You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by as...@apache.org on 2013/05/21 12:03:32 UTC
svn commit: r1484730 - in /cxf/trunk/services/xkms:
xkms-features/src/main/resources/
xkms-osgi/src/main/resources/OSGI-INF/blueprint/
xkms-war/src/main/webapp/WEB-INF/
xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/
xkms-x509-handl...
Author: ashakirin
Date: Tue May 21 10:03:31 2013
New Revision: 1484730
URL: http://svn.apache.org/r1484730
Log:
Fixed [CXF-5028]: XKMS configurable LDAP schema parameters
Added:
cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapSchemaConfig.java
cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapSearch.java
- copied, changed from r1484722, cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LDAPSearch.java
Removed:
cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LDAPSearch.java
Modified:
cxf/trunk/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.cfg
cxf/trunk/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/blueprint/xkms-key-handlers.xml
cxf/trunk/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-endpoint.xml
cxf/trunk/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-key-handlers.xml
cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapRegisterHandler.java
cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/locator/LdapLocator.java
cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/utils/X509Utils.java
cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/ldap/persistence/LDAPPersistenceManagerITest.java
cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/ldap/persistence/LDAPPersistenceManagerTest.java
cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/ldap/persistence/LDAPSearchTest.java
Modified: cxf/trunk/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.cfg
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.cfg?rev=1484730&r1=1484729&r2=1484730&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.cfg (original)
+++ cxf/trunk/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.cfg Tue May 21 10:03:31 2013
@@ -20,11 +20,22 @@
# XKMS configuration properties
# 1. Filesystem backend
-#xkms.backend.file.storageDir=data/xkms/keys
+#xkms.file.storageDir=data/xkms/keys
# 2. LDAP backend
-xkms.backend.ldap.url=ldap://localhost:2389
-xkms.backend.ldap.user=cn=Directory Manager
-xkms.backend.ldap.pwd=test
-xkms.backend.ldap.retry=2
-xkms.backend.ldap.rootDN=dc=example,dc=com
\ No newline at end of file
+xkms.ldap.url=ldap://localhost:2389
+xkms.ldap.user=cn=Directory Manager
+xkms.ldap.pwd=test
+xkms.ldap.retry=2
+xkms.ldap.rootDN=dc=example,dc=com
+
+# 3. LDAP schema
+xkms.ldap.schema.certObjectClass=inetOrgPerson
+xkms.ldap.schema.attrUID=uid
+xkms.ldap.schema.attrIssuerID=manager
+xkms.ldap.schema.attrSerialNumber=employeeNumber
+xkms.ldap.schema.attrCrtBinary=userCertificate;binary
+xkms.ldap.schema.constAttrNamesCSV=sn
+xkms.ldap.schema.constAttrValuesCSV=X509 certificate
+xkms.ldap.schema.serviceCertRDNTemplate=cn=%s,ou=services
+xkms.ldap.schema.serviceCertUIDTemplate=cn=%s
Modified: cxf/trunk/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/blueprint/xkms-key-handlers.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/blueprint/xkms-key-handlers.xml?rev=1484730&r1=1484729&r2=1484730&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/blueprint/xkms-key-handlers.xml (original)
+++ cxf/trunk/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/blueprint/xkms-key-handlers.xml Tue May 21 10:03:31 2013
@@ -18,23 +18,37 @@
<cm:property-placeholder persistent-id="org.apache.cxf.xkms"/>
+ <bean id="ldapSchemaConfig" class="org.apache.cxf.xkms.x509.handlers.LdapSchemaConfig">
+ <property name="certObjectClass" value="${xkms.ldap.schema.certObjectClass}" />
+ <property name="attrUID" value="${xkms.ldap.schema.attrUID}" />
+ <property name="attrIssuerID" value="${xkms.ldap.schema.attrIssuerID}" />
+ <property name="attrSerialNumber" value="${xkms.ldap.schema.attrSerialNumber}" />
+ <property name="attrCrtBinary" value="${xkms.ldap.schema.attrCrtBinary}" />
+ <property name="constAttrNamesCSV" value="${xkms.ldap.schema.constAttrNamesCSV}" />
+ <property name="constAttrValuesCSV" value="${xkms.ldap.schema.constAttrValuesCSV}" />
+ <property name="serviceCertRDNTemplate" value="${xkms.ldap.schema.serviceCertRDNTemplate}" />
+ <property name="serviceCertUIDTemplate" value="${xkms.ldap.schema.serviceCertUIDTemplate}" />
+ </bean>
+
<bean id="dateValidator" class="org.apache.cxf.xkms.x509.validator.DateValidator" />
<bean id="x509LdapLocator" class="org.apache.cxf.xkms.x509.locator.LdapLocator">
<argument ref="ldapSearch" />
- <argument value="${xkms.backend.ldap.rootDN}" />
+ <argument ref="ldapSchemaConfig" />
+ <argument value="${xkms.ldap.rootDN}" />
</bean>
<bean id="ldapRegisterHandler" class="org.apache.cxf.xkms.x509.handlers.LdapRegisterHandler">
<argument ref="ldapSearch" />
- <argument value="${xkms.backend.ldap.rootDN}" />
+ <argument ref="ldapSchemaConfig" />
+ <argument value="${xkms.ldap.rootDN}" />
</bean>
- <bean id="ldapSearch" class="org.apache.cxf.xkms.x509.handlers.LDAPSearch">
- <argument value="${xkms.backend.ldap.url}" />
- <argument value="${xkms.backend.ldap.user}" />
- <argument value="${xkms.backend.ldap.pwd}" />
- <argument value="${xkms.backend.ldap.retry}" />
+ <bean id="ldapSearch" class="org.apache.cxf.xkms.x509.handlers.LdapSearch">
+ <argument value="${xkms.ldap.url}" />
+ <argument value="${xkms.ldap.user}" />
+ <argument value="${xkms.ldap.pwd}" />
+ <argument value="${xkms.ldap.retry}" />
</bean>
<!-- bean id="x509FileLocator" class="org.apache.cxf.xkms.x509.locator.FileLocator">
Modified: cxf/trunk/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-endpoint.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-endpoint.xml?rev=1484730&r1=1484729&r2=1484730&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-endpoint.xml (original)
+++ cxf/trunk/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-endpoint.xml Tue May 21 10:03:31 2013
@@ -35,13 +35,13 @@
</property>
<property name="locators">
<list>
- <!-- ref bean="x509LdapLocator" /-->
+ <!--ref bean="x509LdapLocator" /-->
<ref bean="x509FileLocator" />
</list>
</property>
<property name="keyRegisterHandlers">
<list>
- <!-- ref bean="ldapRegisterHandler" /-->
+ <!--ref bean="ldapRegisterHandler" /-->
<ref bean="fileRegisterHandler" />
</list>
</property>
Modified: cxf/trunk/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-key-handlers.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-key-handlers.xml?rev=1484730&r1=1484729&r2=1484730&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-key-handlers.xml (original)
+++ cxf/trunk/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-key-handlers.xml Tue May 21 10:03:31 2013
@@ -24,21 +24,35 @@
<bean id="dateValidator" class="org.apache.cxf.xkms.x509.validator.DateValidator" />
<!--
+ <bean id="ldapSchemaConfig" class="org.apache.cxf.xkms.x509.handlers.LdapSchemaConfig">
+ <property name="certObjectClass" value="inetOrgPerson" />
+ <property name="attrUID" value="uid" />
+ <property name="attrIssuerID" value="manager" />
+ <property name="attrSerialNumber" value="employeeNumber" />
+ <property name="attrCrtBinary" value="userCertificate;binary" />
+ <property name="constAttrNamesCSV" value="sn" />
+ <property name="constAttrValuesCSV" value="X509 certificate" />
+ <property name="serviceCertRDNTemplate" value="cn=%s,ou=services" />
+ <property name="serviceCertUIDTemplate" value="cn=%s" />
+ </bean>
+
<bean id="x509LdapLocator" class="org.apache.cxf.xkms.x509.locator.LdapLocator">
<constructor-arg ref="ldapSearch" />
- <constructor-arg value="${xkms.backend.ldap.rootDN}" />
+ <constructor-arg ref="ldapSchemaConfig" />
+ <constructor-arg value="dc=example,dc=com" />
</bean>
<bean id="ldapRegisterHandler" class="org.apache.cxf.xkms.x509.handlers.LdapRegisterHandler">
<constructor-arg ref="ldapSearch" />
- <constructor-arg value="${xkms.backend.ldap.rootDN}" />
+ <constructor-arg ref="ldapSchemaConfig" />
+ <constructor-arg value="dc=example,dc=com" />
</bean>
- <bean id="ldapSearch" class="org.apache.cxf.xkms.x509.handlers.LDAPSearch">
- <constructor-arg value="${xkms.backend.ldap.url}" />
- <constructor-arg value="${xkms.backend.ldap.user}" />
- <constructor-arg value="${xkms.backend.ldap.pwd}" />
- <constructor-arg value="${xkms.backend.ldap.retry}" />
+ <bean id="ldapSearch" class="org.apache.cxf.xkms.x509.handlers.LdapSearch">
+ <constructor-arg value="ldap://localhost:2389" />
+ <constructor-arg value="cn=Directory Manager" />
+ <constructor-arg value="test" />
+ <constructor-arg value="2" />
</bean>
-->
Modified: cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapRegisterHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapRegisterHandler.java?rev=1484730&r1=1484729&r2=1484730&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapRegisterHandler.java (original)
+++ cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapRegisterHandler.java Tue May 21 10:03:31 2013
@@ -20,62 +20,56 @@ package org.apache.cxf.xkms.x509.handler
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
-import java.util.regex.Matcher;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
-import org.apache.cxf.xkms.exception.XKMSArgumentNotMatchException;
-import org.apache.cxf.xkms.handlers.Applications;
import org.apache.cxf.xkms.model.xkms.UseKeyWithType;
+import org.apache.cxf.xkms.x509.utils.X509Utils;
public class LdapRegisterHandler extends AbstractX509RegisterHandler {
-
- private static final String OU_SERVICES = "ou=services";
- private static final String CN_PREFIX = "cn=";
- private static final String INET_ORG_PERSON = "inetOrgPerson";
private static final String ATTR_OBJECT_CLASS = "objectClass";
- private static final String ATTR_SN = "sn";
- private static final String ATTR_UID_NAME = "uid";
- private static final String ATTR_ISSUER_IDENTIFIER = "manager";
- private static final String ATTR_SERIAL_NUMBER = "employeeNumber";
- private static final String ATTR_USER_CERTIFICATE_BINARY = "userCertificate;binary";
- private final LDAPSearch ldapSearch;
+ private final LdapSearch ldapSearch;
+ private final LdapSchemaConfig ldapConfig;
private final String rootDN;
- public LdapRegisterHandler(LDAPSearch ldapSearch, String rootDN) throws CertificateException {
- super();
+ public LdapRegisterHandler(LdapSearch ldapSearch, LdapSchemaConfig ldapConfig, String rootDN)
+ throws CertificateException {
this.ldapSearch = ldapSearch;
+ this.ldapConfig = ldapConfig;
this.rootDN = rootDN;
}
@Override
public void saveCertificate(X509Certificate cert, UseKeyWithType id) {
Attributes attribs = new BasicAttributes();
- attribs.put(new BasicAttribute(ATTR_OBJECT_CLASS, INET_ORG_PERSON));
- attribs.put(new BasicAttribute(ATTR_SN, "X509 certificate"));
- attribs.put(new BasicAttribute(ATTR_UID_NAME, cert.getSubjectX500Principal().getName()));
- attribs.put(new BasicAttribute(ATTR_SERIAL_NUMBER, cert.getSerialNumber().toString(16)));
- attribs.put(new BasicAttribute(ATTR_ISSUER_IDENTIFIER, cert.getIssuerX500Principal().getName()));
+ attribs.put(new BasicAttribute(ATTR_OBJECT_CLASS, ldapConfig.getCertObjectClass()));
+ attribs.put(new BasicAttribute(ldapConfig.getAttrUID(), cert.getSubjectX500Principal().getName()));
+ attribs.put(new BasicAttribute(ldapConfig.getAttrIssuerID(), cert.getIssuerX500Principal().getName()));
+ attribs.put(new BasicAttribute(ldapConfig.getAttrSerialNumber(), cert.getSerialNumber().toString(16)));
+ addConstantAttributes(ldapConfig.getConstAttrNamesCSV(), ldapConfig.getConstAttrValuesCSV(), attribs);
try {
- attribs.put(new BasicAttribute(ATTR_USER_CERTIFICATE_BINARY, cert.getEncoded()));
- String dn = getDN(id.getApplication(), id.getIdentifier());
+ attribs.put(new BasicAttribute(ldapConfig.getAttrCrtBinary(), cert.getEncoded()));
+ String dn = X509Utils.getDN(id.getApplication(), id.getIdentifier(),
+ ldapConfig.getServiceCertRDNTemplate(), rootDN);
ldapSearch.bind(dn, attribs);
} catch (Exception e) {
throw new RuntimeException(e.getMessage(), e);
}
}
-
- private String getDN(String applicationUri, String identifier) {
- if (Applications.PKIX.getUri().equals(applicationUri)) {
- return identifier + "," + rootDN;
- } else if (Applications.SERVICE_SOAP.getUri().equals(applicationUri)) {
- String escapedIdentifier = identifier.replaceAll("\\/", Matcher.quoteReplacement("\\/"));
- return CN_PREFIX + escapedIdentifier + "," + OU_SERVICES + "," + rootDN;
- } else {
- throw new XKMSArgumentNotMatchException("Unsupported application uri: " + applicationUri);
+
+ private void addConstantAttributes(String names, String values, Attributes attribs) {
+ String[] arrNames = names.split(",");
+ String[] arrValues = values.split(",");
+ if (arrNames.length != arrValues.length) {
+ throw new IllegalArgumentException(
+ String.format("Inconsintent constant attributes: %s; %s", names, values));
+ }
+ for (int i = 0; i < arrNames.length; i++) {
+ attribs.put(new BasicAttribute(arrNames[i], arrValues[i]));
}
}
+
}
Added: cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapSchemaConfig.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapSchemaConfig.java?rev=1484730&view=auto
==============================================================================
--- cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapSchemaConfig.java (added)
+++ cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapSchemaConfig.java Tue May 21 10:03:31 2013
@@ -0,0 +1,104 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.xkms.x509.handlers;
+
+public class LdapSchemaConfig {
+ private String certObjectClass = "inetOrgPerson";
+ private String attrUID = "uid";
+ private String attrIssuerID = "manager";
+ private String attrSerialNumber = "employeeNumber";
+ private String attrCrtBinary = "userCertificate;binary";
+ private String constAttrNamesCSV = "sn";
+ private String constAttrValuesCSV = "X509 certificate";
+ private String serviceCertRDNTemplate = "cn=%s,ou=services";
+ private String serviceCertUIDTemplate = "cn=%s";
+
+ public String getCertObjectClass() {
+ return certObjectClass;
+ }
+
+ public void setCertObjectClass(String crtObjectClass) {
+ this.certObjectClass = crtObjectClass;
+ }
+
+ public String getAttrUID() {
+ return attrUID;
+ }
+
+ public void setAttrUID(String attrUID) {
+ this.attrUID = attrUID;
+ }
+
+ public String getAttrIssuerID() {
+ return attrIssuerID;
+ }
+
+ public void setAttrIssuerID(String attrIssuerID) {
+ this.attrIssuerID = attrIssuerID;
+ }
+
+ public String getAttrSerialNumber() {
+ return attrSerialNumber;
+ }
+
+ public void setAttrSerialNumber(String attrSerialNumber) {
+ this.attrSerialNumber = attrSerialNumber;
+ }
+
+ public String getAttrCrtBinary() {
+ return attrCrtBinary;
+ }
+
+ public void setAttrCrtBinary(String attrCrtBinary) {
+ this.attrCrtBinary = attrCrtBinary;
+ }
+
+ public String getConstAttrNamesCSV() {
+ return constAttrNamesCSV;
+ }
+
+ public void setConstAttrNamesCSV(String constAttrNamesCSV) {
+ this.constAttrNamesCSV = constAttrNamesCSV;
+ }
+
+ public String getConstAttrValuesCSV() {
+ return constAttrValuesCSV;
+ }
+
+ public void setConstAttrValuesCSV(String constAttrValuesCSV) {
+ this.constAttrValuesCSV = constAttrValuesCSV;
+ }
+
+ public String getServiceCertRDNTemplate() {
+ return serviceCertRDNTemplate;
+ }
+
+ public void setServiceCertRDNTemplate(String serviceCrtRDNTemplate) {
+ this.serviceCertRDNTemplate = serviceCrtRDNTemplate;
+ }
+
+ public String getServiceCertUIDTemplate() {
+ return serviceCertUIDTemplate;
+ }
+
+ public void setServiceCertUIDTemplate(String serviceCrtUIDTemplate) {
+ this.serviceCertUIDTemplate = serviceCrtUIDTemplate;
+ }
+
+}
Copied: cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapSearch.java (from r1484722, cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LDAPSearch.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapSearch.java?p2=cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapSearch.java&p1=cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LDAPSearch.java&r1=1484722&r2=1484730&rev=1484730&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LDAPSearch.java (original)
+++ cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapSearch.java Tue May 21 10:03:31 2013
@@ -37,9 +37,9 @@ import org.apache.cxf.xkms.exception.XKM
import org.apache.cxf.xkms.model.xkms.ResultMajorEnum;
import org.apache.cxf.xkms.model.xkms.ResultMinorEnum;
-public class LDAPSearch {
+public class LdapSearch {
private static final String SECURITY_AUTHENTICATION = "simple";
- private static final Logger LOG = LogUtils.getL7dLogger(LDAPSearch.class);
+ private static final Logger LOG = LogUtils.getL7dLogger(LdapSearch.class);
private String ldapuri;
private String bindDN;
@@ -48,7 +48,7 @@ public class LDAPSearch {
private InitialDirContext dirContext;
- public LDAPSearch(String ldapuri, String bindDN, String bindPassword, int numRetries) {
+ public LdapSearch(String ldapuri, String bindDN, String bindPassword, int numRetries) {
this.ldapuri = ldapuri;
this.bindDN = bindDN;
this.bindPassword = bindPassword;
Modified: cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/locator/LdapLocator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/locator/LdapLocator.java?rev=1484730&r1=1484729&r2=1484730&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/locator/LdapLocator.java (original)
+++ cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/locator/LdapLocator.java Tue May 21 10:03:31 2013
@@ -27,47 +27,45 @@ import java.security.cert.X509Certificat
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
-import java.util.regex.Matcher;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.xkms.exception.XKMSArgumentNotMatchException;
import org.apache.cxf.xkms.exception.XKMSCertificateException;
import org.apache.cxf.xkms.handlers.Applications;
import org.apache.cxf.xkms.handlers.Locator;
import org.apache.cxf.xkms.model.xkms.LocateRequestType;
import org.apache.cxf.xkms.model.xkms.UnverifiedKeyBindingType;
import org.apache.cxf.xkms.model.xkms.UseKeyWithType;
-import org.apache.cxf.xkms.x509.handlers.LDAPSearch;
+import org.apache.cxf.xkms.x509.handlers.LdapSchemaConfig;
+import org.apache.cxf.xkms.x509.handlers.LdapSearch;
import org.apache.cxf.xkms.x509.parser.LocateRequestParser;
import org.apache.cxf.xkms.x509.utils.X509Utils;
public class LdapLocator implements Locator {
- private static final String OU_SERVICES = "ou=services";
- private static final String CN_PREFIX = "cn=";
- private static final String ATTR_UID_NAME = "uid";
- private static final String ATTR_ISSUER_IDENTIFIER = "manager";
- private static final String ATTR_SERIAL_NUMBER = "employeeNumber";
- private static final String ATTR_USER_CERTIFICATE_BINARY = "userCertificate;binary";
- private static final String FILTER_UID = "(" + ATTR_UID_NAME + "=%s)";
- private static final String FILTER_ISSUER_SERIAL = "(&(" + ATTR_ISSUER_IDENTIFIER + "=%s)(" + ATTR_SERIAL_NUMBER
- + "=%s))";
private static final Logger LOG = LogUtils.getL7dLogger(LdapLocator.class);
- private final LDAPSearch ldapSearch;
+ private final LdapSearch ldapSearch;
private CertificateFactory certificateFactory;
+ private final LdapSchemaConfig ldapConfig;
+ private final String filterUIDTemplate;
+ private final String filterIssuerSerialTemplate;
private final String rootDN;
-
- public LdapLocator(LDAPSearch ldapSearch, String rootDN) {
+
+
+ public LdapLocator(LdapSearch ldapSearch, LdapSchemaConfig ldapConfig, String rootDN) {
this.ldapSearch = ldapSearch;
+ this.ldapConfig = ldapConfig;
this.rootDN = rootDN;
try {
this.certificateFactory = CertificateFactory.getInstance("X.509");
} catch (CertificateException e) {
LOG.log(Level.SEVERE, e.getMessage(), e);
}
+ filterUIDTemplate = "(" + ldapConfig.getAttrUID() + "=%s)";
+ filterIssuerSerialTemplate = "(&(" + ldapConfig.getAttrIssuerID() + "=%s)(" + ldapConfig.getAttrSerialNumber()
+ + "=%s))";
}
@Override
@@ -121,15 +119,17 @@ public class LdapLocator implements Loca
private X509Certificate findByDn(String application, String id) throws CertificateException {
byte[] content = null;
try {
- String dn = getDN(application, id);
+ String dn = X509Utils.getDN(application, id, ldapConfig.getServiceCertRDNTemplate(),
+ rootDN);
content = getCertificateForDn(dn);
} catch (NamingException e) {
// Not found
}
- // Try to find certificate by search for distinguishedName attribute
+ // Try to find certificate by search for uid attribute
try {
if (content == null) {
- content = getCertificateForDnAttr(getSubjectDN(application, id));
+ String uidAttr = X509Utils.getSubjectDN(application, id, ldapConfig.getServiceCertUIDTemplate());
+ content = getCertificateForUIDAttr(uidAttr);
}
} catch (NamingException e) {
// Not found
@@ -140,7 +140,7 @@ public class LdapLocator implements Loca
}
private byte[] getCertificateForDn(String dn) throws NamingException {
- Attribute attr = ldapSearch.getAttribute(dn, ATTR_USER_CERTIFICATE_BINARY);
+ Attribute attr = ldapSearch.getAttribute(dn, ldapConfig.getAttrCrtBinary());
return (attr != null)
? (byte[]) attr.get()
: null;
@@ -152,8 +152,8 @@ public class LdapLocator implements Loca
if ((issuer == null) || (serial == null)) {
throw new IllegalArgumentException("Issuer and serial applications are expected in request");
}
- String filter = String.format(FILTER_ISSUER_SERIAL, issuer, serial);
- Attribute attr = ldapSearch.findAttribute(rootDN, filter, ATTR_USER_CERTIFICATE_BINARY);
+ String filter = String.format(filterIssuerSerialTemplate, issuer, serial);
+ Attribute attr = ldapSearch.findAttribute(rootDN, filter, ldapConfig.getAttrCrtBinary());
if ((attr != null) && (attr.get() != null)) {
return (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream((byte[]) attr
.get()));
@@ -162,28 +162,9 @@ public class LdapLocator implements Loca
}
}
- private String getDN(String applicationUri, String identifier) {
- if (Applications.PKIX.getUri().equals(applicationUri)) {
- return identifier + "," + rootDN;
- } else if (Applications.SERVICE_SOAP.getUri().equals(applicationUri)) {
- String escapedIdentifier = identifier.replaceAll("\\/", Matcher.quoteReplacement("\\/"));
- return CN_PREFIX + escapedIdentifier + "," + OU_SERVICES + "," + rootDN;
- } else {
- throw new XKMSArgumentNotMatchException("Unsupported application uri: " + applicationUri);
- }
- }
-
- private String getSubjectDN(String application, String id) {
- if (application.equalsIgnoreCase(Applications.SERVICE_SOAP.getUri())) {
- return CN_PREFIX + id;
- } else {
- return id;
- }
- }
-
- private byte[] getCertificateForDnAttr(String dn) throws NamingException {
- String filter = String.format(FILTER_UID, dn);
- Attribute attr = ldapSearch.findAttribute(rootDN, filter, ATTR_USER_CERTIFICATE_BINARY);
+ private byte[] getCertificateForUIDAttr(String dn) throws NamingException {
+ String filter = String.format(filterUIDTemplate, dn);
+ Attribute attr = ldapSearch.findAttribute(rootDN, filter, ldapConfig.getAttrCrtBinary());
return (attr != null)
? (byte[]) attr.get()
: null;
Modified: cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/utils/X509Utils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/utils/X509Utils.java?rev=1484730&r1=1484729&r2=1484730&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/utils/X509Utils.java (original)
+++ cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/utils/X509Utils.java Tue May 21 10:03:31 2013
@@ -31,11 +31,13 @@ import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import java.util.logging.Logger;
+import java.util.regex.Matcher;
import javax.xml.bind.JAXBElement;
import javax.xml.namespace.QName;
import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.xkms.handlers.Applications;
import org.apache.cxf.xkms.model.xkms.LocateRequestType;
import org.apache.cxf.xkms.model.xkms.LocateResultType;
import org.apache.cxf.xkms.model.xkms.ResultMajorEnum;
@@ -168,4 +170,25 @@ public final class X509Utils {
}
}
+ public static String getSubjectDN(String application, String id, String serviceDNTemplate) {
+ if (application.equalsIgnoreCase(Applications.SERVICE_SOAP.getUri())) {
+ return String.format(serviceDNTemplate, id);
+ } else {
+ return id;
+ }
+ }
+
+ public static String getDN(String applicationUri, String identifier, String serviceDNTemplate, String rootDN) {
+ String dn = identifier;
+ if (Applications.SERVICE_SOAP.getUri().equals(applicationUri)) {
+ String escapedIdentifier = identifier.replaceAll("\\/", Matcher.quoteReplacement("\\/"));
+ dn = String.format(serviceDNTemplate, escapedIdentifier);
+ }
+ if ((rootDN != null) && !(rootDN.isEmpty())) {
+ dn = dn + "," + rootDN;
+ }
+ return dn;
+ }
+
+
}
Modified: cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/ldap/persistence/LDAPPersistenceManagerITest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/ldap/persistence/LDAPPersistenceManagerITest.java?rev=1484730&r1=1484729&r2=1484730&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/ldap/persistence/LDAPPersistenceManagerITest.java (original)
+++ cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/ldap/persistence/LDAPPersistenceManagerITest.java Tue May 21 10:03:31 2013
@@ -31,8 +31,9 @@ import javax.naming.NamingException;
import org.apache.cxf.xkms.handlers.Applications;
import org.apache.cxf.xkms.model.xkms.UseKeyWithType;
-import org.apache.cxf.xkms.x509.handlers.LDAPSearch;
import org.apache.cxf.xkms.x509.handlers.LdapRegisterHandler;
+import org.apache.cxf.xkms.x509.handlers.LdapSchemaConfig;
+import org.apache.cxf.xkms.x509.handlers.LdapSearch;
import org.apache.cxf.xkms.x509.locator.LdapLocator;
import org.junit.Assert;
@@ -44,6 +45,7 @@ import org.junit.Test;
*/
public class LDAPPersistenceManagerITest {
private static final String EXPECTED_SUBJECT_DN = "CN=www.issuer.com, L=CGN, ST=NRW, C=DE, O=Issuer";
+ private static final LdapSchemaConfig LDAP_CERT_CONFIG = new LdapSchemaConfig();
@Test
@Ignore
@@ -82,9 +84,11 @@ public class LDAPPersistenceManagerITest
@Test
@Ignore
public void testSave() throws Exception {
- LDAPSearch ldapSearch = new LDAPSearch("ldap://localhost:2389", "cn=Directory Manager", "test", 2);
+ LdapSearch ldapSearch = new LdapSearch("ldap://localhost:2389", "cn=Directory Manager", "test", 2);
LdapLocator locator = createLdapLocator();
- LdapRegisterHandler persistenceManager = new LdapRegisterHandler(ldapSearch, "dc=example,dc=com");
+ LdapRegisterHandler persistenceManager = new LdapRegisterHandler(ldapSearch,
+ LDAP_CERT_CONFIG,
+ "dc=example,dc=com");
File certFile = new File("src/test/java/cert1.cer");
Assert.assertTrue(certFile.exists());
FileInputStream fis = new FileInputStream(certFile);
@@ -99,8 +103,8 @@ public class LDAPPersistenceManagerITest
}
private LdapLocator createLdapLocator() throws CertificateException {
- LDAPSearch ldapSearch = new LDAPSearch("ldap://localhost:2389", "cn=Directory Manager", "test", 2);
- return new LdapLocator(ldapSearch, "dc=example,dc=com");
+ LdapSearch ldapSearch = new LdapSearch("ldap://localhost:2389", "cn=Directory Manager", "test", 2);
+ return new LdapLocator(ldapSearch, LDAP_CERT_CONFIG, "dc=example,dc=com");
}
private void testFindBySubjectDnInternal(LdapLocator persistenceManager) {
Modified: cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/ldap/persistence/LDAPPersistenceManagerTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/ldap/persistence/LDAPPersistenceManagerTest.java?rev=1484730&r1=1484729&r2=1484730&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/ldap/persistence/LDAPPersistenceManagerTest.java (original)
+++ cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/ldap/persistence/LDAPPersistenceManagerTest.java Tue May 21 10:03:31 2013
@@ -29,10 +29,12 @@ import javax.naming.directory.Attributes
import org.apache.cxf.xkms.handlers.Applications;
import org.apache.cxf.xkms.model.xkms.UseKeyWithType;
-import org.apache.cxf.xkms.x509.handlers.LDAPSearch;
import org.apache.cxf.xkms.x509.handlers.LdapRegisterHandler;
+import org.apache.cxf.xkms.x509.handlers.LdapSchemaConfig;
+import org.apache.cxf.xkms.x509.handlers.LdapSearch;
import org.easymock.EasyMock;
import org.easymock.IMocksControl;
+
import org.junit.Assert;
import org.junit.Test;
@@ -42,14 +44,15 @@ public class LDAPPersistenceManagerTest
private static final String EXPECTED_SERVICE_URI = "http://myservice.apache.org/MyServiceName";
private static final String EXPECTED_DN_FOR_SERVICE =
"cn=http:\\/\\/myservice.apache.org\\/MyServiceName,ou=services";
+ private static final LdapSchemaConfig LDAP_CERT_CONFIG = new LdapSchemaConfig();
@Test
public void testSaveUserCert() throws Exception {
IMocksControl c = EasyMock.createControl();
- LDAPSearch ldapSearch = c.createMock(LDAPSearch.class);
+ LdapSearch ldapSearch = c.createMock(LdapSearch.class);
ldapSearch.bind(EasyMock.eq(EXPECTED_SUBJECT_DN + "," + ROOT_DN), EasyMock.anyObject(Attributes.class));
EasyMock.expectLastCall().once();
- LdapRegisterHandler persistenceManager = new LdapRegisterHandler(ldapSearch, ROOT_DN);
+ LdapRegisterHandler persistenceManager = new LdapRegisterHandler(ldapSearch, LDAP_CERT_CONFIG, ROOT_DN);
X509Certificate cert = getTestCert();
c.replay();
@@ -63,10 +66,10 @@ public class LDAPPersistenceManagerTest
@Test
public void testSaveServiceCert() throws Exception {
IMocksControl c = EasyMock.createControl();
- LDAPSearch ldapSearch = c.createMock(LDAPSearch.class);
+ LdapSearch ldapSearch = c.createMock(LdapSearch.class);
ldapSearch.bind(EasyMock.eq(EXPECTED_DN_FOR_SERVICE + "," + ROOT_DN), EasyMock.anyObject(Attributes.class));
EasyMock.expectLastCall().once();
- LdapRegisterHandler persistenceManager = new LdapRegisterHandler(ldapSearch, ROOT_DN);
+ LdapRegisterHandler persistenceManager = new LdapRegisterHandler(ldapSearch, LDAP_CERT_CONFIG, ROOT_DN);
X509Certificate cert = getTestCert();
c.replay();
Modified: cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/ldap/persistence/LDAPSearchTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/ldap/persistence/LDAPSearchTest.java?rev=1484730&r1=1484729&r2=1484730&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/ldap/persistence/LDAPSearchTest.java (original)
+++ cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/ldap/persistence/LDAPSearchTest.java Tue May 21 10:03:31 2013
@@ -26,7 +26,7 @@ import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchResult;
-import org.apache.cxf.xkms.x509.handlers.LDAPSearch;
+import org.apache.cxf.xkms.x509.handlers.LdapSearch;
import org.junit.Ignore;
import org.junit.Test;
@@ -37,7 +37,7 @@ public class LDAPSearchTest {
@Test
@Ignore
public void testSearch() throws URISyntaxException, NamingException {
- LDAPSearch ldapSearch = new LDAPSearch("ldap://localhost:2389", "cn=Directory Manager", "test", 2);
+ LdapSearch ldapSearch = new LdapSearch("ldap://localhost:2389", "cn=Directory Manager", "test", 2);
NamingEnumeration<SearchResult> answer = ldapSearch.searchSubTree("dc=example, dc=com", "(cn=Testuser)");
while (answer.hasMore()) {
SearchResult sr = answer.next();