[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[Fwd: Re: Fwd: [JLDAP] Store X509 object programmatically]
- To: OpenLDAP-SW <openldap-software@OpenLDAP.org>
- Subject: [Fwd: Re: Fwd: [JLDAP] Store X509 object programmatically]
- From: Diego Pietralunga <diego@ltt.it>
- Date: Mon, 25 Aug 2003 17:55:35 +0200
- Organization: LTT
-----Messaggio Inoltrato-----
> From: Diego Pietralunga <diego@ltt.it>
> To: Sunil Kumar <Sunilk@novell.com>
> Subject: Re: Fwd: [JLDAP] Store X509 object programmatically
> Date: Mon, 25 Aug 2003 16:25:59 +0200
>
> Hi Sunil, thanks a lot for your time.
>
> I've been investigating this issue so far...
>
> Well... it's really strange...
> First let me say that I had some strange glitches during
> experimentation, so I have a little doubt about my configuration,
> anyway...
>
> I JUST found out that the (my/your) original code seems to work!
>
> I mean that querying OpenLDAP with the ldapsearch tool, I can see the
> userCertificate entry. (I'm attaching an example inline at the bottom)
> While the LDAP Browser/editor can't' see it (throws a
> CertificateParsingException... mmhhh, that's fishy)
>
> So, I don't know if my certificate entries are valid; I tried to look up
> some addresses with Mozilla Messenger and Outlook but found no entries
> (looked for "Smith").But maybe that's mean nothing...
>
> The strange things on the programmatic side are:
>
> 1) Looks like that Nikita Bige's suggestion must be followed (append
> ";binary" to the entry name).
>
> 2) AttributeSet.add (LDAPAttribute) returns a boolean; this boolean is
> always false when I add the certificate attribute and the connection to
> the server is established AFTER that check... I mean that return value
> is produced with no server intervention at that time (this should
> exclude a bug/error on the server side)... BUT (via command line) the
> certificate was ADDED.
> And no exceptions are thrown.
> /*
> Like this:
> boolean added = attributeSet.add(cert);
> System.out.println("Certificate:\n" + "added=" +added );
> Prints: added=false;
> */
>
>
> I don't know if this is a Java problem or what...
>
>
>
>
>
> /* Snippet of the result (2 shown here) of the ldapsearch query */
> /**********************************************************/
>
> # JSmith Wilson 21, my-domain.com
> dn: cn=JSmith Wilson 21,dc=my-domain,dc=com
> userCertificate;binary::
> MIIEljCCA36gAwIBAgICAZowDQYJKoZIhvcNAQEFBQAwXzEYMBYGC
>
> SqGSIb3DQEJARYJY2FAbHR0Lml0MQ8wDQYDVQQDEwZDQSBMVFQxFzAVBgNVBAsTDmZpcm1hIGRpZ2
>
> l0YWxlMQwwCgYDVQQKEwNMVFQxCzAJBgNVBAYTAklUMB4XDTAzMDUxNTEzMDY1NloXDTA0MDUxNDE
>
> zMDY1NlowgYoxGzAZBgkqhkiG9w0BCQEWDGRpZWdvQGx0dC5pdDErMCkGA1UEAxMiUGlldHJhbHVu
>
> Z2EvRGllZ28vUFRSREdJNzRIMThHMzM3UjEgMB4GA1UECxMXc3ZpbHVwcG8gZmlybWEgZGlnaXRhb
>
> GUxDzANBgNVBAoTBkxUVCBDUTELMAkGA1UEBhMCSVQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAo
>
> GBAMHNYDVjg3D9lEMRpa7xCJIwx+NbnntX0n7MxxFmxDiMLBliuC/IrEl3wXCh7crgZpY/Qio0Qez
>
> hl7ZgDrN2BwvMG7MeOh1NOJTE0cdOLFNSLX/E6QTKpg6zxmlkLM9YLl4cTnP3oK56iAYFTlj5pBfy
>
> FhLyTuq5azmzxIoz2jaRAgMBAAGjggGyMIIBrjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFo
>
> DALBgNVHQ8EBAMCBsAwIwYJYIZIAYb4QgENBBYWFExUVCBVc2VyIENlcnRpZmljYXRlMB0GA1UdDg
>
> QWBBT4mh1sf65EL/QDXCAUFE0Z9snP6zCBiAYDVR0jBIGAMH6AFCdAgXe3AZxcoOnj0Z1+y5pA07i
>
> NoWOkYTBfMRgwFgYJKoZIhvcNAQkBFgljYUBsdHQuaXQxDzANBgNVBAMTBkNBIExUVDEXMBUGA1UE
>
> CxMOZmlybWEgZGlnaXRhbGUxDDAKBgNVBAoTA0xUVDELMAkGA1UEBhMCSVSCAQAwCQYDVR0RBAIwA
>
> DAJBgNVHRIEAjAAMDEGCWCGSAGG+EIBBAQkFiJodHRwOi8vY2EubHR0Lml0L3Jhby9jcmwvY2Fjcm
>
> wuY3JsMDEGCWCGSAGG+EIBAwQkFiJodHRwOi8vY2EubHR0Lml0L3Jhby9jcmwvY2FjcmwuY3JsMDY
>
> GCWCGSAGG+EIBBwQpFidodHRwczovL2RpZ2lzaWduLmx0dC5pdC9jYS9yZXF1ZXN0Lmh0bWwwDQYJ
>
> KoZIhvcNAQEFBQADggEBAJ2BRQb8f5BUagm9jIaheDoc3Xx+7Jmk9cVuWaiK8WnJxOIcdzK89zJhT
>
> wVX7WFK7/HqgwlQmVpVp68t7KlcOdiXZhQQWFM7xGGHa8R8io6LStf9C71KBvaXtkg29BKtbJPTlE
>
> GDGy2tDrj9TRWBA9BXyxaRWcxxr1j/LR5Vr9wttHpX/FEfsQr+JoFDNRWS0z/uToZ8OM7ofWwy/ZN
>
> 87shpE9Sw2oD1lHptaSEVLID58jZ0xIC3wgvNfPww2191iFrCaVVeFS9Zsf9lVq7Fr9IBc7xxBnt+
> LpD89VZq40VhK6uJYoz2ZKjPEvq+JabmuyF7pxvwasm6+UNtsNB9V1E=
> userPassword:: bmV3cGFzc3dvcmQ=
> telephoneNumber: 1 801 555 1212
> cn: JamesWilson Smith
> cn: Jim W. Smith
> cn: Jimmy W. Smith
> givenName: James
> givenName: Jim
> givenName: Jimmy
> objectClass: inetOrgPerson
> mail: JSmith@Acme.com
> sn: Smith
>
> # JSmith Wilson 25, my-domain.com
> dn: cn=JSmith Wilson 25,dc=my-domain,dc=com
> userCertificate;binary::
> MIIEljCCA36gAwIBAgICAZowDQYJKoZIhvcNAQEFBQAwXzEYMBYGC
>
> SqGSIb3DQEJARYJY2FAbHR0Lml0MQ8wDQYDVQQDEwZDQSBMVFQxFzAVBgNVBAsTDmZpcm1hIGRpZ2
>
> l0YWxlMQwwCgYDVQQKEwNMVFQxCzAJBgNVBAYTAklUMB4XDTAzMDUxNTEzMDY1NloXDTA0MDUxNDE
>
> zMDY1NlowgYoxGzAZBgkqhkiG9w0BCQEWDGRpZWdvQGx0dC5pdDErMCkGA1UEAxMiUGlldHJhbHVu
>
> Z2EvRGllZ28vUFRSREdJNzRIMThHMzM3UjEgMB4GA1UECxMXc3ZpbHVwcG8gZmlybWEgZGlnaXRhb
>
> GUxDzANBgNVBAoTBkxUVCBDUTELMAkGA1UEBhMCSVQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAo
>
> GBAMHNYDVjg3D9lEMRpa7xCJIwx+NbnntX0n7MxxFmxDiMLBliuC/IrEl3wXCh7crgZpY/Qio0Qez
>
> hl7ZgDrN2BwvMG7MeOh1NOJTE0cdOLFNSLX/E6QTKpg6zxmlkLM9YLl4cTnP3oK56iAYFTlj5pBfy
>
> FhLyTuq5azmzxIoz2jaRAgMBAAGjggGyMIIBrjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFo
>
> DALBgNVHQ8EBAMCBsAwIwYJYIZIAYb4QgENBBYWFExUVCBVc2VyIENlcnRpZmljYXRlMB0GA1UdDg
>
> QWBBT4mh1sf65EL/QDXCAUFE0Z9snP6zCBiAYDVR0jBIGAMH6AFCdAgXe3AZxcoOnj0Z1+y5pA07i
>
> NoWOkYTBfMRgwFgYJKoZIhvcNAQkBFgljYUBsdHQuaXQxDzANBgNVBAMTBkNBIExUVDEXMBUGA1UE
>
> CxMOZmlybWEgZGlnaXRhbGUxDDAKBgNVBAoTA0xUVDELMAkGA1UEBhMCSVSCAQAwCQYDVR0RBAIwA
>
> DAJBgNVHRIEAjAAMDEGCWCGSAGG+EIBBAQkFiJodHRwOi8vY2EubHR0Lml0L3Jhby9jcmwvY2Fjcm
>
> wuY3JsMDEGCWCGSAGG+EIBAwQkFiJodHRwOi8vY2EubHR0Lml0L3Jhby9jcmwvY2FjcmwuY3JsMDY
>
> GCWCGSAGG+EIBBwQpFidodHRwczovL2RpZ2lzaWduLmx0dC5pdC9jYS9yZXF1ZXN0Lmh0bWwwDQYJ
>
> KoZIhvcNAQEFBQADggEBAJ2BRQb8f5BUagm9jIaheDoc3Xx+7Jmk9cVuWaiK8WnJxOIcdzK89zJhT
>
> wVX7WFK7/HqgwlQmVpVp68t7KlcOdiXZhQQWFM7xGGHa8R8io6LStf9C71KBvaXtkg29BKtbJPTlE
>
> GDGy2tDrj9TRWBA9BXyxaRWcxxr1j/LR5Vr9wttHpX/FEfsQr+JoFDNRWS0z/uToZ8OM7ofWwy/ZN
>
> 87shpE9Sw2oD1lHptaSEVLID58jZ0xIC3wgvNfPww2191iFrCaVVeFS9Zsf9lVq7Fr9IBc7xxBnt+
> LpD89VZq40VhK6uJYoz2ZKjPEvq+JabmuyF7pxvwasm6+UNtsNB9V1E=
> userPassword:: bmV3cGFzc3dvcmQ=
> telephoneNumber: 1 801 555 1212
> cn: JamesWilson Smith
> cn: Jim W. Smith
> cn: Jimmy W. Smith
> givenName: James
> givenName: Jim
> givenName: Jimmy
> objectClass: inetOrgPerson
> mail: JSmith@Acme.com
> sn: Smith
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 21
> # numEntries: 20
>
> /*********************************************************/
>
>
>
>
>
>
>
>
> Il lun, 2003-08-25 alle 13:41, Sunil Kumar ha scritto:
> > Hi Diego,
> > I tried to do the same thing but am able to add it successfully.Only
> > differnce was that I used eDirectory as an ldap server where I have
> > added the entry.
> >
> > I have attached the sample code with this mail which I used to add the
> > entry with the certficate. Have a look at it and let me know if this
> > doesn't help you.
> >
> > I used ldapsearch command line tool to verify whether the
> > usercertifcate tatribute conatins any value or not. I have attached a
> > text file containing the search result.
> >
> >
> > Regards,
> > -Sunil
> >
> >
> > >>> Anil Kumar Kommuri 8/25/2003 3:26:25 PM >>>
> > JLDAP query.
> > regards
> > anil.
> >
> > >>> Diego Pietralunga <diego@ltt.it> 25-Aug-03 3:08:48 PM >>>
> > Hello everybody,
> >
> > first post!
> > Hope this is not OT.
> >
> >
> > I'm trying to use Novell JLDAP API (June 04, 2003 release) to
> > interface
> > to OpenLDAP 2.1.10 on a RH 8.0 linux box.
> >
> > Standard operations seem to work, but I could not get to store a
> > X509Certificate object, based on the AddEntry.java example.
> > I can add the entry (used userCertificate and userSMIMECertificate)
> > but
> > the value shown is '0'.
> > I'm _quite_ sure I passed the X509 as DER...
> > I tried both the constructor, LDAPAttribute(Object,byte[]) and the
> > method addValue(byte[]).
> >
> >
> > Looks like it's not converted to BINARY...
> >
> > Oddly, the password object is marked as binary (used LDAP
> > browser/editor
> > to check)
> >
> >
> > Can anyone help?
> >
> >
> > Here's my code snippet:
> > /****************************************************************/
> >
> > /*
> > Get the certificate, connection, etc...
> > Then...
> > */
> >
> > LDAPConnection lc = new LDAPConnection();
> > LDAPAttribute attribute = null;
> > LDAPAttributeSet attributeSet = new LDAPAttributeSet();
> >
> >
> > attributeSet.add( new LDAPAttribute(
> > "objectclass", new
> > String("inetOrgPerson")));
> > attributeSet.add( new LDAPAttribute("cn",
> > new String[]{"JamesWilson Smith", "Jim W.
> > Smith", "Jimmy W.
> > Smith"}));
> > attributeSet.add( new LDAPAttribute("givenname",
> > new
> > String[]{"James", "Jim", "Jimmy" }));
> > attributeSet.add( new LDAPAttribute("sn", new
> > String("Smith")));
> > attributeSet.add( new LDAPAttribute("telephonenumber",
> >
> > new String("1 801 555
> > 1212")));
> > attributeSet.add( new LDAPAttribute("mail",
> > new
> > String("JSmith@Acme.com")));
> >
> > LDAPAttribute pwd =
> > null;
> > attributeSet.add( pwd = new LDAPAttribute("userpassword",
> > new
> > String("newpassword"))); //This one becomes BINARY
> > when stored, //but it's a normal string in the constructor.
> >
> >
> > LDAPAttribute cert = null;
> >
> >
> > try {
> > byte[] crtBytes = certif.getEncoded(); // gets the DER version
> > of the
> > X509 - IAIK JCE library
> >
> >
> > cert = new LDAPAttribute("userCertificate",crtBytes);
> > // or userSMIMECertificate
> >
> > //cert.addValue(crtBytes);
> > boolean added = attributeSet.add(cert);
> >
> > System.out.println("Certificate:\n" + "added=" +added + "\n" +
> > cert.toString() +"\n\npwd=" + pwd.toString());
> >
> >
> >
> > String dn = "cn=JSmith Wilson 13," + containerName;
> > LDAPEntry newEntry = new LDAPEntry( dn, attributeSet );
> >
> > try {
> > // connect to the server
> > lc.connect( ldapHost, ldapPort );
> > // authenticate to the server
> > lc.bind( ldapVersion, loginDN, password );
> >
> > lc.add( newEntry );
> > System.out.println( "\nAdded object: " + dn + "
> > successfully." );
> >
> > // disconnect with the server
> > lc.disconnect();
> > }
> > catch( LDAPException e ) {
> > System.out.println( "Error: " + e.toString());
> > }
> > System.exit(0);
> > }
> >
> >
> >
> >
> >
> >
> >
> >