@Override public int engineSize() { DirContext context = obtainDirContext(); if (context == null) { log.trace("Unable to obtain DirContext"); return 0; } try { NamingEnumeration<SearchResult> results = context.search(searchPath, filterIterate, null, createSearchControl(new String[]{aliasAttribute})); int count = 0; while (results.hasMore()) { results.next(); count++; } return count; } catch (NamingException e) { throw log.ldapKeyStoreFailedToIterateAliases(e); } finally { returnDirContext(context); } }
@Override public void engineSetKeyEntry(String alias, Key key, char[] password, Certificate[] chain) throws KeyStoreException { try { // pack key into keystore and protect it using password ByteArrayOutputStream os = new ByteArrayOutputStream(); KeyStore keystore = KeyStore.getInstance(keyType); keystore.load(null, password); keystore.setKeyEntry(alias, key, password, chain); keystore.store(os, password); byte[] keystoreBytes = os.toByteArray(); engineSetKeyEntry(alias, keystoreBytes, chain); } catch (CertificateException | NoSuchAlgorithmException | IOException e) { throw log.ldapKeyStoreFailedToSerializeKey(alias, e); } }
@Override public String engineGetCertificateAlias(Certificate cert) { try { byte[] certBytes = cert.getEncoded(); Attributes attributes = obtainAliasOrCertificateAttributes(null, certBytes, new String[]{aliasAttribute}); Attribute attribute = attributes == null ? null : attributes.get(aliasAttribute); if (attribute == null) { log.tracef("Certificate not found in LDAP: [%s]", cert); return null; } return (String) attribute.get(); } catch (CertificateException | NamingException e) { throw log.ldapKeyStoreFailedToObtainAliasByCertificate(e); } }
private Attributes obtainAliasOrCertificateAttributes(String alias, byte[] cert, String[] attributes) { DirContext context = obtainDirContext(); if (context == null) { log.trace("Unable to obtain DirContext"); return null; } try { SearchResult result = searchAlias(context, alias, cert, attributes); if (result == null) return null; return result.getAttributes(); } catch (NamingException e) { throw log.ldapKeyStoreFailedToObtainAlias(alias, e); } finally { returnDirContext(context); } }
@Override public void engineSetCertificateEntry(String alias, Certificate cert) throws KeyStoreException { List<ModificationItem> items = new LinkedList<>(); try { BasicAttribute attribute = new BasicAttribute(certificateAttribute); attribute.add(cert.getEncoded()); items.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attribute)); } catch (CertificateEncodingException e) { throw log.ldapKeyStoreFailedToSerializeCertificate(alias, e); } storeAttributes(alias, items); }
private SearchResult searchAlias(DirContext dirContext, String alias, byte[] cert, String[] returningAttributes) throws NamingException { SearchControls ctls = createSearchControl(returningAttributes); NamingEnumeration<SearchResult> results = (cert == null) ? dirContext.search(searchPath, filterAlias, new String[]{alias}, ctls) : dirContext.search(searchPath, filterCertificate, new Object[]{cert}, ctls); if (!results.hasMore()) { log.debugf("Alias [%s] not found in LdapKeyStore", alias); return null; } return results.next(); }
/** * Build a LDAP keystore. * * @return the LDAP keystore */ public LdapKeyStore build() { Assert.checkNotNullParam("dirContextSupplier", dirContextSupplier); Assert.checkNotNullParam("searchPath", searchPath); Assert.checkNotNullParam("searchScope", searchScope); Assert.checkNotNullParam("searchTimeLimit", searchTimeLimit); Assert.checkNotNullParam("aliasAttribute", aliasAttribute); Assert.checkNotNullParam("certificateAttribute", certificateAttribute); Assert.checkNotNullParam("certificateType", certificateType); Assert.checkNotNullParam("certificateChainAttribute", certificateChainAttribute); Assert.checkNotNullParam("certificateChainEncoding", certificateChainEncoding); Assert.checkNotNullParam("keyAttribute", keyAttribute); Assert.checkNotNullParam("keyType", keyType); if (filterAlias == null) filterAlias = "(" + aliasAttribute + "={0})"; if (filterCertificate == null) filterCertificate = "(" + certificateAttribute + "={0})"; if (filterIterate == null) filterIterate = "(" + aliasAttribute + "=*)"; LdapKeyStoreSpi spi = new LdapKeyStoreSpi(dirContextSupplier, searchPath, searchScope, searchTimeLimit, filterAlias, filterCertificate, filterIterate, createPath, createRdn, createAttributes, aliasAttribute, certificateAttribute, certificateType, certificateChainAttribute, certificateChainEncoding, keyAttribute, keyType); return new LdapKeyStore(spi, EmptyProvider.getInstance(), "LdapKeyStore"); }
@Override public void engineDeleteEntry(String alias) throws KeyStoreException { DirContext context = obtainDirContext(); try { SearchResult result = searchAlias(context, alias, null, new String[]{}); if (result == null) { throw log.ldapKeyStoreFailedToDeleteNonExisting(alias); } context.destroySubcontext(result.getNameInNamespace()); } catch (NamingException e) { throw log.ldapKeyStoreFailedToDelete(alias, e); } finally { returnDirContext(context); } }
@Override public void engineSetKeyEntry(String alias, byte[] keystoreBytes, Certificate[] chain) throws KeyStoreException { try { List<ModificationItem> items = new LinkedList<>(); items.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(keyAttribute, keystoreBytes))); CertificateFactory certFactory = CertificateFactory.getInstance(certificateType); CertPath certPath = certFactory.generateCertPath(Arrays.asList(chain)); BasicAttribute chainAttr = new BasicAttribute(certificateChainAttribute, certPath.getEncoded(certificateChainEncoding)); items.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, chainAttr)); BasicAttribute certificateAttr = new BasicAttribute(certificateAttribute, chain[0].getEncoded()); items.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, certificateAttr)); storeAttributes(alias, items); } catch (CertificateException e) { throw log.ldapKeyStoreFailedToSerializeCertificate(alias, e); } }
private SearchResult searchAlias(DirContext dirContext, String alias, byte[] cert, String[] returningAttributes) throws NamingException { SearchControls ctls = createSearchControl(returningAttributes); NamingEnumeration<SearchResult> results = (cert == null) ? dirContext.search(searchPath, filterAlias, new String[]{alias}, ctls) : dirContext.search(searchPath, filterCertificate, new Object[]{cert}, ctls); if (!results.hasMore()) { log.debugf("Alias [%s] not found in LdapKeyStore", alias); return null; } return results.next(); }
/** * Build a LDAP keystore. * * @return the LDAP keystore */ public LdapKeyStore build() { Assert.checkNotNullParam("dirContextSupplier", dirContextSupplier); Assert.checkNotNullParam("searchPath", searchPath); Assert.checkNotNullParam("searchScope", searchScope); Assert.checkNotNullParam("searchTimeLimit", searchTimeLimit); Assert.checkNotNullParam("aliasAttribute", aliasAttribute); Assert.checkNotNullParam("certificateAttribute", certificateAttribute); Assert.checkNotNullParam("certificateType", certificateType); Assert.checkNotNullParam("certificateChainAttribute", certificateChainAttribute); Assert.checkNotNullParam("certificateChainEncoding", certificateChainEncoding); Assert.checkNotNullParam("keyAttribute", keyAttribute); Assert.checkNotNullParam("keyType", keyType); if (filterAlias == null) filterAlias = "(" + aliasAttribute + "={0})"; if (filterCertificate == null) filterCertificate = "(" + certificateAttribute + "={0})"; if (filterIterate == null) filterIterate = "(" + aliasAttribute + "=*)"; LdapKeyStoreSpi spi = new LdapKeyStoreSpi(dirContextSupplier, searchPath, searchScope, searchTimeLimit, filterAlias, filterCertificate, filterIterate, createPath, createRdn, createAttributes, aliasAttribute, certificateAttribute, certificateType, certificateChainAttribute, certificateChainEncoding, keyAttribute, keyType); return new LdapKeyStore(spi, EmptyProvider.getInstance(), "LdapKeyStore"); }
private void storeAttributes(String alias, List<ModificationItem> items) throws KeyStoreException { DirContext context = obtainDirContext(); try { SearchResult result = searchAlias(context, alias, null, new String[]{}); LdapName distinguishName; if (result == null) { // alias not exists yet - create if (createPath == null || createAttributes == null || createRdn == null) throw log.creationNotConfigured(alias); distinguishName = (LdapName) createPath.clone(); distinguishName.add(new Rdn(createRdn, alias)); log.debugf("Creating keystore alias [%s] with DN [%s] in LDAP", alias, distinguishName.toString()); context.createSubcontext(distinguishName, createAttributes); items.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(aliasAttribute, alias))); } else { distinguishName = new LdapName(result.getNameInNamespace()); } context.modifyAttributes(distinguishName, items.toArray(new ModificationItem[items.size()])); } catch (NamingException e) { throw log.ldapKeyStoreFailedToStore(alias, e); } finally { returnDirContext(context); } }
@Override public Enumeration<String> engineAliases() { DirContext context = obtainDirContext(); if (context == null) { log.trace("Unable to obtain DirContext"); return null; } try { NamingEnumeration<SearchResult> results = context.search(searchPath, filterIterate, null, createSearchControl(new String[]{aliasAttribute})); // TODO pagination List<String> aliases = new LinkedList<>(); while (results.hasMore()) { Attribute attribute = results.next().getAttributes().get(aliasAttribute); if (attribute != null) aliases.add((String) attribute.get()); } return Collections.enumeration(aliases); } catch (NamingException e) { throw log.ldapKeyStoreFailedToIterateAliases(e); } finally { returnDirContext(context); } }
@Override public boolean engineIsCertificateEntry(String alias) { Attributes attributes = obtainAliasOrCertificateAttributes(alias, null, new String[]{certificateAttribute}); if (attributes == null) return false; Attribute attribute = LdapUtil.getBinaryAttribute(attributes, certificateAttribute); if (attribute == null) return false; try { byte[] bytes = (byte[]) attribute.get(); return bytes != null; } catch (NamingException e) { throw log.ldapKeyStoreFailedToObtainKey(alias, e); } }
@Override public void engineSetCertificateEntry(String alias, Certificate cert) throws KeyStoreException { List<ModificationItem> items = new LinkedList<>(); try { BasicAttribute attribute = new BasicAttribute(certificateAttribute); attribute.add(cert.getEncoded()); items.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attribute)); } catch (CertificateEncodingException e) { throw log.ldapKeyStoreFailedToSerializeCertificate(alias, e); } storeAttributes(alias, items); }
private SearchResult searchAlias(DirContext dirContext, String alias, byte[] cert, String[] returningAttributes) throws NamingException { SearchControls ctls = createSearchControl(returningAttributes); NamingEnumeration<SearchResult> results = (cert == null) ? dirContext.search(searchPath, filterAlias, new String[]{alias}, ctls) : dirContext.search(searchPath, filterCertificate, new Object[]{cert}, ctls); if (!results.hasMore()) { log.debugf("Alias [%s] not found in LdapKeyStore", alias); return null; } return results.next(); }
@Override public void engineSetKeyEntry(String alias, Key key, char[] password, Certificate[] chain) throws KeyStoreException { try { // pack key into keystore and protect it using password ByteArrayOutputStream os = new ByteArrayOutputStream(); KeyStore keystore = KeyStore.getInstance(keyType); keystore.load(null, password); keystore.setKeyEntry(alias, key, password, chain); keystore.store(os, password); byte[] keystoreBytes = os.toByteArray(); engineSetKeyEntry(alias, keystoreBytes, chain); } catch (CertificateException | NoSuchAlgorithmException | IOException e) { throw log.ldapKeyStoreFailedToSerializeKey(alias, e); } }
/** * Build a LDAP keystore. * * @return the LDAP keystore */ public LdapKeyStore build() { Assert.checkNotNullParam("dirContextSupplier", dirContextSupplier); Assert.checkNotNullParam("searchPath", searchPath); Assert.checkNotNullParam("searchScope", searchScope); Assert.checkNotNullParam("searchTimeLimit", searchTimeLimit); Assert.checkNotNullParam("aliasAttribute", aliasAttribute); Assert.checkNotNullParam("certificateAttribute", certificateAttribute); Assert.checkNotNullParam("certificateType", certificateType); Assert.checkNotNullParam("certificateChainAttribute", certificateChainAttribute); Assert.checkNotNullParam("certificateChainEncoding", certificateChainEncoding); Assert.checkNotNullParam("keyAttribute", keyAttribute); Assert.checkNotNullParam("keyType", keyType); if (filterAlias == null) filterAlias = "(" + aliasAttribute + "={0})"; if (filterCertificate == null) filterCertificate = "(" + certificateAttribute + "={0})"; if (filterIterate == null) filterIterate = "(" + aliasAttribute + "=*)"; LdapKeyStoreSpi spi = new LdapKeyStoreSpi(dirContextSupplier, searchPath, searchScope, searchTimeLimit, filterAlias, filterCertificate, filterIterate, createPath, createRdn, createAttributes, aliasAttribute, certificateAttribute, certificateType, certificateChainAttribute, certificateChainEncoding, keyAttribute, keyType); return new LdapKeyStore(spi, EmptyProvider.getInstance(), "LdapKeyStore"); }
private Attributes obtainAliasOrCertificateAttributes(String alias, byte[] cert, String[] attributes) { DirContext context = obtainDirContext(); if (context == null) { log.trace("Unable to obtain DirContext"); return null; } try { SearchResult result = searchAlias(context, alias, cert, attributes); if (result == null) return null; return result.getAttributes(); } catch (NamingException e) { throw log.ldapKeyStoreFailedToObtainAlias(alias, e); } finally { returnDirContext(context); } }
@Override public boolean engineContainsAlias(String alias) { DirContext context = obtainDirContext(); if (context == null) { log.trace("Unable to obtain DirContext"); return false; } try { NamingEnumeration<SearchResult> results = context.search(searchPath, filterAlias, new String[]{alias}, createSearchControl(new String[]{aliasAttribute})); boolean found = results.hasMore(); results.close(); return found; } catch (NamingException e) { throw log.ldapKeyStoreFailedToTestAliasExistence(alias, e); } finally { returnDirContext(context); } }