📄 ldapprocess.java
字号:
/**
* @(#)LDAPProcess.java 2003/05/19
*
* Copyright(c) 2003 Wellhope Inc. All rights reserved.
*/
package psic;
import java.io.*;
//import netscape.ldap.*;
import com.novell.ldap.*;
import java.util.*;
/**
*
* <p>Title:注意事项 </p>
* <p>author: Marco Chen</p>
* <p>modifytime: 2003.12.27</p>
* <p>本文件适用范围:OPENLDAP,CA五层结构,PA,AA是国办结构(AA在2003.12.27发布时给的是编码证书,与CA,PA不同,应用需要注意)</p>
*1.OPENLDAP和SUN输入用户名密码有区别,前者BIND,后者authenticate
*2.通过modifytimestamp取证书时OPENLDAP需要在YYYYMMDDHHMMSS后加"Z"表示标准时间,如20031113064115Z-20031230064115Z
*
*
*3.CA取证书接口只提供通过certsn即序列号的方法,userid和mail不能表示唯一证书故暂时不提供
*
*4.OPENLDAP目前匿名登录只能取到500个子节点,多余500时报sizelimit异常。(ldap上如何修改,使取时能超过500个,不知)
* (程序中修改方法见WHLDAP_GetAACertFromLDAPByUserID中的注释,但不能匿名登陆,否则修改无用)
*
* 5.OPENLDAP中LDAPSearchResults的方法getCount()有问题不能正确返回总个数,所以使用两次查询,第一次记数,第二次取值的方法(故效率降低一半)
*/
/**
* @Title LDAPProcess Class
* @Description LDAPProcess类完成与LDAP服务器的信息交互
* @Version 1.0.0
* @Author Jreey Cheng
*/
public class LDAPProcess
{
private WHLDAP_SVR_CONNCET_PARA ldapPara;
private WHLDAP_FILTER ldapFilter;
private int ldapFilterType;
private LDAPConnection conn;
private ClientConf conf=new ClientConf();
public LDAPProcess()
{
ldapFilter = new WHLDAP_FILTER();
ldapPara = new WHLDAP_SVR_CONNCET_PARA();
}
private int WHLDAP_SetSvrPara (WHLDAP_SVR_CONNCET_PARA pPara )
{
ldapPara.m_searchBase = pPara.m_searchBase;
ldapPara.m_ldapsvr_host = pPara.m_ldapsvr_host ;
ldapPara.m_ldapsvr_port = pPara.m_ldapsvr_port ;
return 0;
}
private int WHLDAP_Connect (int dwConnectionType,int dwAuthMethod,String usrName,String pwd)
{
try
{
conn = new LDAPConnection();
conn.connect(ldapPara.m_ldapsvr_host ,ldapPara.m_ldapsvr_port);
//用户名密码
//conn.authenticate(usrName,pwd);
conn.bind(LDAPConnection.LDAP_V3, usrName,pwd);
}catch(Exception e)
{
return -1;
}
return 0;
}
private int WHLDAP_DisConnect (int dwConnectionType)
{
try
{
conn.disconnect();
}catch(Exception e)
{
return -1;
}
return 0;
}
private byte[] WHLDAP_GetData (String inputData,String className,int dwType,int dwflag,int dwOption)
{
if(dwflag == 1)
{
try
{
LDAPSearchResults rs = conn.search(ldapPara.m_searchBase,
LDAPConnection.SCOPE_SUB,
ldapFilter.pbData,
null,
false
);
if(rs.hasMore())
{
LDAPEntry certentry = rs.next();
return (certentry.getAttribute(inputData).getByteValueArray())[0];
}
}catch(Exception e)
{
return null;
}
}
if(dwflag == 2)
{
try
{
LDAPSearchResults rs = conn.search(ldapPara.m_searchBase,
LDAPConnection.SCOPE_ONE,
ldapFilter.pbData,
null,
false
);
if(rs.hasMore())
{
LDAPEntry certentry = rs.next();
return (certentry.getAttribute(inputData).getByteValueArray())[0];
}
}
catch(Exception e)
{
return null;
}
}
return null;
}
private PKI_DATA[] WHLDAP_GetAllData (String inputData,String className,int dwType,int dwflag,int dwOption)
{
PKI_DATA[] buf = null;
int i =0;
//System.out.println("dwflag="+dwflag);
if(dwflag == 1)
{
try
{
LDAPSearchResults rs = conn.search(ldapPara.m_searchBase,
LDAPConnection.SCOPE_SUB,
ldapFilter.pbData,
null,
false
);
//if(rs.hasMore())
while(rs.hasMore())
{
rs.next();
i++;
}
buf = new PKI_DATA[i];
rs = conn.search(ldapPara.m_searchBase,
LDAPConnection.SCOPE_SUB,
ldapFilter.pbData,
null,
false
);
i =0;
while(rs.hasMore())
{
LDAPEntry certentry = rs.next();
buf[i] = new PKI_DATA();
byte[] buf1 =(certentry.getAttribute(inputData).getByteValueArray())[0];
buf[i].setValue(buf1);
buf[i].setSize(buf1.length);
i++;
}
}catch(Exception e)
{
return null;
}
}
if(dwflag == 2)
{
try
{
LDAPSearchResults rs = conn.search(ldapPara.m_searchBase,
LDAPConnection.SCOPE_ONE,
ldapFilter.pbData,
null,
false
);
while(rs.hasMore())
{
rs.next();
i++;
}
buf = new PKI_DATA[i];
rs = conn.search(ldapPara.m_searchBase,
LDAPConnection.SCOPE_ONE,
ldapFilter.pbData,
null,
false
);
i =0;
while(rs.hasMore())
{
LDAPEntry certentry = rs.next();
buf[i] = new PKI_DATA();
byte[] buf1 =(certentry.getAttribute(inputData).getByteValueArray())[0];
buf[i].setValue(buf1);
buf[i].setSize(buf1.length);
i++;
}
//System.out.println("buf.length="+buf.length);
}
catch(Exception e)
{
return null;
}
}
return buf;
}
private int WHLDAP_SetFilter (WHLDAP_FILTER pldapfilter,int dwFilterType)
{
ldapFilter.dwSize = pldapfilter.dwSize ;
ldapFilter.pbData = pldapfilter.pbData ;
ldapFilterType = dwFilterType;
return 0;
}
/*
//WHLDAP_GetCertByUserid 2003 12 26 不提供给5层openldap的国办CA,mailaddr不能唯一标识用户证书,索引只有cacertsn一项
public byte[] WHLDAP_GetCertByMailAddr(long certType, String MailAddr)
{
String ldapIp =conf.getParamValue("LDAPServer");
String caname =conf.getParamValue("LDAPSearchBase");
int ldapPort=Integer.valueOf(conf.getParamValue("LDAPPort")).intValue();
WHLDAP_SVR_CONNCET_PARA para = new WHLDAP_SVR_CONNCET_PARA();
para.m_dwSearchScop = LDAPConnection.SCOPE_ONE;
para.m_ldapsvr_host = ldapIp;
para.m_ldapsvr_port = ldapPort;
para.m_searchBase = "casn="+caname;
WHLDAP_SetSvrPara(para);
WHLDAP_FILTER filter = new WHLDAP_FILTER();
// filter.pbData = "&(causermail=" +MailAddr +")(objectclass=causer)";
filter.pbData = "(causermail=" +MailAddr +")(objectclass=causer)";
WHLDAP_SetFilter(filter,1);
WHLDAP_Connect(1,2,null,null);
byte[] data = WHLDAP_GetData("causerid","causer",1,1,0);
WHLDAP_DisConnect(0x01);
String userid = new String(data);
para.m_searchBase = "causerid="+userid +",casn="+caname;
WHLDAP_SetSvrPara(para);
WHLDAP_Connect(1,2,null,null);
if(certType == 1)
// filter.pbData = "&(cacertproperty=exchange)(objectclass=cacert)";
filter.pbData = "(cacerttype=ENC)(objectclass=cacert)";
if(certType == 2)
// filter.pbData = "&(cacertproperty=signature)(objectclass=cacert)";
filter.pbData = "(cacerttype=SIG)(objectclass=cacert)";
WHLDAP_SetFilter(filter,1);
byte[] certValue = WHLDAP_GetData("usercertificate","cacert",1,1,0);
WHLDAP_DisConnect(0x01);
return certValue;
}
*/
/*
//WHLDAP_GetCertByUserid 2003 12 26 不提供给5层openldap的国办CA,userid不能唯一标识用户证书,索引只有cacertsn一项
public byte[] WHLDAP_GetCertByUserid(long certType, String userid)
{
String ldapIp =conf.getParamValue("LDAPServer");
String caname =conf.getParamValue("LDAPSearchBase");
int ldapPort=Integer.valueOf(conf.getParamValue("LDAPPort")).intValue();
WHLDAP_SVR_CONNCET_PARA para = new WHLDAP_SVR_CONNCET_PARA();
para.m_dwSearchScop = LDAPConnection.SCOPE_ONE;
para.m_ldapsvr_host = ldapIp;
para.m_ldapsvr_port = ldapPort;
// para.m_searchBase = "causerid="+userid+",trustcercasntsn=CA1001"+",raid=RA001"+",casn="+caname;
para.m_searchBase = "casn="+caname;
WHLDAP_SetSvrPara(para);
WHLDAP_FILTER filter = new WHLDAP_FILTER();
if(certType == 1)
// filter.pbData="&(cacertproperty=exchange)(objectclass=cacert)";
// filter.pbData = "(cacerttype=ENC)(objectclass=cacert)";
filter.pbData = "(cacertsn=100020002003122310100000023624)(objectclass=cacert)";
if(certType == 2)
// filter.pbData="&(cacertproperty=signature)(objectclass=cacert)";
filter.pbData = "(cacerttype=SIG)(objectclass=cacert)";
WHLDAP_SetFilter(filter,1);
WHLDAP_Connect(1,2,null,null);
byte[] certValue = WHLDAP_GetData("usercertificate","cacert",1,1,0);
WHLDAP_DisConnect(1);
return certValue;
}
*/
public byte[] WHLDAP_GetCertByCertID(String certsn)
{
String ldapIp =conf.getParamValue("LDAPServer");
String caname =conf.getParamValue("LDAPSearchBase");
int ldapPort=Integer.valueOf(conf.getParamValue("LDAPPort")).intValue();
WHLDAP_SVR_CONNCET_PARA para = new WHLDAP_SVR_CONNCET_PARA();
para.m_dwSearchScop = LDAPConnection.SCOPE_ONE;
para.m_ldapsvr_host = ldapIp;
para.m_ldapsvr_port = ldapPort;
para.m_searchBase ="casn="+caname;
WHLDAP_SetSvrPara(para);
WHLDAP_FILTER filter = new WHLDAP_FILTER();
filter.pbData= "(cacertsn="+certsn+")(objectclass=cacert)";
WHLDAP_SetFilter(filter,1);
WHLDAP_Connect(1,2,null,null);
byte[] certValue = WHLDAP_GetData("usercertificate","cacert",1,1,0);
WHLDAP_DisConnect(1);
return certValue;
}
public byte[] WHLDAP_GetCRLFromLDAP()
{
String ldapIp = conf.getParamValue("LDAPServer");
String searchBase = conf.getParamValue("LDAPSearchBase");
int ldapPort = Integer.valueOf(conf.getParamValue("LDAPPort")).intValue();
WHLDAP_SVR_CONNCET_PARA para = new WHLDAP_SVR_CONNCET_PARA();
para.m_dwSearchScop = LDAPConnection.SCOPE_ONE;
para.m_ldapsvr_host = ldapIp;
para.m_ldapsvr_port = ldapPort;
para.m_searchBase = "casn=" + searchBase;
WHLDAP_SetSvrPara(para);
WHLDAP_FILTER filter = new WHLDAP_FILTER();
filter.pbData = "(cacertsn=crl)(objectclass=cacert)";
WHLDAP_SetFilter(filter, 1);
WHLDAP_Connect(1, 2, null, null);
byte[] certValue = WHLDAP_GetData("usercertificate", "cacert", 1, 1, 0);
WHLDAP_DisConnect(1);
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -