[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Fwd: [JLDAP] Store X509 object programmatically
Hi Diego,
I have verified the added certificate in my configuration. I used
Novell ConsoleOne to validate it and its showing that the added
certificate is a valid one.
As far as the seocnd problem reported by you i.e AttributeSet.add
(LDAPAttribute) returns false. I looked at it and found that the
Documentation in JavaDoc for attributeSet.add method is wrong. In
javaDoc they have specifed that:
add() method will "return true if the attribute was added."
Whereas actually it should be:-
" return true if there was already a previous value(non-null) for the
specified attribute in the attribute set ."
Also I have found one more wrong statement in the JavaDoc.They have
mentioed :
* Adds the specified attribute to this set if it is not already
present.
* <p>If an attribute with the same name already exists in the set
then the
* specified attribute will not be added.</p>
Whereas it should be:-
* Adds the specified attribute to this set if it is not already
present.
* <p>If an attribute with the same name already exists in the set
then the
* old specified value for the attribute will be replaced by the
new Value..</p>
Here is the modified JavaDoc which I am planning to checkin ,Steve/Anil
can you verify this and let me know before I checkin.
/**
* Adds the specified attribute to this set if it is not already
present.
* <p>If an attribute with the same name already exists in the set
then the
* old specified value for the attribute will be replaced by the
new Value..</p>
*
* @param attr Object of type <code>LDAPAttribute</code>
*
* @return true if there was already a previous value(non-null)
for the specified
* attribute in the attribute set .
*
* @throws ClassCastException occurs the specified Object
* is not of type <code>LDAPAttribute</code>.
*/
Regards,
-Sunil.
>>> Diego Pietralunga <diego@ltt.it> 8/25/2003 7:55:59 PM >>>
Hi Sunil, thanks a lot for your time.
I've been investigating this issue so far...
Well... it's really strange...
First let me say that I had some strange glitches during
experimentation, so I have a little doubt about my configuration,
anyway...
I JUST found out that the (my/your) original code seems to work!
I mean that querying OpenLDAP with the ldapsearch tool, I can see the
userCertificate entry. (I'm attaching an example inline at the bottom)
While the LDAP Browser/editor can't' see it (throws a
CertificateParsingException... mmhhh, that's fishy)
So, I don't know if my certificate entries are valid; I tried to look
up
some addresses with Mozilla Messenger and Outlook but found no entries
(looked for "Smith").But maybe that's mean nothing...
The strange things on the programmatic side are:
1) Looks like that Nikita Bige's suggestion must be followed (append
";binary" to the entry name).
2) AttributeSet.add (LDAPAttribute) returns a boolean; this boolean is
always false when I add the certificate attribute and the connection
to
the server is established AFTER that check... I mean that return value
is produced with no server intervention at that time (this should
exclude a bug/error on the server side)... BUT (via command line) the
certificate was ADDED.
And no exceptions are thrown.
/*
Like this:
boolean added = attributeSet.add(cert);
System.out.println("Certificate:\n" + "added=" +added );
Prints: added=false;
*/
I don't know if this is a Java problem or what...
/* Snippet of the result (2 shown here) of the ldapsearch query */
/**********************************************************/
# JSmith Wilson 21, my-domain.com
dn: cn=JSmith Wilson 21,dc=my-domain,dc=com
userCertificate;binary::
MIIEljCCA36gAwIBAgICAZowDQYJKoZIhvcNAQEFBQAwXzEYMBYGC
SqGSIb3DQEJARYJY2FAbHR0Lml0MQ8wDQYDVQQDEwZDQSBMVFQxFzAVBgNVBAsTDmZpcm1hIGRpZ2
l0YWxlMQwwCgYDVQQKEwNMVFQxCzAJBgNVBAYTAklUMB4XDTAzMDUxNTEzMDY1NloXDTA0MDUxNDE
zMDY1NlowgYoxGzAZBgkqhkiG9w0BCQEWDGRpZWdvQGx0dC5pdDErMCkGA1UEAxMiUGlldHJhbHVu
Z2EvRGllZ28vUFRSREdJNzRIMThHMzM3UjEgMB4GA1UECxMXc3ZpbHVwcG8gZmlybWEgZGlnaXRhb
GUxDzANBgNVBAoTBkxUVCBDUTELMAkGA1UEBhMCSVQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAo
GBAMHNYDVjg3D9lEMRpa7xCJIwx+NbnntX0n7MxxFmxDiMLBliuC/IrEl3wXCh7crgZpY/Qio0Qez
hl7ZgDrN2BwvMG7MeOh1NOJTE0cdOLFNSLX/E6QTKpg6zxmlkLM9YLl4cTnP3oK56iAYFTlj5pBfy
FhLyTuq5azmzxIoz2jaRAgMBAAGjggGyMIIBrjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFo
DALBgNVHQ8EBAMCBsAwIwYJYIZIAYb4QgENBBYWFExUVCBVc2VyIENlcnRpZmljYXRlMB0GA1UdDg
QWBBT4mh1sf65EL/QDXCAUFE0Z9snP6zCBiAYDVR0jBIGAMH6AFCdAgXe3AZxcoOnj0Z1+y5pA07i
NoWOkYTBfMRgwFgYJKoZIhvcNAQkBFgljYUBsdHQuaXQxDzANBgNVBAMTBkNBIExUVDEXMBUGA1UE
CxMOZmlybWEgZGlnaXRhbGUxDDAKBgNVBAoTA0xUVDELMAkGA1UEBhMCSVSCAQAwCQYDVR0RBAIwA
DAJBgNVHRIEAjAAMDEGCWCGSAGG+EIBBAQkFiJodHRwOi8vY2EubHR0Lml0L3Jhby9jcmwvY2Fjcm
wuY3JsMDEGCWCGSAGG+EIBAwQkFiJodHRwOi8vY2EubHR0Lml0L3Jhby9jcmwvY2FjcmwuY3JsMDY
GCWCGSAGG+EIBBwQpFidodHRwczovL2RpZ2lzaWduLmx0dC5pdC9jYS9yZXF1ZXN0Lmh0bWwwDQYJ
KoZIhvcNAQEFBQADggEBAJ2BRQb8f5BUagm9jIaheDoc3Xx+7Jmk9cVuWaiK8WnJxOIcdzK89zJhT
wVX7WFK7/HqgwlQmVpVp68t7KlcOdiXZhQQWFM7xGGHa8R8io6LStf9C71KBvaXtkg29BKtbJPTlE
GDGy2tDrj9TRWBA9BXyxaRWcxxr1j/LR5Vr9wttHpX/FEfsQr+JoFDNRWS0z/uToZ8OM7ofWwy/ZN
87shpE9Sw2oD1lHptaSEVLID58jZ0xIC3wgvNfPww2191iFrCaVVeFS9Zsf9lVq7Fr9IBc7xxBnt+
LpD89VZq40VhK6uJYoz2ZKjPEvq+JabmuyF7pxvwasm6+UNtsNB9V1E=
userPassword:: bmV3cGFzc3dvcmQ=
telephoneNumber: 1 801 555 1212
cn: JamesWilson Smith
cn: Jim W. Smith
cn: Jimmy W. Smith
givenName: James
givenName: Jim
givenName: Jimmy
objectClass: inetOrgPerson
mail: JSmith@Acme.com
sn: Smith
# JSmith Wilson 25, my-domain.com
dn: cn=JSmith Wilson 25,dc=my-domain,dc=com
userCertificate;binary::
MIIEljCCA36gAwIBAgICAZowDQYJKoZIhvcNAQEFBQAwXzEYMBYGC
SqGSIb3DQEJARYJY2FAbHR0Lml0MQ8wDQYDVQQDEwZDQSBMVFQxFzAVBgNVBAsTDmZpcm1hIGRpZ2
l0YWxlMQwwCgYDVQQKEwNMVFQxCzAJBgNVBAYTAklUMB4XDTAzMDUxNTEzMDY1NloXDTA0MDUxNDE
zMDY1NlowgYoxGzAZBgkqhkiG9w0BCQEWDGRpZWdvQGx0dC5pdDErMCkGA1UEAxMiUGlldHJhbHVu
Z2EvRGllZ28vUFRSREdJNzRIMThHMzM3UjEgMB4GA1UECxMXc3ZpbHVwcG8gZmlybWEgZGlnaXRhb
GUxDzANBgNVBAoTBkxUVCBDUTELMAkGA1UEBhMCSVQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAo
GBAMHNYDVjg3D9lEMRpa7xCJIwx+NbnntX0n7MxxFmxDiMLBliuC/IrEl3wXCh7crgZpY/Qio0Qez
hl7ZgDrN2BwvMG7MeOh1NOJTE0cdOLFNSLX/E6QTKpg6zxmlkLM9YLl4cTnP3oK56iAYFTlj5pBfy
FhLyTuq5azmzxIoz2jaRAgMBAAGjggGyMIIBrjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFo
DALBgNVHQ8EBAMCBsAwIwYJYIZIAYb4QgENBBYWFExUVCBVc2VyIENlcnRpZmljYXRlMB0GA1UdDg
QWBBT4mh1sf65EL/QDXCAUFE0Z9snP6zCBiAYDVR0jBIGAMH6AFCdAgXe3AZxcoOnj0Z1+y5pA07i
NoWOkYTBfMRgwFgYJKoZIhvcNAQkBFgljYUBsdHQuaXQxDzANBgNVBAMTBkNBIExUVDEXMBUGA1UE
CxMOZmlybWEgZGlnaXRhbGUxDDAKBgNVBAoTA0xUVDELMAkGA1UEBhMCSVSCAQAwCQYDVR0RBAIwA
DAJBgNVHRIEAjAAMDEGCWCGSAGG+EIBBAQkFiJodHRwOi8vY2EubHR0Lml0L3Jhby9jcmwvY2Fjcm
wuY3JsMDEGCWCGSAGG+EIBAwQkFiJodHRwOi8vY2EubHR0Lml0L3Jhby9jcmwvY2FjcmwuY3JsMDY
GCWCGSAGG+EIBBwQpFidodHRwczovL2RpZ2lzaWduLmx0dC5pdC9jYS9yZXF1ZXN0Lmh0bWwwDQYJ
KoZIhvcNAQEFBQADggEBAJ2BRQb8f5BUagm9jIaheDoc3Xx+7Jmk9cVuWaiK8WnJxOIcdzK89zJhT
wVX7WFK7/HqgwlQmVpVp68t7KlcOdiXZhQQWFM7xGGHa8R8io6LStf9C71KBvaXtkg29BKtbJPTlE
GDGy2tDrj9TRWBA9BXyxaRWcxxr1j/LR5Vr9wttHpX/FEfsQr+JoFDNRWS0z/uToZ8OM7ofWwy/ZN
87shpE9Sw2oD1lHptaSEVLID58jZ0xIC3wgvNfPww2191iFrCaVVeFS9Zsf9lVq7Fr9IBc7xxBnt+
LpD89VZq40VhK6uJYoz2ZKjPEvq+JabmuyF7pxvwasm6+UNtsNB9V1E=
userPassword:: bmV3cGFzc3dvcmQ=
telephoneNumber: 1 801 555 1212
cn: JamesWilson Smith
cn: Jim W. Smith
cn: Jimmy W. Smith
givenName: James
givenName: Jim
givenName: Jimmy
objectClass: inetOrgPerson
mail: JSmith@Acme.com
sn: Smith
# search result
search: 2
result: 0 Success
# numResponses: 21
# numEntries: 20
/*********************************************************/
Il lun, 2003-08-25 alle 13:41, Sunil Kumar ha scritto:
> Hi Diego,
> I tried to do the same thing but am able to add it
successfully.Only
> differnce was that I used eDirectory as an ldap server where I have
> added the entry.
>
> I have attached the sample code with this mail which I used to add
the
> entry with the certficate. Have a look at it and let me know if this
> doesn't help you.
>
> I used ldapsearch command line tool to verify whether the
> usercertifcate tatribute conatins any value or not. I have attached
a
> text file containing the search result.
>
>
> Regards,
> -Sunil
>
>
> >>> Anil Kumar Kommuri 8/25/2003 3:26:25 PM >>>
> JLDAP query.
> regards
> anil.
>
> >>> Diego Pietralunga <diego@ltt.it> 25-Aug-03 3:08:48 PM >>>
> Hello everybody,
>
> first post!
> Hope this is not OT.
>
>
> I'm trying to use Novell JLDAP API (June 04, 2003 release) to
> interface
> to OpenLDAP 2.1.10 on a RH 8.0 linux box.
>
> Standard operations seem to work, but I could not get to store a
> X509Certificate object, based on the AddEntry.java example.
> I can add the entry (used userCertificate and userSMIMECertificate)
> but
> the value shown is '0'.
> I'm _quite_ sure I passed the X509 as DER...
> I tried both the constructor, LDAPAttribute(Object,byte[]) and the
> method addValue(byte[]).
>
>
> Looks like it's not converted to BINARY...
>
> Oddly, the password object is marked as binary (used LDAP
> browser/editor
> to check)
>
>
> Can anyone help?
>
>
> Here's my code snippet:
> /****************************************************************/
>
> /*
> Get the certificate, connection, etc...
> Then...
> */
>
> LDAPConnection lc = new LDAPConnection();
> LDAPAttribute attribute = null;
> LDAPAttributeSet attributeSet = new LDAPAttributeSet();
>
>
> attributeSet.add( new LDAPAttribute(
> "objectclass", new
> String("inetOrgPerson")));
> attributeSet.add( new LDAPAttribute("cn",
> new String[]{"JamesWilson Smith", "Jim W.
> Smith", "Jimmy W.
> Smith"}));
> attributeSet.add( new LDAPAttribute("givenname",
> new
> String[]{"James", "Jim", "Jimmy" }));
> attributeSet.add( new LDAPAttribute("sn", new
> String("Smith")));
> attributeSet.add( new LDAPAttribute("telephonenumber",
>
> new String("1 801 555
> 1212")));
> attributeSet.add( new LDAPAttribute("mail",
>
new
> String("JSmith@Acme.com")));
>
> LDAPAttribute pwd =
> null;
> attributeSet.add( pwd = new LDAPAttribute("userpassword",
>
new
> String("newpassword"))); //This one becomes BINARY
> when stored, //but it's a normal string in the constructor.
>
>
> LDAPAttribute cert = null;
>
>
> try {
> byte[] crtBytes = certif.getEncoded(); // gets the DER version
> of the
> X509 - IAIK JCE library
>
>
> cert = new LDAPAttribute("userCertificate",crtBytes);
> // or userSMIMECertificate
>
> //cert.addValue(crtBytes);
> boolean added = attributeSet.add(cert);
>
> System.out.println("Certificate:\n" + "added=" +added + "\n" +
> cert.toString() +"\n\npwd=" + pwd.toString());
>
>
>
> String dn = "cn=JSmith Wilson 13," + containerName;
> LDAPEntry newEntry = new LDAPEntry( dn, attributeSet );
>
> try {
> // connect to the server
> lc.connect( ldapHost, ldapPort );
> // authenticate to the server
> lc.bind( ldapVersion, loginDN, password );
>
> lc.add( newEntry );
> System.out.println( "\nAdded object: " + dn + "
> successfully." );
>
> // disconnect with the server
> lc.disconnect();
> }
> catch( LDAPException e ) {
> System.out.println( "Error: " + e.toString());
> }
> System.exit(0);
> }
>
>
>
>
>
>
>
>