null; + try { + Class clazz = Class.forName(implClassURI); + Object ldapAPIImplObj = clazz.newInstance(); + if (!(ldapAPIImplObj instanceof LDAPAPI)) { + throw new LDAPAPIException("Declared class does not implement \"" + LDAPAPI.class.getName() + "\"."); + } + ldapAPIImpl = (LDAPAPI) ldapAPIImplObj; + log.info("LDAPAPI implementation successfully instantiated."); + } catch (InstantiationException e) { + throw new LDAPAPIException("Declared implementation of \"" + LDAPAPI.class.getName() + "\" cannot be instantiated."); + } catch (IllegalAccessException e) { + throw new LDAPAPIException("Declared implementation of \"" + LDAPAPI.class.getName() + "\" cannot be instantiated (illegal access)."); + } catch (ClassNotFoundException e) { + throw new LDAPAPIException("Unable to find class \"" + implClassURI + "\" as implementation of \"" + LDAPAPI.class.getName() + "\"."); + } + return ldapAPIImpl; + } + + public synchronized LDAPAPI createLDAPAPI(String implClassURI) throws LDAPAPIException { + if (implClassURI == null || implClassURI.length() == 0) { + // use internal implementation + implClassURI = LDAPAPIImpl.class.getName(); + } + LDAPAPI impl = ldapImpls.get(implClassURI); + if (impl == null) { + impl = instantiatelAPIImpl(implClassURI); + ldapImpls.put(implClassURI, impl); + } + return impl; + } + +} diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIImpl.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIImpl.java new file mode 100644 index 0000000..96409f6 --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIImpl.java @@ -0,0 +1,106 @@ +package at.knowcenter.wag.egov.egiz.ldap.api; + +import iaik.utils.Util; +import iaik.x509.X509Certificate; + +import java.math.BigInteger; +import java.util.Iterator; +import java.util.List; + +import org.apache.log4j.Logger; + +import at.knowcenter.wag.egov.egiz.cfg.SettingsReader; +import at.knowcenter.wag.egov.egiz.exceptions.NormalizeException; +import at.knowcenter.wag.egov.egiz.exceptions.SettingNotFoundException; +import at.knowcenter.wag.egov.egiz.exceptions.SettingsException; +import at.knowcenter.wag.egov.egiz.ldap.client.LDAPClient; +import at.knowcenter.wag.egov.egiz.ldap.client.LDAPClientFactory; +import at.knowcenter.wag.egov.egiz.ldap.client.LDAPException; +import at.knowcenter.wag.egov.egiz.ldap.client.LDAPMapping; +import at.knowcenter.wag.egov.egiz.sig.LDAPAPI; +import at.knowcenter.wag.egov.egiz.sig.SignatureObject; +import at.knowcenter.wag.egov.egiz.tools.Normalizer; + +/** + * @author Thomas Knall + */ +public class LDAPAPIImpl implements LDAPAPI { + + private final Logger log = Logger.getLogger(getClass()); + + /** + * Prefix for specific entry in config properties file. + */ + private static final String PROP_LDAP_PREFIX = "ldap_mapping"; + private static final String PROP_ISSUER_NAME_POSTFIX = "issuer_name"; + private static final String PROP_LDAP_URL_POSTFIX = "url"; + private static final String PROP_SERIAL_ATTR_POSTFIX = "serial_attr"; + + private static final String LDAP_FACTORY_IDENTIFIER = "PDF-AS LDAP Support"; + private LDAPClientFactory ldapClientFactory; + + protected LDAPAPIImpl() { + try { + SettingsReader settings = SettingsReader.getInstance(); + + ldapClientFactory = LDAPClientFactory.getInstance(LDAP_FACTORY_IDENTIFIER); + // configure normalization of issuer according to method + // normalizeIssuer(String) of at.knowcenter.wag.egov.egiz.sig.SignatureObject + ldapClientFactory.setWhiteSpaceRemoval(true); + ldapClientFactory.setNormalizer(new Normalizer().getInstance()); + + List mappingKeys = settings.getKeys(PROP_LDAP_PREFIX); + if (mappingKeys != null) { + Iterator it = mappingKeys.iterator(); + while (it.hasNext()) { + String keyPrefix = PROP_LDAP_PREFIX + "." + (String) it.next() + "."; + String issuerName = settings.getSetting(keyPrefix + PROP_ISSUER_NAME_POSTFIX); + String ldapURL = settings.getSetting(keyPrefix + PROP_LDAP_URL_POSTFIX); + String serialAttr = settings.getSetting(keyPrefix + PROP_SERIAL_ATTR_POSTFIX, null); + + LDAPMapping ldapMapping = new LDAPMapping(issuerName, ldapURL, serialAttr); + ldapClientFactory.registerMapping(ldapMapping); + } + } else { + StringBuffer buffer = new StringBuffer(); + buffer.append(PROP_LDAP_PREFIX).append(".foo.").append(PROP_ISSUER_NAME_POSTFIX).append(", "); + buffer.append(PROP_LDAP_PREFIX).append(".foo.").append(PROP_LDAP_URL_POSTFIX).append(", "); + buffer.append(PROP_LDAP_PREFIX).append(".foo.").append(PROP_SERIAL_ATTR_POSTFIX); + log.warn("There are no LDAP mappings (" + buffer.toString() + ") declared within config file."); + } + + } catch (SettingsException e) { + log.error(e); + } catch (SettingNotFoundException e) { + log.error(e); + } catch (LDAPException e) { + log.error(e); + } catch (NormalizeException e) { + log.error(e); + }; + } + + public String getURL(String issuer) { + String url = null; + try { + LDAPClient client = ldapClientFactory.createClient(issuer); + url = client.getUrl().toString(); + } catch (LDAPException e) { + log.error(e); + } + return url; + } + + public byte[] loadBase64CertificateFromLDAP(String serialNumber, String issuer) { + byte[] base64CertData = null; + try { + LDAPClient client = ldapClientFactory.createClient(issuer); + X509Certificate x509certificate = client.retrieveCertificate(new BigInteger(serialNumber)); + base64CertData = Util.Base64Encode(x509certificate.toByteArray()); + } catch (LDAPException e) { + log.error(e); + } + return base64CertData; + } + +} diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClient.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClient.java new file mode 100644 index 0000000..12f69fd --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClient.java @@ -0,0 +1,65 @@ +package at.knowcenter.wag.egov.egiz.ldap.client; + +import iaik.x509.X509Certificate; + +import java.math.BigInteger; +import java.net.URL; + +/** + * @author Thomas Knall + */ +public interface LDAPClient { + + /** + * Returns the ldap url this client was registered for. + * + * @return The ldap url linked with this client. + */ + URL getUrl(); + + /** + * Sets the ldap url this client should be registered for. + * + * @param ldapURL + * The ldap url linked with this client. + */ + void setUrl(URL ldapURL); + + /** + * Returns the attribute name that represents the serial number. + * + * @return The attribute name representing the serial number. + */ + String getSerialNumberAttrName(); + + /** + * Sets the attribute name that represents the serial number. + * + * @param serialNumberAttrName + * The attribute name representing the serial number. + */ + void setSerialNumberAttrName(String serialNumberAttrName); + + /** + * Retrieves the certificate(s) matching the filter {@code filter}. + * + * @param filter + * The filter for the ldap request. + * @return An array of certificates matching the filter {@code filter}. + * @throws LDAPException + * Is thrown in case of error. + */ + X509Certificate[] retrieveCertificates(String filter) throws LDAPException; + + /** + * Retriebes the certificate with the serial number {@code serialNumber}. + * + * @param serialNumber + * The serial number of the required certificate. + * @return The certificate with the serial number {@code serialNumber}. + * @throws LDAPException + * Is thrown in case of error. + */ + X509Certificate retrieveCertificate(BigInteger serialNumber) throws LDAPException; + +} diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactory.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactory.java new file mode 100644 index 0000000..3a5ec2d --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactory.java @@ -0,0 +1,119 @@ +package at.knowcenter.wag.egov.egiz.ldap.client; + +import java.util.Hashtable; +import java.util.Iterator; + +import org.apache.log4j.Logger; + +import at.knowcenter.wag.egov.egiz.tools.Normalize; + + +/** + * @author Thomas Knall + */ +public abstract class LDAPClientFactory { + + private final Logger log = Logger.getLogger(getClass()); + + private static Hashtable ldapClientFactoryInstances = new Hashtable(); + + protected static final String DEFAULT_IDENTIFIER = "DEFAULT_IDENTIFIER"; + + private Hashtable registeredMappings; + private boolean hasBeenConfigured; + private Normalize normalizer; + private boolean whiteSpaceRemoval; + + protected LDAPClientFactory() { + this.registeredMappings = new Hashtable(); + this.hasBeenConfigured = false; + this.normalizer = null; + this.whiteSpaceRemoval = false; + } + + public void resetMappings() { + this.registeredMappings = new Hashtable(); + this.hasBeenConfigured = false; + } + + public boolean hasBeenConfigured() { + return this.hasBeenConfigured; + } + + public LDAPMapping getMapping(String issuerName) { + return this.registeredMappings.get(applyFilter(issuerName)); + } + + protected Normalize getNormalizer() { + return this.normalizer; + } + + public synchronized void registerMappings(Iterable iterable) { + Iterator it = iterable.iterator(); + if (!it.hasNext()) { + log.warn("There were no ldap mappings provided."); + } else { + this.hasBeenConfigured = true; + } + while (it.hasNext()) { + this.registerMapping(it.next()); + } + } + + public synchronized void registerMapping(LDAPMapping... ldapMappings) { + if (ldapMappings.length == 0) { + log.warn("There were no ldap mappings provided."); + } else { + this.hasBeenConfigured = true; + } + for (LDAPMapping ldapMapping : ldapMappings) { + log.debug("Registering Mapping for " + LDAPClientFactory.class.getSimpleName() + ": " + ldapMapping + "."); + String issuerName = applyFilter(ldapMapping.getIssuerName().getName()); + if (this.registeredMappings.containsKey(issuerName)) { + log.warn("Skipping mapping for issuer name \"" + issuerName + "\" because it has already been registered."); + } else { + this.registeredMappings.put(issuerName, ldapMapping); + } + } + } + + public void setNormalizer(Normalize normalizer) throws LDAPException { + if (this.hasBeenConfigured) { + throw new LDAPException("It is not allowed to set a normalizer after mappings have been defined."); + } + this.normalizer = normalizer; + } + + public void setWhiteSpaceRemoval(boolean whiteSpaceRemoval) throws LDAPException { + if (this.hasBeenConfigured) { + throw new LDAPException("It is not allowed to set whitespace removal after mappings have been defined."); + } + this.whiteSpaceRemoval = whiteSpaceRemoval; + } + + private String applyFilter(String text) { + if (this.normalizer != null) { + text = this.normalizer.normalize(text); + } + if (this.whiteSpaceRemoval) { + text = text.replaceAll("\\s", ""); + } + return text; + } + + public static synchronized LDAPClientFactory getInstance(String idenfifier) { + LDAPClientFactory ldapClientFactoryInstance = ldapClientFactoryInstances.get(idenfifier); + if (ldapClientFactoryInstance == null) { + ldapClientFactoryInstance = new LDAPClientFactoryImpl(); + ldapClientFactoryInstances.put(idenfifier, ldapClientFactoryInstance); + } + return ldapClientFactoryInstance; + } + + public static synchronized LDAPClientFactory getInstance() { + return getInstance(DEFAULT_IDENTIFIER); + } + + public abstract LDAPClient createClient(String issuerName) throws LDAPException; + +} diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactoryImpl.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactoryImpl.java new file mode 100644 index 0000000..88e39c8 --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientFactoryImpl.java @@ -0,0 +1,85 @@ +package at.knowcenter.wag.egov.egiz.ldap.client; + +import iaik.asn1.ObjectID; +import iaik.asn1.structures.Name; +import iaik.utils.RFC2253NameParser; +import iaik.utils.RFC2253NameParserException; + +import java.util.Hashtable; + +import org.apache.log4j.Logger; + +/** + * @author Thomas Knall + */ +public final class LDAPClientFactoryImpl extends LDAPClientFactory { + + private final Logger log = Logger.getLogger(getClass()); + + private Hashtable ldapClients; + + protected LDAPClientFactoryImpl() { + this.ldapClients = new Hashtable(); + } + + public static String rfc2253Name2Domain(String nameString) throws RFC2253NameParserException { + RFC2253NameParser nameParser = new RFC2253NameParser(nameString); + return rfc2253Name2Domain(nameParser.parse()); + } + + public static String rfc2253Name2Domain(Name name) { + Object[] values = name.getRDNValues(ObjectID.domainComponent); + if (values == null) { + return null; + } + StringBuffer buffer = new StringBuffer(); + for (int i = values.length - 1; i >= 0; i--) { + buffer.append(values[i]); + if (i > 0) { + buffer.append("."); + } + } + return buffer.toString(); + } + + private LDAPClient instantiateLDAPClient(String issuerName) throws LDAPException { + if (!super.hasBeenConfigured()) { + log.warn(super.getClass().getSimpleName() + " has not been configured yet."); + } + LDAPClient client = null; + LDAPMapping mapping = super.getMapping(issuerName); + if (mapping == null) { + try { + String alternativeURLString = rfc2253Name2Domain(issuerName); + if (alternativeURLString == null || alternativeURLString.length() == 0) { + throw new LDAPException("Neither issuer name \"" + issuerName + "\" has been registered nor domain components were provided."); + } + alternativeURLString = "ldap://" + alternativeURLString; + log.warn("Issuer name \"" + issuerName + "\" has not been registered; trying to instantiate client for url \"" + alternativeURLString + "\"..."); + client = new LDAPClientImpl(alternativeURLString); + } catch (RFC2253NameParserException e) { + throw new LDAPException(e); + } + } else { + log.debug("Instantiating LDAP client for " + mapping + "."); + client = new LDAPClientImpl(mapping); + } + return client; + } + + public synchronized LDAPClient createClient(String issuerName) throws LDAPException { + if (issuerName == null || issuerName.length() == 0) { + throw new NullPointerException("Issuer name must not be null or empty."); + } + if (super.getNormalizer() != null) { + issuerName = super.getNormalizer().normalize(issuerName); + } + LDAPClient ldapClient = ldapClients.get(issuerName); + if (ldapClient == null) { + ldapClient = instantiateLDAPClient(issuerName); + ldapClients.put(issuerName, ldapClient); + } + return ldapClient; + } + +} diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java new file mode 100644 index 0000000..3dae9ae --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPClientImpl.java @@ -0,0 +1,175 @@ +package at.knowcenter.wag.egov.egiz.ldap.client; + +import iaik.x509.X509Certificate; +import iaik.x509.net.ldap.LdapURLConnection; + +import java.io.IOException; +import java.math.BigInteger; +import java.net.MalformedURLException; +import java.net.URL; + +public final class LDAPClientImpl implements LDAPClient { + + // constants + protected static final String DEFAULT_LDAP_ATTR_SERIAL_NUMBER = "eidCertificateSerialNumber"; + private static final iaik.x509.net.ldap.Handler LDAP_HANDLER = new iaik.x509.net.ldap.Handler(); + + // fields + private URL url; + private String serialNumberAttrName; + + // constructors + protected LDAPClientImpl() { + this.setSerialNumberAttrName(DEFAULT_LDAP_ATTR_SERIAL_NUMBER); + } + + protected LDAPClientImpl(URL url) { + this(); + this.setUrl(url); + } + + protected LDAPClientImpl(String urlString) throws LDAPException { + this(); + try { + this.setUrl(new URL(null, urlString, LDAP_HANDLER)); + } catch (MalformedURLException e) { + throw new LDAPException(e); + } + } + + protected LDAPClientImpl(LDAPMapping ldapMapping) { + this(); + this.setUrl(ldapMapping.getLdapURL()); + this.setSerialNumberAttrName(ldapMapping.getSerialNumberAttrName()); + } + + + // getter/setter + + /* + * @see at.iaik.commons.ldap.LDAPClient#getUrl() + */ + public URL getUrl() { + return this.url; + } + + /* + * @see at.iaik.commons.ldap.LDAPClient#setUrl(java.net.URL) + */ + public void setUrl(URL ldapURL) { + if (ldapURL == null) { + throw new NullPointerException("LDAP url must not be null."); + } + this.url = ldapURL; + } + + /* + * @see at.iaik.commons.ldap.LDAPClient#getSerialNumberAttrName() + */ + public String getSerialNumberAttrName() { + return this.serialNumberAttrName; + } + + /* + * @see at.iaik.commons.ldap.LDAPClient#setSerialNumberAttrName(java.lang.String) + */ + public void setSerialNumberAttrName(String serialNumberAttrName) { + if (serialNumberAttrName != null && serialNumberAttrName.length() == 0) { + throw new IllegalArgumentException("Serial number attribute name must not be empty"); + } + this.serialNumberAttrName = serialNumberAttrName != null ? serialNumberAttrName : DEFAULT_LDAP_ATTR_SERIAL_NUMBER; + } + + // service methods + + /* + * @see at.iaik.commons.ldap.LDAPClient#retrieveCertificates(java.lang.String) + */ + public X509Certificate[] retrieveCertificates(String filter) throws LDAPException { + if (filter == null) { + throw new NullPointerException("Filter string must not be null."); + } + if (filter.length() == 0) { + throw new IllegalArgumentException("Filter string must not be empty."); + } + + X509Certificate[] certs = new X509Certificate[] { }; + LdapURLConnection ldapURLConnection = null; + try { + this.validateData(); + ldapURLConnection = (LdapURLConnection) this.url.openConnection(); + + // search for end enity certificates + ldapURLConnection.setRequestProperty( + LdapURLConnection.RP_ATTRIBUTE_DESCRIPTION, + LdapURLConnection.AD_USER_CERTIFICATE + ); + + // search subtree + ldapURLConnection.setRequestProperty( + LdapURLConnection.RP_SEARCH_SCOPE, + LdapURLConnection.SEARCH_SCOPE_SUBTREE + ); + + //set filter + ldapURLConnection.setRequestProperty( + LdapURLConnection.RP_FILTER, + filter + ); + + // connect to the ldap server an read results + certs = (X509Certificate[]) ldapURLConnection.getContent(); + } catch (IOException e) { + throw new LDAPException(e); + } finally { + if (ldapURLConnection != null) { + ldapURLConnection.disconnect(); + } + } + return certs; + } + + /* + * @see at.iaik.commons.ldap.LDAPClient#retrieveCertificate(java.math.BigInteger) + */ + public X509Certificate retrieveCertificate(BigInteger serialNumber) throws LDAPException { + if (serialNumber == null) { + throw new NullPointerException("Serial number must not be null"); + } + this.validateData(); + X509Certificate[] certs = retrieveCertificates("(" + this.serialNumberAttrName + "=" + serialNumber + ")"); + if (certs.length > 1) { + throw new LDAPException("There was more than one certificate with serial number " + serialNumber + "."); + } else if (certs.length == 0) { + return null; + } + return certs[0]; + } + + // misc + public void validateData() throws LDAPException { + if (this.url == null) { + throw new LDAPException("LDAP URL must not be null."); + } + if (this.serialNumberAttrName == null || this.serialNumberAttrName.length() == 0) { + throw new LDAPException("LDAP key for serial number is null or empty."); + } + } + + @Override + public String toString() { + StringBuffer buffer = new StringBuffer(); + buffer.append("ldapURL = ").append(this.url); + buffer.append(", serialNumberAttrName = ").append(this.serialNumberAttrName); + boolean dataValid; + try { + this.validateData(); + dataValid = true; + } catch (LDAPException e) { + dataValid = false; + } + buffer.append("; data seems to be ").append(dataValid ? "valid" : "invalid"); + return buffer.toString(); + } + +} diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPException.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPException.java new file mode 100644 index 0000000..ed897ea --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPException.java @@ -0,0 +1,26 @@ +package at.knowcenter.wag.egov.egiz.ldap.client; + +/** + * @author Thomas Knall + */ +public class LDAPException extends Exception { + + private static final long serialVersionUID = 1L; + + public LDAPException() { + super(); + } + + public LDAPException(Exception exception) { + super(exception); + } + + public LDAPException(String message, Exception exception) { + super(message, exception); + } + + public LDAPException(String message) { + super(message); + } + +} diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMapping.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMapping.java new file mode 100644 index 0000000..8a4ea93 --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMapping.java @@ -0,0 +1,155 @@ +package at.knowcenter.wag.egov.egiz.ldap.client; + +import iaik.asn1.structures.Name; +import iaik.utils.RFC2253NameParser; +import iaik.utils.RFC2253NameParserException; + +import java.net.MalformedURLException; +import java.net.URL; +import java.util.Properties; + +import org.apache.log4j.Logger; + +/** + * @author Thomas Knall + */ +public class LDAPMapping { + + // constants + public static final String PROPERTIES_KEY_ISSUER_NAME = "issuer.name"; + public static final String PROPERTIES_KEY_LDAP_URL = "ldap.url"; + public static final String PROPERTIES_KEY_SERIAL_ATTR_NAME = "serialnumber.attrname"; + + private final Logger log = Logger.getLogger(getClass()); + private static final iaik.x509.net.ldap.Handler LDAP_HANDLER; + + // fields + private Name issuerName; + private URL ldapURL; + private String serialNumberAttrName; + + // static initialization + static { + LDAP_HANDLER = new iaik.x509.net.ldap.Handler(); + } + + // constructors + protected LDAPMapping() { + this.setSerialNumberAttrName(LDAPClientImpl.DEFAULT_LDAP_ATTR_SERIAL_NUMBER); + } + + public LDAPMapping(Name issuerName, URL ldapURL) { + this(issuerName, ldapURL, null); + } + + public LDAPMapping(Name issuerName, URL ldapURL, String serialNumberAttrName) { + this(); + this.setIssuerName(issuerName); + this.setLdapURL(ldapURL); + this.setSerialNumberAttrName(serialNumberAttrName); + } + + public LDAPMapping(String issuerNameString, String ldapURLString) throws LDAPException { + this(issuerNameString, ldapURLString, null); + } + + public LDAPMapping(String issuerNameString, String ldapURLString, String serialNumberAttrName) throws LDAPException { + this(); + this.setIssuerName(issuerNameString); + this.setLdapURL(ldapURLString); + this.setSerialNumberAttrName(serialNumberAttrName); + } + + public LDAPMapping(Properties properties) throws LDAPException { + this(); + if (properties == null) { + throw new NullPointerException("Properties must not be null."); + } + String in = properties.getProperty(PROPERTIES_KEY_ISSUER_NAME); + String sn = properties.getProperty(PROPERTIES_KEY_LDAP_URL); + String snan = properties.getProperty(PROPERTIES_KEY_SERIAL_ATTR_NAME); + if (in == null || in.length() == 0) { + throw new LDAPException("Property \"" + PROPERTIES_KEY_ISSUER_NAME + "\" must not be null or empty."); + } + if (sn == null || sn.length() == 0) { + throw new LDAPException("Property \"" + PROPERTIES_KEY_LDAP_URL + "\" must not be null or empty."); + } + this.setIssuerName(in); + this.setLdapURL(sn); + this.setSerialNumberAttrName(snan); + } + + // getter/setter + public Name getIssuerName() { + return this.issuerName; + } + + public void setIssuerName(Name issuerName) { + if (issuerName == null) { + throw new NullPointerException("Issuer name must not be null."); + } + this.issuerName = issuerName; + } + + public void setIssuerName(String issuerNameString) throws LDAPException { + RFC2253NameParser parser = new RFC2253NameParser(issuerNameString.trim()); + try { + this.setIssuerName(parser.parse()); + } catch (RFC2253NameParserException e) { + throw new LDAPException(e); + } + } + + public URL getLdapURL() { + return this.ldapURL; + } + + public void setLdapURL(URL ldapURL) { + if (ldapURL == null) { + throw new NullPointerException("LDAP url must not be null."); + } + this.ldapURL = ldapURL; + } + + public void setLdapURL(String ldapURLString) throws LDAPException { + try { + this.setLdapURL(new URL(null, ldapURLString.trim(), LDAP_HANDLER)); + } catch (MalformedURLException e) { + throw new LDAPException(e); + } + } + + public String getSerialNumberAttrName() { + return this.serialNumberAttrName; + } + + public void setSerialNumberAttrName(String serialNumberAttrName) { + if (serialNumberAttrName != null && serialNumberAttrName.length() == 0) { + throw new IllegalArgumentException("Serial number attribute name must not be empty"); + } + this.serialNumberAttrName = serialNumberAttrName != null ? serialNumberAttrName.trim() : LDAPClientImpl.DEFAULT_LDAP_ATTR_SERIAL_NUMBER; + } + + // misc + public void validateData() throws LDAPException { + if (this.issuerName == null) { + throw new LDAPException("Issuer name must not be null."); + } + if (this.ldapURL == null) { + throw new LDAPException("LDAP url must not be null."); + } + if (serialNumberAttrName == null || serialNumberAttrName.length() == 0) { + throw new LDAPException("Serial number attribute name must not be null or empty"); + } + } + + @Override + public String toString() { + StringBuffer buffer = new StringBuffer(); + buffer.append("issuerName = ").append(this.issuerName != null ? this.issuerName.getName() : null); + buffer.append(", ldapURL = ").append(this.ldapURL); + buffer.append(", serialNumberAttrName = ").append(this.serialNumberAttrName); + return buffer.toString(); + } + +} -- cgit v1.2.3