summaryrefslogtreecommitdiffstats
path: root/base/server/cms/src
diff options
context:
space:
mode:
authorEndi S. Dewata <edewata@redhat.com>2017-01-07 02:32:47 +0100
committerEndi S. Dewata <edewata@redhat.com>2017-01-18 05:08:38 +0100
commitb3ee1c28f658a70468c5a5fcf3cb4840574be756 (patch)
treeb28cf7443e0941219e0f7bd30dcc487a4ddd120a /base/server/cms/src
parent3e8bb9d0e42594afafdd0c0ac2a0f1b7a5d05aeb (diff)
downloadpki-b3ee1c28f658a70468c5a5fcf3cb4840574be756.tar.gz
pki-b3ee1c28f658a70468c5a5fcf3cb4840574be756.tar.xz
pki-b3ee1c28f658a70468c5a5fcf3cb4840574be756.zip
Added global TCP Keep-Alive option.
A new tcp.keepAlive parameter has been added for CS.cfg to configure the TCP Keep-Alive option for all LDAP connections created by PKI server. By default the option is enabled. The LdapJssSSLSocketFactory has been modified to support both plain and secure sockets. For clarity, the socket factory has been renamed to PKISocketFactory. All codes that create LDAP connections have been modified to use PKISocketFactory such that the TCP Keep-Alive option can be applied globally. https://fedorahosted.org/pki/ticket/2564
Diffstat (limited to 'base/server/cms/src')
-rw-r--r--base/server/cms/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java22
-rw-r--r--base/server/cms/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java22
-rw-r--r--base/server/cms/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java22
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java11
4 files changed, 41 insertions, 36 deletions
diff --git a/base/server/cms/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java b/base/server/cms/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java
index f740ef3c4..c7f818a3f 100644
--- a/base/server/cms/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java
+++ b/base/server/cms/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java
@@ -22,6 +22,15 @@ import java.security.cert.X509Certificate;
import java.util.Locale;
import java.util.Vector;
+import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.IConfigStore;
+import com.netscape.certsrv.base.IExtendedPluginInfo;
+import com.netscape.certsrv.ldap.ELdapException;
+import com.netscape.certsrv.ldap.ELdapServerDownException;
+import com.netscape.certsrv.logging.ILogger;
+import com.netscape.certsrv.publish.ILdapPublisher;
+
import netscape.ldap.LDAPAttribute;
import netscape.ldap.LDAPConnection;
import netscape.ldap.LDAPEntry;
@@ -32,15 +41,6 @@ import netscape.ldap.LDAPSSLSocketFactoryExt;
import netscape.ldap.LDAPSearchResults;
import netscape.ldap.LDAPv2;
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.ldap.ELdapServerDownException;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.publish.ILdapPublisher;
-
/**
* Interface for publishing a CA certificate to
*
@@ -179,9 +179,11 @@ public class LdapCaCertPublisher
int portVal = Integer.parseInt(port);
int version = Integer.parseInt(mConfig.getString("version", "2"));
String cert_nick = mConfig.getString("clientCertNickname", null);
- LDAPSSLSocketFactoryExt sslSocket = null;
+ LDAPSSLSocketFactoryExt sslSocket;
if (cert_nick != null) {
sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick);
+ } else {
+ sslSocket = CMS.getLdapJssSSLSocketFactory();
}
String mgr_dn = mConfig.getString("bindDN", null);
String mgr_pwd = mConfig.getString("bindPWD", null);
diff --git a/base/server/cms/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java b/base/server/cms/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java
index 80ffa3c4b..64df1431b 100644
--- a/base/server/cms/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java
+++ b/base/server/cms/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java
@@ -22,6 +22,15 @@ import java.security.cert.X509CRL;
import java.util.Locale;
import java.util.Vector;
+import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.IConfigStore;
+import com.netscape.certsrv.base.IExtendedPluginInfo;
+import com.netscape.certsrv.ldap.ELdapException;
+import com.netscape.certsrv.ldap.ELdapServerDownException;
+import com.netscape.certsrv.logging.ILogger;
+import com.netscape.certsrv.publish.ILdapPublisher;
+
import netscape.ldap.LDAPAttribute;
import netscape.ldap.LDAPConnection;
import netscape.ldap.LDAPConstraints;
@@ -33,15 +42,6 @@ import netscape.ldap.LDAPSSLSocketFactoryExt;
import netscape.ldap.LDAPSearchResults;
import netscape.ldap.LDAPv2;
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ldap.ELdapException;
-import com.netscape.certsrv.ldap.ELdapServerDownException;
-import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.publish.ILdapPublisher;
-
/**
* For publishing master or global CRL.
* Publishes (replaces) the CRL in the CA's LDAP entry.
@@ -170,9 +170,11 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
int portVal = Integer.parseInt(port);
int version = Integer.parseInt(mConfig.getString("version", "2"));
String cert_nick = mConfig.getString("clientCertNickname", null);
- LDAPSSLSocketFactoryExt sslSocket = null;
+ LDAPSSLSocketFactoryExt sslSocket;
if (cert_nick != null) {
sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick);
+ } else {
+ sslSocket = CMS.getLdapJssSSLSocketFactory();
}
String mgr_dn = mConfig.getString("bindDN", null);
String mgr_pwd = mConfig.getString("bindPWD", null);
diff --git a/base/server/cms/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java b/base/server/cms/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java
index a01cf80d1..e87fca933 100644
--- a/base/server/cms/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java
+++ b/base/server/cms/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java
@@ -23,15 +23,6 @@ import java.util.Enumeration;
import java.util.Locale;
import java.util.Vector;
-import netscape.ldap.LDAPAttribute;
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPEntry;
-import netscape.ldap.LDAPException;
-import netscape.ldap.LDAPModification;
-import netscape.ldap.LDAPSSLSocketFactoryExt;
-import netscape.ldap.LDAPSearchResults;
-import netscape.ldap.LDAPv2;
-
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
@@ -42,6 +33,15 @@ import com.netscape.certsrv.logging.AuditFormat;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.publish.ILdapPublisher;
+import netscape.ldap.LDAPAttribute;
+import netscape.ldap.LDAPConnection;
+import netscape.ldap.LDAPEntry;
+import netscape.ldap.LDAPException;
+import netscape.ldap.LDAPModification;
+import netscape.ldap.LDAPSSLSocketFactoryExt;
+import netscape.ldap.LDAPSearchResults;
+import netscape.ldap.LDAPv2;
+
/**
* Interface for mapping a X509 certificate to a LDAP entry
*
@@ -134,9 +134,11 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
int portVal = Integer.parseInt(port);
int version = Integer.parseInt(mConfig.getString("version", "2"));
String cert_nick = mConfig.getString("clientCertNickname", null);
- LDAPSSLSocketFactoryExt sslSocket = null;
+ LDAPSSLSocketFactoryExt sslSocket;
if (cert_nick != null) {
sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick);
+ } else {
+ sslSocket = CMS.getLdapJssSSLSocketFactory();
}
String mgr_dn = mConfig.getString("bindDN", null);
String mgr_pwd = mConfig.getString("bindPWD", null);
diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java b/base/server/cms/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java
index 423fad360..22dd8c1d5 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java
@@ -27,9 +27,6 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPException;
-
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.authority.IAuthority;
import com.netscape.certsrv.authority.ICertAuthority;
@@ -67,6 +64,9 @@ import com.netscape.certsrv.publish.RulePlugin;
import com.netscape.certsrv.security.ICryptoSubsystem;
import com.netscape.cmsutil.password.IPasswordStore;
+import netscape.ldap.LDAPConnection;
+import netscape.ldap.LDAPException;
+
/**
* A class representing an publishing servlet for the
* Publishing subsystem. This servlet is responsible
@@ -770,14 +770,13 @@ public class PublisherAdminServlet extends AdminServlet {
}
} else {
try {
+ conn = new LDAPConnection(
+ CMS.getLDAPSocketFactory(secure));
if (secure) {
- conn = new LDAPConnection(
- CMS.getLdapJssSSLSocketFactory());
params.put(Constants.PR_CONN_INITED,
"Create ssl LDAPConnection" +
dashes(70 - 25) + " Success");
} else {
- conn = new LDAPConnection();
params.put(Constants.PR_CONN_INITED,
"Create LDAPConnection" +
dashes(70 - 21) + " Success");
generated by cgit (git 2.34.1) at 2024-06-27 20:16:59 +0000