directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Enrique Rodriguez" <enriqu...@gmail.com>
Subject Re: How i can import and store X509 certification into apacheDS?
Date Wed, 15 Aug 2007 23:31:29 GMT
On 8/15/07, Legolas Woodland <legolas.w@gmail.com> wrote:
> Hi
> Thank you for reading my post
> Can we use ApacheDS to import some certificate (X509 digital certificate)
> into it for our users?
>
> Is there any document fot doing this?

Yes, this works.  The core schema, which is enabled by default, has
support for RFC 2256, which contains attribute type userCertificate.
The cert attributes in RFC 2256 have been updated by RFC 4510 & RFC
4523, but the basic attribute and OID are the same.

I can't think of a consolidated example of how to do this, but there
are resources online for:

1)  Reading a cert from disk into an X509Certificate object.
2)  Calling cert.getEncoded() to get the ASN.1 DER as a byte[].
3)  Performing a basic JNDI binary write to the directory.

The following unit tests show some ways to work with a userCertificate:

core-unit:
org.apache.directory.server.core.jndi.SearchContextITest#testBinaryAttributesInFilter()

server-unit:
org.apache.directory.server.BinarySearchTest#testSearchByBinaryAttribute()

Enrique

Mime
View raw message