com.entrust.toolkit.x509.directory

Class JNDIWithSMProxy

java.lang.Object

com.entrust.toolkit.x509.directory.JNDIWithSMProxy

All Implemented Interfaces:

LdapDirectory

public class JNDIWithSMProxy
extends java.lang.Object
implements LdapDirectory

This class provides proxy order functionality for LdapDirectory connections.

An SMProxyDirectory and MultipleDirectories object is created from the parameters supplied in the entrust.ini file. The currently active directory connection is determined in the call to isAvailable. The following ProxyOrder values are used to control the Proxy Ordering:

• PROXYFIRST: a connection via the proxy server will be attempted first. If that fails, a connection to the directory server will be attempted.
• PROXYLAST: a connection to the directory server will be attempted first. If that fails, a connection via the proxy server will be attempted. This is the default setting.
• NEVERPROXY: a connection to the directory server will be attempted. If that fails, a failure will occur
• ALWAYSPROXY: a connection via the proxy server will be attempted. If that fails, a failure will occur

NOTE: A simple TCP/IP connection attempt is used as a connectivity test. For the proxied connection, this test is performed against the proxy server, not the directory.

Since:

8.1

Constructor Summary

Constructors

Constructor and Description
JNDIWithSMProxy(IniFile iniFile, ProxyOrder proxyOrder) Constructor that takes and entrust.ini file and the proxy order.
JNDIWithSMProxy(java.lang.String entrustIniFile, ProxyOrder proxyOrder) Constructor that takes and entrust.ini file path and the proxy order.

Method Summary

Methods

Modifier and Type	Method and Description
byte[][]	getAttr(java.lang.String dn, java.lang.String attributeToFind) Searches for a specific attribute within a directory entry (as specified by a DN).
int	getConnectTimeout() Returns the socket connect timeout value
X509CRL[]	getCRLs(java.lang.String distributionPoint, boolean wantARL) Accessor method that returns an array of Certificate Revocation Lists (CRLs) or Authority Revocation Lists (ARLs).
boolean	isAvailable() Determines which connection is alive based on the proxy order and then calls isAvailable on that connection.
void	setClientCredentials(java.security.cert.X509Certificate verificationCertificate, java.security.cert.X509Certificate caCertificate, java.security.PrivateKey signingKey) Set credentials to use if communicating with a directory protocol that requires authentication.
void	setConnectTimeout(int connectionTimeout) Sets the connect timeout to be applied to both the proxied and direct connections.
void	setSMProxyConfig(SMProxyConfig config) Sets the SSL configuration for the proxied connection

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

JNDIWithSMProxy

public JNDIWithSMProxy(java.lang.String entrustIniFile,
               ProxyOrder proxyOrder)
                throws SMProxyException,
                       java.text.ParseException,
                       java.io.FileNotFoundException,
                       java.net.MalformedURLException

Constructor that takes and entrust.ini file path and the proxy order.

Creates an SMProxyDirectory and MultipleDirectories object.

Parameters:

entrustIniFile - the entrust.ini file path

proxyOrder - the proxy order

Throws:

SMProxyException

java.text.ParseException - if there is any issues parsing the parameters from the entrust.ini

java.io.FileNotFoundException - if the entrust.ini cannot be found

java.net.MalformedURLException - is the proxy settings are invalid

JNDIWithSMProxy

public JNDIWithSMProxy(IniFile iniFile,
               ProxyOrder proxyOrder)
                throws SMProxyException,
                       java.text.ParseException,
                       java.io.FileNotFoundException,
                       java.net.MalformedURLException

Constructor that takes and entrust.ini file and the proxy order.

Creates an SMProxyDirectory and MultipleDirectories object.

Parameters:

iniFile - the IniFile object that contains the proxy settings

proxyOrder - the proxy order

Throws:

SMProxyException - if an SMProxyDirectory cannot be created

java.text.ParseException - if there is any issues parsing the parameters from the entrust.ini

java.io.FileNotFoundException - if the entrust.ini cannot be found

java.net.MalformedURLException - is the proxy settings are invalid

Method Detail

getAttr

public byte[][] getAttr(java.lang.String dn,
               java.lang.String attributeToFind)
                 throws javax.naming.NamingException

Description copied from interface: LdapDirectory

Searches for a specific attribute within a directory entry (as specified by a DN).

Given a distinguished name and a desired attribute (using X.509 names, such as userCertificate, dn, cn, email, etc.), this method returns a byte array containing the attributes (certificate, CRL, DN, email address).

The following code fragment is an example of typical usage. In this case, each element of the result is a byte array representation of one of the user's certificates.

   getAttr( "cn=Roger Ramjet, o=Lompoc, c=US", "userCertificate" );
 

Specified by:

getAttr in interface LdapDirectory

Parameters:

dn - the distinguished name

attributeToFind - the attribute to find

Returns:

the desired attribute as a byte array

Throws:

javax.naming.NamingException - thrown if the search fails

getCRLs

public X509CRL[] getCRLs(java.lang.String distributionPoint,
                boolean wantARL)
                  throws javax.naming.NamingException,
                         java.security.cert.CRLException

Description copied from interface: LdapDirectory

Accessor method that returns an array of Certificate Revocation Lists (CRLs) or Authority Revocation Lists (ARLs).

Specified by:

getCRLs in interface LdapDirectory

Parameters:

distributionPoint - the DN as defined in a certificate

wantARL - a boolean flag indicating that an ARL is required

Returns:

an array of CRLs or ARLs

Throws:

javax.naming.NamingException - thrown if the search fails

java.security.cert.CRLException - thrown for other errors

isAvailable

public boolean isAvailable()

Determines which connection is alive based on the proxy order and then calls isAvailable on that connection.

This method sets which connection to use based on network availability.

Specified by:

isAvailable in interface LdapDirectory

Returns:

True if the directory is available, false otherwise.

setClientCredentials

public void setClientCredentials(java.security.cert.X509Certificate verificationCertificate,
                        java.security.cert.X509Certificate caCertificate,
                        java.security.PrivateKey signingKey)

Description copied from interface: LdapDirectory

Set credentials to use if communicating with a directory protocol that requires authentication.

Specified by:

setClientCredentials in interface LdapDirectory

Parameters:

verificationCertificate - a verification certificate

caCertificate - the CA certificate that issued verificationCertificate

signingKey - the private signing key that signs messages verified by verificationCertificate

setSMProxyConfig

public void setSMProxyConfig(SMProxyConfig config)
                      throws SMProxyException

Sets the SSL configuration for the proxied connection

Parameters:

config - the configuration to set

Throws:

SMProxyException

getConnectTimeout

public int getConnectTimeout()

Returns the socket connect timeout value

Returns:

the connectTimeout for the active connection

setConnectTimeout

public void setConnectTimeout(int connectionTimeout)

Sets the connect timeout to be applied to both the proxied and direct connections.

Parameters:

connectionTimeout - the connectTimeout to set