From f1db00ea7fce12a186a3c5070d7f46298224c57a Mon Sep 17 00:00:00 2001 From: tknall Date: Wed, 13 Dec 2006 16:00:50 +0000 Subject: ldap support improved git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@20 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c --- .../wag/egov/egiz/ldap/api/LDAPAPIFactory.java | 9 +- .../wag/egov/egiz/ldap/api/LDAPAPIFactoryImpl.java | 19 ++-- .../wag/egov/egiz/ldap/api/LDAPAPIImpl.java | 120 ++++++++++++--------- .../egiz/ldap/client/LDAPIssuerNameFilter.java | 20 ++++ .../egov/egiz/ldap/client/LDAPMappingStore.java | 85 +++++++++++++++ .../knowcenter/wag/egov/egiz/sig/DummyLDAPAPI.java | 6 ++ .../at/knowcenter/wag/egov/egiz/sig/LDAPAPI.java | 9 ++ .../wag/egov/egiz/sig/SignatureObject.java | 32 +++++- 8 files changed, 235 insertions(+), 65 deletions(-) create mode 100644 src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPIssuerNameFilter.java create mode 100644 src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMappingStore.java (limited to 'src') diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactory.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactory.java index ba58908..998af55 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactory.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactory.java @@ -1,6 +1,7 @@ package at.knowcenter.wag.egov.egiz.ldap.api; import iaik.security.ecc.provider.ECCProvider; +import at.knowcenter.wag.egov.egiz.ldap.client.LDAPIssuerNameFilter; import at.knowcenter.wag.egov.egiz.sig.LDAPAPI; /** @@ -14,15 +15,15 @@ public abstract class LDAPAPIFactory { ECCProvider.addAsProvider(); } - public static synchronized LDAPAPIFactory getInstance() { + public static synchronized LDAPAPIFactory getInstance(LDAPIssuerNameFilter ldapIssuerNameFilter) { if (ldapAPIfactoryInstance == null) { - ldapAPIfactoryInstance = new LDAPAPIFactoryImpl(); + ldapAPIfactoryInstance = new LDAPAPIFactoryImpl(ldapIssuerNameFilter); } return ldapAPIfactoryInstance; } - public synchronized LDAPAPI createLDAPAPI() throws LDAPAPIException { - return createLDAPAPI(null); + public static LDAPAPIFactory getInstance() { + return getInstance(null); } public abstract LDAPAPI createLDAPAPI(String implClassURI) throws LDAPAPIException; diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactoryImpl.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactoryImpl.java index 340b54a..9750270 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactoryImpl.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIFactoryImpl.java @@ -4,6 +4,7 @@ import java.util.Hashtable; import org.apache.log4j.Logger; +import at.knowcenter.wag.egov.egiz.ldap.client.LDAPIssuerNameFilter; import at.knowcenter.wag.egov.egiz.sig.LDAPAPI; /** @@ -13,13 +14,17 @@ public class LDAPAPIFactoryImpl extends LDAPAPIFactory { private static final Logger log = Logger.getLogger(LDAPAPIFactoryImpl.class); + // mapping private Hashtable ldapImpls; - protected LDAPAPIFactoryImpl() { - ldapImpls = new Hashtable(); + private LDAPIssuerNameFilter ldapIssuerNameFilter; + + protected LDAPAPIFactoryImpl(LDAPIssuerNameFilter ldapIssuerNameFilter) { + this.ldapImpls = new Hashtable(); + this.ldapIssuerNameFilter = ldapIssuerNameFilter; } - private static LDAPAPI instantiatelAPIImpl(String implClassURI) throws LDAPAPIException { + private LDAPAPI instantiatelAPIImpl(String implClassURI) throws LDAPAPIException { if (implClassURI == null) { throw new NullPointerException("URI of implementing class must not be null."); } @@ -36,6 +41,7 @@ public class LDAPAPIFactoryImpl extends LDAPAPIFactory { } ldapAPIImpl = (LDAPAPI) ldapAPIImplObj; log.info("LDAPAPI implementation successfully instantiated."); + ldapAPIImpl.setIssuerNameFilter(this.ldapIssuerNameFilter); } catch (InstantiationException e) { throw new LDAPAPIException("Declared implementation of \"" + LDAPAPI.class.getName() + "\" cannot be instantiated."); } catch (IllegalAccessException e) { @@ -46,15 +52,16 @@ public class LDAPAPIFactoryImpl extends LDAPAPIFactory { return ldapAPIImpl; } + @Override public synchronized LDAPAPI createLDAPAPI(String implClassURI) throws LDAPAPIException { if (implClassURI == null || implClassURI.length() == 0) { // use internal implementation implClassURI = LDAPAPIImpl.class.getName(); } - LDAPAPI impl = ldapImpls.get(implClassURI); + LDAPAPI impl = this.ldapImpls.get(implClassURI); if (impl == null) { - impl = instantiatelAPIImpl(implClassURI); - ldapImpls.put(implClassURI, impl); + impl = this.instantiatelAPIImpl(implClassURI); + this.ldapImpls.put(implClassURI, impl); } return impl; } diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIImpl.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIImpl.java index 96409f6..6f4ca72 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIImpl.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/api/LDAPAPIImpl.java @@ -10,97 +10,117 @@ import java.util.List; import org.apache.log4j.Logger; import at.knowcenter.wag.egov.egiz.cfg.SettingsReader; -import at.knowcenter.wag.egov.egiz.exceptions.NormalizeException; import at.knowcenter.wag.egov.egiz.exceptions.SettingNotFoundException; import at.knowcenter.wag.egov.egiz.exceptions.SettingsException; import at.knowcenter.wag.egov.egiz.ldap.client.LDAPClient; import at.knowcenter.wag.egov.egiz.ldap.client.LDAPClientFactory; import at.knowcenter.wag.egov.egiz.ldap.client.LDAPException; +import at.knowcenter.wag.egov.egiz.ldap.client.LDAPIssuerNameFilter; import at.knowcenter.wag.egov.egiz.ldap.client.LDAPMapping; import at.knowcenter.wag.egov.egiz.sig.LDAPAPI; -import at.knowcenter.wag.egov.egiz.sig.SignatureObject; -import at.knowcenter.wag.egov.egiz.tools.Normalizer; /** * @author Thomas Knall */ public class LDAPAPIImpl implements LDAPAPI { - private final Logger log = Logger.getLogger(getClass()); - + private final Logger log = Logger.getLogger(this.getClass()); + /** * Prefix for specific entry in config properties file. */ - private static final String PROP_LDAP_PREFIX = "ldap_mapping"; + private static final String PROP_LDAP_PREFIX = "ldap_mapping"; + private static final String PROP_ISSUER_NAME_POSTFIX = "issuer_name"; - private static final String PROP_LDAP_URL_POSTFIX = "url"; + + private static final String PROP_LDAP_URL_POSTFIX = "url"; + private static final String PROP_SERIAL_ATTR_POSTFIX = "serial_attr"; - - private static final String LDAP_FACTORY_IDENTIFIER = "PDF-AS LDAP Support"; + + private static final String LDAP_FACTORY_IDENTIFIER = "PDF-AS LDAP Support"; + private LDAPClientFactory ldapClientFactory; + private LDAPIssuerNameFilter ldapIssuerNameFilter; + protected LDAPAPIImpl() { - try { - SettingsReader settings = SettingsReader.getInstance(); - - ldapClientFactory = LDAPClientFactory.getInstance(LDAP_FACTORY_IDENTIFIER); - // configure normalization of issuer according to method - // normalizeIssuer(String) of at.knowcenter.wag.egov.egiz.sig.SignatureObject - ldapClientFactory.setWhiteSpaceRemoval(true); - ldapClientFactory.setNormalizer(new Normalizer().getInstance()); - - List mappingKeys = settings.getKeys(PROP_LDAP_PREFIX); - if (mappingKeys != null) { - Iterator it = mappingKeys.iterator(); - while (it.hasNext()) { - String keyPrefix = PROP_LDAP_PREFIX + "." + (String) it.next() + "."; - String issuerName = settings.getSetting(keyPrefix + PROP_ISSUER_NAME_POSTFIX); - String ldapURL = settings.getSetting(keyPrefix + PROP_LDAP_URL_POSTFIX); - String serialAttr = settings.getSetting(keyPrefix + PROP_SERIAL_ATTR_POSTFIX, null); - - LDAPMapping ldapMapping = new LDAPMapping(issuerName, ldapURL, serialAttr); - ldapClientFactory.registerMapping(ldapMapping); + this.ldapClientFactory = null; + this.ldapIssuerNameFilter = null; + } + + private void initializeFactoryImpl() { + if (this.ldapClientFactory == null) { + try { + SettingsReader settings = SettingsReader.getInstance(); + + this.ldapClientFactory = LDAPClientFactory.getInstance(LDAP_FACTORY_IDENTIFIER); + this.ldapClientFactory.setLDAPIssuerNameFilter(this.ldapIssuerNameFilter); + + List mappingKeys = settings.getKeys(PROP_LDAP_PREFIX); + if (mappingKeys != null) { + Iterator it = mappingKeys.iterator(); + while (it.hasNext()) { + String keyPrefix = PROP_LDAP_PREFIX + "." + (String) it.next() + "."; + String issuerName = settings.getSetting(keyPrefix + PROP_ISSUER_NAME_POSTFIX); + String ldapURL = settings.getSetting(keyPrefix + PROP_LDAP_URL_POSTFIX); + String serialAttr = settings.getSetting(keyPrefix + PROP_SERIAL_ATTR_POSTFIX, + null); + + LDAPMapping ldapMapping = new LDAPMapping(issuerName, ldapURL, serialAttr); + this.ldapClientFactory.registerMapping(ldapMapping); + } + } else { + StringBuffer buffer = new StringBuffer(); + buffer.append(PROP_LDAP_PREFIX).append(".foo.").append(PROP_ISSUER_NAME_POSTFIX) + .append(", "); + buffer.append(PROP_LDAP_PREFIX).append(".foo.").append(PROP_LDAP_URL_POSTFIX) + .append(", "); + buffer.append(PROP_LDAP_PREFIX).append(".foo.").append(PROP_SERIAL_ATTR_POSTFIX); + this.log.warn("There are no LDAP mappings (" + buffer.toString() + + ") declared within config file."); } - } else { - StringBuffer buffer = new StringBuffer(); - buffer.append(PROP_LDAP_PREFIX).append(".foo.").append(PROP_ISSUER_NAME_POSTFIX).append(", "); - buffer.append(PROP_LDAP_PREFIX).append(".foo.").append(PROP_LDAP_URL_POSTFIX).append(", "); - buffer.append(PROP_LDAP_PREFIX).append(".foo.").append(PROP_SERIAL_ATTR_POSTFIX); - log.warn("There are no LDAP mappings (" + buffer.toString() + ") declared within config file."); + + } catch (SettingsException e) { + this.log.error(e); + } catch (SettingNotFoundException e) { + this.log.error(e); + } catch (LDAPException e) { + this.log.error(e); } - - } catch (SettingsException e) { - log.error(e); - } catch (SettingNotFoundException e) { - log.error(e); - } catch (LDAPException e) { - log.error(e); - } catch (NormalizeException e) { - log.error(e); - }; + ; + } } - + public String getURL(String issuer) { + this.initializeFactoryImpl(); String url = null; try { - LDAPClient client = ldapClientFactory.createClient(issuer); + LDAPClient client = this.ldapClientFactory.createClient(issuer); url = client.getUrl().toString(); } catch (LDAPException e) { - log.error(e); + this.log.error(e); } return url; } public byte[] loadBase64CertificateFromLDAP(String serialNumber, String issuer) { + this.initializeFactoryImpl(); byte[] base64CertData = null; try { - LDAPClient client = ldapClientFactory.createClient(issuer); + LDAPClient client = this.ldapClientFactory.createClient(issuer); X509Certificate x509certificate = client.retrieveCertificate(new BigInteger(serialNumber)); base64CertData = Util.Base64Encode(x509certificate.toByteArray()); } catch (LDAPException e) { - log.error(e); + this.log.error(e); } return base64CertData; } + public void setIssuerNameFilter(LDAPIssuerNameFilter filter) throws LDAPAPIException { + if (this.ldapClientFactory != null) { + throw new LDAPAPIException("LDAPIssuerNameFilter must be applied before mappings are registered."); + } + this.ldapIssuerNameFilter = filter; + } + } diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPIssuerNameFilter.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPIssuerNameFilter.java new file mode 100644 index 0000000..722251c --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPIssuerNameFilter.java @@ -0,0 +1,20 @@ +package at.knowcenter.wag.egov.egiz.ldap.client; + +import iaik.asn1.structures.Name; + +/** + * @author Thomas Knall + */ +public interface LDAPIssuerNameFilter { + + /** + * Applies some kind of filtering on the distinguished name. This can be used + * for normalization. + * + * @param name + * The original distinguished name. + * @return The new filtered distinguished name. + */ + Name applyFilter(Name name); + +} diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMappingStore.java b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMappingStore.java new file mode 100644 index 0000000..324e859 --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/ldap/client/LDAPMappingStore.java @@ -0,0 +1,85 @@ +package at.knowcenter.wag.egov.egiz.ldap.client; + +import iaik.asn1.structures.Name; +import iaik.utils.RFC2253NameParser; +import iaik.utils.RFC2253NameParserException; + +import java.util.Hashtable; +import java.util.Iterator; + +import org.apache.log4j.Logger; + +/** + * @author Thomas Knall + */ +public class LDAPMappingStore { + + private Hashtable storedMappings; + private LDAPIssuerNameFilter issuerNameFilter; + private Logger log = Logger.getLogger(getClass()); + + public LDAPMappingStore(LDAPIssuerNameFilter issuerNameFilter) { + this.storedMappings = new Hashtable(); + this.issuerNameFilter = issuerNameFilter; + } + + public LDAPMappingStore() { + this(null); + } + + public void clearStore() { + this.storedMappings = new Hashtable(); + } + + public boolean isEmpty() { + return this.storedMappings.isEmpty(); + } + + public boolean isLDAPIssuerNameFilter() { + return this.issuerNameFilter != null; + } + + public void storeMapping(LDAPMapping... mappings) { + for (LDAPMapping mapping : mappings) { + Name name = mapping.getIssuerName(); + if (issuerNameFilter != null) { + name = this.issuerNameFilter.applyFilter(name); + } + if (this.storedMappings.containsKey(name)) { + log.warn("Skipping mapping \"" + mapping + "\" because is has already been stored under \"" + name.getName() + "\"."); + } else { + log.debug("Storing mapping \"" + mapping + "\" under \"" + name.getName() + "\"."); + this.storedMappings.put(name, mapping); + } + } + } + + public void storeMappings(Iterable iterable) { + Iterator it = iterable.iterator(); + while (it.hasNext()) { + this.storeMapping(it.next()); + } + } + + public LDAPMapping getMapping(Name name) { + if (issuerNameFilter != null) { + name = this.issuerNameFilter.applyFilter(name); + } + return this.storedMappings.get(name); + } + + public LDAPMapping getMapping(String nameString) throws LDAPException { + RFC2253NameParser parser = new RFC2253NameParser(nameString); + Name name; + try { + name = parser.parse(); + } catch (RFC2253NameParserException e) { + throw new LDAPException(e); + } + if (issuerNameFilter != null) { + name = this.issuerNameFilter.applyFilter(name); + } + return getMapping(name); + } + +} diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/DummyLDAPAPI.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/DummyLDAPAPI.java index a8bc461..47d1d20 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/DummyLDAPAPI.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/DummyLDAPAPI.java @@ -21,6 +21,8 @@ import java.io.File; import java.io.FileInputStream; import at.knowcenter.wag.egov.egiz.cfg.SettingsReader; +import at.knowcenter.wag.egov.egiz.ldap.api.LDAPAPIException; +import at.knowcenter.wag.egov.egiz.ldap.client.LDAPIssuerNameFilter; /** * This is just a dummy implementation until the real Egiz LDAP API is @@ -75,4 +77,8 @@ public byte[] loadBase64CertificateFromLDAP(String serial_number, String issuer) return data; } + + public void setIssuerNameFilter(LDAPIssuerNameFilter filter) throws LDAPAPIException { + } + } diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/LDAPAPI.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/LDAPAPI.java index 143c34b..f61c7e6 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/LDAPAPI.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/LDAPAPI.java @@ -1,5 +1,8 @@ package at.knowcenter.wag.egov.egiz.sig; +import at.knowcenter.wag.egov.egiz.ldap.api.LDAPAPIException; +import at.knowcenter.wag.egov.egiz.ldap.client.LDAPIssuerNameFilter; + /** * @author Thomas Knall */ @@ -21,5 +24,11 @@ public interface LDAPAPI { * @return BASE64 encoded certificate */ public byte[] loadBase64CertificateFromLDAP(String serialNumber, String issuer); + + /** + * Sets the filter that has to be applied before trying to match the issuer name. + * @param filter The filter. + */ + public void setIssuerNameFilter(LDAPIssuerNameFilter filter) throws LDAPAPIException; } \ No newline at end of file diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java index b00a3cb..9a7a036 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java @@ -17,6 +17,10 @@ */ package at.knowcenter.wag.egov.egiz.sig; +import iaik.asn1.structures.Name; +import iaik.utils.RFC2253NameParser; +import iaik.utils.RFC2253NameParserException; + import java.io.File; import java.io.FileOutputStream; import java.io.IOException; @@ -43,6 +47,7 @@ import at.knowcenter.wag.egov.egiz.exceptions.SignatureTypesException; import at.knowcenter.wag.egov.egiz.framework.SignatorFactory; import at.knowcenter.wag.egov.egiz.ldap.api.LDAPAPIException; import at.knowcenter.wag.egov.egiz.ldap.api.LDAPAPIFactory; +import at.knowcenter.wag.egov.egiz.ldap.client.LDAPIssuerNameFilter; import at.knowcenter.wag.egov.egiz.table.Entry; import at.knowcenter.wag.egov.egiz.table.Style; import at.knowcenter.wag.egov.egiz.table.Table; @@ -176,6 +181,25 @@ public class SignatureObject implements Serializable *

*/ protected String raw_signature_response = null; + + /** + * Filters the issuer name in order to find matches. + * @author tknall + * @see {@link normalizeIssuer} + */ + private LDAPIssuerNameFilter issuerNameFilter = new LDAPIssuerNameFilter() { + public Name applyFilter(Name name) { + RFC2253NameParser parser = new RFC2253NameParser(normalizeIssuer(name.getName())); + try { + name = parser.parse(); + } catch (RFC2253NameParserException e) { + logger_.error(e); + } + return name; + } + }; + + /** * The empty constructor. It initilize the normlizer, load the settings and @@ -889,13 +913,12 @@ public class SignatureObject implements Serializable * comparison with registered ldap mappings.) * @param issuer The issuer. * @return normalized issuer + * @see {@link issuerNameFilter} * @author tknall */ private String normalizeIssuer(String issuer) { issuer = normalizer_.normalize(issuer); issuer = removeAllWhiteSpaces(issuer); - // important note: if method is changed don't forget to adjust LDAPAPIImpl otherwise - // ldap mappings will not match return issuer; } @@ -1085,12 +1108,11 @@ public class SignatureObject implements Serializable try { // note: in case of implClassURI==null the default implementation // at.knowcenter.wag.egov.egiz.ldap.api.LDAPAPIImpl is used - ldapAPIImpl = LDAPAPIFactory.getInstance().createLDAPAPI(implClassURI); + ldapAPIImpl = LDAPAPIFactory.getInstance(issuerNameFilter).createLDAPAPI(implClassURI); } catch (LDAPAPIException e) { throw new RuntimeException(e); } - String normalized_issuer = normalizeIssuer(issuer); - return ldapAPIImpl.loadBase64CertificateFromLDAP(serialNumber, normalized_issuer); + return ldapAPIImpl.loadBase64CertificateFromLDAP(serialNumber, issuer); // STOP modification by TK } -- cgit v1.2.3