[Date Prev][Date Next] [Chronological] [Thread] [Top]

X.509 with java CertStore



I'm a ldap newbie, but I almost have x.509 working. 

I am able to search for userCertificate;binary and
convert to the X509Certificate class. However, I
cannot use CertStore as I must have a problem with
X509CertSelector.setSubject because it cannot find the
entry. Perhaps my schema is not RFC 2587 compliant?

I have done the following(long, but I don't know
what's wrong): 

1) sladp.conf : 

include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include        
/etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/java.schema

database        ldbm
suffix          "o=Magna,c=US"
rootdn          "cn=Manager,o=Magna,c=US"
rootpw          secret
directory       /var/lib/ldap
index   objectClass     eq

2) I made the root context as:

final static String ldapServerName = "localhost";
final static String rootdn =
"cn=Manager,o=Magna,c=US";
final static String rootpass = "secret";
final static String rootContext = "o=Magna,c=US";
Properties env = new Properties();

env.put( Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory"
 );
env.put( Context.PROVIDER_URL, "ldap://"; +
ldapServerName + "/" );
env.put( Context.SECURITY_PRINCIPAL, rootdn );
env.put( Context.SECURITY_CREDENTIALS, rootpass );

BasicAttribute objClasses = new
BasicAttribute("objectclass");
objClasses.add("person");
objClasses.add("organizationalPerson");
objClasses.add("inetOrgPerson");

BasicAttributes attrs = new BasicAttributes();
attrs.put(objClasses);
attrs.put("o","Magna");
attrs.put("cn","Manager");
attrs.put("sn","testing");

ctx.createSubcontext( rootContext, attrs );

3) I loaded a JKS Keystore, created the
X509Certificate class and loaded it into openldap:

byte[] userCert = null;
FileInputStream fis = new
FileInputStream(keystore);//somepath
java.security.KeyStore ks =
java.security.KeyStore.getInstance(storetype);//JKS
ks.load(fis, storepass.toCharArray());

PrivateKey privateKey = (PrivateKey)ks.getKey(alias,
keypass.toCharArray());
X509Certificate cert =
(X509Certificate)ks.getCertificate(alias);
userCert = cert.getEncoded();
String newContext = "cn=Robertc,o=Magna,c=US";
BasicAttribute objClasses = new
BasicAttribute("objectclass");
objClasses.add("person");
objClasses.add("organizationalPerson");
objClasses.add("inetOrgPerson");

BasicAttributes attrs = new BasicAttributes();
attrs.put(objClasses);
attrs.put("cn","Robertc");
attrs.put("sn","Lazarskic");
attrs.put("ou","People");
attrs.put("userCertificate;binary", userCert);
DirContext ctx = new InitialDirContext( env );
ctx.createSubcontext( newContext, attrs );

4) I can convert like this:

String rootdn = "cn=Manager,o=Magna,c=US";
String newContext = "cn=Robertc,o=Magna,c=US";
String who = "cn=Robertc";

SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration results = ctx.search(newContext,
who, constraints);
if (results.hasMore())
{
  SearchResult sr = (SearchResult) results.next();
  javax.naming.directory.Attributes xanswer =
sr.getAttributes();
  javax.naming.directory.Attribute attribute =
xanswer.get("userCertificat
e;binary");
  // check if userCertificate attribute missing
  if (attribute!=null)
  {
    // retrieve cert as binary object
    Object bin = attribute.get();
    // convert to byte array
    byte[] buf = (byte[])bin;
    // convert to X.509 class
    X509Certificate cert = null;
    CertificateFactory cf =
CertificateFactory.getInstance( "X.509" );
    ByteArrayInputStream bais = new
ByteArrayInputStream(buf);
    while (bais.available() > 0)
    {
      cert = (X509Certificate) cf.generateCertificate(
bais );
    }
  }
}

5) I cannot find the cert via X509CertSelector : 

final static String newContext =
"cn=Robertc,o=Magna,c=US";
LDAPCertStoreParameters lcsp = new
LDAPCertStoreParameters("localhost", 38
9);
      CertStore cs = CertStore.getInstance("LDAP",
lcsp);
      X509CertSelector xcs = new X509CertSelector();
      xcs.setSubject(newContext);
      Collection certs = cs.getCertificates(xcs);
      if (certs.isEmpty())
      {
        throw new Exception("can't find cert");
      }

Please help,
iksrazal

__________________________________
Do you Yahoo!?
Get better spam protection with Yahoo! Mail.
http://antispam.yahoo.com/tools