private void updateUserCredentials( TolvenPerson tolvenPerson, char[] userPassword, String base64UserPKCS12) { if (userPassword == null) { throw new RuntimeException( "A base64UserPKCS12 has been supplied without the accompanying user password"); } byte[] userPKCS12Bytes = null; try { userPKCS12Bytes = Base64.decodeBase64(base64UserPKCS12.getBytes("UTF-8")); } catch (Exception ex) { throw new RuntimeException("Could not convert base64UserPKCS12 to bytes", ex); } KeyStore userPKCS12KeyStore = CertificateHelper.getKeyStore(userPKCS12Bytes, userPassword); byte[] certBytes = CertificateHelper.getX509CertificateByteArray(userPKCS12KeyStore); tolvenPerson.setAttributeValue("userPKCS12", userPKCS12Bytes); tolvenPerson.setAttributeValue("userCertificate", certBytes); }
/** * Create a TolvenPerson, supplying the uid, realm, userPassword and userPKCS12 explicitly, * although tolvenPerson may contain those, as well as other attributes * * @param tolvenPerson * @param uid * @param uidPassword * @param realm * @param base64UserPKCS12 * @param admin * @param adminPassword * @return */ @Override public char[] createTolvenPerson( TolvenPerson tolvenPerson, String uid, char[] uidPassword, String realm, String base64UserPKCS12, String admin, char[] adminPassword) { LdapManager ldapManager = null; try { if (base64UserPKCS12 != null) { updateUserCredentials(tolvenPerson, uidPassword, base64UserPKCS12); } LdapRealmContext ldapRealmContext = getLdapRealmContext(realm); ldapManager = ldapRealmContext.getLdapManager(admin, adminPassword); String tolvenPersonDN = ldapRealmContext.getDN(tolvenPerson.getUid()); char[] generatedPassword = ldapManager.createUser(tolvenPersonDN, uidPassword, tolvenPerson.dirAttributes(false)); logger.info(admin + " added " + tolvenPersonDN + " to LDAP realm: " + realm); return generatedPassword; } catch (GatekeeperSecurityException ex) { throw ex; } catch (Exception ex) { throw new RuntimeException( "Failed to create TolvenPerson: " + tolvenPerson.getUid() + " in realm " + realm + " for admin " + admin, ex); } finally { if (ldapManager != null) { ldapManager.disconnect(); } } }