org.bouncycastle.cert.dane.fetcher.JndiDANEFetcherFactory Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of bcpkix-fips Show documentation
Show all versions of bcpkix-fips Show documentation
The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. The APIs are designed primarily to be used in conjunction with the BC FIPS provider. The APIs may also be used with other providers although if being used in a FIPS context it is the responsibility of the user to ensure that any other providers used are FIPS certified.
package org.bouncycastle.cert.dane.fetcher;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import javax.naming.Binding;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import org.bouncycastle.cert.dane.DANEEntry;
import org.bouncycastle.cert.dane.DANEEntryFetcher;
import org.bouncycastle.cert.dane.DANEEntryFetcherFactory;
import org.bouncycastle.cert.dane.DANEException;
/**
* A DANE entry fetcher implemented using JNDI.
*/
public class JndiDANEFetcherFactory
implements DANEEntryFetcherFactory
{
private static final String DANE_TYPE = "53";
private List dnsServerList = new ArrayList();
private boolean isAuthoritative;
/**
* Specify the dnsServer to use.
*
* @param dnsServer IP address/name of the dns server
* @return the current factory.
*/
public JndiDANEFetcherFactory usingDNSServer(String dnsServer)
{
this.dnsServerList.add(dnsServer);
return this;
}
/**
* Specify requests must be authoritative, or not (default false).
*
* @param isAuthoritative true if requests must be authoritative, false otherwise.
* @return the current factory..
*/
public JndiDANEFetcherFactory setAuthoritative(boolean isAuthoritative)
{
this.isAuthoritative = isAuthoritative;
return this;
}
/**
* Build an entry fetcher for the specified domain name.
*
* @param domainName the domain name of interest.
* @return a resolver for fetching entry's associated with domainName.
*/
public DANEEntryFetcher build(final String domainName)
{
final Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.dns.DnsContextFactory");
env.put(Context.AUTHORITATIVE, isAuthoritative ? "true" : "false"); // JDK compatibility
if (dnsServerList.size() > 0)
{
StringBuffer dnsServers = new StringBuffer();
for (Iterator it = dnsServerList.iterator(); it.hasNext(); )
{
if (dnsServers.length() > 0)
{
dnsServers.append(" ");
}
dnsServers.append("dns://" + it.next());
}
env.put(Context.PROVIDER_URL, dnsServers.toString());
}
return new DANEEntryFetcher()
{
public List getEntries()
throws DANEException
{
List entries = new ArrayList();
try
{
DirContext ctx = new InitialDirContext(env);
NamingEnumeration bindings;
if (domainName.indexOf("_smimecert.") > 0)
{
// need to use fully qualified domain name if using named DNS server.
Attributes attrs = ctx.getAttributes(domainName, new String[]{DANE_TYPE});
Attribute smimeAttr = attrs.get(DANE_TYPE);
if (smimeAttr != null)
{
addEntries(entries, domainName, smimeAttr);
}
}
else
{
bindings = ctx.listBindings("_smimecert." + domainName);
while (bindings.hasMore())
{
Binding b = (Binding)bindings.next();
DirContext sc = (DirContext)b.getObject();
String name = sc.getNameInNamespace().substring(1, sc.getNameInNamespace().length() - 1);
// need to use fully qualified domain name if using named DNS server.
Attributes attrs = ctx.getAttributes(name, new String[]{DANE_TYPE});
Attribute smimeAttr = attrs.get(DANE_TYPE);
if (smimeAttr != null)
{
String fullName = sc.getNameInNamespace();
String domainName = fullName.substring(1, fullName.length() - 1);
addEntries(entries, domainName, smimeAttr);
}
}
}
return entries;
}
catch (NamingException e)
{
throw new DANEException("Exception dealing with DNS: " + e.getMessage(), e);
}
}
};
}
private void addEntries(List entries, String domainName, Attribute smimeAttr)
throws NamingException, DANEException
{
for (int index = 0; index != smimeAttr.size(); index++)
{
byte[] data = (byte[])smimeAttr.get(index);
if (DANEEntry.isValidCertificate(data))
{
try
{
entries.add(new DANEEntry(domainName, data));
}
catch (IOException e)
{
throw new DANEException("Exception parsing entry: " + e.getMessage(), e);
}
}
}
}
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy