diff options
| author | Ade Lee <alee@redhat.com> | 2011-12-07 16:58:12 -0500 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2011-12-07 16:58:12 -0500 |
| commit | 32150d3ee32f8ac27118af7c792794b538c78a2f (patch) | |
| tree | 52dd96f664a6fa51be25b28b6f10adc5f2c9f660 /pki/base/common/src/com/netscape/cms/publish/mappers | |
| parent | f05d58a46795553beb8881039cc922974b40db34 (diff) | |
| download | pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.gz pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.xz pki-32150d3ee32f8ac27118af7c792794b538c78a2f.zip | |
Formatting
Formatted project according to eclipse project settings
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/publish/mappers')
13 files changed, 1282 insertions, 1389 deletions
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java index 9f337cbb4..b3305d4d8 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java @@ -20,7 +20,6 @@ package com.netscape.cms.publish.mappers; - /////////////////////// // import statements // /////////////////////// @@ -48,24 +47,24 @@ import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.publish.ECompSyntaxErr; import com.netscape.certsrv.request.IRequest; - ////////////////////// // class definition // ////////////////////// /** - * avaPattern is a string representing an ldap - * attribute formulated from the certificate - * subject name, extension or request attributes. + * avaPattern is a string representing an ldap attribute formulated from the + * certificate subject name, extension or request attributes. * <p> * - * The syntax is + * The syntax is + * * <pre> * avaPattern := constant-value | * "$subj" "." attrName [ "." attrNumber ] | * "$req" "." [ prefix .] attrName [ "." attrNumber ] | - * "$ext" "." extName [ "." nameType ] [ "." attrNumber ] + * "$ext" "." extName [ "." nameType ] [ "." attrNumber ] * </pre> + * * <pre> * Example: <i>$ext.SubjectAlternativeName.RFC822Name.1</i> * cert subjectAltName is rfc822Name: jjames@mcom.com @@ -76,15 +75,16 @@ import com.netscape.certsrv.request.IRequest; * The first rfc822name value in the subjAltName extension. <br> * <p> * </pre> - * If a request attribute or subject DN component does not exist, - * the attribute is skipped. - * + * + * If a request attribute or subject DN component does not exist, the attribute + * is skipped. + * * @version $Revision$, $Date$ */ class AVAPattern { - //////////////// + // ////////////// // parameters // - //////////////// + // ////////////// /* the value type of the dn component */ public static final String TYPE_REQ = "$req"; @@ -92,37 +92,31 @@ class AVAPattern { public static final String TYPE_EXT = "$ext"; public static final String TYPE_CONSTANT = "constant"; - public static final String[] GENERAL_NAME_TYPE = { "ANY", - "RFC822Name", - "DNSName", - "X400Name", - "DIRECTORYName", - "EDIName", - "URIName", - "IPAddress", - "OIDName"}; + public static final String[] GENERAL_NAME_TYPE = { "ANY", "RFC822Name", + "DNSName", "X400Name", "DIRECTORYName", "EDIName", "URIName", + "IPAddress", "OIDName" }; private static final char[] endChars = new char[] { '+', ',' }; - private static final LdapV3DNStrConverter mLdapDNStrConverter = - new LdapV3DNStrConverter(); + private static final LdapV3DNStrConverter mLdapDNStrConverter = new LdapV3DNStrConverter(); - /* the list of request attributes needed by this AVA */ + /* the list of request attributes needed by this AVA */ protected String[] mReqAttrs = null; - /* the list of cert attributes needed by this AVA*/ + /* the list of cert attributes needed by this AVA */ protected String[] mCertAttrs = null; /* value type */ protected String mType = null; - /* value - could be name of a request attribute or - * cert subject attribute or extension name. + /* + * value - could be name of a request attribute or cert subject attribute or + * extension name. */ protected String mValue = null; - /* value type - general name type of an - * extension attribute if any. + /* + * value type - general name type of an extension attribute if any. */ protected String mGNType = null; @@ -134,107 +128,108 @@ class AVAPattern { protected String mTestDN = null; - ///////////// + // /////////// // methods // - ///////////// + // /////////// - public AVAPattern(String component) - throws ELdapException { + public AVAPattern(String component) throws ELdapException { if (component == null || component.length() == 0) { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", component)); + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", component)); } parse(new PushbackReader(new StringReader(component))); } - public AVAPattern(PushbackReader in) - throws ELdapException { + public AVAPattern(PushbackReader in) throws ELdapException { parse(in); } - private void parse(PushbackReader in) - throws ELdapException { + private void parse(PushbackReader in) throws ELdapException { int c; // skip spaces - //System.out.println("============ AVAPattern Begin ==========="); - //System.out.println("skip spaces"); + // System.out.println("============ AVAPattern Begin ==========="); + // System.out.println("skip spaces"); try { - while ((c = in.read()) == ' ' || c == '\t') {//System.out.println("spaces read "+(char)c); + while ((c = in.read()) == ' ' || c == '\t') {// System.out.println("spaces read "+(char)c); ; } } catch (IOException e) { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank")); + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank")); } - if (c == -1) { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank")); + if (c == -1) { + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank")); } if (c == '$') { - // check for $subj $ext or $req + // check for $subj $ext or $req try { c = in.read(); } catch (IOException e) { - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_INTERNAL_ERROR", e.toString())); } if (c == -1) { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "expecting $subj $ext or $req in ava pattern")); + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "expecting $subj $ext or $req in ava pattern")); } if (c == 'r') { try { - if (in.read() != 'e' || - in.read() != 'q' || - in.read() != '.') { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "expecting $req in ava pattern")); + if (in.read() != 'e' || in.read() != 'q' + || in.read() != '.') { + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "expecting $req in ava pattern")); } } catch (IOException e) { - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_INTERNAL_ERROR", e.toString())); } mType = TYPE_REQ; - //System.out.println("---- mtype $req"); + // System.out.println("---- mtype $req"); } else if (c == 's') { try { - if (in.read() != 'u' || - in.read() != 'b' || - in.read() != 'j' || - in.read() != '.') { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "expecting $subj in ava pattern")); + if (in.read() != 'u' || in.read() != 'b' + || in.read() != 'j' || in.read() != '.') { + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "expecting $subj in ava pattern")); } } catch (IOException e) { - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_INTERNAL_ERROR", e.toString())); } mType = TYPE_SUBJ; - //System.out.println("----- mtype $subj"); + // System.out.println("----- mtype $subj"); } else if (c == 'e') { try { - if (in.read() != 'x' || - in.read() != 't' || - in.read() != '.') { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "expecting $ext in ava pattern")); + if (in.read() != 'x' || in.read() != 't' + || in.read() != '.') { + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "expecting $ext in ava pattern")); } } catch (IOException e) { - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_INTERNAL_ERROR", e.toString())); } mType = TYPE_EXT; - //System.out.println("----- mtype $ext"); + // System.out.println("----- mtype $ext"); } else { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "unknown keyword. expecting $subj $ext or $req.")); + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "unknown keyword. expecting $subj $ext or $req.")); } // get request attribute or @@ -244,26 +239,27 @@ class AVAPattern { StringBuffer valueBuf = new StringBuffer(); try { - while ((c = in.read()) != ',' && - c != -1 && c != '.' && c != '+') { - //System.out.println("mValue read "+(char)c); + while ((c = in.read()) != ',' && c != -1 && c != '.' + && c != '+') { + // System.out.println("mValue read "+(char)c); valueBuf.append((char) c); } if (c == '+' || c == ',') { // either ',' or '+' - in.unread(c); // pushback last , or + + in.unread(c); // pushback last , or + } } catch (IOException e) { - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_INTERNAL_ERROR", e.toString())); } mValue = valueBuf.toString().trim(); - if (mValue.length() == 0) { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "$subj $ext or $req attribute name expected")); + if (mValue.length() == 0) { + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "$subj $ext or $req attribute name expected")); } - //System.out.println("----- mValue "+mValue); + // System.out.println("----- mValue "+mValue); // get nth dn xxx not nth request attribute . if (c == '.') { @@ -271,24 +267,25 @@ class AVAPattern { try { while ((c = in.read()) != ',' && c != -1 && c != '.' - && c != '+') { - //System.out.println("mElement read "+(char)c); + && c != '+') { + // System.out.println("mElement read "+(char)c); attrNumberBuf.append((char) c); } - if (c == ',' || c == '+') { // either ',' or '+' - in.unread(c); // pushback last , or + + if (c == ',' || c == '+') { // either ',' or '+' + in.unread(c); // pushback last , or + } } catch (IOException e) { - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_INTERNAL_ERROR", e.toString())); } String attrNumber = attrNumberBuf.toString().trim(); if (attrNumber.length() == 0) { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "nth element $req $ext or $subj expected")); + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "nth element $req $ext or $subj expected")); } try { @@ -301,9 +298,10 @@ class AVAPattern { } else if (TYPE_EXT.equals(mType)) { mGNType = attrNumber; } else { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "Invalid format in nth element " + - "$req $ext or $subj")); + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "Invalid format in nth element " + + "$req $ext or $subj")); } // get nth request attribute . @@ -311,44 +309,46 @@ class AVAPattern { StringBuffer attrNumberBuf1 = new StringBuffer(); try { - while ((c = in.read()) != ',' && - c != -1 && c != '+') { - //System.out.println("mElement read "+ - // (char)c); + while ((c = in.read()) != ',' && c != -1 + && c != '+') { + // System.out.println("mElement read "+ + // (char)c); attrNumberBuf1.append((char) c); } - if (c != -1) { // either ',' or '+' - in.unread(c); // pushback last , or + + if (c != -1) { // either ',' or '+' + in.unread(c); // pushback last , or + } } catch (IOException ex) { - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", ex.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_INTERNAL_ERROR", ex.toString())); } - String attrNumber1 = - attrNumberBuf1.toString().trim(); + String attrNumber1 = attrNumberBuf1.toString().trim(); if (attrNumber1.length() == 0) { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "nth element $req or $ext expected")); + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "nth element $req or $ext expected")); } - try { - mElement = Integer.parseInt(attrNumber1) - 1; + try { + mElement = Integer.parseInt(attrNumber1) - 1; } catch (NumberFormatException ex) { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "Invalid format in nth element " + - "$req or $ext.")); + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "Invalid format in nth element " + + "$req or $ext.")); } } } } - //System.out.println("----- mElement "+mElement); + // System.out.println("----- mElement "+mElement); } else { // value is constant. treat as regular ava. mType = TYPE_CONSTANT; - // parse ava value. + // parse ava value. StringBuffer valueBuf = new StringBuffer(); valueBuf.append((char) c); @@ -360,31 +360,26 @@ class AVAPattern { } if (c == '+' || c == ',') { // either ',' or '+' - in.unread(c); // pushback last , or + + in.unread(c); // pushback last , or + } } catch (IOException e) { - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_INTERNAL_ERROR", e.toString())); } mValue = valueBuf.toString().trim(); - /* try { - * AVA ava = mLdapDNStrConverter.parseAVA( - * valueBuf.toString()); - * mValue = ava.toLdapDNString(); - * //System.out.println("----- mValue "+mValue); - * } catch (IOException e) { - * throw new ECompSyntaxErr(e.toString()); - * } + /* + * try { AVA ava = mLdapDNStrConverter.parseAVA( + * valueBuf.toString()); mValue = ava.toLdapDNString(); + * //System.out.println("----- mValue "+mValue); } catch + * (IOException e) { throw new ECompSyntaxErr(e.toString()); } */ } } - public String formAVA(IRequest req, - X500Name subject, - CertificateExtensions extensions) - throws ELdapException { + public String formAVA(IRequest req, X500Name subject, + CertificateExtensions extensions) throws ELdapException { if (TYPE_CONSTANT.equals(mType)) { return mValue; } @@ -392,11 +387,11 @@ class AVAPattern { if (TYPE_SUBJ.equals(mType)) { String dn = subject.toString(); - if (mTestDN != null) { + if (mTestDN != null) { dn = mTestDN; } - //System.out.println("AVAPattern Using dn "+mTestDN); + // System.out.println("AVAPattern Using dn "+mTestDN); String[] rdns = LDAPDN.explodeDN(dn, false); String value = null; @@ -409,8 +404,8 @@ class AVAPattern { for (int j = 0; j < avas.length; j++) { String[] exploded = explodeAVA(avas[j]); - if (exploded[0].equalsIgnoreCase(mValue) && - ++nFound == mElement) { + if (exploded[0].equalsIgnoreCase(mValue) + && ++nFound == mElement) { value = exploded[1]; break; } @@ -429,11 +424,9 @@ class AVAPattern { if (extensions != null) { for (int i = 0; i < extensions.size(); i++) { - Extension ext = (Extension) - extensions.elementAt(i); + Extension ext = (Extension) extensions.elementAt(i); - String extName = - OIDMap.getName(ext.getExtensionId()); + String extName = OIDMap.getName(ext.getExtensionId()); int index = extName.lastIndexOf("."); @@ -445,13 +438,11 @@ class AVAPattern { // Check the extensions one by one. // For now, just give subjectAltName // as an example. - if (mValue.equalsIgnoreCase( - SubjectAlternativeNameExtension.NAME)) { + if (mValue + .equalsIgnoreCase(SubjectAlternativeNameExtension.NAME)) { try { - GeneralNames subjectNames = (GeneralNames) - ((SubjectAlternativeNameExtension) - ext).get( - SubjectAlternativeNameExtension.SUBJECT_NAME); + GeneralNames subjectNames = (GeneralNames) ((SubjectAlternativeNameExtension) ext) + .get(SubjectAlternativeNameExtension.SUBJECT_NAME); if (subjectNames.size() == 0) { break; @@ -459,12 +450,11 @@ class AVAPattern { int j = 0; - for (Enumeration n = - subjectNames.elements(); - n.hasMoreElements();) { + for (Enumeration n = subjectNames.elements(); n + .hasMoreElements();) { - GeneralName gn = (GeneralName) - n.nextElement(); + GeneralName gn = (GeneralName) n + .nextElement(); String gname = gn.toString(); @@ -474,14 +464,13 @@ class AVAPattern { break; } - String gType = - gname.substring(0, index); + String gType = gname.substring(0, index); if (mGNType != null) { if (mGNType.equalsIgnoreCase(gType)) { if (mElement == j) { - gname = - gname.substring(index + 2); + gname = gname + .substring(index + 2); return gname; } else { j++; @@ -489,30 +478,25 @@ class AVAPattern { } } else { if (mElement == j) { - gname = - gname.substring(index + 2); + gname = gname.substring(index + 2); return gname; } j++; } } - } catch (IOException e) { - CMS.debug( - "AVAPattern: Publishing attr not formed " + - "from extension " + - "-- no attr : " + - mValue); + } catch (IOException e) { + CMS.debug("AVAPattern: Publishing attr not formed " + + "from extension " + + "-- no attr : " + + mValue); } } } } } - CMS.debug( - "AVAPattern: Publishing:attr not formed " + - "from extension " + - "-- no attr : " + - mValue); + CMS.debug("AVAPattern: Publishing:attr not formed " + + "from extension " + "-- no attr : " + mValue); return null; } @@ -521,9 +505,8 @@ class AVAPattern { // mPrefix and mValue are looked up case-insensitive String reqAttr = req.getExtDataInString(mPrefix, mValue); if (reqAttr == null) { - throw new - ELdapException( - CMS.getUserMessage("CMS_LDAP_NO_REQUEST", mValue, "")); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_NO_REQUEST", mValue, "")); } return reqAttr; @@ -549,10 +532,9 @@ class AVAPattern { } /** - * Explode RDN into AVAs. - * Does not handle escaped '+' - * Java ldap library does not yet support multiple avas per rdn. - * If RDN is malformed returns empty array. + * Explode RDN into AVAs. Does not handle escaped '+' Java ldap library does + * not yet support multiple avas per rdn. If RDN is malformed returns empty + * array. */ public static String[] explodeRDN(String rdn) { int plus = rdn.indexOf('+'); @@ -577,9 +559,8 @@ class AVAPattern { } /** - * Explode AVA into name and value. - * Does not handle escaped '=' - * If AVA is malformed empty array is returned. + * Explode AVA into name and value. Does not handle escaped '=' If AVA is + * malformed empty array is returned. */ public static String[] explodeAVA(String ava) { int equals = ava.indexOf('='); @@ -592,4 +573,3 @@ class AVAPattern { ava.substring(equals + 1).trim() }; } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java index 9f605678e..282e5411a 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Locale; @@ -48,20 +47,18 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; - -/** - * Maps a request to an entry in the LDAP server. - * Takes a dnPattern to form the baseDN from the request attributes - * and certificate subject name.Do a base search for the entry - * in the directory to publish the cert or crl. - * The restriction of this mapper is that the ldap dn components must - * be part of certificate subject name or request attributes or constant. - * +/** + * Maps a request to an entry in the LDAP server. Takes a dnPattern to form the + * baseDN from the request attributes and certificate subject name.Do a base + * search for the entry in the directory to publish the cert or crl. The + * restriction of this mapper is that the ldap dn components must be part of + * certificate subject name or request attributes or constant. + * * @version $Revision$, $Date$ */ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { - protected static final String PROP_DNPATTERN = "dnPattern"; - protected static final String PROP_CREATECA = "createCAEntry"; + protected static final String PROP_DNPATTERN = "dnPattern"; + protected static final String PROP_CREATECA = "createCAEntry"; protected String mDnPattern = null; protected boolean mCreateCAEntry = true; @@ -72,28 +69,28 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { /* the subject DN pattern */ protected MapDNPattern mPattern = null; - /* the list of request attriubutes to retrieve*/ + /* the list of request attriubutes to retrieve */ protected String[] mReqAttrs = null; - /* the list of cert attriubutes to retrieve*/ + /* the list of cert attriubutes to retrieve */ protected String[] mCertAttrs = null; /* default dn pattern if left blank or not set in the config */ - public static final String DEFAULT_DNPATTERN = - "UID=$req.HTTP_PARAMS.UID, OU=people, O=$subj.o, C=$subj.c"; + public static final String DEFAULT_DNPATTERN = "UID=$req.HTTP_PARAMS.UID, OU=people, O=$subj.o, C=$subj.c"; - /** + /** * Constructor. - * - * @param dnPattern The base DN. + * + * @param dnPattern The base DN. */ public LdapCaSimpleMap(String dnPattern) { try { init(dnPattern); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("OPERATION_ERROR", e.toString())); } - + } /** @@ -104,16 +101,17 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { public String[] getExtendedPluginInfo(Locale locale) { String params[] = { - "dnPattern;string;Describes how to form the Ldap Subject name in" + - " the directory. Example 1: 'uid=CertMgr, o=Fedora'. Example 2:" + - " 'uid=$req.HTTP_PARAMS.uid, E=$ext.SubjectAlternativeName.RFC822Name, ou=$subj.ou'. " + - "$req means: take the attribute from the request. " + - "$subj means: take the attribute from the certificate subject name. " + - "$ext means: take the attribute from the certificate extension", + "dnPattern;string;Describes how to form the Ldap Subject name in" + + " the directory. Example 1: 'uid=CertMgr, o=Fedora'. Example 2:" + + " 'uid=$req.HTTP_PARAMS.uid, E=$ext.SubjectAlternativeName.RFC822Name, ou=$subj.ou'. " + + "$req means: take the attribute from the request. " + + "$subj means: take the attribute from the certificate subject name. " + + "$ext means: take the attribute from the certificate extension", "createCAEntry;boolean;If checked, CA entry will be created automatically", - IExtendedPluginInfo.HELP_TOKEN + ";configuration-ldappublish-mapper-casimplemapper", - IExtendedPluginInfo.HELP_TEXT + ";Describes how to form the LDAP DN of the entry to publish to" - }; + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ldappublish-mapper-casimplemapper", + IExtendedPluginInfo.HELP_TEXT + + ";Describes how to form the LDAP DN of the entry to publish to" }; return params; } @@ -122,11 +120,10 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { return mConfig; } - /** + /** * for initializing from config store. */ - public void init(IConfigStore config) - throws EBaseException { + public void init(IConfigStore config) throws EBaseException { mConfig = config; String dnPattern = mConfig.getString(PROP_DNPATTERN); @@ -137,51 +134,51 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { /** * common initialization routine. */ - protected void init(String dnPattern) - throws EBaseException { - if (mInited) + protected void init(String dnPattern) throws EBaseException { + if (mInited) return; mDnPattern = dnPattern; - if (mDnPattern == null || mDnPattern.length() == 0) + if (mDnPattern == null || mDnPattern.length() == 0) mDnPattern = DEFAULT_DNPATTERN; try { mPattern = new MapDNPattern(mDnPattern); String[] mReqAttrs = mPattern.getReqAttrs(); String[] mCertAttrs = mPattern.getCertAttrs(); } catch (ELdapException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT", dnPattern, e.toString())); - throw new EBaseException("falied to init with pattern " + - dnPattern + " " + e); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT", dnPattern, + e.toString())); + throw new EBaseException("falied to init with pattern " + dnPattern + + " " + e); } mInited = true; } /** - * Maps a X500 subject name to LDAP entry. - * Uses DN pattern to form a DN for a LDAP base search. + * Maps a X500 subject name to LDAP entry. Uses DN pattern to form a DN for + * a LDAP base search. * - * @param conn the LDAP connection. - * @param obj the object to map. + * @param conn the LDAP connection. + * @param obj the object to map. * @exception ELdapException if any LDAP exceptions occured. - */ - public String map(LDAPConnection conn, Object obj) - throws ELdapException { + */ + public String map(LDAPConnection conn, Object obj) throws ELdapException { return map(conn, null, obj); } /** - * Maps a X500 subject name to LDAP entry. - * Uses DN pattern to form a DN for a LDAP base search. + * Maps a X500 subject name to LDAP entry. Uses DN pattern to form a DN for + * a LDAP base search. * - * @param conn the LDAP connection. - * @param req the request to map. - * @param obj the object to map. + * @param conn the LDAP connection. + * @param req the request to map. + * @param obj the object to map. * @exception ELdapException if any LDAP exceptions occured. - */ + */ public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { if (conn == null) return null; String dn = null; @@ -189,13 +186,14 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { try { dn = formDN(req, obj); if (dn == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_NOT_FORMED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_DN_NOT_FORMED")); String s1 = ""; if (req != null) s1 = req.getRequestId().toString(); - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_NO_DN_MATCH", s1)); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_NO_DN_MATCH", s1)); } int scope = LDAPv2.SCOPE_BASE; String filter = "(objectclass=*)"; @@ -204,75 +202,82 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { String[] attrs = new String[] { LDAPv3.NO_ATTRS }; log(ILogger.LL_INFO, "searching for dn: " + dn + " filter:" - + filter + " scope: base"); + + filter + " scope: base"); - LDAPSearchResults results = - conn.search(dn, scope, filter, attrs, false); + LDAPSearchResults results = conn.search(dn, scope, filter, attrs, + false); LDAPEntry entry = results.next(); if (results.hasMoreElements()) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", dn, - ((req == null) ? "" : req.getRequestId().toString()))); - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", - ((req == null) ? "" : req.getRequestId().toString()))); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "PUBLISH_MORE_THAN_ONE_ENTRY", dn, ((req == null) ? "" + : req.getRequestId().toString()))); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_MORE_THAN_ONE_ENTRY", ((req == null) ? "" + : req.getRequestId().toString()))); } if (entry != null) return entry.getDN(); else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", dn, - ((req == null) ? "" : req.getRequestId().toString()))); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", - "null entry")); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "PUBLISH_ENTRY_NOT_FOUND", dn, ((req == null) ? "" + : req.getRequestId().toString()))); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_NO_MATCH_FOUND", "null entry")); } } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); - } else if (e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT && mCreateCAEntry) { + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage( + "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); + } else if (e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT + && mCreateCAEntry) { try { createCAEntry(conn, dn); log(ILogger.LL_INFO, "CA Entry " + dn + " Created"); return dn; } catch (LDAPException e1) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", dn, e1.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "PUBLISH_DN_MAP_EXCEPTION", dn, e1.toString())); if (e1.getLDAPResultCode() == LDAPException.CONSTRAINT_VIOLATION) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CA_ENTRY_NOT_CREATED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_CA_ENTRY_NOT_CREATED")); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CA_ENTRY_NOT_CREATED1")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_CA_ENTRY_NOT_CREATED1")); } - throw new - ELdapException(CMS.getUserMessage("CMS_LDAP_CREATE_CA_FAILED", dn)); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_CREATE_CA_FAILED", dn)); } } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", dn, e.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", dn, + e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_NO_MATCH_FOUND", e.toString())); } } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_EXCEPTION_CAUGHT", e.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_EXCEPTION_CAUGHT", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_NO_MATCH_FOUND", e.toString())); } } private void createCAEntry(LDAPConnection conn, String dn) - throws LDAPException { + throws LDAPException { LDAPAttributeSet attrs = new LDAPAttributeSet(); // OID 2.5.6.16 - String caOc[] = new String[] {"top", - "person", - "organizationalPerson", - "inetOrgPerson"}; - - String oOc[] = {"top", - "organization"}; - String oiOc[] = {"top", - "organizationalunit"}; - + String caOc[] = new String[] { "top", "person", "organizationalPerson", + "inetOrgPerson" }; + + String oOc[] = { "top", "organization" }; + String oiOc[] = { "top", "organizationalunit" }; + DN dnobj = new DN(dn); String attrval[] = dnobj.explodeDN(true); @@ -286,6 +291,7 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { /** * form a dn from component in the request and cert subject name + * * @param req The request * @param obj The certificate or crl */ @@ -296,33 +302,35 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { try { X509Certificate cert = (X509Certificate) obj; - subjectDN = - (X500Name) ((X509Certificate) cert).getSubjectDN(); + subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN(); - CMS.debug("LdapCaSimpleMap: cert subject dn:" + subjectDN.toString()); - X509CertInfo info = (X509CertInfo) - ((X509CertImpl) cert).get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + CMS.debug("LdapCaSimpleMap: cert subject dn:" + + subjectDN.toString()); + X509CertInfo info = (X509CertInfo) ((X509CertImpl) cert) + .get(X509CertImpl.NAME + "." + X509CertImpl.INFO); - certExt = (CertificateExtensions) info.get( - CertificateExtensions.NAME); + certExt = (CertificateExtensions) info + .get(CertificateExtensions.NAME); } catch (java.security.cert.CertificateParsingException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); } catch (java.security.cert.CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); } catch (ClassCastException e) { try { X509CRLImpl crl = (X509CRLImpl) obj; - subjectDN = - (X500Name) ((X509CRLImpl) crl).getIssuerDN(); + subjectDN = (X500Name) ((X509CRLImpl) crl).getIssuerDN(); - CMS.debug("LdapCaSimpleMap: crl issuer dn: " + - subjectDN.toString()); - }catch (ClassCastException ex) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED", + CMS.debug("LdapCaSimpleMap: crl issuer dn: " + + subjectDN.toString()); + } catch (ClassCastException ex) { + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED", ((req == null) ? "" : req.getRequestId().toString()))); return null; } @@ -332,11 +340,12 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { return dn; } catch (ELdapException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_FORM_DN", - ((req == null) ? "" : req.getRequestId().toString()), e.toString())); - throw new EBaseException("falied to form dn for request: " + - ((req == null) ? "" : req.getRequestId().toString()) + " " + e); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_FORM_DN", + ((req == null) ? "" : req.getRequestId().toString()), + e.toString())); + throw new EBaseException("falied to form dn for request: " + + ((req == null) ? "" : req.getRequestId().toString()) + + " " + e); } } @@ -362,11 +371,12 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { try { if (mDnPattern == null) { v.addElement(PROP_DNPATTERN + "="); - }else { - v.addElement(PROP_DNPATTERN + "=" + - mConfig.getString(PROP_DNPATTERN)); + } else { + v.addElement(PROP_DNPATTERN + "=" + + mConfig.getString(PROP_DNPATTERN)); } - v.addElement(PROP_CREATECA + "=" + mConfig.getBoolean(PROP_CREATECA, true)); + v.addElement(PROP_CREATECA + "=" + + mConfig.getBoolean(PROP_CREATECA, true)); } catch (Exception e) { } return v; @@ -374,8 +384,7 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCaSimpleMapper: " + msg); + "LdapCaSimpleMapper: " + msg); } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertCompsMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertCompsMap.java index b8cc06f77..8b7a1dbe8 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertCompsMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertCompsMap.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.security.cert.CRLException; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; @@ -34,22 +33,19 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; - -/** - * Maps a X509 certificate to a LDAP entry using AVAs in the certificate's - * subject name to form the ldap search dn and filter. - * Takes a optional root search dn. - * The DN comps are used to form a LDAP entry to begin a subtree search. - * The filter comps are used to form a search filter for the subtree. - * If none of the DN comps matched, baseDN is used for the subtree. - * If the baseDN is null and none of the DN comps matched, it is an error. - * If none of the DN comps and filter comps matched, it is an error. - * If just the filter comps is null, a base search is performed. - * +/** + * Maps a X509 certificate to a LDAP entry using AVAs in the certificate's + * subject name to form the ldap search dn and filter. Takes a optional root + * search dn. The DN comps are used to form a LDAP entry to begin a subtree + * search. The filter comps are used to form a search filter for the subtree. If + * none of the DN comps matched, baseDN is used for the subtree. If the baseDN + * is null and none of the DN comps matched, it is an error. If none of the DN + * comps and filter comps matched, it is an error. If just the filter comps is + * null, a base search is performed. + * * @version $Revision$, $Date$ */ -public class LdapCertCompsMap - extends LdapDNCompsMap implements ILdapMapper { +public class LdapCertCompsMap extends LdapDNCompsMap implements ILdapMapper { ILogger mLogger = CMS.getLogger(); public LdapCertCompsMap() { @@ -57,22 +53,22 @@ public class LdapCertCompsMap // via configuration } - /** + /** * Constructor. - * - * The DN comps are used to form a LDAP entry to begin a subtree search. - * The filter comps are used to form a search filter for the subtree. - * If none of the DN comps matched, baseDN is used for the subtree. - * If the baseDN is null and none of the DN comps matched, it is an error. - * If none of the DN comps and filter comps matched, it is an error. - * If just the filter comps is null, a base search is performed. * - * @param baseDN The base DN. + * The DN comps are used to form a LDAP entry to begin a subtree search. The + * filter comps are used to form a search filter for the subtree. If none of + * the DN comps matched, baseDN is used for the subtree. If the baseDN is + * null and none of the DN comps matched, it is an error. If none of the DN + * comps and filter comps matched, it is an error. If just the filter comps + * is null, a base search is performed. + * + * @param baseDN The base DN. * @param dnComps Components to form the LDAP base dn for search. * @param filterComps Components to form the LDAP search filter. */ public LdapCertCompsMap(String baseDN, ObjectIdentifier[] dnComps, - ObjectIdentifier[] filterComps) { + ObjectIdentifier[] filterComps) { init(baseDN, dnComps, filterComps); } @@ -99,40 +95,35 @@ public class LdapCertCompsMap /** * constructor using non-standard certificate attribute. */ - public LdapCertCompsMap(String certAttr, String baseDN, - ObjectIdentifier[] dnComps, - ObjectIdentifier[] filterComps) { + public LdapCertCompsMap(String certAttr, String baseDN, + ObjectIdentifier[] dnComps, ObjectIdentifier[] filterComps) { super(certAttr, baseDN, dnComps, filterComps); } protected void init(String baseDN, ObjectIdentifier[] dnComps, - ObjectIdentifier[] filterComps) { + ObjectIdentifier[] filterComps) { super.init(baseDN, dnComps, filterComps); } /** - * Maps a certificate to LDAP entry. - * Uses DN components and filter components to form a DN and - * filter for a LDAP search. - * If the formed DN is null the baseDN will be used. - * If the formed DN is null and baseDN is null an error is thrown. - * If the filter is null a base search is performed. - * If both are null an error is thrown. + * Maps a certificate to LDAP entry. Uses DN components and filter + * components to form a DN and filter for a LDAP search. If the formed DN is + * null the baseDN will be used. If the formed DN is null and baseDN is null + * an error is thrown. If the filter is null a base search is performed. If + * both are null an error is thrown. * * @param conn - the LDAP connection. * @param obj - the X509Certificate. */ - public String - map(LDAPConnection conn, Object obj) - throws ELdapException { + public String map(LDAPConnection conn, Object obj) throws ELdapException { if (conn == null) return null; try { X509Certificate cert = (X509Certificate) obj; String result = null; // form dn and filter for search. - X500Name subjectDN = - (X500Name) ((X509Certificate) cert).getSubjectDN(); + X500Name subjectDN = (X500Name) ((X509Certificate) cert) + .getSubjectDN(); CMS.debug("LdapCertCompsMap: " + subjectDN.toString()); @@ -141,15 +132,16 @@ public class LdapCertCompsMap result = super.map(conn, subjectDN, certbytes); return result; } catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString())); - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); } catch (ClassCastException e) { try { X509CRLImpl crl = (X509CRLImpl) obj; String result = null; - X500Name issuerDN = - (X500Name) ((X509CRLImpl) crl).getIssuerDN(); + X500Name issuerDN = (X500Name) ((X509CRLImpl) crl) + .getIssuerDN(); CMS.debug("LdapCertCompsMap: " + issuerDN.toString()); @@ -158,24 +150,27 @@ public class LdapCertCompsMap result = super.map(conn, issuerDN, crlbytes); return result; } catch (CRLException ex) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_DECODE_CRL", ex.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CRL_FAILED", ex.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_CANT_DECODE_CRL", + ex.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_GET_DER_ENCODED_CRL_FAILED", ex.toString())); } catch (ClassCastException ex) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT")); return null; } } } public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { return map(conn, obj); } private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCertCompsMap: " + msg); + "LdapCertCompsMap: " + msg); } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java index 7ce49748a..93fd58ee5 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.security.cert.X509Certificate; import java.util.Locale; import java.util.Vector; @@ -41,11 +40,10 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; - -/** - * Maps a X509 certificate to a LDAP entry by using the subject name - * of the certificate as the LDAP entry DN. - * +/** + * Maps a X509 certificate to a LDAP entry by using the subject name of the + * certificate as the LDAP entry DN. + * * @version $Revision$, $Date$ */ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { @@ -63,8 +61,7 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { return mConfig; } - public void init(IConfigStore config) - throws EBaseException { + public void init(IConfigStore config) throws EBaseException { if (mInited == true) return; mConfig = config; @@ -73,11 +70,10 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { public String[] getExtendedPluginInfo(Locale locale) { String[] params = { - IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-mapper-certexactmapper", - IExtendedPluginInfo.HELP_TEXT + - ";Literally uses the subject name of the certificate as the DN to publish to" - }; + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ldappublish-mapper-certexactmapper", + IExtendedPluginInfo.HELP_TEXT + + ";Literally uses the subject name of the certificate as the DN to publish to" }; return params; } @@ -95,7 +91,7 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { return v; } - + public Vector getInstanceParams() { Vector v = new Vector(); @@ -103,15 +99,13 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { } /** - * Finds the entry for the certificate by looking for the cert - * subject name in the subject name attribute. + * Finds the entry for the certificate by looking for the cert subject name + * in the subject name attribute. * * @param conn - the LDAP connection. * @param obj - the X509Certificate. - */ - public String - map(LDAPConnection conn, Object obj) - throws ELdapException { + */ + public String map(LDAPConnection conn, Object obj) throws ELdapException { if (conn == null) return null; @@ -120,40 +114,40 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { try { X509Certificate cert = (X509Certificate) obj; - subjectDN = - (X500Name) ((X509Certificate) cert).getSubjectDN(); + subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN(); - CMS.debug("LdapCertExactMap: cert subject dn:" + subjectDN.toString()); + CMS.debug("LdapCertExactMap: cert subject dn:" + + subjectDN.toString()); } catch (ClassCastException e) { try { X509CRLImpl crl = (X509CRLImpl) obj; - subjectDN = - (X500Name) ((X509CRLImpl) crl).getIssuerDN(); + subjectDN = (X500Name) ((X509CRLImpl) crl).getIssuerDN(); - CMS.debug("LdapCertExactMap: crl issuer dn: " + - subjectDN.toString()); - }catch (ClassCastException ex) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT")); + CMS.debug("LdapCertExactMap: crl issuer dn: " + + subjectDN.toString()); + } catch (ClassCastException ex) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT")); return null; } } try { boolean hasCert = false; boolean hasSubjectName = false; - String[] attrs = new String[] { LDAPv3.NO_ATTRS }; + String[] attrs = new String[] { LDAPv3.NO_ATTRS }; log(ILogger.LL_INFO, "Searching for " + subjectDN.toString()); - LDAPSearchResults results = - conn.search(subjectDN.toString(), LDAPv2.SCOPE_BASE, - "(objectclass=*)", attrs, false); - + LDAPSearchResults results = conn.search(subjectDN.toString(), + LDAPv2.SCOPE_BASE, "(objectclass=*)", attrs, false); + LDAPEntry entry = results.next(); if (results.hasMoreElements()) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", subjectDN.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", + subjectDN.toString())); } if (entry != null) { log(ILogger.LL_INFO, "entry found"); @@ -165,39 +159,37 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage( + "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", e.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", + e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_NO_MATCH_FOUND", e.toString())); } } /* - catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_GET_SUBJECT", e.toString())); - throw new ELdapException( - LdapResources.GET_CERT_SUBJECT_DN_FAILED, e); - } - catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString())); - throw new ELdapException( - LdapResources.GET_DER_ENCODED_CERT_FAILED, e); - } + * catch (IOException e) { log(ILogger.LL_FAILURE, + * CMS.getLogMessage("PUBLISH_CANT_GET_SUBJECT", e.toString())); throw + * new ELdapException( LdapResources.GET_CERT_SUBJECT_DN_FAILED, e); } + * catch (CertificateEncodingException e) { log(ILogger.LL_FAILURE, + * CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString())); throw + * new ELdapException( LdapResources.GET_DER_ENCODED_CERT_FAILED, e); } */ } public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { return map(conn, obj); } private void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCertExactMap: " + msg); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, + "LdapCertExactMap: " + msg); } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java index 017441df0..b4ce10bc3 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.security.cert.X509Certificate; import java.util.Locale; import java.util.Vector; @@ -41,11 +40,10 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; - -/** - * Maps a X509 certificate to a LDAP entry by finding an LDAP entry - * which has an attribute whose contents are equal to the cert subject name. - * +/** + * Maps a X509 certificate to a LDAP entry by finding an LDAP entry which has an + * attribute whose contents are equal to the cert subject name. + * * @version $Revision$, $Date$ */ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { @@ -64,13 +62,15 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { /** * constructs a certificate subject name mapper with search base. - * @param searchBase the dn to start searching for the certificate - * subject name. + * + * @param searchBase the dn to start searching for the certificate subject + * name. */ public LdapCertSubjMap(String searchBase) { if (searchBase == null) throw new IllegalArgumentException( - "a null argument to constructor " + this.getClass().getName()); + "a null argument to constructor " + + this.getClass().getName()); mSearchBase = searchBase; mInited = true; } @@ -82,23 +82,23 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { * @param certSubjNameAttr attribute for certificate subject names. * @param certAttr attribute to find certificate. */ - public LdapCertSubjMap(String searchBase, - String certSubjNameAttr, String certAttr) { - if (searchBase == null || - certSubjNameAttr == null || certAttr == null) + public LdapCertSubjMap(String searchBase, String certSubjNameAttr, + String certAttr) { + if (searchBase == null || certSubjNameAttr == null || certAttr == null) throw new IllegalArgumentException( - "a null argument to constructor " + this.getClass().getName()); + "a null argument to constructor " + + this.getClass().getName()); mCertSubjNameAttr = certSubjNameAttr; mSearchBase = searchBase; mInited = true; } - public LdapCertSubjMap(String searchBase, - String certSubjNameAttr, String certAttr, boolean useAllEntries) { - if (searchBase == null || - certSubjNameAttr == null || certAttr == null) + public LdapCertSubjMap(String searchBase, String certSubjNameAttr, + String certAttr, boolean useAllEntries) { + if (searchBase == null || certSubjNameAttr == null || certAttr == null) throw new IllegalArgumentException( - "a null argument to constructor " + this.getClass().getName()); + "a null argument to constructor " + + this.getClass().getName()); mCertSubjNameAttr = certSubjNameAttr; mSearchBase = searchBase; mUseAllEntries = useAllEntries; @@ -127,16 +127,15 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { "certSubjNameAttr;string;Name of Ldap attribute containing cert subject name", "searchBase;string;Base DN to search from", "useAllEntries;boolean;Use all entries for publishing", - IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-mapper-certsubjmapper", - IExtendedPluginInfo.HELP_TEXT + - ";This plugin assumes you want to publish to an LDAP entry which has " + - "an attribute whose contents are equal to the cert subject name" - }; + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ldappublish-mapper-certsubjmapper", + IExtendedPluginInfo.HELP_TEXT + + ";This plugin assumes you want to publish to an LDAP entry which has " + + "an attribute whose contents are equal to the cert subject name" }; return params; } - + public Vector getInstanceParams() { Vector v = new Vector(); @@ -158,28 +157,25 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { return mConfig; } - public void init(IConfigStore config) - throws EBaseException { + public void init(IConfigStore config) throws EBaseException { if (mInited == true) return; mConfig = config; mCertSubjNameAttr = config.getString("certSubjNameAttr", - LDAP_CERTSUBJNAME_ATTR); + LDAP_CERTSUBJNAME_ATTR); mSearchBase = config.getString("searchBase"); mUseAllEntries = config.getBoolean("useAllEntries", false); mInited = true; } /** - * Finds the entry for the certificate by looking for the cert - * subject name in the subject name attribute. + * Finds the entry for the certificate by looking for the cert subject name + * in the subject name attribute. * * @param conn - the LDAP connection. * @param obj - the X509Certificate. - */ - public String - map(LDAPConnection conn, Object obj) - throws ELdapException { + */ + public String map(LDAPConnection conn, Object obj) throws ELdapException { if (conn == null) return null; X500Name subjectDN = null; @@ -187,41 +183,43 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { try { X509Certificate cert = (X509Certificate) obj; - subjectDN = - (X500Name) ((X509Certificate) cert).getSubjectDN(); + subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN(); - CMS.debug("LdapCertSubjMap: cert subject dn:" + subjectDN.toString()); + CMS.debug("LdapCertSubjMap: cert subject dn:" + + subjectDN.toString()); } catch (ClassCastException e) { try { X509CRLImpl crl = (X509CRLImpl) obj; - subjectDN = - (X500Name) ((X509CRLImpl) crl).getIssuerDN(); + subjectDN = (X500Name) ((X509CRLImpl) crl).getIssuerDN(); - CMS.debug("LdapCertSubjMap: crl issuer dn: " + - subjectDN.toString()); - }catch (ClassCastException ex) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT")); + CMS.debug("LdapCertSubjMap: crl issuer dn: " + + subjectDN.toString()); + } catch (ClassCastException ex) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT")); return null; } } try { boolean hasCert = false; boolean hasSubjectName = false; - String[] attrs = new String[] { LDAPv3.NO_ATTRS }; + String[] attrs = new String[] { LDAPv3.NO_ATTRS }; + + log(ILogger.LL_INFO, "search " + mSearchBase + " (" + + mCertSubjNameAttr + "=" + subjectDN + ") " + + mCertSubjNameAttr); - log(ILogger.LL_INFO, "search " + mSearchBase + - " (" + mCertSubjNameAttr + "=" + subjectDN + ") " + mCertSubjNameAttr); + LDAPSearchResults results = conn.search(mSearchBase, + LDAPv2.SCOPE_SUB, "(" + mCertSubjNameAttr + "=" + subjectDN + + ")", attrs, false); - LDAPSearchResults results = - conn.search(mSearchBase, LDAPv2.SCOPE_SUB, - "(" + mCertSubjNameAttr + "=" + subjectDN + ")", attrs, false); - LDAPEntry entry = results.next(); if (results.hasMoreElements()) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", subjectDN.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", + subjectDN.toString())); } if (entry != null) { log(ILogger.LL_INFO, "entry found"); @@ -233,38 +231,35 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage( + "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "PUBLISH_DN_MAP_EXCEPTION", "LDAPException", + e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_NO_MATCH_FOUND", e.toString())); } } /* - catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_GET_SUBJECT", e.toString())); - throw new ELdapException( - LdapResources.GET_CERT_SUBJECT_DN_FAILED, e); - } - catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString())); - throw new ELdapException( - LdapResources.GET_DER_ENCODED_CERT_FAILED, e); - } + * catch (IOException e) { log(ILogger.LL_FAILURE, + * CMS.getLogMessage("PUBLISH_CANT_GET_SUBJECT", e.toString())); throw + * new ELdapException( LdapResources.GET_CERT_SUBJECT_DN_FAILED, e); } + * catch (CertificateEncodingException e) { log(ILogger.LL_FAILURE, + * CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString())); throw + * new ELdapException( LdapResources.GET_DER_ENCODED_CERT_FAILED, e); } */ } public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { return map(conn, obj); } - public Vector mapAll(LDAPConnection conn, Object obj) - throws ELdapException { + public Vector mapAll(LDAPConnection conn, Object obj) throws ELdapException { Vector v = new Vector(); if (conn == null) @@ -274,28 +269,31 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { try { X509Certificate cert = (X509Certificate) obj; subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN(); - CMS.debug("LdapCertSubjMap: cert subject dn:" + subjectDN.toString()); + CMS.debug("LdapCertSubjMap: cert subject dn:" + + subjectDN.toString()); } catch (ClassCastException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT")); return v; } try { boolean hasCert = false; boolean hasSubjectName = false; - String[] attrs = new String[] { LDAPv3.NO_ATTRS }; + String[] attrs = new String[] { LDAPv3.NO_ATTRS }; - log(ILogger.LL_INFO, "search " + mSearchBase + - " (" + mCertSubjNameAttr + "=" + subjectDN + ") " + mCertSubjNameAttr); + log(ILogger.LL_INFO, "search " + mSearchBase + " (" + + mCertSubjNameAttr + "=" + subjectDN + ") " + + mCertSubjNameAttr); + + LDAPSearchResults results = conn.search(mSearchBase, + LDAPv2.SCOPE_SUB, "(" + mCertSubjNameAttr + "=" + subjectDN + + ")", attrs, false); - LDAPSearchResults results = - conn.search(mSearchBase, LDAPv2.SCOPE_SUB, - "(" + mCertSubjNameAttr + "=" + subjectDN + ")", attrs, false); - while (results.hasMoreElements()) { LDAPEntry entry = results.next(); String dn = entry.getDN(); v.addElement(dn); - CMS.debug("LdapCertSubjMap: dn="+dn); + CMS.debug("LdapCertSubjMap: dn=" + dn); } CMS.debug("LdapCertSubjMap: Number of entries: " + v.size()); } catch (LDAPException e) { @@ -303,12 +301,16 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage( + "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "PUBLISH_DN_MAP_EXCEPTION", "LDAPException", + e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_NO_MATCH_FOUND", e.toString())); } } @@ -316,13 +318,13 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { } public Vector mapAll(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { return mapAll(conn, obj); } private void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCertSubjMap: " + msg); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, + "LdapCertSubjMap: " + msg); } /** @@ -344,4 +346,3 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java index 40283e985..05d25e5ff 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.security.cert.CRLException; import java.util.Vector; @@ -32,16 +31,14 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; - -/** - * Default crl mapper. - * maps the crl to a ldap entry by using components in the issuer name - * to find the CA's entry. - * +/** + * Default crl mapper. maps the crl to a ldap entry by using components in the + * issuer name to find the CA's entry. + * * @version $Revision$, $Date$ */ -public class LdapCrlIssuerCompsMap - extends LdapDNCompsMap implements ILdapMapper { +public class LdapCrlIssuerCompsMap extends LdapDNCompsMap implements + ILdapMapper { ILogger mLogger = CMS.getLogger(); public LdapCrlIssuerCompsMap() { @@ -49,31 +46,30 @@ public class LdapCrlIssuerCompsMap // via configuration } - /** + /** * Constructor. - * - * The DN comps are used to form a LDAP entry to begin a subtree search. - * The filter comps are used to form a search filter for the subtree. - * If none of the DN comps matched, baseDN is used for the subtree. - * If the baseDN is null and none of the DN comps matched, it is an error. - * If none of the DN comps and filter comps matched, it is an error. - * If just the filter comps is null, a base search is performed. * - * @param baseDN The base DN. + * The DN comps are used to form a LDAP entry to begin a subtree search. The + * filter comps are used to form a search filter for the subtree. If none of + * the DN comps matched, baseDN is used for the subtree. If the baseDN is + * null and none of the DN comps matched, it is an error. If none of the DN + * comps and filter comps matched, it is an error. If just the filter comps + * is null, a base search is performed. + * + * @param baseDN The base DN. * @param dnComps Components to form the LDAP base dn for search. * @param filterComps Components to form the LDAP search filter. */ public LdapCrlIssuerCompsMap(String baseDN, ObjectIdentifier[] dnComps, - ObjectIdentifier[] filterComps) { + ObjectIdentifier[] filterComps) { init(baseDN, dnComps, filterComps); } /** * constructor using non-standard certificate attribute. */ - public LdapCrlIssuerCompsMap(String crlAttr, String baseDN, - ObjectIdentifier[] dnComps, - ObjectIdentifier[] filterComps) { + public LdapCrlIssuerCompsMap(String crlAttr, String baseDN, + ObjectIdentifier[] dnComps, ObjectIdentifier[] filterComps) { super(crlAttr, baseDN, dnComps, filterComps); } @@ -88,7 +84,7 @@ public class LdapCrlIssuerCompsMap public Vector getDefaultParams() { Vector v = super.getDefaultParams(); - //v.addElement("crlAttr=" + LdapCrlPublisher.LDAP_CRL_ATTR); + // v.addElement("crlAttr=" + LdapCrlPublisher.LDAP_CRL_ATTR); return v; } @@ -99,35 +95,30 @@ public class LdapCrlIssuerCompsMap } protected void init(String baseDN, ObjectIdentifier[] dnComps, - ObjectIdentifier[] filterComps) { - //mLdapAttr = LdapCrlPublisher.LDAP_CRL_ATTR; + ObjectIdentifier[] filterComps) { + // mLdapAttr = LdapCrlPublisher.LDAP_CRL_ATTR; super.init(baseDN, dnComps, filterComps); } /** - * Maps a crl to LDAP entry. - * Uses issuer DN components and filter components to form a DN and - * filter for a LDAP search. - * If the formed DN is null the baseDN will be used. - * If the formed DN is null and baseDN is null an error is thrown. - * If the filter is null a base search is performed. - * If both are null an error is thrown. + * Maps a crl to LDAP entry. Uses issuer DN components and filter components + * to form a DN and filter for a LDAP search. If the formed DN is null the + * baseDN will be used. If the formed DN is null and baseDN is null an error + * is thrown. If the filter is null a base search is performed. If both are + * null an error is thrown. * * @param conn - the LDAP connection. * @param obj - the X509Certificate. * @return the result. LdapCertMapResult is also used for CRL. - */ - public String - map(LDAPConnection conn, Object obj) - throws ELdapException { + */ + public String map(LDAPConnection conn, Object obj) throws ELdapException { if (conn == null) return null; X509CRLImpl crl = (X509CRLImpl) obj; try { String result = null; - X500Name issuerDN = - (X500Name) ((X509CRLImpl) crl).getIssuerDN(); + X500Name issuerDN = (X500Name) ((X509CRLImpl) crl).getIssuerDN(); CMS.debug("LdapCrlIssuerCompsMap: " + issuerDN.toString()); @@ -136,14 +127,15 @@ public class LdapCrlIssuerCompsMap result = super.map(conn, issuerDN, crlbytes); return result; } catch (CRLException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_DECODE_CRL", e.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CRL_FAILED", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_CANT_DECODE_CRL", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_GET_DER_ENCODED_CRL_FAILED", e.toString())); } } public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { return map(conn, obj); } @@ -152,8 +144,7 @@ public class LdapCrlIssuerCompsMap */ private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCrlCompsMap: " + msg); + "LdapCrlCompsMap: " + msg); } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java index 1662283f3..36374ddbb 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -46,23 +45,20 @@ import com.netscape.certsrv.ldap.ELdapServerDownException; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPlugin; - -/** - * Maps a Subject name to an entry in the LDAP server. - * subject name to form the ldap search dn and filter. - * Takes a optional root search dn. - * The DN comps are used to form a LDAP entry to begin a subtree search. - * The filter comps are used to form a search filter for the subtree. - * If none of the DN comps matched, baseDN is used for the subtree. - * If the baseDN is null and none of the DN comps matched, it is an error. - * If none of the DN comps and filter comps matched, it is an error. - * If just the filter comps is null, a base search is performed. - * +/** + * Maps a Subject name to an entry in the LDAP server. subject name to form the + * ldap search dn and filter. Takes a optional root search dn. The DN comps are + * used to form a LDAP entry to begin a subtree search. The filter comps are + * used to form a search filter for the subtree. If none of the DN comps + * matched, baseDN is used for the subtree. If the baseDN is null and none of + * the DN comps matched, it is an error. If none of the DN comps and filter + * comps matched, it is an error. If just the filter comps is null, a base + * search is performed. + * * @version $Revision$, $Date$ */ -public class LdapDNCompsMap - implements ILdapPlugin, IExtendedPluginInfo { - //protected String mLdapAttr = null; +public class LdapDNCompsMap implements ILdapPlugin, IExtendedPluginInfo { + // protected String mLdapAttr = null; protected String mBaseDN = null; protected ObjectIdentifier[] mDnComps = null; protected ObjectIdentifier[] mFilterComps = null; @@ -71,24 +67,23 @@ public class LdapDNCompsMap private boolean mInited = false; protected IConfigStore mConfig = null; - /** + /** * Constructor. - * - * The DN comps are used to form a LDAP entry to begin a subtree search. - * The filter comps are used to form a search filter for the subtree. - * If none of the DN comps matched, baseDN is used for the subtree. - * If the baseDN is null and none of the DN comps matched, it is an error. - * If none of the DN comps and filter comps matched, it is an error. - * If just the filter comps is null, a base search is performed. * - * @param baseDN The base DN. + * The DN comps are used to form a LDAP entry to begin a subtree search. The + * filter comps are used to form a search filter for the subtree. If none of + * the DN comps matched, baseDN is used for the subtree. If the baseDN is + * null and none of the DN comps matched, it is an error. If none of the DN + * comps and filter comps matched, it is an error. If just the filter comps + * is null, a base search is performed. + * + * @param baseDN The base DN. * @param dnComps Components to form the LDAP base dn for search. * @param filterComps Components to form the LDAP search filter. */ - public LdapDNCompsMap(String ldapAttr, String baseDN, - ObjectIdentifier[] dnComps, - ObjectIdentifier[] filterComps) { - //mLdapAttr = ldapAttr; + public LdapDNCompsMap(String ldapAttr, String baseDN, + ObjectIdentifier[] dnComps, ObjectIdentifier[] filterComps) { + // mLdapAttr = ldapAttr; init(baseDN, dnComps, filterComps); } @@ -102,17 +97,16 @@ public class LdapDNCompsMap return mConfig; } - /** + /** * for initializing from config store. */ - public void init(IConfigStore config) - throws EBaseException { + public void init(IConfigStore config) throws EBaseException { mConfig = config; String baseDN = mConfig.getString("baseDN"); - ObjectIdentifier[] dnComps = - getCompsFromString(mConfig.getString("dnComps")); - ObjectIdentifier[] filterComps = - getCompsFromString(mConfig.getString("filterComps")); + ObjectIdentifier[] dnComps = getCompsFromString(mConfig + .getString("dnComps")); + ObjectIdentifier[] filterComps = getCompsFromString(mConfig + .getString("filterComps")); init(baseDN, dnComps, filterComps); } @@ -130,14 +124,13 @@ public class LdapDNCompsMap "baseDN;string;Base to search from. E.g ou=Engineering,o=Fedora", "dnComps;string;Comma-separated list of attributes to put in the DN", "filterComps;string;Comma-separated list of attributes to form the filter", - IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-mapper-dncompsmapper", - IExtendedPluginInfo.HELP_TEXT + - ";More complex mapper. Used when there is not enough information " + - "in the cert request to form the complete LDAP DN. Using this " + - "plugin, you can specify additional LDAP filters to narrow down the " + - "search" - }; + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ldappublish-mapper-dncompsmapper", + IExtendedPluginInfo.HELP_TEXT + + ";More complex mapper. Used when there is not enough information " + + "in the cert request to form the complete LDAP DN. Using this " + + "plugin, you can specify additional LDAP filters to narrow down the " + + "search" }; return s; } @@ -163,14 +156,12 @@ public class LdapDNCompsMap if (mDnComps == null) { v.addElement("dnComps="); } else { - v.addElement("dnComps=" + - mConfig.getString("dnComps")); + v.addElement("dnComps=" + mConfig.getString("dnComps")); } if (mFilterComps == null) { v.addElement("filterComps="); } else { - v.addElement("filterComps=" + - mConfig.getString("filterComps")); + v.addElement("filterComps=" + mConfig.getString("filterComps")); } } catch (Exception e) { } @@ -181,8 +172,8 @@ public class LdapDNCompsMap * common initialization routine. */ protected void init(String baseDN, ObjectIdentifier[] dnComps, - ObjectIdentifier[] filterComps) { - if (mInited) + ObjectIdentifier[] filterComps) { + if (mInited) return; mBaseDN = baseDN; @@ -191,36 +182,33 @@ public class LdapDNCompsMap if (filterComps != null) mFilterComps = (ObjectIdentifier[]) filterComps.clone(); - // log debug info. + // log debug info. for (int i = 0; i < mDnComps.length; i++) { - CMS.debug( - "LdapDNCompsMap: dnComp " + X500NameAttrMap.getDefault().getName(mDnComps[i])); + CMS.debug("LdapDNCompsMap: dnComp " + + X500NameAttrMap.getDefault().getName(mDnComps[i])); } for (int i = 0; i < mFilterComps.length; i++) { - CMS.debug("LdapDNCompsMap: filterComp " + - X500NameAttrMap.getDefault().getName(mFilterComps[i])); + CMS.debug("LdapDNCompsMap: filterComp " + + X500NameAttrMap.getDefault().getName(mFilterComps[i])); } mInited = true; } /** - * Maps a X500 subject name to LDAP entry. - * Uses DN components and filter components to form a DN and - * filter for a LDAP search. - * If the formed DN is null the baseDN will be used. - * If the formed DN is null and baseDN is null an error is thrown. - * If the filter is null a base search is performed. - * If both are null an error is thrown. + * Maps a X500 subject name to LDAP entry. Uses DN components and filter + * components to form a DN and filter for a LDAP search. If the formed DN is + * null the baseDN will be used. If the formed DN is null and baseDN is null + * an error is thrown. If the filter is null a base search is performed. If + * both are null an error is thrown. * - * @param conn the LDAP connection. - * @param x500name the dn to map. - * @param obj the object + * @param conn the LDAP connection. + * @param x500name the dn to map. + * @param obj the object * @exception ELdapException if any LDAP exceptions occured. * @return the DN of the entry. - */ - public String map(LDAPConnection conn, X500Name x500name, - byte[] obj) - throws ELdapException { + */ + public String map(LDAPConnection conn, X500Name x500name, byte[] obj) + throws ELdapException { try { if (conn == null) return null; @@ -234,17 +222,17 @@ public class LdapDNCompsMap if (dn == null) { // #362332 // if (filter == null) { - // log(ILogger.LL_FAILURE, "No dn and filter formed"); - // throw new ELdapException( - // LdapResources.NO_DN_AND_FILTER_COMPS, - // x500name.toString()); + // log(ILogger.LL_FAILURE, "No dn and filter formed"); + // throw new ELdapException( + // LdapResources.NO_DN_AND_FILTER_COMPS, + // x500name.toString()); // } if (mBaseDN == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_BASE")); - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_NO_DN_COMPS_AND_BASEDN", - x500name.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_NO_BASE")); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_NO_DN_COMPS_AND_BASEDN", + x500name.toString())); } dn = mBaseDN; } @@ -260,53 +248,57 @@ public class LdapDNCompsMap attrs = new String[] { LDAPv3.NO_ATTRS }; - log(ILogger.LL_INFO, "searching for " + dn + " " + filter + " " + - ((scope == LDAPv2.SCOPE_SUB) ? "sub" : "base")); + log(ILogger.LL_INFO, "searching for " + dn + " " + filter + " " + + ((scope == LDAPv2.SCOPE_SUB) ? "sub" : "base")); - LDAPSearchResults results = - conn.search(dn, scope, filter, attrs, false); + LDAPSearchResults results = conn.search(dn, scope, filter, attrs, + false); LDAPEntry entry = results.next(); if (results.hasMoreElements()) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", x500name.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", - x500name.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "PUBLISH_MORE_THAN_ONE_ENTRY", "", x500name.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_MORE_THAN_ONE_ENTRY", x500name.toString())); } if (entry != null) { return entry.getDN(); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", "", x500name.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", - "null entry")); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "PUBLISH_ENTRY_NOT_FOUND", "", x500name.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_NO_MATCH_FOUND", "null entry")); } } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage( + "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "PUBLISH_DN_MAP_EXCEPTION", "LDAPException", + e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_NO_MATCH_FOUND", e.toString())); } } } private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapDNCompsMap: " + msg); + "LdapDNCompsMap: " + msg); } /** * form a dn and filter from component in the cert subject name + * * @param subjName subject name */ - public String[] formDNandFilter(X500Name subjName) - throws ELdapException { + public String[] formDNandFilter(X500Name subjName) throws ELdapException { Vector dnRdns = new Vector(); SearchFilter filter = new SearchFilter(); X500NameAttrMap attrMap = X500NameAttrMap.getDefault(); @@ -327,17 +319,16 @@ public class LdapDNCompsMap if (oid == EOid) { DerValue val = ava.getValue(); AVA newAVA = new AVA(mailOid, val); - RDN newRDN = new RDN(new AVA[] { newAVA } - ); + RDN newRDN = new RDN(new AVA[] { newAVA }); - CMS.debug( - "LdapDNCompsMap: Converted " + rdn.toLdapDNString() + " to " + - newRDN.toLdapDNString() + " in DN"); + CMS.debug("LdapDNCompsMap: Converted " + + rdn.toLdapDNString() + " to " + + newRDN.toLdapDNString() + " in DN"); rdn = newRDN; } dnRdns.addElement(rdn); - CMS.debug( - "LdapDNCompsMap: adding dn comp " + rdn.toLdapDNString()); + CMS.debug("LdapDNCompsMap: adding dn comp " + + rdn.toLdapDNString()); break; } } @@ -347,31 +338,32 @@ public class LdapDNCompsMap DerValue val = ava.getValue(); AVA newAVA = new AVA(mailOid, val); - CMS.debug( - "LdapDNCompsMap: Converted " + ava.toLdapDNString() + " to " + - newAVA.toLdapDNString() + " in filter"); + CMS.debug("LdapDNCompsMap: Converted " + + ava.toLdapDNString() + " to " + + newAVA.toLdapDNString() + " in filter"); ava = newAVA; } filter.addElement(ava.toLdapDNString()); - CMS.debug( - "LdapDNCompsMap: adding filter comp " + ava.toLdapDNString()); + CMS.debug("LdapDNCompsMap: adding filter comp " + + ava.toLdapDNString()); break; } } - // XXX should be an error when string is null? + // XXX should be an error when string is null? // return to caller to decide. if (dnRdns.size() != 0) { dnStr = new X500Name(dnRdns).toLdapDNString(); - } + } if (filter.size() != 0) { filterStr = filter.toFilterString(); } } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_FROM_SUBJ_TO_DN", e.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FORM_DN_COMPS_FAILED", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_FROM_SUBJ_TO_DN", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_FORM_DN_COMPS_FAILED", e.toString())); } return new String[] { dnStr, filterStr }; @@ -386,8 +378,8 @@ public class LdapDNCompsMap } /** - * class for forming search filters for ldap searching from - * name=value components. components are anded. + * class for forming search filters for ldap searching from name=value + * components. components are anded. */ public static class SearchFilter extends Vector { /** @@ -415,21 +407,22 @@ public class LdapDNCompsMap } /** - * useful routine for parsing components given as string to - * arrays of objectidentifiers. - * The string is expected to be comma separated AVA attribute names. - * For example, "uid,cn,o,ou". Attribute names are case insensitive. + * useful routine for parsing components given as string to arrays of + * objectidentifiers. The string is expected to be comma separated AVA + * attribute names. For example, "uid,cn,o,ou". Attribute names are case + * insensitive. + * * @param val the string specifying the comps * @exception ELdapException if any error occurs. */ public static ObjectIdentifier[] getCompsFromString(String val) - throws ELdapException { + throws ELdapException { StringTokenizer tokens; ObjectIdentifier[] comps; String attr; ObjectIdentifier oid; - if (val == null || val.length() == 0) + if (val == null || val.length() == 0) return new ObjectIdentifier[0]; tokens = new StringTokenizer(val, ", \t\n\r"); @@ -442,18 +435,17 @@ public class LdapDNCompsMap while (tokens.hasMoreTokens()) { attr = tokens.nextToken().trim(); // mail -> E hack to look for E in subject names. - if (attr.equalsIgnoreCase("mail")) + if (attr.equalsIgnoreCase("mail")) attr = "E"; oid = X500NameAttrMap.getDefault().getOid(attr); if (oid != null) { comps[i++] = oid; } else { - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_UNKNOWN_ATTR_IN_DN_FILTER_COMPS", attr)); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_UNKNOWN_ATTR_IN_DN_FILTER_COMPS", attr)); } } return comps; } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java index c3c269515..a19e3c21a 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java @@ -20,7 +20,6 @@ package com.netscape.cms.publish.mappers; - /////////////////////// // import statements // /////////////////////// @@ -56,38 +55,29 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; - ////////////////////// // class definition // ////////////////////// -/** - * Maps a request to an entry in the LDAP server. - * Takes a dnPattern to form the baseDN from the - * request attributes and certificate subject name. - * Does a base search for the entry in the directory - * to publish the cert or crl. The restriction of - * this mapper is that the ldap dn components must - * be part of certificate subject name or request - * attributes or constant. The difference of this - * mapper and LdapSimpleMap is that if the ldap - * entry is not found, it has the option to create - * the ldap entry given the dn and attributes - * formulated. - * +/** + * Maps a request to an entry in the LDAP server. Takes a dnPattern to form the + * baseDN from the request attributes and certificate subject name. Does a base + * search for the entry in the directory to publish the cert or crl. The + * restriction of this mapper is that the ldap dn components must be part of + * certificate subject name or request attributes or constant. The difference of + * this mapper and LdapSimpleMap is that if the ldap entry is not found, it has + * the option to create the ldap entry given the dn and attributes formulated. + * * @version $Revision$, $Date$ */ -public class LdapEnhancedMap - implements ILdapMapper, IExtendedPluginInfo { - //////////////////////// +public class LdapEnhancedMap implements ILdapMapper, IExtendedPluginInfo { + // ////////////////////// // default parameters // - //////////////////////// - - + // ////////////////////// - ////////////////////////////////////// + // //////////////////////////////////// // local LdapEnhancedMap parameters // - ////////////////////////////////////// + // //////////////////////////////////// private boolean mInited = false; @@ -102,14 +92,14 @@ public class LdapEnhancedMap protected String[] mLdapValues = null; - //////////////////////////// + // ////////////////////////// // ILdapMapper parameters // - //////////////////////////// + // ////////////////////////// /* mapper plug-in fields */ - protected static final String PROP_DNPATTERN = "dnPattern"; + protected static final String PROP_DNPATTERN = "dnPattern"; protected static final String PROP_CREATE = "createEntry"; - // the object class of the entry to be created. xxxx not done yet + // the object class of the entry to be created. xxxx not done yet protected static final String PROP_OBJCLASS = "objectClass"; // req/cert/ext attribute --> directory attribute table protected static final String PROP_ATTRNUM = "attrNum"; @@ -119,10 +109,10 @@ public class LdapEnhancedMap /* mapper plug-in fields initialization values */ private static final int DEFAULT_NUM_ATTRS = 1; - /* Holds mapper plug-in fields accepted by this implementation. - * This list is passed to the configuration console so configuration - * for instances of this implementation can be configured through the - * console. + /* + * Holds mapper plug-in fields accepted by this implementation. This list is + * passed to the configuration console so configuration for instances of + * this implementation can be configured through the console. */ private static Vector defaultParams = new Vector(); @@ -145,9 +135,8 @@ public class LdapEnhancedMap /* miscellaneous constants local to this mapper plug-in */ // default dn pattern if left blank or not set in the config - public static final String DEFAULT_DNPATTERN = - "UID=$req.HTTP_PARAMS.UID, " + - "OU=people, O=$subj.o, C=$subj.c"; + public static final String DEFAULT_DNPATTERN = "UID=$req.HTTP_PARAMS.UID, " + + "OU=people, O=$subj.o, C=$subj.c"; private static final int MAX_ATTRS = 10; protected static final int DEFAULT_ATTRNUM = 1; @@ -155,21 +144,19 @@ public class LdapEnhancedMap protected IConfigStore mConfig = null; protected AVAPattern[] mPatterns = null; - //////////////////////////////////// + // ////////////////////////////////// // IExtendedPluginInfo parameters // - //////////////////////////////////// + // ////////////////////////////////// - - - /////////////////////// + // ///////////////////// // Logger parameters // - /////////////////////// + // ///////////////////// private ILogger mLogger = CMS.getLogger(); - ///////////////////// + // /////////////////// // default methods // - ///////////////////// + // /////////////////// /** * Default constructor, initialization must follow. @@ -177,22 +164,20 @@ public class LdapEnhancedMap public LdapEnhancedMap() { } - /////////////////////////////////// + // ///////////////////////////////// // local LdapEnhancedMap methods // - /////////////////////////////////// + // ///////////////////////////////// /** * common initialization routine. */ - protected void init(String dnPattern) - throws EBaseException { + protected void init(String dnPattern) throws EBaseException { if (mInited) { return; } mDnPattern = dnPattern; - if (mDnPattern == null || - mDnPattern.length() == 0) { + if (mDnPattern == null || mDnPattern.length() == 0) { mDnPattern = DEFAULT_DNPATTERN; } @@ -202,11 +187,10 @@ public class LdapEnhancedMap String[] mCertAttrs = mPattern.getCertAttrs(); } catch (ELdapException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT", - dnPattern, e.toString())); - throw new EBaseException( - "falied to init with pattern " + - dnPattern + " " + e); + CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT", dnPattern, + e.toString())); + throw new EBaseException("falied to init with pattern " + dnPattern + + " " + e); } mInited = true; @@ -214,60 +198,52 @@ public class LdapEnhancedMap /** * form a dn from component in the request and cert subject name + * * @param req The request * @param obj The certificate or crl */ - private String formDN(IRequest req, Object obj) - throws EBaseException { + private String formDN(IRequest req, Object obj) throws EBaseException { CertificateExtensions certExt = null; X500Name subjectDN = null; try { X509Certificate cert = (X509Certificate) obj; - subjectDN = - (X500Name) ((X509Certificate) cert).getSubjectDN(); - CMS.debug( - "LdapEnhancedMap: cert subject dn:" + - subjectDN.toString()); + subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN(); + CMS.debug("LdapEnhancedMap: cert subject dn:" + + subjectDN.toString()); + + // certExt = (CertificateExtensions) + // ((X509CertImpl)cert).get( + // X509CertInfo.EXTENSIONS); + X509CertInfo info = (X509CertInfo) ((X509CertImpl) cert) + .get(X509CertImpl.NAME + "." + X509CertImpl.INFO); - //certExt = (CertificateExtensions) - // ((X509CertImpl)cert).get( - // X509CertInfo.EXTENSIONS); - X509CertInfo info = (X509CertInfo) - ((X509CertImpl) cert).get( - X509CertImpl.NAME + - "." + - X509CertImpl.INFO); - - certExt = (CertificateExtensions) - info.get(CertificateExtensions.NAME); + certExt = (CertificateExtensions) info + .get(CertificateExtensions.NAME); } catch (java.security.cert.CertificateParsingException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); + CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); + CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); } catch (java.security.cert.CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); + CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); } catch (ClassCastException e) { try { X509CRLImpl crl = (X509CRLImpl) obj; - subjectDN = (X500Name) - ((X509CRLImpl) crl).getIssuerDN(); + subjectDN = (X500Name) ((X509CRLImpl) crl).getIssuerDN(); - CMS.debug( - "LdapEnhancedMap: crl issuer dn: " + + CMS.debug("LdapEnhancedMap: crl issuer dn: " + - subjectDN.toString()); + subjectDN.toString()); } catch (ClassCastException ex) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED", - ((req == null) ? "" - : req.getRequestId().toString()))); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED", + ((req == null) ? "" : req.getRequestId().toString()))); return null; } } @@ -277,10 +253,8 @@ public class LdapEnhancedMap for (int i = 0; i < mNumAttrs; i++) { if (mPatterns[i] != null) { - mLdapValues[i] = mPatterns[i].formAVA( - req, - subjectDN, - certExt); + mLdapValues[i] = mPatterns[i].formAVA(req, subjectDN, + certExt); } } @@ -288,27 +262,22 @@ public class LdapEnhancedMap return dn; } catch (ELdapException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_FORM_DN", - ((req == null) ? "" - : req.getRequestId().toString()), e.toString())); - - throw new EBaseException( - "failed to form dn for request: " + - ((req == null) ? "" - : req.getRequestId().toString()) + - " " + e); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_FORM_DN", + ((req == null) ? "" : req.getRequestId().toString()), + e.toString())); + + throw new EBaseException("failed to form dn for request: " + + ((req == null) ? "" : req.getRequestId().toString()) + + " " + e); } } private void createEntry(LDAPConnection conn, String dn) - throws LDAPException { + throws LDAPException { LDAPAttributeSet attrs = new LDAPAttributeSet(); // OID 2.5.6.16 - String caOc[] = { "top", - "person", - "organizationalPerson", + String caOc[] = { "top", "person", "organizationalPerson", "inetOrgPerson" }; DN dnobj = new DN(dn); @@ -319,12 +288,10 @@ public class LdapEnhancedMap attrs.add(new LDAPAttribute("objectclass", caOc)); for (int i = 0; i < mNumAttrs; i++) { - if (mLdapNames[i] != null && - !mLdapNames[i].trim().equals("") && - mLdapValues[i] != null && - !mLdapValues[i].trim().equals("")) { - attrs.add(new LDAPAttribute(mLdapNames[i], - mLdapValues[i])); + if (mLdapNames[i] != null && !mLdapNames[i].trim().equals("") + && mLdapValues[i] != null + && !mLdapValues[i].trim().equals("")) { + attrs.add(new LDAPAttribute(mLdapNames[i], mLdapValues[i])); } } @@ -333,28 +300,23 @@ public class LdapEnhancedMap conn.add(entry); } - ///////////////////////// + // /////////////////////// // ILdapMapper methods // - ///////////////////////// + // /////////////////////// - /** + /** * for initializing from config store. - * - * implementation for extended - * ILdapPlugin interface method + * + * implementation for extended ILdapPlugin interface method */ - public void init(IConfigStore config) - throws EBaseException { + public void init(IConfigStore config) throws EBaseException { mConfig = config; - mDnPattern = mConfig.getString(PROP_DNPATTERN, - DEFAULT_DNPATTERN); + mDnPattern = mConfig.getString(PROP_DNPATTERN, DEFAULT_DNPATTERN); - mCreateEntry = mConfig.getBoolean(PROP_CREATE, - true); + mCreateEntry = mConfig.getBoolean(PROP_CREATE, true); - mNumAttrs = mConfig.getInteger(PROP_ATTRNUM, - 0); + mNumAttrs = mConfig.getInteger(PROP_ATTRNUM, 0); mLdapNames = new String[mNumAttrs]; @@ -362,18 +324,13 @@ public class LdapEnhancedMap mPatterns = new AVAPattern[mNumAttrs]; for (int i = 0; i < mNumAttrs; i++) { - mLdapNames[i] = - mConfig.getString(PROP_ATTR_NAME + - Integer.toString(i), - ""); - - mLdapPatterns[i] = - mConfig.getString(PROP_ATTR_PATTERN + - Integer.toString(i), - ""); - - if (mLdapPatterns[i] != null && - !mLdapPatterns[i].trim().equals("")) { + mLdapNames[i] = mConfig.getString( + PROP_ATTR_NAME + Integer.toString(i), ""); + + mLdapPatterns[i] = mConfig.getString( + PROP_ATTR_PATTERN + Integer.toString(i), ""); + + if (mLdapPatterns[i] != null && !mLdapPatterns[i].trim().equals("")) { mPatterns[i] = new AVAPattern(mLdapPatterns[i]); } } @@ -381,9 +338,8 @@ public class LdapEnhancedMap init(mDnPattern); } - /** - * implementation for extended - * ILdapPlugin interface method + /** + * implementation for extended ILdapPlugin interface method */ public IConfigStore getConfigStore() { return mConfig; @@ -407,34 +363,28 @@ public class LdapEnhancedMap try { if (mDnPattern == null) { v.addElement(PROP_DNPATTERN + "="); - }else { - v.addElement(PROP_DNPATTERN + "=" + - mConfig.getString(PROP_DNPATTERN)); + } else { + v.addElement(PROP_DNPATTERN + "=" + + mConfig.getString(PROP_DNPATTERN)); } - v.addElement(PROP_CREATE + "=" + - mConfig.getBoolean(PROP_CREATE, - true)); + v.addElement(PROP_CREATE + "=" + + mConfig.getBoolean(PROP_CREATE, true)); - v.addElement(PROP_ATTRNUM + "=" + - mConfig.getInteger(PROP_ATTRNUM, - DEFAULT_NUM_ATTRS)); + v.addElement(PROP_ATTRNUM + "=" + + mConfig.getInteger(PROP_ATTRNUM, DEFAULT_NUM_ATTRS)); for (int i = 0; i < mNumAttrs; i++) { if (mLdapNames[i] != null) { - v.addElement(PROP_ATTR_NAME + i + - "=" + mLdapNames[i]); + v.addElement(PROP_ATTR_NAME + i + "=" + mLdapNames[i]); } else { - v.addElement(PROP_ATTR_NAME + i + - "="); + v.addElement(PROP_ATTR_NAME + i + "="); } if (mLdapPatterns[i] != null) { - v.addElement(PROP_ATTR_PATTERN + i + - "=" + mLdapPatterns[i]); + v.addElement(PROP_ATTR_PATTERN + i + "=" + mLdapPatterns[i]); } else { - v.addElement(PROP_ATTR_PATTERN + i + - "="); + v.addElement(PROP_ATTR_PATTERN + i + "="); } } } catch (Exception e) { @@ -444,29 +394,28 @@ public class LdapEnhancedMap } /** - * Maps an X500 subject name to an LDAP entry. - * Uses DN pattern to form a DN for an LDAP base search. + * Maps an X500 subject name to an LDAP entry. Uses DN pattern to form a DN + * for an LDAP base search. * - * @param conn the LDAP connection. - * @param obj the object to map. - * @exception ELdapException if any LDAP exceptions occurred. - */ - public String map(LDAPConnection conn, Object obj) - throws ELdapException { + * @param conn the LDAP connection. + * @param obj the object to map. + * @exception ELdapException if any LDAP exceptions occurred. + */ + public String map(LDAPConnection conn, Object obj) throws ELdapException { return map(conn, null, obj); } /** - * Maps an X500 subject name to an LDAP entry. - * Uses DN pattern to form a DN for an LDAP base search. + * Maps an X500 subject name to an LDAP entry. Uses DN pattern to form a DN + * for an LDAP base search. * - * @param conn the LDAP connection. - * @param req the request to map. - * @param obj the object to map. - * @exception ELdapException if any LDAP exceptions occurred. - */ + * @param conn the LDAP connection. + * @param req the request to map. + * @param obj the object to map. + * @exception ELdapException if any LDAP exceptions occurred. + */ public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { if (conn == null) { return null; } @@ -477,14 +426,14 @@ public class LdapEnhancedMap dn = formDN(req, obj); if (dn == null) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_DN_NOT_FORMED")); + CMS.getLogMessage("PUBLISH_DN_NOT_FORMED")); String s1 = ""; if (req != null) s1 = req.getRequestId().toString(); - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_NO_DN_MATCH", s1)); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_NO_DN_MATCH", s1)); } int scope = LDAPv2.SCOPE_BASE; @@ -493,155 +442,132 @@ public class LdapEnhancedMap // search for entry String[] attrs = new String[] { LDAPv3.NO_ATTRS }; - log(ILogger.LL_INFO, - "searching for dn: " + - dn + " filter:" + - filter + " scope: base"); + log(ILogger.LL_INFO, "searching for dn: " + dn + " filter:" + + filter + " scope: base"); - LDAPSearchResults results = conn.search(dn, - scope, - filter, - attrs, + LDAPSearchResults results = conn.search(dn, scope, filter, attrs, false); LDAPEntry entry = results.next(); if (results.hasMoreElements()) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", - dn + - ((req == null) ? "" - : req.getRequestId().toString()))); - - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", - ((req == null) ? "" - : req.getRequestId().toString()))); + CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", dn + + ((req == null) ? "" : req.getRequestId() + .toString()))); + + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_MORE_THAN_ONE_ENTRY", ((req == null) ? "" + : req.getRequestId().toString()))); } if (entry != null) { return entry.getDN(); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", - dn + - ((req == null) ? "" - : req.getRequestId().toString()))); - - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", - "null entry")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", dn + + ((req == null) ? "" : req.getRequestId() + .toString()))); + + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_NO_MATCH_FOUND", "null entry")); } } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); - } else if (e.getLDAPResultCode() == - LDAPException.NO_SUCH_OBJECT && mCreateEntry) { + throw new ELdapServerDownException(CMS.getUserMessage( + "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); + } else if (e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT + && mCreateEntry) { try { createEntry(conn, dn); - log(ILogger.LL_INFO, - "Entry " + - dn + - " Created"); + log(ILogger.LL_INFO, "Entry " + dn + " Created"); return dn; } catch (LDAPException e1) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", - dn, - e.toString())); + CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", dn, + e.toString())); - log(ILogger.LL_FAILURE, - "Entry is not created. " + - "This may because there are " + - "entries in the directory " + - "hierachy not exit."); + log(ILogger.LL_FAILURE, "Entry is not created. " + + "This may because there are " + + "entries in the directory " + + "hierachy not exit."); - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_CREATE_ENTRY", dn)); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_CREATE_ENTRY", dn)); } } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", - dn, - e.toString())); + CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", dn, + e.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_NO_MATCH_FOUND", e.toString())); } } catch (EBaseException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_EXCEPTION_CAUGHT", - e.toString())); + CMS.getLogMessage("PUBLISH_EXCEPTION_CAUGHT", e.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_NO_MATCH_FOUND", e.toString())); } } - ///////////////////////////////// + // /////////////////////////////// // IExtendedPluginInfo methods // - ///////////////////////////////// + // /////////////////////////////// public String[] getExtendedPluginInfo(Locale locale) { Vector v = new Vector(); - v.addElement(PROP_DNPATTERN + - ";string;Describes how to form the Ldap " + - "Subject name in the directory. " + - "Example 1: 'uid=CertMgr, o=Fedora'. " + - "Example 2: 'uid=$req.HTTP_PARAMS.uid, " + - "E=$ext.SubjectAlternativeName.RFC822Name, " + - "ou=$subj.ou'. " + - "$req means: take the attribute from the " + - "request. " + - "$subj means: take the attribute from the " + - "certificate subject name. " + - "$ext means: take the attribute from the " + - "certificate extension"); - v.addElement(PROP_CREATE + - ";boolean;If checked, An entry will be " + - "created automatically"); - v.addElement(PROP_ATTRNUM + - ";string;How many attributes to add."); - v.addElement(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-mapper-enhancedmapper"); - v.addElement(IExtendedPluginInfo.HELP_TEXT + - ";Describes how to form the LDAP DN of the " + - "entry to publish to"); + v.addElement(PROP_DNPATTERN + ";string;Describes how to form the Ldap " + + "Subject name in the directory. " + + "Example 1: 'uid=CertMgr, o=Fedora'. " + + "Example 2: 'uid=$req.HTTP_PARAMS.uid, " + + "E=$ext.SubjectAlternativeName.RFC822Name, " + + "ou=$subj.ou'. " + "$req means: take the attribute from the " + + "request. " + "$subj means: take the attribute from the " + + "certificate subject name. " + + "$ext means: take the attribute from the " + + "certificate extension"); + v.addElement(PROP_CREATE + ";boolean;If checked, An entry will be " + + "created automatically"); + v.addElement(PROP_ATTRNUM + ";string;How many attributes to add."); + v.addElement(IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ldappublish-mapper-enhancedmapper"); + v.addElement(IExtendedPluginInfo.HELP_TEXT + + ";Describes how to form the LDAP DN of the " + + "entry to publish to"); for (int i = 0; i < MAX_ATTRS; i++) { - v.addElement(PROP_ATTR_NAME + - Integer.toString(i) + - ";string;" + - "The name of LDAP attribute " + - "to be added. e.g. mail"); - v.addElement(PROP_ATTR_PATTERN + - Integer.toString(i) + - ";string;" + - "How to create the LDAP attribute value. " + - "e.g. $req.HTTP_PARAMS.csrRequestorEmail, " + - "$subj.E or " + - "$ext.SubjectAlternativeName.RFC822Name"); + v.addElement(PROP_ATTR_NAME + Integer.toString(i) + ";string;" + + "The name of LDAP attribute " + "to be added. e.g. mail"); + v.addElement(PROP_ATTR_PATTERN + Integer.toString(i) + ";string;" + + "How to create the LDAP attribute value. " + + "e.g. $req.HTTP_PARAMS.csrRequestorEmail, " + + "$subj.E or " + "$ext.SubjectAlternativeName.RFC822Name"); } - String params[] = - com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); + String params[] = com.netscape.cmsutil.util.Utils + .getStringArrayFromVector(v); return params; } - //////////////////// + // ////////////////// // Logger methods // - //////////////////// + // ////////////////// private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapEnhancedMapper: " + msg); + "LdapEnhancedMapper: " + msg); } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java index c08ec8493..212f7237d 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Locale; @@ -45,19 +44,17 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; - -/** - * Maps a request to an entry in the LDAP server. - * Takes a dnPattern to form the baseDN from the request attributes - * and certificate subject name.Do a base search for the entry - * in the directory to publish the cert or crl. - * The restriction of this mapper is that the ldap dn components must - * be part of certificate subject name or request attributes or constant. - * +/** + * Maps a request to an entry in the LDAP server. Takes a dnPattern to form the + * baseDN from the request attributes and certificate subject name.Do a base + * search for the entry in the directory to publish the cert or crl. The + * restriction of this mapper is that the ldap dn components must be part of + * certificate subject name or request attributes or constant. + * * @version $Revision$, $Date$ */ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { - protected static final String PROP_DNPATTERN = "dnPattern"; + protected static final String PROP_DNPATTERN = "dnPattern"; protected String mDnPattern = null; private ILogger mLogger = CMS.getLogger(); @@ -67,28 +64,28 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { /* the subject DN pattern */ protected MapDNPattern mPattern = null; - /* the list of request attriubutes to retrieve*/ + /* the list of request attriubutes to retrieve */ protected String[] mReqAttrs = null; - /* the list of cert attriubutes to retrieve*/ + /* the list of cert attriubutes to retrieve */ protected String[] mCertAttrs = null; /* default dn pattern if left blank or not set in the config */ - public static final String DEFAULT_DNPATTERN = - "UID=$req.HTTP_PARAMS.UID, OU=people, O=$subj.o, C=$subj.c"; + public static final String DEFAULT_DNPATTERN = "UID=$req.HTTP_PARAMS.UID, OU=people, O=$subj.o, C=$subj.c"; - /** + /** * Constructor. - * - * @param dnPattern The base DN. + * + * @param dnPattern The base DN. */ public LdapSimpleMap(String dnPattern) { try { init(dnPattern); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("OPERATION_ERROR", e.toString())); } - + } /** @@ -99,15 +96,16 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { public String[] getExtendedPluginInfo(Locale locale) { String params[] = { - "dnPattern;string;Describes how to form the Ldap Subject name in" + - " the directory. Example 1: 'uid=CertMgr, o=Fedora'. Example 2:" + - " 'uid=$req.HTTP_PARAMS.uid, E=$ext.SubjectAlternativeName.RFC822Name, ou=$subj.ou'. " + - "$req means: take the attribute from the request. " + - "$subj means: take the attribute from the certificate subject name. " + - "$ext means: take the attribute from the certificate extension", - IExtendedPluginInfo.HELP_TOKEN + ";configuration-ldappublish-mapper-simplemapper", - IExtendedPluginInfo.HELP_TEXT + ";Describes how to form the LDAP DN of the entry to publish to" - }; + "dnPattern;string;Describes how to form the Ldap Subject name in" + + " the directory. Example 1: 'uid=CertMgr, o=Fedora'. Example 2:" + + " 'uid=$req.HTTP_PARAMS.uid, E=$ext.SubjectAlternativeName.RFC822Name, ou=$subj.ou'. " + + "$req means: take the attribute from the request. " + + "$subj means: take the attribute from the certificate subject name. " + + "$ext means: take the attribute from the certificate extension", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ldappublish-mapper-simplemapper", + IExtendedPluginInfo.HELP_TEXT + + ";Describes how to form the LDAP DN of the entry to publish to" }; return params; } @@ -116,11 +114,10 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { return mConfig; } - /** + /** * for initializing from config store. */ - public void init(IConfigStore config) - throws EBaseException { + public void init(IConfigStore config) throws EBaseException { mConfig = config; String dnPattern = mConfig.getString(PROP_DNPATTERN); @@ -130,52 +127,51 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { /** * common initialization routine. */ - protected void init(String dnPattern) - throws EBaseException { - if (mInited) + protected void init(String dnPattern) throws EBaseException { + if (mInited) return; mDnPattern = dnPattern; - if (mDnPattern == null || mDnPattern.length() == 0) + if (mDnPattern == null || mDnPattern.length() == 0) mDnPattern = DEFAULT_DNPATTERN; try { mPattern = new MapDNPattern(mDnPattern); String[] mReqAttrs = mPattern.getReqAttrs(); String[] mCertAttrs = mPattern.getCertAttrs(); } catch (ELdapException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT", - dnPattern, e.toString())); - throw new EBaseException("falied to init with pattern " + - dnPattern + " " + e); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT", dnPattern, + e.toString())); + throw new EBaseException("falied to init with pattern " + dnPattern + + " " + e); } mInited = true; } /** - * Maps a X500 subject name to LDAP entry. - * Uses DN pattern to form a DN for a LDAP base search. + * Maps a X500 subject name to LDAP entry. Uses DN pattern to form a DN for + * a LDAP base search. * - * @param conn the LDAP connection. - * @param obj the object to map. + * @param conn the LDAP connection. + * @param obj the object to map. * @exception ELdapException if any LDAP exceptions occured. - */ - public String map(LDAPConnection conn, Object obj) - throws ELdapException { + */ + public String map(LDAPConnection conn, Object obj) throws ELdapException { return map(conn, null, obj); } /** - * Maps a X500 subject name to LDAP entry. - * Uses DN pattern to form a DN for a LDAP base search. + * Maps a X500 subject name to LDAP entry. Uses DN pattern to form a DN for + * a LDAP base search. * - * @param conn the LDAP connection. - * @param req the request to map. - * @param obj the object to map. + * @param conn the LDAP connection. + * @param req the request to map. + * @param obj the object to map. * @exception ELdapException if any LDAP exceptions occured. - */ + */ public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { if (conn == null) return null; String dn = null; @@ -183,13 +179,14 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { try { dn = formDN(req, obj); if (dn == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_NOT_FORMED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_DN_NOT_FORMED")); String s1 = ""; if (req != null) s1 = req.getRequestId().toString(); - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_NO_DN_MATCH", s1)); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_NO_DN_MATCH", s1)); } int scope = LDAPv2.SCOPE_BASE; String filter = "(objectclass=*)"; @@ -198,24 +195,28 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { String[] attrs = new String[] { LDAPv3.NO_ATTRS }; log(ILogger.LL_INFO, "searching for dn: " + dn + " filter:" - + filter + " scope: base"); + + filter + " scope: base"); - LDAPSearchResults results = - conn.search(dn, scope, filter, attrs, false); + LDAPSearchResults results = conn.search(dn, scope, filter, attrs, + false); LDAPEntry entry = results.next(); if (results.hasMoreElements()) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", dn, ((req == null) ? "" : req.getRequestId().toString()))); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", - ((req == null) ? "" : req.getRequestId().toString()))); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "PUBLISH_MORE_THAN_ONE_ENTRY", dn, ((req == null) ? "" + : req.getRequestId().toString()))); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_MORE_THAN_ONE_ENTRY", ((req == null) ? "" + : req.getRequestId().toString()))); } if (entry != null) return entry.getDN(); else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", dn, ((req == null) ? "" : req.getRequestId().toString()))); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", - "null entry")); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "PUBLISH_ENTRY_NOT_FOUND", dn, ((req == null) ? "" + : req.getRequestId().toString()))); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_NO_MATCH_FOUND", "null entry")); } } catch (ELdapException e) { throw e; @@ -224,61 +225,69 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage( + "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "", e.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "", + e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_NO_MATCH_FOUND", e.toString())); } } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_EXCEPTION_CAUGHT", e.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_EXCEPTION_CAUGHT", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_NO_MATCH_FOUND", e.toString())); } } /** * form a dn from component in the request and cert subject name + * * @param req The request * @param obj The certificate or crl */ - private String formDN(IRequest req, Object obj) throws - EBaseException, ELdapException { + private String formDN(IRequest req, Object obj) throws EBaseException, + ELdapException { X500Name subjectDN = null; CertificateExtensions certExt = null; try { X509Certificate cert = (X509Certificate) obj; - subjectDN = - (X500Name) ((X509Certificate) cert).getSubjectDN(); + subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN(); CMS.debug("LdapSimpleMap: cert subject dn:" + subjectDN.toString()); - //certExt = (CertificateExtensions) - // ((X509CertImpl)cert).get(X509CertInfo.EXTENSIONS); - X509CertInfo info = (X509CertInfo) - ((X509CertImpl) cert).get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); - - certExt = (CertificateExtensions) info.get( - CertificateExtensions.NAME); + // certExt = (CertificateExtensions) + // ((X509CertImpl)cert).get(X509CertInfo.EXTENSIONS); + X509CertInfo info = (X509CertInfo) ((X509CertImpl) cert) + .get(X509CertImpl.NAME + "." + X509CertImpl.INFO); + + certExt = (CertificateExtensions) info + .get(CertificateExtensions.NAME); } catch (java.security.cert.CertificateParsingException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); } catch (java.security.cert.CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); } catch (ClassCastException e) { try { X509CRLImpl crl = (X509CRLImpl) obj; - subjectDN = - (X500Name) ((X509CRLImpl) crl).getIssuerDN(); + subjectDN = (X500Name) ((X509CRLImpl) crl).getIssuerDN(); - CMS.debug("LdapSimpleMap: crl issuer dn: " + - subjectDN.toString()); - }catch (ClassCastException ex) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED", + CMS.debug("LdapSimpleMap: crl issuer dn: " + + subjectDN.toString()); + } catch (ClassCastException ex) { + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED", ((req == null) ? "" : req.getRequestId().toString()))); return null; } @@ -289,7 +298,8 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { return dn; } catch (ELdapException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_FORM_DN", - ((req == null) ? "" : req.getRequestId().toString()), e.toString())); + ((req == null) ? "" : req.getRequestId().toString()), + e.toString())); throw e; } } @@ -315,9 +325,9 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { try { if (mDnPattern == null) { v.addElement(PROP_DNPATTERN + "="); - }else { - v.addElement(PROP_DNPATTERN + "=" + - mConfig.getString(PROP_DNPATTERN)); + } else { + v.addElement(PROP_DNPATTERN + "=" + + mConfig.getString(PROP_DNPATTERN)); } } catch (Exception e) { } @@ -326,8 +336,7 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapSimpleMapper: " + msg); + "LdapSimpleMapper: " + msg); } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java index 265030401..41cc5308e 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.io.IOException; import java.io.PushbackReader; import java.io.StringReader; @@ -41,26 +40,28 @@ import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.publish.ECompSyntaxErr; import com.netscape.certsrv.request.IRequest; - /** - * class for parsing a DN pattern used to construct a ldap dn from - * request attributes and cert subject name.<p> + * class for parsing a DN pattern used to construct a ldap dn from request + * attributes and cert subject name. + * <p> + * + * dnpattern is a string representing a ldap dn pattern to formulate from the + * certificate subject name attributes and request attributes . If empty or not + * set, the certificate subject name will be used as the ldap dn. + * <p> * - * dnpattern is a string representing a ldap dn pattern to formulate from - * the certificate subject name attributes and request attributes . - * If empty or not set, the certificate subject name - * will be used as the ldap dn. <p> + * The syntax is * - * The syntax is * <pre> - * dnPattern := rdnPattern *[ "," rdnPattern ] - * rdnPattern := avaPattern *[ "+" avaPattern ] + * dnPattern := rdnPattern *[ "," rdnPattern ] + * rdnPattern := avaPattern *[ "+" avaPattern ] * avaPattern := name "=" value | - * name "=" "$subj" "." attrName [ "." attrNumber ] | - * name "=" "$ext" "." extName [ "." nameType ] [ "." attrNumber ] - * name "=" "$req" "." attrName [ "." attrNumber ] | - * "$rdn" "." number + * name "=" "$subj" "." attrName [ "." attrNumber ] | + * name "=" "$ext" "." extName [ "." nameType ] [ "." attrNumber ] + * name "=" "$req" "." attrName [ "." attrNumber ] | + * "$rdn" "." number * </pre> + * * <pre> * Example1: <i>cn=Certificate Manager,ou=people,o=mcom.com</i> * cert subject name: dn: CN=Certificate Manager, OU=people, O=mcom.com @@ -71,7 +72,7 @@ import com.netscape.certsrv.request.IRequest; * <p> * note: Subordinate ca enrollment will use ca mapper. Use predicate * to distinguish the ca itself and the subordinates. - * + * * Example2: <i>UID=$req.HTTP_PARAMS.uid, OU=$subj.ou, OU=people, , O=mcom.com</i> * cert subject name: dn: UID=jjames, OU=IS, OU=people, , O=mcom.com * request attributes: uid: cmanager @@ -96,10 +97,10 @@ import com.netscape.certsrv.request.IRequest; * O = the string mcom.com. <br> * <p> * </pre> - * If an request attribute or subject DN component does not exist, - * the attribute is skipped. There is potential risk that a wrong dn - * will be mapped into. - * + * + * If an request attribute or subject DN component does not exist, the attribute + * is skipped. There is potential risk that a wrong dn will be mapped into. + * * @version $Revision$, $Date$ */ class MapAVAPattern { @@ -111,34 +112,29 @@ class MapAVAPattern { public static final String TYPE_RDN = "$rdn"; public static final String TYPE_CONSTANT = "constant"; - public static final String[] GENERAL_NAME_TYPE = { "ANY", - "RFC822Name", - "DNSName", - "X400Name", - "DIRECTORYName", - "EDIName", - "URIName", - "IPAddress", - "OIDName"}; + public static final String[] GENERAL_NAME_TYPE = { "ANY", "RFC822Name", + "DNSName", "X400Name", "DIRECTORYName", "EDIName", "URIName", + "IPAddress", "OIDName" }; private static final char[] endChars = new char[] { '+', ',' }; - private static final LdapV3DNStrConverter mLdapDNStrConverter = - new LdapV3DNStrConverter(); + private static final LdapV3DNStrConverter mLdapDNStrConverter = new LdapV3DNStrConverter(); - /* the list of request attributes needed by this AVA */ + /* the list of request attributes needed by this AVA */ protected String[] mReqAttrs = null; - /* the list of cert attributes needed by this AVA*/ + /* the list of cert attributes needed by this AVA */ protected String[] mCertAttrs = null; /* value type */ protected String mType = null; /* the attribute in the AVA pair */ - protected String mAttr = null; + protected String mAttr = null; - /* value - could be name of a request attribute or - * cert subject dn attribute. */ + /* + * value - could be name of a request attribute or cert subject dn + * attribute. + */ protected String mValue = null; /* value type - general name type of an extension attribute if any. */ @@ -152,192 +148,202 @@ class MapAVAPattern { protected String mTestDN = null; - public MapAVAPattern(String component) - throws ELdapException { - if (component == null || component.length() == 0) - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", component)); + public MapAVAPattern(String component) throws ELdapException { + if (component == null || component.length() == 0) + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", component)); parse(new PushbackReader(new StringReader(component))); } - public MapAVAPattern(PushbackReader in) - throws ELdapException { + public MapAVAPattern(PushbackReader in) throws ELdapException { parse(in); } - private void parse(PushbackReader in) - throws ELdapException { + private void parse(PushbackReader in) throws ELdapException { int c; // mark ava beginning. // skip spaces - //System.out.println("============ AVAPattern Begin ==========="); - //System.out.println("skip spaces"); + // System.out.println("============ AVAPattern Begin ==========="); + // System.out.println("skip spaces"); try { - while ((c = in.read()) == ' ' || c == '\t') {//System.out.println("spaces read "+(char)c); + while ((c = in.read()) == ' ' || c == '\t') {// System.out.println("spaces read "+(char)c); ; } } catch (IOException e) { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank")); + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank")); } - if (c == -1) - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank")); + if (c == -1) + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank")); - // $rdn "." number syntax. + // $rdn "." number syntax. if (c == '$') { - //System.out.println("$rdn syntax"); + // System.out.println("$rdn syntax"); mType = TYPE_RDN; try { - if (in.read() != 'r' || - in.read() != 'd' || - in.read() != 'n' || - in.read() != '.') - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn")); + if (in.read() != 'r' || in.read() != 'd' || in.read() != 'n' + || in.read() != '.') + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "Invalid $ syntax, expecting $rdn")); } catch (IOException e) { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn")); + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "Invalid $ syntax, expecting $rdn")); } StringBuffer rdnNumberBuf = new StringBuffer(); try { while ((c = in.read()) != ',' && c != -1 && c != '+') { - //System.out.println("rdnNumber read "+(char)c); + // System.out.println("rdnNumber read "+(char)c); rdnNumberBuf.append((char) c); } if (c != -1) // either ',' or '+' in.unread(c); } catch (IOException e) { - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_INTERNAL_ERROR", e.toString())); } String rdnNumber = rdnNumberBuf.toString().trim(); - if (rdnNumber.length() == 0) - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "$rdn number not set in ava pattern")); + if (rdnNumber.length() == 0) + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "$rdn number not set in ava pattern")); try { mElement = Integer.parseInt(rdnNumber) - 1; } catch (NumberFormatException e) { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $rdn number in ava pattern")); + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "Invalid $rdn number in ava pattern")); } return; } - // name "=" ... syntax. + // name "=" ... syntax. - // read name - //System.out.println("reading name"); + // read name + // System.out.println("reading name"); - StringBuffer attrBuf = new StringBuffer(); + StringBuffer attrBuf = new StringBuffer(); try { while (c != '=' && c != -1 && c != ',' && c != '+') { attrBuf.append((char) c); c = in.read(); - //System.out.println("name read "+(char)c); - } - if (c == ',' || c == '+') + // System.out.println("name read "+(char)c); + } + if (c == ',' || c == '+') in.unread(c); } catch (IOException e) { - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_INTERNAL_ERROR", e.toString())); } if (c != '=') - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Missing \"=\" in ava pattern")); + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "Missing \"=\" in ava pattern")); - // read value - //System.out.println("reading value"); + // read value + // System.out.println("reading value"); - // skip spaces - //System.out.println("skip spaces for value"); + // skip spaces + // System.out.println("skip spaces for value"); try { - while ((c = in.read()) == ' ' || c == '\t') {//System.out.println("spaces2 read "+(char)c); + while ((c = in.read()) == ' ' || c == '\t') {// System.out.println("spaces2 read "+(char)c); ; } } catch (IOException e) { - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_INTERNAL_ERROR", e.toString())); } - if (c == -1) - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "no value after = in ava pattern")); + if (c == -1) + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "no value after = in ava pattern")); if (c == '$') { - // check for $subj $ext or $req + // check for $subj $ext or $req try { c = in.read(); - //System.out.println("check $dn or $attr read "+(char)c); + // System.out.println("check $dn or $attr read "+(char)c); } catch (IOException e) { - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_INTERNAL_ERROR", e.toString())); } - if (c == -1) - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "expecting $subj or $req in ava pattern")); + if (c == -1) + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "expecting $subj or $req in ava pattern")); if (c == 'r') { try { - if (in.read() != 'e' || - in.read() != 'q' || - in.read() != '.') - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "expecting $req in ava pattern")); + if (in.read() != 'e' || in.read() != 'q' + || in.read() != '.') + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "expecting $req in ava pattern")); } catch (IOException e) { - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_INTERNAL_ERROR", e.toString())); } mType = TYPE_REQ; - //System.out.println("---- mtype $req"); + // System.out.println("---- mtype $req"); } else if (c == 's') { try { - if (in.read() != 'u' || - in.read() != 'b' || - in.read() != 'j' || - in.read() != '.') - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "expecting $subj in ava pattern")); + if (in.read() != 'u' || in.read() != 'b' + || in.read() != 'j' || in.read() != '.') + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "expecting $subj in ava pattern")); } catch (IOException e) { - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_INTERNAL_ERROR", e.toString())); } mType = TYPE_SUBJ; - //System.out.println("----- mtype $subj"); + // System.out.println("----- mtype $subj"); } else if (c == 'e') { try { - if (in.read() != 'x' || - in.read() != 't' || - in.read() != '.') - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "expecting $ext in ava pattern")); + if (in.read() != 'x' || in.read() != 't' + || in.read() != '.') + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "expecting $ext in ava pattern")); } catch (IOException e) { - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_INTERNAL_ERROR", e.toString())); } mType = TYPE_EXT; - //System.out.println("----- mtype $ext"); + // System.out.println("----- mtype $ext"); } else { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "unknown keyword. expecting $subj $ext or $req.")); + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "unknown keyword. expecting $subj $ext or $req.")); } - // get request attr name of subject dn pattern from above. + // get request attr name of subject dn pattern from above. String attrName = attrBuf.toString().trim(); - //System.out.println("----- attrName "+attrName); - if (attrName.length() == 0) - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "attribute name expected")); - mAttr = attrName; + // System.out.println("----- attrName "+attrName); + if (attrName.length() == 0) + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "attribute name expected")); + mAttr = attrName; /* - try { - ObjectIdentifier attrOid = - mLdapDNStrConverter.parseAVAKeyword(attrName); - mAttr = mLdapDNStrConverter.encodeOID(attrOid); - //System.out.println("----- mAttr "+mAttr); - } - catch (IOException e) { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.toString())); - } + * try { ObjectIdentifier attrOid = + * mLdapDNStrConverter.parseAVAKeyword(attrName); mAttr = + * mLdapDNStrConverter.encodeOID(attrOid); + * //System.out.println("----- mAttr "+mAttr); } catch (IOException + * e) { throw new ECompSyntaxErr(CMS.getUserMessage( + * "CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.toString())); } */ // get request attribute or cert subject dn attribute @@ -345,45 +351,47 @@ class MapAVAPattern { StringBuffer valueBuf = new StringBuffer(); try { - while ((c = in.read()) != ',' && - c != -1 && c != '.' && c != '+') { - //System.out.println("mValue read "+(char)c); + while ((c = in.read()) != ',' && c != -1 && c != '.' + && c != '+') { + // System.out.println("mValue read "+(char)c); valueBuf.append((char) c); } if (c == '+' || c == ',') // either ',' or '+' - in.unread(c); // pushback last , or + + in.unread(c); // pushback last , or + } catch (IOException e) { - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_INTERNAL_ERROR", e.toString())); } mValue = valueBuf.toString().trim(); - if (mValue.length() == 0) - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "$subj or $req attribute name expected")); - //System.out.println("----- mValue "+mValue); + if (mValue.length() == 0) + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "$subj or $req attribute name expected")); + // System.out.println("----- mValue "+mValue); - // get nth dn xxx not nth request attribute . + // get nth dn xxx not nth request attribute . if (c == '.') { StringBuffer attrNumberBuf = new StringBuffer(); try { while ((c = in.read()) != ',' && c != -1 && c != '.' - && c != '+') { - //System.out.println("mElement read "+(char)c); + && c != '+') { + // System.out.println("mElement read "+(char)c); attrNumberBuf.append((char) c); } - if (c == ',' || c == '+') // either ',' or '+' - in.unread(c); // pushback last , or + + if (c == ',' || c == '+') // either ',' or '+' + in.unread(c); // pushback last , or + } catch (IOException e) { - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_INTERNAL_ERROR", e.toString())); } String attrNumber = attrNumberBuf.toString().trim(); - if (attrNumber.length() == 0) - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "nth element $req $ext or $subj expected")); + if (attrNumber.length() == 0) + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "nth element $req $ext or $subj expected")); try { mElement = Integer.parseInt(attrNumber) - 1; } catch (NumberFormatException e) { @@ -392,87 +400,93 @@ class MapAVAPattern { mValue = attrNumber; } else if (TYPE_EXT.equals(mType)) { mGNType = attrNumber; - } else - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "Invalid format in nth element $req $ext or $subj")); + } else + throw new ECompSyntaxErr( + CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "Invalid format in nth element $req $ext or $subj")); - // get nth request attribute . + // get nth request attribute . if (c == '.') { StringBuffer attrNumberBuf1 = new StringBuffer(); try { - while ((c = in.read()) != ',' && c != -1 && c != '+') { - //System.out.println("mElement read "+(char)c); + while ((c = in.read()) != ',' && c != -1 + && c != '+') { + // System.out.println("mElement read "+(char)c); attrNumberBuf1.append((char) c); } if (c != -1) // either ',' or '+' - in.unread(c); // pushback last , or + + in.unread(c); // pushback last , or + } catch (IOException ex) { - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", ex.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_INTERNAL_ERROR", ex.toString())); } String attrNumber1 = attrNumberBuf1.toString().trim(); - if (attrNumber1.length() == 0) - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "nth element $req expected")); - try { - mElement = Integer.parseInt(attrNumber1) - 1; + if (attrNumber1.length() == 0) + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "nth element $req expected")); + try { + mElement = Integer.parseInt(attrNumber1) - 1; } catch (NumberFormatException ex) { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "Invalid format in nth element $req.")); - + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "Invalid format in nth element $req.")); + } } } } - //System.out.println("----- mElement "+mElement); + // System.out.println("----- mElement "+mElement); } else { // value is constant. treat as regular ava. mType = TYPE_CONSTANT; - //System.out.println("----- mType constant"); - // parse ava value. + // System.out.println("----- mType constant"); + // parse ava value. StringBuffer valueBuf = new StringBuffer(); valueBuf.append((char) c); // read forward to get attribute value try { - while ((c = in.read()) != ',' && - c != -1) { + while ((c = in.read()) != ',' && c != -1) { valueBuf.append((char) c); } if (c == '+' || c == ',') { // either ',' or '+' - in.unread(c); // pushback last , or + + in.unread(c); // pushback last , or + } } catch (IOException e) { - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_INTERNAL_ERROR", e.toString())); } - try { - AVA ava = mLdapDNStrConverter.parseAVA(attrBuf + "=" + valueBuf); + try { + AVA ava = mLdapDNStrConverter + .parseAVA(attrBuf + "=" + valueBuf); mValue = ava.toLdapDNString(); - //System.out.println("----- mValue "+mValue); + // System.out.println("----- mValue "+mValue); } catch (IOException e) { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.toString())); + throw new ECompSyntaxErr(CMS.getUserMessage( + "CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.toString())); } } } - public String formAVA(IRequest req, X500Name subject, CertificateExtensions extensions) - throws ELdapException { + public String formAVA(IRequest req, X500Name subject, + CertificateExtensions extensions) throws ELdapException { if (TYPE_CONSTANT.equals(mType)) return mValue; if (TYPE_RDN.equals(mType)) { String dn = subject.toString(); - if (mTestDN != null) + if (mTestDN != null) dn = mTestDN; - //System.out.println("AVAPattern Using dn "+mTestDN); + // System.out.println("AVAPattern Using dn "+mTestDN); String[] rdns = LDAPDN.explodeDN(dn, false); - if (mElement >= rdns.length) + if (mElement >= rdns.length) return null; return rdns[mElement]; } @@ -480,9 +494,9 @@ class MapAVAPattern { if (TYPE_SUBJ.equals(mType)) { String dn = subject.toString(); - if (mTestDN != null) + if (mTestDN != null) dn = mTestDN; - //System.out.println("AVAPattern Using dn "+mTestDN); + // System.out.println("AVAPattern Using dn "+mTestDN); String[] rdns = LDAPDN.explodeDN(dn, false); String value = null; int nFound = -1; @@ -493,19 +507,17 @@ class MapAVAPattern { for (int j = 0; j < avas.length; j++) { String[] exploded = explodeAVA(avas[j]); - if (exploded[0].equalsIgnoreCase(mValue) && - ++nFound == mElement) { + if (exploded[0].equalsIgnoreCase(mValue) + && ++nFound == mElement) { value = exploded[1]; break; } } } if (value == null) { - CMS.debug( - "MapAVAPattern: attr " + mAttr + - " not formed from: cert subject " + - dn + - "-- no subject component : " + mValue); + CMS.debug("MapAVAPattern: attr " + mAttr + + " not formed from: cert subject " + dn + + "-- no subject component : " + mValue); return null; } return mAttr + "=" + value; @@ -514,40 +526,41 @@ class MapAVAPattern { if (TYPE_EXT.equals(mType)) { if (extensions != null) { for (int i = 0; i < extensions.size(); i++) { - Extension ext = (Extension) - extensions.elementAt(i); + Extension ext = (Extension) extensions.elementAt(i); String extName = OIDMap.getName(ext.getExtensionId()); int index = extName.lastIndexOf("."); if (index != -1) extName = extName.substring(index + 1); - if ( - extName.equals(mValue)) { + if (extName.equals(mValue)) { // Check the extensions one by one. // For now, just give subjectAltName as an example. - if - (mValue.equalsIgnoreCase(SubjectAlternativeNameExtension.NAME)) { + if (mValue + .equalsIgnoreCase(SubjectAlternativeNameExtension.NAME)) { try { - GeneralNames subjectNames = (GeneralNames) - ((SubjectAlternativeNameExtension) ext).get(SubjectAlternativeNameExtension.SUBJECT_NAME); + GeneralNames subjectNames = (GeneralNames) ((SubjectAlternativeNameExtension) ext) + .get(SubjectAlternativeNameExtension.SUBJECT_NAME); if (subjectNames.size() == 0) break; int j = 0; - for (Enumeration n = subjectNames.elements(); n.hasMoreElements();) { - GeneralName gn = (GeneralName) n.nextElement(); + for (Enumeration n = subjectNames.elements(); n + .hasMoreElements();) { + GeneralName gn = (GeneralName) n + .nextElement(); String gname = gn.toString(); index = gname.indexOf(":"); - if (index == -1) break; + if (index == -1) + break; String gType = gname.substring(0, index); if (mGNType != null) { if (mGNType.equalsIgnoreCase(gType)) { if (mElement == j) { - gname = - gname.substring(index + 2); + gname = gname + .substring(index + 2); return mAttr + "=" + gname; } else { j++; @@ -555,25 +568,22 @@ class MapAVAPattern { } } else { if (mElement == j) { - gname = - gname.substring(index + 2); + gname = gname.substring(index + 2); return mAttr + "=" + gname; } j++; } } - } catch (IOException e) { - CMS.debug( - "MapAVAPattern: Publishing attr not formed from extension." + - "-- no attr : " + mValue); + } catch (IOException e) { + CMS.debug("MapAVAPattern: Publishing attr not formed from extension." + + "-- no attr : " + mValue); } } } } } - CMS.debug( - "MapAVAPattern: Publishing:attr not formed from extension " + - "-- no attr : " + mValue); + CMS.debug("MapAVAPattern: Publishing:attr not formed from extension " + + "-- no attr : " + mValue); return null; } @@ -582,9 +592,8 @@ class MapAVAPattern { // mPrefix and mValue are looked up case-insensitive String reqAttr = req.getExtDataInString(mPrefix, mValue); if (reqAttr == null) { - throw new - ELdapException(CMS.getUserMessage("CMS_LDAP_NO_REQUEST", - mValue, mAttr)); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_NO_REQUEST", mValue, mAttr)); } return mAttr + "=" + reqAttr; } @@ -607,20 +616,19 @@ class MapAVAPattern { } /** - * Explode RDN into AVAs. - * Does not handle escaped '+' - * Java ldap library does not yet support multiple avas per rdn. - * If RDN is malformed returns empty array. + * Explode RDN into AVAs. Does not handle escaped '+' Java ldap library does + * not yet support multiple avas per rdn. If RDN is malformed returns empty + * array. */ public static String[] explodeRDN(String rdn) { int plus = rdn.indexOf('+'); - if (plus == -1) + if (plus == -1) return new String[] { rdn }; Vector avas = new Vector(); StringTokenizer token = new StringTokenizer(rdn, "+"); - while (token.hasMoreTokens()) + while (token.hasMoreTokens()) avas.addElement(token.nextToken()); String[] theAvas = new String[avas.size()]; @@ -629,17 +637,15 @@ class MapAVAPattern { } /** - * Explode AVA into name and value. - * Does not handle escaped '=' - * If AVA is malformed empty array is returned. + * Explode AVA into name and value. Does not handle escaped '=' If AVA is + * malformed empty array is returned. */ public static String[] explodeAVA(String ava) { int equals = ava.indexOf('='); - if (equals == -1) + if (equals == -1) return null; - return new String[] { - ava.substring(0, equals).trim(), ava.substring(equals + 1).trim()}; + return new String[] { ava.substring(0, equals).trim(), + ava.substring(equals + 1).trim() }; } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java index 547e370ad..090547bcc 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.io.IOException; import java.io.PushbackReader; import java.io.StringReader; @@ -31,25 +30,27 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.request.IRequest; - /** - * class for parsing a DN pattern used to construct a ldap dn from - * request attributes and cert subject name.<p> + * class for parsing a DN pattern used to construct a ldap dn from request + * attributes and cert subject name. + * <p> * - * dnpattern is a string representing a ldap dn pattern to formulate from - * the certificate subject name attributes and request attributes . - * If empty or not set, the certificate subject name - * will be used as the ldap dn. <p> + * dnpattern is a string representing a ldap dn pattern to formulate from the + * certificate subject name attributes and request attributes . If empty or not + * set, the certificate subject name will be used as the ldap dn. + * <p> + * + * The syntax is * - * The syntax is * <pre> - * dnPattern := rdnPattern *[ "," rdnPattern ] - * rdnPattern := avaPattern *[ "+" avaPattern ] + * dnPattern := rdnPattern *[ "," rdnPattern ] + * rdnPattern := avaPattern *[ "+" avaPattern ] * avaPattern := name "=" value | - * name "=" "$subj" "." attrName [ "." attrNumber ] | - * name "=" "$req" "." attrName [ "." attrNumber ] | - * "$rdn" "." number + * name "=" "$subj" "." attrName [ "." attrNumber ] | + * name "=" "$req" "." attrName [ "." attrNumber ] | + * "$rdn" "." number * </pre> + * * <pre> * Example1: <i>cn=Certificate Manager,ou=people,o=mcom.com</i> * cert subject name: dn: CN=Certificate Manager, OU=people, O=mcom.com @@ -60,7 +61,7 @@ import com.netscape.certsrv.request.IRequest; * <p> * note: Subordinate ca enrollment will use ca mapper. Use predicate * to distinguish the ca itself and the subordinates. - * + * * Example2: <i>UID=$req.HTTP_PARAMS.uid, OU=$subj.ou, O=people, , O=mcom.com</i> * cert subject name: dn: UID=jjames, OU=IS, O=people, , O=mcom.com * request attributes: uid: cmanager @@ -73,18 +74,18 @@ import com.netscape.certsrv.request.IRequest; * O = the string people, mcom.com. <br> * <p> * </pre> - * If an request attribute or subject DN component does not exist, - * the attribute is skipped. There is potential risk that a wrong dn - * will be mapped into. - * + * + * If an request attribute or subject DN component does not exist, the attribute + * is skipped. There is potential risk that a wrong dn will be mapped into. + * * @version $Revision$, $Date$ */ public class MapDNPattern { - /* the list of request attriubutes to retrieve*/ + /* the list of request attriubutes to retrieve */ protected String[] mReqAttrs = null; - /* the list of cert attriubutes to retrieve*/ + /* the list of cert attriubutes to retrieve */ protected String[] mCertAttrs = null; /* rdn patterns */ @@ -95,16 +96,15 @@ public class MapDNPattern { protected String mTestDN = null; - /** + /** * Construct a DN pattern by parsing a pattern string. + * * @param pattern the DN pattern - * @exception EBaseException If parsing error occurs. + * @exception EBaseException If parsing error occurs. */ - public MapDNPattern(String pattern) - throws ELdapException { + public MapDNPattern(String pattern) throws ELdapException { if (pattern == null || pattern.equals("")) { - CMS.debug( - "MapDNPattern: null pattern"); + CMS.debug("MapDNPattern: null pattern"); } else { mPatternString = pattern; PushbackReader in = new PushbackReader(new StringReader(pattern)); @@ -113,13 +113,11 @@ public class MapDNPattern { } } - public MapDNPattern(PushbackReader in) - throws ELdapException { + public MapDNPattern(PushbackReader in) throws ELdapException { parse(in); } - private void parse(PushbackReader in) - throws ELdapException { + private void parse(PushbackReader in) throws ELdapException { Vector rdnPatterns = new Vector(); MapRDNPattern rdnPattern = null; int lastChar = -1; @@ -130,11 +128,10 @@ public class MapDNPattern { try { lastChar = in.read(); } catch (IOException e) { - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_INTERNAL_ERROR", e.toString())); } - } - while (lastChar == ','); + } while (lastChar == ','); mRDNPatterns = new MapRDNPattern[rdnPatterns.size()]; rdnPatterns.copyInto(mRDNPatterns); @@ -144,8 +141,8 @@ public class MapDNPattern { for (int i = 0; i < mRDNPatterns.length; i++) { String[] rdnAttrs = mRDNPatterns[i].getReqAttrs(); - if (rdnAttrs != null && rdnAttrs.length > 0) - for (int j = 0; j < rdnAttrs.length; j++) + if (rdnAttrs != null && rdnAttrs.length > 0) + for (int j = 0; j < rdnAttrs.length; j++) reqAttrs.addElement(rdnAttrs[j]); } mReqAttrs = new String[reqAttrs.size()]; @@ -156,8 +153,8 @@ public class MapDNPattern { for (int i = 0; i < mRDNPatterns.length; i++) { String[] rdnAttrs = mRDNPatterns[i].getCertAttrs(); - if (rdnAttrs != null && rdnAttrs.length > 0) - for (int j = 0; j < rdnAttrs.length; j++) + if (rdnAttrs != null && rdnAttrs.length > 0) + for (int j = 0; j < rdnAttrs.length; j++) certAttrs.addElement(rdnAttrs[j]); } mCertAttrs = new String[certAttrs.size()]; @@ -166,12 +163,13 @@ public class MapDNPattern { /** * Form a Ldap v3 DN string from a request and a cert subject name. + * * @param req the request for (un)publish * @param subject the subjectDN of the certificate - * @return Ldap v3 DN string to use for base ldap search. + * @return Ldap v3 DN string to use for base ldap search. */ - public String formDN(IRequest req, X500Name subject, CertificateExtensions ext) - throws ELdapException { + public String formDN(IRequest req, X500Name subject, + CertificateExtensions ext) throws ELdapException { StringBuffer formedDN = new StringBuffer(); for (int i = 0; i < mRDNPatterns.length; i++) { @@ -180,11 +178,11 @@ public class MapDNPattern { String rdn = mRDNPatterns[i].formRDN(req, subject, ext); if (rdn != null && rdn.length() != 0) { - if (formedDN.length() != 0) - formedDN.append(","); - formedDN.append(rdn); + if (formedDN.length() != 0) + formedDN.append(","); + formedDN.append(rdn); } else { - throw new ELdapException("pattern not matched"); + throw new ELdapException("pattern not matched"); } } return formedDN.toString(); @@ -198,4 +196,3 @@ public class MapDNPattern { return (String[]) mCertAttrs.clone(); } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java index 3720d02dd..87ca5d2d0 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.io.IOException; import java.io.PushbackReader; import java.io.StringReader; @@ -30,25 +29,27 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.request.IRequest; - /** - * class for parsing a DN pattern used to construct a ldap dn from - * request attributes and cert subject name.<p> + * class for parsing a DN pattern used to construct a ldap dn from request + * attributes and cert subject name. + * <p> * - * dnpattern is a string representing a ldap dn pattern to formulate from - * the certificate subject name attributes and request attributes . - * If empty or not set, the certificate subject name - * will be used as the ldap dn. <p> + * dnpattern is a string representing a ldap dn pattern to formulate from the + * certificate subject name attributes and request attributes . If empty or not + * set, the certificate subject name will be used as the ldap dn. + * <p> + * + * The syntax is * - * The syntax is * <pre> - * dnPattern := rdnPattern *[ "," rdnPattern ] - * rdnPattern := avaPattern *[ "+" avaPattern ] + * dnPattern := rdnPattern *[ "," rdnPattern ] + * rdnPattern := avaPattern *[ "+" avaPattern ] * avaPattern := name "=" value | - * name "=" "$subj" "." attrName [ "." attrNumber ] | - * name "=" "$req" "." attrName [ "." attrNumber ] | - * "$rdn" "." number + * name "=" "$subj" "." attrName [ "." attrNumber ] | + * name "=" "$req" "." attrName [ "." attrNumber ] | + * "$rdn" "." number * </pre> + * * <pre> * Example1: <i>cn=Certificate Manager,ou=people,o=mcom.com</i> * cert subject name: dn: CN=Certificate Manager, OU=people, O=mcom.com @@ -59,7 +60,7 @@ import com.netscape.certsrv.request.IRequest; * <p> * note: Subordinate ca enrollment will use ca mapper. Use predicate * to distinguish the ca itself and the subordinates. - * + * * Example2: <i>UID=$req.HTTP_PARAMS.uid, OU=$subj.ou, O=people, , O=mcom.com</i> * cert subject name: dn: UID=jjames, OU=IS, O=people, , O=mcom.com * request attributes: uid: cmanager @@ -72,18 +73,18 @@ import com.netscape.certsrv.request.IRequest; * O = the string people, mcom.com. <br> * <p> * </pre> - * If an request attribute or subject DN component does not exist, - * the attribute is skipped.There is potential risk that a wrong dn - * will be mapped into. - * + * + * If an request attribute or subject DN component does not exist, the attribute + * is skipped.There is potential risk that a wrong dn will be mapped into. + * * @version $Revision$, $Date$ */ class MapRDNPattern { - /* the list of request attributes needed by this RDN */ + /* the list of request attributes needed by this RDN */ protected String[] mReqAttrs = null; - /* the list of cert attributes needed by this RDN */ + /* the list of cert attributes needed by this RDN */ protected String[] mCertAttrs = null; /* AVA patterns */ @@ -94,16 +95,15 @@ class MapRDNPattern { protected String mTestDN = null; - /** + /** * Construct a DN pattern by parsing a pattern string. + * * @param pattenr the DN pattern - * @exception ELdapException If parsing error occurs. + * @exception ELdapException If parsing error occurs. */ - public MapRDNPattern(String pattern) - throws ELdapException { + public MapRDNPattern(String pattern) throws ELdapException { if (pattern == null || pattern.equals("")) { - CMS.debug( - "MapDNPattern: null pattern"); + CMS.debug("MapDNPattern: null pattern"); } else { mPatternString = pattern; PushbackReader in = new PushbackReader(new StringReader(pattern)); @@ -113,16 +113,14 @@ class MapRDNPattern { } /** - * Construct a DN pattern from a input stream of pattern + * Construct a DN pattern from a input stream of pattern */ - public MapRDNPattern(PushbackReader in) - throws ELdapException { + public MapRDNPattern(PushbackReader in) throws ELdapException { parse(in); } - private void parse(PushbackReader in) - throws ELdapException { - //System.out.println("_________ begin rdn _________"); + private void parse(PushbackReader in) throws ELdapException { + // System.out.println("_________ begin rdn _________"); Vector avaPatterns = new Vector(); MapAVAPattern avaPattern = null; int lastChar; @@ -130,26 +128,25 @@ class MapRDNPattern { do { avaPattern = new MapAVAPattern(in); avaPatterns.addElement(avaPattern); - //System.out.println("added AVAPattern"+ - //" mType "+avaPattern.mType+ - //" mAttr "+avaPattern.mAttr+ - //" mValue "+avaPattern.mValue+ - //" mElement "+avaPattern.mElement); - try { - lastChar = in.read(); + // System.out.println("added AVAPattern"+ + // " mType "+avaPattern.mType+ + // " mAttr "+avaPattern.mAttr+ + // " mValue "+avaPattern.mValue+ + // " mElement "+avaPattern.mElement); + try { + lastChar = in.read(); } catch (IOException e) { - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_INTERNAL_ERROR", e.toString())); } - } - while (lastChar == '+'); + } while (lastChar == '+'); if (lastChar != -1) { try { - in.unread(lastChar); // pushback last , + in.unread(lastChar); // pushback last , } catch (IOException e) { - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_INTERNAL_ERROR", e.toString())); } } @@ -161,7 +158,7 @@ class MapRDNPattern { for (int i = 0; i < mAVAPatterns.length; i++) { String avaAttr = mAVAPatterns[i].getReqAttr(); - if (avaAttr == null || avaAttr.length() == 0) + if (avaAttr == null || avaAttr.length() == 0) continue; reqAttrs.addElement(avaAttr); } @@ -173,7 +170,7 @@ class MapRDNPattern { for (int i = 0; i < mAVAPatterns.length; i++) { String avaAttr = mAVAPatterns[i].getCertAttr(); - if (avaAttr == null || avaAttr.length() == 0) + if (avaAttr == null || avaAttr.length() == 0) continue; certAttrs.addElement(avaAttr); } @@ -183,16 +180,17 @@ class MapRDNPattern { /** * Form a Ldap v3 DN string from a request and a cert subject name. + * * @param req the request for (un)publish * @param subject the subjectDN of the certificate - * @return Ldap v3 DN string to use for base ldap search. + * @return Ldap v3 DN string to use for base ldap search. */ - public String formRDN(IRequest req, X500Name subject, CertificateExtensions ext) - throws ELdapException { + public String formRDN(IRequest req, X500Name subject, + CertificateExtensions ext) throws ELdapException { StringBuffer formedRDN = new StringBuffer(); for (int i = 0; i < mAVAPatterns.length; i++) { - if (mTestDN != null) + if (mTestDN != null) mAVAPatterns[i].mTestDN = mTestDN; String ava = mAVAPatterns[i].formAVA(req, subject, ext); @@ -202,7 +200,7 @@ class MapRDNPattern { formedRDN.append(ava); } } - //System.out.println("formed RDN "+formedRDN.toString()); + // System.out.println("formed RDN "+formedRDN.toString()); return formedRDN.toString(); } diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/NoMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/NoMap.java index b1d109020..4b15a5abd 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/NoMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/NoMap.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; - import java.util.Locale; import java.util.Vector; @@ -30,10 +29,9 @@ import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; - -/** +/** * No Map - * + * * @version $Revision$, $Date$ */ public class NoMap implements ILdapMapper, IExtendedPluginInfo { @@ -48,40 +46,39 @@ public class NoMap implements ILdapMapper, IExtendedPluginInfo { public String[] getExtendedPluginInfo(Locale locale) { String params[] = { - IExtendedPluginInfo.HELP_TOKEN + ";configuration-ldappublish-mapper-simplemapper", - IExtendedPluginInfo.HELP_TEXT + ";Describes how to form the name of the entry to publish to" - }; + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ldappublish-mapper-simplemapper", + IExtendedPluginInfo.HELP_TEXT + + ";Describes how to form the name of the entry to publish to" }; return params; } public IConfigStore getConfigStore() { - return mConfig; + return mConfig; } - /** + /** * for initializing from config store. */ - public void init(IConfigStore config) - throws EBaseException { + public void init(IConfigStore config) throws EBaseException { mConfig = config; } /** - * Maps a X500 subject name to LDAP entry. - * Uses DN pattern to form a DN for a LDAP base search. + * Maps a X500 subject name to LDAP entry. Uses DN pattern to form a DN for + * a LDAP base search. * - * @param conn the LDAP connection. - * @param obj the object to map. + * @param conn the LDAP connection. + * @param obj the object to map. * @exception ELdapException if any LDAP exceptions occured. - */ - public String map(LDAPConnection conn, Object obj) - throws ELdapException { + */ + public String map(LDAPConnection conn, Object obj) throws ELdapException { return null; } public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { return null; } |