com.entrust.toolkit.x509.directory

Class SMProxyDirectory

java.lang.Object

com.entrust.toolkit.x509.directory.JNDIDirectory

com.entrust.toolkit.x509.directory.SMProxyDirectory

All Implemented Interfaces:

LdapDirectory

public class SMProxyDirectory
extends JNDIDirectory

Provides an interface to a JNDI Directory that can be used with SMProxy.

Since:

8.1

See Also:

JNDIDirectory

Field Summary

Fields inherited from class com.entrust.toolkit.x509.directory.JNDIDirectory

LDAP_VERSION_2, LDAP_VERSION_3

Constructor Summary

Constructors

Constructor and Description
SMProxyDirectory(IniFile entrustIniFile) Construct the SMProxyDirectory using an entrust.ini file.
SMProxyDirectory(java.lang.String smproxyHost, int smproxyPort) Setup the SMProxyDirectory.
SMProxyDirectory(java.net.URL url) Construct the SMProxyDirectory using a URL value.

Method Summary

Methods

Modifier and Type	Method and Description
SMProxyConfig	getSMProxyConfig() Returns the Security Manager Proxy configuration.
boolean	isAvailable() Determines whether the Directory is available.
void	setClientCredentials(User user) Sets the client credentials using the provided User object.
void	setClientCredentials(java.security.cert.X509Certificate[] chain, java.security.PrivateKey signingKey) Set client credentials for authenticating to a server.
void	setClientCredentials(java.security.cert.X509Certificate verificationCertificate, java.security.cert.X509Certificate caCertificate, java.security.PrivateKey signingKey) Not available.
void	setLDAPSConfig(LDAPSConfig config) Set the LDAPS Configuration parameters.
void	setSMProxyConfig(SMProxyConfig config) Sets the configuration for SSL connections

Methods inherited from class com.entrust.toolkit.x509.directory.JNDIDirectory

attachReferredDirectory, close, connect, getAttr, getConnectionTimeout, getCRLs, getInstance, getInstance, getInstance, getLDAPSConfig, getLdapVersion, getSearchTimeout, getSoConnectionTimeout, getURL, resetAuthentication, Search, Search, setAuthentication, setConnectionTimeout, setLdapVersion, setMaxConcurrentSearches, setSearchTimeout, setSoConnectionTimeout

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SMProxyDirectory

public SMProxyDirectory(java.lang.String smproxyHost,
                int smproxyPort)
                 throws SMProxyException

Setup the SMProxyDirectory. This constructor requires the ldapHost and ldapPort of the Proxy Server machine

Parameters:

smproxyHost - the Hostname or IP of the SMProxy Server

smproxyPort - the Port to use for the SMProxy Server (usually port 80 for http)

Throws:

SMProxyException - if the configuration is invalid

SMProxyDirectory

public SMProxyDirectory(IniFile entrustIniFile)
                 throws SMProxyException,
                        java.net.MalformedURLException

Construct the SMProxyDirectory using an entrust.ini file.

This constructor takes an IniFile that contains the proxy URL addresses with a protocol value of either http or https. i.e http://www.proxy.entrust.com or https://www.proxy.entrust.com

If the Security Manager Proxy was not configured to use default ports, the port values must be specified in the URL. ie. http://www.proxy.entrust.com:8080 or https://www.proxy.entrust.com:4443

The Entrust Settings section of the INI file must contain one of the following settings:

SMProxyURL

The common URL for the SMProxy server. Use this if all of the proxied connections are through the same SMProxy server.

SMServerProxyURL

The URL for the proxy server that provides the directory connection. Use this setting if the directory connections are to go through a separate SMProxy server.

Parameters:

entrustIniFile - the IniFile object that contains the proxy settings

Throws:

SMProxyException - if the configuration is invalid

java.net.MalformedURLException - if any of the SMProxy URL's are invalid

See Also:

SMProxyManagerTransport.SMProxyManagerTransport( IniFile entrustIniFile ), RoamingConfiguration.RoamingConfiguration(IniFile iniFile, boolean smProxyEnabled )

SMProxyDirectory

public SMProxyDirectory(java.net.URL url)
                 throws SMProxyException

Construct the SMProxyDirectory using a URL value.

Parameters:

url - URL that specifies the Proxy Server

Throws:

SMProxyException - if the configuration is invalid

Method Detail

setSMProxyConfig

public void setSMProxyConfig(SMProxyConfig config)
                      throws SMProxyException

Sets the configuration for SSL connections

Parameters:

config - the configuration to set

Throws:

SMProxyException - if the configuration is invalid

setLDAPSConfig

public void setLDAPSConfig(LDAPSConfig config)

Description copied from class: JNDIDirectory

Set the LDAPS Configuration parameters. The parameters that can be set are the following:

• SSLEnabled - Used to determine if an SSL connection should be used for this connection. The default setting is false indicating SSL for this directory is not enabled. If a JNDIDirectory is initialized with an LDAPS URL, this setting will automatically be enabled.
• TrustCerts - Setting allows Trusted Certificates (CA or End Entity to be set). These certificates are used to determined whether the SSL server should be trusted by configuring the LDAPSTrustManager for the default EntrustSSLSocketFactory. If a custom SSLSocketFactory has been specified, these certificates will not be used.
• AllowLDAPSReferrals - Setting used to determine whether LDAPS referrals are allowed. It is possible to have a plain LDAP connection get an LDAPS referral. If this setting is set to false it will not attempt to use LDAPS to follow the referral. This setting is set to true by default.
• SSLSocketFactory - Setting allows a custom SSLSocketFactory to be passed in as a parameter. The Toolkit will make sure the String passed in can be instantiated, and is an instance of an SSLSocketFactory.

Note: It is possible to have SSL Disabled for this directory, but still allow LDAPS Referrals. In this case the LDAPSConfig may be configured with the trusted certificates of any directory which may be referred. If a referred directory (using LDAPS) is attached to the JNDIDirectory object then the trusted certificates required for LDAPS to succeeded will already be configured. However, if AllowLDAPSReferral is set to false, LDAPS will not be attempted for any referrals.

Note 2: Because JNDI creates an instance of an SSLSocketFactory using the static getDefault() method, all trusted certificates must be available from a static location. The certificates stored in the LDAPSConfig are stored in a static memory cache (as well as locally). This means every certificate added through the LDAPSConfig object will be trusted for every subsequent LDAPS connection made with a JNDIDirectory instance.

Overrides:

setLDAPSConfig in class JNDIDirectory

Parameters:

config - The LDAPSConfig object which contains the SSL Configuration parameters

getSMProxyConfig

public SMProxyConfig getSMProxyConfig()

Returns the Security Manager Proxy configuration.

Returns:

the Security Manager Proxy configuration

setClientCredentials

public void setClientCredentials(java.security.cert.X509Certificate verificationCertificate,
                        java.security.cert.X509Certificate caCertificate,
                        java.security.PrivateKey signingKey)

Description copied from class: JNDIDirectory

Not available.

Specified by:

setClientCredentials in interface LdapDirectory

Overrides:

setClientCredentials in class JNDIDirectory

Parameters:

verificationCertificate - a verification certificate

caCertificate - the CA certificate that issued verificationCertificate

signingKey - the private signing key that signs messages verified by verificationCertificate

setClientCredentials

public void setClientCredentials(java.security.cert.X509Certificate[] chain,
                        java.security.PrivateKey signingKey)

Description copied from class: JNDIDirectory

Set client credentials for authenticating to a server. This implementation does nothing; it is intended to be overridden by subclasses that need to provide additional authentication, such as for SSL client authentication.

Overrides:

setClientCredentials in class JNDIDirectory

isAvailable

public boolean isAvailable()

Description copied from class: JNDIDirectory

Determines whether the Directory is available.

NOTE: This method does not determine the current directory connection status but rather reports if the javax.naming.directory.DirContext object exists. If the DirContext object does not exist, a new one will be created using JNDIDirectory.connect().

Specified by:

isAvailable in interface LdapDirectory

Overrides:

isAvailable in class JNDIDirectory

Returns:

Returns true if the directory is available, false otherwise.

setClientCredentials

public void setClientCredentials(User user)
                          throws UserNotLoggedInException

Sets the client credentials using the provided User object.

NOTE: if client authentication is required, use setSMProxyConfig instead.

Parameters:

user - the User object

Throws:

UserNotLoggedInException - if the user is not logged in