[Date Prev][Date Next] [Chronological] [Thread] [Top]

[Fwd: Re: Fwd: [JLDAP] Store X509 object programmatically]



-----Messaggio Inoltrato-----
> From: Diego Pietralunga <diego@ltt.it>
> To: Sunil Kumar <Sunilk@novell.com>
> Subject: Re: Fwd: [JLDAP] Store X509 object programmatically
> Date: Mon, 25 Aug 2003 16:25:59 +0200
> 
> Hi Sunil, thanks a lot for your time.
> 
> I've been investigating this issue so far...
> 
> Well... it's really strange... 
> First let me say that I had some strange glitches during
> experimentation, so I have a little doubt about my configuration,
> anyway...
> 
> I JUST found out that the (my/your) original code seems to work!
> 
> I mean that querying OpenLDAP with the ldapsearch tool, I can see the
> userCertificate entry. (I'm attaching an example inline at the bottom)
> While the LDAP Browser/editor can't' see it (throws a
> CertificateParsingException... mmhhh, that's fishy)
> 
> So, I don't know if my certificate entries are valid; I tried to look up
> some addresses with Mozilla Messenger and Outlook but found no entries
> (looked for "Smith").But maybe that's mean nothing...
> 
> The strange things on the programmatic side are:
> 
> 1) Looks like that Nikita Bige's suggestion must be followed (append
> ";binary" to the entry name).
> 
> 2) AttributeSet.add (LDAPAttribute) returns a boolean; this boolean is
> always false when I add the certificate attribute and the connection to
> the server is established AFTER that check... I mean that return value
> is produced with no server intervention at that time (this should
> exclude a bug/error on the server side)... BUT (via command line) the
> certificate was ADDED.
> And no exceptions are thrown.
> /*
> Like this:
> 	boolean added = attributeSet.add(cert);
> 	System.out.println("Certificate:\n" + "added=" +added );
> Prints: added=false;
> */
> 
> 
> I don't know if this is a Java problem or what...
> 
> 
> 
> 
> 
> /* Snippet of the result (2 shown here) of the ldapsearch query */
> /**********************************************************/
> 
> # JSmith Wilson 21, my-domain.com
> dn: cn=JSmith Wilson 21,dc=my-domain,dc=com
> userCertificate;binary::
> MIIEljCCA36gAwIBAgICAZowDQYJKoZIhvcNAQEFBQAwXzEYMBYGC
> 
> SqGSIb3DQEJARYJY2FAbHR0Lml0MQ8wDQYDVQQDEwZDQSBMVFQxFzAVBgNVBAsTDmZpcm1hIGRpZ2
> 
> l0YWxlMQwwCgYDVQQKEwNMVFQxCzAJBgNVBAYTAklUMB4XDTAzMDUxNTEzMDY1NloXDTA0MDUxNDE
> 
> zMDY1NlowgYoxGzAZBgkqhkiG9w0BCQEWDGRpZWdvQGx0dC5pdDErMCkGA1UEAxMiUGlldHJhbHVu
> 
> Z2EvRGllZ28vUFRSREdJNzRIMThHMzM3UjEgMB4GA1UECxMXc3ZpbHVwcG8gZmlybWEgZGlnaXRhb
> 
> GUxDzANBgNVBAoTBkxUVCBDUTELMAkGA1UEBhMCSVQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAo
> 
> GBAMHNYDVjg3D9lEMRpa7xCJIwx+NbnntX0n7MxxFmxDiMLBliuC/IrEl3wXCh7crgZpY/Qio0Qez
> 
> hl7ZgDrN2BwvMG7MeOh1NOJTE0cdOLFNSLX/E6QTKpg6zxmlkLM9YLl4cTnP3oK56iAYFTlj5pBfy
> 
> FhLyTuq5azmzxIoz2jaRAgMBAAGjggGyMIIBrjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFo
> 
> DALBgNVHQ8EBAMCBsAwIwYJYIZIAYb4QgENBBYWFExUVCBVc2VyIENlcnRpZmljYXRlMB0GA1UdDg
> 
> QWBBT4mh1sf65EL/QDXCAUFE0Z9snP6zCBiAYDVR0jBIGAMH6AFCdAgXe3AZxcoOnj0Z1+y5pA07i
> 
> NoWOkYTBfMRgwFgYJKoZIhvcNAQkBFgljYUBsdHQuaXQxDzANBgNVBAMTBkNBIExUVDEXMBUGA1UE
> 
> CxMOZmlybWEgZGlnaXRhbGUxDDAKBgNVBAoTA0xUVDELMAkGA1UEBhMCSVSCAQAwCQYDVR0RBAIwA
> 
> DAJBgNVHRIEAjAAMDEGCWCGSAGG+EIBBAQkFiJodHRwOi8vY2EubHR0Lml0L3Jhby9jcmwvY2Fjcm
> 
> wuY3JsMDEGCWCGSAGG+EIBAwQkFiJodHRwOi8vY2EubHR0Lml0L3Jhby9jcmwvY2FjcmwuY3JsMDY
> 
> GCWCGSAGG+EIBBwQpFidodHRwczovL2RpZ2lzaWduLmx0dC5pdC9jYS9yZXF1ZXN0Lmh0bWwwDQYJ
> 
> KoZIhvcNAQEFBQADggEBAJ2BRQb8f5BUagm9jIaheDoc3Xx+7Jmk9cVuWaiK8WnJxOIcdzK89zJhT
> 
> wVX7WFK7/HqgwlQmVpVp68t7KlcOdiXZhQQWFM7xGGHa8R8io6LStf9C71KBvaXtkg29BKtbJPTlE
> 
> GDGy2tDrj9TRWBA9BXyxaRWcxxr1j/LR5Vr9wttHpX/FEfsQr+JoFDNRWS0z/uToZ8OM7ofWwy/ZN
> 
> 87shpE9Sw2oD1lHptaSEVLID58jZ0xIC3wgvNfPww2191iFrCaVVeFS9Zsf9lVq7Fr9IBc7xxBnt+
>  LpD89VZq40VhK6uJYoz2ZKjPEvq+JabmuyF7pxvwasm6+UNtsNB9V1E=
> userPassword:: bmV3cGFzc3dvcmQ=
> telephoneNumber: 1 801 555 1212
> cn: JamesWilson  Smith
> cn: Jim W. Smith
> cn: Jimmy W. Smith
> givenName: James
> givenName: Jim
> givenName: Jimmy
> objectClass: inetOrgPerson
> mail: JSmith@Acme.com
> sn: Smith
> 
> # JSmith Wilson 25, my-domain.com
> dn: cn=JSmith Wilson 25,dc=my-domain,dc=com
> userCertificate;binary::
> MIIEljCCA36gAwIBAgICAZowDQYJKoZIhvcNAQEFBQAwXzEYMBYGC
> 
> SqGSIb3DQEJARYJY2FAbHR0Lml0MQ8wDQYDVQQDEwZDQSBMVFQxFzAVBgNVBAsTDmZpcm1hIGRpZ2
> 
> l0YWxlMQwwCgYDVQQKEwNMVFQxCzAJBgNVBAYTAklUMB4XDTAzMDUxNTEzMDY1NloXDTA0MDUxNDE
> 
> zMDY1NlowgYoxGzAZBgkqhkiG9w0BCQEWDGRpZWdvQGx0dC5pdDErMCkGA1UEAxMiUGlldHJhbHVu
> 
> Z2EvRGllZ28vUFRSREdJNzRIMThHMzM3UjEgMB4GA1UECxMXc3ZpbHVwcG8gZmlybWEgZGlnaXRhb
> 
> GUxDzANBgNVBAoTBkxUVCBDUTELMAkGA1UEBhMCSVQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAo
> 
> GBAMHNYDVjg3D9lEMRpa7xCJIwx+NbnntX0n7MxxFmxDiMLBliuC/IrEl3wXCh7crgZpY/Qio0Qez
> 
> hl7ZgDrN2BwvMG7MeOh1NOJTE0cdOLFNSLX/E6QTKpg6zxmlkLM9YLl4cTnP3oK56iAYFTlj5pBfy
> 
> FhLyTuq5azmzxIoz2jaRAgMBAAGjggGyMIIBrjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFo
> 
> DALBgNVHQ8EBAMCBsAwIwYJYIZIAYb4QgENBBYWFExUVCBVc2VyIENlcnRpZmljYXRlMB0GA1UdDg
> 
> QWBBT4mh1sf65EL/QDXCAUFE0Z9snP6zCBiAYDVR0jBIGAMH6AFCdAgXe3AZxcoOnj0Z1+y5pA07i
> 
> NoWOkYTBfMRgwFgYJKoZIhvcNAQkBFgljYUBsdHQuaXQxDzANBgNVBAMTBkNBIExUVDEXMBUGA1UE
> 
> CxMOZmlybWEgZGlnaXRhbGUxDDAKBgNVBAoTA0xUVDELMAkGA1UEBhMCSVSCAQAwCQYDVR0RBAIwA
> 
> DAJBgNVHRIEAjAAMDEGCWCGSAGG+EIBBAQkFiJodHRwOi8vY2EubHR0Lml0L3Jhby9jcmwvY2Fjcm
> 
> wuY3JsMDEGCWCGSAGG+EIBAwQkFiJodHRwOi8vY2EubHR0Lml0L3Jhby9jcmwvY2FjcmwuY3JsMDY
> 
> GCWCGSAGG+EIBBwQpFidodHRwczovL2RpZ2lzaWduLmx0dC5pdC9jYS9yZXF1ZXN0Lmh0bWwwDQYJ
> 
> KoZIhvcNAQEFBQADggEBAJ2BRQb8f5BUagm9jIaheDoc3Xx+7Jmk9cVuWaiK8WnJxOIcdzK89zJhT
> 
> wVX7WFK7/HqgwlQmVpVp68t7KlcOdiXZhQQWFM7xGGHa8R8io6LStf9C71KBvaXtkg29BKtbJPTlE
> 
> GDGy2tDrj9TRWBA9BXyxaRWcxxr1j/LR5Vr9wttHpX/FEfsQr+JoFDNRWS0z/uToZ8OM7ofWwy/ZN
> 
> 87shpE9Sw2oD1lHptaSEVLID58jZ0xIC3wgvNfPww2191iFrCaVVeFS9Zsf9lVq7Fr9IBc7xxBnt+
>  LpD89VZq40VhK6uJYoz2ZKjPEvq+JabmuyF7pxvwasm6+UNtsNB9V1E=
> userPassword:: bmV3cGFzc3dvcmQ=
> telephoneNumber: 1 801 555 1212
> cn: JamesWilson  Smith
> cn: Jim W. Smith
> cn: Jimmy W. Smith
> givenName: James
> givenName: Jim
> givenName: Jimmy
> objectClass: inetOrgPerson
> mail: JSmith@Acme.com
> sn: Smith
> 
> # search result
> search: 2
> result: 0 Success
> 
> # numResponses: 21
> # numEntries: 20
> 
> /*********************************************************/
> 
> 
> 
> 
> 
> 
> 
> 
> Il lun, 2003-08-25 alle 13:41, Sunil Kumar ha scritto:
> > Hi Diego,
> >   I tried to do the same thing but am able to add it successfully.Only
> > differnce was that I used eDirectory as an ldap server where I have
> > added the entry.
> > 
> > I have attached the sample code with this mail which I used to add the
> > entry with the certficate. Have a look at it and let me know if this
> > doesn't help you.
> > 
> > I used ldapsearch command line tool to verify whether the
> > usercertifcate tatribute conatins any value or not. I have attached a
> > text file containing the search result.
> > 
> > 
> > Regards,
> > -Sunil
> > 
> > 
> > >>> Anil Kumar Kommuri 8/25/2003 3:26:25 PM >>>
> > JLDAP query.  
> > regards
> > anil.
> > 
> > >>> Diego Pietralunga <diego@ltt.it> 25-Aug-03 3:08:48 PM >>>
> > Hello everybody,
> > 
> > first post!
> > Hope this is not OT.
> > 
> > 
> > I'm trying to use Novell JLDAP API (June 04, 2003 release) to
> > interface
> > to OpenLDAP 2.1.10 on a RH 8.0 linux box.
> > 
> > Standard operations seem to work, but I could not get to store a
> > X509Certificate object, based on the AddEntry.java example.
> > I can add the entry (used userCertificate and userSMIMECertificate)
> > but
> > the value shown is '0'.
> > I'm _quite_ sure I passed the X509 as DER...
> > I tried both the constructor, LDAPAttribute(Object,byte[]) and the
> > method addValue(byte[]).
> > 
> > 
> > Looks like it's not converted to BINARY...
> > 
> > Oddly, the password object is marked as binary (used LDAP
> > browser/editor
> > to check)
> > 
> > 
> > Can anyone help?
> > 
> > 
> > Here's my code snippet:
> > /****************************************************************/
> > 
> > /*
> > Get the certificate, connection, etc...
> > Then...
> > */
> > 
> >  LDAPConnection lc = new LDAPConnection();
> > 	 LDAPAttribute  attribute = null;
> > 	 LDAPAttributeSet attributeSet = new LDAPAttributeSet();
> > 
> >      
> >       	 attributeSet.add( new LDAPAttribute( 
> > 						  "objectclass", new
> > String("inetOrgPerson")));                
> > 	 attributeSet.add( new LDAPAttribute("cn", 
> > 			 new String[]{"JamesWilson  Smith", "Jim W.
> > Smith", "Jimmy W.
> > Smith"}));               
> > 	 attributeSet.add( new LDAPAttribute("givenname",
> > 							  new
> > String[]{"James", "Jim", "Jimmy" }));        
> > 	 attributeSet.add( new LDAPAttribute("sn", new
> > String("Smith")));        
> > 	 attributeSet.add( new LDAPAttribute("telephonenumber",
> > 										
> > new String("1 801 555
> > 1212")));                                                     
> > 	 attributeSet.add( new LDAPAttribute("mail", 
> > 										new
> > String("JSmith@Acme.com")));
> > 										
> > 			LDAPAttribute pwd =
> > null;							
> > 	 attributeSet.add( pwd = new LDAPAttribute("userpassword", 
> > 											new
> > String("newpassword")));     //This one becomes BINARY
> > when stored, //but it's a normal string in the constructor.
> >                                       
> > 
> > 	LDAPAttribute cert = null;
> > 	
> > 	
> >  try {
> > 	byte[] crtBytes = certif.getEncoded(); // gets the DER version
> > of the
> > X509 - IAIK JCE library
> > 
> > 	
> > 	cert = new LDAPAttribute("userCertificate",crtBytes);
> > 	// or userSMIMECertificate
> > 	
> >      //cert.addValue(crtBytes);
> > 	boolean added = attributeSet.add(cert);
> > 	    
> > 	System.out.println("Certificate:\n" + "added=" +added + "\n" +
> > cert.toString() +"\n\npwd=" + pwd.toString());
> > 	
> > 	                                            
> >                                                
> > 	 String  dn  = "cn=JSmith Wilson 13," + containerName;      
> > 	 LDAPEntry newEntry = new LDAPEntry( dn, attributeSet );
> > 
> > 	 try {
> > 		 // connect to the server
> > 		 lc.connect( ldapHost, ldapPort );
> > 		 // authenticate to the server
> > 		 lc.bind( ldapVersion, loginDN, password );
> > 
> > 		 lc.add( newEntry );
> > 		 System.out.println( "\nAdded object: " + dn + "
> > successfully." );
> > 
> > 		 // disconnect with the server
> > 		 lc.disconnect();
> > 	 }
> > 	 catch( LDAPException e ) {
> > 		 System.out.println( "Error:  " + e.toString());
> > 	 }                                   
> > 	 System.exit(0);
> >  }
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> >