1 package jsdsi.ldap;
2
3 import java.util.*;
4 import java.io.*;
5 import jsdsi.*;
6 import java.security.*;
7 import java.security.cert.*;
8 import com.novell.ldap.*;
9
10 /***
11 * LDAP based certificate store for SPKI/SDSI certificates
12 *
13 * @author Lu�s Pedro
14 * @version $Revision: 1.5 $ $Date: 2004/03/29 21:27:58 $
15 *
16 **/
17
18 public class LDAPCertStore extends CertStoreSpi {
19
20 /***
21 * LDAP Connection instance
22 */
23 private LDAPConnection lc;
24
25 /***
26 * LDAP scope used to perform searchs.
27 * SubTree scope adopted
28 */
29 private int searchScope = LDAPConnection.SCOPE_SUB;
30
31 /***
32 * LDAPport parameter
33 */
34 private int LDAPport;
35
36 /***
37 * LDAPSchema parameter
38 */
39 private LDAPSchema dirSchema;
40
41 /***
42 * LDAPbaseDN parameter
43 */
44 private String LDAPbaseDN;
45
46 /***
47 * LDAPserver parameter
48 */
49 private String LDAPserver;
50
51 /***
52 * Instanciate LDAPCertStore
53 *
54 * @param params cert store parameters
55 * @throws CertStoreException
56 */
57 private void init(LDAPCertStoreParameters params) throws CertStoreException {
58 lc = new LDAPConnection();
59 LDAPserver = params.getLDAPserver();
60 LDAPport = params.getLDAPport();
61 LDAPbaseDN = params.getLDAPbaseDN();
62 dirSchema = null;
63 }
64
65 /***
66 * Performe searchs on LDAPCertStore retrieving the
67 * a collection of sdsi certificates
68 *
69 * @param filterMD5 MD5 filter
70 * @param filterSHA1 SHA1 filter
71 * @return collection of sdsi certificates
72 * @throws CertStoreException
73 */
74 private Set get(String filterMD5,
75 String filterSHA1) throws CertStoreException {
76 LDAPSearchResults searchResults = null;
77 Set certs = new HashSet();
78 try {
79 // start default search MD5, if it fails try to search SHA1
80 searchResults = lc.search(LDAPbaseDN,
81 searchScope,
82 filterMD5,
83 new String[] {"canonicalSexp"}, false);
84 if(!searchResults.hasMore())
85 searchResults = lc.search(LDAPbaseDN,
86 searchScope,
87 filterSHA1,
88 new String[] {"canonicalSexp"},
89 false);
90
91 while(searchResults.hasMore()) {
92 LDAPEntry nextEntry = null;
93 nextEntry = searchResults.next();
94 ByteArrayInputStream bis = new ByteArrayInputStream(nextEntry.getAttribute("canonicalSexp").getByteValue());
95 jsdsi.sexp.ObjInputStream ois = new jsdsi.sexp.ObjInputStream(bis);
96 jsdsi.Certificate cert = jsdsi.Certificate.fromSequence((jsdsi.Sequence)ois.readObj());
97 certs.add(cert);
98 }
99 lc.disconnect();
100 } catch(LDAPException e) {
101 throw new CertStoreException("Ldap internal error");
102 } catch(java.security.cert.CertificateException e) {
103 throw new CertStoreException("Unable to read certificates");
104 } catch(Exception e) {
105 throw new CertStoreException("Corrupted certificates");
106 }
107 return certs;
108 }
109
110 /***
111 * Creates a new instance of LDAPCertStore with specified ldap parameters
112 *
113 * @see LDAPCertStoreParameters
114 *
115 * @param params ldap cert store parameters
116 * @throws InvalidAlgorithmParameterException, CertStoreException
117 */
118 public LDAPCertStore(LDAPCertStoreParameters params) throws InvalidAlgorithmParameterException, CertStoreException {
119 super(params);
120 init(params);
121 }
122
123 /***
124 * @see java.security.cert.CertStoreSpi#CertStoreSpi(CertStoreParameters)
125 */
126 public LDAPCertStore(CertStoreParameters params) throws Exception {
127 super(params);
128 try {
129 init((LDAPCertStoreParameters)params);
130 } catch (ClassCastException e) {
131 throw (InvalidAlgorithmParameterException) new InvalidAlgorithmParameterException().initCause(e);
132 }
133 }
134
135 /***
136 * @see java.security.cert.CertStoreSpi#engineGetCertificates(java.security.cert.CertSelector)
137 */
138 public Collection engineGetCertificates(java.security.cert.CertSelector s) throws CertStoreException {
139 if (!(s instanceof jsdsi.CertSelector)) {
140 throw new CertStoreException("requires jsdsi.CertSelector");
141 }
142 return engineGetCertificates((jsdsi.CertSelector)s);
143 }
144
145 /***
146 * @see java.security.cert.CertStoreSpi#engineGetCertificates(java.security.cert.CertSelector)
147 */
148 public Collection engineGetCertificates(jsdsi.CertSelector s) throws CertStoreException {
149 try {
150 lc.connect(LDAPserver, LDAPport);
151 } catch(LDAPException e) {
152 throw new CertStoreException("Server down or wrong connection parameters");
153 }
154 if (s instanceof SubjectCertSelector) {
155 jsdsi.Subject subject = ((SubjectCertSelector) s).getSubject();
156 return get(LDAPAttributes.setSubjectFilter(subject,
157 "md5"),
158 LDAPAttributes.setSubjectFilter(subject,
159 "sha1"));
160 }
161 if (s instanceof CompatibleCertSelector) {
162 jsdsi.Principal subject = ((CompatibleCertSelector) s).getIssuer();
163 String name = ((CompatibleCertSelector) s).getName();
164 return get(LDAPAttributes.setCompatibleFilter(subject,
165 name,
166 "md5"),
167 LDAPAttributes.setCompatibleFilter(subject,
168 name, "sha1"));
169 }
170 if (s instanceof NameCertSelector) {
171 jsdsi.Principal issuer = ((NameCertSelector) s).getIssuer();
172 String name = ((NameCertSelector) s).getName();
173 return get(LDAPAttributes.setNameFilter(issuer,
174 name,
175 "md5"),
176 LDAPAttributes.setNameFilter(issuer, name, "sha1"));
177 }
178 if (s instanceof AuthCertSelector) {
179 jsdsi.Principal issuer = ((AuthCertSelector) s).getIssuer();
180 return get(LDAPAttributes.setAuthFilter(issuer,
181 "md5"),
182 LDAPAttributes.setAuthFilter(issuer, "sha1"));
183 }
184 throw new CertStoreException("unrecognized selector: " + s.getClass().getName());
185 }
186
187 /***
188 * @see java.security.cert.CertStoreSpi#engineGetCRLs(CRLSelector)
189 */
190 public Collection engineGetCRLs(java.security.cert.CRLSelector s) throws CertStoreException {
191 throw new UnsupportedOperationException();
192 }
193 }
This page was automatically generated by Maven