[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
X.509 with java CertStore
I'm a ldap newbie, but I almost have x.509 working.
I am able to search for userCertificate;binary and
convert to the X509Certificate class. However, I
cannot use CertStore as I must have a problem with
X509CertSelector.setSubject because it cannot find the
entry. Perhaps my schema is not RFC 2587 compliant?
I have done the following(long, but I don't know
what's wrong):
1) sladp.conf :
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include
/etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
database ldbm
suffix "o=Magna,c=US"
rootdn "cn=Manager,o=Magna,c=US"
rootpw secret
directory /var/lib/ldap
index objectClass eq
2) I made the root context as:
final static String ldapServerName = "localhost";
final static String rootdn =
"cn=Manager,o=Magna,c=US";
final static String rootpass = "secret";
final static String rootContext = "o=Magna,c=US";
Properties env = new Properties();
env.put( Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory"
);
env.put( Context.PROVIDER_URL, "ldap://" +
ldapServerName + "/" );
env.put( Context.SECURITY_PRINCIPAL, rootdn );
env.put( Context.SECURITY_CREDENTIALS, rootpass );
BasicAttribute objClasses = new
BasicAttribute("objectclass");
objClasses.add("person");
objClasses.add("organizationalPerson");
objClasses.add("inetOrgPerson");
BasicAttributes attrs = new BasicAttributes();
attrs.put(objClasses);
attrs.put("o","Magna");
attrs.put("cn","Manager");
attrs.put("sn","testing");
ctx.createSubcontext( rootContext, attrs );
3) I loaded a JKS Keystore, created the
X509Certificate class and loaded it into openldap:
byte[] userCert = null;
FileInputStream fis = new
FileInputStream(keystore);//somepath
java.security.KeyStore ks =
java.security.KeyStore.getInstance(storetype);//JKS
ks.load(fis, storepass.toCharArray());
PrivateKey privateKey = (PrivateKey)ks.getKey(alias,
keypass.toCharArray());
X509Certificate cert =
(X509Certificate)ks.getCertificate(alias);
userCert = cert.getEncoded();
String newContext = "cn=Robertc,o=Magna,c=US";
BasicAttribute objClasses = new
BasicAttribute("objectclass");
objClasses.add("person");
objClasses.add("organizationalPerson");
objClasses.add("inetOrgPerson");
BasicAttributes attrs = new BasicAttributes();
attrs.put(objClasses);
attrs.put("cn","Robertc");
attrs.put("sn","Lazarskic");
attrs.put("ou","People");
attrs.put("userCertificate;binary", userCert);
DirContext ctx = new InitialDirContext( env );
ctx.createSubcontext( newContext, attrs );
4) I can convert like this:
String rootdn = "cn=Manager,o=Magna,c=US";
String newContext = "cn=Robertc,o=Magna,c=US";
String who = "cn=Robertc";
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration results = ctx.search(newContext,
who, constraints);
if (results.hasMore())
{
SearchResult sr = (SearchResult) results.next();
javax.naming.directory.Attributes xanswer =
sr.getAttributes();
javax.naming.directory.Attribute attribute =
xanswer.get("userCertificat
e;binary");
// check if userCertificate attribute missing
if (attribute!=null)
{
// retrieve cert as binary object
Object bin = attribute.get();
// convert to byte array
byte[] buf = (byte[])bin;
// convert to X.509 class
X509Certificate cert = null;
CertificateFactory cf =
CertificateFactory.getInstance( "X.509" );
ByteArrayInputStream bais = new
ByteArrayInputStream(buf);
while (bais.available() > 0)
{
cert = (X509Certificate) cf.generateCertificate(
bais );
}
}
}
5) I cannot find the cert via X509CertSelector :
final static String newContext =
"cn=Robertc,o=Magna,c=US";
LDAPCertStoreParameters lcsp = new
LDAPCertStoreParameters("localhost", 38
9);
CertStore cs = CertStore.getInstance("LDAP",
lcsp);
X509CertSelector xcs = new X509CertSelector();
xcs.setSubject(newContext);
Collection certs = cs.getCertificates(xcs);
if (certs.isEmpty())
{
throw new Exception("can't find cert");
}
Please help,
iksrazal
__________________________________
Do you Yahoo!?
Get better spam protection with Yahoo! Mail.
http://antispam.yahoo.com/tools