View Javadoc
1 package jsdsi.ldap; 2 3 import java.io.*; 4 import jsdsi.*; 5 import jsdsi.sexp.*; 6 import jsdsi.util.DigestAlgoEnum; 7 8 import com.novell.ldap.*; 9 10 /*** 11 * LDAP operations. Insert, retrieve and delete 12 * sdsi certificates from a LDAP server 13 * 14 * @author Lu�s Pedro 15 * @author Sean Radford 16 * @version $Revision: 1.7 $ $Date: 2004/11/08 12:08:08 $ 17 * 18 **/ 19 20 public class LDAPOperations extends LDAPOp { 21 22 /*** 23 * Create a new instance of LDAPOperations 24 * 25 * @param params ldap parameters 26 */ 27 public LDAPOperations(LDAPParameters params) { 28 super(params); 29 } 30 31 /*** 32 * Delete all based SPKI certificates from an 33 * LDAP server - CAUTION: The certificates no longer be available. 34 * 35 * @return true if the operation was executed with sucess 36 * @throws LDAPSearchException custom error for an empty search, not ldap server error 37 */ 38 public boolean deleteAllCertificates() throws LDAPSearchException { 39 try { 40 int searchScope = LDAPConnection.SCOPE_SUB; 41 LDAPBindConnection(); 42 LDAPSearchResults searchResults = LDAPSearch("objectClass=sdsiCertificate", searchScope, new String[] {"cn"}); 43 44 if(!searchResults.hasMore()) 45 throw new LDAPSearchException(); 46 47 while(searchResults.hasMore()) { 48 LDAPEntry nextEntry = null; 49 nextEntry = searchResults.next(); 50 LDAPAttribute attribute = nextEntry.getAttribute("cn"); 51 LDAPDelete(setCn(attribute.getStringValue())); 52 } 53 LDAPDisconnection(); 54 } catch(LDAPException e) { 55 System.err.println(e); 56 System.exit(0); 57 } 58 return true; 59 } 60 61 /*** 62 * Delete a sdsi certificate from an LDAP server with a 63 * specified cn 64 * 65 * @param cn cn ldap schema attribute that represents certificate name 66 * @return true if the operation was executed with sucess 67 * 68 * @todo delete certificates using NameCertSelector and CompatibleCertSelector 69 */ 70 public boolean deleteCertificate(String cn) { 71 try { 72 LDAPBindConnection(); 73 LDAPDelete(setCn(cn)); 74 LDAPDisconnection(); 75 } catch(LDAPException e) { 76 System.err.println(e); 77 System.exit(0); 78 } 79 return true; 80 } 81 82 /*** 83 * Retrieves a sdsi certificate from an LDAP server with a 84 * specified cn 85 * 86 * @see jsdsi.Certificate#fromSequence(Sequence) 87 * 88 * @param cn cn ldap schema attribute that represents certificate name 89 * @return certificate sdsi certificate 90 * 91 * @todo retrieve certificates using other attributes and CertSelectors 92 */ 93 public jsdsi.Certificate retrieveCertificate(String cn) { 94 try { 95 int searchScope = LDAPConnection.SCOPE_BASE; 96 jsdsi.Certificate cert = null; 97 LDAPConnection(); 98 LDAPSearchResults searchResults = LDAPSearch("objectClass=sdsiCertificate", setCn(cn), searchScope, new String[] {"canonicalSexp"}); 99 100 LDAPEntry entry = null; 101 entry = searchResults.next(); 102 LDAPAttribute attribute = entry.getAttribute("canonicalSexp"); 103 ByteArrayInputStream bis = new ByteArrayInputStream(attribute.getByteValue()); 104 jsdsi.sexp.ObjInputStream ois = new jsdsi.sexp.ObjInputStream(bis); 105 cert = jsdsi.Certificate.fromSequence((jsdsi.Sequence)ois.readObj()); 106 LDAPDisconnection(); 107 108 return cert; 109 } catch(Exception e) { 110 System.err.println(e); 111 System.exit(0); 112 } 113 return null; 114 } 115 116 /*** 117 * Store a sdsi certificate into an LDAP server with 118 * a specified cn, default hash algorithm "md5" is 119 * assumed 120 * 121 * @param cn cn ldap schema attribute that represents certificate name 122 * @param certificate sdsi certificate 123 */ 124 public void storeCertificate(String cn, 125 jsdsi.Certificate certificate) { 126 storeCertificate(cn, certificate, "md5"); 127 } 128 129 /*** 130 * Store a sdsi certificate into an LDAP server with a 131 * specified cn and a hash algorithm 132 * 133 * @see jsdsi.Certificate#getEncoded() 134 * 135 * @param cn cn ldap schema attribute that represents certificate name 136 * @param certificate sdsi certificate 137 * @param hashAlg hash algorithm to use with the public keys, "md5" or "sha1" 138 */ 139 public void storeCertificate(String cn, 140 jsdsi.Certificate certificate, 141 String hashAlg) { 142 LDAPAttributeSet attributeSet = new LDAPAttributeSet(); 143 LDAPAttribute attribute = null; 144 Cert cert = certificate.getCert(); 145 146 attributeSet.add(new LDAPAttribute("objectclass", 147 new String[] {"top", 148 "sdsiCertificate"})); 149 attributeSet.add(new LDAPAttribute(getCn(), cn)); 150 attributeSet.add(new LDAPAttribute(getCanonicalSexp(), 151 Sexp.decodeString(certificate.toSequence().toTransport()))); 152 153 if(cert instanceof NameCert) 154 attributeSet.add(new LDAPAttribute(getIssuerName(), 155 ((NameCert)cert).getName())); 156 157 if(cert.getIssuer() instanceof PublicKeyHash) 158 attributeSet.add(new LDAPAttribute(getIssuer(), 159 Sexp.decodeString(cert.getIssuer().toTransport()))); 160 else { 161 Hash issuerHash = new Hash(DigestAlgoEnum.fromSpki(hashAlg), 162 cert.getIssuer(), null); 163 attributeSet.add(new LDAPAttribute(getIssuer(), 164 Sexp.decodeString(issuerHash.toTransport()))); 165 } 166 167 if(cert.getSubject() instanceof Name) { 168 Name n = (Name)cert.getSubject(); 169 if(n.getIssuer() instanceof PublicKeyHash) 170 attributeSet.add(new LDAPAttribute(getSubject(), 171 Sexp.decodeString(n.getIssuer().toTransport()))); 172 else { 173 Hash subjectHash = new Hash(DigestAlgoEnum.fromSpki(hashAlg), 174 n.getIssuer(), null); 175 attributeSet.add(new LDAPAttribute(getSubject(), 176 Sexp.decodeString(subjectHash.toTransport()))); 177 } 178 attributeSet.add(new LDAPAttribute(getSubjectName(), 179 n.getNames()[0])); 180 } else if(cert.getSubject() instanceof PublicKeyHash) { 181 attributeSet.add(new LDAPAttribute(getSubject(), 182 Sexp.decodeString(((PublicKeyHash)cert.getSubject()).toTransport()))); 183 } else if(cert.getSubject() instanceof PublicKey) { 184 Hash subjectHash = new Hash(DigestAlgoEnum.fromSpki(hashAlg), 185 (PublicKey)cert.getSubject(), null); 186 attributeSet.add(new LDAPAttribute(getSubject(), 187 Sexp.decodeString(subjectHash.toTransport()))); 188 } else 189 throw new IllegalArgumentException("Unsupported subject type"); 190 191 if(cert.getValidity() == null 192 || cert.getValidity().getNotAfter() == null) 193 throw new IllegalArgumentException("notAfter is required"); 194 else 195 attributeSet.add(new LDAPAttribute(getNotAfter(), 196 cert.getValidity().getNotAfter().toString())); 197 198 try { 199 LDAPBindConnection(); 200 LDAPStore(setCn(cn), attributeSet); 201 LDAPDisconnection(); 202 } catch(LDAPException e) { 203 System.err.println(e); 204 System.exit(0); 205 } 206 } 207 208 /*** 209 * Writes all based SPKI certificates on a LDAP server to a file. 210 * This file MUST not be used to store certificates on the ldap server 211 * using ldap command line commands 212 * 213 * @param filename filename to write the certificates 214 */ 215 public void toFile(String filename) { 216 try { 217 int searchScope = LDAPConnection.SCOPE_SUB; 218 LDAPBindConnection(); 219 LDAPSearchResults searchResults = LDAPSearch("objectClass=sdsiCertificate", searchScope, new String[] {"canonicalSexp"}); 220 221 FileOutputStream fos = new FileOutputStream(filename); 222 ObjOutputStream oos = new ObjOutputStream(fos); 223 224 while(searchResults.hasMore()) { 225 LDAPEntry nextEntry = null; 226 nextEntry = searchResults.next(); 227 LDAPAttribute attribute = nextEntry.getAttribute("canonicalSexp"); 228 ByteArrayInputStream bis = new ByteArrayInputStream(attribute.getByteValue()); 229 jsdsi.sexp.ObjInputStream ois = new jsdsi.sexp.ObjInputStream(bis); 230 jsdsi.Certificate cert = jsdsi.Certificate.fromSequence((jsdsi.Sequence)ois.readObj()); 231 oos.writeReadable(Obj.parseObj(cert.toSequence().toSexp()), 232 3, 110, 5); 233 } 234 235 oos.close(); 236 fos.close(); 237 LDAPDisconnection(); 238 } catch(Exception e) { 239 System.err.println(e); 240 System.exit(0); 241 } 242 } 243 }

This page was automatically generated by Maven