Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 218079A89 for ; Tue, 21 May 2013 10:04:06 +0000 (UTC) Received: (qmail 9326 invoked by uid 500); 21 May 2013 10:04:06 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 9150 invoked by uid 500); 21 May 2013 10:04:04 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 9076 invoked by uid 99); 21 May 2013 10:04:01 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 21 May 2013 10:04:01 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 21 May 2013 10:03:54 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id C390423888E3; Tue, 21 May 2013 10:03:32 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1484730 - in /cxf/trunk/services/xkms: xkms-features/src/main/resources/ xkms-osgi/src/main/resources/OSGI-INF/blueprint/ xkms-war/src/main/webapp/WEB-INF/ xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/ xkms-x509-handl... Date: Tue, 21 May 2013 10:03:32 -0000 To: commits@cxf.apache.org From: ashakirin@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20130521100332.C390423888E3@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: ashakirin Date: Tue May 21 10:03:31 2013 New Revision: 1484730 URL: http://svn.apache.org/r1484730 Log: Fixed [CXF-5028]: XKMS configurable LDAP schema parameters Added: cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapSchemaConfig.java cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapSearch.java - copied, changed from r1484722, cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LDAPSearch.java Removed: cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LDAPSearch.java Modified: cxf/trunk/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.cfg cxf/trunk/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/blueprint/xkms-key-handlers.xml cxf/trunk/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-endpoint.xml cxf/trunk/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-key-handlers.xml cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapRegisterHandler.java cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/locator/LdapLocator.java cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/utils/X509Utils.java cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/ldap/persistence/LDAPPersistenceManagerITest.java cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/ldap/persistence/LDAPPersistenceManagerTest.java cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/ldap/persistence/LDAPSearchTest.java Modified: cxf/trunk/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.cfg URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.cfg?rev=1484730&r1=1484729&r2=1484730&view=diff ============================================================================== --- cxf/trunk/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.cfg (original) +++ cxf/trunk/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.cfg Tue May 21 10:03:31 2013 @@ -20,11 +20,22 @@ # XKMS configuration properties # 1. Filesystem backend -#xkms.backend.file.storageDir=data/xkms/keys +#xkms.file.storageDir=data/xkms/keys # 2. LDAP backend -xkms.backend.ldap.url=ldap://localhost:2389 -xkms.backend.ldap.user=cn=Directory Manager -xkms.backend.ldap.pwd=test -xkms.backend.ldap.retry=2 -xkms.backend.ldap.rootDN=dc=example,dc=com \ No newline at end of file +xkms.ldap.url=ldap://localhost:2389 +xkms.ldap.user=cn=Directory Manager +xkms.ldap.pwd=test +xkms.ldap.retry=2 +xkms.ldap.rootDN=dc=example,dc=com + +# 3. LDAP schema +xkms.ldap.schema.certObjectClass=inetOrgPerson +xkms.ldap.schema.attrUID=uid +xkms.ldap.schema.attrIssuerID=manager +xkms.ldap.schema.attrSerialNumber=employeeNumber +xkms.ldap.schema.attrCrtBinary=userCertificate;binary +xkms.ldap.schema.constAttrNamesCSV=sn +xkms.ldap.schema.constAttrValuesCSV=X509 certificate +xkms.ldap.schema.serviceCertRDNTemplate=cn=%s,ou=services +xkms.ldap.schema.serviceCertUIDTemplate=cn=%s Modified: cxf/trunk/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/blueprint/xkms-key-handlers.xml URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/blueprint/xkms-key-handlers.xml?rev=1484730&r1=1484729&r2=1484730&view=diff ============================================================================== --- cxf/trunk/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/blueprint/xkms-key-handlers.xml (original) +++ cxf/trunk/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/blueprint/xkms-key-handlers.xml Tue May 21 10:03:31 2013 @@ -18,23 +18,37 @@ + + + + + + + + + + + + - + + - + + - - - - - + + + + + + - + Modified: cxf/trunk/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-key-handlers.xml URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-key-handlers.xml?rev=1484730&r1=1484729&r2=1484730&view=diff ============================================================================== --- cxf/trunk/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-key-handlers.xml (original) +++ cxf/trunk/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-key-handlers.xml Tue May 21 10:03:31 2013 @@ -24,21 +24,35 @@ Modified: cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapRegisterHandler.java URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapRegisterHandler.java?rev=1484730&r1=1484729&r2=1484730&view=diff ============================================================================== --- cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapRegisterHandler.java (original) +++ cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapRegisterHandler.java Tue May 21 10:03:31 2013 @@ -20,62 +20,56 @@ package org.apache.cxf.xkms.x509.handler import java.security.cert.CertificateException; import java.security.cert.X509Certificate; -import java.util.regex.Matcher; import javax.naming.directory.Attributes; import javax.naming.directory.BasicAttribute; import javax.naming.directory.BasicAttributes; -import org.apache.cxf.xkms.exception.XKMSArgumentNotMatchException; -import org.apache.cxf.xkms.handlers.Applications; import org.apache.cxf.xkms.model.xkms.UseKeyWithType; +import org.apache.cxf.xkms.x509.utils.X509Utils; public class LdapRegisterHandler extends AbstractX509RegisterHandler { - - private static final String OU_SERVICES = "ou=services"; - private static final String CN_PREFIX = "cn="; - private static final String INET_ORG_PERSON = "inetOrgPerson"; private static final String ATTR_OBJECT_CLASS = "objectClass"; - private static final String ATTR_SN = "sn"; - private static final String ATTR_UID_NAME = "uid"; - private static final String ATTR_ISSUER_IDENTIFIER = "manager"; - private static final String ATTR_SERIAL_NUMBER = "employeeNumber"; - private static final String ATTR_USER_CERTIFICATE_BINARY = "userCertificate;binary"; - private final LDAPSearch ldapSearch; + private final LdapSearch ldapSearch; + private final LdapSchemaConfig ldapConfig; private final String rootDN; - public LdapRegisterHandler(LDAPSearch ldapSearch, String rootDN) throws CertificateException { - super(); + public LdapRegisterHandler(LdapSearch ldapSearch, LdapSchemaConfig ldapConfig, String rootDN) + throws CertificateException { this.ldapSearch = ldapSearch; + this.ldapConfig = ldapConfig; this.rootDN = rootDN; } @Override public void saveCertificate(X509Certificate cert, UseKeyWithType id) { Attributes attribs = new BasicAttributes(); - attribs.put(new BasicAttribute(ATTR_OBJECT_CLASS, INET_ORG_PERSON)); - attribs.put(new BasicAttribute(ATTR_SN, "X509 certificate")); - attribs.put(new BasicAttribute(ATTR_UID_NAME, cert.getSubjectX500Principal().getName())); - attribs.put(new BasicAttribute(ATTR_SERIAL_NUMBER, cert.getSerialNumber().toString(16))); - attribs.put(new BasicAttribute(ATTR_ISSUER_IDENTIFIER, cert.getIssuerX500Principal().getName())); + attribs.put(new BasicAttribute(ATTR_OBJECT_CLASS, ldapConfig.getCertObjectClass())); + attribs.put(new BasicAttribute(ldapConfig.getAttrUID(), cert.getSubjectX500Principal().getName())); + attribs.put(new BasicAttribute(ldapConfig.getAttrIssuerID(), cert.getIssuerX500Principal().getName())); + attribs.put(new BasicAttribute(ldapConfig.getAttrSerialNumber(), cert.getSerialNumber().toString(16))); + addConstantAttributes(ldapConfig.getConstAttrNamesCSV(), ldapConfig.getConstAttrValuesCSV(), attribs); try { - attribs.put(new BasicAttribute(ATTR_USER_CERTIFICATE_BINARY, cert.getEncoded())); - String dn = getDN(id.getApplication(), id.getIdentifier()); + attribs.put(new BasicAttribute(ldapConfig.getAttrCrtBinary(), cert.getEncoded())); + String dn = X509Utils.getDN(id.getApplication(), id.getIdentifier(), + ldapConfig.getServiceCertRDNTemplate(), rootDN); ldapSearch.bind(dn, attribs); } catch (Exception e) { throw new RuntimeException(e.getMessage(), e); } } - - private String getDN(String applicationUri, String identifier) { - if (Applications.PKIX.getUri().equals(applicationUri)) { - return identifier + "," + rootDN; - } else if (Applications.SERVICE_SOAP.getUri().equals(applicationUri)) { - String escapedIdentifier = identifier.replaceAll("\\/", Matcher.quoteReplacement("\\/")); - return CN_PREFIX + escapedIdentifier + "," + OU_SERVICES + "," + rootDN; - } else { - throw new XKMSArgumentNotMatchException("Unsupported application uri: " + applicationUri); + + private void addConstantAttributes(String names, String values, Attributes attribs) { + String[] arrNames = names.split(","); + String[] arrValues = values.split(","); + if (arrNames.length != arrValues.length) { + throw new IllegalArgumentException( + String.format("Inconsintent constant attributes: %s; %s", names, values)); + } + for (int i = 0; i < arrNames.length; i++) { + attribs.put(new BasicAttribute(arrNames[i], arrValues[i])); } } + } Added: cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapSchemaConfig.java URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapSchemaConfig.java?rev=1484730&view=auto ============================================================================== --- cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapSchemaConfig.java (added) +++ cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapSchemaConfig.java Tue May 21 10:03:31 2013 @@ -0,0 +1,104 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.xkms.x509.handlers; + +public class LdapSchemaConfig { + private String certObjectClass = "inetOrgPerson"; + private String attrUID = "uid"; + private String attrIssuerID = "manager"; + private String attrSerialNumber = "employeeNumber"; + private String attrCrtBinary = "userCertificate;binary"; + private String constAttrNamesCSV = "sn"; + private String constAttrValuesCSV = "X509 certificate"; + private String serviceCertRDNTemplate = "cn=%s,ou=services"; + private String serviceCertUIDTemplate = "cn=%s"; + + public String getCertObjectClass() { + return certObjectClass; + } + + public void setCertObjectClass(String crtObjectClass) { + this.certObjectClass = crtObjectClass; + } + + public String getAttrUID() { + return attrUID; + } + + public void setAttrUID(String attrUID) { + this.attrUID = attrUID; + } + + public String getAttrIssuerID() { + return attrIssuerID; + } + + public void setAttrIssuerID(String attrIssuerID) { + this.attrIssuerID = attrIssuerID; + } + + public String getAttrSerialNumber() { + return attrSerialNumber; + } + + public void setAttrSerialNumber(String attrSerialNumber) { + this.attrSerialNumber = attrSerialNumber; + } + + public String getAttrCrtBinary() { + return attrCrtBinary; + } + + public void setAttrCrtBinary(String attrCrtBinary) { + this.attrCrtBinary = attrCrtBinary; + } + + public String getConstAttrNamesCSV() { + return constAttrNamesCSV; + } + + public void setConstAttrNamesCSV(String constAttrNamesCSV) { + this.constAttrNamesCSV = constAttrNamesCSV; + } + + public String getConstAttrValuesCSV() { + return constAttrValuesCSV; + } + + public void setConstAttrValuesCSV(String constAttrValuesCSV) { + this.constAttrValuesCSV = constAttrValuesCSV; + } + + public String getServiceCertRDNTemplate() { + return serviceCertRDNTemplate; + } + + public void setServiceCertRDNTemplate(String serviceCrtRDNTemplate) { + this.serviceCertRDNTemplate = serviceCrtRDNTemplate; + } + + public String getServiceCertUIDTemplate() { + return serviceCertUIDTemplate; + } + + public void setServiceCertUIDTemplate(String serviceCrtUIDTemplate) { + this.serviceCertUIDTemplate = serviceCrtUIDTemplate; + } + +} Copied: cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapSearch.java (from r1484722, cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LDAPSearch.java) URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapSearch.java?p2=cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapSearch.java&p1=cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LDAPSearch.java&r1=1484722&r2=1484730&rev=1484730&view=diff ============================================================================== --- cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LDAPSearch.java (original) +++ cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapSearch.java Tue May 21 10:03:31 2013 @@ -37,9 +37,9 @@ import org.apache.cxf.xkms.exception.XKM import org.apache.cxf.xkms.model.xkms.ResultMajorEnum; import org.apache.cxf.xkms.model.xkms.ResultMinorEnum; -public class LDAPSearch { +public class LdapSearch { private static final String SECURITY_AUTHENTICATION = "simple"; - private static final Logger LOG = LogUtils.getL7dLogger(LDAPSearch.class); + private static final Logger LOG = LogUtils.getL7dLogger(LdapSearch.class); private String ldapuri; private String bindDN; @@ -48,7 +48,7 @@ public class LDAPSearch { private InitialDirContext dirContext; - public LDAPSearch(String ldapuri, String bindDN, String bindPassword, int numRetries) { + public LdapSearch(String ldapuri, String bindDN, String bindPassword, int numRetries) { this.ldapuri = ldapuri; this.bindDN = bindDN; this.bindPassword = bindPassword; Modified: cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/locator/LdapLocator.java URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/locator/LdapLocator.java?rev=1484730&r1=1484729&r2=1484730&view=diff ============================================================================== --- cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/locator/LdapLocator.java (original) +++ cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/locator/LdapLocator.java Tue May 21 10:03:31 2013 @@ -27,47 +27,45 @@ import java.security.cert.X509Certificat import java.util.List; import java.util.logging.Level; import java.util.logging.Logger; -import java.util.regex.Matcher; import javax.naming.NamingException; import javax.naming.directory.Attribute; import org.apache.cxf.common.logging.LogUtils; -import org.apache.cxf.xkms.exception.XKMSArgumentNotMatchException; import org.apache.cxf.xkms.exception.XKMSCertificateException; import org.apache.cxf.xkms.handlers.Applications; import org.apache.cxf.xkms.handlers.Locator; import org.apache.cxf.xkms.model.xkms.LocateRequestType; import org.apache.cxf.xkms.model.xkms.UnverifiedKeyBindingType; import org.apache.cxf.xkms.model.xkms.UseKeyWithType; -import org.apache.cxf.xkms.x509.handlers.LDAPSearch; +import org.apache.cxf.xkms.x509.handlers.LdapSchemaConfig; +import org.apache.cxf.xkms.x509.handlers.LdapSearch; import org.apache.cxf.xkms.x509.parser.LocateRequestParser; import org.apache.cxf.xkms.x509.utils.X509Utils; public class LdapLocator implements Locator { - private static final String OU_SERVICES = "ou=services"; - private static final String CN_PREFIX = "cn="; - private static final String ATTR_UID_NAME = "uid"; - private static final String ATTR_ISSUER_IDENTIFIER = "manager"; - private static final String ATTR_SERIAL_NUMBER = "employeeNumber"; - private static final String ATTR_USER_CERTIFICATE_BINARY = "userCertificate;binary"; - private static final String FILTER_UID = "(" + ATTR_UID_NAME + "=%s)"; - private static final String FILTER_ISSUER_SERIAL = "(&(" + ATTR_ISSUER_IDENTIFIER + "=%s)(" + ATTR_SERIAL_NUMBER - + "=%s))"; private static final Logger LOG = LogUtils.getL7dLogger(LdapLocator.class); - private final LDAPSearch ldapSearch; + private final LdapSearch ldapSearch; private CertificateFactory certificateFactory; + private final LdapSchemaConfig ldapConfig; + private final String filterUIDTemplate; + private final String filterIssuerSerialTemplate; private final String rootDN; - - public LdapLocator(LDAPSearch ldapSearch, String rootDN) { + + + public LdapLocator(LdapSearch ldapSearch, LdapSchemaConfig ldapConfig, String rootDN) { this.ldapSearch = ldapSearch; + this.ldapConfig = ldapConfig; this.rootDN = rootDN; try { this.certificateFactory = CertificateFactory.getInstance("X.509"); } catch (CertificateException e) { LOG.log(Level.SEVERE, e.getMessage(), e); } + filterUIDTemplate = "(" + ldapConfig.getAttrUID() + "=%s)"; + filterIssuerSerialTemplate = "(&(" + ldapConfig.getAttrIssuerID() + "=%s)(" + ldapConfig.getAttrSerialNumber() + + "=%s))"; } @Override @@ -121,15 +119,17 @@ public class LdapLocator implements Loca private X509Certificate findByDn(String application, String id) throws CertificateException { byte[] content = null; try { - String dn = getDN(application, id); + String dn = X509Utils.getDN(application, id, ldapConfig.getServiceCertRDNTemplate(), + rootDN); content = getCertificateForDn(dn); } catch (NamingException e) { // Not found } - // Try to find certificate by search for distinguishedName attribute + // Try to find certificate by search for uid attribute try { if (content == null) { - content = getCertificateForDnAttr(getSubjectDN(application, id)); + String uidAttr = X509Utils.getSubjectDN(application, id, ldapConfig.getServiceCertUIDTemplate()); + content = getCertificateForUIDAttr(uidAttr); } } catch (NamingException e) { // Not found @@ -140,7 +140,7 @@ public class LdapLocator implements Loca } private byte[] getCertificateForDn(String dn) throws NamingException { - Attribute attr = ldapSearch.getAttribute(dn, ATTR_USER_CERTIFICATE_BINARY); + Attribute attr = ldapSearch.getAttribute(dn, ldapConfig.getAttrCrtBinary()); return (attr != null) ? (byte[]) attr.get() : null; @@ -152,8 +152,8 @@ public class LdapLocator implements Loca if ((issuer == null) || (serial == null)) { throw new IllegalArgumentException("Issuer and serial applications are expected in request"); } - String filter = String.format(FILTER_ISSUER_SERIAL, issuer, serial); - Attribute attr = ldapSearch.findAttribute(rootDN, filter, ATTR_USER_CERTIFICATE_BINARY); + String filter = String.format(filterIssuerSerialTemplate, issuer, serial); + Attribute attr = ldapSearch.findAttribute(rootDN, filter, ldapConfig.getAttrCrtBinary()); if ((attr != null) && (attr.get() != null)) { return (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream((byte[]) attr .get())); @@ -162,28 +162,9 @@ public class LdapLocator implements Loca } } - private String getDN(String applicationUri, String identifier) { - if (Applications.PKIX.getUri().equals(applicationUri)) { - return identifier + "," + rootDN; - } else if (Applications.SERVICE_SOAP.getUri().equals(applicationUri)) { - String escapedIdentifier = identifier.replaceAll("\\/", Matcher.quoteReplacement("\\/")); - return CN_PREFIX + escapedIdentifier + "," + OU_SERVICES + "," + rootDN; - } else { - throw new XKMSArgumentNotMatchException("Unsupported application uri: " + applicationUri); - } - } - - private String getSubjectDN(String application, String id) { - if (application.equalsIgnoreCase(Applications.SERVICE_SOAP.getUri())) { - return CN_PREFIX + id; - } else { - return id; - } - } - - private byte[] getCertificateForDnAttr(String dn) throws NamingException { - String filter = String.format(FILTER_UID, dn); - Attribute attr = ldapSearch.findAttribute(rootDN, filter, ATTR_USER_CERTIFICATE_BINARY); + private byte[] getCertificateForUIDAttr(String dn) throws NamingException { + String filter = String.format(filterUIDTemplate, dn); + Attribute attr = ldapSearch.findAttribute(rootDN, filter, ldapConfig.getAttrCrtBinary()); return (attr != null) ? (byte[]) attr.get() : null; Modified: cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/utils/X509Utils.java URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/utils/X509Utils.java?rev=1484730&r1=1484729&r2=1484730&view=diff ============================================================================== --- cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/utils/X509Utils.java (original) +++ cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/utils/X509Utils.java Tue May 21 10:03:31 2013 @@ -31,11 +31,13 @@ import java.util.Iterator; import java.util.List; import java.util.UUID; import java.util.logging.Logger; +import java.util.regex.Matcher; import javax.xml.bind.JAXBElement; import javax.xml.namespace.QName; import org.apache.cxf.common.logging.LogUtils; +import org.apache.cxf.xkms.handlers.Applications; import org.apache.cxf.xkms.model.xkms.LocateRequestType; import org.apache.cxf.xkms.model.xkms.LocateResultType; import org.apache.cxf.xkms.model.xkms.ResultMajorEnum; @@ -168,4 +170,25 @@ public final class X509Utils { } } + public static String getSubjectDN(String application, String id, String serviceDNTemplate) { + if (application.equalsIgnoreCase(Applications.SERVICE_SOAP.getUri())) { + return String.format(serviceDNTemplate, id); + } else { + return id; + } + } + + public static String getDN(String applicationUri, String identifier, String serviceDNTemplate, String rootDN) { + String dn = identifier; + if (Applications.SERVICE_SOAP.getUri().equals(applicationUri)) { + String escapedIdentifier = identifier.replaceAll("\\/", Matcher.quoteReplacement("\\/")); + dn = String.format(serviceDNTemplate, escapedIdentifier); + } + if ((rootDN != null) && !(rootDN.isEmpty())) { + dn = dn + "," + rootDN; + } + return dn; + } + + } Modified: cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/ldap/persistence/LDAPPersistenceManagerITest.java URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/ldap/persistence/LDAPPersistenceManagerITest.java?rev=1484730&r1=1484729&r2=1484730&view=diff ============================================================================== --- cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/ldap/persistence/LDAPPersistenceManagerITest.java (original) +++ cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/ldap/persistence/LDAPPersistenceManagerITest.java Tue May 21 10:03:31 2013 @@ -31,8 +31,9 @@ import javax.naming.NamingException; import org.apache.cxf.xkms.handlers.Applications; import org.apache.cxf.xkms.model.xkms.UseKeyWithType; -import org.apache.cxf.xkms.x509.handlers.LDAPSearch; import org.apache.cxf.xkms.x509.handlers.LdapRegisterHandler; +import org.apache.cxf.xkms.x509.handlers.LdapSchemaConfig; +import org.apache.cxf.xkms.x509.handlers.LdapSearch; import org.apache.cxf.xkms.x509.locator.LdapLocator; import org.junit.Assert; @@ -44,6 +45,7 @@ import org.junit.Test; */ public class LDAPPersistenceManagerITest { private static final String EXPECTED_SUBJECT_DN = "CN=www.issuer.com, L=CGN, ST=NRW, C=DE, O=Issuer"; + private static final LdapSchemaConfig LDAP_CERT_CONFIG = new LdapSchemaConfig(); @Test @Ignore @@ -82,9 +84,11 @@ public class LDAPPersistenceManagerITest @Test @Ignore public void testSave() throws Exception { - LDAPSearch ldapSearch = new LDAPSearch("ldap://localhost:2389", "cn=Directory Manager", "test", 2); + LdapSearch ldapSearch = new LdapSearch("ldap://localhost:2389", "cn=Directory Manager", "test", 2); LdapLocator locator = createLdapLocator(); - LdapRegisterHandler persistenceManager = new LdapRegisterHandler(ldapSearch, "dc=example,dc=com"); + LdapRegisterHandler persistenceManager = new LdapRegisterHandler(ldapSearch, + LDAP_CERT_CONFIG, + "dc=example,dc=com"); File certFile = new File("src/test/java/cert1.cer"); Assert.assertTrue(certFile.exists()); FileInputStream fis = new FileInputStream(certFile); @@ -99,8 +103,8 @@ public class LDAPPersistenceManagerITest } private LdapLocator createLdapLocator() throws CertificateException { - LDAPSearch ldapSearch = new LDAPSearch("ldap://localhost:2389", "cn=Directory Manager", "test", 2); - return new LdapLocator(ldapSearch, "dc=example,dc=com"); + LdapSearch ldapSearch = new LdapSearch("ldap://localhost:2389", "cn=Directory Manager", "test", 2); + return new LdapLocator(ldapSearch, LDAP_CERT_CONFIG, "dc=example,dc=com"); } private void testFindBySubjectDnInternal(LdapLocator persistenceManager) { Modified: cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/ldap/persistence/LDAPPersistenceManagerTest.java URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/ldap/persistence/LDAPPersistenceManagerTest.java?rev=1484730&r1=1484729&r2=1484730&view=diff ============================================================================== --- cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/ldap/persistence/LDAPPersistenceManagerTest.java (original) +++ cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/ldap/persistence/LDAPPersistenceManagerTest.java Tue May 21 10:03:31 2013 @@ -29,10 +29,12 @@ import javax.naming.directory.Attributes import org.apache.cxf.xkms.handlers.Applications; import org.apache.cxf.xkms.model.xkms.UseKeyWithType; -import org.apache.cxf.xkms.x509.handlers.LDAPSearch; import org.apache.cxf.xkms.x509.handlers.LdapRegisterHandler; +import org.apache.cxf.xkms.x509.handlers.LdapSchemaConfig; +import org.apache.cxf.xkms.x509.handlers.LdapSearch; import org.easymock.EasyMock; import org.easymock.IMocksControl; + import org.junit.Assert; import org.junit.Test; @@ -42,14 +44,15 @@ public class LDAPPersistenceManagerTest private static final String EXPECTED_SERVICE_URI = "http://myservice.apache.org/MyServiceName"; private static final String EXPECTED_DN_FOR_SERVICE = "cn=http:\\/\\/myservice.apache.org\\/MyServiceName,ou=services"; + private static final LdapSchemaConfig LDAP_CERT_CONFIG = new LdapSchemaConfig(); @Test public void testSaveUserCert() throws Exception { IMocksControl c = EasyMock.createControl(); - LDAPSearch ldapSearch = c.createMock(LDAPSearch.class); + LdapSearch ldapSearch = c.createMock(LdapSearch.class); ldapSearch.bind(EasyMock.eq(EXPECTED_SUBJECT_DN + "," + ROOT_DN), EasyMock.anyObject(Attributes.class)); EasyMock.expectLastCall().once(); - LdapRegisterHandler persistenceManager = new LdapRegisterHandler(ldapSearch, ROOT_DN); + LdapRegisterHandler persistenceManager = new LdapRegisterHandler(ldapSearch, LDAP_CERT_CONFIG, ROOT_DN); X509Certificate cert = getTestCert(); c.replay(); @@ -63,10 +66,10 @@ public class LDAPPersistenceManagerTest @Test public void testSaveServiceCert() throws Exception { IMocksControl c = EasyMock.createControl(); - LDAPSearch ldapSearch = c.createMock(LDAPSearch.class); + LdapSearch ldapSearch = c.createMock(LdapSearch.class); ldapSearch.bind(EasyMock.eq(EXPECTED_DN_FOR_SERVICE + "," + ROOT_DN), EasyMock.anyObject(Attributes.class)); EasyMock.expectLastCall().once(); - LdapRegisterHandler persistenceManager = new LdapRegisterHandler(ldapSearch, ROOT_DN); + LdapRegisterHandler persistenceManager = new LdapRegisterHandler(ldapSearch, LDAP_CERT_CONFIG, ROOT_DN); X509Certificate cert = getTestCert(); c.replay(); Modified: cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/ldap/persistence/LDAPSearchTest.java URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/ldap/persistence/LDAPSearchTest.java?rev=1484730&r1=1484729&r2=1484730&view=diff ============================================================================== --- cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/ldap/persistence/LDAPSearchTest.java (original) +++ cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/ldap/persistence/LDAPSearchTest.java Tue May 21 10:03:31 2013 @@ -26,7 +26,7 @@ import javax.naming.directory.Attribute; import javax.naming.directory.Attributes; import javax.naming.directory.SearchResult; -import org.apache.cxf.xkms.x509.handlers.LDAPSearch; +import org.apache.cxf.xkms.x509.handlers.LdapSearch; import org.junit.Ignore; import org.junit.Test; @@ -37,7 +37,7 @@ public class LDAPSearchTest { @Test @Ignore public void testSearch() throws URISyntaxException, NamingException { - LDAPSearch ldapSearch = new LDAPSearch("ldap://localhost:2389", "cn=Directory Manager", "test", 2); + LdapSearch ldapSearch = new LdapSearch("ldap://localhost:2389", "cn=Directory Manager", "test", 2); NamingEnumeration answer = ldapSearch.searchSubTree("dc=example, dc=com", "(cn=Testuser)"); while (answer.hasMore()) { SearchResult sr = answer.next();