Removed unnecessary pki folder.

Previously the source code was located inside a pki folder.
This folder was created during svn migration and is no longer
needed. This folder has now been removed and the contents have
been moved up one level.

Ticket #131

26 files changed, 1803 insertions, 0 deletions

diff --git a/base/common/src/com/netscape/certsrv/publish/ECompSyntaxErr.java b/base/common/src/com/netscape/certsrv/publish/ECompSyntaxErr.java
new file mode 100644
index 000000000..a3a109900
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/publish/ECompSyntaxErr.java
@@ -0,0 +1,46 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.publish;
+
+import com.netscape.certsrv.ldap.ELdapException;
+
+/**
+ * This type of exception is thrown in cases where an parsing
+ * error is found while evaluating a PKI component. An example
+ * would be in trying to evaluate a PKI authentication message and
+ * the parsing operation fails due to a missing token.
+ * 
+ * @version $Revision$ $Date$
+ */
+public class ECompSyntaxErr extends ELdapException {
+
+    /**
+     *
+     */
+    private static final long serialVersionUID = -2224290038321971845L;
+
+    /**
+     * Construct a ECompSyntaxErr
+     * 
+     * @param errorString The descriptive error condition.
+     */
+
+    public ECompSyntaxErr(String errorString) {
+        super(errorString);
+    }
+}
diff --git a/base/common/src/com/netscape/certsrv/publish/EMapperNotFound.java b/base/common/src/com/netscape/certsrv/publish/EMapperNotFound.java
new file mode 100644
index 000000000..fdf4a1b9f
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/publish/EMapperNotFound.java
@@ -0,0 +1,42 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.publish;
+
+import com.netscape.certsrv.ldap.ELdapException;
+
+/**
+ * Exception for Publish Mapper not found.
+ * 
+ * @version $Revision$ $Date$
+ */
+public class EMapperNotFound extends ELdapException {
+
+    /**
+     *
+     */
+    private static final long serialVersionUID = -2222814261042222152L;
+
+    /**
+     * Constructs a exception for a missing required mapper
+     * 
+     * @param errorString Detailed error message.
+     */
+    public EMapperNotFound(String errorString) {
+        super(errorString);
+    }
+}
diff --git a/base/common/src/com/netscape/certsrv/publish/EMapperPluginNotFound.java b/base/common/src/com/netscape/certsrv/publish/EMapperPluginNotFound.java
new file mode 100644
index 000000000..f8f18c5ff
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/publish/EMapperPluginNotFound.java
@@ -0,0 +1,42 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.publish;
+
+import com.netscape.certsrv.ldap.ELdapException;
+
+/**
+ * Exception for Mapper Plugin not found.
+ * 
+ * @version $Revision$ $Date$
+ */
+public class EMapperPluginNotFound extends ELdapException {
+
+    /**
+     *
+     */
+    private static final long serialVersionUID = 3564854656103487939L;
+
+    /**
+     * Constructs a exception for a missing mapper plugin
+     * 
+     * @param errorString Detailed error message.
+     */
+    public EMapperPluginNotFound(String errorString) {
+        super(errorString);
+    }
+}
diff --git a/base/common/src/com/netscape/certsrv/publish/EPublisherNotFound.java b/base/common/src/com/netscape/certsrv/publish/EPublisherNotFound.java
new file mode 100644
index 000000000..176001e99
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/publish/EPublisherNotFound.java
@@ -0,0 +1,42 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.publish;
+
+import com.netscape.certsrv.ldap.ELdapException;
+
+/**
+ * Exception for Publisher not found. Required for successful publishing.
+ * 
+ * @version $Revision$ $Date$
+ */
+public class EPublisherNotFound extends ELdapException {
+
+    /**
+     *
+     */
+    private static final long serialVersionUID = 6159885167931517580L;
+
+    /**
+     * Constructs a exception for a missing required publisher.
+     * 
+     * @param errorString Detailed error message.
+     */
+    public EPublisherNotFound(String errorString) {
+        super(errorString);
+    }
+}
diff --git a/base/common/src/com/netscape/certsrv/publish/EPublisherPluginNotFound.java b/base/common/src/com/netscape/certsrv/publish/EPublisherPluginNotFound.java
new file mode 100644
index 000000000..56076863a
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/publish/EPublisherPluginNotFound.java
@@ -0,0 +1,42 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.publish;
+
+import com.netscape.certsrv.ldap.ELdapException;
+
+/**
+ * Exception for Publisher Plugin not found. Plugin implementation is required to actually publish.
+ * 
+ * @version $Revision$ $Date$
+ */
+public class EPublisherPluginNotFound extends ELdapException {
+
+    /**
+     *
+     */
+    private static final long serialVersionUID = -8626436244270286308L;
+
+    /**
+     * Constructs a exception for a missing publisher plugin.
+     * 
+     * @param errorString Detailed error message.
+     */
+    public EPublisherPluginNotFound(String errorString) {
+        super(errorString);
+    }
+}
diff --git a/base/common/src/com/netscape/certsrv/publish/ERuleNotFound.java b/base/common/src/com/netscape/certsrv/publish/ERuleNotFound.java
new file mode 100644
index 000000000..01c9897eb
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/publish/ERuleNotFound.java
@@ -0,0 +1,42 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.publish;
+
+import com.netscape.certsrv.ldap.ELdapException;
+
+/**
+ * Exception for Ldap Publishing Rule not found.
+ * 
+ * @version $Revision$ $Date$
+ */
+public class ERuleNotFound extends ELdapException {
+
+    /**
+     *
+     */
+    private static final long serialVersionUID = 8442034769483263745L;
+
+    /**
+     * Constructs a exception for a missing required rule, which links a publisher and mapper.
+     * 
+     * @param errorString Detailed error message.
+     */
+    public ERuleNotFound(String errorString) {
+        super(errorString);
+    }
+}
diff --git a/base/common/src/com/netscape/certsrv/publish/ERulePluginNotFound.java b/base/common/src/com/netscape/certsrv/publish/ERulePluginNotFound.java
new file mode 100644
index 000000000..f619e7f4a
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/publish/ERulePluginNotFound.java
@@ -0,0 +1,42 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.publish;
+
+import com.netscape.certsrv.ldap.ELdapException;
+
+/**
+ * Exception for Publisher Rule plugin not found. Plugin required to implement Ldap Rule.
+ * 
+ * @version $Revision$ $Date$
+ */
+public class ERulePluginNotFound extends ELdapException {
+
+    /**
+     *
+     */
+    private static final long serialVersionUID = 4056965992924762809L;
+
+    /**
+     * Constructs a exception for a missing rule plugin.
+     * 
+     * @param errorString Detailed error message.
+     */
+    public ERulePluginNotFound(String errorString) {
+        super(errorString);
+    }
+}
diff --git a/base/common/src/com/netscape/certsrv/publish/ICRLPublisher.java b/base/common/src/com/netscape/certsrv/publish/ICRLPublisher.java
new file mode 100644
index 000000000..cd5763cdb
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/publish/ICRLPublisher.java
@@ -0,0 +1,107 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.publish;
+
+import netscape.security.x509.X509CRLImpl;
+
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.IConfigStore;
+import com.netscape.certsrv.base.ISubsystem;
+
+/**
+ * This interface represents a CRL publisher that is
+ * invoked when CRL publishing is requested by CMS.
+ * Note that CMS, by default, shipped with a LDAP-based
+ * CRL publisher that can be configured via
+ * Certificiate Manager/LDAP Publishing panel. This
+ * interface provides administrator additional capability
+ * of publishing CRL to different destinations.
+ * 
+ * The CRL publishing frequency is configured via
+ * Netscape Certificate Server Console's
+ * Certificate Manager/Revocation List panel.
+ * The CRL publishing may occur either everytime a
+ * certificate is revoked or at a pre-defined interval.
+ * 
+ * To try out this new CRL publisher mechanism, do
+ * the following:
+ * (1) Write a sample CRL publisher class that implements
+ * ICRLPublisher interface. For example,
+ * 
+ * <code>
+ * public class CRLPublisher implements ICRLPublisher
+ * {
+ * 	public void init(ISubsystem owner, IConfigStore config) 
+ * 		throws EBaseException
+ * 	{
+ * 		log(ILogger.LL_DEBUG, "CRLPublisher: Initialized");
+ * 	}
+ * 
+ * 	public void publish(String issuingPointId, X509CRLImpl crl) 
+ * 		throws EBaseException 
+ *      {
+ * 		log(ILogger.LL_DEBUG, "CRLPublisher: " + issuingPointId + 
+ *                " crl=" + crl);
+ * 	}
+ * 
+ *      public void log(int level, String msg)
+ *      {
+ *              Logger.getLogger().log(ILogger.EV_SYSTEM, 
+ *                      null, ILogger.S_OTHER, level,
+ *                      msg);
+ *      }
+ * }
+ * </code>
+ * 
+ * (2) Compile the class and place the class into
+ * <server-root>\bin\cert\classes directory.
+ * (3) Add the following parameter to CMS.cfg
+ * ca.crlPublisher.class=<implementation class>
+ * For example,
+ * ca.crlPublisher.class=myCRLPublisher
+ * 
+ * @version $Revision$, $Date$
+ */
+public interface ICRLPublisher {
+
+    /**
+     * Initializes this CRL publisher.
+     * 
+     * @param owner parent of the publisher. An object of type
+     *            CertificateAuthority.
+     * @param config config store for this publisher. If this
+     *            publisher requires configuration parameters for
+     *            initialization, the parameters should be placed
+     *            in CMS.cfg as ca.crlPublisher.<paramType>=<paramValue>
+     * @exception EBaseException failed to initialize this publisher
+     */
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException;
+
+    /**
+     * Publishes CRL. This method is invoked by CMS based
+     * on the configured CRL publishing frequency.
+     * 
+     * @param issuingPointId CRL issuing point identifier
+     *            (i.e. MasterCRL)
+     * @param crl CRL that is publishing
+     * @exception EBaseException failed to publish
+     */
+    public void publish(String issuingPointId, X509CRLImpl crl)
+            throws EBaseException;
+}
diff --git a/base/common/src/com/netscape/certsrv/publish/ILdapCertMapper.java b/base/common/src/com/netscape/certsrv/publish/ILdapCertMapper.java
new file mode 100644
index 000000000..3acaeb580
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/publish/ILdapCertMapper.java
@@ -0,0 +1,70 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.publish;
+
+import java.security.cert.X509Certificate;
+import java.util.Vector;
+
+import netscape.ldap.LDAPConnection;
+
+import com.netscape.certsrv.ldap.ELdapException;
+
+/**
+ * Interface for mapping a X509 certificate to a LDAP entry.
+ * 
+ * @version $Revision$ $Date$
+ */
+public interface ILdapCertMapper extends ILdapPlugin {
+
+    /**
+     * Returns implementation name.
+     */
+    public String getImplName();
+
+    /**
+     * Returns the description of this mapper.
+     */
+    public String getDescription();
+
+    /**
+     * Returns the default parameters.
+     */
+    public Vector<String> getDefaultParams();
+
+    /**
+     * Returns the instance parameters.
+     */
+    public Vector<String> getInstanceParams();
+
+    /**
+     * maps a certificate to a LDAP entry.
+     * returns dn of the mapped LDAP entry.
+     * 
+     * @param conn the LDAP connection
+     * @param cert the certificate to map
+     * @param checkForCert whether to check for the presence of the cert
+     * @exception ELdapException Failed to map.
+     * @return LdapCertMapResult indicates whether a mapping was successful
+     *         and whether a certificate was found if checkForCert was true.
+     *         If checkForCert was not set the hasCert method in LdapCertMapResult
+     *         should be ignored.
+     */
+    public LdapCertMapResult map(LDAPConnection conn,
+            X509Certificate cert, boolean checkForCert)
+            throws ELdapException;
+}
diff --git a/base/common/src/com/netscape/certsrv/publish/ILdapCrlMapper.java b/base/common/src/com/netscape/certsrv/publish/ILdapCrlMapper.java
new file mode 100644
index 000000000..252a09ec3
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/publish/ILdapCrlMapper.java
@@ -0,0 +1,60 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.publish;
+
+import netscape.ldap.LDAPConnection;
+import netscape.security.x509.X509CRLImpl;
+
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.IConfigStore;
+import com.netscape.certsrv.ldap.ELdapException;
+
+/**
+ * Interface for mapping a CRL to a LDAP entry.
+ * 
+ * @version $Revision$ $Date$
+ */
+public interface ILdapCrlMapper {
+
+    /**
+     * maps a crl to a LDAP entry.
+     * returns dn of the mapped LDAP entry.
+     * 
+     * @param conn the LDAP connection
+     * @param crl the CRL to map
+     * @param checkForCrl whether to check for the presence of the CRL
+     * @exception ELdapException Failed to map CRL to entry.
+     * @return LdapCertMapResult indicates whether a mapping was successful
+     *         and whether a certificate was found if checkForCert was true.
+     *         If checkForCert was not set the hasCert method in LdapCertMapResult
+     *         should be ignored.
+     */
+    public LdapCertMapResult
+            map(LDAPConnection conn, X509CRLImpl crl, boolean checkForCrl)
+                    throws ELdapException;
+
+    /**
+     * initialize from config store.
+     * 
+     * @param config the configuration store to initialize from.
+     * @exception ELdapException Initialization failed due to Ldap error.
+     * @exception EBaseException Initialization failed.
+     */
+    public void init(IConfigStore config)
+            throws ELdapException, EBaseException;
+}
diff --git a/base/common/src/com/netscape/certsrv/publish/ILdapExpression.java b/base/common/src/com/netscape/certsrv/publish/ILdapExpression.java
new file mode 100644
index 000000000..4537636c1
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/publish/ILdapExpression.java
@@ -0,0 +1,69 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.publish;
+
+import com.netscape.certsrv.base.SessionContext;
+import com.netscape.certsrv.ldap.ELdapException;
+import com.netscape.certsrv.request.IRequest;
+
+/**
+ * Interface for a Ldap predicate expression.
+ * 
+ * @version $Revision$, $Date$
+ */
+public interface ILdapExpression {
+    public static final int OP_EQUAL = 1;
+    public static final int OP_NEQUAL = 2;
+    public static final int OP_GT = 3;
+    public static final int OP_LT = 4;
+    public static final int OP_GE = 5;
+    public static final int OP_LE = 6;
+    public static final String EQUAL_STR = "==";
+    public static final String NEQUAL_STR = "!=";
+    public static final String GT_STR = ">";
+    public static final String GE_STR = ">=";
+    public static final String LT_STR = "<";
+    public static final String LE_STR = "<=";
+
+    /**
+     * Evaluate the Expression.
+     * 
+     * @param sc The SessionContext on which we are applying the condition.
+     * @return The return value.
+     * @exception ELdapExeption Failed to evaluate expression.
+     */
+    boolean evaluate(SessionContext sc)
+            throws ELdapException;
+
+    /**
+     * Evaluate the Expression.
+     * 
+     * @param req The PKIRequest on which we are applying the condition.
+     * @return The return value.
+     * @exception ELdapExeption Failed to evaluate expression.
+     */
+    boolean evaluate(IRequest req)
+            throws ELdapException;
+
+    /**
+     * Convert to a string.
+     * 
+     * @return String representation of expression.
+     */
+    public String toString();
+}
diff --git a/base/common/src/com/netscape/certsrv/publish/ILdapMapper.java b/base/common/src/com/netscape/certsrv/publish/ILdapMapper.java
new file mode 100644
index 000000000..09238421f
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/publish/ILdapMapper.java
@@ -0,0 +1,80 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.publish;
+
+import java.util.Vector;
+
+import netscape.ldap.LDAPConnection;
+
+import com.netscape.certsrv.ldap.ELdapException;
+import com.netscape.certsrv.request.IRequest;
+
+/**
+ * Interface for mapping a X509 certificate to a LDAP entry.
+ * 
+ * @version $Revision$ $Date$
+ */
+public interface ILdapMapper extends ILdapPlugin {
+
+    /**
+     * Returns implementation name.
+     */
+    public String getImplName();
+
+    /**
+     * Returns the description of this mapper.
+     */
+    public String getDescription();
+
+    /**
+     * Returns the initial default parameters.
+     */
+    public Vector<String> getDefaultParams();
+
+    /**
+     * Returns the current instance parameters.
+     */
+    public Vector<String> getInstanceParams();
+
+    /**
+     * maps a certificate to a LDAP entry.
+     * returns dn of the mapped LDAP entry.
+     * 
+     * @param conn the LDAP connection
+     * @param obj the object to map
+     * @return dn indicates whether a mapping was successful
+     * @exception ELdapException Map operation failed.
+     */
+    public String
+            map(LDAPConnection conn, Object obj)
+                    throws ELdapException;
+
+    /**
+     * maps a certificate to a LDAP entry.
+     * returns dn of the mapped LDAP entry.
+     * 
+     * @param conn the LDAP connection
+     * @param r the request to map
+     * @param obj the object to map
+     * @return dn indicates whether a mapping was successful
+     * @exception ELdapException Map operation failed.
+     */
+    public String
+            map(LDAPConnection conn, IRequest r, Object obj)
+                    throws ELdapException;
+}
diff --git a/base/common/src/com/netscape/certsrv/publish/ILdapPlugin.java b/base/common/src/com/netscape/certsrv/publish/ILdapPlugin.java
new file mode 100644
index 000000000..b0a9fe73b
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/publish/ILdapPlugin.java
@@ -0,0 +1,45 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.publish;
+
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.IConfigStore;
+import com.netscape.certsrv.ldap.ELdapException;
+
+/**
+ * Interface for any Ldap plugin.
+ * 
+ * @version $Revision$ $Date$
+ */
+public interface ILdapPlugin {
+
+    /**
+     * Initialize from config store.
+     * 
+     * @param config the configuration store to initialize from.
+     * @exception ELdapException initialization failed due to Ldap error.
+     * @exception EBaseException initialization failed.
+     */
+    public void init(IConfigStore config)
+            throws EBaseException, ELdapException;
+
+    /**
+     * Return config store.
+     */
+    public IConfigStore getConfigStore();
+}
diff --git a/base/common/src/com/netscape/certsrv/publish/ILdapPluginImpl.java b/base/common/src/com/netscape/certsrv/publish/ILdapPluginImpl.java
new file mode 100644
index 000000000..db52a9106
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/publish/ILdapPluginImpl.java
@@ -0,0 +1,53 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.publish;
+
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.IConfigStore;
+import com.netscape.certsrv.base.IPluginImpl;
+import com.netscape.certsrv.base.ISubsystem;
+import com.netscape.certsrv.ldap.ELdapException;
+
+/**
+ * Interface for any ldap plugin. Plugin implementation is defined here.
+ * 
+ * @version $Revision$ $Date$
+ */
+public interface ILdapPluginImpl extends IPluginImpl {
+
+    /**
+     * initialize from config store.
+     * 
+     * @param config the configuration store to initialize from.
+     * @exception ELdapException initializtion failed due to Ldap error.
+     * @exception EBaseException initialization failed.
+     */
+    public void init(ISubsystem sys, IConfigStore config)
+            throws EBaseException, ELdapException;
+
+    /**
+     * initialize from config store and Isubsystem.
+     * 
+     * @param config the configuration store to initialize from.
+     * @exception ELdapException initializtion failed due to Ldap error.
+     * @exception EBaseException initialization failed.
+     */
+    public void init(IConfigStore config)
+            throws EBaseException, ELdapException;
+
+}
diff --git a/base/common/src/com/netscape/certsrv/publish/ILdapPublishModule.java b/base/common/src/com/netscape/certsrv/publish/ILdapPublishModule.java
new file mode 100644
index 000000000..81e5be952
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/publish/ILdapPublishModule.java
@@ -0,0 +1,43 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.publish;
+
+import com.netscape.certsrv.request.IRequest;
+import com.netscape.certsrv.request.IRequestListener;
+
+/**
+ * Handles requests to perform Ldap publishing.
+ * 
+ * @version $Revision$ $Date$
+ */
+public interface ILdapPublishModule extends IRequestListener {
+
+    /**
+     * initialize ldap publishing module with config store
+     */
+    //	public void init(ICertAuthority owner, IConfigStore config) 
+    //		throws EBaseException, ELdapException;
+
+    /**
+     * Accepts completed requests from an authority and
+     * performs ldap publishing.
+     * 
+     * @param request The publishing request.
+     */
+    public void accept(IRequest request);
+}
diff --git a/base/common/src/com/netscape/certsrv/publish/ILdapPublisher.java b/base/common/src/com/netscape/certsrv/publish/ILdapPublisher.java
new file mode 100644
index 000000000..398d86453
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/publish/ILdapPublisher.java
@@ -0,0 +1,84 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.publish;
+
+import java.util.Vector;
+
+import netscape.ldap.LDAPConnection;
+
+import com.netscape.certsrv.ldap.ELdapException;
+
+/**
+ * Interface for publishing certificate or crl to database store.
+ * 
+ * @version $Revision$ $Date$
+ */
+public interface ILdapPublisher extends ILdapPlugin {
+    public static final String PROP_PREDICATE = "predicate";
+    public static final String PROP_ENABLE = "enable";
+    public static final String PROP_IMPLNAME = "implName";
+
+    /**
+     * Returns the implementation name.
+     */
+    public String getImplName();
+
+    /**
+     * Returns the description of the publisher.
+     */
+    public String getDescription();
+
+    /**
+     * Returns the current instance parameters.
+     */
+    public Vector<String> getInstanceParams();
+
+    /**
+     * Returns the initial default parameters.
+     */
+    public Vector<String> getDefaultParams();
+
+    /**
+     * Publish an object.
+     * 
+     * @param conn a Ldap connection
+     *            (null for non-LDAP publishing)
+     * @param dn dn of the ldap entry to publish cert
+     *            (null for non-LDAP publishing)
+     * @param object object to publish
+     *            (java.security.cert.X509Certificate or,
+     *            java.security.cert.X509CRL)
+     * @exception ELdapException publish failed.
+     */
+    public void publish(LDAPConnection conn, String dn, Object object)
+            throws ELdapException;
+
+    /**
+     * Unpublish an object.
+     * 
+     * @param conn the Ldap connection
+     *            (null for non-LDAP publishing)
+     * @param dn dn of the ldap entry to unpublish cert
+     *            (null for non-LDAP publishing)
+     * @param object object to unpublish
+     *            (java.security.cert.X509Certificate)
+     * @exception ELdapException unpublish failed.
+     */
+    public void unpublish(LDAPConnection conn, String dn, Object object)
+            throws ELdapException;
+}
diff --git a/base/common/src/com/netscape/certsrv/publish/ILdapRule.java b/base/common/src/com/netscape/certsrv/publish/ILdapRule.java
new file mode 100644
index 000000000..7bf19b070
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/publish/ILdapRule.java
@@ -0,0 +1,77 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.publish;
+
+import java.util.Vector;
+
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.IConfigStore;
+
+/**
+ * Interface for publishing rule which associates a Publisher with a Mapper.
+ * 
+ * @version $Revision$ $Date$
+ */
+public interface ILdapRule extends ILdapPlugin {
+    public static final String PROP_PREDICATE = "predicate";
+    public static final String PROP_ENABLE = "enable";
+    public static final String PROP_IMPLNAME = "implName";
+
+    /**
+     * Initialize the plugin.
+     * 
+     * @exception EBaseException Initialization failed.
+     */
+    public void init(IPublisherProcessor processor, IConfigStore
+            config) throws EBaseException;
+
+    /**
+     * Returns the implementation name.
+     */
+    public String getImplName();
+
+    /**
+     * Returns the description of the ldap publisher.
+     */
+    public String getDescription();
+
+    /**
+     * Sets the instance name.
+     */
+    public void setInstanceName(String name);
+
+    /**
+     * Returns the instance name.
+     */
+    public String getInstanceName();
+
+    /**
+     * Returns the current instance parameters.
+     */
+    public Vector<String> getInstanceParams();
+
+    /**
+     * Returns the initial default parameters.
+     */
+    public Vector<String> getDefaultParams();
+
+    /**
+     * Returns true if the rule is enabled, false if it's disabled.
+     */
+    public boolean enabled();
+}
diff --git a/base/common/src/com/netscape/certsrv/publish/IPublishRuleSet.java b/base/common/src/com/netscape/certsrv/publish/IPublishRuleSet.java
new file mode 100644
index 000000000..911d4e132
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/publish/IPublishRuleSet.java
@@ -0,0 +1,122 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.publish;
+
+import java.util.Enumeration;
+
+import netscape.ldap.LDAPConnection;
+
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.IConfigStore;
+import com.netscape.certsrv.base.ISubsystem;
+import com.netscape.certsrv.ldap.ELdapException;
+import com.netscape.certsrv.request.IRequest;
+
+/**
+ * Represents a set of publishing rules. Publishing rules are ordered from
+ * lowest priority to highest priority. The priority assignment for publishing
+ * rules is not enforced by this interface. Various implementation may
+ * use different mechanisms such as a linear ordering of publishing rules
+ * in a configuration file or explicit assignment of priority levels ..etc.
+ * The publishing rule initialization needs to deal with reading the
+ * publishing rules, sorting them in increasing order of priority and
+ * presenting an ordered vector of publishing rules via the IPublishRuleSet
+ * interface.
+ * When a request comes, the predicates of the publishing rules will be
+ * checked in the order to find the first matched publishing rule as the
+ * mapping rule to (un)publish the object.
+ * <P>
+ * 
+ * @version $Revision$, $Date$
+ */
+public interface IPublishRuleSet {
+    void init(ISubsystem sys, IConfigStore conf) throws EBaseException;
+
+    /**
+     * Returns the name of the publishing rule set.
+     * <P>
+     * 
+     * @return The name of the publishing rule set.
+     */
+    String getName();
+
+    /**
+     * Returns the no of publishing rules in a set.
+     * <P>
+     * 
+     * @return the no of publishing rules.
+     */
+    int count();
+
+    /**
+     * Add a publishing rule
+     * <P>
+     * 
+     * @param aliasName The name of the publishing rule to be added.
+     * @param rule rule The publishing rule to be added.
+     */
+    void addRule(String aliasName, ILdapRule rule);
+
+    /**
+     * Removes a publishing rule identified by the given name.
+     * 
+     * @param ruleName The name of the publishing rule to be removed.
+     */
+    void removeRule(String ruleName);
+
+    /**
+     * Get the publishing rule identified by a given name.
+     * <P>
+     * 
+     * @param ruleName The name of the publishing rule to be return.
+     * @return The publishing rule identified by the given name or null if none exists.
+     */
+    ILdapRule getRule(String ruleName);
+
+    /**
+     * Get the publishing rule identified by a corresponding request.
+     * <P>
+     * 
+     * @param req The request from which rule will be identified.
+     * @return The publishing rule or null if none exists.
+     */
+    ILdapRule getRule(IRequest req);
+
+    /**
+     * Get an enumeration of publishing rules.
+     * <P>
+     * 
+     * @return An enumeration of publishing rules.
+     */
+    Enumeration<ILdapRule> getRules();
+
+    /**
+     * Apply publishing rules on a request.
+     * The predicates of the publishing rules will be checked in the order
+     * to find the first matched publishing rule.
+     * Use the mapper to find the dn of the LDAP entry and use the publisher
+     * to publish the object in the request.
+     * <P>
+     * 
+     * @param conn The Ldap connection
+     * @param req The request to apply policies on.
+     * @exception ELdapException publish failed due to Ldap error.
+     */
+    public void publish(LDAPConnection conn, IRequest req)
+            throws ELdapException;
+}
diff --git a/base/common/src/com/netscape/certsrv/publish/IPublisherProcessor.java b/base/common/src/com/netscape/certsrv/publish/IPublisherProcessor.java
new file mode 100644
index 000000000..3ed985403
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/publish/IPublisherProcessor.java
@@ -0,0 +1,360 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.publish;
+
+import java.math.BigInteger;
+import java.security.cert.X509CRL;
+import java.security.cert.X509Certificate;
+import java.util.Enumeration;
+import java.util.Hashtable;
+import java.util.Vector;
+
+import netscape.security.x509.X509CRLImpl;
+
+import com.netscape.certsrv.base.ISubsystem;
+import com.netscape.certsrv.ldap.ELdapException;
+import com.netscape.certsrv.ldap.ILdapConnModule;
+import com.netscape.certsrv.request.IRequest;
+
+/**
+ * Controls the publishing process from the top level. Maintains
+ * a collection of Publishers , Mappers, and Publish Rules.
+ * 
+ * @version $Revision$ $Date$
+ */
+
+public interface IPublisherProcessor extends ISubsystem {
+
+    public final static String PROP_PUBLISH_SUBSTORE = "publish";
+    public final static String PROP_LDAP_PUBLISH_SUBSTORE = "ldappublish";
+    public final static String PROP_QUEUE_PUBLISH_SUBSTORE = "queue";
+
+    public static final String PROP_LOCAL_CA = "cacert";
+    public static final String PROP_LOCAL_CRL = "crl";
+    public static final String PROP_CERTS = "certs";
+    public static final String PROP_XCERT = "xcert";
+
+    public static final String PROP_CLASS = "class";
+    public static final String PROP_IMPL = "impl";
+    public static final String PROP_PLUGIN = "pluginName";
+    public static final String PROP_INSTANCE = "instance";
+
+    public static final String PROP_PREDICATE = "predicate";
+    public static final String PROP_ENABLE = "enable";
+    public static final String PROP_LDAP = "ldap";
+    public static final String PROP_MAPPER = "mapper";
+    public static final String PROP_PUBLISHER = "publisher";
+    public static final String PROP_TYPE = "type";
+
+    /**
+     * 
+     * Returns Hashtable of rule plugins.
+     */
+
+    public Hashtable<String, RulePlugin> getRulePlugins();
+
+    /**
+     * 
+     * Returns Hashtable of rule instances.
+     */
+
+    public Hashtable<String, ILdapRule> getRuleInsts();
+
+    /**
+     * 
+     * Returns Hashtable of mapper plugins.
+     */
+
+    public Hashtable<String, MapperPlugin> getMapperPlugins();
+
+    /**
+     * 
+     * Returns Hashtable of publisher plugins.
+     */
+    public Hashtable<String, PublisherPlugin> getPublisherPlugins();
+
+    /**
+     * 
+     * Returns Hashtable of rule mapper instances.
+     */
+    public Hashtable<String, MapperProxy> getMapperInsts();
+
+    /**
+     * 
+     * Returns Hashtable of rule publisher instances.
+     */
+    public Hashtable<String, PublisherProxy> getPublisherInsts();
+
+    /**
+     * 
+     * Returns list of rules based on publishing type.
+     * 
+     * @param publishingType Type for which to retrieve rule list.
+     */
+
+    public Enumeration<ILdapRule> getRules(String publishingType);
+
+    /**
+     * 
+     * Returns list of rules based on publishing type and publishing request.
+     * 
+     * @param publishingType Type for which to retrieve rule list.
+     * @param req Corresponding publish request.
+     */
+    public Enumeration<ILdapRule> getRules(String publishingType, IRequest req);
+
+    /**
+     * 
+     * Returns mapper initial default parameters.
+     * 
+     * @param implName name of MapperPlugin.
+     */
+
+    public Vector<String> getMapperDefaultParams(String implName) throws
+            ELdapException;
+
+    /**
+     * 
+     * Returns mapper current instance parameters.
+     * 
+     * @param insName name of MapperProxy.
+     * @exception ELdapException failed due to Ldap error.
+     */
+
+    public Vector<String> getMapperInstanceParams(String insName) throws
+            ELdapException;
+
+    /**
+     * 
+     * Returns publisher initial default parameters.
+     * 
+     * @param implName name of PublisherPlugin.
+     * @exception ELdapException failed due to Ldap error.
+     */
+    public Vector<String> getPublisherDefaultParams(String implName) throws
+            ELdapException;
+
+    /**
+     * 
+     * Returns true if MapperInstance is enabled.
+     * 
+     * @param insName name of MapperProxy.
+     * @return true if enabled. false if disabled.
+     */
+
+    public boolean isMapperInstanceEnable(String insName);
+
+    /**
+     * 
+     * Returns ILdapMapper instance that is currently active.
+     * 
+     * @param insName name of MapperProxy.
+     * @return instance of ILdapMapper.
+     */
+    public ILdapMapper getActiveMapperInstance(String insName);
+
+    /**
+     * 
+     * Returns ILdapMapper instance based on name of MapperProxy.
+     * 
+     * @param insName name of MapperProxy.
+     * @return instance of ILdapMapper.
+     */
+    public ILdapMapper getMapperInstance(String insName);
+
+    /**
+     * 
+     * Returns true publisher instance is currently enabled.
+     * 
+     * @param insName name of PublisherProxy.
+     * @return true if enabled.
+     */
+    public boolean isPublisherInstanceEnable(String insName);
+
+    /**
+     * 
+     * Returns ILdapPublisher instance that is currently active.
+     * 
+     * @param insName name of PublisherProxy.
+     * @return instance of ILdapPublisher.
+     */
+    public ILdapPublisher getActivePublisherInstance(String insName);
+
+    /**
+     * 
+     * Returns ILdapPublisher instance.
+     * 
+     * @param insName name of PublisherProxy.
+     * @return instance of ILdapPublisher.
+     */
+    public ILdapPublisher getPublisherInstance(String insName);
+
+    /**
+     * 
+     * Returns Vector of PublisherIntance's current instance parameters.
+     * 
+     * @param insName name of PublisherProxy.
+     * @return Vector of current instance parameters.
+     */
+    public Vector<String> getPublisherInstanceParams(String insName) throws
+            ELdapException;
+
+    /**
+     * 
+     * Returns Vector of RulePlugin's initial default parameters.
+     * 
+     * @param implName name of RulePlugin.
+     * @return Vector of initial default parameters.
+     * @exception ELdapException failed due to Ldap error.
+     */
+    public Vector<String> getRuleDefaultParams(String implName) throws
+            ELdapException;
+
+    /**
+     * 
+     * Returns Vector of RulePlugin's current instance parameters.
+     * 
+     * @param implName name of RulePlugin.
+     * @return Vector of current instance parameters.
+     * @exception ELdapException failed due to Ldap error.
+     */
+    public Vector<String> getRuleInstanceParams(String implName) throws
+            ELdapException;
+
+    /**
+     * Set published flag - true when published, false when unpublished.
+     * Not exist means not published.
+     * 
+     * @param serialNo serial number of publishable object.
+     * @param published true for published, false for not.
+     */
+    public void setPublishedFlag(BigInteger serialNo, boolean published);
+
+    /**
+     * Publish ca cert, UpdateDir.java, jobs, request listeners
+     * 
+     * @param cert X509 certificate to be published.
+     * @exception ELdapException publish failed due to Ldap error.
+     */
+    public void publishCACert(X509Certificate cert)
+            throws ELdapException;
+
+    /**
+     * This function is never called. CMS does not unpublish
+     * CA certificate.
+     */
+    public void unpublishCACert(X509Certificate cert)
+            throws ELdapException;
+
+    /**
+     * Publishs regular user certificate based on the criteria
+     * set in the request.
+     * 
+     * @param cert X509 certificate to be published.
+     * @param req request which provides the criteria
+     * @exception ELdapException publish failed due to Ldap error.
+     */
+    public void publishCert(X509Certificate cert, IRequest req)
+            throws ELdapException;
+
+    /**
+     * Unpublish user certificate. This is used by
+     * UnpublishExpiredJob.
+     * 
+     * @param cert X509 certificate to be unpublished.
+     * @param req request which provides the criteria
+     * @exception ELdapException unpublish failed due to Ldap error.
+     */
+    public void unpublishCert(X509Certificate cert, IRequest req)
+            throws ELdapException;
+
+    /**
+     * publishes a crl by mapping the issuer name in the crl to an entry
+     * and publishing it there. entry must be a certificate authority.
+     * Note that this is used by cmsgateway/cert/UpdateDir.java
+     * 
+     * @param crl Certificate Revocation List
+     * @param crlIssuingPointId name of the issuing point.
+     * @exception ELdapException publish failed due to Ldap error.
+     */
+    public void publishCRL(X509CRLImpl crl, String crlIssuingPointId)
+            throws ELdapException;
+
+    /**
+     * publishes a crl by mapping the issuer name in the crl to an entry
+     * and publishing it there. entry must be a certificate authority.
+     * 
+     * @param dn Distinguished name to publish.
+     * @param crl Certificate Revocation List
+     * @exception ELdapException publish failed due to Ldap error.
+     */
+    public void publishCRL(String dn, X509CRL crl)
+            throws ELdapException;
+
+    /**
+     * 
+     * Return true if Ldap is enabled.
+     * 
+     * @return true if Ldap is enabled,otherwise false.
+     */
+
+    public boolean ldapEnabled();
+
+    /**
+     * 
+     * Return true of PublisherProcessor is enabled.
+     * 
+     * @return true if is enabled, otherwise false.
+     * 
+     */
+    public boolean enabled();
+
+    /**
+     * 
+     * Return Authority for which this Processor operates.
+     * 
+     * @return Authority.
+     */
+
+    public ISubsystem getAuthority();
+
+    /**
+     * 
+     * Perform logging function for this Processor.
+     * 
+     * @param level Log level to be used for this message
+     * @param msg Message to be logged.
+     */
+
+    public void log(int level, String msg);
+
+    /**
+     * 
+     * Returns LdapConnModule belonging to this Processor.
+     * 
+     * @return LdapConnModule.
+     */
+    public ILdapConnModule getLdapConnModule();
+
+    /**
+     * Sets the LdapConnModule belonging to this Processor.
+     * 
+     * @param m ILdapConnModule.
+     */
+    public void setLdapConnModule(ILdapConnModule m);
+}
diff --git a/base/common/src/com/netscape/certsrv/publish/IXcertPublisherProcessor.java b/base/common/src/com/netscape/certsrv/publish/IXcertPublisherProcessor.java
new file mode 100644
index 000000000..b70a0626d
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/publish/IXcertPublisherProcessor.java
@@ -0,0 +1,38 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.publish;
+
+import com.netscape.certsrv.ldap.ELdapException;
+
+/**
+ * Interface for a publisher that has the capability of publishing
+ * cross certs
+ * 
+ * @version $Revision$, $Date$
+ */
+public interface IXcertPublisherProcessor extends IPublisherProcessor {
+
+    /**
+     * Publish crossCertificatePair.
+     * 
+     * @param pair Byte array representing cert pair.
+     * @exception EldapException publish failed due to Ldap error.
+     */
+    public void publishXCertPair(byte[] pair)
+            throws ELdapException;
+}
diff --git a/base/common/src/com/netscape/certsrv/publish/LdapCertMapResult.java b/base/common/src/com/netscape/certsrv/publish/LdapCertMapResult.java
new file mode 100644
index 000000000..84a866095
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/publish/LdapCertMapResult.java
@@ -0,0 +1,56 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.publish;
+
+/**
+ * Class that represents the result of a Ldap Mapping operation.
+ * certificate map result:
+ * Represented by a mapped entry as a DN and whether entry has the certificate.
+ * 
+ * @version $Revision$ $Date$
+ */
+public class LdapCertMapResult {
+    private String mDn;
+    private boolean mHasCert;
+
+    /**
+     * Constructs ldap cert map result with a dn and hasCert boolean.
+     */
+    public LdapCertMapResult(String dn, boolean hasCert) {
+        mDn = dn;
+        mHasCert = hasCert;
+    }
+
+    /**
+     * Gets DN from the result.
+     * 
+     * @return Distinguished Name.
+     */
+    public String getDn() {
+        return mDn;
+    }
+
+    /**
+     * Gets whether the ldap entry had a certificate from result.
+     * 
+     * @return true if cert is present, false otherwise.
+     */
+    public boolean hasCert() {
+        return mHasCert;
+    }
+}
diff --git a/base/common/src/com/netscape/certsrv/publish/MapperPlugin.java b/base/common/src/com/netscape/certsrv/publish/MapperPlugin.java
new file mode 100644
index 000000000..b193e1b5f
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/publish/MapperPlugin.java
@@ -0,0 +1,39 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.publish;
+
+import com.netscape.certsrv.base.Plugin;
+
+/**
+ * This class represents a registered mapper plugin.
+ * <P>
+ * 
+ * @version $Revision$, $Date$
+ */
+public class MapperPlugin extends Plugin {
+
+    /**
+     * Constructs a MapperPlugin based on a name and a path.
+     * 
+     * @param id Name of plugin.
+     * @param path Classpath of plugin.
+     */
+    public MapperPlugin(String id, String path) {
+        super(id, path);
+    }
+}
diff --git a/base/common/src/com/netscape/certsrv/publish/MapperProxy.java b/base/common/src/com/netscape/certsrv/publish/MapperProxy.java
new file mode 100644
index 000000000..95dc98d9c
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/publish/MapperProxy.java
@@ -0,0 +1,62 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.publish;
+
+/**
+ * 
+ * Class representing a LdapMapper.
+ * 
+ * @version $Revision$ $Date$
+ */
+
+public class MapperProxy {
+    private boolean mEnable;
+    private ILdapMapper mMapper;
+
+    /**
+     * 
+     * Contructs MapperProxy .
+     * 
+     * @param enable Enabled or not.
+     * @param mapper Corresponding ILdapMapper object.
+     */
+    public MapperProxy(boolean enable, ILdapMapper mapper) {
+        mEnable = enable;
+        mMapper = mapper;
+    }
+
+    /**
+     * 
+     * Returns if enabled.
+     * 
+     * @return true if enabled, otherwise false.
+     */
+    public boolean isEnable() {
+        return mEnable;
+    }
+
+    /**
+     * 
+     * Returns ILdapMapper object.
+     * 
+     * @return Intance of ILdapMapper object.
+     */
+    public ILdapMapper getMapper() {
+        return mMapper;
+    }
+}
diff --git a/base/common/src/com/netscape/certsrv/publish/PublisherPlugin.java b/base/common/src/com/netscape/certsrv/publish/PublisherPlugin.java
new file mode 100644
index 000000000..5a163b80c
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/publish/PublisherPlugin.java
@@ -0,0 +1,40 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.publish;
+
+import com.netscape.certsrv.base.Plugin;
+
+/**
+ * This class represents a registered publisher plugin.
+ * <P>
+ * 
+ * @version $Revision$, $Date$
+ */
+public class PublisherPlugin extends Plugin {
+
+    /**
+     * 
+     * Constructs a PublisherPlugin based on name and classpath.
+     * 
+     * @param id name of plugin.
+     * @param path Classpath of plugin.
+     */
+    public PublisherPlugin(String id, String path) {
+        super(id, path);
+    }
+}
diff --git a/base/common/src/com/netscape/certsrv/publish/PublisherProxy.java b/base/common/src/com/netscape/certsrv/publish/PublisherProxy.java
new file mode 100644
index 000000000..eb71f3e56
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/publish/PublisherProxy.java
@@ -0,0 +1,60 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.publish;
+
+/**
+ * 
+ * Class representing a proxy for a ILdapPublisher.
+ * 
+ * @version $Revision$ $Date$
+ */
+
+public class PublisherProxy {
+    private boolean mEnable;
+    private ILdapPublisher mPublisher;
+
+    /**
+     * 
+     * Constructs a PublisherProxy based on a ILdapPublisher object and enabled boolean.
+     * 
+     * @param enable Proxy is enabled or not.
+     * @param publisher Corresponding ILdapPublisher object.
+     */
+    public PublisherProxy(boolean enable, ILdapPublisher publisher) {
+        mEnable = enable;
+        mPublisher = publisher;
+    }
+
+    /**
+     * Return if enabled or not.
+     * 
+     * @return true if enabled, otherwise false.
+     */
+    public boolean isEnable() {
+        return mEnable;
+    }
+
+    /**
+     * Return ILdapPublisher object.
+     * 
+     * @return Instance of ILdapPublisher.
+     */
+    public ILdapPublisher getPublisher() {
+        return mPublisher;
+    }
+}
diff --git a/base/common/src/com/netscape/certsrv/publish/RulePlugin.java b/base/common/src/com/netscape/certsrv/publish/RulePlugin.java
new file mode 100644
index 000000000..b37a24d51
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/publish/RulePlugin.java
@@ -0,0 +1,40 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.publish;
+
+import com.netscape.certsrv.base.Plugin;
+
+/**
+ * This class represents a registered Publishing Rule plugin.
+ * <P>
+ * 
+ * @version $Revision$, $Date$
+ */
+public class RulePlugin extends Plugin {
+
+    /**
+     * 
+     * Constructs a RulePlugin based on name and classpath.
+     * 
+     * @param id name of RulePlugin.
+     * @param path Classpath of RulePlugin.
+     */
+    public RulePlugin(String id, String path) {
+        super(id, path);
+    }
+}