Removed unnecessary pki folder.

Previously the source code was located inside a pki folder.
This folder was created during svn migration and is no longer
needed. This folder has now been removed and the contents have
been moved up one level.

Ticket #131

11 files changed, 1004 insertions, 0 deletions

diff --git a/base/common/src/com/netscape/certsrv/usrgrp/Certificates.java b/base/common/src/com/netscape/certsrv/usrgrp/Certificates.java
new file mode 100644
index 000000000..fdfa3cd38
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/usrgrp/Certificates.java
@@ -0,0 +1,49 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.usrgrp;
+
+import java.security.cert.X509Certificate;
+
+/**
+ * This class defines the strong authentication basic elements,
+ * the X509 certificates.
+ * 
+ * @version $Revision$, $Date$
+ */
+public class Certificates {
+
+    private X509Certificate mCerts[] = null;
+
+    /**
+     * Constructs strong authenticator.
+     * 
+     * @param certs a list of X509Certificates
+     */
+    public Certificates(X509Certificate certs[]) {
+        mCerts = certs;
+    }
+
+    /**
+     * Retrieves certificates.
+     * 
+     * @return a list of X509Certificates
+     */
+    public X509Certificate[] getCertificates() {
+        return mCerts;
+    }
+}
diff --git a/base/common/src/com/netscape/certsrv/usrgrp/EUsrGrpException.java b/base/common/src/com/netscape/certsrv/usrgrp/EUsrGrpException.java
new file mode 100644
index 000000000..a25a1a6b3
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/usrgrp/EUsrGrpException.java
@@ -0,0 +1,87 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.usrgrp;
+
+import com.netscape.certsrv.base.EBaseException;
+
+/**
+ * A class represents a Identity exception.
+ * <P>
+ * 
+ * @version $Revision$, $Date$
+ */
+public class EUsrGrpException extends EBaseException {
+
+    /**
+     *
+     */
+    private static final long serialVersionUID = 5549165292376270875L;
+    /**
+     * Identity resource class name.
+     */
+    private static final String USRGRP_RESOURCES = UsrGrpResources.class.getName();
+
+    /**
+     * Constructs a usr/grp management exception
+     * 
+     * @param msgFormat exception details in message string format
+     *            <P>
+     */
+    public EUsrGrpException(String msgFormat) {
+        super(msgFormat);
+    }
+
+    /**
+     * Constructs a Identity exception.
+     * 
+     * @param msgFormat exception details in message string format
+     * @param param message string parameter
+     *            <P>
+     */
+    public EUsrGrpException(String msgFormat, String param) {
+        super(msgFormat, param);
+    }
+
+    /**
+     * Constructs a Identity exception.
+     * 
+     * @param e system exception
+     *            <P>
+     */
+    public EUsrGrpException(String msgFormat, Exception e) {
+        super(msgFormat, e);
+    }
+
+    /**
+     * Constructs a Identity exception.
+     * 
+     * @param msgFormat exception details in message string format
+     * @param params list of message format parameters
+     *            <P>
+     */
+    public EUsrGrpException(String msgFormat, Object params[]) {
+        super(msgFormat, params);
+    }
+
+    /**
+     * Retrieves bundle name.
+     */
+    protected String getBundleName() {
+        return USRGRP_RESOURCES;
+    }
+}
diff --git a/base/common/src/com/netscape/certsrv/usrgrp/ICertUserLocator.java b/base/common/src/com/netscape/certsrv/usrgrp/ICertUserLocator.java
new file mode 100644
index 000000000..dbbd068c4
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/usrgrp/ICertUserLocator.java
@@ -0,0 +1,49 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.usrgrp;
+
+import netscape.ldap.LDAPException;
+
+import com.netscape.certsrv.ldap.ELdapException;
+
+/**
+ * This interface defines a certificate mapping strategy to locate
+ * a user
+ * 
+ * @version $Revision$, $Date$
+ */
+public interface ICertUserLocator {
+
+    /**
+     * Returns a user whose certificates match with the given certificates
+     * 
+     * @return an user interface
+     * @exception EUsrGrpException thrown when failed to build user
+     * @exception LDAPException thrown when LDAP internal database is not available
+     * @exception ELdapException thrown when the LDAP search failed
+     */
+    public IUser locateUser(Certificates certs) throws
+            EUsrGrpException, LDAPException, ELdapException;
+
+    /**
+     * Retrieves description.
+     * 
+     * @return description
+     */
+    public String getDescription();
+}
diff --git a/base/common/src/com/netscape/certsrv/usrgrp/IGroup.java b/base/common/src/com/netscape/certsrv/usrgrp/IGroup.java
new file mode 100644
index 000000000..522d0fc89
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/usrgrp/IGroup.java
@@ -0,0 +1,74 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.usrgrp;
+
+import java.util.Enumeration;
+
+import com.netscape.certsrv.base.IAttrSet;
+
+/**
+ * This interface defines the basic interfaces for
+ * an identity group. (get/set methods for a group entry attributes)
+ * 
+ * @version $Revision$, $Date$
+ */
+public interface IGroup extends IAttrSet, IGroupConstants {
+
+    /**
+     * Retrieves the group name.
+     * 
+     * @return the group name
+     */
+    public String getName();
+
+    /**
+     * Retrieves group identifier.
+     * 
+     * @return the group id
+     */
+    public String getGroupID();
+
+    /**
+     * Retrieves group description.
+     * 
+     * @return description
+     */
+    public String getDescription();
+
+    /**
+     * Checks if the given name is member of this group.
+     * 
+     * @param name the given name
+     * @return true if the given name is the member of this group; otherwise false.
+     */
+    public boolean isMember(String name);
+
+    /**
+     * Adds new member.
+     * 
+     * @param name the given name.
+     */
+    public void addMemberName(String name);
+
+    /**
+     * Retrieves a list of member names.
+     * 
+     * @return a list of member names for this group.
+     */
+    public Enumeration<String> getMemberNames();
+}
diff --git a/base/common/src/com/netscape/certsrv/usrgrp/IGroupConstants.java b/base/common/src/com/netscape/certsrv/usrgrp/IGroupConstants.java
new file mode 100644
index 000000000..22d89455c
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/usrgrp/IGroupConstants.java
@@ -0,0 +1,46 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.usrgrp;
+
+/**
+ * This interface defines the attribute names for a group entry
+ * 
+ * @version $Revision$, $Date$
+ */
+public interface IGroupConstants {
+
+    /**
+     * Contant for groupName
+     */
+    public static final String ATTR_NAME = "groupName";
+
+    /**
+     * Constant for dn
+     */
+    public static final String ATTR_ID = "dn";
+
+    /**
+     * Constant for description
+     */
+    public static final String ATTR_DESCRIPTION = "description";
+
+    /**
+     * Constant for uniquemember
+     */
+    public static final String ATTR_MEMBERS = "uniquemember";
+}
diff --git a/base/common/src/com/netscape/certsrv/usrgrp/IIdEvaluator.java b/base/common/src/com/netscape/certsrv/usrgrp/IIdEvaluator.java
new file mode 100644
index 000000000..41209b4b9
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/usrgrp/IIdEvaluator.java
@@ -0,0 +1,39 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.usrgrp;
+
+/**
+ * A class represents an ID evaluator.
+ * <P>
+ * 
+ * @version $Revision$, $Date$
+ */
+public interface IIdEvaluator {
+
+    /**
+     * Evaluates if the given value satisfies the ID evaluation:
+     * is a user a member of a group
+     * 
+     * @param type the type of evaluator, in this case, it is group
+     * @param id the user id for the given user
+     * @param op operator, only "=" and "!=" are supported
+     * @param value the name of the group, eg, "Certificate Manager Agents"
+     * @return true if the given user is a member of the group
+     */
+    public boolean evaluate(String type, IUser id, String op, String value);
+}
diff --git a/base/common/src/com/netscape/certsrv/usrgrp/IUGSubsystem.java b/base/common/src/com/netscape/certsrv/usrgrp/IUGSubsystem.java
new file mode 100644
index 000000000..282d672f1
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/usrgrp/IUGSubsystem.java
@@ -0,0 +1,260 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.usrgrp;
+
+import java.security.cert.X509Certificate;
+import java.util.Enumeration;
+
+import netscape.ldap.LDAPException;
+
+import com.netscape.certsrv.base.ISubsystem;
+
+/**
+ * This class defines low-level LDAP usr/grp management
+ * usr/grp information is located remotely on another
+ * LDAP server.
+ * 
+ * @version $Revision$, $Date$
+ */
+public interface IUGSubsystem extends ISubsystem, IUsrGrp {
+
+    /**
+     * Constant for ID
+     */
+    public static final String ID = "usrgrp";
+
+    /**
+     * Constant for super administrators
+     */
+    public static final String SUPER_CERT_ADMINS = "Administrators";
+
+    /**
+     * Retrieves a user from LDAP
+     * 
+     * @param userid the given user id
+     * @exception EUsrGrpException thrown when failed to find the user
+     */
+    public IUser getUser(String userid) throws EUsrGrpException;
+
+    /**
+     * Searches for users that matches the filter.
+     * 
+     * @param filter search filter for efficiency
+     * @return list of users
+     * @exception EUsrGrpException thrown when any internal error occurs
+     */
+    public Enumeration<IUser> listUsers(String filter) throws EUsrGrpException;
+
+    /**
+     * Adds the given user to the internal database
+     * 
+     * @param identity the given user
+     * @exception EUsrGrpException thrown when failed to add user to the group
+     * @exception LDAPException thrown when the LDAP internal database is not available
+     */
+    public void addUser(IUser identity) throws EUsrGrpException, LDAPException;
+
+    /**
+     * Adds a user certificate to user
+     * 
+     * @param identity user interface
+     * @exception EUsrGrpException thrown when failed to add the user certificate to the given user
+     * @exception LDAPException thrown when the LDAP internal database is not available
+     */
+    public void addUserCert(IUser identity) throws EUsrGrpException,
+            LDAPException;
+
+    /**
+     * Add a certSubjectDN field to the user
+     * @param identity
+     * @throws EUsrGrpException
+     * @throws LDAPException
+     */
+    public void addCertSubjectDN(IUser identity) throws EUsrGrpException, LDAPException;
+
+    /**
+     * Removes a user certificate for a user entry
+     * given a user certificate DN (actually, a combination of version,
+     * serialNumber, issuerDN, and SubjectDN), and it gets removed
+     * 
+     * @param identity the given user whose user certificate is going to be
+     *            be removed.
+     * @exception EUsrGrpException thrown when failed to remove user certificate
+     */
+    public void removeUserCert(IUser identity) throws EUsrGrpException;
+
+    /**
+     * Removes identity.
+     * 
+     * @param userid the given user id
+     * @exception EUsrGrpException thrown when failed to remove user
+     */
+    public void removeUser(String userid) throws EUsrGrpException;
+
+    /**
+     * Modifies user attributes. Certs are handled separately
+     * 
+     * @param identity the given identity which contains all the user
+     *            attributes being modified
+     * @exception EUsrGrpException thrown when modification failed
+     */
+    public void modifyUser(IUser identity) throws EUsrGrpException;
+
+    /**
+     * Finds groups that match the filter.
+     * 
+     * @param filter the search filter
+     * @return a list of groups that match the given search filter
+     */
+    public Enumeration<IGroup> findGroups(String filter);
+
+    /**
+     * Find a group for the given name
+     * 
+     * @param name the given name
+     * @return a group that matched the given name
+     */
+    public IGroup findGroup(String name);
+
+    /**
+     * List groups. This method is more efficient than findGroups because
+     * this method retrieves group names and description only. Each
+     * retrieved group just contains group name and description.
+     * 
+     * @param filter the search filter
+     * @return a list of groups, each group just contains group name and
+     *         its description.
+     * @exception EUsrGrpException thrown when failed to list groups
+     */
+    public Enumeration<IGroup> listGroups(String filter) throws EUsrGrpException;
+
+    /**
+     * Retrieves a group from LDAP for the given group name
+     * 
+     * @param name the given group name
+     * @return a group interface
+     */
+    public IGroup getGroupFromName(String name);
+
+    /**
+     * Retrieves a group from LDAP for the given DN.
+     * 
+     * @param DN the given DN
+     * @return a group interface for the given DN.
+     */
+    public IGroup getGroup(String DN);
+
+    /**
+     * Checks if the given group exists.
+     * 
+     * @param name the given group name
+     * @return true if the given group exists in the internal database; otherwise false.
+     */
+    public boolean isGroupPresent(String name);
+
+    /**
+     * Checks if the given context is a member of the given group
+     * 
+     * @param uid the given user id
+     * @param name the given group name
+     * @return true if the user with the given user id is a member of the given
+     *         group
+     */
+    public boolean isMemberOf(String uid, String name);
+
+    public boolean isMemberOf(IUser id, String name);
+
+    /**
+     * Adds a group of identities.
+     * 
+     * @param group the given group
+     * @exception EUsrGrpException thrown when failed to add group.
+     */
+    public void addGroup(IGroup group) throws EUsrGrpException;
+
+    /**
+     * Removes a group. Can't remove SUPER_CERT_ADMINS
+     * 
+     * @param name the given group name
+     * @exception EUsrGrpException thrown when the given group failed to remove
+     */
+    public void removeGroup(String name) throws EUsrGrpException;
+
+    /**
+     * Modifies a group.
+     * 
+     * @param group the given group which contain all group attributes being
+     *            modified.
+     * @exception EUsrGrpException thrown when failed to modify group.
+     */
+    public void modifyGroup(IGroup group) throws EUsrGrpException;
+
+    /**
+     * Removes the user with the given id from the given group
+     * 
+     * @param grp the given group
+     * @param userid the given user id
+     * @exception EUsrGrpException thrown when failed to remove the user from
+     *                the given group
+     */
+    public void removeUserFromGroup(IGroup grp, String userid)
+            throws EUsrGrpException;
+
+    /**
+     * Create user with the given id.
+     * 
+     * @param id the user with the given id.
+     * @return a new user
+     */
+    public IUser createUser(String id);
+
+    /**
+     * Create group with the given id.
+     * 
+     * @param id the group with the given id.
+     * @return a new group
+     */
+    public IGroup createGroup(String id);
+
+    /**
+     * Get string representation of the given certificate
+     * 
+     * @param cert given certificate
+     * @return the string representation of the given certificate
+     */
+    public String getCertificateString(X509Certificate cert);
+
+    /**
+     * Searchs for identities that matches the certificate locater
+     * generated filter.
+     * 
+     * @param filter search filter
+     * @return an user
+     * @exception EUsrGrpException thrown when failed to find user
+     * @exception LDAPException thrown when the internal database is not available
+     */
+    public IUser findUsersByCert(String filter) throws
+            EUsrGrpException, LDAPException;
+
+    /**
+     * Get user locator which does the mapping between the user and the certificate.
+     * 
+     * @return CertUserLocator
+     */
+    public ICertUserLocator getCertUserLocator();
+}
diff --git a/base/common/src/com/netscape/certsrv/usrgrp/IUser.java b/base/common/src/com/netscape/certsrv/usrgrp/IUser.java
new file mode 100644
index 000000000..9370a6718
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/usrgrp/IUser.java
@@ -0,0 +1,171 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.usrgrp;
+
+import java.security.cert.X509Certificate;
+
+import com.netscape.certsrv.base.IAttrSet;
+
+/**
+ * This interface defines the basic interfaces for
+ * a user identity. (get/set methods for a user entry attributes)
+ * 
+ * @version $Revision$, $Date$
+ */
+public interface IUser extends IAttrSet, IUserConstants {
+
+    /**
+     * Retrieves name.
+     * 
+     * @return user name
+     */
+    public String getName();
+
+    /**
+     * Retrieves user identifier.
+     * 
+     * @return user id
+     */
+    public String getUserID();
+
+    /**
+     * Retrieves user full name.
+     * 
+     * @return user fullname
+     */
+    public String getFullName();
+
+    /**
+     * Retrieves user phonenumber.
+     * 
+     * @return user phonenumber
+     */
+    public String getPhone();
+
+    /**
+     * Retrieves user state
+     * 
+     * @return user state
+     */
+    public String getState();
+
+    /**
+     * Sets user full name.
+     * 
+     * @param name the given full name
+     */
+    public void setFullName(String name);
+
+    /**
+     * Sets user ldap DN.
+     * 
+     * @param userdn the given user DN
+     */
+    public void setUserDN(String userdn);
+
+    /**
+     * Gets user ldap dn
+     * 
+     * @return user DN
+     */
+    public String getUserDN();
+
+    /**
+     * Retrieves user password.
+     * 
+     * @return user password
+     */
+    public String getPassword();
+
+    /**
+     * Sets user password.
+     * 
+     * @param p the given password
+     */
+    public void setPassword(String p);
+
+    /**
+     * Sets user phonenumber
+     * 
+     * @param p user phonenumber
+     */
+    public void setPhone(String p);
+
+    /**
+     * Sets user state
+     * 
+     * @param p the given user state
+     */
+    public void setState(String p);
+
+    /**
+     * Sets user type
+     * 
+     * @param userType the given user type
+     */
+    public void setUserType(String userType);
+
+    /**
+     * Gets user email address.
+     * 
+     * @return email address
+     */
+    public String getEmail();
+
+    /**
+     * Sets user email address.
+     * 
+     * @param email the given email address
+     */
+    public void setEmail(String email);
+
+    /**
+     * Gets list of certificates from this user
+     * 
+     * @return list of certificates
+     */
+    public X509Certificate[] getX509Certificates();
+
+    /**
+     * Sets list of certificates in this user
+     * 
+     * @param certs list of certificates
+     */
+    public void setX509Certificates(X509Certificate certs[]);
+
+    /**
+     * Get certificate DN
+     * 
+     * @return certificate DN
+     */
+    public String getCertDN();
+
+    /**
+     * Set certificate DN
+     * 
+     * @param userdn the given DN
+     */
+    public void setCertDN(String userdn);
+
+    /**
+     * Get user type
+     * 
+     * @return user type.
+     */
+    public String getUserType();
+}
diff --git a/base/common/src/com/netscape/certsrv/usrgrp/IUserConstants.java b/base/common/src/com/netscape/certsrv/usrgrp/IUserConstants.java
new file mode 100644
index 000000000..f66f01c73
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/usrgrp/IUserConstants.java
@@ -0,0 +1,66 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.usrgrp;
+
+/**
+ * This interface defines the attribute names for a user entry
+ * 
+ * @version $Revision$, $Date$
+ */
+public interface IUserConstants {
+
+    /**
+     * Constant for userScope
+     */
+    public static final String ATTR_SCOPE = "userScope";
+
+    /**
+     * Constant for userName
+     */
+    public static final String ATTR_NAME = "userName";
+
+    /**
+     * Constant for userId
+     */
+    public static final String ATTR_ID = "userId";
+
+    /**
+     * Constant for userFullName
+     */
+    public static final String ATTR_FULLNAME = "userFullName";
+
+    /**
+     * Constant for userPassword
+     */
+    public static final String ATTR_PASSWORD = "userPassword";
+
+    /**
+     * Constant for userState
+     */
+    public static final String ATTR_STATE = "userstate";
+
+    /**
+     * Constant for userEmail
+     */
+    public static final String ATTR_EMAIL = "userEmail";
+
+    /**
+     * Constant for usertype
+     */
+    public static final String ATTR_USERTYPE = "usertype";
+}
diff --git a/base/common/src/com/netscape/certsrv/usrgrp/IUsrGrp.java b/base/common/src/com/netscape/certsrv/usrgrp/IUsrGrp.java
new file mode 100644
index 000000000..f6cef0d46
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/usrgrp/IUsrGrp.java
@@ -0,0 +1,117 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.usrgrp;
+
+import netscape.ldap.LDAPException;
+
+/**
+ * This interface defines the basic capabilities of
+ * a usr/group manager. (get/add/modify/remove users or groups)
+ * 
+ * @version $Revision$, $Date$
+ */
+public interface IUsrGrp extends IIdEvaluator {
+
+    /**
+     * Retrieves usr/grp manager identifier.
+     * 
+     * @return id
+     */
+    public String getId();
+
+    /**
+     * Retrieves the description
+     * 
+     * @return description
+     */
+    public String getDescription();
+
+    /**
+     * Retrieves an identity
+     * 
+     * @param userid the user id for the given user
+     * @return user interface
+     */
+    public IUser getUser(String userid) throws EUsrGrpException;
+
+    /**
+     * Adds a user identity to the LDAP server. For example, <code>
+     *   User user = new User("joe");
+     *   user.setFullName("joe doe");
+     *   user.setPassword("secret");
+     *   usrgrp.addUser(user);
+     * </code>
+     * 
+     * @param user an user interface
+     * @exception EUsrGrpException thrown when some of the user attribute values
+     *                are null
+     * @exception LDAPException thrown when the LDAP internal database is not
+     *                available, or the add operation failed
+     */
+    public void addUser(IUser user) throws EUsrGrpException, LDAPException;
+
+    /**
+     * Removes a user.
+     * 
+     * @param userid the user id for the given user
+     * @exception EUsrGrpException thrown when failed to remove user
+     */
+    public void removeUser(String userid) throws EUsrGrpException;
+
+    /**
+     * Modifies user.
+     * 
+     * @param user the user interface which contains the modified information
+     * @exception EUsrGrpException thrown when failed to modify user
+     */
+    public void modifyUser(IUser user) throws EUsrGrpException;
+
+    /**
+     * Retrieves an identity group
+     * 
+     * @param groupid the given group id.
+     * @return the group interface
+     */
+    public IGroup getGroup(String groupid);
+
+    /**
+     * Adds a group
+     * 
+     * @param group the given group
+     * @exception EUsrGrpException thrown when failed to add the group.
+     */
+    public void addGroup(IGroup group) throws EUsrGrpException;
+
+    /**
+     * Modifies a group
+     * 
+     * @param group the given group contains the new information for modification.
+     * @exception EUsrGrpException thrown when failed to modify the group.
+     */
+    public void modifyGroup(IGroup group) throws EUsrGrpException;
+
+    /**
+     * Removes a group
+     * 
+     * @param name the group name
+     * @exception EUsrGrpException thrown when failed to remove the given
+     *                group.
+     */
+    public void removeGroup(String name) throws EUsrGrpException;
+
+}
diff --git a/base/common/src/com/netscape/certsrv/usrgrp/UsrGrpResources.java b/base/common/src/com/netscape/certsrv/usrgrp/UsrGrpResources.java
new file mode 100644
index 000000000..11a3da23b
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/usrgrp/UsrGrpResources.java
@@ -0,0 +1,46 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.usrgrp;
+
+import java.util.ListResourceBundle;
+
+/**
+ * A class represents a resource bundle for the
+ * user/group manager
+ * 
+ * @deprecated
+ * @version $Revision$, $Date$
+ */
+public class UsrGrpResources extends ListResourceBundle {
+
+    /**
+     * Returns the content of this resource.
+     * 
+     * @return the content of this resource.
+     */
+    public Object[][] getContents() {
+        return contents;
+    }
+
+    /**
+     * Constants. The suffix represents the number of
+     * possible parameters.
+     */
+
+    static final Object[][] contents = {};
+}