1 package jsdsi.ldap;
2
3 import java.io.*;
4 import jsdsi.*;
5 import jsdsi.sexp.*;
6 import jsdsi.util.DigestAlgoEnum;
7
8 import com.novell.ldap.*;
9
10 /***
11 * LDAP operations. Insert, retrieve and delete
12 * sdsi certificates from a LDAP server
13 *
14 * @author Lu�s Pedro
15 * @author Sean Radford
16 * @version $Revision: 1.7 $ $Date: 2004/11/08 12:08:08 $
17 *
18 **/
19
20 public class LDAPOperations extends LDAPOp {
21
22 /***
23 * Create a new instance of LDAPOperations
24 *
25 * @param params ldap parameters
26 */
27 public LDAPOperations(LDAPParameters params) {
28 super(params);
29 }
30
31 /***
32 * Delete all based SPKI certificates from an
33 * LDAP server - CAUTION: The certificates no longer be available.
34 *
35 * @return true if the operation was executed with sucess
36 * @throws LDAPSearchException custom error for an empty search, not ldap server error
37 */
38 public boolean deleteAllCertificates() throws LDAPSearchException {
39 try {
40 int searchScope = LDAPConnection.SCOPE_SUB;
41 LDAPBindConnection();
42 LDAPSearchResults searchResults = LDAPSearch("objectClass=sdsiCertificate", searchScope, new String[] {"cn"});
43
44 if(!searchResults.hasMore())
45 throw new LDAPSearchException();
46
47 while(searchResults.hasMore()) {
48 LDAPEntry nextEntry = null;
49 nextEntry = searchResults.next();
50 LDAPAttribute attribute = nextEntry.getAttribute("cn");
51 LDAPDelete(setCn(attribute.getStringValue()));
52 }
53 LDAPDisconnection();
54 } catch(LDAPException e) {
55 System.err.println(e);
56 System.exit(0);
57 }
58 return true;
59 }
60
61 /***
62 * Delete a sdsi certificate from an LDAP server with a
63 * specified cn
64 *
65 * @param cn cn ldap schema attribute that represents certificate name
66 * @return true if the operation was executed with sucess
67 *
68 * @todo delete certificates using NameCertSelector and CompatibleCertSelector
69 */
70 public boolean deleteCertificate(String cn) {
71 try {
72 LDAPBindConnection();
73 LDAPDelete(setCn(cn));
74 LDAPDisconnection();
75 } catch(LDAPException e) {
76 System.err.println(e);
77 System.exit(0);
78 }
79 return true;
80 }
81
82 /***
83 * Retrieves a sdsi certificate from an LDAP server with a
84 * specified cn
85 *
86 * @see jsdsi.Certificate#fromSequence(Sequence)
87 *
88 * @param cn cn ldap schema attribute that represents certificate name
89 * @return certificate sdsi certificate
90 *
91 * @todo retrieve certificates using other attributes and CertSelectors
92 */
93 public jsdsi.Certificate retrieveCertificate(String cn) {
94 try {
95 int searchScope = LDAPConnection.SCOPE_BASE;
96 jsdsi.Certificate cert = null;
97 LDAPConnection();
98 LDAPSearchResults searchResults = LDAPSearch("objectClass=sdsiCertificate", setCn(cn), searchScope, new String[] {"canonicalSexp"});
99
100 LDAPEntry entry = null;
101 entry = searchResults.next();
102 LDAPAttribute attribute = entry.getAttribute("canonicalSexp");
103 ByteArrayInputStream bis = new ByteArrayInputStream(attribute.getByteValue());
104 jsdsi.sexp.ObjInputStream ois = new jsdsi.sexp.ObjInputStream(bis);
105 cert = jsdsi.Certificate.fromSequence((jsdsi.Sequence)ois.readObj());
106 LDAPDisconnection();
107
108 return cert;
109 } catch(Exception e) {
110 System.err.println(e);
111 System.exit(0);
112 }
113 return null;
114 }
115
116 /***
117 * Store a sdsi certificate into an LDAP server with
118 * a specified cn, default hash algorithm "md5" is
119 * assumed
120 *
121 * @param cn cn ldap schema attribute that represents certificate name
122 * @param certificate sdsi certificate
123 */
124 public void storeCertificate(String cn,
125 jsdsi.Certificate certificate) {
126 storeCertificate(cn, certificate, "md5");
127 }
128
129 /***
130 * Store a sdsi certificate into an LDAP server with a
131 * specified cn and a hash algorithm
132 *
133 * @see jsdsi.Certificate#getEncoded()
134 *
135 * @param cn cn ldap schema attribute that represents certificate name
136 * @param certificate sdsi certificate
137 * @param hashAlg hash algorithm to use with the public keys, "md5" or "sha1"
138 */
139 public void storeCertificate(String cn,
140 jsdsi.Certificate certificate,
141 String hashAlg) {
142 LDAPAttributeSet attributeSet = new LDAPAttributeSet();
143 LDAPAttribute attribute = null;
144 Cert cert = certificate.getCert();
145
146 attributeSet.add(new LDAPAttribute("objectclass",
147 new String[] {"top",
148 "sdsiCertificate"}));
149 attributeSet.add(new LDAPAttribute(getCn(), cn));
150 attributeSet.add(new LDAPAttribute(getCanonicalSexp(),
151 Sexp.decodeString(certificate.toSequence().toTransport())));
152
153 if(cert instanceof NameCert)
154 attributeSet.add(new LDAPAttribute(getIssuerName(),
155 ((NameCert)cert).getName()));
156
157 if(cert.getIssuer() instanceof PublicKeyHash)
158 attributeSet.add(new LDAPAttribute(getIssuer(),
159 Sexp.decodeString(cert.getIssuer().toTransport())));
160 else {
161 Hash issuerHash = new Hash(DigestAlgoEnum.fromSpki(hashAlg),
162 cert.getIssuer(), null);
163 attributeSet.add(new LDAPAttribute(getIssuer(),
164 Sexp.decodeString(issuerHash.toTransport())));
165 }
166
167 if(cert.getSubject() instanceof Name) {
168 Name n = (Name)cert.getSubject();
169 if(n.getIssuer() instanceof PublicKeyHash)
170 attributeSet.add(new LDAPAttribute(getSubject(),
171 Sexp.decodeString(n.getIssuer().toTransport())));
172 else {
173 Hash subjectHash = new Hash(DigestAlgoEnum.fromSpki(hashAlg),
174 n.getIssuer(), null);
175 attributeSet.add(new LDAPAttribute(getSubject(),
176 Sexp.decodeString(subjectHash.toTransport())));
177 }
178 attributeSet.add(new LDAPAttribute(getSubjectName(),
179 n.getNames()[0]));
180 } else if(cert.getSubject() instanceof PublicKeyHash) {
181 attributeSet.add(new LDAPAttribute(getSubject(),
182 Sexp.decodeString(((PublicKeyHash)cert.getSubject()).toTransport())));
183 } else if(cert.getSubject() instanceof PublicKey) {
184 Hash subjectHash = new Hash(DigestAlgoEnum.fromSpki(hashAlg),
185 (PublicKey)cert.getSubject(), null);
186 attributeSet.add(new LDAPAttribute(getSubject(),
187 Sexp.decodeString(subjectHash.toTransport())));
188 } else
189 throw new IllegalArgumentException("Unsupported subject type");
190
191 if(cert.getValidity() == null
192 || cert.getValidity().getNotAfter() == null)
193 throw new IllegalArgumentException("notAfter is required");
194 else
195 attributeSet.add(new LDAPAttribute(getNotAfter(),
196 cert.getValidity().getNotAfter().toString()));
197
198 try {
199 LDAPBindConnection();
200 LDAPStore(setCn(cn), attributeSet);
201 LDAPDisconnection();
202 } catch(LDAPException e) {
203 System.err.println(e);
204 System.exit(0);
205 }
206 }
207
208 /***
209 * Writes all based SPKI certificates on a LDAP server to a file.
210 * This file MUST not be used to store certificates on the ldap server
211 * using ldap command line commands
212 *
213 * @param filename filename to write the certificates
214 */
215 public void toFile(String filename) {
216 try {
217 int searchScope = LDAPConnection.SCOPE_SUB;
218 LDAPBindConnection();
219 LDAPSearchResults searchResults = LDAPSearch("objectClass=sdsiCertificate", searchScope, new String[] {"canonicalSexp"});
220
221 FileOutputStream fos = new FileOutputStream(filename);
222 ObjOutputStream oos = new ObjOutputStream(fos);
223
224 while(searchResults.hasMore()) {
225 LDAPEntry nextEntry = null;
226 nextEntry = searchResults.next();
227 LDAPAttribute attribute = nextEntry.getAttribute("canonicalSexp");
228 ByteArrayInputStream bis = new ByteArrayInputStream(attribute.getByteValue());
229 jsdsi.sexp.ObjInputStream ois = new jsdsi.sexp.ObjInputStream(bis);
230 jsdsi.Certificate cert = jsdsi.Certificate.fromSequence((jsdsi.Sequence)ois.readObj());
231 oos.writeReadable(Obj.parseObj(cert.toSequence().toSexp()),
232 3, 110, 5);
233 }
234
235 oos.close();
236 fos.close();
237 LDAPDisconnection();
238 } catch(Exception e) {
239 System.err.println(e);
240 System.exit(0);
241 }
242 }
243 }
This page was automatically generated by Maven