private void updateUserCredentials(
TolvenPerson tolvenPerson, char[] userPassword, String base64UserPKCS12) {
if (userPassword == null) {
throw new RuntimeException(
"A base64UserPKCS12 has been supplied without the accompanying user password");
}
byte[] userPKCS12Bytes = null;
try {
userPKCS12Bytes = Base64.decodeBase64(base64UserPKCS12.getBytes("UTF-8"));
} catch (Exception ex) {
throw new RuntimeException("Could not convert base64UserPKCS12 to bytes", ex);
}
KeyStore userPKCS12KeyStore = CertificateHelper.getKeyStore(userPKCS12Bytes, userPassword);
byte[] certBytes = CertificateHelper.getX509CertificateByteArray(userPKCS12KeyStore);
tolvenPerson.setAttributeValue("userPKCS12", userPKCS12Bytes);
tolvenPerson.setAttributeValue("userCertificate", certBytes);
}
/**
* Create a TolvenPerson, supplying the uid, realm, userPassword and userPKCS12 explicitly,
* although tolvenPerson may contain those, as well as other attributes
*
* @param tolvenPerson
* @param uid
* @param uidPassword
* @param realm
* @param base64UserPKCS12
* @param admin
* @param adminPassword
* @return
*/
@Override
public char[] createTolvenPerson(
TolvenPerson tolvenPerson,
String uid,
char[] uidPassword,
String realm,
String base64UserPKCS12,
String admin,
char[] adminPassword) {
LdapManager ldapManager = null;
try {
if (base64UserPKCS12 != null) {
updateUserCredentials(tolvenPerson, uidPassword, base64UserPKCS12);
}
LdapRealmContext ldapRealmContext = getLdapRealmContext(realm);
ldapManager = ldapRealmContext.getLdapManager(admin, adminPassword);
String tolvenPersonDN = ldapRealmContext.getDN(tolvenPerson.getUid());
char[] generatedPassword =
ldapManager.createUser(tolvenPersonDN, uidPassword, tolvenPerson.dirAttributes(false));
logger.info(admin + " added " + tolvenPersonDN + " to LDAP realm: " + realm);
return generatedPassword;
} catch (GatekeeperSecurityException ex) {
throw ex;
} catch (Exception ex) {
throw new RuntimeException(
"Failed to create TolvenPerson: "
+ tolvenPerson.getUid()
+ " in realm "
+ realm
+ " for admin "
+ admin,
ex);
} finally {
if (ldapManager != null) {
ldapManager.disconnect();
}
}
}