diff options
| author | Ade Lee <alee@redhat.com> | 2011-12-07 16:58:12 -0500 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2011-12-07 16:58:12 -0500 |
| commit | 32150d3ee32f8ac27118af7c792794b538c78a2f (patch) | |
| tree | 52dd96f664a6fa51be25b28b6f10adc5f2c9f660 /pki/base/common/src/com/netscape/cmscore/usrgrp/UGSubsystem.java | |
| parent | f05d58a46795553beb8881039cc922974b40db34 (diff) | |
| download | pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.gz pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.xz pki-32150d3ee32f8ac27118af7c792794b538c78a2f.zip | |
Formatting
Formatted project according to eclipse project settings
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/usrgrp/UGSubsystem.java')
| -rw-r--r-- | pki/base/common/src/com/netscape/cmscore/usrgrp/UGSubsystem.java | 879 |
1 files changed, 457 insertions, 422 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/usrgrp/UGSubsystem.java b/pki/base/common/src/com/netscape/cmscore/usrgrp/UGSubsystem.java index 0c1180362..22e3af9e4 100644 --- a/pki/base/common/src/com/netscape/cmscore/usrgrp/UGSubsystem.java +++ b/pki/base/common/src/com/netscape/cmscore/usrgrp/UGSubsystem.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.usrgrp; - import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.Enumeration; @@ -53,12 +52,10 @@ import com.netscape.certsrv.usrgrp.IUsrGrp; import com.netscape.cmscore.ldapconn.LdapBoundConnFactory; import com.netscape.cmscore.util.Debug; - /** - * This class defines low-level LDAP usr/grp management - * usr/grp information is located remotely on another - * LDAP server. - * + * This class defines low-level LDAP usr/grp management usr/grp information is + * located remotely on another LDAP server. + * * @author thomask * @author cfu * @version $Revision$, $Date$ @@ -74,7 +71,7 @@ public final class UGSubsystem implements IUGSubsystem { protected static final String GROUP_ATTR_VALUE = "groupofuniquenames"; protected static final String LDAP_ATTR_USER_CERT_STRING = "description"; - // protected static final String LDAP_ATTR_CERTDN = "seeAlso"; + // protected static final String LDAP_ATTR_CERTDN = "seeAlso"; protected static final String LDAP_ATTR_USER_CERT = "userCertificate"; protected static final String PROP_BASEDN = "basedn"; @@ -116,14 +113,15 @@ public final class UGSubsystem implements IUGSubsystem { * Sets identifier of this manager */ public void setId(String id) throws EBaseException { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_OPERATION")); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_INVALID_OPERATION")); } /** * Connects to LDAP server. */ - public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + public void init(ISubsystem owner, IConfigStore config) + throws EBaseException { mLogger = CMS.getLogger(); mConfig = config; @@ -150,7 +148,7 @@ public final class UGSubsystem implements IUGSubsystem { // register admin servlet } - + /** * Disconnects usr/grp manager from the LDAP */ @@ -161,10 +159,11 @@ public final class UGSubsystem implements IUGSubsystem { mLdapConnFactory = null; } } catch (ELdapException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_LDAP_SHUT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_USRGRP_LDAP_SHUT", e.toString())); } } - + public IUser createUser(String id) { return new User(this, id); } @@ -204,7 +203,8 @@ public final class UGSubsystem implements IUGSubsystem { return u; } else { - throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_USER_NOT_FOUND")); + throw new EUsrGrpException( + CMS.getUserMessage("CMS_USRGRP_USER_NOT_FOUND")); } } else { LDAPConnection ldapconn = null; @@ -212,8 +212,7 @@ public final class UGSubsystem implements IUGSubsystem { try { ldapconn = getConn(); // read DN - LDAPSearchResults res = - ldapconn.search(userid, + LDAPSearchResults res = ldapconn.search(userid, LDAPv2.SCOPE_SUB, "(objectclass=*)", null, false); Enumeration e = buildUsers(res); @@ -221,12 +220,13 @@ public final class UGSubsystem implements IUGSubsystem { return (IUser) e.nextElement(); } } finally { - if (ldapconn != null) + if (ldapconn != null) returnConn(ldapconn); } } } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_GET_USER", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_USRGRP_GET_USER", e.toString())); // throws... } return null; @@ -244,9 +244,9 @@ public final class UGSubsystem implements IUGSubsystem { try { ldapconn = getConn(); - String filter = LDAP_ATTR_USER_CERT_STRING + "=" + getCertificateString(cert); - LDAPSearchResults res = - ldapconn.search(getUserBaseDN(), + String filter = LDAP_ATTR_USER_CERT_STRING + "=" + + getCertificateString(cert); + LDAPSearchResults res = ldapconn.search(getUserBaseDN(), LDAPConnection.SCOPE_SUB, filter, null, false); Enumeration e = buildUsers(res); @@ -257,25 +257,28 @@ public final class UGSubsystem implements IUGSubsystem { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { errMsg = "findUser: " + "Internal DB is unavailable"; } - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_FIND_USER", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_USRGRP_FIND_USER", e.toString())); } catch (ELdapException e) { - String errMsg = - "find User: Could not get connection to internaldb. Error " + e; + String errMsg = "find User: Could not get connection to internaldb. Error " + + e; - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_INTERNAL_DB", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_USRGRP_INTERNAL_DB", + e.toString())); } finally { - if (ldapconn != null) + if (ldapconn != null) returnConn(ldapconn); } return null; } /** - * Searchs for identities that matches the certificate locater - * generated filter. + * Searchs for identities that matches the certificate locater generated + * filter. */ - public IUser findUsersByCert(String filter) throws - EUsrGrpException, LDAPException { + public IUser findUsersByCert(String filter) throws EUsrGrpException, + LDAPException { if (filter == null) { return null; } @@ -290,8 +293,8 @@ public final class UGSubsystem implements IUGSubsystem { hasSlash = up.indexOf('\\'); while (hasSlash != -1) { - stripped += up.substring(0, hasSlash) + - "\\5c";; + stripped += up.substring(0, hasSlash) + "\\5c"; + ; up = up.substring(hasSlash + 1); hasSlash = up.indexOf('\\'); } @@ -303,8 +306,7 @@ public final class UGSubsystem implements IUGSubsystem { try { ldapconn = getConn(); LDAPSearchResults res = ldapconn.search(getUserBaseDN(), - LDAPv2.SCOPE_SUB, "(" + filter + ")", - null, false); + LDAPv2.SCOPE_SUB, "(" + filter + ")", null, false); Enumeration e = buildUsers(res); @@ -315,15 +317,18 @@ public final class UGSubsystem implements IUGSubsystem { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { errMsg = "findUsersByCert: " + "Internal DB is unavailable"; } - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_FIND_USER_BY_CERT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_USRGRP_FIND_USER_BY_CERT", + e.toString())); } catch (ELdapException e) { - String errMsg = - "find Users By Cert: " + - "Could not get connection to internaldb. Error " + e; + String errMsg = "find Users By Cert: " + + "Could not get connection to internaldb. Error " + e; - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_FIND_USER_BY_CERT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_USRGRP_FIND_USER_BY_CERT", + e.toString())); } finally { - if (ldapconn != null) + if (ldapconn != null) returnConn(ldapconn); } @@ -343,8 +348,7 @@ public final class UGSubsystem implements IUGSubsystem { try { ldapconn = getConn(); LDAPSearchResults res = ldapconn.search(getUserBaseDN(), - LDAPv2.SCOPE_SUB, "(uid=" + filter + ")", - null, false); + LDAPv2.SCOPE_SUB, "(uid=" + filter + ")", null, false); Enumeration e = buildUsers(res); @@ -355,14 +359,16 @@ public final class UGSubsystem implements IUGSubsystem { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { errMsg = "findUsersByCert: " + "Internal DB is unavailable"; } - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_FIND_USERS", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_USRGRP_FIND_USERS", e.toString())); } catch (ELdapException e) { - String errMsg = - "find Users: Could not get connection to internaldb. Error " + e; + String errMsg = "find Users: Could not get connection to internaldb. Error " + + e; - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_FIND_USERS", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_USRGRP_FIND_USERS", e.toString())); } finally { - if (ldapconn != null) + if (ldapconn != null) returnConn(ldapconn); } @@ -370,8 +376,8 @@ public final class UGSubsystem implements IUGSubsystem { } /** - * Searchs for identities that matches the filter. - * retrieves uid only, for efficiency of user listing + * Searchs for identities that matches the filter. retrieves uid only, for + * efficiency of user listing */ public Enumeration listUsers(String filter) throws EUsrGrpException { if (filter == null) { @@ -391,7 +397,8 @@ public final class UGSubsystem implements IUGSubsystem { cons.setMaxResults(0); LDAPSearchResults res = ldapconn.search(getUserBaseDN(), - LDAPv2.SCOPE_SUB, "(uid=" + filter + ")", attrs, false, cons); + LDAPv2.SCOPE_SUB, "(uid=" + filter + ")", attrs, false, + cons); Enumeration e = lbuildUsers(res); return e; @@ -401,7 +408,8 @@ public final class UGSubsystem implements IUGSubsystem { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { errMsg = "findUsersByCert: " + "Internal DB is unavailable"; } - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_LIST_USERS", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_USRGRP_LIST_USERS", e.toString())); } catch (Exception e) { throw new EUsrGrpException(CMS.getUserMessage("CMS_INTERNAL_ERROR")); } finally { @@ -412,8 +420,8 @@ public final class UGSubsystem implements IUGSubsystem { return null; } - protected Enumeration lbuildUsers(LDAPSearchResults res) throws - EUsrGrpException { + protected Enumeration lbuildUsers(LDAPSearchResults res) + throws EUsrGrpException { Vector v = new Vector(); while (res.hasMoreElements()) { @@ -425,8 +433,8 @@ public final class UGSubsystem implements IUGSubsystem { return v.elements(); } - protected Enumeration buildUsers(LDAPSearchResults res) throws - EUsrGrpException { + protected Enumeration buildUsers(LDAPSearchResults res) + throws EUsrGrpException { Vector v = new Vector(); if (res != null) { @@ -440,20 +448,22 @@ public final class UGSubsystem implements IUGSubsystem { // if v contains nothing, just throw exception if (v.size() == 0) { - throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_USER_NOT_FOUND")); + throw new EUsrGrpException( + CMS.getUserMessage("CMS_USRGRP_USER_NOT_FOUND")); } return v.elements(); } /** - * builds a User instance. Sets only uid for user entry retrieved - * from LDAP server. for listing efficiency only. + * builds a User instance. Sets only uid for user entry retrieved from LDAP + * server. for listing efficiency only. + * * @return the User entity. */ - protected IUser lbuildUser(LDAPEntry entry) throws EUsrGrpException { - IUser id = createUser(this, (String) - entry.getAttribute("uid").getStringValues().nextElement()); + protected IUser lbuildUser(LDAPEntry entry) throws EUsrGrpException { + IUser id = createUser(this, (String) entry.getAttribute("uid") + .getStringValues().nextElement()); LDAPAttribute cnAttr = entry.getAttribute("cn"); if (cnAttr != null) { @@ -462,11 +472,10 @@ public final class UGSubsystem implements IUGSubsystem { if (cn != null) { id.setFullName(cn); } - + } - LDAPAttribute certAttr = - entry.getAttribute(LDAP_ATTR_USER_CERT); + LDAPAttribute certAttr = entry.getAttribute(LDAP_ATTR_USER_CERT); if (certAttr != null) { Vector certVector = new Vector(); @@ -480,18 +489,19 @@ public final class UGSubsystem implements IUGSubsystem { certVector.addElement(cert); } } catch (Exception ex) { - throw new EUsrGrpException(CMS.getUserMessage("CMS_INTERNAL_ERROR")); + throw new EUsrGrpException( + CMS.getUserMessage("CMS_INTERNAL_ERROR")); } if (certVector != null && certVector.size() != 0) { // Make an array of certs - X509Certificate[] certArray = new X509Certificate[certVector.size()]; + X509Certificate[] certArray = new X509Certificate[certVector + .size()]; Enumeration en = certVector.elements(); int i = 0; while (en.hasMoreElements()) { - certArray[i++] = (X509Certificate) - en.nextElement(); + certArray[i++] = (X509Certificate) en.nextElement(); } id.setX509Certificates(certArray); @@ -502,13 +512,14 @@ public final class UGSubsystem implements IUGSubsystem { } /** - * builds a User instance. Set all attributes retrieved from - * LDAP server and set them on User. + * builds a User instance. Set all attributes retrieved from LDAP server and + * set them on User. + * * @return the User entity. */ protected IUser buildUser(LDAPEntry entry) throws EUsrGrpException { - IUser id = createUser(this, (String) - entry.getAttribute("uid").getStringValues().nextElement()); + IUser id = createUser(this, (String) entry.getAttribute("uid") + .getStringValues().nextElement()); LDAPAttribute cnAttr = entry.getAttribute("cn"); if (cnAttr != null) { @@ -523,23 +534,20 @@ public final class UGSubsystem implements IUGSubsystem { if (userdn != null) { id.setUserDN(userdn); - } else { // the impossible - String errMsg = "buildUser(): user DN not found: " + - userdn; + } else { // the impossible + String errMsg = "buildUser(): user DN not found: " + userdn; - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_BUILD_USER")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_USRGRP_BUILD_USER")); throw new EUsrGrpException(CMS.getUserMessage("CMS_INTERNAL_ERROR")); } /* - LDAPAttribute certdnAttr = entry.getAttribute(LDAP_ATTR_CERTDN); - if (certdnAttr != null) { - String cdn = (String)certdnAttr.getStringValues().nextElement(); - if (cdn != null) { - id.setCertDN(cdn); - } - } + * LDAPAttribute certdnAttr = entry.getAttribute(LDAP_ATTR_CERTDN); if + * (certdnAttr != null) { String cdn = + * (String)certdnAttr.getStringValues().nextElement(); if (cdn != null) + * { id.setCertDN(cdn); } } */ LDAPAttribute mailAttr = entry.getAttribute("mail"); @@ -586,7 +594,7 @@ public final class UGSubsystem implements IUGSubsystem { LDAPAttribute userTypeAttr = entry.getAttribute("usertype"); - if (userTypeAttr == null) + if (userTypeAttr == null) id.setUserType(""); else { Enumeration en = userTypeAttr.getStringValues(); @@ -594,11 +602,11 @@ public final class UGSubsystem implements IUGSubsystem { if (en != null && en.hasMoreElements()) { String userType = (String) en.nextElement(); - if ((userType != null) && (! userType.equals("undefined"))) + if ((userType != null) && (!userType.equals("undefined"))) id.setUserType(userType); else id.setUserType(""); - + } } @@ -616,12 +624,11 @@ public final class UGSubsystem implements IUGSubsystem { id.setState(userState); else id.setState(""); - + } } - LDAPAttribute certAttr = - entry.getAttribute(LDAP_ATTR_USER_CERT); + LDAPAttribute certAttr = entry.getAttribute(LDAP_ATTR_USER_CERT); if (certAttr != null) { Vector certVector = new Vector(); @@ -635,18 +642,19 @@ public final class UGSubsystem implements IUGSubsystem { certVector.addElement(cert); } } catch (Exception ex) { - throw new EUsrGrpException(CMS.getUserMessage("CMS_INTERNAL_ERROR")); + throw new EUsrGrpException( + CMS.getUserMessage("CMS_INTERNAL_ERROR")); } if (certVector != null && certVector.size() != 0) { // Make an array of certs - X509Certificate[] certArray = new X509Certificate[certVector.size()]; + X509Certificate[] certArray = new X509Certificate[certVector + .size()]; Enumeration en = certVector.elements(); int i = 0; while (en.hasMoreElements()) { - certArray[i++] = (X509Certificate) - en.nextElement(); + certArray[i++] = (X509Certificate) en.nextElement(); } id.setX509Certificates(certArray); @@ -661,24 +669,23 @@ public final class UGSubsystem implements IUGSubsystem { } /** - * Adds identity. Certificates handled by a separate call to - * addUserCert() + * Adds identity. Certificates handled by a separate call to addUserCert() */ public void addUser(IUser identity) throws EUsrGrpException, LDAPException { User id = (User) identity; if (id == null) { - throw new - EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_ADD_USER_FAIL")); + throw new EUsrGrpException( + CMS.getUserMessage("CMS_USRGRP_ADD_USER_FAIL")); } if (id.getUserID() == null) { - throw new - EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_ADD_USER_FAIL_NO_UID")); + throw new EUsrGrpException( + CMS.getUserMessage("CMS_USRGRP_ADD_USER_FAIL_NO_UID")); } LDAPAttributeSet attrs = new LDAPAttributeSet(); - String oc[] = {"top", "person", "organizationalPerson", + String oc[] = { "top", "person", "organizationalPerson", "inetOrgPerson", "cmsuser" }; attrs.add(new LDAPAttribute("objectclass", oc)); @@ -689,43 +696,42 @@ public final class UGSubsystem implements IUGSubsystem { if (id.getPhone() != null) { // DS syntax checking requires a value for PrintableString syntax - if (! id.getPhone().equals("")) { + if (!id.getPhone().equals("")) { attrs.add(new LDAPAttribute("telephonenumber", id.getPhone())); } } - attrs.add(new LDAPAttribute("userpassword", - id.getPassword())); + attrs.add(new LDAPAttribute("userpassword", id.getPassword())); if (id.getUserType() != null) { // DS syntax checking requires a value for Directory String syntax - // but usertype is a MUST attribute, so we need to add something here + // but usertype is a MUST attribute, so we need to add something + // here // if it is undefined. - - if (! id.getUserType().equals("")) { - attrs.add(new LDAPAttribute("usertype", id.getUserType())); + + if (!id.getUserType().equals("")) { + attrs.add(new LDAPAttribute("usertype", id.getUserType())); } else { - attrs.add(new LDAPAttribute("usertype", "undefined")); + attrs.add(new LDAPAttribute("usertype", "undefined")); } } if (id.getState() != null) { // DS syntax checking requires a value for Directory String syntax - if (! id.getState().equals("")) { + if (!id.getState().equals("")) { attrs.add(new LDAPAttribute("userstate", id.getState())); } } - LDAPEntry entry = new LDAPEntry("uid=" + id.getUserID() + - "," + getUserBaseDN(), attrs); + LDAPEntry entry = new LDAPEntry("uid=" + id.getUserID() + "," + + getUserBaseDN(), attrs); // for audit log SessionContext sessionContext = SessionContext.getContext(); String adminId = (String) sessionContext.get(SessionContext.USER_ID); - mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, - AuditFormat.LEVEL, AuditFormat.ADDUSERFORMAT, - new Object[] {adminId, id.getUserID()} - ); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, AuditFormat.LEVEL, + AuditFormat.ADDUSERFORMAT, + new Object[] { adminId, id.getUserID() }); LDAPConnection ldapconn = null; @@ -733,12 +739,13 @@ public final class UGSubsystem implements IUGSubsystem { ldapconn = getConn(); ldapconn.add(entry); } catch (ELdapException e) { - String errMsg = - "add User: Could not get connection to internaldb. Error " + e; + String errMsg = "add User: Could not get connection to internaldb. Error " + + e; - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_ADD_USER", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_USRGRP_ADD_USER", e.toString())); } finally { - if (ldapconn != null) + if (ldapconn != null) returnConn(ldapconn); } } @@ -758,45 +765,47 @@ public final class UGSubsystem implements IUGSubsystem { LDAPModificationSet addCert = new LDAPModificationSet(); if ((cert = user.getX509Certificates()) != null) { - LDAPAttribute attrCertStr = new - LDAPAttribute(LDAP_ATTR_USER_CERT_STRING); + LDAPAttribute attrCertStr = new LDAPAttribute( + LDAP_ATTR_USER_CERT_STRING); /* - LDAPAttribute attrCertDNStr = new - LDAPAttribute(LDAP_ATTR_CERTDN); + * LDAPAttribute attrCertDNStr = new + * LDAPAttribute(LDAP_ATTR_CERTDN); */ - LDAPAttribute attrCertBin = new - LDAPAttribute(LDAP_ATTR_USER_CERT); + LDAPAttribute attrCertBin = new LDAPAttribute(LDAP_ATTR_USER_CERT); try { attrCertBin.addValue(cert[0].getEncoded()); attrCertStr.addValue(getCertificateString(cert[0])); - // attrCertDNStr.addValue(cert[0].getSubjectDN().toString()); + // attrCertDNStr.addValue(cert[0].getSubjectDN().toString()); } catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_ADD_USER_CERT", e.toString())); - throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_USR_CERT_ERROR")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_USRGRP_ADD_USER_CERT", + e.toString())); + throw new EUsrGrpException( + CMS.getUserMessage("CMS_USRGRP_USR_CERT_ERROR")); } addCert.add(LDAPModification.ADD, attrCertStr); - //addCert.add(LDAPModification.ADD, attrCertDNStr); + // addCert.add(LDAPModification.ADD, attrCertDNStr); addCert.add(LDAPModification.ADD, attrCertBin); LDAPConnection ldapconn = null; try { ldapconn = getConn(); - ldapconn.modify("uid=" + user.getUserID() + - "," + getUserBaseDN(), addCert); + ldapconn.modify("uid=" + user.getUserID() + "," + + getUserBaseDN(), addCert); // for audit log SessionContext sessionContext = SessionContext.getContext(); - String adminId = (String) sessionContext.get(SessionContext.USER_ID); + String adminId = (String) sessionContext + .get(SessionContext.USER_ID); mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, - AuditFormat.LEVEL, AuditFormat.ADDUSERCERTFORMAT, - new Object[] {adminId, user.getUserID(), - cert[0].getSubjectDN().toString(), - cert[0].getSerialNumber().toString(16)} - ); + AuditFormat.LEVEL, AuditFormat.ADDUSERCERTFORMAT, + new Object[] { adminId, user.getUserID(), + cert[0].getSubjectDN().toString(), + cert[0].getSerialNumber().toString(16) }); } catch (LDAPException e) { if (Debug.ON) { @@ -807,16 +816,19 @@ public final class UGSubsystem implements IUGSubsystem { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { errMsg = "findUsersByCert: " + "Internal DB is unavailable"; } - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_ADD_USER", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_USRGRP_ADD_USER", + e.toString())); throw e; } catch (ELdapException e) { - String errMsg = - "add User Cert: " + - "Could not get connection to internaldb. Error " + e; + String errMsg = "add User Cert: " + + "Could not get connection to internaldb. Error " + e; - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_ADD_USER", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_USRGRP_ADD_USER", + e.toString())); } finally { - if (ldapconn != null) + if (ldapconn != null) returnConn(ldapconn); } } @@ -825,9 +837,9 @@ public final class UGSubsystem implements IUGSubsystem { } /** - * Removes a user certificate for a user entry - * given a user certificate DN (actually, a combination of version, - * serialNumber, issuerDN, and SubjectDN), and it gets removed + * Removes a user certificate for a user entry given a user certificate DN + * (actually, a combination of version, serialNumber, issuerDN, and + * SubjectDN), and it gets removed */ public void removeUserCert(IUser identity) throws EUsrGrpException { User user = (User) identity; @@ -842,29 +854,28 @@ public final class UGSubsystem implements IUGSubsystem { ldapUser = (User) getUser(user.getUserID()); if (ldapUser == null) { - throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_USER_NOT_FOUND")); + throw new EUsrGrpException( + CMS.getUserMessage("CMS_USRGRP_USER_NOT_FOUND")); } X509Certificate[] certs = ldapUser.getX509Certificates(); if (certs == null) { - throw new - EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_CERT_NOT_FOUND")); + throw new EUsrGrpException( + CMS.getUserMessage("CMS_USRGRP_CERT_NOT_FOUND")); } String delCertdn = user.getCertDN(); if (delCertdn == null) { - throw new - EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_CERT_NOT_FOUND")); + throw new EUsrGrpException( + CMS.getUserMessage("CMS_USRGRP_CERT_NOT_FOUND")); } - LDAPAttribute certAttr = new - LDAPAttribute(LDAP_ATTR_USER_CERT); - LDAPAttribute certAttrS = new - LDAPAttribute(LDAP_ATTR_USER_CERT_STRING); + LDAPAttribute certAttr = new LDAPAttribute(LDAP_ATTR_USER_CERT); + LDAPAttribute certAttrS = new LDAPAttribute(LDAP_ATTR_USER_CERT_STRING); - //LDAPAttribute certDNAttrS = new LDAPAttribute(LDAP_ATTR_CERTDN); + // LDAPAttribute certDNAttrS = new LDAPAttribute(LDAP_ATTR_CERTDN); int certCount = 0; @@ -882,76 +893,80 @@ public final class UGSubsystem implements IUGSubsystem { try { certAttr.addValue(certs[i].getEncoded()); certAttrS.addValue(getCertificateString(certs[i])); - // certDNAttrS.addValue(certs[i].getSubjectDN().toString()); + // certDNAttrS.addValue(certs[i].getSubjectDN().toString()); } catch (CertificateEncodingException e) { - throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_USR_CERT_ERROR")); + throw new EUsrGrpException( + CMS.getUserMessage("CMS_USRGRP_USR_CERT_ERROR")); } attrs.add(LDAPModification.DELETE, certAttr); attrs.add(LDAPModification.DELETE, certAttrS); - //attrs.add(LDAPModification.DELETE, certDNAttrS); + // attrs.add(LDAPModification.DELETE, certDNAttrS); LDAPConnection ldapconn = null; try { ldapconn = getConn(); - ldapconn.modify("uid=" + user.getUserID() + - "," + getUserBaseDN(), attrs); + ldapconn.modify("uid=" + user.getUserID() + "," + + getUserBaseDN(), attrs); certCount++; // for audit log SessionContext sessionContext = SessionContext.getContext(); - String adminId = (String) sessionContext.get(SessionContext.USER_ID); + String adminId = (String) sessionContext + .get(SessionContext.USER_ID); - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_USRGRP, - AuditFormat.LEVEL, - AuditFormat.REMOVEUSERCERTFORMAT, - new Object[] {adminId, user.getUserID(), - certs[0].getSubjectDN().toString(), - certs[i].getSerialNumber().toString(16)} - ); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, + AuditFormat.LEVEL, + AuditFormat.REMOVEUSERCERTFORMAT, new Object[] { + adminId, user.getUserID(), + certs[0].getSubjectDN().toString(), + certs[i].getSerialNumber().toString(16) }); } catch (LDAPException e) { String errMsg = "removeUserCert():" + e; if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { - errMsg = - "removeUserCert: " + "Internal DB is unavailable"; + errMsg = "removeUserCert: " + + "Internal DB is unavailable"; } - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_REMOVE_USER", e.toString())); - throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_MOD_USER_FAIL")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_USRGRP_REMOVE_USER", + e.toString())); + throw new EUsrGrpException( + CMS.getUserMessage("CMS_USRGRP_MOD_USER_FAIL")); } catch (ELdapException e) { - String errMsg = - "remove User Cert: " + - "Could not get connection to internaldb. Error " + e; + String errMsg = "remove User Cert: " + + "Could not get connection to internaldb. Error " + + e; - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_REMOVE_USER", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_USRGRP_REMOVE_USER", + e.toString())); } finally { - if (ldapconn != null) + if (ldapconn != null) returnConn(ldapconn); } } } if (certCount == 0) { - throw new - EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_CERT_NOT_FOUND")); + throw new EUsrGrpException( + CMS.getUserMessage("CMS_USRGRP_CERT_NOT_FOUND")); } return; } - public void removeUserFromGroup(IGroup grp, String userid) - throws EUsrGrpException { - + public void removeUserFromGroup(IGroup grp, String userid) + throws EUsrGrpException { + LDAPConnection ldapconn = null; try { ldapconn = getConn(); - String groupDN = "cn=" + grp.getGroupID() + - "," + getGroupBaseDN(); - LDAPAttribute memberAttr = new LDAPAttribute( - "uniquemember", "uid=" + userid + "," + getUserBaseDN()); + String groupDN = "cn=" + grp.getGroupID() + "," + getGroupBaseDN(); + LDAPAttribute memberAttr = new LDAPAttribute("uniquemember", "uid=" + + userid + "," + getUserBaseDN()); LDAPModification singleChange = new LDAPModification( LDAPModification.DELETE, memberAttr); @@ -962,16 +977,19 @@ public final class UGSubsystem implements IUGSubsystem { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { errMsg = "removeUser: " + "Internal DB is unavailable"; } - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_REMOVE_USER_FROM_GROUP", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_USRGRP_REMOVE_USER_FROM_GROUP", e.toString())); - throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_REMOVE_USER_FAIL")); + throw new EUsrGrpException( + CMS.getUserMessage("CMS_USRGRP_REMOVE_USER_FAIL")); } catch (ELdapException e) { - String errMsg = - "removeUserFromGroup: Could not get connection to internaldb. Error " + e; + String errMsg = "removeUserFromGroup: Could not get connection to internaldb. Error " + + e; - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_REMOVE_USER_FROM_GROUP", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_USRGRP_REMOVE_USER_FROM_GROUP", e.toString())); } finally { - if (ldapconn != null) + if (ldapconn != null) returnConn(ldapconn); } } @@ -991,12 +1009,12 @@ public final class UGSubsystem implements IUGSubsystem { ldapconn.delete("uid=" + userid + "," + getUserBaseDN()); // for audit log SessionContext sessionContext = SessionContext.getContext(); - String adminId = (String) sessionContext.get(SessionContext.USER_ID); + String adminId = (String) sessionContext + .get(SessionContext.USER_ID); - mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, - AuditFormat.LEVEL, AuditFormat.REMOVEUSERFORMAT, - new Object[] {adminId, userid} - ); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, AuditFormat.LEVEL, + AuditFormat.REMOVEUSERFORMAT, new Object[] { adminId, + userid }); } catch (LDAPException e) { String errMsg = "removeUser()" + e.toString(); @@ -1004,29 +1022,34 @@ public final class UGSubsystem implements IUGSubsystem { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { errMsg = "removeUser: " + "Internal DB is unavailable"; } - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_REMOVE_USER", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_USRGRP_REMOVE_USER", + e.toString())); - throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_REMOVE_USER_FAIL")); + throw new EUsrGrpException( + CMS.getUserMessage("CMS_USRGRP_REMOVE_USER_FAIL")); } catch (ELdapException e) { - String errMsg = - "remove User: Could not get connection to internaldb. Error " + e; + String errMsg = "remove User: Could not get connection to internaldb. Error " + + e; - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_REMOVE_USER", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_USRGRP_REMOVE_USER", + e.toString())); } finally { - if (ldapconn != null) + if (ldapconn != null) returnConn(ldapconn); } } /** - * modifies user attributes. Certs are handled separately + * modifies user attributes. Certs are handled separately */ public void modifyUser(IUser identity) throws EUsrGrpException { User user = (User) identity; String st = null; /** - X509Certificate certs[] = null; + * X509Certificate certs[] = null; **/ LDAPModificationSet attrs = new LDAPModificationSet(); @@ -1039,10 +1062,8 @@ public final class UGSubsystem implements IUGSubsystem { try { ldapconn = getConn(); if ((st = user.getFullName()) != null) { - attrs.add(LDAPModification.REPLACE, - new LDAPAttribute("sn", st)); - attrs.add(LDAPModification.REPLACE, - new LDAPAttribute("cn", st)); + attrs.add(LDAPModification.REPLACE, new LDAPAttribute("sn", st)); + attrs.add(LDAPModification.REPLACE, new LDAPAttribute("cn", st)); } if ((st = user.getEmail()) != null) { LDAPAttribute ld = new LDAPAttribute("mail", st); @@ -1050,38 +1071,40 @@ public final class UGSubsystem implements IUGSubsystem { attrs.add(LDAPModification.REPLACE, ld); } if ((st = user.getPassword()) != null && (!st.equals(""))) { - attrs.add(LDAPModification.REPLACE, - new LDAPAttribute("userpassword", st)); + attrs.add(LDAPModification.REPLACE, new LDAPAttribute( + "userpassword", st)); } if ((st = user.getPhone()) != null) { - if (! st.equals("")) { - attrs.add(LDAPModification.REPLACE, - new LDAPAttribute("telephonenumber", st)); + if (!st.equals("")) { + attrs.add(LDAPModification.REPLACE, new LDAPAttribute( + "telephonenumber", st)); } else { try { LDAPModification singleChange = new LDAPModification( - LDAPModification.DELETE, new LDAPAttribute("telephonenumber")); - ldapconn.modify("uid=" + user.getUserID() + - "," + getUserBaseDN(), singleChange); + LDAPModification.DELETE, new LDAPAttribute( + "telephonenumber")); + ldapconn.modify("uid=" + user.getUserID() + "," + + getUserBaseDN(), singleChange); } catch (LDAPException e) { if (e.getLDAPResultCode() != LDAPException.NO_SUCH_ATTRIBUTE) { CMS.debug("modifyUser: Error in deleting telephonenumber"); throw e; } } - } + } } if ((st = user.getState()) != null) { - if (! st.equals("")) { - attrs.add(LDAPModification.REPLACE, - new LDAPAttribute("userstate", st)); + if (!st.equals("")) { + attrs.add(LDAPModification.REPLACE, new LDAPAttribute( + "userstate", st)); } else { try { LDAPModification singleChange = new LDAPModification( - LDAPModification.DELETE, new LDAPAttribute("userstate")); - ldapconn.modify("uid=" + user.getUserID() + - "," + getUserBaseDN(), singleChange); + LDAPModification.DELETE, new LDAPAttribute( + "userstate")); + ldapconn.modify("uid=" + user.getUserID() + "," + + getUserBaseDN(), singleChange); } catch (LDAPException e) { if (e.getLDAPResultCode() != LDAPException.NO_SUCH_ATTRIBUTE) { CMS.debug("modifyUser: Error in deleting userstate"); @@ -1089,45 +1112,40 @@ public final class UGSubsystem implements IUGSubsystem { } } } - } + } /** - if ((certs = user.getCertificates()) != null) { - LDAPAttribute attrCertStr = new - LDAPAttribute("description"); - LDAPAttribute attrCertBin = new - LDAPAttribute(LDAP_ATTR_USER_CERT); - for (int i = 0 ; i < certs.length; i++) { - attrCertBin.addValue(certs[i].getEncoded()); - attrCertStr.addValue(getCertificateString(certs[i])); - } - attrs.add(attrCertStr); - - if (user.getCertOp() == OpDef.ADD) { - attrs.add(LDAPModification.ADD, attrCertBin); - } else if (user.getCertOp() == OpDef.DELETE) { - attrs.add(LDAPModification.DELETE, attrCertBin); - } else { - throw new EUsrGrpException(UsrGrpResources.USR_MOD_ILL_CERT_OP); - } - } + * if ((certs = user.getCertificates()) != null) { LDAPAttribute + * attrCertStr = new LDAPAttribute("description"); LDAPAttribute + * attrCertBin = new LDAPAttribute(LDAP_ATTR_USER_CERT); for (int i + * = 0 ; i < certs.length; i++) { + * attrCertBin.addValue(certs[i].getEncoded()); + * attrCertStr.addValue(getCertificateString(certs[i])); } + * attrs.add(attrCertStr); + * + * if (user.getCertOp() == OpDef.ADD) { + * attrs.add(LDAPModification.ADD, attrCertBin); } else if + * (user.getCertOp() == OpDef.DELETE) { + * attrs.add(LDAPModification.DELETE, attrCertBin); } else { throw + * new EUsrGrpException(UsrGrpResources.USR_MOD_ILL_CERT_OP); } } **/ - ldapconn.modify("uid=" + user.getUserID() + - "," + getUserBaseDN(), attrs); + ldapconn.modify("uid=" + user.getUserID() + "," + getUserBaseDN(), + attrs); // for audit log SessionContext sessionContext = SessionContext.getContext(); - String adminId = (String) sessionContext.get(SessionContext.USER_ID); + String adminId = (String) sessionContext + .get(SessionContext.USER_ID); - mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, - AuditFormat.LEVEL, AuditFormat.MODIFYUSERFORMAT, - new Object[] {adminId, user.getUserID()} - ); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, AuditFormat.LEVEL, + AuditFormat.MODIFYUSERFORMAT, + new Object[] { adminId, user.getUserID() }); } catch (Exception e) { - //e.printStackTrace(); - throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_MOD_USER_FAIL")); + // e.printStackTrace(); + throw new EUsrGrpException( + CMS.getUserMessage("CMS_USRGRP_MOD_USER_FAIL")); } finally { - if (ldapconn != null) + if (ldapconn != null) returnConn(ldapconn); } } @@ -1155,29 +1173,32 @@ public final class UGSubsystem implements IUGSubsystem { try { ldapconn = getConn(); - LDAPSearchResults res = - ldapconn.search(getGroupBaseDN(), LDAPv2.SCOPE_SUB, - "(&(objectclass=groupofuniquenames)(cn=" + filter + "))", - null, false); + LDAPSearchResults res = ldapconn.search(getGroupBaseDN(), + LDAPv2.SCOPE_SUB, "(&(objectclass=groupofuniquenames)(cn=" + + filter + "))", null, false); return buildGroups(res); } catch (LDAPException e) { - String errMsg = - "findGroups: could not find group " + filter + ". Error " + e; + String errMsg = "findGroups: could not find group " + filter + + ". Error " + e; if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { errMsg = "findGroups: " + "Internal DB is unavailable"; } - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_FIND_GROUPS", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_USRGRP_FIND_GROUPS", + e.toString())); return null; } catch (ELdapException e) { - String errMsg = - "find Groups: Could not get connection to internaldb. Error " + e; + String errMsg = "find Groups: Could not get connection to internaldb. Error " + + e; - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_FIND_GROUPS", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_USRGRP_FIND_GROUPS", + e.toString())); return null; } finally { - if (ldapconn != null) + if (ldapconn != null) returnConn(ldapconn); } } @@ -1191,8 +1212,8 @@ public final class UGSubsystem implements IUGSubsystem { } /** - * List groups. more efficient than find Groups. only retrieves - * group names and description. + * List groups. more efficient than find Groups. only retrieves group names + * and description. */ public Enumeration listGroups(String filter) throws EUsrGrpException { if (filter == null) { @@ -1208,10 +1229,9 @@ public final class UGSubsystem implements IUGSubsystem { attrs[1] = "description"; ldapconn = getConn(); - LDAPSearchResults res = - ldapconn.search(getGroupBaseDN(), LDAPv2.SCOPE_SUB, - "(&(objectclass=groupofuniquenames)(cn=" + filter + "))", - attrs, false); + LDAPSearchResults res = ldapconn.search(getGroupBaseDN(), + LDAPv2.SCOPE_SUB, "(&(objectclass=groupofuniquenames)(cn=" + + filter + "))", attrs, false); return buildGroups(res); } catch (LDAPException e) { @@ -1220,14 +1240,18 @@ public final class UGSubsystem implements IUGSubsystem { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { errMsg = "listGroups: " + "Internal DB is unavailable"; } - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_LIST_GROUPS", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_USRGRP_LIST_GROUPS", + e.toString())); } catch (ELdapException e) { - String errMsg = - "list Groups: Could not get connection to internaldb. Error " + e; + String errMsg = "list Groups: Could not get connection to internaldb. Error " + + e; - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_LIST_GROUPS", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_USRGRP_LIST_GROUPS", + e.toString())); } finally { - if (ldapconn != null) + if (ldapconn != null) returnConn(ldapconn); } return null; @@ -1237,9 +1261,10 @@ public final class UGSubsystem implements IUGSubsystem { * builds an instance of a Group entry */ protected IGroup buildGroup(LDAPEntry entry) { - String groupName = (String)entry.getAttribute("cn").getStringValues().nextElement(); + String groupName = (String) entry.getAttribute("cn").getStringValues() + .nextElement(); IGroup grp = createGroup(this, groupName); - + LDAPAttribute grpDesc = entry.getAttribute("description"); if (grpDesc != null) { @@ -1253,7 +1278,8 @@ public final class UGSubsystem implements IUGSubsystem { grp.set("description", desc); } catch (EBaseException ex) { // later... - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_BUILD_GROUP", ex.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_USRGRP_BUILD_GROUP", ex.toString())); } } } @@ -1263,7 +1289,9 @@ public final class UGSubsystem implements IUGSubsystem { grp.set("description", ""); // safety net } catch (EBaseException ex) { // later... - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_BUILD_GROUP", ex.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_USRGRP_BUILD_GROUP", + ex.toString())); } } @@ -1279,24 +1307,28 @@ public final class UGSubsystem implements IUGSubsystem { while (e.hasMoreElements()) { String v = (String) e.nextElement(); - // grp.addMemberName(v); + // grp.addMemberName(v); // DOES NOT SUPPORT NESTED GROUPS... - /* BAD_GROUP_MEMBER message goes to system log - * We are testing unique member attribute for - * 1. presence of uid string - * 2. presence and sequence of equal sign and comma - * 3. absence of equal sign between previously found equal sign and comma - * 4. absence of non white space characters between uid string and equal sign - */ + /* + * BAD_GROUP_MEMBER message goes to system log We are testing unique + * member attribute for 1. presence of uid string 2. presence and + * sequence of equal sign and comma 3. absence of equal sign between + * previously found equal sign and comma 4. absence of non white + * space characters between uid string and equal sign + */ int i = -1; int j = -1; - if (v == null || v.length() < 3 || (!(v.substring(0,3)).equalsIgnoreCase("uid")) || - ((i = v.indexOf('=')) < 0) || ((j = v.indexOf(',')) < 0) || i > j || - (v.substring(i+1, j)).indexOf('=') > -1 || ((v.substring(3, i)).trim()).length() > 0) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_BAD_GROUP_MEMBER", groupName, v)); + if (v == null || v.length() < 3 + || (!(v.substring(0, 3)).equalsIgnoreCase("uid")) + || ((i = v.indexOf('=')) < 0) || ((j = v.indexOf(',')) < 0) + || i > j || (v.substring(i + 1, j)).indexOf('=') > -1 + || ((v.substring(3, i)).trim()).length() > 0) { + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_USRGRP_BAD_GROUP_MEMBER", groupName, v)); } else { - grp.addMemberName(v.substring(v.indexOf('=') + 1, v.indexOf(','))); + grp.addMemberName(v.substring(v.indexOf('=') + 1, + v.indexOf(','))); } } @@ -1308,22 +1340,20 @@ public final class UGSubsystem implements IUGSubsystem { } /** - * Retrieves a group from LDAP - * NOTE - this takes just the group name. + * Retrieves a group from LDAP NOTE - this takes just the group name. */ public IGroup getGroupFromName(String name) { return getGroup("cn=" + name + "," + getGroupBaseDN()); } /** - * Retrieves a group from LDAP - * NOTE - LH This takes a full LDAP DN. + * Retrieves a group from LDAP NOTE - LH This takes a full LDAP DN. */ public IGroup getGroup(String name) { if (name == null) { return null; } - + LDAPConnection ldapconn = null; try { @@ -1337,7 +1367,8 @@ public final class UGSubsystem implements IUGSubsystem { return null; return (IGroup) e.nextElement(); } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_GET_GROUP", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_USRGRP_GET_GROUP", e.toString())); } finally { if (ldapconn != null) returnConn(ldapconn); @@ -1373,7 +1404,9 @@ public final class UGSubsystem implements IUGSubsystem { } } } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_IS_GROUP_PRESENT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_USRGRP_IS_GROUP_PRESENT", + e.toString())); } finally { if (ldapconn != null) returnConn(ldapconn); @@ -1381,91 +1414,82 @@ public final class UGSubsystem implements IUGSubsystem { return false; } - public boolean isMemberOf(String userid, String groupname) - { + public boolean isMemberOf(String userid, String groupname) { try { - IUser user = getUser(userid); - return isMemberOfLdapGroup(user.getUserDN(), groupname); + IUser user = getUser(userid); + return isMemberOfLdapGroup(user.getUserDN(), groupname); } catch (Exception e) { - /* do nothing */ + /* do nothing */ } return false; } /** - * Checks if the given user is a member of the given group - * (now runs an ldap search to find the user, instead of - * fetching the entire group entry) + * Checks if the given user is a member of the given group (now runs an ldap + * search to find the user, instead of fetching the entire group entry) */ - public boolean isMemberOf(IUser id, String name) { - if (id == null) { - log(ILogger.LL_WARN, "isMemberOf(): id is null"); - return false; + public boolean isMemberOf(IUser id, String name) { + if (id == null) { + log(ILogger.LL_WARN, "isMemberOf(): id is null"); + return false; } - if (name == null) { - log(ILogger.LL_WARN, "isMemberOf(): name is null"); - return false; + if (name == null) { + log(ILogger.LL_WARN, "isMemberOf(): name is null"); + return false; } - Debug.trace("UGSubsystem.isMemberOf() using new lookup code"); - return isMemberOfLdapGroup(id.getUserDN(),name); + Debug.trace("UGSubsystem.isMemberOf() using new lookup code"); + return isMemberOfLdapGroup(id.getUserDN(), name); } - /** - * checks if the given user DN is in the specified group - * by running an ldap search for the user in the group + * checks if the given user DN is in the specified group by running an ldap + * search for the user in the group */ - protected boolean isMemberOfLdapGroup(String userid,String groupname) - { - String basedn = "cn="+groupname+",ou=groups,"+mBaseDN; + protected boolean isMemberOfLdapGroup(String userid, String groupname) { + String basedn = "cn=" + groupname + ",ou=groups," + mBaseDN; LDAPConnection ldapconn = null; - boolean founduser=false; + boolean founduser = false; try { - // the group could potentially have many thousands - // of members, (many values of the uniquemember - // attribute). So, we don't want to fetch this - // list each time. We'll just fetch the CN. - String attrs[]= new String[1]; - attrs[0] = "cn"; + // the group could potentially have many thousands + // of members, (many values of the uniquemember + // attribute). So, we don't want to fetch this + // list each time. We'll just fetch the CN. + String attrs[] = new String[1]; + attrs[0] = "cn"; ldapconn = getConn(); - - String filter = "(uniquemember="+userid+")"; - Debug.trace("authorization search base: "+basedn); - Debug.trace("authorization search filter: "+filter); - LDAPSearchResults res = - ldapconn.search(basedn, LDAPv2.SCOPE_BASE, - filter, - attrs, false); - // If the result had at least one entry, we know - // that the filter matched, and so the user correctly - // authenticated. - if (res.hasMoreElements()) { - // actually read the entry - LDAPEntry entry = (LDAPEntry)res.nextElement(); - founduser=true; - } - Debug.trace("authorization result: "+founduser); - } catch (LDAPException e) { - String errMsg = - "isMemberOfLdapGroup: could not find group "+groupname+". Error "+e; - if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { - errMsg = "isMemberOfLdapGroup: "+"Internal DB is unavailable"; - } - Debug.trace("authorization exception: "+errMsg); - // too chatty in system log - // log(ILogger.LL_FAILURE, errMsg); - } - catch (ELdapException e) { - String errMsg = - "isMemberOfLdapGroup: Could not get connection to internaldb. Error "+e; - Debug.trace("authorization exception: "+errMsg); + String filter = "(uniquemember=" + userid + ")"; + Debug.trace("authorization search base: " + basedn); + Debug.trace("authorization search filter: " + filter); + LDAPSearchResults res = ldapconn.search(basedn, LDAPv2.SCOPE_BASE, + filter, attrs, false); + // If the result had at least one entry, we know + // that the filter matched, and so the user correctly + // authenticated. + if (res.hasMoreElements()) { + // actually read the entry + LDAPEntry entry = (LDAPEntry) res.nextElement(); + founduser = true; + } + Debug.trace("authorization result: " + founduser); + } catch (LDAPException e) { + String errMsg = "isMemberOfLdapGroup: could not find group " + + groupname + ". Error " + e; + if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { + errMsg = "isMemberOfLdapGroup: " + "Internal DB is unavailable"; + } + Debug.trace("authorization exception: " + errMsg); + // too chatty in system log + // log(ILogger.LL_FAILURE, errMsg); + } catch (ELdapException e) { + String errMsg = "isMemberOfLdapGroup: Could not get connection to internaldb. Error " + + e; + Debug.trace("authorization exception: " + errMsg); log(ILogger.LL_FAILURE, errMsg); - } - finally { + } finally { if (ldapconn != null) returnConn(ldapconn); } @@ -1486,7 +1510,7 @@ public final class UGSubsystem implements IUGSubsystem { try { LDAPAttributeSet attrs = new LDAPAttributeSet(); - String oc[] = {"top", "groupOfUniqueNames"}; + String oc[] = { "top", "groupOfUniqueNames" }; attrs.add(new LDAPAttribute("objectclass", oc)); attrs.add(new LDAPAttribute("cn", group.getGroupID())); @@ -1500,13 +1524,12 @@ public final class UGSubsystem implements IUGSubsystem { String name = (String) e.nextElement(); // DOES NOT SUPPORT NESTED GROUPS... - attrMembers.addValue("uid=" + name + "," + - getUserBaseDN()); + attrMembers.addValue("uid=" + name + "," + getUserBaseDN()); } attrs.add(attrMembers); } - LDAPEntry entry = new LDAPEntry("cn=" + grp.getGroupID() + - "," + getGroupBaseDN(), attrs); + LDAPEntry entry = new LDAPEntry("cn=" + grp.getGroupID() + "," + + getGroupBaseDN(), attrs); ldapconn = getConn(); ldapconn.add(entry); @@ -1516,30 +1539,36 @@ public final class UGSubsystem implements IUGSubsystem { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { errMsg = "addGroup: " + "Internal DB is unavailable"; } - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_ADD_GROUP", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_USRGRP_ADD_GROUP", e.toString())); - throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_ADD_GROUP_FAIL")); + throw new EUsrGrpException( + CMS.getUserMessage("CMS_USRGRP_ADD_GROUP_FAIL")); } catch (ELdapException e) { - String errMsg = - "add Group: Could not get connection to internaldb. Error " + e; + String errMsg = "add Group: Could not get connection to internaldb. Error " + + e; - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_ADD_GROUP", e.toString())); - throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_ADD_GROUP_FAIL")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_USRGRP_ADD_GROUP", e.toString())); + throw new EUsrGrpException( + CMS.getUserMessage("CMS_USRGRP_ADD_GROUP_FAIL")); } finally { - if (ldapconn != null) + if (ldapconn != null) returnConn(ldapconn); } } /** - * Removes a group. Can't remove SUPER_CERT_ADMINS + * Removes a group. Can't remove SUPER_CERT_ADMINS */ public void removeGroup(String name) throws EUsrGrpException { if (name == null) { return; } else if (name.equalsIgnoreCase(SUPER_CERT_ADMINS)) { - log(ILogger.LL_WARN, "removing Certificate Server Administrators group is not allowed"); - throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_REMOVE_GROUP_FAIL")); + log(ILogger.LL_WARN, + "removing Certificate Server Administrators group is not allowed"); + throw new EUsrGrpException( + CMS.getUserMessage("CMS_USRGRP_REMOVE_GROUP_FAIL")); } LDAPConnection ldapconn = null; @@ -1553,15 +1582,19 @@ public final class UGSubsystem implements IUGSubsystem { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { errMsg = "removeGroup: " + "Internal DB is unavailable"; } - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_REMOVE_GROUP", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_USRGRP_REMOVE_GROUP", + e.toString())); - throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_REMOVE_GROUP_FAIL")); + throw new EUsrGrpException( + CMS.getUserMessage("CMS_USRGRP_REMOVE_GROUP_FAIL")); } catch (ELdapException e) { - String errMsg = - "remove Group: Could not get connection to internaldb. " + - "Error " + e; + String errMsg = "remove Group: Could not get connection to internaldb. " + + "Error " + e; - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_REMOVE_GROUP", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_USRGRP_REMOVE_GROUP", + e.toString())); } finally { if (ldapconn != null) returnConn(ldapconn); @@ -1585,8 +1618,8 @@ public final class UGSubsystem implements IUGSubsystem { String desc = grp.getDescription(); if (desc != null) { - mod.add(LDAPModification.REPLACE, - new LDAPAttribute("description", desc)); + mod.add(LDAPModification.REPLACE, new LDAPAttribute( + "description", desc)); } Enumeration e = grp.getMemberNames(); @@ -1596,8 +1629,7 @@ public final class UGSubsystem implements IUGSubsystem { String name = (String) e.nextElement(); // DOES NOT SUPPORT NESTED GROUPS... - attrMembers.addValue("uid=" + name + "," + - getUserBaseDN()); + attrMembers.addValue("uid=" + name + "," + getUserBaseDN()); } mod.add(LDAPModification.REPLACE, attrMembers); } else { @@ -1605,26 +1637,32 @@ public final class UGSubsystem implements IUGSubsystem { mod.add(LDAPModification.DELETE, attrMembers); } else { // not allowed - throw new - EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_ILL_GRP_MOD")); + throw new EUsrGrpException( + CMS.getUserMessage("CMS_USRGRP_ILL_GRP_MOD")); } } ldapconn = getConn(); - ldapconn.modify("cn=" + grp.getGroupID() + - "," + getGroupBaseDN(), mod); + ldapconn.modify("cn=" + grp.getGroupID() + "," + getGroupBaseDN(), + mod); } catch (LDAPException e) { String errMsg = " modifyGroup()" + e.toString(); if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { errMsg = "modifyGroup: " + "Internal DB is unavailable"; } - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_MODIFY_GROUP", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_USRGRP_MODIFY_GROUP", + e.toString())); - throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_MOD_GROUP_FAIL")); + throw new EUsrGrpException( + CMS.getUserMessage("CMS_USRGRP_MOD_GROUP_FAIL")); } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_MODIFY_GROUP", e.toString())); - throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_MOD_GROUP_FAIL")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_USRGRP_MODIFY_GROUP", + e.toString())); + throw new EUsrGrpException( + CMS.getUserMessage("CMS_USRGRP_MOD_GROUP_FAIL")); } finally { if (ldapconn != null) returnConn(ldapconn); @@ -1632,18 +1670,16 @@ public final class UGSubsystem implements IUGSubsystem { } /** - * Evalutes the given context with the attribute - * critieria. + * Evalutes the given context with the attribute critieria. */ - public boolean evaluate(String type, IUser id, - String op, String value) { + public boolean evaluate(String type, IUser id, String op, String value) { if (op.equals("=")) { if (type.equalsIgnoreCase("user")) { if (isMatched(value, id.getName())) return true; } if (type.equalsIgnoreCase("group")) { - return isMemberOf(id, value); + return isMemberOf(id, value); } } return false; @@ -1652,8 +1688,7 @@ public final class UGSubsystem implements IUGSubsystem { /** * Converts an uid attribute to a DN. */ - protected String convertUIDtoDN(String uid) throws - LDAPException { + protected String convertUIDtoDN(String uid) throws LDAPException { String u = uid; if (u == null) { @@ -1673,21 +1708,21 @@ public final class UGSubsystem implements IUGSubsystem { return entry.getDN(); } } catch (ELdapException e) { - String errMsg = - "convertUIDtoDN: Could not get connection to internaldb. " + - "Error " + e; + String errMsg = "convertUIDtoDN: Could not get connection to internaldb. " + + "Error " + e; - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_CONVERT_UID", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_USRGRP_CONVERT_UID", + e.toString())); } finally { - if (ldapconn != null) + if (ldapconn != null) returnConn(ldapconn); } return null; } /** - * Checks if the given DNs are the same after - * normalization. + * Checks if the given DNs are the same after normalization. */ protected boolean isMatched(String dn1, String dn2) { String rdn1[] = LDAPDN.explodeDN(dn1, false); @@ -1705,16 +1740,16 @@ public final class UGSubsystem implements IUGSubsystem { } /** - * Converts certificate into string format. - * should eventually go into the locator itself + * Converts certificate into string format. should eventually go into the + * locator itself */ protected String getCertificateStringWithoutVersion(X509Certificate cert) { if (cert == null) { return null; } // note that it did not represent a certificate fully - return "-1;" + cert.getSerialNumber().toString() + - ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN(); + return "-1;" + cert.getSerialNumber().toString() + ";" + + cert.getIssuerDN() + ";" + cert.getSubjectDN(); } public String getCertificateString(X509Certificate cert) { @@ -1723,8 +1758,8 @@ public final class UGSubsystem implements IUGSubsystem { } // note that it did not represent a certificate fully - return cert.getVersion() + ";" + cert.getSerialNumber().toString() + - ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN(); + return cert.getVersion() + ";" + cert.getSerialNumber().toString() + + ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN(); } /** @@ -1742,21 +1777,21 @@ public final class UGSubsystem implements IUGSubsystem { } protected LDAPConnection getConn() throws ELdapException { - if (mLdapConnFactory == null) + if (mLdapConnFactory == null) return null; return mLdapConnFactory.getConn(); } protected void returnConn(LDAPConnection conn) { - if (mLdapConnFactory != null) + if (mLdapConnFactory != null) mLdapConnFactory.returnConn(conn); } private void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_USRGRP, - level, "UGSubsystem: " + msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_USRGRP, level, + "UGSubsystem: " + msg); } public ICertUserLocator getCertUserLocator() { |