diff options
| author | Ade Lee <alee@redhat.com> | 2011-12-07 16:58:12 -0500 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2011-12-07 16:58:12 -0500 |
| commit | 32150d3ee32f8ac27118af7c792794b538c78a2f (patch) | |
| tree | 52dd96f664a6fa51be25b28b6f10adc5f2c9f660 /pki/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java | |
| parent | f05d58a46795553beb8881039cc922974b40db34 (diff) | |
| download | pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.gz pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.xz pki-32150d3ee32f8ac27118af7c792794b538c78a2f.zip | |
Formatting
Formatted project according to eclipse project settings
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java')
| -rw-r--r-- | pki/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java | 367 |
1 files changed, 195 insertions, 172 deletions
diff --git a/pki/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java index 3260af6e7..02e458bc3 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java +++ b/pki/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authentication; - // ldap java sdk import java.io.IOException; import java.security.cert.CertificateException; @@ -57,29 +56,28 @@ import com.netscape.certsrv.ldap.ILdapConnFactory; import com.netscape.certsrv.logging.ILogger; import com.netscape.cmsutil.util.Utils; - /** - * Abstract class for directory based authentication managers - * Uses a pattern for formulating subject names. - * The pattern is read from configuration file. + * Abstract class for directory based authentication managers Uses a pattern for + * formulating subject names. The pattern is read from configuration file. * Syntax of the pattern is described in the init() method. * * <P> + * * @version $Revision$, $Date$ */ -public abstract class DirBasedAuthentication - implements IAuthManager, IExtendedPluginInfo { +public abstract class DirBasedAuthentication implements IAuthManager, + IExtendedPluginInfo { - protected static final String USER_DN = "userDN"; + protected static final String USER_DN = "userDN"; /* configuration parameter keys */ - protected static final String PROP_LDAP = "ldap"; - protected static final String PROP_BASEDN = "basedn"; - protected static final String PROP_DNPATTERN = "dnpattern"; + protected static final String PROP_LDAP = "ldap"; + protected static final String PROP_BASEDN = "basedn"; + protected static final String PROP_DNPATTERN = "dnpattern"; protected static final String PROP_LDAPSTRINGATTRS = "ldapStringAttributes"; protected static final String PROP_LDAPBYTEATTRS = "ldapByteAttributes"; - // members + // members /* name of this authentication manager instance */ protected String mName = null; @@ -105,52 +103,57 @@ public abstract class DirBasedAuthentication /* the subject DN pattern */ protected DNPattern mPattern = null; - /* the list of LDAP attributes with string values to retrieve to - * save in the auth token including ones from the dn pattern. */ + /* + * the list of LDAP attributes with string values to retrieve to save in the + * auth token including ones from the dn pattern. + */ protected String[] mLdapStringAttrs = null; - /* the list of LDAP attributes with byte[] values to retrive to save - * in authtoken. */ + /* + * the list of LDAP attributes with byte[] values to retrive to save in + * authtoken. + */ protected String[] mLdapByteAttrs = null; - /* the combined list of LDAP attriubutes to retrieve*/ + /* the combined list of LDAP attriubutes to retrieve */ protected String[] mLdapAttrs = null; /* default dn pattern if left blank or not set in the config */ - protected static String DEFAULT_DNPATTERN = - "E=$attr.mail, CN=$attr.cn, O=$dn.o, C=$dn.c"; + protected static String DEFAULT_DNPATTERN = "E=$attr.mail, CN=$attr.cn, O=$dn.o, C=$dn.c"; /* Vector of extendedPluginInfo strings */ protected static Vector mExtendedPluginInfo = null; static { mExtendedPluginInfo = new Vector(); - mExtendedPluginInfo.add(PROP_DNPATTERN + ";string;Template for cert" + - " Subject Name. ($dn.xxx - get value from user's LDAP " + - "DN. $attr.yyy - get value from LDAP attributes in " + - "user's entry.) Default: " + DEFAULT_DNPATTERN); - mExtendedPluginInfo.add(PROP_LDAPSTRINGATTRS + ";string;" + - "Comma-separated list of LDAP attributes to copy from " + - "the user's LDAP entry into the AuthToken. e.g use " + - "'mail' to copy user's email address for subjectAltName"); - mExtendedPluginInfo.add(PROP_LDAPBYTEATTRS + ";string;" + - "Comma-separated list of binary LDAP attributes to copy" + - " from the user's LDAP entry into the AuthToken"); - mExtendedPluginInfo.add("ldap.ldapconn.host;string,required;" + - "LDAP host to connect to"); - mExtendedPluginInfo.add("ldap.ldapconn.port;number,required;" + - "LDAP port number (use 389, or 636 if SSL)"); - mExtendedPluginInfo.add("ldap.ldapconn.secureConn;boolean;" + - "Use SSL to connect to directory?"); - mExtendedPluginInfo.add("ldap.ldapconn.version;choice(3,2);" + - "LDAP protocol version"); - mExtendedPluginInfo.add("ldap.basedn;string,required;Base DN to start searching " + - "under. If your user's DN is 'uid=jsmith, o=company', you " + - "might want to use 'o=company' here"); - mExtendedPluginInfo.add("ldap.minConns;number;number of connections " + - "to keep open to directory server. Default 5."); - mExtendedPluginInfo.add("ldap.maxConns;number;when needed, connection " + - "pool can grow to this many (multiplexed) connections. Default 1000."); + mExtendedPluginInfo.add(PROP_DNPATTERN + ";string;Template for cert" + + " Subject Name. ($dn.xxx - get value from user's LDAP " + + "DN. $attr.yyy - get value from LDAP attributes in " + + "user's entry.) Default: " + DEFAULT_DNPATTERN); + mExtendedPluginInfo.add(PROP_LDAPSTRINGATTRS + ";string;" + + "Comma-separated list of LDAP attributes to copy from " + + "the user's LDAP entry into the AuthToken. e.g use " + + "'mail' to copy user's email address for subjectAltName"); + mExtendedPluginInfo.add(PROP_LDAPBYTEATTRS + ";string;" + + "Comma-separated list of binary LDAP attributes to copy" + + " from the user's LDAP entry into the AuthToken"); + mExtendedPluginInfo.add("ldap.ldapconn.host;string,required;" + + "LDAP host to connect to"); + mExtendedPluginInfo.add("ldap.ldapconn.port;number,required;" + + "LDAP port number (use 389, or 636 if SSL)"); + mExtendedPluginInfo.add("ldap.ldapconn.secureConn;boolean;" + + "Use SSL to connect to directory?"); + mExtendedPluginInfo.add("ldap.ldapconn.version;choice(3,2);" + + "LDAP protocol version"); + mExtendedPluginInfo + .add("ldap.basedn;string,required;Base DN to start searching " + + "under. If your user's DN is 'uid=jsmith, o=company', you " + + "might want to use 'o=company' here"); + mExtendedPluginInfo.add("ldap.minConns;number;number of connections " + + "to keep open to directory server. Default 5."); + mExtendedPluginInfo + .add("ldap.maxConns;number;when needed, connection " + + "pool can grow to this many (multiplexed) connections. Default 1000."); } /** @@ -163,24 +166,26 @@ public abstract class DirBasedAuthentication * Initializes the UidPwdDirBasedAuthentication auth manager. * * Takes the following configuration parameters: <br> + * * <pre> - * ldap.basedn - the ldap base dn. - * ldap.ldapconn.host - the ldap host. - * ldap.ldapconn.port - the ldap port - * ldap.ldapconn.secureConn - whether port should be secure - * ldap.minConns - minimum connections - * ldap.maxConns - max connections - * dnpattern - dn pattern. + * ldap.basedn - the ldap base dn. + * ldap.ldapconn.host - the ldap host. + * ldap.ldapconn.port - the ldap port + * ldap.ldapconn.secureConn - whether port should be secure + * ldap.minConns - minimum connections + * ldap.maxConns - max connections + * dnpattern - dn pattern. * </pre> * <p> - * <i><b>dnpattern</b></i> is a string representing a subject name pattern - * to formulate from the directory attributes and entry dn. If empty or - * not set, the ldap entry DN will be used as the certificate subject name. + * <i><b>dnpattern</b></i> is a string representing a subject name pattern + * to formulate from the directory attributes and entry dn. If empty or not + * set, the ldap entry DN will be used as the certificate subject name. * <p> - * The syntax is + * The syntax is + * * <pre> * dnpattern = SubjectNameComp *[ "," SubjectNameComp ] - * + * * SubjectNameComponent = DnComp | EntryComp | ConstantComp * DnComp = CertAttr "=" "$dn" "." DnAttr "." Num * EntryComp = CertAttr "=" "$attr" "." EntryAttr "." Num @@ -190,11 +195,12 @@ public abstract class DirBasedAuthentication * CertAttr = a Component in the Certificate Subject Name * (multiple AVA in one RDN not supported) * Num = the nth value of tha attribute in the dn or entry. - * Constant = Constant String, with any accepted ldap string value. + * Constant = Constant String, with any accepted ldap string value. * * </pre> * <p> * <b>Example:</b> + * * <pre> * dnpattern: * E=$attr.mail.1, CN=$attr.cn, OU=$attr.ou.2, O=$dn.o, C=US @@ -213,6 +219,7 @@ public abstract class DirBasedAuthentication * </pre> * <p> * The subject name formulated in the cert will be : <br> + * * <pre> * E=joesmith@acme.com, CN=Joe Smith, OU=Human Resources, O=Acme.com, C=US * @@ -229,28 +236,32 @@ public abstract class DirBasedAuthentication * @exception EBaseException If an error occurs during initialization. */ public void init(String name, String implName, IConfigStore config) - throws EBaseException { + throws EBaseException { init(name, implName, config, true); } - public void init(String name, String implName, IConfigStore config, boolean needBaseDN) - throws EBaseException { + public void init(String name, String implName, IConfigStore config, + boolean needBaseDN) throws EBaseException { mName = name; mImplName = implName; mConfig = config; /* initialize ldap server configuration */ mLdapConfig = mConfig.getSubStore(PROP_LDAP); - if (needBaseDN) mBaseDN = mLdapConfig.getString(PROP_BASEDN); - if (needBaseDN && ((mBaseDN == null) || (mBaseDN.length() == 0) || (mBaseDN.trim().equals("")))) - throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", "basedn")); + if (needBaseDN) + mBaseDN = mLdapConfig.getString(PROP_BASEDN); + if (needBaseDN + && ((mBaseDN == null) || (mBaseDN.length() == 0) || (mBaseDN + .trim().equals("")))) + throw new EPropertyNotFound(CMS.getUserMessage( + "CMS_BASE_GET_PROPERTY_FAILED", "basedn")); mConnFactory = CMS.getLdapAnonConnFactory(); mConnFactory.init(mLdapConfig); /* initialize dn pattern */ String pattern = mConfig.getString(PROP_DNPATTERN, null); - if (pattern == null || pattern.length() == 0) + if (pattern == null || pattern.length() == 0) pattern = DEFAULT_DNPATTERN; mPattern = new DNPattern(pattern); String[] patternLdapAttrs = mPattern.getLdapAttrs(); @@ -261,15 +272,15 @@ public abstract class DirBasedAuthentication if (ldapStringAttrs == null) { mLdapStringAttrs = patternLdapAttrs; } else { - StringTokenizer pAttrs = - new StringTokenizer(ldapStringAttrs, ",", false); + StringTokenizer pAttrs = new StringTokenizer(ldapStringAttrs, ",", + false); int begin = 0; if (patternLdapAttrs != null && patternLdapAttrs.length > 0) { - mLdapStringAttrs = new String[ - patternLdapAttrs.length + pAttrs.countTokens()]; - System.arraycopy(patternLdapAttrs, 0, - mLdapStringAttrs, 0, patternLdapAttrs.length); + mLdapStringAttrs = new String[patternLdapAttrs.length + + pAttrs.countTokens()]; + System.arraycopy(patternLdapAttrs, 0, mLdapStringAttrs, 0, + patternLdapAttrs.length); begin = patternLdapAttrs.length; } else { mLdapStringAttrs = new String[pAttrs.countTokens()]; @@ -285,22 +296,21 @@ public abstract class DirBasedAuthentication if (ldapByteAttrs == null) { mLdapByteAttrs = new String[0]; } else { - StringTokenizer byteAttrs = - new StringTokenizer(ldapByteAttrs, ",", false); + StringTokenizer byteAttrs = new StringTokenizer(ldapByteAttrs, ",", + false); mLdapByteAttrs = new String[byteAttrs.countTokens()]; - for (int j = 0; j < mLdapByteAttrs.length; j++) { + for (int j = 0; j < mLdapByteAttrs.length; j++) { mLdapByteAttrs[j] = ((String) byteAttrs.nextElement()).trim(); } } /* make the combined list */ - mLdapAttrs = - new String[mLdapStringAttrs.length + mLdapByteAttrs.length]; - System.arraycopy(mLdapStringAttrs, 0, mLdapAttrs, - 0, mLdapStringAttrs.length); - System.arraycopy(mLdapByteAttrs, 0, mLdapAttrs, - mLdapStringAttrs.length, mLdapByteAttrs.length); + mLdapAttrs = new String[mLdapStringAttrs.length + mLdapByteAttrs.length]; + System.arraycopy(mLdapStringAttrs, 0, mLdapAttrs, 0, + mLdapStringAttrs.length); + System.arraycopy(mLdapByteAttrs, 0, mLdapAttrs, + mLdapStringAttrs.length, mLdapByteAttrs.length); log(ILogger.LL_INFO, CMS.getLogMessage("CMS_AUTH_INIT_DONE")); } @@ -320,21 +330,22 @@ public abstract class DirBasedAuthentication } /** - * Authenticates user through LDAP by a set of credentials. - * Resulting AuthToken a TOKEN_CERTINFO field of a X509CertInfo + * Authenticates user through LDAP by a set of credentials. Resulting + * AuthToken a TOKEN_CERTINFO field of a X509CertInfo * <p> + * * @param authCred Authentication credentials, CRED_UID and CRED_PWD. * @return A AuthToken with a TOKEN_SUBJECT of X500name type. - * @exception com.netscape.certsrv.authentication.EMissingCredential - * If a required authentication credential is missing. - * @exception com.netscape.certsrv.authentication.EInvalidCredentials - * If credentials failed authentication. - * @exception com.netscape.certsrv.base.EBaseException - * If an internal error occurred. + * @exception com.netscape.certsrv.authentication.EMissingCredential If a + * required authentication credential is missing. + * @exception com.netscape.certsrv.authentication.EInvalidCredentials If + * credentials failed authentication. + * @exception com.netscape.certsrv.base.EBaseException If an internal error + * occurred. * @see com.netscape.certsrv.authentication.AuthToken */ public IAuthToken authenticate(IAuthCredentials authCred) - throws EMissingCredential, EInvalidCredentials, EBaseException { + throws EMissingCredential, EInvalidCredentials, EBaseException { String userdn = null; LDAPConnection conn = null; AuthToken authToken = new AuthToken(this); @@ -359,29 +370,31 @@ public abstract class DirBasedAuthentication // set subject name. try { - CertificateSubjectName subjectname = (CertificateSubjectName) - certInfo.get(X509CertInfo.SUBJECT); + CertificateSubjectName subjectname = (CertificateSubjectName) certInfo + .get(X509CertInfo.SUBJECT); if (subjectname != null) - authToken.set(AuthToken.TOKEN_CERT_SUBJECT, - subjectname.toString()); + authToken.set(AuthToken.TOKEN_CERT_SUBJECT, + subjectname.toString()); } // error means it's not set. catch (CertificateException e) { } catch (IOException e) { } - // set validity if any + // set validity if any try { - CertificateValidity validity = (CertificateValidity) - certInfo.get(X509CertInfo.VALIDITY); + CertificateValidity validity = (CertificateValidity) certInfo + .get(X509CertInfo.VALIDITY); if (validity != null) { - // the gets throws IOException but only if attribute - // not recognized. In these cases they are always. - authToken.set(AuthToken.TOKEN_CERT_NOTBEFORE, - (Date)validity.get(CertificateValidity.NOT_BEFORE)); - authToken.set(AuthToken.TOKEN_CERT_NOTAFTER, - (Date)validity.get(CertificateValidity.NOT_AFTER)); + // the gets throws IOException but only if attribute + // not recognized. In these cases they are always. + authToken + .set(AuthToken.TOKEN_CERT_NOTBEFORE, + (Date) validity + .get(CertificateValidity.NOT_BEFORE)); + authToken.set(AuthToken.TOKEN_CERT_NOTAFTER, + (Date) validity.get(CertificateValidity.NOT_AFTER)); } } // error means it's not set. catch (CertificateException e) { @@ -390,8 +403,8 @@ public abstract class DirBasedAuthentication // set extensions if any. try { - CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + CertificateExtensions extensions = (CertificateExtensions) certInfo + .get(X509CertInfo.EXTENSIONS); if (extensions != null) authToken.set(AuthToken.TOKEN_CERT_EXTENSIONS, extensions); @@ -401,7 +414,7 @@ public abstract class DirBasedAuthentication } } finally { - if (conn != null) + if (conn != null) mConnFactory.returnConn(conn); } @@ -410,15 +423,16 @@ public abstract class DirBasedAuthentication /** * get the list of required credentials. + * * @return list of required credentials as strings. */ public abstract String[] getRequiredCreds(); /** - * Returns a list of configuration parameter names. - * The list is passed to the configuration console so instances of - * this implementation can be configured through the console. - * + * Returns a list of configuration parameter names. The list is passed to + * the configuration console so instances of this implementation can be + * configured through the console. + * * @return String array of configuration parameter names. */ public abstract String[] getConfigParams(); @@ -434,12 +448,14 @@ public abstract class DirBasedAuthentication } } catch (ELdapException e) { // ignore - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_SHUTDOWN_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMS_AUTH_SHUTDOWN_ERROR", e.toString())); } } /** * Gets the configuration substore used by this authentication manager + * * @return configuration store */ public IConfigStore getConfigStore() { @@ -452,11 +468,10 @@ public abstract class DirBasedAuthentication * @param authCreds The authentication credentials. * @return The user's ldap entry dn. * @exception EInvalidCredentials If the uid and password are not valid - * @exception EBaseException If an internal error occurs. + * @exception EBaseException If an internal error occurs. */ - protected abstract String authenticate( - LDAPConnection conn, IAuthCredentials authCreds, AuthToken token) - throws EBaseException; + protected abstract String authenticate(LDAPConnection conn, + IAuthCredentials authCreds, AuthToken token) throws EBaseException; /** * Formulate the cert info. @@ -465,36 +480,34 @@ public abstract class DirBasedAuthentication * @param userdn The user's dn. * @param certinfo A certinfo object to fill. * @param token A authentication token to fill. - * @exception EBaseException If an internal error occurs. + * @exception EBaseException If an internal error occurs. */ - protected void formCertInfo(LDAPConnection conn, - String userdn, - X509CertInfo certinfo, - AuthToken token) - throws EBaseException { + protected void formCertInfo(LDAPConnection conn, String userdn, + X509CertInfo certinfo, AuthToken token) throws EBaseException { String dn = null; // get ldap attributes to retrieve. String[] attrs = getLdapAttrs(); - // retrieve the attributes. + // retrieve the attributes. try { if (conn != null) { LDAPEntry entry = null; - LDAPSearchResults results = - conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", - attrs, false); + LDAPSearchResults results = conn.search(userdn, + LDAPv2.SCOPE_BASE, "objectclass=*", attrs, false); if (!results.hasMoreElements()) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_ATTR_ERROR")); - throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_LDAPATTRIBUTES_NOT_FOUND")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMS_AUTH_NO_ATTR_ERROR")); + throw new EAuthException( + CMS.getUserMessage("CMS_AUTHENTICATION_LDAPATTRIBUTES_NOT_FOUND")); } entry = results.next(); - // formulate the subject dn + // formulate the subject dn try { dn = formSubjectName(entry); } catch (EBaseException e) { - //e.printStackTrace(); + // e.printStackTrace(); throw e; } // Put selected values from the entry into the token @@ -504,64 +517,73 @@ public abstract class DirBasedAuthentication } // add anything else in cert info such as validity, extensions - // (nothing now) + // (nothing now) // pack the dn into X500name and set subject name. if (dn.length() == 0) { - EBaseException ex = - new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_EMPTY_DN_FORMED", mName)); + EBaseException ex = new EAuthException(CMS.getUserMessage( + "CMS_AUTHENTICATION_EMPTY_DN_FORMED", mName)); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_DN_ERROR", ex.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMS_AUTH_NO_DN_ERROR", ex.toString())); throw ex; } X500Name subjectdn = new X500Name(dn); - certinfo.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(subjectdn)); + certinfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName( + subjectdn)); } catch (LDAPException e) { switch (e.getLDAPResultCode()) { - case LDAPException.SERVER_DOWN: - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_AUTH_ATTR_ERROR")); - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + case LDAPException.SERVER_DOWN: + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMS_AUTH_NO_AUTH_ATTR_ERROR")); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); case LDAPException.NO_SUCH_OBJECT: case LDAPException.LDAP_PARTIAL_RESULTS: - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_USER_ENTRY_ERROR", userdn)); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMS_AUTH_NO_USER_ENTRY_ERROR", userdn)); // fall to below. default: - log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR", e.toString())); - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION", - e.errorCodeToString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("LDAP_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_OTHER_LDAP_EXCEPTION", e.errorCodeToString())); } } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_CREATE_SUBJECT_ERROR", userdn, e.getMessage())); - throw new EFormSubjectDN(CMS.getUserMessage("CMS_AUTHENTICATION_FORM_SUBJECTDN_ERROR")); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMS_AUTH_CREATE_SUBJECT_ERROR", userdn, e.getMessage())); + throw new EFormSubjectDN( + CMS.getUserMessage("CMS_AUTHENTICATION_FORM_SUBJECTDN_ERROR")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_CREATE_CERTINFO_ERROR", userdn, e.getMessage())); - throw new EFormSubjectDN(CMS.getUserMessage("CMS_AUTHENTICATION_FORM_SUBJECTDN_ERROR")); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMS_AUTH_CREATE_CERTINFO_ERROR", userdn, e.getMessage())); + throw new EFormSubjectDN( + CMS.getUserMessage("CMS_AUTHENTICATION_FORM_SUBJECTDN_ERROR")); } } /** - * Copy values from the LDAPEntry into the AuthToken. The - * list of values that should be store this way is given in - * a the ldapAttributes configuration parameter. + * Copy values from the LDAPEntry into the AuthToken. The list of values + * that should be store this way is given in a the ldapAttributes + * configuration parameter. */ protected void setAuthTokenValues(LDAPEntry e, AuthToken tok) { for (int i = 0; i < mLdapStringAttrs.length; i++) setAuthTokenStringValue(mLdapStringAttrs[i], e, tok); - for (int j = 0; j < mLdapByteAttrs.length; j++) + for (int j = 0; j < mLdapByteAttrs.length; j++) setAuthTokenByteValue(mLdapByteAttrs[j], e, tok); } - protected void setAuthTokenStringValue( - String name, LDAPEntry entry, AuthToken tok) { + protected void setAuthTokenStringValue(String name, LDAPEntry entry, + AuthToken tok) { LDAPAttribute values = entry.getAttribute(name); - if (values == null) return; + if (values == null) + return; Vector v = new Vector(); Enumeration e = values.getStringValues(); @@ -577,11 +599,12 @@ public abstract class DirBasedAuthentication tok.set(name, a); } - protected void setAuthTokenByteValue( - String name, LDAPEntry entry, AuthToken tok) { + protected void setAuthTokenByteValue(String name, LDAPEntry entry, + AuthToken tok) { LDAPAttribute values = entry.getAttribute(name); - if (values == null) return; + if (values == null) + return; Vector v = new Vector(); Enumeration e = values.getByteValues(); @@ -600,6 +623,7 @@ public abstract class DirBasedAuthentication /** * Return a list of LDAP attributes with String values to retrieve. * Subclasses can override to return any set of attributes. + * * @return Array of LDAP attributes to retrieve from the directory. */ protected String[] getLdapAttrs() { @@ -609,6 +633,7 @@ public abstract class DirBasedAuthentication /** * Return a list of LDAP attributes with byte[] values to retrieve. * Subclasses can override to return any set of attributes. + * * @return Array of LDAP attributes to retrieve from the directory. */ protected String[] getLdapByteAttrs() { @@ -616,22 +641,20 @@ public abstract class DirBasedAuthentication } /** - * Formulate the subject name + * Formulate the subject name + * * @param entry The LDAP entry * @return The subject name string. * @exception EBaseException If an internal error occurs. */ - protected String formSubjectName(LDAPEntry entry) - throws EAuthException { - if (mPattern.mPatternString == null) + protected String formSubjectName(LDAPEntry entry) throws EAuthException { + if (mPattern.mPatternString == null) return entry.getDN(); - - /* - if (mTestDNString != null) { - mPattern.mTestDN = mTestDNString; - //System.out.println("Set DNPattern.mTestDN to "+mPattern.mTestDN); - } - */ + + /* + * if (mTestDNString != null) { mPattern.mTestDN = mTestDNString; + * //System.out.println("Set DNPattern.mTestDN to "+mPattern.mTestDN); } + */ String dn = mPattern.formDN(entry); @@ -641,6 +664,7 @@ public abstract class DirBasedAuthentication /** * Logs a message for this class in the system log file. + * * @param level The log level. * @param msg The message to log. * @see com.netscape.certsrv.logging.ILogger @@ -648,16 +672,15 @@ public abstract class DirBasedAuthentication protected void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, - level, msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, level, + msg); } public String[] getExtendedPluginInfo(Locale locale) { String[] s = Utils.getStringArrayFromVector(mExtendedPluginInfo); return s; - + } } - |