diff options
author | awnuk <awnuk@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-02-24 23:49:42 +0000 |
---|---|---|
committer | awnuk <awnuk@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-02-24 23:49:42 +0000 |
commit | 038c6ef0d6adfcf488ff9146daec271b2f05c450 (patch) | |
tree | b0b9d3186b85516d2261cb3ea346b7d3a7ea640c /pki/base/common/src/com/netscape/cms/publish | |
parent | 204c0d68151a7008ff579605623b7a5bf280fdb2 (diff) | |
download | pki-038c6ef0d6adfcf488ff9146daec271b2f05c450.tar.gz pki-038c6ef0d6adfcf488ff9146daec271b2f05c450.tar.xz pki-038c6ef0d6adfcf488ff9146daec271b2f05c450.zip |
Fixed bugzilla bug #449857.
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@240 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/publish')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java index ae111b933..3c6d476c4 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java @@ -42,6 +42,7 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { public static final String LDAP_CERTSUBJNAME_ATTR = "certSubjectName"; protected String mSearchBase = null; protected String mCertSubjNameAttr = LDAP_CERTSUBJNAME_ATTR; + protected boolean mUseAllEntries = false; private ILogger mLogger = CMS.getLogger(); protected IConfigStore mConfig = null; @@ -82,6 +83,18 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { mInited = true; } + public LdapCertSubjMap(String searchBase, + String certSubjNameAttr, String certAttr, boolean useAllEntries) { + if (searchBase == null || + certSubjNameAttr == null || certAttr == null) + throw new IllegalArgumentException( + "a null argument to constructor " + this.getClass().getName()); + mCertSubjNameAttr = certSubjNameAttr; + mSearchBase = searchBase; + mUseAllEntries = useAllEntries; + mInited = true; + } + public String getImplName() { return "LdapCertSubjMap"; } @@ -95,6 +108,7 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { v.addElement("certSubjNameAttr=" + mCertSubjNameAttr); v.addElement("searchBase="); + v.addElement("useAllEntries=" + mUseAllEntries); return v; } @@ -102,6 +116,7 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { String[] params = { "certSubjNameAttr;string;Name of Ldap attribute containing cert subject name", "searchBase;string;Base DN to search from", + "useAllEntries;boolean;Use all entries for publishing", IExtendedPluginInfo.HELP_TOKEN + ";configuration-ldappublish-mapper-certsubjmapper", IExtendedPluginInfo.HELP_TEXT + @@ -125,6 +140,7 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { } else { v.addElement("searchBase=" + mSearchBase); } + v.addElement("useAllEntries=" + mUseAllEntries); return v; } @@ -140,6 +156,7 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { mCertSubjNameAttr = config.getString("certSubjNameAttr", LDAP_CERTSUBJNAME_ATTR); mSearchBase = config.getString("searchBase"); + mUseAllEntries = config.getBoolean("useAllEntries", false); mInited = true; } @@ -236,6 +253,63 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { return map(conn, obj); } + public Vector mapAll(LDAPConnection conn, Object obj) + throws ELdapException { + Vector v = new Vector(); + + if (conn == null) + return null; + X500Name subjectDN = null; + + try { + X509Certificate cert = (X509Certificate) obj; + subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN(); + CMS.debug("LdapCertSubjMap: cert subject dn:" + subjectDN.toString()); + } catch (ClassCastException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT")); + return v; + } + try { + boolean hasCert = false; + boolean hasSubjectName = false; + String[] attrs = new String[] { LDAPv3.NO_ATTRS }; + + log(ILogger.LL_INFO, "search " + mSearchBase + + " (" + mCertSubjNameAttr + "=" + subjectDN + ") " + mCertSubjNameAttr); + + LDAPSearchResults results = + conn.search(mSearchBase, LDAPv2.SCOPE_SUB, + "(" + mCertSubjNameAttr + "=" + subjectDN + ")", attrs, false); + + while (results.hasMoreElements()) { + LDAPEntry entry = results.next(); + String dn = entry.getDN(); + v.addElement(dn); + CMS.debug("LdapCertSubjMap: dn="+dn); + } + CMS.debug("LdapCertSubjMap: Number of entries: " + v.size()); + } catch (LDAPException e) { + if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { + // need to intercept this because message from LDAP is + // "DSA is unavailable" which confuses with DSA PKI. + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + } else { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); + } + } + + return v; + } + + public Vector mapAll(LDAPConnection conn, IRequest req, Object obj) + throws ELdapException { + return mapAll(conn, obj); + } + private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, "LdapCertSubjMap: " + msg); @@ -255,5 +329,9 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { return mCertSubjNameAttr; } + public boolean useAllEntries() { + return mUseAllEntries; + } + } |