diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/certsrv')
323 files changed, 36723 insertions, 0 deletions
diff --git a/pki/base/common/src/com/netscape/certsrv/acls/ACL.java b/pki/base/common/src/com/netscape/certsrv/acls/ACL.java new file mode 100644 index 000000000..38d8aee72 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/acls/ACL.java @@ -0,0 +1,184 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.acls; + + +import java.util.*; +import java.lang.Object; +import java.security.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.acls.*; +import com.netscape.certsrv.logging.*; + + +/** + * A class represents an access control list (ACL). An ACL + * is associated with an protected resources. The policy + * enforcer can verify the ACLs with the current + * context to see if the corresponding resource is accessible. + * <P> + * An <code>ACL</code> may contain one or more <code>ACLEntry</code>. + * However, in case of multiple <code>ACLEntry</code>, a subject must + * pass ALL of the <code>ACLEntry</code> evaluation for permission + * to be granted + * <P> + * @version $Revision$, $Date$ + */ +public class ACL implements IACL, java.io.Serializable { + + protected Vector mEntries = new Vector(); // ACL entries + protected Vector mRights = null; // possible rights entries + protected String mResourceACLs = null; // exact resourceACLs string on ldap server + protected String mName = null; // resource name + protected String mDescription = null; // resource description + + /** + * Class constructor. + */ + public ACL() { + } + + /** + * Class constructor. + * Constructs an access control list associated + * with a resource name + * @param name resource name + * @param rights applicable rights defined for this resource + * @param resourceACLs the entire ACL specification. For example: + * "certServer.log.configuration:read,modify: + * allow (read,modify) + * group=\"Administrators\": + * Allow administrators to read and modify log + * configuration" + */ + public ACL(String name, Vector rights, String resourceACLs) { + setName(name); + if (rights != null) { + mRights = rights; + } else { + mRights = new Vector(); + } + mResourceACLs = resourceACLs; + + } + + /** + * Sets the name of the resource governed by this + * access control. + * @param name name of the resource + */ + public void setName(String name) { + mName = name; + } + + /** + * Retrieves the name of the resource governed by + * this access control. + * @return name of the resource + */ + public String getName() { + return mName; + } + + /** + * Retrieves the exact string of the resourceACLs + * @return resource's acl + */ + public String getResourceACLs() { + return mResourceACLs; + } + + /** + * Sets the description of the resource governed by this + * access control. + * @param description Description of the protected resource + */ + public void setDescription(String description) { + mDescription = description; + } + + /** + * Retrieves the description of the resource governed by + * this access control. + * @return Description of the protected resource + */ + public String getDescription() { + return mDescription; + } + + /** + * Adds an ACL entry to this list. + * @param entry the <code>ACLEntry</code> to be added to this resource + */ + public void addEntry(ACLEntry entry) { + mEntries.addElement(entry); + } + + /** + * Returns ACL entries. + * @return enumeration for the <code>ACLEntry</code> vector + */ + public Enumeration entries() { + return mEntries.elements(); + } + + /** + * Returns the string reprsentation. + * @return the string representation of the ACL entries in the + * following format: + * <resource name>[<ACLEntry1>,<ACLEntry 2>,...<ACLEntry N>] + */ + public String toString() { + String entries = ""; + Enumeration e = entries(); + + for (; e.hasMoreElements();) { + ACLEntry entry = (ACLEntry) e.nextElement(); + + entries += entry.toString(); + if (e.hasMoreElements()) + entries += ","; + } + return getName() + "[" + entries + "]"; + } + + /** + * Adds an rights entry to this list. + * @param right The right to be added for this ACL + */ + public void addRight(String right) { + mRights.addElement(right); + } + + /** + * Tells if the permission is one of the defined "rights" + * @param permission permission to be checked + * @return true if it's one of the "rights"; false otherwise + */ + public boolean checkRight(String permission) { + return (mRights.contains((Object) permission)); + } + + /** + * Returns rights entries. + * @return enumeration of rights defined for this ACL + */ + public Enumeration rights() { + return mRights.elements(); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/acls/ACLEntry.java b/pki/base/common/src/com/netscape/certsrv/acls/ACLEntry.java new file mode 100644 index 000000000..c58572400 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/acls/ACLEntry.java @@ -0,0 +1,228 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.acls; + + +import java.util.*; +import java.security.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.acls.*; + + +/** + * A class represents an ACI entry of an access control list. + * <P> + * @version $Revision$, $Date$ + */ +public class ACLEntry implements IACLEntry, java.io.Serializable { + + protected Hashtable mPerms = new Hashtable(); + protected String mExpressions = null; + protected boolean mNegative = false; + protected String mACLEntryString = null; + + /** + * Class Constructor + */ + public ACLEntry() { + } + + /** + * Checks if this ACL entry is set to negative. + * @return true if this ACL entry expression is for "deny"; + * false if this ACL entry expression is for "allow" + */ + public boolean isNegative() { + return mNegative; + } + + /** + * Sets this ACL entry negative. This ACL entry expression is for "deny". + */ + public void setNegative() { + mNegative = true; + } + + /** + * Sets the ACL entry string + * @param s string in the following format: + * <PRE> + * allow|deny (right[,right...]) attribute_expression + * </PRE> + */ + public void setACLEntryString(String s) { + mACLEntryString = s; + } + + /** + * Gets the ACL Entry String + * @return ACL Entry string in the following format: + * <PRE> + * allow|deny (right[,right...]) attribute_expression + * </PRE> + */ + public String getACLEntryString() { + return mACLEntryString; + } + + /** + * Adds permission to this entry. Permission must be one of the + * "rights" defined for each protected resource in its ACL + * @param acl the acl instance that this aclEntry is associated with + * @param permission one of the "rights" defined for each + * protected resource in its ACL + */ + public void addPermission(IACL acl, String permission) { + if (acl.checkRight(permission) == true) { + mPerms.put(permission, permission); + } else { + // not a valid right...log it later + } + } + + /** + * Returns a list of permissions associated with + * this entry. + * @return a list of permissions for this ACL entry + */ + public Enumeration permissions() { + return mPerms.elements(); + } + + /** + * Sets the expression associated with this entry. + * @param expressions the evaluator expressions. For example, + * group="Administrators" + */ + public void setAttributeExpressions(String expressions) { + mExpressions = expressions; + } + + /** + * Retrieves the expression associated with this entry. + * @return the evaluator expressions. For example, + * group="Administrators" + */ + public String getAttributeExpressions() { + return mExpressions; + } + + /** + * Checks to see if this <code>ACLEntry</code> contains a + * particular permission + * @param permission one of the "rights" defined for each + * protected resource in its ACL + * @return true if permission contained in the permission list + * for this <code>ACLEntry</code>; false otherwise. + */ + public boolean containPermission(String permission) { + return (mPerms.get(permission) != null); + } + + /** + * Checks if this entry has the given permission. + * @param permission one of the "rights" defined for each + * protected resource in its ACL + * @return true if the permission is allowed; false if the + * permission is denied. If a permission is not + * recognized by this ACL, it is considered denied + */ + public boolean checkPermission(String permission) { + // default - if we dont know about the requested permission, + // don't grant permission + if (mPerms.get(permission) == null) + return false; + if (isNegative()) { + return false; + } else { + return true; + } + } + + /** + * Parse string in the following format: + * <PRE> + * allow|deny (right[,right...]) attribute_expression + * </PRE> + * into an instance of the <code>ACLEntry</code> class + * @param acl the acl instance associated with this aclentry + * @param aclEntryString aclEntryString in the specified format + * @return an instance of the <code>ACLEntry</code> class + */ + public static ACLEntry parseACLEntry(IACL acl, String aclEntryString) { + if (aclEntryString == null) { + return null; + } + + String te = aclEntryString.trim(); + + // locate first space + int i = te.indexOf(' '); + // prefix should be "allowed" or "deny" + String prefix = te.substring(0, i); + String suffix = te.substring(i + 1).trim(); + ACLEntry entry = new ACLEntry(); + + if (prefix.equals("allow")) { + // do nothing + } else if (prefix.equals("deny")) { + entry.setNegative(); + } else { + return null; + } + // locate the second space + i = suffix.indexOf(' '); + // this prefix should be rights list, delimited by "," + prefix = suffix.substring(1, i - 1); + // the suffix is the rest, which is the "expressions" + suffix = suffix.substring(i + 1).trim(); + + StringTokenizer st = new StringTokenizer(prefix, ","); + + for (; st.hasMoreTokens();) { + entry.addPermission(acl, st.nextToken()); + } + entry.setAttributeExpressions(suffix); + return entry; + } + + /** + * Returns the string representation of this ACLEntry + * @return string representation of this ACLEntry + */ + public String toString() { + String entry = ""; + + if (isNegative()) { + entry += "deny ("; + } else { + entry += "allow ("; + } + Enumeration e = permissions(); + + for (; e.hasMoreElements();) { + String p = (String) e.nextElement(); + + entry += p; + if (e.hasMoreElements()) + entry += ","; + } + entry += ") " + getAttributeExpressions(); + return entry; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/acls/ACLsResources.java b/pki/base/common/src/com/netscape/certsrv/acls/ACLsResources.java new file mode 100644 index 000000000..d193365ce --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/acls/ACLsResources.java @@ -0,0 +1,44 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.acls; + +import java.util.*; + +/** + * A class represents a resource bundle for the entire ACL component. + * system. + * <P> + * + * @deprecated + * @version $Revision$, $Date$ + */ +public class ACLsResources extends ListResourceBundle { + + /** + * Returns the content of this resource. + * @return the content of this resource. + */ + public Object[][] getContents() { + return contents; + } + + /** + * A set of constants for localized error messages. + */ + static final Object[][] contents = {}; +} diff --git a/pki/base/common/src/com/netscape/certsrv/acls/EACLsException.java b/pki/base/common/src/com/netscape/certsrv/acls/EACLsException.java new file mode 100644 index 000000000..e982b1bb2 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/acls/EACLsException.java @@ -0,0 +1,138 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.acls; + + +import java.util.*; +import com.netscape.certsrv.base.*; + + +/** + * A class represents an acls exception. Note that this is + * an Runtime exception so that methods used AccessManager + * do not have to explicity declare this exception. This + * allows AccessManager to be easily integrated into any + * existing code. + * <P> + * + * @version $Revision$, $Date$ + */ +public class EACLsException extends EBaseException { + + /** + * resource class name + */ + private static final String ACL_RESOURCES = ACLsResources.class.getName(); + + /** + * Constructs an acls exception. + * <P> + * @param msgFormat exception details + */ + public EACLsException(String msgFormat) { + super(msgFormat); + mParams = null; + } + + /** + * Constructs a base exception with a parameter. For example, + * <PRE> + * new EACLsException("failed to load {0}", fileName); + * </PRE> + * <P> + * + * @param msgFormat exception details in message string format + * @param param message string parameter + */ + public EACLsException(String msgFormat, String param) { + super(msgFormat); + mParams = new String[1]; + mParams[0] = param; + } + + /** + * Constructs a base exception. It can be used to carry + * a system exception that may contain information about + * the context. For example, + * <PRE> + * try { + * ... + * } catch (IOExeption e) { + * throw new EACLsException("Encountered System Error {0}", e); + * } + * </PRE> + * <P> + * + * @param msgFormat exception details in message string format + * @param param system exception + */ + public EACLsException(String msgFormat, Exception param) { + super(msgFormat); + mParams = new Exception[1]; + mParams[0] = param; + } + + /** + * Constructs a base exception with a list of parameters + * that will be substituted into the message format. + * <P> + * + * @param msgFormat exception details in message string format + * @param params list of message format parameters + */ + public EACLsException(String msgFormat, Object params[]) { + super(msgFormat); + mParams = params; + } + + /** + * Returns a list of parameters. + * <P> + * + * @return list of message format parameters + */ + public Object[] getParameters() { + return mParams; + } + + /** + * String representation for the corresponding exception. + * @return String representation for the corresponding exception. + */ + public String toString() { + return toString(Locale.getDefault()); + } + + /** + * Returns string representation for the corresponding exception. + * @param locale client specified locale for string representation. + * @return String representation for the corresponding exception. + */ + public String toString(Locale locale) { + return MessageFormatter.getLocalizedString(locale, getBundleName(), + super.getMessage(), mParams); + } + + /** + * Return the class name of the resource bundle. + * @return class name of the resource bundle. + */ + protected String getBundleName() { + return ACL_RESOURCES; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/acls/IACL.java b/pki/base/common/src/com/netscape/certsrv/acls/IACL.java new file mode 100644 index 000000000..9036a3652 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/acls/IACL.java @@ -0,0 +1,67 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.acls; + + +import java.util.*; +import java.security.*; +import com.netscape.certsrv.base.*; + + +/** + * A class represents an access control list (ACL). An ACL + * is associated with a protected resource. The policy + * enforcer can verify the ACLs with the current + * context to see if the corresponding resource is accessible. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IACL { + + /** + * Returns the name of the current ACL. + * @return the name of the current ACL. + */ + public String getName(); + + /** + * Returns the description of the current ACL. + * @return the description of the current ACL. + */ + public String getDescription(); + + /** + * Returns a list of access rights of the current ACL. + * @return a list of access rights + */ + public Enumeration rights(); + + /** + * Returns a list of entries of the current ACL. + * @return a list of entries + */ + public Enumeration entries(); + + /** + * Verifies if permission is granted. + * @param permission one of the applicable rights + * @return true if the given permission is one of the applicable rights; false otherwise. + */ + public boolean checkRight(String permission); +} diff --git a/pki/base/common/src/com/netscape/certsrv/acls/IACLEntry.java b/pki/base/common/src/com/netscape/certsrv/acls/IACLEntry.java new file mode 100644 index 000000000..1646e22ff --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/acls/IACLEntry.java @@ -0,0 +1,39 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.acls; + + +import java.util.*; +import java.security.*; +import com.netscape.certsrv.base.*; + + +/** + * A class represents an entry of access control list. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IACLEntry { + + /** + * Returns the ACL entry string of the entry. + * @return the ACL entry string of the entry. + */ + public String getACLEntryString(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/apps/CMS.java b/pki/base/common/src/com/netscape/certsrv/apps/CMS.java new file mode 100644 index 000000000..376dce8b0 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/apps/CMS.java @@ -0,0 +1,1606 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.apps; + + +import com.netscape.cmsutil.http.*; +import com.netscape.cmsutil.net.*; +import java.io.*; +import java.util.*; +import java.math.*; +import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; +import java.security.cert.X509CRL; +import netscape.ldap.*; +import netscape.security.x509.*; +import netscape.security.util.*; +import com.netscape.certsrv.common.*; +import com.netscape.certsrv.password.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.dbs.*; +import com.netscape.certsrv.dbs.crldb.*; +import com.netscape.certsrv.dbs.repository.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.authority.*; +import com.netscape.certsrv.ca.*; +import com.netscape.certsrv.kra.*; +import com.netscape.certsrv.policy.*; +import com.netscape.certsrv.registry.*; +import com.netscape.certsrv.security.*; +import com.netscape.certsrv.ldap.*; +import com.netscape.certsrv.notification.*; +import com.netscape.certsrv.profile.*; +import com.netscape.certsrv.ra.*; +import com.netscape.certsrv.connector.*; +import com.netscape.certsrv.ocsp.*; +import com.netscape.certsrv.logging.*; +import com.netscape.certsrv.selftests.*; +import com.netscape.certsrv.usrgrp.*; +import com.netscape.certsrv.jobs.*; +import com.netscape.certsrv.authentication.*; +import com.netscape.certsrv.authorization.*; +import com.netscape.certsrv.acls.*; +import com.netscape.certsrv.tks.*; +import org.mozilla.jss.util.PasswordCallback; +import org.mozilla.jss.CryptoManager.CertificateUsage; +import java.security.NoSuchAlgorithmException; +import com.netscape.cmsutil.password.*; + + +/** + * This represents the CMS server. Plugins can access other + * public objects such as subsystems via this inteface. + * This object also include a set of utility functions. + * + * This object does not include the actual implementation. + * It acts as a public interface for plugins, and the + * actual implementation is in the CMS engine + * (com.netscape.cmscore.apps.CMSEngine) that implements + * ICMSEngine interface. + * + * @version $Revision$, $Date$ + */ +public final class CMS { + + public static final int DEBUG_OBNOXIOUS = 10; + public static final int DEBUG_VERBOSE = 5; + public static final int DEBUG_INFORM = 1; + + private static final String CONFIG_FILE = "CS.cfg"; + private static ICMSEngine _engine = null; + + public static final String SUBSYSTEM_LOG = ILogSubsystem.ID; + public static final String SUBSYSTEM_CRYPTO = ICryptoSubsystem.ID; + public static final String SUBSYSTEM_DBS = IDBSubsystem.SUB_ID; + public static final String SUBSYSTEM_CA = ICertificateAuthority.ID; + public static final String SUBSYSTEM_RA = IRegistrationAuthority.ID; + public static final String SUBSYSTEM_KRA = IKeyRecoveryAuthority.ID; + public static final String SUBSYSTEM_OCSP = IOCSPAuthority.ID; + public static final String SUBSYSTEM_TKS = ITKSAuthority.ID; + public static final String SUBSYSTEM_UG = IUGSubsystem.ID; + public static final String SUBSYSTEM_AUTH = IAuthSubsystem.ID; + public static final String SUBSYSTEM_AUTHZ = IAuthzSubsystem.ID; + public static final String SUBSYSTEM_REGISTRY = IPluginRegistry.ID; + public static final String SUBSYSTEM_PROFILE = IProfileSubsystem.ID; + public static final String SUBSYSTEM_JOBS = IJobsScheduler.ID; + public static final String SUBSYSTEM_SELFTESTS = ISelfTestSubsystem.ID; + public static final int PRE_OP_MODE = 0; + public static final int RUNNING_MODE = 1; + + /** + * Private constructor. + * + * @param engine CMS engine implementation + */ + private CMS(ICMSEngine engine) { + _engine = engine; + } + + /** + * This method is used for unit tests. It allows the underlying _engine + * to be stubbed out. + * @param engine The stub engine to set, for testing. + */ + public static void setCMSEngine(ICMSEngine engine) { + _engine = engine; + } + + /** + * Gets this ID . + * + * @return CMS engine identifier + */ + public static String getId() { + return _engine.getId(); + } + + /** + * Sets the identifier of this subsystem. Should never be called. + * Returns error. + * + * @param id CMS engine identifier + */ + public static void setId(String id) throws EBaseException { + _engine.setId(id); + } + + /** + * Initialize all static, dynamic and final static subsystems. + * + * @param owner null + * @param config main config store. + * @exception EBaseException if any error occur in subsystems during + * initialization. + */ + public static void init(ISubsystem owner, IConfigStore config) + throws EBaseException { + _engine.init(owner, config); + } + + public static void reinit(String id) throws EBaseException { + _engine.reinit(id); + } + + /** + * Starts up all subsystems. subsystems must be initialized. + * + * @exception EBaseException if any subsystem fails to startup. + */ + public static void startup() throws EBaseException { + _engine.startup(); + } + + /** + * Blocks all new incoming requests. + */ + public static void disableRequests() { + _engine.disableRequests(); + } + + /** + * Terminates all requests that are currently in process. + */ + public static void terminateRequests() { + _engine.terminateRequests(); + } + + /** + * Checks to ensure that all new incoming requests have been blocked. + * This method is used for reentrancy protection. + * <P> + * + * @return true or false + */ + public static boolean areRequestsDisabled() { + return _engine.areRequestsDisabled(); + } + + /** + * Shuts down subsystems in backwards order + * exceptions are ignored. process exists at end to force exit. + */ + public static void shutdown() { + _engine.shutdown(); + } + + /** + * Shuts down subsystems in backwards order + * exceptions are ignored. process exists at end to force exit. + */ + + public static void forceShutdown() { + + _engine.forceShutdown(); + } + + /** + * mode = 0 (pre-operational) + * mode = 1 (running) + */ + public static void setCSState(int mode) { + _engine.setCSState(mode); + } + + public static int getCSState() { + return _engine.getCSState(); + } + + public static boolean isPreOpMode() { + return _engine.isPreOpMode(); + } + + public static boolean isRunningMode() { + return _engine.isRunningMode(); + } + + /** + * Is the server in running state. After server startup, the + * server will be initialization state first. After the + * initialization state, the server will be in the running + * state. + * + * @return true if the server is in the running state + */ + public static boolean isInRunningState() { + return _engine.isInRunningState(); + } + + /** + * Returns the logger of the current server. The logger can + * be used to log critical informational or critical error + * messages. + * + * @return logger + */ + public static ILogger getLogger() { + return _engine.getLogger(); + } + + /** + * Returns the signed audit logger of the current server. This logger can + * be used to log critical informational or critical error + * messages. + * + * @return signed audit logger + */ + public static ILogger getSignedAuditLogger() { + return _engine.getSignedAuditLogger(); + } + + /** + * Creates a repository record in the internal database. + * + * @return repository record + */ + public static IRepositoryRecord createRepositoryRecord() { + return _engine.createRepositoryRecord(); + } + + /** + * Parse ACL resource attributes + * @param resACLs same format as the resourceACLs attribute: + * <PRE> + * <resource name>:<permission1,permission2,...permissionn>: + * <allow|deny> (<subset of the permission set>) <evaluator expression> + * </PRE> + * @exception EACLsException ACL related parsing errors for resACLs + * @return an ACL instance built from the parsed resACLs + */ + public static IACL parseACL(String resACLs) throws EACLsException { + return _engine.parseACL(resACLs); + } + + /** + * Creates an issuing poing record. + * + * @return issuing record + */ + public static ICRLIssuingPointRecord createCRLIssuingPointRecord(String id, BigInteger crlNumber, Long crlSize, Date thisUpdate, Date nextUpdate) { + return _engine.createCRLIssuingPointRecord(id, crlNumber, crlSize, thisUpdate, nextUpdate); + } + + /** + * Retrieves the default CRL issuing point record name. + * + * @return CRL issuing point record name + */ + public static String getCRLIssuingPointRecordName() { + return _engine.getCRLIssuingPointRecordName(); + } + + /** + * Retrieves the process id of this server. + * + * @return process id of the server + */ + public static int getpid() { + return _engine.getpid(); + } + + /** + * Retrieves the instance roort path of this server. + * + * @return instance directory path name + */ + public static String getInstanceDir() { + return _engine.getInstanceDir(); + } + + /** + * Returns a server wide system time. Plugins should call + * this method to retrieve system time. + * + * @return current time + */ + public static Date getCurrentDate() { + if (_engine == null) + return new Date(); + return _engine.getCurrentDate(); + } + + /** + * Puts data of an byte array into the debug file. + * + * @param data byte array to be recorded in the debug file + */ + public static void debug(byte data[]) { + if (_engine != null) + _engine.debug(data); + } + + /** + * Puts a message into the debug file. + * + * @param msg debugging message + */ + public static void debug(String msg) { + if (_engine != null) + _engine.debug(msg); + } + + /** + * Puts a message into the debug file. + * + * @param level 0-10 (0 is less detail, 10 is more detail) + * @param msg debugging message + */ + public static void debug(int level, String msg) { + if (_engine != null) + _engine.debug(level, msg); + } + + /** + * Puts an exception into the debug file. + * + * @param e exception + */ + public static void debug(Throwable e) { + if (_engine != null) + _engine.debug(e); + } + + /** + * Checks if the debug mode is on or not. + * + * @return true if debug mode is on + */ + public static boolean debugOn() { + if (_engine != null) + return _engine.debugOn(); + return false; + } + + /** + * Puts the current stack trace in the debug file. + */ + public static void debugStackTrace() { + if (_engine != null) + _engine.debugStackTrace(); + } + + /* + * If debugging for the particular realm is enabled, output name/value + * pair info to the debug file. This is useful to dump out what hidden + * config variables the server is looking at, or what HTTP variables it + * is expecting to find, or what database attributes it is looking for. + * @param type indicates what the source of key/val is. For example, + * this could be 'CS.cfg', or something else. In the debug + * subsystem, there is a mechanism to filter this so only the types + * you care about are listed + * @param key the 'key' of the hashtable which is being accessed. + * This could be the name of the config parameter, or the http param + * name. + * @param val the value of the parameter + * @param default the default value if the param is not found + */ + + public static void traceHashKey(String type, String key) { + if (_engine != null) { + _engine.traceHashKey(type, key); + } + } + public static void traceHashKey(String type, String key, String val) { + if (_engine != null) { + _engine.traceHashKey(type, key, val); + } + } + public static void traceHashKey(String type, String key, String val, String def) { + if (_engine != null) { + _engine.traceHashKey(type, key, val, def); + } + } + + + /** + * Returns the names of all the registered subsystems. + * + * @return a list of string-based subsystem names + */ + public static Enumeration getSubsystemNames() { + return _engine.getSubsystemNames(); + } + + public static byte[] getPKCS7(Locale locale, IRequest req) { + return _engine.getPKCS7(locale, req); + } + + /** + * Returns all the registered subsystems. + * + * @return a list of ISubsystem-based subsystems + */ + public static Enumeration getSubsystems() { + return _engine.getSubsystems(); + } + + /** + * Retrieves the registered subsytem with the given name. + * + * @param name subsystem name + * @return subsystem of the given name + */ + public static ISubsystem getSubsystem(String name) { + return _engine.getSubsystem(name); + } + + /** + * Retrieves the localized user message from UserMessages.properties. + * + * @param msgID message id defined in UserMessages.properties + * @return localized user message + */ + public static String getUserMessage(String msgID) { + if (_engine == null) + return msgID; + return _engine.getUserMessage(null /* from session context */, msgID); + } + + /** + * Retrieves the localized user message from UserMessages.properties. + * + * @param locale end-user locale + * @param msgID message id defined in UserMessages.properties + * @return localized user message + */ + public static String getUserMessage(Locale locale, String msgID) { + if (_engine == null) + return msgID; + return _engine.getUserMessage(locale, msgID); + } + + /** + * Retrieves the localized user message from UserMessages.properties. + * + * @param msgID message id defined in UserMessages.properties + * @param p1 1st parameter + * @return localized user message + */ + public static String getUserMessage(String msgID, String p1) { + if (_engine == null) + return msgID; + return _engine.getUserMessage(null /* from session context */, msgID, p1); + } + + /** + * Retrieves the localized user message from UserMessages.properties. + * + * @param locale end-user locale + * @param msgID message id defined in UserMessages.properties + * @param p1 1st parameter + * @return localized user message + */ + public static String getUserMessage(Locale locale, String msgID, String p1) { + if (_engine == null) + return msgID; + return _engine.getUserMessage(locale, msgID, p1); + } + + /** + * Retrieves the localized user message from UserMessages.properties. + * + * @param msgID message id defined in UserMessages.properties + * @param p1 1st parameter + * @param p2 2nd parameter + * @return localized user message + */ + public static String getUserMessage(String msgID, String p1, String p2) { + if (_engine == null) + return msgID; + return _engine.getUserMessage(null /* from session context */, msgID, p1, p2); + } + + /** + * Retrieves the localized user message from UserMessages.properties. + * + * @param locale end-user locale + * @param msgID message id defined in UserMessages.properties + * @param p1 1st parameter + * @param p2 2nd parameter + * @return localized user message + */ + public static String getUserMessage(Locale locale, String msgID, String p1, String p2) { + if (_engine == null) + return msgID; + return _engine.getUserMessage(locale, msgID, p1, p2); + } + + /** + * Retrieves the localized user message from UserMessages.properties. + * + * @param msgID message id defined in UserMessages.properties + * @param p1 1st parameter + * @param p2 2nd parameter + * @param p3 3rd parameter + * @return localized user message + */ + public static String getUserMessage(String msgID, String p1, String p2, String p3) { + if (_engine == null) + return msgID; + return _engine.getUserMessage(null /* from session context */, msgID, p1, p2, p3); + } + + public static LDAPConnection getBoundConnection(String host, int port, + int version, LDAPSSLSocketFactoryExt fac, String bindDN, + String bindPW) throws LDAPException + { + return _engine.getBoundConnection(host, port, version, fac, + bindDN, bindPW); + } + + /** + * Retrieves the localized user message from UserMessages.properties. + * + * @param locale end-user locale + * @param msgID message id defined in UserMessages.properties + * @param p1 1st parameter + * @param p2 2nd parameter + * @param p3 3rd parameter + * @return localized user message + */ + public static String getUserMessage(Locale locale, String msgID, String p1, String p2, String p3) { + if (_engine == null) + return msgID; + return _engine.getUserMessage(locale, msgID, p1, p2, p3); + } + + /** + * Retrieves the localized user message from UserMessages.properties. + * + * @param msgID message id defined in UserMessages.properties + * @param p an array of parameters + * @return localized user message + */ + public static String getUserMessage(String msgID, String p[]) { + if (_engine == null) + return msgID; + return _engine.getUserMessage(null /* from session context */, msgID, p); + } + + /** + * Retrieves the localized user message from UserMessages.properties. + * + * @param locale end-user locale + * @param msgID message id defined in UserMessages.properties + * @param p an array of parameters + * @return localized user message + */ + public static String getUserMessage(Locale locale, String msgID, String p[]) { + if (_engine == null) + return msgID; + return _engine.getUserMessage(locale, msgID, p); + } + + /** + * Retrieves the centralized log message from LogMessages.properties. + * + * @param msgID message id defined in LogMessages.properties + * @return localized log message + */ + public static String getLogMessage(String msgID) { + return _engine.getLogMessage(msgID); + } + + /** + * Retrieves the centralized log message from LogMessages.properties. + * + * @param msgID message id defined in LogMessages.properties + * @param p an array of parameters + * @return localized log message + */ + public static String getLogMessage(String msgID, String p[]) { + return _engine.getLogMessage(msgID, p); + } + + /** + * Retrieves the centralized log message from LogMessages.properties. + * + * @param msgID message id defined in LogMessages.properties + * @param p1 1st parameter + * @return localized log message + */ + public static String getLogMessage(String msgID, String p1) { + return _engine.getLogMessage(msgID, p1); + } + + /** + * Retrieves the centralized log message from LogMessages.properties. + * + * @param msgID message id defined in LogMessages.properties + * @param p1 1st parameter + * @param p2 2nd parameter + * @return localized log message + */ + public static String getLogMessage(String msgID, String p1, String p2) { + return _engine.getLogMessage(msgID, p1, p2); + } + + /** + * Retrieves the centralized log message from LogMessages.properties. + * + * @param msgID message id defined in LogMessages.properties + * @param p1 1st parameter + * @param p2 2nd parameter + * @param p3 3rd parameter + * @return localized log message + */ + public static String getLogMessage(String msgID, String p1, String p2, String p3) { + return _engine.getLogMessage(msgID, p1, p2, p3); + } + + /** + * Retrieves the centralized log message from LogMessages.properties. + * + * @param msgID message id defined in LogMessages.properties + * @param p1 1st parameter + * @param p2 2nd parameter + * @param p3 3rd parameter + * @param p4 4th parameter + * @return localized log message + */ + public static String getLogMessage(String msgID, String p1, String p2, String p3, String p4) { + return _engine.getLogMessage(msgID, p1, p2, p3, p4); + } + + /** + * Retrieves the centralized log message from LogMessages.properties. + * + * @param msgID message id defined in LogMessages.properties + * @param p1 1st parameter + * @param p2 2nd parameter + * @param p3 3rd parameter + * @param p4 4th parameter + * @param p5 5th parameter + * @return localized log message + */ + public static String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5) { + return _engine.getLogMessage(msgID, p1, p2, p3, p4, p5); + } + + /** + * Retrieves the centralized log message from LogMessages.properties. + * + * @param msgID message id defined in LogMessages.properties + * @param p1 1st parameter + * @param p2 2nd parameter + * @param p3 3rd parameter + * @param p4 4th parameter + * @param p5 5th parameter + * @param p6 6th parameter + * @return localized log message + */ + public static String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6) { + return _engine.getLogMessage(msgID, p1, p2, p3, p4, p5, p6); + } + + /** + * Retrieves the centralized log message from LogMessages.properties. + * + * @param msgID message id defined in LogMessages.properties + * @param p1 1st parameter + * @param p2 2nd parameter + * @param p3 3rd parameter + * @param p4 4th parameter + * @param p5 5th parameter + * @param p6 6th parameter + * @param p7 7th parameter + * @return localized log message + */ + public static String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, String p7) { + return _engine.getLogMessage(msgID, p1, p2, p3, p4, p5, p6, p7); + } + + /** + * Retrieves the centralized log message from LogMessages.properties. + * + * @param msgID message id defined in LogMessages.properties + * @param p1 1st parameter + * @param p2 2nd parameter + * @param p3 3rd parameter + * @param p4 4th parameter + * @param p5 5th parameter + * @param p6 6th parameter + * @param p7 7th parameter + * @param p8 8th parameter + * @return localized log message + */ + public static String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, String p7, String p8) { + return _engine.getLogMessage(msgID, p1, p2, p3, p4, p5, p6, p7, p8); + } + + /** + * Retrieves the centralized log message from LogMessages.properties. + * + * @param msgID message id defined in LogMessages.properties + * @param p1 1st parameter + * @param p2 2nd parameter + * @param p3 3rd parameter + * @param p4 4th parameter + * @param p5 5th parameter + * @param p6 6th parameter + * @param p7 7th parameter + * @param p8 8th parameter + * @param p9 9th parameter + * @return localized log message + */ + public static String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, String p7, String p8, String p9) { + return _engine.getLogMessage(msgID, p1, p2, p3, p4, p5, p6, p7, p8, p9); + } + + /** + * Returns the main config store. It is a handle to CMS.cfg. + * + * @return configuration store + */ + public static IConfigStore getConfigStore() { + return _engine.getConfigStore(); + } + + /** + * Retrieves time server started up. + * + * @return last startup time + */ + public static long getStartupTime() { + return _engine.getStartupTime(); + } + + /** + * Retrieves the HTTP Connection for use with connector. + * + * @param authority remote authority + * @param factory socket factory + * @return http connection to the remote authority + */ + public static IHttpConnection getHttpConnection(IRemoteAuthority authority, + ISocketFactory factory) { + return _engine.getHttpConnection(authority, factory); + } + + /** + * Retrieves the HTTP Connection for use with connector. + * + * @param authority remote authority + * @param factory socket factory + * @param timeout return error if connection cannot be established within + * the timeout period + * @return http connection to the remote authority + */ + public static IHttpConnection getHttpConnection(IRemoteAuthority authority, + ISocketFactory factory, int timeout) { + return _engine.getHttpConnection(authority, factory, timeout); + } + + /** + * Retrieves the request sender for use with connector. + * + * @param authority local authority + * @param nickname nickname of the client certificate + * @param remote remote authority + * @param interval timeout interval + * @return resender + */ + public static IResender getResender(IAuthority authority, String nickname, + IRemoteAuthority remote, int interval) { + return _engine.getResender(authority, nickname, remote, interval); + } + + /** + * Retrieves the nickname of the server's server certificate. + * + * @return nickname of the server certificate + */ + public static String getServerCertNickname() { + return _engine.getServerCertNickname(); + } + + /** + * Sets the nickname of the server's server certificate. + * + * @param tokenName name of token where the certificate is located + * @param nickName name of server certificate + */ + public static void setServerCertNickname(String tokenName, String nickName) { + _engine.setServerCertNickname(tokenName, nickName); + } + + /** + * Sets the nickname of the server's server certificate. + * + * @param newName new nickname of server certificate + */ + public static void setServerCertNickname(String newName) { + _engine.setServerCertNickname(newName); + } + + /** + * Retrieves the host name of the server's secure end entity service. + * + * @return host name of end-entity service + */ + public static String getEEHost() { + return _engine.getEEHost(); + } + + /** + * Retrieves the host name of the server's non-secure end entity service. + * + * @return host name of end-entity non-secure service + */ + public static String getEENonSSLHost() { + return _engine.getEENonSSLHost(); + } + + /** + * Retrieves the IP address of the server's non-secure end entity service. + * + * @return ip address of end-entity non-secure service + */ + public static String getEENonSSLIP() { + return _engine.getEENonSSLIP(); + } + + /** + * Retrieves the port number of the server's non-secure end entity service. + * + * @return port of end-entity non-secure service + */ + public static String getEENonSSLPort() { + return _engine.getEENonSSLPort(); + } + + /** + * Retrieves the host name of the server's secure end entity service. + * + * @return port of end-entity secure service + */ + public static String getEESSLHost() { + return _engine.getEESSLHost(); + } + + /** + * Retrieves the host name of the server's secure end entity service. + * + * @return port of end-entity secure service + */ + public static String getEEClientAuthSSLPort() { + return _engine.getEEClientAuthSSLPort(); + } + + /** + * Retrieves the IP address of the server's secure end entity service. + * + * @return ip address of end-entity secure service + */ + public static String getEESSLIP() { + return _engine.getEESSLIP(); + } + + /** + * Retrieves the port number of the server's secure end entity service. + * + * @return port of end-entity secure service + */ + public static String getEESSLPort() { + return _engine.getEESSLPort(); + } + + /** + * Retrieves the host name of the server's agent service. + * + * @return host name of agent service + */ + public static String getAgentHost() { + return _engine.getAgentHost(); + } + + /** + * Retrieves the IP address of the server's agent service. + * + * @return ip address of agent service + */ + public static String getAgentIP() { + return _engine.getAgentIP(); + } + + /** + * Retrieves the port number of the server's agent service. + * + * @return port of agent service + */ + public static String getAgentPort() { + return _engine.getAgentPort(); + } + + /** + * Retrieves the host name of the server's administration service. + * + * @return host name of administration service + */ + public static String getAdminHost() { + return _engine.getAdminHost(); + } + + /** + * Retrieves the IP address of the server's administration service. + * + * @return ip address of administration service + */ + public static String getAdminIP() { + return _engine.getAdminIP(); + } + + /** + * Retrieves the port number of the server's administration service. + * + * @return port of administration service + */ + public static String getAdminPort() { + return _engine.getAdminPort(); + } + + /** + * Creates a general name constraints. + * + * @param generalNameChoice type of general name + * @param value general name string + * @return general name object + * @exception EBaseException failed to create general name constraint + */ + public static GeneralName form_GeneralNameAsConstraints(String generalNameChoice, String value) throws EBaseException { + return _engine.form_GeneralName(generalNameChoice, value); + } + + /** + * Creates a general name. + * + * @param generalNameChoice type of general name + * @param value general name string + * @return general name object + * @exception EBaseException failed to create general name + */ + public static GeneralName form_GeneralName(String generalNameChoice, + String value) throws EBaseException { + return _engine.form_GeneralName(generalNameChoice, value); + } + + /** + * Get default parameters for subject alt name configuration. + * + * @param name configuration name + * @param params configuration parameters + */ + public static void getSubjAltNameConfigDefaultParams(String name, + Vector params) { + _engine.getSubjAltNameConfigDefaultParams(name, params); + } + + /** + * Get extended plugin info for subject alt name configuration. + * + * @param name configuration name + * @param params configuration parameters + */ + public static void getSubjAltNameConfigExtendedPluginInfo(String name, + Vector params) { + _engine.getSubjAltNameConfigExtendedPluginInfo(name, params); + } + + /** + * Creates subject alt name configuration. + * + * @param name configuration name + * @param config configuration store + * @param isValueConfigured true if value is configured + * @exception EBaseException failed to create subject alt name configuration + */ + public static ISubjAltNameConfig createSubjAltNameConfig(String name, IConfigStore config, boolean isValueConfigured) throws EBaseException { + return _engine.createSubjAltNameConfig( + name, config, isValueConfigured); + } + + /** + * Retrieves default general name configuration. + * + * @param name configuration name + * @param isValueConfigured true if value is configured + * @param params configuration parameters + * @exception EBaseException failed to create subject alt name configuration + */ + public static void getGeneralNameConfigDefaultParams(String name, + boolean isValueConfigured, Vector params) { + _engine.getGeneralNameConfigDefaultParams(name, + isValueConfigured, params); + } + + /** + * Retrieves default general names configuration. + * + * @param name configuration name + * @param isValueConfigured true if value is configured + * @param params configuration parameters + * @exception EBaseException failed to create subject alt name configuration + */ + public static void getGeneralNamesConfigDefaultParams(String name, + boolean isValueConfigured, Vector params) { + _engine.getGeneralNamesConfigDefaultParams(name, + isValueConfigured, params); + } + + /** + * Retrieves extended plugin info for general name configuration. + * + * @param name configuration name + * @param isValueConfigured true if value is configured + * @param info configuration parameters + * @exception EBaseException failed to create subject alt name configuration + */ + public static void getGeneralNameConfigExtendedPluginInfo(String name, + boolean isValueConfigured, Vector info) { + _engine.getGeneralNameConfigExtendedPluginInfo(name, + isValueConfigured, info); + } + + /** + * Retrieves extended plugin info for general name configuration. + * + * @param name configuration name + * @param isValueConfigured true if value is configured + * @param info configuration parameters + * @exception EBaseException failed to create subject alt name configuration + */ + public static void getGeneralNamesConfigExtendedPluginInfo(String name, + boolean isValueConfigured, Vector info) { + _engine.getGeneralNamesConfigExtendedPluginInfo(name, + isValueConfigured, info); + } + + /** + * Created general names configuration. + * + * @param name configuration name + * @param config configuration store + * @param isValueConfigured true if value is configured + * @param isPolicyEnabled true if policy is enabled + * @exception EBaseException failed to create subject alt name configuration + */ + public static IGeneralNamesConfig createGeneralNamesConfig(String name, + IConfigStore config, boolean isValueConfigured, + boolean isPolicyEnabled) throws EBaseException { + return _engine.createGeneralNamesConfig(name, config, isValueConfigured, + isPolicyEnabled); + } + + /** + * Created general name constraints configuration. + * + * @param name configuration name + * @param config configuration store + * @param isValueConfigured true if value is configured + * @param isPolicyEnabled true if policy is enabled + * @exception EBaseException failed to create subject alt name configuration + */ + public static IGeneralNameAsConstraintsConfig createGeneralNameAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured, + boolean isPolicyEnabled) throws EBaseException { + return _engine.createGeneralNameAsConstraintsConfig( + name, config, isValueConfigured, isPolicyEnabled); + } + + /** + * Created general name constraints configuration. + * + * @param name configuration name + * @param config configuration store + * @param isValueConfigured true if value is configured + * @param isPolicyEnabled true if policy is enabled + * @exception EBaseException failed to create subject alt name configuration + */ + public static IGeneralNamesAsConstraintsConfig createGeneralNamesAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured, + boolean isPolicyEnabled) throws EBaseException { + return _engine.createGeneralNamesAsConstraintsConfig( + name, config, isValueConfigured, isPolicyEnabled); + } + + /** + * Returns the finger print of the given certificate. + * + * @param cert certificate + * @return finger print of certificate + */ + public static String getFingerPrint(Certificate cert) + throws CertificateEncodingException, NoSuchAlgorithmException { + return _engine.getFingerPrint(cert); + } + + /** + * Returns the finger print of the given certificate. + * + * @param certDer DER byte array of the certificate + * @return finger print of certificate + */ + public static String getFingerPrints(byte[] certDer) + throws NoSuchAlgorithmException { + return _engine.getFingerPrints(certDer); + } + + /** + * Returns the finger print of the given certificate. + * + * @param cert certificate + * @return finger print of certificate + */ + public static String getFingerPrints(Certificate cert) + throws NoSuchAlgorithmException, CertificateEncodingException { + return _engine.getFingerPrints(cert); + } + + /** + * Creates a HTTP PKI Message that can be sent to a remote + * authority. + * + * @return a new PKI Message for remote authority + */ + public static IPKIMessage getHttpPKIMessage() { + return _engine.getHttpPKIMessage(); + } + + /** + * Creates a request encoder. A request cannot be sent to + * the remote authority in its regular format. + * + * @return a request encoder + */ + public static IRequestEncoder getHttpRequestEncoder() { + return _engine.getHttpRequestEncoder(); + } + + /** + * Converts a BER-encoded byte array into a MIME-64 encoded string. + * + * @param data data in byte array format + * @return base-64 encoding for the data + */ + public static String BtoA(byte data[]) { + return _engine.BtoA(data); + } + + /** + * Converts a MIME-64 encoded string into a BER-encoded byte array. + * + * @param data base-64 encoding for the data + * @return data data in byte array format + */ + public static byte[] AtoB(String data) { + return _engine.AtoB(data); + } + + /** + * Retrieves the ldap connection information from the configuration + * store. + * + * @param config configuration parameters of ldap connection + * @return a LDAP connection info + */ + public static ILdapConnInfo getLdapConnInfo(IConfigStore config) + throws EBaseException, ELdapException { + return _engine.getLdapConnInfo(config); + } + + /** + * Creates a LDAP SSL socket with the given nickname. The + * certificate associated with the nickname will be used + * for client authentication. + * + * @param certNickname nickname of client certificate + * @return LDAP SSL socket factory + */ + public static LDAPSSLSocketFactoryExt getLdapJssSSLSocketFactory( + String certNickname) { + return _engine.getLdapJssSSLSocketFactory(certNickname); + } + + /** + * Creates a LDAP SSL socket. + * + * @return LDAP SSL socket factory + */ + public static LDAPSSLSocketFactoryExt getLdapJssSSLSocketFactory() { + return _engine.getLdapJssSSLSocketFactory(); + } + + /** + * Creates a LDAP Auth Info object. + * + * @return LDAP authentication info + */ + public static ILdapAuthInfo getLdapAuthInfo() { + return _engine.getLdapAuthInfo(); + } + + /** + * Retrieves the LDAP connection factory. + * + * @return bound LDAP connection pool + */ + public static ILdapConnFactory getLdapBoundConnFactory() + throws ELdapException { + return _engine.getLdapBoundConnFactory(); + } + + /** + * Retrieves the LDAP connection factory. + * + * @return anonymous LDAP connection pool + */ + public static ILdapConnFactory getLdapAnonConnFactory() + throws ELdapException { + return _engine.getLdapAnonConnFactory(); + } + + /** + * Retrieves the default X.509 certificate template. + * + * @return default certificate template + */ + public static X509CertInfo getDefaultX509CertInfo() { + return _engine.getDefaultX509CertInfo(); + } + + /** + * Retrieves the certifcate in MIME-64 encoded format + * with header and footer. + * + * @param cert certificate + * @return base-64 format certificate + */ + public static String getEncodedCert(X509Certificate cert) { + return _engine.getEncodedCert(cert); + } + + /** + * Verifies all system certs + * with tags defined in <subsystemtype>.cert.list + */ + public static boolean verifySystemCerts() { + return _engine.verifySystemCerts(); + } + + /** + * Verify a system cert by tag name + * with tags defined in <subsystemtype>.cert.list + */ + public static boolean verifySystemCertByTag(String tag) { + return _engine.verifySystemCertByTag(tag); + } + + /** + * Verify a system cert by certificate nickname + */ + public static boolean verifySystemCertByNickname(String nickname, String certificateUsage) { + return _engine.verifySystemCertByNickname(nickname, certificateUsage); + } + + /** + * get the CertificateUsage as defined in JSS CryptoManager + */ + public static CertificateUsage getCertificateUsage(String certusage) { + return _engine.getCertificateUsage(certusage); + } + + /** + * Checks if the given certificate is a signing certificate. + * + * @param cert certificate + * @return true if the given certificate is a signing certificate + */ + public static boolean isSigningCert(X509Certificate cert) { + return _engine.isSigningCert(cert); + } + + /** + * Checks if the given certificate is an encryption certificate. + * + * @param cert certificate + * @return true if the given certificate is an encryption certificate + */ + public static boolean isEncryptionCert(X509Certificate cert) { + return _engine.isEncryptionCert(cert); + } + + /** + * Retrieves the email form processor. + * + * @return email form processor + */ + public static IEmailFormProcessor getEmailFormProcessor() { + return _engine.getEmailFormProcessor(); + } + + /** + * Retrieves the email form template. + * + * @return email template + */ + public static IEmailTemplate getEmailTemplate(String path) { + return _engine.getEmailTemplate(path); + } + + /** + * Retrieves the email notification handler. + * + * @return email notification + */ + public static IMailNotification getMailNotification() { + return _engine.getMailNotification(); + } + + /** + * Retrieves the email key resolver. + * + * @return email key resolver + */ + public static IEmailResolverKeys getEmailResolverKeys() { + return _engine.getEmailResolverKeys(); + } + + /** + * Checks if the given OID is valid. + * + * @param attrName attribute name + * @param value attribute value + * @return object identifier of the given attrName + */ + public static ObjectIdentifier checkOID(String attrName, String value) + throws EBaseException { + return _engine.checkOID(attrName, value); + } + + /** + * Retrieves the email resolver that checks for subjectAlternateName. + * + * @return email key resolver + */ + public static IEmailResolver getReqCertSANameEmailResolver() { + return _engine.getReqCertSANameEmailResolver(); + } + + /** + * Retrieves the extension pretty print handler. + * + * @param e extension + * @param indent indentation + * @return extension pretty print handler + */ + public static IExtPrettyPrint getExtPrettyPrint(Extension e, int indent) { + return _engine.getExtPrettyPrint(e, indent); + } + + /** + * Retrieves the certificate pretty print handler. + * + * @param delimiter delimiter + * @return certificate pretty print handler + */ + public static IPrettyPrintFormat getPrettyPrintFormat(String delimiter) { + return _engine.getPrettyPrintFormat(delimiter); + } + + /** + * Retrieves the CRL pretty print handler. + * + * @param crl CRL + * @return CRL pretty print handler + */ + public static ICRLPrettyPrint getCRLPrettyPrint(X509CRL crl) { + return _engine.getCRLPrettyPrint(crl); + } + + /** + * Retrieves the CRL cache pretty print handler. + * + * @param ip CRL issuing point + * @return CRL pretty print handler + */ + public static ICRLPrettyPrint getCRLCachePrettyPrint(ICRLIssuingPoint ip) { + return _engine.getCRLCachePrettyPrint(ip); + } + + /** + * Retrieves the certificate pretty print handler. + * + * @param cert certificate + * @return certificate pretty print handler + */ + public static ICertPrettyPrint getCertPrettyPrint(X509Certificate cert) { + return _engine.getCertPrettyPrint(cert); + } + + public static String getConfigSDSessionId() { + return _engine.getConfigSDSessionId(); + } + + public static void setConfigSDSessionId(String val) { + _engine.setConfigSDSessionId(val); + } + + /** + * Retrieves the password check. + * + * @return default password checker + */ + public static IPasswordCheck getPasswordChecker() { + return _engine.getPasswordChecker(); + } + + /** + * Puts a password entry into the single-sign on cache. + * + * @param tag password tag + * @param pw password + */ + public static void putPasswordCache(String tag, String pw) { + _engine.putPasswordCache(tag, pw); + } + + /** + * Retrieves the password callback. + * + * @return default password callback + */ + public static PasswordCallback getPasswordCallback() { + return _engine.getPasswordCallback(); + } + + /** + * Retrieves command queue + * + * @return command queue + */ + public static ICommandQueue getCommandQueue() { + return _engine.getCommandQueue(); + } + + /** + * Loads the configuration file and starts CMS's core implementation. + * + * @param path path to configuration file (CMS.cfg) + * @exception EBaseException failed to start CMS + */ + public static void start(String path) throws EBaseException { + //FileConfigStore mainConfig = null; +/* + try { + mainConfig = new FileConfigStore(path); + } catch (EBaseException e) { + e.printStackTrace(); + System.out.println( + "Error: The Server is not fully configured.\n" + + "Finish configuring server using Configure Setup Wizard in " + + "the Certificate Server Console."); + System.out.println(e.toString()); + System.exit(0); + } +*/ + + String classname = "com.netscape.cmscore.apps.CMSEngine"; + + CMS cms = null; + + try { + ICMSEngine engine = (ICMSEngine) + Class.forName(classname).newInstance(); + + cms = new CMS(engine); + IConfigStore mainConfig = createFileConfigStore(path); + cms.init(null, mainConfig); + cms.startup(); + + } catch (EBaseException e) { // catch everything here purposely + CMS.debug("CMS:Caught EBaseException"); + CMS.debug(e); + + // Raidzilla Bug #57592: Always print error message to stdout. + System.out.println(e.toString()); + + shutdown(); + throw e; + } catch (Exception e) { // catch everything here purposely + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + PrintStream ps = new PrintStream(bos); + + e.printStackTrace(ps); + System.out.println(Constants.SERVER_SHUTDOWN_MESSAGE); + throw new EBaseException(bos.toString()); + // cms.shutdown(); + } + } + + public static IConfigStore createFileConfigStore(String path) throws EBaseException { + return _engine.createFileConfigStore(path); + } + + public static IArgBlock createArgBlock() { + return _engine.createArgBlock(); + } + + public static IArgBlock createArgBlock(String realm, Hashtable httpReq) { + return _engine.createArgBlock(realm, httpReq); + } + + public static IArgBlock createArgBlock(Hashtable httpReq) { + return _engine.createArgBlock(httpReq); + } + + public static boolean isRevoked(X509Certificate[] certificates) { + return _engine.isRevoked(certificates); + } + + public static void setListOfVerifiedCerts(int size, long interval, long unknownStateInterval) { + _engine.setListOfVerifiedCerts(size, interval, unknownStateInterval); + } + + public static IPasswordStore getPasswordStore() { + return _engine.getPasswordStore(); + } + + public static ISecurityDomainSessionTable getSecurityDomainSessionTable() { + return _engine.getSecurityDomainSessionTable(); + } + + /** + * Main driver to start CMS. + */ + public static void main(String[] args) { + String path = CONFIG_FILE; + + for (int i = 0; i < args.length; i++) { + String arg = args[i]; + + if (arg.equals("-f")) { + path = args[++i]; + } else { + // ignore unknown arguments since we + // have no real way to report them + } + } + try { + start(path); + } catch (EBaseException e) { + } + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java b/pki/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java new file mode 100644 index 000000000..060ab7dcb --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java @@ -0,0 +1,1088 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.apps; + + +import java.math.*; +import java.util.*; +import java.io.IOException; +import java.util.Hashtable; +import java.util.Enumeration; +import java.util.Vector; +import java.util.Date; +import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; +import java.security.cert.X509CRL; +import java.security.NoSuchAlgorithmException; +import com.netscape.cmsutil.http.*; +import com.netscape.cmsutil.net.*; +import com.netscape.cmsutil.password.*; +import netscape.ldap.*; +import netscape.security.x509.*; +import netscape.security.util.*; +import com.netscape.certsrv.notification.*; +import com.netscape.certsrv.common.*; +import com.netscape.certsrv.password.*; +import com.netscape.certsrv.authority.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.dbs.*; +import com.netscape.certsrv.dbs.crldb.*; +import com.netscape.certsrv.dbs.repository.*; +import com.netscape.certsrv.connector.*; +import com.netscape.certsrv.ldap.*; +import com.netscape.certsrv.ca.*; +import com.netscape.certsrv.policy.*; +import com.netscape.certsrv.ra.*; +import com.netscape.certsrv.usrgrp.*; +import com.netscape.certsrv.kra.*; +import com.netscape.certsrv.ocsp.*; +import com.netscape.certsrv.logging.*; +import com.netscape.certsrv.request.*; +import org.mozilla.jss.util.PasswordCallback; +import org.mozilla.jss.CryptoManager.CertificateUsage; +import com.netscape.certsrv.acls.*; + +/** + * This interface represents the CMS core framework. The + * framework contains a set of services that provide + * the foundation of a security application. + * <p> + * The engine implementation is loaded by CMS at startup. + * It is responsible for starting up all the related + * subsystems. + * <p> + * + * @version $Revision$, $Date$ + */ +public interface ICMSEngine extends ISubsystem { + + /** + * Gets this ID . + * + * @return CMS engine identifier + */ + public String getId(); + + /** + * Sets the identifier of this subsystem. Should never be called. + * Returns error. + * + * @param id CMS engine identifier + */ + public void setId(String id) throws EBaseException; + + /** + * Retrieves the process id of this server. + * + * @return process id of the server + */ + public int getpid(); + + public void reinit(String id) throws EBaseException; + public int getCSState(); + public void setCSState(int mode); + public boolean isPreOpMode(); + public boolean isRunningMode(); + /** + * Retrieves the instance roort path of this server. + * + * @return instance directory path name + */ + public String getInstanceDir(); + + /** + * Returns a server wide system time. Plugins should call + * this method to retrieve system time. + * + * @return current time + */ + public Date getCurrentDate(); + + /** + * Retrieves time server started up. + * + * @return last startup time + */ + public long getStartupTime(); + + /** + * Is the server in running state. After server startup, the + * server will be initialization state first. After the + * initialization state, the server will be in the running + * state. + * + * @return true if the server is in the running state + */ + public boolean isInRunningState(); + + /** + * Returns the names of all the registered subsystems. + * + * @return a list of string-based subsystem names + */ + public Enumeration getSubsystemNames(); + + /** + * Returns all the registered subsystems. + * + * @return a list of ISubsystem-based subsystems + */ + public Enumeration getSubsystems(); + + /** + * Retrieves the registered subsytem with the given name. + * + * @param name subsystem name + * @return subsystem of the given name + */ + public ISubsystem getSubsystem(String name); + + /** + * Returns the logger of the current server. The logger can + * be used to log critical informational or critical error + * messages. + * + * @return logger + */ + public ILogger getLogger(); + + /** + * Returns the signed audit logger of the current server. This logger can + * be used to log critical informational or critical error + * messages. + * + * @return signed audit logger + */ + public ILogger getSignedAuditLogger(); + + /** + * Puts data of an byte array into the debug file. + * + * @param data byte array to be recorded in the debug file + */ + public void debug(byte data[]); + + /** + * Puts a message into the debug file. + * + * @param msg debugging message + */ + public void debug(String msg); + + /** + * Puts a message into the debug file. + * + * @param level 0-10 + * @param msg debugging message + */ + public void debug(int level, String msg); + + /** + * Puts an exception into the debug file. + * + * @param e exception + */ + public void debug(Throwable e); + + /** + * Checks if the debug mode is on or not. + * + * @return true if debug mode is on + */ + public boolean debugOn(); + + /** + * Puts the current stack trace in the debug file. + */ + public void debugStackTrace(); + + + /** + * Dump name/value pair debug information to debug file + */ + public void traceHashKey(String type, String key); + public void traceHashKey(String type, String key, String val); + public void traceHashKey(String type, String key, String val, String def); + + + public byte[] getPKCS7(Locale locale, IRequest req); + + /** + * Retrieves the localized user message from UserMessages.properties. + * + * @param locale end-user locale + * @param msgID message id defined in UserMessages.properties + * @return localized user message + */ + public String getUserMessage(Locale locale, String msgID); + + /** + * Retrieves the localized user message from UserMessages.properties. + * + * @param locale end-user locale + * @param msgID message id defined in UserMessages.properties + * @param p an array of parameters + * @return localized user message + */ + public String getUserMessage(Locale locale, String msgID, String p[]); + + /** + * Retrieves the localized user message from UserMessages.properties. + * + * @param locale end-user locale + * @param msgID message id defined in UserMessages.properties + * @param p1 1st parameter + * @return localized user message + */ + public String getUserMessage(Locale locale, String msgID, String p1); + + /** + * Retrieves the localized user message from UserMessages.properties. + * + * @param locale end-user locale + * @param msgID message id defined in UserMessages.properties + * @param p1 1st parameter + * @param p2 2nd parameter + * @return localized user message + */ + public String getUserMessage(Locale locale, String msgID, String p1, String p2); + + /** + * Retrieves the localized user message from UserMessages.properties. + * + * @param locale end-user locale + * @param msgID message id defined in UserMessages.properties + * @param p1 1st parameter + * @param p2 2nd parameter + * @param p3 3rd parameter + * @return localized user message + */ + public String getUserMessage(Locale locale, String msgID, String p1, String p2, String p3); + + /** + * Retrieves the centralized log message from LogMessages.properties. + * + * @param msgID message id defined in LogMessages.properties + * @return localized log message + */ + public String getLogMessage(String msgID); + + /** + * Retrieves the centralized log message from LogMessages.properties. + * + * @param msgID message id defined in LogMessages.properties + * @param p an array of parameters + * @return localized log message + */ + public String getLogMessage(String msgID, String p[]); + + /** + * Retrieves the centralized log message from LogMessages.properties. + * + * @param msgID message id defined in LogMessages.properties + * @param p1 1st parameter + * @return localized log message + */ + public String getLogMessage(String msgID, String p1); + + /** + * Retrieves the centralized log message from LogMessages.properties. + * + * @param msgID message id defined in LogMessages.properties + * @param p1 1st parameter + * @param p2 2nd parameter + * @return localized log message + */ + public String getLogMessage(String msgID, String p1, String p2); + + /** + * Retrieves the centralized log message from LogMessages.properties. + * + * @param msgID message id defined in LogMessages.properties + * @param p1 1st parameter + * @param p2 2nd parameter + * @param p3 3rd parameter + * @return localized log message + */ + public String getLogMessage(String msgID, String p1, String p2, String p3); + + /** + * Retrieves the centralized log message from LogMessages.properties. + * + * @param msgID message id defined in LogMessages.properties + * @param p1 1st parameter + * @param p2 2nd parameter + * @param p3 3rd parameter + * @param p4 4th parameter + * @return localized log message + */ + public String getLogMessage(String msgID, String p1, String p2, String p3, String p4); + + /** + * Retrieves the centralized log message from LogMessages.properties. + * + * @param msgID message id defined in LogMessages.properties + * @param p1 1st parameter + * @param p2 2nd parameter + * @param p3 3rd parameter + * @param p4 4th parameter + * @param p5 5th parameter + * @return localized log message + */ + public String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5); + + /** + * Retrieves the centralized log message from LogMessages.properties. + * + * @param msgID message id defined in LogMessages.properties + * @param p1 1st parameter + * @param p2 2nd parameter + * @param p3 3rd parameter + * @param p4 4th parameter + * @param p5 5th parameter + * @param p6 6th parameter + * @return localized log message + */ + public String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6); + + /** + * Retrieves the centralized log message from LogMessages.properties. + * + * @param msgID message id defined in LogMessages.properties + * @param p1 1st parameter + * @param p2 2nd parameter + * @param p3 3rd parameter + * @param p4 4th parameter + * @param p5 5th parameter + * @param p6 6th parameter + * @param p7 7th parameter + * @return localized log message + */ + public String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, String p7); + + /** + * Retrieves the centralized log message from LogMessages.properties. + * + * @param msgID message id defined in LogMessages.properties + * @param p1 1st parameter + * @param p2 2nd parameter + * @param p3 3rd parameter + * @param p4 4th parameter + * @param p5 5th parameter + * @param p6 6th parameter + * @param p7 7th parameter + * @param p8 8th parameter + * @return localized log message + */ + public String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, String p7, String p8); + + /** + * Retrieves the centralized log message from LogMessages.properties. + * + * @param msgID message id defined in LogMessages.properties + * @param p1 1st parameter + * @param p2 2nd parameter + * @param p3 3rd parameter + * @param p4 4th parameter + * @param p5 5th parameter + * @param p6 6th parameter + * @param p7 7th parameter + * @param p8 8th parameter + * @param p9 9th parameter + * @return localized log message + */ + public String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, String p7, String p8, String p9); + + /** + * Parse ACL resource attributes + * @param resACLs same format as the resourceACLs attribute: + * <PRE> + * <resource name>:<permission1,permission2,...permissionn>: + * <allow|deny> (<subset of the permission set>) <evaluator expression> + * </PRE> + * @exception EACLsException ACL related parsing errors for resACLs + * @return an ACL instance built from the parsed resACLs + */ + public IACL parseACL(String resACLs) throws EACLsException; + + /** + * Creates an issuing poing record. + * + * @return issuing record + */ + public ICRLIssuingPointRecord createCRLIssuingPointRecord(String id, BigInteger crlNumber, Long crlSize, Date thisUpdate, Date nextUpdate); + + /** + * Retrieves the default CRL issuing point record name. + * + * @return CRL issuing point record name + */ + public String getCRLIssuingPointRecordName(); + + /** + * Returns the finger print of the given certificate. + * + * @param cert certificate + * @return finger print of certificate + */ + public String getFingerPrint(Certificate cert) + throws CertificateEncodingException, NoSuchAlgorithmException; + + /** + * Returns the finger print of the given certificate. + * + * @param cert certificate + * @return finger print of certificate + */ + public String getFingerPrints(Certificate cert) + throws NoSuchAlgorithmException, CertificateEncodingException; + + /* + * Returns the finger print of the given certificate. + * + * @param certDer DER byte array of certificate + * @return finger print of certificate + */ + public String getFingerPrints(byte[] certDer) + throws NoSuchAlgorithmException; + + /** + * Creates a repository record in the internal database. + * + * @return repository record + */ + public IRepositoryRecord createRepositoryRecord(); + + /** + * Creates a HTTP PKI Message that can be sent to a remote + * authority. + * + * @return a new PKI Message for remote authority + */ + public IPKIMessage getHttpPKIMessage(); + + /** + * Creates a request encoder. A request cannot be sent to + * the remote authority in its regular format. + * + * @return a request encoder + */ + public IRequestEncoder getHttpRequestEncoder(); + + /** + * Converts a BER-encoded byte array into a MIME-64 encoded string. + * + * @param data data in byte array format + * @return base-64 encoding for the data + */ + public String BtoA(byte data[]); + + /** + * Converts a MIME-64 encoded string into a BER-encoded byte array. + * + * @param data base-64 encoding for the data + * @return data data in byte array format + */ + public byte[] AtoB(String data); + + /** + * Retrieves the certifcate in MIME-64 encoded format + * with header and footer. + * + * @param cert certificate + * @return base-64 format certificate + */ + public String getEncodedCert(X509Certificate cert); + + /** + * Retrieves the certificate pretty print handler. + * + * @param delimiter delimiter + * @return certificate pretty print handler + */ + public IPrettyPrintFormat getPrettyPrintFormat(String delimiter); + + /** + * Retrieves the extension pretty print handler. + * + * @param e extension + * @param indent indentation + * @return extension pretty print handler + */ + public IExtPrettyPrint getExtPrettyPrint(Extension e, int indent); + + /** + * Retrieves the certificate pretty print handler. + * + * @param cert certificate + * @return certificate pretty print handler + */ + public ICertPrettyPrint getCertPrettyPrint(X509Certificate cert); + + /** + * Retrieves the CRL pretty print handler. + * + * @param crl CRL + * @return CRL pretty print handler + */ + public ICRLPrettyPrint getCRLPrettyPrint(X509CRL crl); + + /** + * Retrieves the CRL cache pretty print handler. + * + * @param ip CRL issuing point + * @return CRL pretty print handler + */ + public ICRLPrettyPrint getCRLCachePrettyPrint(ICRLIssuingPoint ip); + + /** + * Retrieves the ldap connection information from the configuration + * store. + * + * @param config configuration parameters of ldap connection + * @return a LDAP connection info + */ + public ILdapConnInfo getLdapConnInfo(IConfigStore config) + throws EBaseException, ELdapException; + + /** + * Creates a LDAP SSL socket with the given nickname. The + * certificate associated with the nickname will be used + * for client authentication. + * + * @param certNickname nickname of client certificate + * @return LDAP SSL socket factory + */ + public LDAPSSLSocketFactoryExt getLdapJssSSLSocketFactory( + String certNickname); + + /** + * Creates a LDAP SSL socket. + * + * @return LDAP SSL socket factory + */ + public LDAPSSLSocketFactoryExt getLdapJssSSLSocketFactory(); + + /** + * Creates a LDAP Auth Info object. + * + * @return LDAP authentication info + */ + public ILdapAuthInfo getLdapAuthInfo(); + + /** + * Retrieves the LDAP connection factory. + * + * @return bound LDAP connection pool + */ + public ILdapConnFactory getLdapBoundConnFactory() throws ELdapException; + + public LDAPConnection getBoundConnection(String host, int port, + int version, LDAPSSLSocketFactoryExt fac, String bindDN, + String bindPW) throws LDAPException; + /** + * Retrieves the LDAP connection factory. + * + * @return anonymous LDAP connection pool + */ + public ILdapConnFactory getLdapAnonConnFactory() throws ELdapException; + + /** + * Retrieves the password check. + * + * @return default password checker + */ + public IPasswordCheck getPasswordChecker(); + + /** + * Puts a password entry into the single-sign on cache. + * + * @param tag password tag + * @param pw password + */ + public void putPasswordCache(String tag, String pw); + + /** + * Retrieves the password callback. + * + * @return default password callback + */ + public PasswordCallback getPasswordCallback(); + + /** + * Retrieves the nickname of the server's server certificate. + * + * @return nickname of the server certificate + */ + public String getServerCertNickname(); + + /** + * Sets the nickname of the server's server certificate. + * + * @param tokenName name of token where the certificate is located + * @param nickName name of server certificate + */ + public void setServerCertNickname(String tokenName, String nickName); + + /** + * Sets the nickname of the server's server certificate. + * + * @param newName new nickname of server certificate + */ + public void setServerCertNickname(String newName); + + /** + * Retrieves the host name of the server's secure end entity service. + * + * @return host name of end-entity service + */ + public String getEEHost(); + + /** + * Retrieves the host name of the server's non-secure end entity service. + * + * @return host name of end-entity non-secure service + */ + public String getEENonSSLHost(); + + /** + * Retrieves the IP address of the server's non-secure end entity service. + * + * @return ip address of end-entity non-secure service + */ + public String getEENonSSLIP(); + + /** + * Retrieves the port number of the server's non-secure end entity service. + * + * @return port of end-entity non-secure service + */ + public String getEENonSSLPort(); + + /** + * Retrieves the host name of the server's secure end entity service. + * + * @return port of end-entity secure service + */ + public String getEESSLHost(); + + /** + * Retrieves the IP address of the server's secure end entity service. + * + * @return ip address of end-entity secure service + */ + public String getEESSLIP(); + + /** + * Retrieves the port number of the server's secure end entity service. + * + * @return port of end-entity secure service + */ + public String getEESSLPort(); + + /** + * Retrieves the port number of the server's client auth secure end entity service. + * + * @return port of end-entity client auth secure service + */ + public String getEEClientAuthSSLPort(); + + /** + * Retrieves the host name of the server's agent service. + * + * @return host name of agent service + */ + public String getAgentHost(); + + /** + * Retrieves the IP address of the server's agent service. + * + * @return ip address of agent service + */ + public String getAgentIP(); + + /** + * Retrieves the port number of the server's agent service. + * + * @return port of agent service + */ + public String getAgentPort(); + + /** + * Retrieves the host name of the server's administration service. + * + * @return host name of administration service + */ + public String getAdminHost(); + + /** + * Retrieves the IP address of the server's administration service. + * + * @return ip address of administration service + */ + public String getAdminIP(); + + /** + * Retrieves the port number of the server's administration service. + * + * @return port of administration service + */ + public String getAdminPort(); + + /** + * Verifies all system certificates + * @return true if all passed, false otherwise + */ + public boolean verifySystemCerts(); + + /** + * Verifies a system certificate by its tag name + * as defined in <subsystemtype>.cert.list + * @return true if passed, false otherwise + */ + public boolean verifySystemCertByTag(String tag); + + /** + * Verifies a system certificate by its nickname + * @return true if passed, false otherwise + */ + public boolean verifySystemCertByNickname(String nickname, String certificateUsage); + + /** + * get the CertificateUsage as defined in JSS CryptoManager + * @return CertificateUsage as defined in JSS CryptoManager + */ + public CertificateUsage getCertificateUsage(String certusage); + + /** + * Checks if the given certificate is a signing certificate. + * + * @param cert certificate + * @return true if the given certificate is a signing certificate + */ + public boolean isSigningCert(X509Certificate cert); + + /** + * Checks if the given certificate is an encryption certificate. + * + * @param cert certificate + * @return true if the given certificate is an encryption certificate + */ + public boolean isEncryptionCert(X509Certificate cert); + + /** + * Retrieves the default X.509 certificate template. + * + * @return default certificate template + */ + public X509CertInfo getDefaultX509CertInfo(); + + /** + * Retrieves the email form processor. + * + * @return email form processor + */ + public IEmailFormProcessor getEmailFormProcessor(); + + /** + * Retrieves the email form template. + * + * @return email template + */ + public IEmailTemplate getEmailTemplate(String path); + + /** + * Retrieves the email notification handler. + * + * @return email notification + */ + public IMailNotification getMailNotification(); + + /** + * Retrieves the email key resolver. + * + * @return email key resolver + */ + public IEmailResolverKeys getEmailResolverKeys(); + + /** + * Retrieves the email resolver that checks for subjectAlternateName. + * + * @return email key resolver + */ + public IEmailResolver getReqCertSANameEmailResolver(); + + /** + * Checks if the given OID is valid. + * + * @param attrName attribute name + * @param value attribute value + * @return object identifier of the given attrName + */ + public ObjectIdentifier checkOID(String attrName, String value) + throws EBaseException; + + /** + * Creates a general name constraints. + * + * @param generalNameChoice type of general name + * @param value general name string + * @return general name object + * @exception EBaseException failed to create general name constraint + */ + public GeneralName form_GeneralNameAsConstraints(String generalNameChoice, String value) throws EBaseException; + + /** + * Creates a general name. + * + * @param generalNameChoice type of general name + * @param value general name string + * @return general name object + * @exception EBaseException failed to create general name + */ + public GeneralName form_GeneralName(String generalNameChoice, + String value) throws EBaseException; + + /** + * Retrieves default general name configuration. + * + * @param name configuration name + * @param isValueConfigured true if value is configured + * @param params configuration parameters + * @exception EBaseException failed to create subject alt name configuration + */ + public void getGeneralNameConfigDefaultParams(String name, + boolean isValueConfigured, Vector params); + + /** + * Retrieves default general names configuration. + * + * @param name configuration name + * @param isValueConfigured true if value is configured + * @param params configuration parameters + * @exception EBaseException failed to create subject alt name configuration + */ + public void getGeneralNamesConfigDefaultParams(String name, + boolean isValueConfigured, Vector params); + + /** + * Retrieves extended plugin info for general name configuration. + * + * @param name configuration name + * @param isValueConfigured true if value is configured + * @param info configuration parameters + * @exception EBaseException failed to create subject alt name configuration + */ + public void getGeneralNameConfigExtendedPluginInfo(String name, + boolean isValueConfigured, Vector info); + + /** + * Retrieves extended plugin info for general name configuration. + * + * @param name configuration name + * @param isValueConfigured true if value is configured + * @param info configuration parameters + * @exception EBaseException failed to create subject alt name configuration + */ + public void getGeneralNamesConfigExtendedPluginInfo(String name, + boolean isValueConfigured, Vector info); + + /** + * Created general names configuration. + * + * @param name configuration name + * @param config configuration store + * @param isValueConfigured true if value is configured + * @param isPolicyEnabled true if policy is enabled + * @exception EBaseException failed to create subject alt name configuration + */ + public IGeneralNamesConfig createGeneralNamesConfig(String name, + IConfigStore config, boolean isValueConfigured, + boolean isPolicyEnabled) throws EBaseException; + + /** + * Created general name constraints configuration. + * + * @param name configuration name + * @param config configuration store + * @param isValueConfigured true if value is configured + * @param isPolicyEnabled true if policy is enabled + * @exception EBaseException failed to create subject alt name configuration + */ + public IGeneralNameAsConstraintsConfig createGeneralNameAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured, + boolean isPolicyEnabled) throws EBaseException; + + /** + * Created general name constraints configuration. + * + * @param name configuration name + * @param config configuration store + * @param isValueConfigured true if value is configured + * @param isPolicyEnabled true if policy is enabled + * @exception EBaseException failed to create subject alt name configuration + */ + public IGeneralNamesAsConstraintsConfig createGeneralNamesAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured, + boolean isPolicyEnabled) throws EBaseException; + + /** + * Get default parameters for subject alt name configuration. + * + * @param name configuration name + * @param params configuration parameters + */ + public void getSubjAltNameConfigDefaultParams(String name, Vector params); + + /** + * Get extended plugin info for subject alt name configuration. + * + * @param name configuration name + * @param params configuration parameters + */ + public void getSubjAltNameConfigExtendedPluginInfo(String name, Vector params); + + /** + * Creates subject alt name configuration. + * + * @param name configuration name + * @param config configuration store + * @param isValueConfigured true if value is configured + * @exception EBaseException failed to create subject alt name configuration + */ + public ISubjAltNameConfig createSubjAltNameConfig(String name, IConfigStore config, boolean isValueConfigured) throws EBaseException; + + /** + * Retrieves the HTTP Connection for use with connector. + * + * @param authority remote authority + * @param factory socket factory + * @return http connection to the remote authority + */ + public IHttpConnection getHttpConnection(IRemoteAuthority authority, + ISocketFactory factory); + + /** + * Retrieves the HTTP Connection for use with connector. + * + * @param authority remote authority + * @param factory socket factory + * @param timeout return error if connection cannot be established within + * the timeout period + * @return http connection to the remote authority + */ + public IHttpConnection getHttpConnection(IRemoteAuthority authority, + ISocketFactory factory, int timeout); + + /** + * Retrieves the request sender for use with connector. + * + * @param authority local authority + * @param nickname nickname of the client certificate + * @param remote remote authority + * @param interval timeout interval + * @return resender + */ + public IResender getResender(IAuthority authority, String nickname, + IRemoteAuthority remote, int interval); + + /** + * Retrieves command queue + * + * @return command queue + */ + public ICommandQueue getCommandQueue(); + + /** + * Blocks all new incoming requests. + */ + public void disableRequests(); + + /** + * Terminates all requests that are currently in process. + */ + public void terminateRequests(); + + /** + * Checks to ensure that all new incoming requests have been blocked. + * This method is used for reentrancy protection. + * <P> + * + * @return true or false + */ + public boolean areRequestsDisabled(); + + /** + * Create configuration file. + * + * @param path configuration path + * @return configuration store + * @exception EBaseException failed to create file + */ + public IConfigStore createFileConfigStore(String path) throws EBaseException; + /** + * Creates argument block. + */ + public IArgBlock createArgBlock(); + + /** + * Creates argument block. + */ + public IArgBlock createArgBlock(String realm, Hashtable httpReq); + + /** + * Creates argument block. + */ + public IArgBlock createArgBlock(Hashtable httpReq); + + /** + * Checks against the local certificate repository to see + * if the certificates are revoked. + * + * @param certificates certificates + * @return true if certificate is revoked in the local + * certificate repository + */ + public boolean isRevoked(X509Certificate[] certificates); + + /** + * Sets list of verified certificates + * + * @param size size of verified certificates list + * @param interval interval in which certificate is not recheck + * against local certificate repository + * @param unknownStateInterval interval in which certificate + * may not recheck against local certificate repository + */ + public void setListOfVerifiedCerts(int size, long interval, long unknownStateInterval); + + /** + * Performs graceful shutdown of CMS. + * Subsystems are shutdown in reverse order. + * Exceptions are ignored. + */ + public void forceShutdown(); + + public IPasswordStore getPasswordStore(); + + public ISecurityDomainSessionTable getSecurityDomainSessionTable(); + + public void setConfigSDSessionId(String id); + + public String getConfigSDSessionId(); +} + diff --git a/pki/base/common/src/com/netscape/certsrv/apps/ICommandQueue.java b/pki/base/common/src/com/netscape/certsrv/apps/ICommandQueue.java new file mode 100644 index 000000000..15224c00c --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/apps/ICommandQueue.java @@ -0,0 +1,50 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.apps; + + +import java.util.Hashtable; +import java.util.Enumeration; +import java.util.TimeZone; +import com.netscape.certsrv.apps.*; + + +/** + * This interface represents a command queue for registeration + * and unregisteration proccess for clean shutdown + * + * @version $Revision$, $Date$ + */ +public interface ICommandQueue { + + /** + * Registers a thread into the command queue. + * + * @param currentRequest request object + * @param currentServlet servlet that serves the request object + */ + public boolean registerProcess(Object currentRequest, Object currentServlet); + /** + * UnRegisters a thread from the command queue. + * + * @param currentRequest request object + * @param currentServlet servlet that serves the request object + */ + public void unRegisterProccess(Object currentRequest, Object currentServlet); + +} // CommandQueue diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/AuthCredentials.java b/pki/base/common/src/com/netscape/certsrv/authentication/AuthCredentials.java new file mode 100644 index 000000000..e363f01d2 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authentication/AuthCredentials.java @@ -0,0 +1,98 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.authentication.*; + +/** + * Authentication Credentials as input to the authMgr. It contains all the + * information required for authentication in the authMgr. + * <P> + * + * @version $Revision$, $Date$ + */ +public class AuthCredentials implements IAuthCredentials { + private Hashtable authCreds = null; + private IArgBlock argblk = null; + + /** + * Constructor + */ + public AuthCredentials() { + authCreds = new Hashtable(); + } + + /** + * Sets an authentication credential with credential name and the credential object + * @param name credential name + * @param cred credential object + */ + public void set(String name, Object cred) { + if (name != null && cred != null) + authCreds.put(name, cred); + } + + /** + * Returns the credential to which the specified name is mapped in this + * credential set + * @param name credential name + * @return the authentication credential for the given name + */ + public Object get(String name) { + return ((Object) authCreds.get(name)); + } + + /** + * Removes the name and its corresponding credential from this + * credential set. This method does nothing if the named + * credential is not in the credential set. + * @param name credential name + */ + public void delete(String name) { + authCreds.remove(name); + } + + /** + * Returns an enumeration of the credentials in this credential + * set. Use the Enumeration methods on the returned object to + * fetch the elements sequentially. + * @return an enumeration of the values in this credential set + */ + public Enumeration getElements() { + return (authCreds.elements()); + } + + /** + * Set the given argblock +i * @param blk the given argblock. + */ + public void setArgBlock(IArgBlock blk) { + argblk = blk; + } + + /** + * Returns the argblock. + * @return the argblock. + */ + public IArgBlock getArgBlock() { + return argblk; + } +} + diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/AuthManagerProxy.java b/pki/base/common/src/com/netscape/certsrv/authentication/AuthManagerProxy.java new file mode 100644 index 000000000..f98276ec5 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authentication/AuthManagerProxy.java @@ -0,0 +1,56 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + + +/** + * A class represents an authentication manager. It contains an + * authentication manager instance and its state (enable or not). + * @version $Revision$, $Date$ + */ +public class AuthManagerProxy { + private boolean mEnable; + private IAuthManager mMgr; + + /** + * Constructor + * @param enable true if the authMgr is enabled; false otherwise + * @param mgr authentication manager instance + */ + public AuthManagerProxy(boolean enable, IAuthManager mgr) { + mEnable = enable; + mMgr = mgr; + } + + /** + * Returns the state of the authentication manager instance + * @return true if the state of the authentication manager instance is + * enabled; false otherwise. + */ + public boolean isEnable() { + return mEnable; + } + + /** + * Returns an authentication manager instance. + * @return an authentication manager instance + */ + public IAuthManager getAuthManager() { + return mMgr; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/AuthMgrPlugin.java b/pki/base/common/src/com/netscape/certsrv/authentication/AuthMgrPlugin.java new file mode 100644 index 000000000..cb6e3e4ce --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authentication/AuthMgrPlugin.java @@ -0,0 +1,85 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + + +import java.util.*; +import java.lang.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.authentication.*; + + +/** + * This class represents a registered authentication manager plugin. + * <P> + * + * @version $Revision$, $Date$ + */ +public class AuthMgrPlugin { + protected String mId = null; + protected String mClassPath = null; + protected Class mClass = null; + protected boolean mVisible = true; + + /** + * Constructs a AuthManager plugin. + * @param id auth manager implementation name + * @param classPath class path + */ + public AuthMgrPlugin(String id, String classPath) { + + /* + if (id == null || classPath == null) + throw new AssertionException("Authentication Manager id or classpath can't be null"); + */ + mId = id; + mClassPath = classPath; + } + + /** + * Returns an auth manager implementation name + * @return an auth manager implementation name + */ + public String getId() { + return mId; + } + + /** + * Returns a classpath of a AuthManager plugin + * @return a classpath of a AuthManager plugin + */ + public String getClassPath() { + return mClassPath; + } + + /** + * Returns a visibility of the plugin + * @return a visibility of the plugin + */ + public boolean isVisible() { + return mVisible; + } + + /** + * Sets visibility of the plugin + * @param visibility visibility of the plugin + */ + public void setVisible(boolean visibility) { + mVisible = visibility; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/AuthResources.java b/pki/base/common/src/com/netscape/certsrv/authentication/AuthResources.java new file mode 100644 index 000000000..5bf52f1b8 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authentication/AuthResources.java @@ -0,0 +1,43 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +import java.util.*; + +/** + * A class represents a resource bundle for the authentication component. + * <P> + * + * @deprecated + * @version $Revision$, $Date$ + */ +public class AuthResources extends ListResourceBundle { + + /** + * Returns the content of this resource. + * @return the contents of this resource + */ + public Object[][] getContents() { + return contents; + } + + /** + * A set of constants for localized error messages. + */ + static final Object[][] contents = {}; +} diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/AuthToken.java b/pki/base/common/src/com/netscape/certsrv/authentication/AuthToken.java new file mode 100644 index 000000000..4ff2c6a7f --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authentication/AuthToken.java @@ -0,0 +1,443 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +import java.util.Hashtable; +import java.util.Date; +import java.util.Enumeration; +import java.math.BigInteger; +import java.io.IOException; +import java.io.ByteArrayOutputStream; +import java.io.ByteArrayInputStream; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; + +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.usrgrp.Certificates; +import netscape.security.util.DerOutputStream; +import netscape.security.util.DerValue; +import netscape.security.util.DerInputStream; +import netscape.security.x509.X509CertImpl; +import netscape.security.x509.CertificateExtensions; + +/** + * Authentication token returned by Authentication Managers. + * Upon return, it contains authentication/identification information + * as well as information retrieved from the database where the + * authentication was done against. Each authentication manager has + * its own list of such information. See individual authenticaiton + * manager for more details. + * <p> + * @version $Revision$, $Date$ + */ +public class AuthToken implements IAuthToken { + protected Hashtable mAttrs = null; + + /* Subject name of the certificate in the authenticating entry */ + public static final String TOKEN_CERT_SUBJECT = "tokenCertSubject"; + + /* NotBefore value of the certificate in the authenticating entry */ + public static final String TOKEN_CERT_NOTBEFORE = "tokenCertNotBefore"; + + /* NotAfter value of the certificate in the authenticating entry */ + public static final String TOKEN_CERT_NOTAFTER = "tokenCertNotAfter"; + + /* Cert Extentions value of the certificate in the authenticating entry */ + public static final String TOKEN_CERT_EXTENSIONS = "tokenCertExts"; + + /* Serial number of the certificate in the authenticating entry */ + public static final String TOKEN_CERT_SERIALNUM = "certSerial"; + + /** + * Certificate to be renewed + */ + public static final String TOKEN_CERT = "tokenCert"; + + /* Certificate to be revoked */ + public static final String TOKEN_CERT_TO_REVOKE = "tokenCertToRevoke"; + + /** + * Plugin name of the authentication manager that created the + * AuthToken as a string. + */ + public static final String TOKEN_AUTHMGR_IMPL_NAME = "authMgrImplName"; + + /** + * Name of the authentication manager that created the AuthToken + * as a string. + */ + public static final String TOKEN_AUTHMGR_INST_NAME = "authMgrInstName"; + + /** + * Time of authentication as a java.util.Date + */ + public static final String TOKEN_AUTHTIME = "authTime"; + + /** + * Constructs an instance of a authentication token. + * The token by default contains the following attributes: <br> + * <pre> + * "authMgrInstName" - The authentication manager instance name. + * "authMgrImplName" - The authentication manager plugin name. + * "authTime" - The - The time of authentication. + * </pre> + * @param authMgr The authentication manager that created this Token. + */ + public AuthToken(IAuthManager authMgr) { + mAttrs = new Hashtable(); + if (authMgr != null) { + set(TOKEN_AUTHMGR_INST_NAME, authMgr.getName()); + set(TOKEN_AUTHMGR_IMPL_NAME, authMgr.getImplName()); + } + set(TOKEN_AUTHTIME, new Date()); + } + + public String getInString(String attrName) { + return (String)mAttrs.get(attrName); + } + + public boolean set(String attrName, String value) { + if (value == null) { + return false; + } + mAttrs.put(attrName, value); + return true; + } + + /** + * Removes an attribute in the AuthToken + * @param attrName The name of the attribute to remove. + */ + public void delete(String attrName) { + mAttrs.remove(attrName); + } + + /** + * Enumerate all attribute names in the AuthToken. + * @return Enumeration of all attribute names in this AuthToken. + */ + public Enumeration getElements() { + return (mAttrs.keys()); + } + + public byte[] getInByteArray(String name) { + String value = getInString(name); + if (value == null) { + return null; + } + return CMS.AtoB(value); + } + + public boolean set(String name, byte[] value) { + if (value == null) { + return false; + } + return set(name, CMS.BtoA(value)); + } + + public Integer getInInteger(String name) { + String strVal = getInString(name); + if (strVal == null) { + return null; + } + try { + return Integer.valueOf(strVal); + } catch (NumberFormatException e) { + return null; + } + } + + public boolean set(String name, Integer value) { + if (value == null) { + return false; + } + return set(name, value.toString()); + } + + public BigInteger[] getInBigIntegerArray(String name) { + String value = getInString(name); + if (value == null) { + return null; + } + String[] values = value.split(","); + if (values.length == 0) { + return null; + } + BigInteger[] result = new BigInteger[values.length]; + for (int i = 0; i < values.length; i++) { + try { + result[i] = new BigInteger(values[i]); + } catch (NumberFormatException e) { + return null; + } + } + return result; + } + + public boolean set(String name, BigInteger[] value) { + if (value == null) { + return false; + } + StringBuffer buffer = new StringBuffer(); + for (int i = 0; i < value.length; i++) { + if (i != 0) { + buffer.append(","); + } + buffer.append(value[i].toString()); + } + return set(name, buffer.toString()); + } + + public Date getInDate(String name) { + String value = getInString(name); + if (value == null) { + return null; + } + try { + return new Date(Long.parseLong(value)); + } catch (NumberFormatException e) { + return null; + } + } + + public boolean set(String name, Date value) { + if (value == null) { + return false; + } + return set(name, String.valueOf(value.getTime())); + } + + public String[] getInStringArray(String name) { + String[] stringValues; + + byte[] byteValue = getInByteArray(name); + if (byteValue == null) { + return null; + } + try { + DerInputStream in = new DerInputStream(byteValue); + DerValue[] derValues = in.getSequence(5); + stringValues = new String[derValues.length]; + for (int i = 0; i < derValues.length; i++) { + stringValues[i] = derValues[i].getAsString(); + } + } catch (IOException e) { + return null; + } + return stringValues; + } + + public boolean set(String name, String[] value) { + if (value == null) { + return false; + } + DerOutputStream out = new DerOutputStream(); + DerValue[] derValues = new DerValue[value.length]; + try { + for (int i = 0; i < value.length; i++) { + derValues[i] = new DerValue(value[i]); + } + out.putSequence(derValues); + return set(name, out.toByteArray()); + } catch (IOException e) { + return false; + } + } + + public X509CertImpl getInCert(String name) { + byte[] data = getInByteArray(name); + if (data == null) { + return null; + } + try { + return new X509CertImpl(data); + } catch (CertificateException e) { + return null; + } + } + + public boolean set(String name, X509CertImpl value) { + if (value == null) { + return false; + } + ByteArrayOutputStream out = new ByteArrayOutputStream(); + try { + value.encode(out); + } catch (CertificateEncodingException e) { + return false; + } + return set(name, out.toByteArray()); + } + + public CertificateExtensions getInCertExts(String name) { + CertificateExtensions exts = null; + byte[] data = getInByteArray(name); + if (data != null) { + try { + exts = new CertificateExtensions(); + // exts.decode() doesn't work for empty CertExts + exts.decodeEx(new ByteArrayInputStream(data)); + } catch (IOException e) { + return null; + } + } + return exts; + } + + public boolean set(String name, CertificateExtensions value) { + if (value == null) { + return false; + } + ByteArrayOutputStream out = new ByteArrayOutputStream(); + try { + value.encode(out); + } catch (IOException e) { + return false; + } catch (CertificateException e) { + return false; + } + return set(name, out.toByteArray()); + } + + public Certificates getInCertificates(String name) { + X509CertImpl[] certArray; + + byte[] byteValue = getInByteArray(name); + if (byteValue == null) { + return null; + } + + try { + DerInputStream in = new DerInputStream(byteValue); + DerValue[] derValues = in.getSequence(5); + certArray = new X509CertImpl[derValues.length]; + for (int i = 0; i < derValues.length; i++) { + byte[] certData = derValues[i].toByteArray(); + certArray[i] = new X509CertImpl(certData); + } + } catch (IOException e) { + return null; + } catch (CertificateException e) { + return null; + } + return new Certificates(certArray); + } + + public boolean set(String name, Certificates value) { + if (value == null) { + return false; + } + DerOutputStream derStream = new DerOutputStream(); + X509Certificate[] certArray = value.getCertificates(); + DerValue[] derValues = new DerValue[certArray.length]; + try { + for (int i = 0; i < certArray.length; i++) { + ByteArrayOutputStream byteStream = new ByteArrayOutputStream(); + try { + X509CertImpl certImpl = (X509CertImpl)certArray[i]; + certImpl.encode(byteStream); + derValues[i] = new DerValue(byteStream.toByteArray()); + } catch (CertificateEncodingException e) { + return false; + } catch (ClassCastException e) { + return false; + } + } + derStream.putSequence(derValues); + return set(name, derStream.toByteArray()); + } catch (IOException e) { + return false; + } + } + + public byte[][] getInByteArrayArray(String name) { + byte[][] retval; + + byte[] byteValue = getInByteArray(name); + if (byteValue == null) { + return null; + } + try { + DerInputStream in = new DerInputStream(byteValue); + DerValue[] derValues = in.getSequence(5); + retval = new byte[derValues.length][]; + for (int i = 0; i < derValues.length; i++) { + retval[i] = derValues[i].getOctetString(); + } + } catch (IOException e) { + return null; + } + return retval; + } + + public boolean set(String name, byte[][] value) { + if (value == null) { + return false; + } + DerOutputStream out = new DerOutputStream(); + DerValue[] derValues = new DerValue[value.length]; + try { + for (int i = 0; i < value.length; i++) { + derValues[i] = new DerValue(DerValue.tag_OctetString, value[i]); + } + out.putSequence(derValues); + return set(name, out.toByteArray()); + } catch (IOException e) { + return false; + } + } + + /** + * Enumerate all attribute values in the AuthToken. + * @return Enumeration of all attribute names in this AuthToken. + */ + public Enumeration getVals() { + return (mAttrs.elements()); + } + + /** + * Gets the name of the authentication manager instance that created + * this token. + * @return The name of the authentication manager instance that created + * this token. + */ + public String getAuthManagerInstName() { + return ((String) mAttrs.get(TOKEN_AUTHMGR_INST_NAME)); + } + + /** + * Gets the plugin name of the authentication manager that created this + * token. + * @return The plugin name of the authentication manager that created this + * token. + */ + public String getAuthManagerImplName() { + return ((String) mAttrs.get(TOKEN_AUTHMGR_IMPL_NAME)); + } + + /** + * Gets the time of authentication. + * @return The time of authentication + */ + public Date getAuthTime() { + return ((Date) mAttrs.get(TOKEN_AUTHTIME)); + } +} + diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/EAuthException.java b/pki/base/common/src/com/netscape/certsrv/authentication/EAuthException.java new file mode 100644 index 000000000..8f68f870b --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authentication/EAuthException.java @@ -0,0 +1,81 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +import com.netscape.certsrv.base.EBaseException; + +/** + * This class represents authentication exceptions. + * <P> + * @version $Revision$, $Date$ + */ +public class EAuthException extends EBaseException { + + /** + * Resource class name + */ + private static final String AUTH_RESOURCES = AuthResources.class.getName(); + + /** + * Constructs an authentication exception + * <P> + * @param msgFormat exception details + */ + public EAuthException(String msgFormat) { + super(msgFormat); + } + + /** + * Constructs an authentication exception with a parameter. + * <p> + * @param msgFormat exception details in message string format + * @param param message string parameter + */ + public EAuthException(String msgFormat, String param) { + super(msgFormat, param); + } + + /** + * Constructs a auth exception with a exception parameter. + * <P> + * @param msgFormat exception details in message string format + * @param exception system exception + */ + public EAuthException(String msgFormat, Exception exception) { + super(msgFormat, exception); + } + + /** + * Constructs a auth exception with a list of parameters. + * <P> + * @param msgFormat the message format. + * @param params list of message format parameters + */ + public EAuthException(String msgFormat, Object params[]) { + super(msgFormat, params); + } + + /** + * Returns the resource bundle name + * @return resource bundle name. + */ + protected String getBundleName() { + return AUTH_RESOURCES; + } + +} diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/EAuthInternalError.java b/pki/base/common/src/com/netscape/certsrv/authentication/EAuthInternalError.java new file mode 100644 index 000000000..81dcccbbd --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authentication/EAuthInternalError.java @@ -0,0 +1,33 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +/** + * An exception for authentication internal error. + */ +public class EAuthInternalError extends EAuthException { + + /** + * Constructs an authentication internal error exception + * with a detailed message. + * @param errorString Detailed error message. + */ + public EAuthInternalError(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/EAuthMgrNotFound.java b/pki/base/common/src/com/netscape/certsrv/authentication/EAuthMgrNotFound.java new file mode 100644 index 000000000..b623f006b --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authentication/EAuthMgrNotFound.java @@ -0,0 +1,32 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +/** + * Exception for authentication manager not found. + */ +public class EAuthMgrNotFound extends EAuthException { + + /** + * Constructs a exception for a missing authentication manager + * @param errorString error string for missing authentication manager + */ + public EAuthMgrNotFound(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/EAuthMgrPluginNotFound.java b/pki/base/common/src/com/netscape/certsrv/authentication/EAuthMgrPluginNotFound.java new file mode 100644 index 000000000..3904f5ed5 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authentication/EAuthMgrPluginNotFound.java @@ -0,0 +1,32 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +/** + * Exception for authentication manager not found. + */ +public class EAuthMgrPluginNotFound extends EAuthException { + + /** + * Constructs a exception for a missing authentication manager plugin + * @param errorString error for a missing authentication manager plugin + */ + public EAuthMgrPluginNotFound(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/EAuthUserError.java b/pki/base/common/src/com/netscape/certsrv/authentication/EAuthUserError.java new file mode 100644 index 000000000..684b8c8a9 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authentication/EAuthUserError.java @@ -0,0 +1,32 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +/** + * Exception for invalid attribute value + */ +public class EAuthUserError extends EAuthException { + + /** + * Constructs a exception for a Invalid attribute value + * @param errorString Detailed error message. + */ + public EAuthUserError(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/ECompSyntaxErr.java b/pki/base/common/src/com/netscape/certsrv/authentication/ECompSyntaxErr.java new file mode 100644 index 000000000..5203fa180 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authentication/ECompSyntaxErr.java @@ -0,0 +1,32 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +/** + * An exception for DN component syntax error. + */ +public class ECompSyntaxErr extends EAuthException { + + /** + * Constructs an component syntax error + * @param errorString Detailed error message. + */ + public ECompSyntaxErr(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/EFormSubjectDN.java b/pki/base/common/src/com/netscape/certsrv/authentication/EFormSubjectDN.java new file mode 100644 index 000000000..ff657351f --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authentication/EFormSubjectDN.java @@ -0,0 +1,32 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +/** + * An exception for Error formulating the subject name (X500Name) + */ +public class EFormSubjectDN extends EAuthException { + + /** + * Constructs an Error on formulating the subject dn. + * @param errorString Detailed error message. + */ + public EFormSubjectDN(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/EInvalidCredentials.java b/pki/base/common/src/com/netscape/certsrv/authentication/EInvalidCredentials.java new file mode 100644 index 000000000..e77fff3ca --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authentication/EInvalidCredentials.java @@ -0,0 +1,32 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +/** + * An exception for invalid credentials. + */ +public class EInvalidCredentials extends EAuthException { + + /** + * Constructs an Invalid Credentials exception. + * @param errorString Detailed error message. + */ + public EInvalidCredentials(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/EMissingCredential.java b/pki/base/common/src/com/netscape/certsrv/authentication/EMissingCredential.java new file mode 100644 index 000000000..655366518 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authentication/EMissingCredential.java @@ -0,0 +1,32 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +/** + * Exception for missing a required authentication credential. + */ +public class EMissingCredential extends EAuthException { + + /** + * Constructs a exception for a missing required authentication credential + * @param errorString Detailed error message. + */ + public EMissingCredential(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/IAuthCredentials.java b/pki/base/common/src/com/netscape/certsrv/authentication/IAuthCredentials.java new file mode 100644 index 000000000..bb04f0698 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authentication/IAuthCredentials.java @@ -0,0 +1,43 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +import com.netscape.certsrv.base.*; +import java.util.*; + +/** + * An interface represents authentication credentials: + * e.g. uid/pwd, uid/pin, certificate, etc. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IAuthCredentials extends IAttrSet { + + /** + * Set argblock. + * @param blk argblock + */ + public void setArgBlock(IArgBlock blk); + + /** + * Returns argblock. + * @return Argblock. + */ + public IArgBlock getArgBlock(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/IAuthManager.java b/pki/base/common/src/com/netscape/certsrv/authentication/IAuthManager.java new file mode 100644 index 000000000..c82fa72a8 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authentication/IAuthManager.java @@ -0,0 +1,106 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +import com.netscape.certsrv.base.*; +import java.util.*; + +/** + * Authentication Manager interface. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IAuthManager { + + /* standard credential for client cert from ssl client auth */ + public static final String CRED_SSL_CLIENT_CERT = "sslClientCert"; + + /** + * Standard credential for client cert's serial number from revocation. + */ + public static final String CRED_CERT_SERIAL_TO_REVOKE = "certSerialToRevoke"; + public static final String CRED_SESSION_ID = "sessionID"; + public static final String CRED_HOST_NAME = "hostname"; + + /** + * Get the name of this authentication manager instance. + * <p> + * @return the name of this authentication manager. + */ + public String getName(); + + /** + * Get name of authentication manager plugin. + * <p> + * @return the name of the authentication manager plugin. + */ + public String getImplName(); + + /** + * Authenticate the given credentials. + * @param authCred The authentication credentials + * @return authentication token + * @exception EMissingCredential If a required credential for this + * authentication manager is missing. + * @exception EInvalidCredentials If credentials cannot be authenticated. + * @exception EBaseException If an internal error occurred. + */ + public IAuthToken authenticate(IAuthCredentials authCred) + throws EMissingCredential, EInvalidCredentials, EBaseException; + + /** + * Initialize this authentication manager. + * @param name The name of this authentication manager instance. + * @param implName The name of the authentication manager plugin. + * @param config The configuration store for this authentication manager. + * @exception EBaseException If an initialization error occurred. + */ + public void init(String name, String implName, IConfigStore config) + throws EBaseException; + + /** + * Prepare this authentication manager for a shutdown. + * Called when the server is exiting for any cleanup needed. + */ + public void shutdown(); + + /** + * Gets a list of the required credentials for this authentication manager. + * @return The required credential attributes. + */ + public String[] getRequiredCreds(); + + /** + * Get configuration parameters for this implementation. + * The configuration parameters returned is passed to the + * configuration console so configuration for instances of this + * implementation can be made through the console. + * + * @return a list of configuration parameters. + * @exception EBaseException If an internal error occurred + */ + public String[] getConfigParams() + throws EBaseException; + + /** + * Get the configuration store for this authentication manager. + * @return The configuration store of this authentication manager. + */ + public IConfigStore getConfigStore(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/IAuthSubsystem.java b/pki/base/common/src/com/netscape/certsrv/authentication/IAuthSubsystem.java new file mode 100644 index 000000000..0b91fa675 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authentication/IAuthSubsystem.java @@ -0,0 +1,223 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +import com.netscape.certsrv.base.*; +import java.util.*; + +/** + * An interface that represents an authentication component + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IAuthSubsystem extends ISubsystem { + + /** + * Constant for auths. + */ + public static final String ID = "auths"; + + /** + * Constant for class. + */ + public static final String PROP_CLASS = "class"; + + /** + * Constant for impl + */ + public static final String PROP_IMPL = "impl"; + + /** + * Constant for pluginName. + */ + public static final String PROP_PLUGIN = "pluginName"; + + /** + * Constant for instance. + */ + public static final String PROP_INSTANCE = "instance"; + + /* XXX should not be here */ + + /** + * Constant for password based authentication plugin ID. + */ + public static final String PASSWDUSERDB_PLUGIN_ID = "passwdUserDBAuthPlugin"; + + /** + * Constant for certificate based authentication plugin ID. + */ + public static final String CERTUSERDB_PLUGIN_ID = "certUserDBAuthPlugin"; + + /** + * Constant for challenge based authentication plugin ID. + */ + public static final String CHALLENGE_PLUGIN_ID = "challengeAuthPlugin"; + + /** + * Constant for null authentication plugin ID. + */ + public static final String NULL_PLUGIN_ID = "nullAuthPlugin"; + + /** + * Constant for ssl client authentication plugin ID. + */ + public static final String SSLCLIENTCERT_PLUGIN_ID = "sslClientCertAuthPlugin"; + + /** + * Constant for password based authentication manager ID. + */ + public static final String PASSWDUSERDB_AUTHMGR_ID = "passwdUserDBAuthMgr"; + + /** + * Constant for certificate based authentication manager ID. + */ + public static final String CERTUSERDB_AUTHMGR_ID = "certUserDBAuthMgr"; + + /** + * Constant for challenge based authentication manager ID. + */ + public static final String CHALLENGE_AUTHMGR_ID = "challengeAuthMgr"; + + /** + * Constant for null authentication manager ID. + */ + public static final String NULL_AUTHMGR_ID = "nullAuthMgr"; + + /** + * Constant for ssl client authentication manager ID. + */ + public static final String SSLCLIENTCERT_AUTHMGR_ID = "sslClientCertAuthMgr"; + + /** + * Constant for CMC authentication plugin ID. + */ + public static final String CMCAUTH_PLUGIN_ID = "CMCAuth"; + + /** + * Constant for CMC authentication manager ID. + */ + public static final String CMCAUTH_AUTHMGR_ID = "CMCAuth"; + + /** + * Authenticate the given credentials using the given manager name. + * @param authCred The authentication credentials + * @param authMgrName The authentication manager name + * @return a authentication token. + * @exception EMissingCredential when missing credential during authentication + * @exception EInvalidCredentials when the credential is invalid + * @exception EBaseException If an error occurs during authentication. + */ + public IAuthToken authenticate(IAuthCredentials authCred, String authMgrName) + throws EMissingCredential, EInvalidCredentials, EBaseException; + + /** + * Gets the required credential attributes for the given authentication + * manager. + * @param authMgrName The authentication manager name + * @return a Vector of required credential attribute names. + * @exception EBaseException If the required credential is missing + */ + public String[] getRequiredCreds(String authMgrName) throws EBaseException; + + /** + * Adds (registers) the given authentication manager. + * @param name The authentication manager name + * @param authMgr The authentication manager instance. + */ + public void add(String name, IAuthManager authMgr); + + /** + * Deletes (deregisters) the given authentication manager. + * @param name The authentication manager name to delete. + */ + public void delete(String name); + + /** + * Gets the Authentication manager instance of the specified name. + * @param name The authentication manager's name. + * @exception EBaseException when internal error occurs. + */ + public IAuthManager getAuthManager(String name) throws EBaseException; + + /** + * Gets an enumeration of authentication managers registered to the + * authentication subsystem. + * @return a list of authentication managers + */ + public Enumeration getAuthManagers(); + + /** + * Gets an enumeration of authentication manager plugins. + * @return a list of authentication plugins + */ + public Enumeration getAuthManagerPlugins(); + + /** + * Gets a single authentication manager plugin implementation + * @param name given authentication plugin name + * @return the given authentication plugin + */ + public IAuthManager getAuthManagerPlugin(String name); + + /** + * Get configuration parameters for a authentication mgr plugin. + * @param implName The plugin name. + * @return configuration parameters for the given authentication manager plugin + * @exception EAuthMgrPluginNotFound If the authentication manager + * plugin is not found. + * @exception EBaseException If an internal error occurred. + */ + public String[] getConfigParams(String implName) + throws EAuthMgrPluginNotFound, EBaseException; + + /** + * Log error message. + * @param level log level + * @param msg error message + */ + public void log(int level, String msg); + + /** + * Get a hashtable containing all authentication plugins. + * @return all authentication plugins. + */ + public Hashtable getPlugins(); + + /** + * Get a hashtable containing all authentication instances. + * @return all authentication instances. + */ + public Hashtable getInstances(); + + /** + * Get an authentication manager interface for the given name. + * @param name given authentication manager name. + * @return an authentication manager for the given manager name. + */ + public IAuthManager get(String name); + + /** + * Get an authentication manager plugin impl for the given name. + * @param name given authentication manager name. + * @return an authentication manager plugin + */ + public AuthMgrPlugin getAuthManagerPluginImpl(String name); +} + diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/IAuthToken.java b/pki/base/common/src/com/netscape/certsrv/authentication/IAuthToken.java new file mode 100644 index 000000000..f8cb47ec6 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authentication/IAuthToken.java @@ -0,0 +1,208 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +import java.util.Hashtable; +import java.util.Date; +import java.util.Enumeration; +import java.math.BigInteger; + +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.usrgrp.Certificates; +import netscape.security.x509.X509CertImpl; +import netscape.security.x509.CertificateExtensions; + +/** + * AuthToken interface. + */ +public interface IAuthToken { + + /** + * Constant for userid. + */ + public static final String USER_ID = "userid"; + + /** + * Sets an attribute value within this AttrSet. + * + * @param name the name of the attribute + * @param value the attribute object. + * @return false on an error + */ + public boolean set(String name, String value); + + /** + * Gets an attribute value. + * + * @param name the name of the attribute to return. + * @exception EBaseException on attribute handling errors. + * @return the attribute value + */ + public String getInString(String name); + + /** + * Returns an enumeration of the names of the attributes existing within + * this AttrSet. + * + * @return an enumeration of the attribute names. + */ + public Enumeration getElements(); + + /************ + * Helpers for non-string sets and gets. + * These are needed because AuthToken is stored in IRequest (which can + * only store string values + */ + + /** + * Retrieves the byte array value for name. The value should have been + * previously stored as a byte array (it will be CMS.AtoB decoded). + * @param name The attribute name. + * @return The byte array or null on error. + */ + public byte[] getInByteArray(String name); + + /** + * Stores the byte array with the associated key. + * @param name The attribute name. + * @param value The value to store + * @return false on an error + */ + public boolean set(String name, byte[] value); + + /** + * Retrieves the Integer value for name. + * @param name The attribute name. + * @return The Integer or null on error. + */ + public Integer getInInteger(String name); + + /** + * Stores the Integer with the associated key. + * @param name The attribute name. + * @param value The value to store + * @return false on an error + */ + public boolean set(String name, Integer value); + + /** + * Retrieves the BigInteger array value for name. + * @param name The attribute name. + * @return The value or null on error. + */ + public BigInteger[] getInBigIntegerArray(String name); + + /** + * Stores the BigInteger array with the associated key. + * @param name The attribute name. + * @param value The value to store + * @return false on an error + */ + public boolean set(String name, BigInteger[] value); + + /** + * Retrieves the Date value for name. + * @param name The attribute name. + * @return The value or null on error. + */ + public Date getInDate(String name); + + /** + * Stores the Date with the associated key. + * @param name The attribute name. + * @param value The value to store + * @return false on an error + */ + public boolean set(String name, Date value); + + /** + * Retrieves the String array value for name. + * @param name The attribute name. + * @return The value or null on error. + */ + public String[] getInStringArray(String name); + + /** + * Stores the String array with the associated key. + * @param name The attribute name. + * @param value The value to store + * @return False on error. + */ + public boolean set(String name, String[] value); + + /** + * Retrieves the X509CertImpl value for name. + * @param name The attribute name. + * @return The value or null on error. + */ + public X509CertImpl getInCert(String name); + + /** + * Stores the X509CertImpl with the associated key. + * @param name The attribute name. + * @param value The value to store + * @return false on error + */ + public boolean set(String name, X509CertImpl value); + + /** + * Retrieves the CertificateExtensions value for name. + * @param name The attribute name. + * @return The value or null on error. + */ + public CertificateExtensions getInCertExts(String name); + + /** + * Stores the CertificateExtensions with the associated key. + * @param name The attribute name. + * @param value The value to store + * @return false on error + */ + public boolean set(String name, CertificateExtensions value); + + /** + * Retrieves the Certificates value for name. + * @param name The attribute name. + * @return The value or null on error. + */ + public Certificates getInCertificates(String name); + + /** + * Stores the Certificates with the associated key. + * @param name The attribute name. + * @param value The value to store + * @return false on error + */ + public boolean set(String name, Certificates value); + + /** + * Retrieves the byte[][] value for name. + * @param name The attribute name. + * @return The value or null on error. + */ + public byte[][] getInByteArrayArray(String name); + + /** + * Stores the byte[][] with the associated key. + * @param name The attribute name. + * @param value The value to store + * @return false on error + */ + public boolean set(String name, byte[][] value); +} + diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/ISSLClientCertProvider.java b/pki/base/common/src/com/netscape/certsrv/authentication/ISSLClientCertProvider.java new file mode 100644 index 000000000..0f024ea64 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authentication/ISSLClientCertProvider.java @@ -0,0 +1,46 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + + +import java.security.cert.*; +import java.util.*; + + +/** + * This interface represents an object that captures the + * SSL client certificate in a SSL session. Normally, this + * object is a servlet. + * <p> + * + * This interface is used to avoid the internal imeplemtnation + * to have servlet (protocol handler) dependency. + * <p> + * + * @version $Revision$, $Date$ + */ +public interface ISSLClientCertProvider { + + /** + * Retrieves the SSL client certificate chain. + * + * @return certificate chain + */ + public X509Certificate[] getClientCertificateChain(); + +} diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/ISharedToken.java b/pki/base/common/src/com/netscape/certsrv/authentication/ISharedToken.java new file mode 100644 index 000000000..b0806eb65 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authentication/ISharedToken.java @@ -0,0 +1,31 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authentication; + +import com.netscape.certsrv.base.*; +import org.mozilla.jss.pkix.cmc.PKIData; +import java.math.*; + +/** + * Shared Token interface. + */ +public interface ISharedToken { + + public String getSharedToken(PKIData cmcData); + public String getSharedToken(BigInteger serialnum); +} diff --git a/pki/base/common/src/com/netscape/certsrv/authority/IAuthority.java b/pki/base/common/src/com/netscape/certsrv/authority/IAuthority.java new file mode 100644 index 000000000..95fc6bf55 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authority/IAuthority.java @@ -0,0 +1,69 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authority; + + +import com.netscape.certsrv.base.ISubsystem; +import com.netscape.certsrv.request.IRequestQueue; +import com.netscape.certsrv.request.IRequest; +import com.netscape.certsrv.request.*; +import netscape.security.x509.*; + +import java.io.*; + + +/** + * Authority interface. + * + * @version $Revision$ $Date$ + */ +public interface IAuthority extends ISubsystem { + + /** + * Retrieves the request queue for the Authority. + * <P> + * @return the request queue. + */ + public IRequestQueue getRequestQueue(); + + /** + * Registers request completed class. + */ + public void registerRequestListener(IRequestListener listener); + + /** + * Registers pending request class. + */ + public void registerPendingListener(IRequestListener listener); + + /** + * log interface + */ + public void log(int level, String msg); + + /** + * nickname of signing (id) cert + */ + public String getNickname(); + + /** + * return official product name. + */ + public String getOfficialName(); + +} diff --git a/pki/base/common/src/com/netscape/certsrv/authority/ICertAuthority.java b/pki/base/common/src/com/netscape/certsrv/authority/ICertAuthority.java new file mode 100644 index 000000000..02001338b --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authority/ICertAuthority.java @@ -0,0 +1,104 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authority; + + +import netscape.security.x509.X500Name; +import netscape.security.x509.CertificateChain; +import netscape.security.x509.X509CertImpl; +import com.netscape.certsrv.base.ISubsystem; +import com.netscape.certsrv.request.IRequestQueue; +import com.netscape.certsrv.request.IRequest; +import com.netscape.certsrv.dbs.certdb.ICertificateRepository; +import com.netscape.certsrv.logging.ILogger; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.ldap.*; +import com.netscape.certsrv.publish.*; + + +/** + * Authority that handles certificates needed by the cert registration + * servlets. + * <P> + * + * @version $Revision$ $Date$ + */ +public interface ICertAuthority extends IAuthority { + + /** + * Retrieves the certificate repository for this authority. + * <P> + * + * @return the certificate repository. + */ + public ICertificateRepository getCertificateRepository(); + + /** + * Returns CA's certificate chain. + * <P> + * @return the Certificate Chain for the CA. + */ + public CertificateChain getCACertChain(); + + /** + * Returns CA's certificate implementaion. + * <P> + * @return CA's certificate. + */ + public X509CertImpl getCACert(); + + /** + * Returns signing algorithms supported by the CA. + * Dependent on CA's key type and algorithms supported by security lib. + */ + public String[] getCASigningAlgorithms(); + + /** + * Returns authority's X500 Name. - XXX what's this for ?? + */ + public X500Name getX500Name(); + + /** + * Register a request listener + */ + public void registerRequestListener(IRequestListener l); + + /** + * Remove a request listener + */ + public void removeRequestListener(IRequestListener l); + + /** + * Register a pending listener + */ + public void registerPendingListener(IRequestListener l); + + /** + * get authority's publishing module if any. + */ + public IPublisherProcessor getPublisherProcessor(); + + /** + * Returns the logging interface for this authority. + * Using this interface both System and Audit events can be + * logged. + * + */ + public ILogger getLogger(); + +} diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/AuthzManagerProxy.java b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzManagerProxy.java new file mode 100644 index 000000000..0960311ee --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzManagerProxy.java @@ -0,0 +1,56 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + + +/** + * A class represents an authorization manager. It contains an + * authorization manager instance and its state (enable or not). + * @version $Revision$, $Date$ + */ +public class AuthzManagerProxy { + private boolean mEnable; + private IAuthzManager mMgr; + + /** + * Constructor + * @param enable true if the authzMgr is enabled; false otherwise + * @param mgr authorization manager instance + */ + public AuthzManagerProxy(boolean enable, IAuthzManager mgr) { + mEnable = enable; + mMgr = mgr; + } + + /** + * Returns the state of the authorization manager instance + * @return true if the state of the authorization manager instance is + * enabled; false otherwise. + */ + public boolean isEnable() { + return mEnable; + } + + /** + * Returns an authorization manager instance. + * @return an authorization manager instance + */ + public IAuthzManager getAuthzManager() { + return mMgr; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/AuthzMgrPlugin.java b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzMgrPlugin.java new file mode 100644 index 000000000..ef8c62f8f --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzMgrPlugin.java @@ -0,0 +1,80 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + + +import java.util.*; +import java.lang.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.authorization.*; + + +/** + * This class represents a registered authorization manager plugin. + * <P> + * + * @version $Revision$, $Date$ + */ +public class AuthzMgrPlugin { + protected String mId = null; + protected String mClassPath = null; + protected Class mClass = null; + protected boolean mVisible = true; + + /** + * Constructs a AuthzManager plugin. + * @param id authz manager implementation name + * @param classPath class path + */ + public AuthzMgrPlugin(String id, String classPath) { + mId = id; + mClassPath = classPath; + } + + /** + * Returns an authorization manager implementation name + * @return an authorization manager implementation name + */ + public String getId() { + return mId; + } + + /** + * Returns a classpath of a AuthzManager plugin + * @return a classpath of a AuthzManager plugin + */ + public String getClassPath() { + return mClassPath; + } + + /** + * Returns a visibility of the plugin + * @return a visibility of the plugin + */ + public boolean isVisible() { + return mVisible; + } + + /** + * Sets visibility of the plugin + * @param visibility visibility of the plugin + */ + public void setVisible(boolean visibility) { + mVisible = visibility; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/AuthzResources.java b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzResources.java new file mode 100644 index 000000000..f17038eff --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzResources.java @@ -0,0 +1,44 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + + +import java.util.*; + + +/** + * A class represents a resource bundle for the authorization subsystem + * <P> + * @deprecated + * @version $Revision$, $Date$ + */ +public class AuthzResources extends ListResourceBundle { + + /** + * Returns the content of this resource. + * @return the content of this resource + */ + public Object[][] getContents() { + return contents; + } + + /** + * A set of constants for localized error messages. + */ + static final Object[][] contents = {}; +} diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/AuthzToken.java b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzToken.java new file mode 100644 index 000000000..dc64d322a --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzToken.java @@ -0,0 +1,164 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + + +import java.util.Hashtable; +import java.util.Date; +import java.util.Enumeration; +import com.netscape.certsrv.base.*; + + +/** + * Authorization token returned by Authorization Managers. + * Upon return, it contains the name of the authorization manager that create + * the AuthzToken, the plugin name of the authorization manager, time of + * authorization happened, name of the resource, type of operation performed + * on the resource. + * <p> + * @version $Revision$, $Date$ + */ +public class AuthzToken implements IAttrSet { + private Hashtable mAttrs = null; + + /** + * Plugin name of the authorization manager that created the + * AuthzToken as a string. + */ + public static final String TOKEN_AUTHZMGR_IMPL_NAME = "authzMgrImplName"; + + /** + * Name of the authorization manager that created the AuthzToken + * as a string. + */ + public static final String TOKEN_AUTHZMGR_INST_NAME = "authzMgrInstName"; + + /** + * Time of authorization as a java.util.Date + */ + public static final String TOKEN_AUTHZTIME = "authzTime"; + + /** + * name of the resource + */ + public static final String TOKEN_AUTHZ_RESOURCE = "authzRes"; + + /** + * name of the operation + */ + public static final String TOKEN_AUTHZ_OPERATION = "authzOp"; + + /* + * Status of the authorization evaluation + */ + public static final String TOKEN_AUTHZ_STATUS = "status"; + + /** + * Constant for the success status of the authorization evaluation. + */ + public static final String AUTHZ_STATUS_SUCCESS = "statusSuccess"; + + /** + * Constructs an instance of a authorization token. + * The token by default contains the following attributes: <br> + * <pre> + * "authzMgrInstName" - The authorization manager instance name. + * "authzMgrImplName" - The authorization manager plugin name. + * "authzTime" - The - The time of authorization. + * </pre> + * @param authzMgr The authorization manager that created this Token. + */ + public AuthzToken(IAuthzManager authzMgr) { + mAttrs = new Hashtable(); + mAttrs.put(TOKEN_AUTHZMGR_INST_NAME, authzMgr.getName()); + mAttrs.put(TOKEN_AUTHZMGR_IMPL_NAME, authzMgr.getImplName()); + mAttrs.put(TOKEN_AUTHZTIME, new Date()); + } + + /** + * Get the value of an attribute in the AuthzToken + * @param attrName The attribute name + * @return The value of attrName if any. + */ + public Object get(String attrName) { + return mAttrs.get(attrName); + } + + /** + * Used by an Authorization manager to set an attribute and value + * in the AuthzToken. + * @param attrName The name of the attribute + * @param value The value of the attribute to set. + */ + public void set(String attrName, Object value) { + mAttrs.put(attrName, value); + } + + /** + * Removes an attribute in the AuthzToken + * @param attrName The name of the attribute to remove. + */ + public void delete(String attrName) { + mAttrs.remove(attrName); + } + + /** + * Enumerate all attribute names in the AuthzToken. + * @return Enumeration of all attribute names in this AuthzToken. + */ + public Enumeration getElements() { + return (mAttrs.keys()); + } + + /** + * Enumerate all attribute values in the AuthzToken. + * @return Enumeration of all attribute names in this AuthzToken. + */ + public Enumeration getVals() { + return (mAttrs.elements()); + } + + /** + * Gets the name of the authorization manager instance that created + * this token. + * @return The name of the authorization manager instance that created + * this token. + */ + public String getAuthzManagerInstName() { + return ((String) mAttrs.get(TOKEN_AUTHZMGR_INST_NAME)); + } + + /** + * Gets the plugin name of the authorization manager that created this + * token. + * @return The plugin name of the authorization manager that created this + * token. + */ + public String getAuthzManagerImplName() { + return ((String) mAttrs.get(TOKEN_AUTHZMGR_IMPL_NAME)); + } + + /** + * Gets the time of authorization. + * @return The time of authorization + */ + public Date getAuthzTime() { + return ((Date) mAttrs.get(TOKEN_AUTHZTIME)); + } +} + diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzAccessDenied.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzAccessDenied.java new file mode 100644 index 000000000..0284de58c --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzAccessDenied.java @@ -0,0 +1,32 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + +/** + * Exception for authorization failure + */ +public class EAuthzAccessDenied extends EAuthzException { + + /** + * Constructs a exception for access denied by Authz manager + * @param errorString Detailed error message. + */ + public EAuthzAccessDenied(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzException.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzException.java new file mode 100644 index 000000000..4c2670b00 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzException.java @@ -0,0 +1,82 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + + +import com.netscape.certsrv.base.EBaseException; + +/** + * This class represents authorization exceptions. + * <P> + * @version $Revision$, $Date$ + */ +public class EAuthzException extends EBaseException { + + /** + * Resource class name. + */ + private static final String AUTHZ_RESOURCES = AuthzResources.class.getName(); + + /** + * Constructs a authz exception + * <P> + * @param msgFormat exception details + */ + public EAuthzException(String msgFormat) { + super(msgFormat); + } + + /** + * Constructs a authz exception with a parameter. + * <p> + * @param msgFormat exception details in message string format + * @param param message string parameter + */ + public EAuthzException(String msgFormat, String param) { + super(msgFormat, param); + } + + /** + * Constructs a authz exception with a exception parameter. + * <P> + * @param msgFormat exception details in message string format + * @param param system exception + */ + public EAuthzException(String msgFormat, Exception param) { + super(msgFormat, param); + } + + /** + * Constructs a authz exception with a list of parameters. + * <P> + * @param msgFormat the message format. + * @param params list of message format parameters + */ + public EAuthzException(String msgFormat, Object params[]) { + super(msgFormat, params); + } + + /** + * Returns the resource bundle name + * @return resource bundle name + */ + protected String getBundleName() { + return AUTHZ_RESOURCES; + } + +} diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzInternalError.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzInternalError.java new file mode 100644 index 000000000..52b1b9ade --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzInternalError.java @@ -0,0 +1,32 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + +/** + * An exception for internal error for authorization. + */ +public class EAuthzInternalError extends EAuthzException { + + /** + * Constructs an authorization internal error exception + * @param errorString error with a detailed message. + */ + public EAuthzInternalError(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrNotFound.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrNotFound.java new file mode 100644 index 000000000..7bf76ba6f --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrNotFound.java @@ -0,0 +1,32 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + +/** + * Exception for authorization manager not found. + */ +public class EAuthzMgrNotFound extends EAuthzException { + + /** + * Constructs a exception for a missing required authorization manager + * @param errorString Detailed error message. + */ + public EAuthzMgrNotFound(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrPluginNotFound.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrPluginNotFound.java new file mode 100644 index 000000000..b305d627b --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrPluginNotFound.java @@ -0,0 +1,32 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + +/** + * Exception for authorization manager plugin not found. + */ +public class EAuthzMgrPluginNotFound extends EAuthzException { + + /** + * Constructs a exception for a missing authorization plugin + * @param errorString Detailed error message. + */ + public EAuthzMgrPluginNotFound(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownOperation.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownOperation.java new file mode 100644 index 000000000..99caba2be --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownOperation.java @@ -0,0 +1,32 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + +/** + * Exception for operation unknown to the authorization manager + */ +public class EAuthzUnknownOperation extends EAuthzException { + + /** + * Constructs a exception for an operation unknown to the authorization manager + * @param errorString Detailed error message. + */ + public EAuthzUnknownOperation(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownProtectedRes.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownProtectedRes.java new file mode 100644 index 000000000..169ed443c --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownProtectedRes.java @@ -0,0 +1,32 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + +/** + * Exception for protected resource unknown to the authorization manager + */ +public class EAuthzUnknownProtectedRes extends EAuthzException { + + /** + * Constructs a exception for a protected resource unknown to the authorization manager + * @param errorString Detailed error message. + */ + public EAuthzUnknownProtectedRes(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzManager.java b/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzManager.java new file mode 100644 index 000000000..db016f248 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzManager.java @@ -0,0 +1,169 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + + +import com.netscape.certsrv.authentication.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.acls.*; +import com.netscape.certsrv.evaluators.*; +import java.util.*; + + +/** + * Authorization Manager interface needs to be implemented by all + * authorization managers. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IAuthzManager { + + /** + * Get the name of this authorization manager instance. + * <p> + * @return String the name of this authorization manager. + */ + public String getName(); + + /** + * Get implementation name of authorization manager plugin. + * <p> + * An example of an implementation name will be: + * <PRE> + * com.netscape.cms.BasicAclAuthz + * </PRE> + * <p> + * @return The name of the authorization manager plugin. + */ + public String getImplName(); + + /** + * <code>accessInit</code> is for servlets who want to initialize their + * own authorization information before full operation. It is supposed + * to be called from the authzMgrAccessInit() method of the AuthzSubsystem. + * <p> + * The accessInfo format is determined by each individual + * authzmgr. For example, for BasicAclAuthz, + * The accessInfo is the resACLs, whose format should conform + * to the following: + * <pre> + * <resource ID>:right-1[,right-n]:[allow,deny](right(s))<evaluatorType>=<value>:<comment for this resource acl + * </pre> + * <P> + * Example: + * resTurnKnob:left,right:allow(left) group="lefties":door knobs for lefties + * @param accessInfo the access info string in the format specified in the authorization manager + * @exception EBaseException error parsing the accessInfo + */ + public void accessInit(String accessInfo) throws EBaseException; + + /** + * Check if the user is authorized to perform the given operation on the + * given resource. + * @param authToken the authToken associated with a user. + * @param resource - the protected resource name + * @param operation - the protected resource operation name + * @return authzToken if the user is authorized + * @exception EAuthzInternalError if an internal error occurred. + * @exception EAuthzAccessDenied if access denied + */ + public AuthzToken authorize(IAuthToken authToken, String resource, String operation) + throws EAuthzInternalError, EAuthzAccessDenied; + + public AuthzToken authorize(IAuthToken authToken, String expression) + throws EAuthzInternalError, EAuthzAccessDenied; + + /** + * Initialize this authorization manager. + * @param name The name of this authorization manager instance. + * @param implName The name of the authorization manager plugin. + * @param config The configuration store for this authorization manager. + * @exception EBaseException If an initialization error occurred. + */ + public void init(String name, String implName, IConfigStore config) + throws EBaseException; + + /** + * Prepare this authorization manager for a graceful shutdown. + * Called when the server is exiting for any cleanup needed. + */ + public void shutdown(); + + /** + * Get configuration parameters for this implementation. + * The configuration parameters returned is passed to the + * console so configuration for instances of this + * implementation can be made through the console. + * + * @return a list of names for configuration parameters. + * @exception EBaseException If an internal error occurred + */ + public String[] getConfigParams() + throws EBaseException; + + /** + * Get the configuration store for this authorization manager. + * @return The configuration store of this authorization manager. + */ + public IConfigStore getConfigStore(); + + /** + * Get ACL entries + * @return enumeration of ACL entries. + */ + public Enumeration getACLs(); + + /** + * Get individual ACL entry for the given name of entry. + * @param target The name of the ACL entry + * @return The ACL entry. + */ + public IACL getACL(String target); + + /** + * Update ACLs in the database + * @param id The name of the ACL entry (ie, resource id) + * @param rights The allowable rights for this resource + * @param strACLs The value of the ACL entry + * @param desc The description for this resource + * @exception EACLsException when update fails. + */ + public void updateACLs(String id, String rights, String strACLs, + String desc) throws EACLsException; + + /** + * Get all registered evaluators. + * @return All registered evaluators. + */ + public Enumeration aclEvaluatorElements(); + + /** + * Register new evaluator + * @param type Type of evaluator + * @param evaluator Value of evaluator + */ + public void registerEvaluator(String type, IAccessEvaluator evaluator); + + /** + * Return a table of evaluators + * @return A table of evaluators + */ + public Hashtable getAccessEvaluators(); +} + diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java b/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java new file mode 100644 index 000000000..2d0f81ee8 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java @@ -0,0 +1,149 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + +import com.netscape.certsrv.authentication.*; +import com.netscape.certsrv.base.*; +import java.util.*; + +/** + * An interface that represents an authorization component + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IAuthzSubsystem extends ISubsystem { + + /** + * Constant for auths. + */ + public static final String ID = "authz"; + + /** + * Constant for class. + */ + public static final String PROP_CLASS = "class"; + + /** + * Constant for impl + */ + public static final String PROP_IMPL = "impl"; + + /** + * Constant for pluginName. + */ + public static final String PROP_PLUGIN = "pluginName"; + + /** + * Constant for instance. + */ + public static final String PROP_INSTANCE = "instance"; + + /** + * authorize the user associated with the given authToken for a given + * operation with the given authorization manager name + * @param authzMgrName The authorization manager name + * @param authToken the authenticaton token associated with a user + * @param resource the resource protected by the authorization system + * @param operation the operation for resource protected by the authorization system + * @return a authorization token. + * @exception EBaseException If an error occurs during authorization. + */ + public AuthzToken authorize(String authzMgrName, IAuthToken authToken, + String resource, String operation) + throws EBaseException; + + public AuthzToken authorize(String authzMgrName, IAuthToken authToken, + String exp) throws EBaseException; + + /** + * Adds (registers) the given authorization manager. + * @param name The authorization manager name + * @param authzMgr The authorization manager instance. + */ + public void add(String name, IAuthzManager authzMgr); + + /** + * Deletes (deregisters) the given authorization manager. + * @param name The authorization manager name to delete. + */ + public void delete(String name); + + /** + * Gets the Authorization manager instance of the specified name. + * @param name The authorization manager's name. + * @return an authorization manager interface + */ + public IAuthzManager getAuthzManager(String name) throws EBaseException; + + /** + * Gets an enumeration of authorization managers registered to the + * authorization component. + * @return a list of authorization managers + */ + public Enumeration getAuthzManagers(); + + /** + * Initialize authz info - usually used for BasicAclAuthz + * + * @param authzMgrName name of the authorization manager + * @param accessInfo string representation of the ACL + * @exception EBaseException if authorization manager is not found + */ + public void authzMgrAccessInit(String authzMgrName, String accessInfo) throws EBaseException; + + /** + * Gets an enumeration of authorization manager plugins. + * @return list of authorization manager plugins + */ + public Enumeration getAuthzManagerPlugins(); + + /** + * Gets a single authorization manager plugin implementation + * @param name given authorization plugin name + * @return authorization manager plugin + */ + public IAuthzManager getAuthzManagerPlugin(String name); + + /** + * Log error message. + * @param level log level + * @param msg error message + */ + public void log(int level, String msg); + + /** + * Get a hashtable containing all authentication plugins. + * @return all authentication plugins. + */ + public Hashtable getPlugins(); + + /** + * Get a hashtable containing all authentication instances. + * @return all authentication instances. + */ + public Hashtable getInstances(); + + /** + * Get an authorization manager interface for the given name. + * @param name given authorization manager name. + * @return an authorization manager interface + */ + public IAuthzManager get(String name); +} + diff --git a/pki/base/common/src/com/netscape/certsrv/base/ASubsystem.java b/pki/base/common/src/com/netscape/certsrv/base/ASubsystem.java new file mode 100644 index 000000000..ea3342308 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/base/ASubsystem.java @@ -0,0 +1,71 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.base; + + +/** + * This class represents a basic subsystem. Each basic + * subsystem is named with an identifier and has a + * configuration store. + * + * @version $Revision$, $Date$ + */ +public abstract class ASubsystem implements ISubsystem { + + private ISubsystem mParent; + private IConfigStore mCfg; + private String mId; + + /** + * Initializes this subsystem. + * + * @param parent parent subsystem + * @param cfg configuration store + */ + public void init(ISubsystem parent, IConfigStore cfg) { + mParent = parent; + mCfg = cfg; + } + + /** + * Retrieves the configuration store. + * + * @return configuration store + */ + public IConfigStore getConfigStore() { + return mCfg; + } + + /** + * Sets the identifier of this subsystem. + * + * @param id subsystem identifier + */ + public void setId(String id) { + mId = id; + } + + /** + * Retrieves the subsystem identifier. + * + * @return subsystem identifier + */ + public String getId() { + return mId; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/base/AttributeNameHelper.java b/pki/base/common/src/com/netscape/certsrv/base/AttributeNameHelper.java new file mode 100644 index 000000000..786148a0e --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/base/AttributeNameHelper.java @@ -0,0 +1,70 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.base; + + +/** + * AttributeNameHelper. This Helper class used to decompose + * dot-separated attribute name into prefix and suffix. + * + * @version $Revision$, $Date$ + */ +public class AttributeNameHelper { + // Public members + private static final char SEPARATOR = '.'; + + // Private data members + private String prefix = null; + private String suffix = null; + + /** + * Default constructor for the class. Name is of the form + * "proofOfPosession.type". + * + * @param name the attribute name. + */ + public AttributeNameHelper(String name) { + int i = name.indexOf(SEPARATOR); + + if (i == (-1)) { + prefix = name; + } else { + prefix = name.substring(0, i); + suffix = name.substring(i + 1); + } + } + + /** + * Return the prefix of the name. + * + * @return attribute prefix + */ + public String getPrefix() { + return (prefix); + } + + /** + * Return the suffix of the name. + * + * @return attribute suffix + */ + public String getSuffix() { + return (suffix); + } +} + diff --git a/pki/base/common/src/com/netscape/certsrv/base/BaseResources.java b/pki/base/common/src/com/netscape/certsrv/base/BaseResources.java new file mode 100644 index 000000000..f8a69f65d --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/base/BaseResources.java @@ -0,0 +1,47 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.base; + + +import java.util.*; + + +/** + * A class represents a resource bundle for the entire + * system. + * <P> + * + * @version $Revision$, $Date$ + * @see java.util.ListResourceBundle + */ +public class BaseResources extends ListResourceBundle { + + /** + * Returns the content of this resource. + */ + public Object[][] getContents() { + return contents; + } + + /* + * Constants. The suffix represents the number of + * possible parameters. + */ + + static final Object[][] contents = {}; +} diff --git a/pki/base/common/src/com/netscape/certsrv/base/EBaseException.java b/pki/base/common/src/com/netscape/certsrv/base/EBaseException.java new file mode 100644 index 000000000..50ea8fdc7 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/base/EBaseException.java @@ -0,0 +1,150 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.base; + + +import java.io.*; +import java.util.*; +import java.text.*; +import java.lang.reflect.*; + + +/** + * An exception with localizable error messages. It is the + * base class for all exceptions in certificate server. + * <P> + * + * @version $Revision$, $Date$ + * @see java.text.MessageFormat + * @see com.netscape.certsrv.base.BaseResources + */ +public class EBaseException extends Exception { + + /** + * The resource bundle to use for error messages. + * Subclasses can override to use its own resource bundle. + */ + private static final String BASE_RESOURCES = BaseResources.class.getName(); + + /** + * Parameters to the exception error message. + */ + public Object mParams[] = null; + + /** + * Constructs an instance of this exception with the given resource key. + * If resource key is not found in the resource bundle, the resource key + * specified is used as the error message. + * <pre> + * new EBaseException(BaseResources.PERMISSION_DENIED); + * new EBaseException("An plain error message"); + * <P> + * @param msgFormat The error message resource key. + */ + public EBaseException(String msgFormat) { + super(msgFormat); + mParams = null; + } + + /** + * Constructs an instance of this exception with the given resource key + * and a parameter as a string. + * <PRE> + * new EBaseException(BaseResource.NO_CONFIG_FILE, fileName); + * </PRE> + * <P> + * @param msgFormat exception details in message string format + * @param param message string parameter + */ + public EBaseException(String msgFormat, String param) { + super(msgFormat); + mParams = new String[1]; + mParams[0] = param; + } + + /** + * Constructs an instance of the exception given the resource key and + * a exception parameter. + * <PRE> + * try { + * ... + * } catch (IOExeption e) { + * throw new EBaseException(BaseResources.INTERNAL_ERROR_1, e); + * } + * </PRE> + * <P> + * @param msgFormat The resource key + * @param param The parameter as an exception + */ + public EBaseException(String msgFormat, Exception param) { + super(msgFormat); + mParams = new Exception[1]; + mParams[0] = param; + } + + /** + * Constructs an instance of this exception given the resource key and + * an array of parameters. + * <P> + * @param msgFormat The resource key + * @param params Array of params + */ + public EBaseException(String msgFormat, Object params[]) { + super(msgFormat); + mParams = params; + } + + /** + * Returns the list of parameters. + * <P> + * + * @return List of parameters. + */ + public Object[] getParameters() { + return mParams; + } + + /** + * Returns the exception string in the default locale. + * <P> + * @return The exception string in the default locale. + */ + public String toString() { + return toString(Locale.getDefault()); + } + + /** + * Returns the exception string in the given locale. + * <P> + * @param locale The locale + * @return The exception string in the given locale. + */ + public String toString(Locale locale) { + return MessageFormatter.getLocalizedString(locale, getBundleName(), + super.getMessage(), mParams); + } + + /** + * Returns the given resource bundle name. + * @return the name of the resource bundle for this class. + */ + protected String getBundleName() { + return BASE_RESOURCES; + } + +} diff --git a/pki/base/common/src/com/netscape/certsrv/base/EPropertyNotDefined.java b/pki/base/common/src/com/netscape/certsrv/base/EPropertyNotDefined.java new file mode 100644 index 000000000..57385d700 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/base/EPropertyNotDefined.java @@ -0,0 +1,41 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.base; + + +/** + * This class represents an exception thrown when a + * property is not defined (empty string) the configuration store. + * It extends EBaseException and uses the same resource bundle. + * <p> + * + * @version $Revision$, $Date$ + * @see com.netscape.certsrv.base.EBaseException + */ +public class EPropertyNotDefined extends EBaseException { + + /** + * Constructs an instance of this exception given the name of the + * property that's not found. + * <p> + * @param errorString Detailed error message. + */ + public EPropertyNotDefined(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/base/EPropertyNotFound.java b/pki/base/common/src/com/netscape/certsrv/base/EPropertyNotFound.java new file mode 100644 index 000000000..a0f4ed93b --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/base/EPropertyNotFound.java @@ -0,0 +1,41 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.base; + + +/** + * This class represents an exception thrown when a + * property is not found in the configuration store. + * It extends EBaseException and uses the same resource bundle. + * <p> + * + * @version $Revision$, $Date$ + * @see com.netscape.certsrv.base.EBaseException + */ +public class EPropertyNotFound extends EBaseException { + + /** + * Constructs an instance of this exception given the name of the + * property that's not found. + * <p> + * @param errorString Detailed error message. + */ + public EPropertyNotFound(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/base/ExtendedPluginInfo.java b/pki/base/common/src/com/netscape/certsrv/base/ExtendedPluginInfo.java new file mode 100644 index 000000000..b74131a68 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/base/ExtendedPluginInfo.java @@ -0,0 +1,91 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.base; + + +import java.util.*; +import java.lang.*; + + +/** + * Plugin which can return extended information to console + * <p> + * + * @version $Revision$, $Date$ + */ +public class ExtendedPluginInfo implements IExtendedPluginInfo { + + private String _epi[] = null; + + /** + * Constructs an extended plugin info object. + * + * @param epi plugin info list + */ + public ExtendedPluginInfo(String epi[]) { + _epi = epi; + } + + /** + * This method returns an array of strings. Each element of the + * array represents a configurable parameter, or some other + * meta-info (such as help-token) + * + * there is an entry indexed on that parameter name + * <param-name>;<type_info>[,required];<description>;... + * + * Where: + * + * type_info is either 'string', 'number', 'boolean', 'password' or + * 'choice(ch1,ch2,ch3,...)' + * + * If the marker 'required' is included after the type_info, + * the parameter will has some visually distinctive marking in + * the UI. + * + * 'description' is a short sentence describing the parameter + * 'choice' is rendered as a drop-down list. The first parameter in the + * list will be activated by default + * 'boolean' is rendered as a checkbox. The resulting parameter will be + * either 'true' or 'false' + * 'string' allows any characters + * 'number' allows only numbers + * 'password' is rendered as a password field (the characters are replaced + * with *'s when being types. This parameter is not passed through to + * the plugin. It is instead inserted directly into the password cache + * keyed on the instance name. The value of the parameter + * 'bindPWPrompt' (see example below) is set to the key. + * + * In addition to the configurable parameters, the following magic parameters + * may be defined: + * + * HELP_TOKEN;helptoken - a pointer to the online manual section for this plugin + * HELP_TEXT;helptext - a general help string describing the plugin + * + * For example: + * "username;string;The username you wish to login as" + * "bindPWPrompt;password;Enter password to bind as above user with" + * "algorithm;choice(RSA,DSA);Which algorithm do you want to use" + * "enable;boolean;Do you want to run this plugin" + * "port;number;Which port number do you want to use" + * + */ + public String[] getExtendedPluginInfo(Locale locale) { + return _epi; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/base/IArgBlock.java b/pki/base/common/src/com/netscape/certsrv/base/IArgBlock.java new file mode 100644 index 000000000..835ad0ed1 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/base/IArgBlock.java @@ -0,0 +1,285 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.base; + +import java.util.*; +import java.io.*; +import netscape.security.pkcs.*; +import java.security.*; +import java.math.BigInteger; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.BaseResources; + + +/** + * This interface defines the abstraction for the generic collection + * of attributes indexed by string names. + * Set of cooperating implementations of this interface may exploit + * dot-separated attribute names to provide seamless access to the + * attributes of attribute value which also implements AttrSet + * interface as if it was direct attribute of the container + * E.g., ((AttrSet)container.get("x")).get("y") is equivalent to + * container.get("x.y"); + * <p> + * + * @version $Revision$, $Date$ + **/ +public interface IArgBlock extends Serializable { + + /** + * Checks if this argument block contains the given key. + * + * @param n key + * @return true if key is present + */ + public boolean isValuePresent(String n); + /** + * Adds string-based value into this argument block. + * + * @param n key + * @param v value + * @return value + */ + public Object addStringValue(String n, String v); + + /** + * Retrieves argument value as string. + * + * @param n key + * @return argument value as string + * @exception EBaseException failed to retrieve value + */ + public String getValueAsString(String n) throws EBaseException; + + /** + * Retrieves argument value as string. + * + * @param n key + * @param def default value to be returned if key is not present + * @return argument value as string + */ + public String getValueAsString(String n, String def); + + /** + * Retrieves argument value as integer. + * + * @param n key + * @return argument value as int + * @exception EBaseException failed to retrieve value + */ + public int getValueAsInt(String n) throws EBaseException; + + /** + * Retrieves argument value as integer. + * + * @param n key + * @param def default value to be returned if key is not present + * @return argument value as int + */ + public int getValueAsInt(String n, int def); + + /** + * Retrieves argument value as big integer. + * + * @param n key + * @return argument value as big integer + * @exception EBaseException failed to retrieve value + */ + public BigInteger getValueAsBigInteger(String n) throws EBaseException; + + /** + * Retrieves argument value as big integer. + * + * @param n key + * @param def default value to be returned if key is not present + * @return argument value as big integer + */ + public BigInteger getValueAsBigInteger(String n, BigInteger def); + + /** + * Retrieves argument value as object + * + * @param n key + * @return argument value as object + * @exception EBaseException failed to retrieve value + */ + public Object getValue(Object n) throws EBaseException; + + /** + * Retrieves argument value as object + * + * @param n key + * @param def default value to be returned if key is not present + * @return argument value as object + */ + public Object getValue(Object n, Object def); + + /** + * Gets boolean value. They should be "true" or "false". + * + * @param name name of the input type + * @return boolean type: <code>true</code> or <code>false</code> + * @exception EBaseException failed to retrieve value + */ + public boolean getValueAsBoolean(String name) throws EBaseException; + + /** + * Gets boolean value. They should be "true" or "false". + * + * @param name name of the input type + * @param def Default value to return. + * @return boolean type: <code>true</code> or <code>false</code> + */ + public boolean getValueAsBoolean(String name, boolean def); + + /** + * Gets KeyGenInfo + * + * @param name name of the input type + * @param def default value to return + * @exception EBaseException On error. + * @return KeyGenInfo object + */ + public KeyGenInfo getValueAsKeyGenInfo(String name, KeyGenInfo def) throws EBaseException; + + /** + * Gets PKCS10 request. This pkcs10 attribute does not + * contain header information. + * + * @param name name of the input type + * @return pkcs10 request + * @exception EBaseException failed to retrieve value + */ + public PKCS10 getValueAsRawPKCS10(String name) throws EBaseException; + + /** + * Gets PKCS10 request. This pkcs10 attribute does not + * contain header information. + * + * @param name name of the input type + * @param def default PKCS10 + * @return pkcs10 request + * @exception EBaseException failed to retrieve value + */ + public PKCS10 getValueAsRawPKCS10(String name, PKCS10 def) throws EBaseException; + + /** + * Retrieves PKCS10 + * + * @param name name of the input type + * @param checkheader true if header must be present + * @return PKCS10 object + * @exception EBaseException failed to retrieve value + */ + public PKCS10 getValueAsPKCS10(String name, boolean checkheader) throws EBaseException; + + /** + * Retrieves PKCS10 + * + * @param name name of the input type + * @param checkheader true if header must be present + * @param def default PKCS10 + * @return PKCS10 object + * @exception EBaseException on error + */ + public PKCS10 getValueAsPKCS10(String name, boolean checkheader, PKCS10 def) throws EBaseException; + + /** + * Retrieves PKCS10 + * + * @param name name of the input type + * @param def default PKCS10 + * @return PKCS10 object + * @exception EBaseException on error + */ + public PKCS10 getValuePKCS10(String name, PKCS10 def) throws EBaseException; + + /** + * Retrieves a list of argument keys. + * + * @return a list of string-based keys + */ + public Enumeration elements(); + + /** + * Adds long-type arguments to this block. + * + * @param n key + * @param v value + * @return value + */ + public Object addLongValue(String n, long v); + + /** + * Adds integer-type arguments to this block. + * + * @param n key + * @param v value + * @return value + */ + public Object addIntegerValue(String n, int v); + + /** + * Adds boolean-type arguments to this block. + * + * @param n key + * @param v value + * @return value + */ + public Object addBooleanValue(String n, boolean v); + + /** + * Adds integer-type arguments to this block. + * + * @param n key + * @param v value + * @param radix radix + * @return value + */ + public Object addBigIntegerValue(String n, BigInteger v, int radix); + + /** + * Sets argument into this block. + * + * @param name key + * @param obj value + */ + public void set(String name, Object obj); + + /** + * Retrieves argument. + * + * @param name key + * @return object value + */ + public Object get(String name); + + /** + * Deletes argument by the given key. + * + * @param name key + */ + public void delete(String name); + + /** + * Retrieves a list of argument keys. + * + * @return a list of string-based keys + */ + public Enumeration getElements(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/base/IAttrSet.java b/pki/base/common/src/com/netscape/certsrv/base/IAttrSet.java new file mode 100644 index 000000000..4e8b0205d --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/base/IAttrSet.java @@ -0,0 +1,72 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.base; + + +import java.io.Serializable; +import java.util.Enumeration; + + +/** + * This interface defines the abstraction for the generic collection + * of attributes indexed by string names. + * Set of cooperating implementations of this interface may exploit + * dot-separated attribute names to provide seamless access to the + * attributes of attribute value which also implements AttrSet + * interface as if it was direct attribute of the container + * E.g., ((AttrSet)container.get("x")).get("y") is equivalent to + * container.get("x.y"); + * <p> + * + * @version $Revision$, $Date$ + **/ +public interface IAttrSet extends Serializable { + + /** + * Sets an attribute value within this AttrSet. + * + * @param name the name of the attribute + * @param obj the attribute object. + * @exception EBaseException on attribute handling errors. + */ + public void set(String name, Object obj)throws EBaseException; + + /** + * Gets an attribute value. + * + * @param name the name of the attribute to return. + * @exception EBaseException on attribute handling errors. + */ + public Object get(String name) throws EBaseException; + + /** + * Deletes an attribute value from this AttrSet. + * + * @param name the name of the attribute to delete. + * @exception EBaseException on attribute handling errors. + */ + public void delete(String name) throws EBaseException; + + /** + * Returns an enumeration of the names of the attributes existing within + * this AttrSet. + * + * @return an enumeration of the attribute names. + */ + public Enumeration getElements(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/base/IAuthInfo.java b/pki/base/common/src/com/netscape/certsrv/base/IAuthInfo.java new file mode 100644 index 000000000..2006c8f23 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/base/IAuthInfo.java @@ -0,0 +1,36 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.base; + + +import java.util.*; +import java.security.*; + + +/** + * An interface represents an authentication context. This + * is an entity that encapsulates the authentication + * information of a service requestor. For example, CMS + * user needs to authenticate to CMS using SSL. The + * client certificate is expressed in authenticated context. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IAuthInfo { +} diff --git a/pki/base/common/src/com/netscape/certsrv/base/ICRLPrettyPrint.java b/pki/base/common/src/com/netscape/certsrv/base/ICRLPrettyPrint.java new file mode 100644 index 000000000..902c0aad3 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/base/ICRLPrettyPrint.java @@ -0,0 +1,50 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.base; + + +import java.util.*; + + +/** + * This interface represents a CRL pretty print handler. + * It converts a CRL object into a printable CRL string. + * + * @version $Revision$, $Date$ + */ +public interface ICRLPrettyPrint { + + /** + * Retrieves the printable CRL string. + * + * @param clientLocale end user clocale + * @param crlSize CRL size + * @param pageStart starting page number + * @param pageSize page size in rows + * @return printable CRL string + */ + public String toString(Locale clientLocale, long crlSize, long pageStart, long pageSize); + + /** + * Retrieves the printable CRL string. + * + * @param clientLocale end user clocale + * @return printable CRL string + */ + public String toString(Locale clientLocale); +} diff --git a/pki/base/common/src/com/netscape/certsrv/base/ICertPrettyPrint.java b/pki/base/common/src/com/netscape/certsrv/base/ICertPrettyPrint.java new file mode 100644 index 000000000..dc3186497 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/base/ICertPrettyPrint.java @@ -0,0 +1,40 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.base; + + +import java.util.*; + + +/** + * This interface represents a certificate pretty print + * handler. This handler converts certificate object into + * a printable certificate string. + * + * @version $Revision$, $Date$ + */ +public interface ICertPrettyPrint { + + /** + * Returns printable certificate string. + * + * @param clientLocale end user locale + * @return printable certificate string + */ + public String toString(Locale clientLocale); +} diff --git a/pki/base/common/src/com/netscape/certsrv/base/IConfigStore.java b/pki/base/common/src/com/netscape/certsrv/base/IConfigStore.java new file mode 100644 index 000000000..b53e7c66f --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/base/IConfigStore.java @@ -0,0 +1,276 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.base; + + +import java.util.Enumeration; +import java.math.BigInteger; + + +/** + * An interface represents a configuration store. + * A configuration store is an abstraction of a hierarchical store + * to keep arbitrary data indexed by string names.<p> + * In the following example: + * <pre> + * param1=value1 + * configStore1.param11=value11 + * configStore1.param12=value12 + * configStore1.subStore1.param111=value111 + * configStore1.subStore1.param112=value112 + * configStore2.param21=value21 + * </pre> + * The top config store has parameters <i>param1</i> and sub-stores + * <i>configStore1</i> and <i>configStore2</i>. <br> + * The following illustrates how a config store is used. + * <pre> + * // the top config store is passed to the following method. + * public void init(IConfigStore config) throws EBaseException { + * IConfigStore store = config; + * String valx = config.getString("param1"); + * // valx is "value1" <p> + * + * IConfigStore substore1 = config.getSubstore("configStore1"); + * String valy = substore1.getString("param11"); + * // valy is "value11" <p> + * + * IConfigStore substore2 = config.getSubstore("configStore2"); + * String valz = substore2.getString("param21"); + * // valz is "value21" <p> + * } + * </pre> + * + * @version $Revision$, $Date$ + */ +public interface IConfigStore extends ISourceConfigStore { + + /** + * Gets the name of this Configuration Store. + * <P> + * @return The name of this Configuration store + */ + public String getName(); + + /** + * Retrieves the value of the given property as a string. + * <p> + * @param name The name of the property to get + * @return The value of the property as a String + * @exception EPropertyNotFound If the property is not present + * @exception EBaseException If an internal error occurred + */ + public String getString(String name) + throws EPropertyNotFound, EBaseException; + + /** + * Retrieves the value of a given property as a string or the + * given default value if the property is not present. + * <P> + * @param name The property to retrive + * @param defval The default value to return if the property is not present + * @return The roperty value as a string + * @exception EBaseException If an internal error occurred + */ + public String getString(String name, String defval) + throws EBaseException; + + /** + * Stores a property and its value as a string. + * <p> + * @param name The name of the property + * @param value The value as a string + */ + public void putString(String name, String value); + + /** + * Retrieves the value of a property as a byte array. + * <P> + * @param name The property name + * @return The property value as a byte array + * @exception EPropertyNotFound If the property is not present + * @exception EBaseException If an internal error occurred + */ + public byte[] getByteArray(String name) + throws EPropertyNotFound, EBaseException; + + /** + * Retrieves the value of a property as a byte array, using the + * given default value if property is not present. + * <P> + * @param name The name of the property + * @param defval The default value if the property is not present. + * @return The property value as a byte array. + * @exception EBaseException If an internal error occurred + */ + public byte[] getByteArray(String name, byte defval[]) + throws EBaseException; + + /** + * Stores the given property and value as a byte array. + * <p> + * @param name The property name + * @param value The value as a byte array to store + */ + public void putByteArray(String name, byte value[]); + + /** + * Retrieves the given property as a boolean. + * <P> + * @param name The name of the property as a string. + * @return The value of the property as a boolean. + * @exception EPropertyNotFound If the property is not present + * @exception EBaseException If an internal error occurred + */ + public boolean getBoolean(String name) + throws EPropertyNotFound, EBaseException; + + /** + * Retrieves the given property as a boolean. + * <P> + * @param name The name of the property + * @param defval The default value to turn as a boolean if + * property is not present + * @return The value of the property as a boolean. + * @exception EBaseException If an internal error occurred + */ + public boolean getBoolean(String name, boolean defval) + throws EBaseException; + + /** + * Stores the given property and its value as a boolean. + * <P> + * @param name The property name + * @param value The value as a boolean + */ + public void putBoolean(String name, boolean value); + + /** + * Retrieves the given property as an integer. + * <P> + * @param name The property name + * @return The property value as an integer + * @exception EPropertyNotFound If property is not found + * @exception EBaseException If an internal error occurred + */ + public int getInteger(String name) + throws EPropertyNotFound, EBaseException; + + /** + * Retrieves the given property as an integer. + * <P> + * @param name The property name + * @return int The default value to return as an integer + * @exception EBaseException If the value cannot be converted to a + * integer + */ + public int getInteger(String name, int defval) + throws EBaseException; + + /** + * Sets a property and its value as an integer. + * <P> + * @param name parameter name + * @param value integer value + */ + public void putInteger(String name, int value); + + /** + * Retrieves the given property as a big integer. + * <P> + * @param name The property name + * @return The property value as a big integer + * @exception EPropertyNotFound If property is not found + * @exception EBaseException If an internal error occurred + */ + public BigInteger getBigInteger(String name) + throws EPropertyNotFound, EBaseException; + + /** + * Retrieves the given property as a big integer. + * <P> + * @param name The property name + * @return int The default value to return as a big integer + * @exception EBaseException If the value cannot be converted to a + * integer + */ + public BigInteger getBigInteger(String name, BigInteger defval) + throws EBaseException; + + /** + * Sets a property and its value as an integer. + * <P> + * @param name parameter name + * @param value big integer value + */ + public void putBigInteger(String name, BigInteger value); + + /** + * Creates a nested sub-store with the specified name. + * <P> + * @param name The name of the sub-store + * @return The sub-store created + */ + public IConfigStore makeSubStore(String name); + + /** + * Retrieves the given sub-store. + * <P> + * @param name The name of the sub-store + * @return The sub-store + */ + public IConfigStore getSubStore(String name); + + /** + * Removes sub-store with the given name. + * (Removes all properties and sub-stores under this sub-store.) + * <P> + * @param name The name of the sub-store to remove + */ + public void removeSubStore(String name); + + public void remove(String name); + + /** + * Retrives and enumeration of all properties in this config-store. + * @return An enumeration of all properties in this config-store + */ + public Enumeration getPropertyNames(); + + /** + * Returns an enumeration of the names of the substores of + * this config-store. + * <P> + * @return An enumeration of the names of the sub-stores of this + * config-store + */ + public Enumeration getSubStoreNames(); + + /** + * Commits all the data into file immediately. + * + * @param createBackup true if a backup file should be created + * @exception EBaseException failed to commit + */ + public void commit(boolean createBackup) throws EBaseException; + + /** + * Return the number of items in this substore + */ + public int size(); +} + diff --git a/pki/base/common/src/com/netscape/certsrv/base/IConfigStoreEventListener.java b/pki/base/common/src/com/netscape/certsrv/base/IConfigStoreEventListener.java new file mode 100644 index 000000000..f2b6a03d4 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/base/IConfigStoreEventListener.java @@ -0,0 +1,50 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.base; + + +import java.util.Hashtable; + + +/** + * ConfigStore Parameters Event Notification. + * + * @version $Revision$, $Date$ + */ +public interface IConfigStoreEventListener { + + /** + * Called to validate the config store parameters that changed + * + * @param action action + * @param params configuration parameters changed + * @exception EBaseException failed to validate + */ + public void validateConfigParams(String action, + Hashtable params) throws EBaseException; + + /** + * Validates the config store parameters that changed + * + * @param action action + * @param params configuration parameters changed + * @exception EBaseException failed to validate + */ + public void doConfigParams(String action, + Hashtable params) throws EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/base/IExtPrettyPrint.java b/pki/base/common/src/com/netscape/certsrv/base/IExtPrettyPrint.java new file mode 100644 index 000000000..00f9c8460 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/base/IExtPrettyPrint.java @@ -0,0 +1,44 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.base; + + +import java.io.*; +import java.util.*; +import java.text.*; +import java.math.BigInteger; +import java.security.cert.*; +import java.security.*; + + +/** + * This class will display the certificate content in predefined + * format. + * + * @version $Revision$, $Date$ + */ +public interface IExtPrettyPrint { + + /** + * Retrieves the printable extension string. + * + * @return printable extension string + */ + public String toString(); +} + diff --git a/pki/base/common/src/com/netscape/certsrv/base/IExtendedPluginInfo.java b/pki/base/common/src/com/netscape/certsrv/base/IExtendedPluginInfo.java new file mode 100644 index 000000000..ac98c6c36 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/base/IExtendedPluginInfo.java @@ -0,0 +1,84 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.base; + + +import com.netscape.certsrv.base.*; +import java.util.*; +import java.lang.*; +import com.netscape.certsrv.common.*; + + +/** + * Plugin which can return extended information to console + * <p> + * + * @version $Revision$, $Date$ + */ +public interface IExtendedPluginInfo { + + public static final String HELP_TOKEN = "HELP_TOKEN"; + public static final String HELP_TEXT = "HELP_TEXT"; + + /** + * This method returns an array of strings. Each element of the + * array represents a configurable parameter, or some other + * meta-info (such as help-token) + * + * there is an entry indexed on that parameter name + * <param-name>;<type_info>[,required];<description>;... + * + * Where: + * + * type_info is either 'string', 'number', 'boolean', 'password' or + * 'choice(ch1,ch2,ch3,...)' + * + * If the marker 'required' is included after the type_info, + * the parameter will has some visually distinctive marking in + * the UI. + * + * 'description' is a short sentence describing the parameter + * 'choice' is rendered as a drop-down list. The first parameter in the + * list will be activated by default + * 'boolean' is rendered as a checkbox. The resulting parameter will be + * either 'true' or 'false' + * 'string' allows any characters + * 'number' allows only numbers + * 'password' is rendered as a password field (the characters are replaced + * with *'s when being types. This parameter is not passed through to + * the plugin. It is instead inserted directly into the password cache + * keyed on the instance name. The value of the parameter + * 'bindPWPrompt' (see example below) is set to the key. + * + * In addition to the configurable parameters, the following magic parameters + * may be defined: + * + * HELP_TOKEN;helptoken - a pointer to the online manual section for this plugin + * HELP_TEXT;helptext - a general help string describing the plugin + * + * For example: + * "username;string;The username you wish to login as" + * "bindPWPrompt;password;Enter password to bind as above user with" + * "algorithm;choice(RSA,DSA);Which algorithm do you want to use" + * "enable;boolean;Do you want to run this plugin" + * "port;number;Which port number do you want to use" + * + */ + public String[] getExtendedPluginInfo(Locale locale); + +} diff --git a/pki/base/common/src/com/netscape/certsrv/base/IPluginImpl.java b/pki/base/common/src/com/netscape/certsrv/base/IPluginImpl.java new file mode 100644 index 000000000..a32dfc2ea --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/base/IPluginImpl.java @@ -0,0 +1,107 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.base; + + +import java.util.*; +import netscape.ldap.*; +import com.netscape.certsrv.base.*; + +/** + * This interface represents a plugin instance. + * + * @version $Revision$, $Date$ + */ +public interface IPluginImpl { + + public static final String PROP_IMPLNAME = "implName"; + + /** + * Gets the description for this plugin instance. + * <P> + * @return The Description for this plugin instance. + */ + public String getDescription(); + + /** + * Returns the name of the plugin class. + * <P> + * + * @return The name of the plugin class. + */ + public String getImplName(); + + /** + * Returns the name of the plugin instance. + * <P> + * + * @return The name of the plugin instance. If none is set + * the name of the implementation will be returned.xxxx + */ + public String getInstanceName(); + + /** + * Initializes this plugin instance. + * + * @param sys parent subsystem + * @param instanceName instance name of this plugin + * @param className class name of this plugin + * @param config configuration store + * @exception EBaseException failed to initialize + */ + public void init(ISubsystem sys, String instanceName, String className, + IConfigStore config) + throws EBaseException; + + /** + * Shutdowns this plugin. + */ + public void shutdown(); + + /** + * Retrieves the configuration store. + * + * @return configuration store + */ + public IConfigStore getConfigStore(); + + /** + * Return configured parameters for a plugin instance. + * + * @return nvPairs A Vector of name/value pairs. Each name/value + * pair is constructed as a String in name=value format. + */ + public Vector getInstanceParams(); + + /** + * Retrieves a list of configuration parameter names. + * + * @return a list of parameter names + */ + public String[] getConfigParams(); + + /** + * Return default parameters for a plugin implementation. + * + * @return nvPairs A Vector of name/value pairs. Each name/value + * pair is constructed as a String in name=value. + */ + public Vector getDefaultParams(); + +} + diff --git a/pki/base/common/src/com/netscape/certsrv/base/IPrettyPrintFormat.java b/pki/base/common/src/com/netscape/certsrv/base/IPrettyPrintFormat.java new file mode 100644 index 000000000..4c9626806 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/base/IPrettyPrintFormat.java @@ -0,0 +1,72 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.base; + + +import java.io.*; +import java.util.*; +import java.text.*; + + +/** + * This class will display the certificate content in predefined + * format. + * + * @version $Revision$, $Date$ + */ +public interface IPrettyPrintFormat { + + /** + * Retrieves a pretty print string of the given byte array. + * + * @param in byte array + * @param indentSize indentation size + * @param lineLen length of line + * @param separator separator string + * @return pretty print string + */ + public String toHexString(byte[] in, int indentSize, + int lineLen, String separator); + + /** + * Retrieves a pretty print string of the given byte array. + * + * @param in byte array + * @param indentSize indentation size + * @param lineLen length of line + * @return pretty print string + */ + public String toHexString(byte[] in, int indentSize, int lineLen); + + /** + * Retrieves a pretty print string of the given byte array. + * + * @param in byte array + * @param indentSize indentation size + * @return pretty print string + */ + public String toHexString(byte[] in, int indentSize); + + /** + * Retrieves a pretty print string of the given byte array. + * + * @param in byte array + * @return pretty print string + */ + public String toHexString(byte[] in); +} diff --git a/pki/base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java new file mode 100644 index 000000000..64aad508f --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java @@ -0,0 +1,40 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.base; + +import java.util.*; +import java.io.*; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.BaseResources; + + +/** + * This interface defines the abstraction for the cookie table. + **/ +public interface ISecurityDomainSessionTable { + public void addEntry(String cookieId, String ip, String uid, String group); + public void removeEntry(String sessionId); + public boolean isSessionIdExist(String sessionId); + public String getIP(String sessionId); + public String getUID(String sessionId); + public String getGroup(String sessionId); + public long getBeginTime(String sessionId); + public int getSize(); + public long getTimeToLive(); + public Enumeration getSessionIds(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/base/ISourceConfigStore.java b/pki/base/common/src/com/netscape/certsrv/base/ISourceConfigStore.java new file mode 100644 index 000000000..7a500bde6 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/base/ISourceConfigStore.java @@ -0,0 +1,82 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.base; + + +import java.io.Serializable; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.util.Enumeration; + + +/** + * An interface that represents the source that creates the configuration + * store tree. Note that the tree can be built based on the information + * from a text file or ldap entries. + * @see com.netscape.certsrv.base.IConfigStore + * + * @version $Revision$, $Date$ + */ +public interface ISourceConfigStore extends Serializable { + + /** + * Gets a property. + * <P> + * + * @param name The property name + * @return property value + */ + public Object get(String name); + + /** + * Retrieves a property. + * <P> + * + * @param name The property name + * @param value The property value + */ + public void put(String name, Object value); + + /** + * Returns an enumeration of the config store's keys. + * <P> + * + * @return a list of keys + * @see java.util.Hashtable#elements + * @see java.util.Enumeration + */ + public Enumeration keys(); + + /** + * Reads a config store from an input stream. + * + * @param in input stream where the properties are located + * @exception IOException If an IO error occurs while loading from input. + */ + public void load(InputStream in) throws IOException; + + /** + * Stores this config store to the specified output stream. + * + * @param out output stream where the properties should be serialized + * @param header optional header to be serialized + */ + public void save(OutputStream out, String header); + +} diff --git a/pki/base/common/src/com/netscape/certsrv/base/ISubsystem.java b/pki/base/common/src/com/netscape/certsrv/base/ISubsystem.java new file mode 100644 index 000000000..d23895088 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/base/ISubsystem.java @@ -0,0 +1,82 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.base; + + +import java.util.*; + + +/** + * An interface represents a CMS subsystem. CMS is made up of a list + * subsystems. Each subsystem is responsible for a set of + * speciailized functions. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface ISubsystem { + + /** + * Retrieves the name of this subsystem. + * + * @return subsystem identifier + */ + public String getId(); + + /** + * Sets specific to this subsystem. + * + * @param id subsystem identifier + * @exception EBaseException failed to set id + */ + public void setId(String id) throws EBaseException; + + /** + * Initializes this subsystem with the given configuration + * store. + * <P> + * + * @param owner owner of this subsystem + * @param config configuration store + * @exception EBaseException failed to initialize + */ + public void init(ISubsystem owner, IConfigStore config) + throws EBaseException; + + /** + * Notifies this subsystem if owner is in running mode. + * + * @exception EBaseException failed to start up + */ + public void startup() throws EBaseException; + + /** + * Stops this system. The owner may call shutdown + * anytime after initialization. + * <P> + */ + public void shutdown(); + + /** + * Returns the root configuration storage of this system. + * <P> + * + * @return configuration store of this subsystem + */ + public IConfigStore getConfigStore(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/base/ISubsystemSource.java b/pki/base/common/src/com/netscape/certsrv/base/ISubsystemSource.java new file mode 100644 index 000000000..ad89cc72b --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/base/ISubsystemSource.java @@ -0,0 +1,40 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.base; + + +import java.util.*; + + +/** + * An interface represents a subsystem source. A subsystem + * source is a container that manages multiple subsystems. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface ISubsystemSource { + + /** + * Retrieves subsystem from the source. + * + * @param sid subsystem identifier + * @return subsystem + */ + public ISubsystem getSubsystem(String sid); +} diff --git a/pki/base/common/src/com/netscape/certsrv/base/ITimeSource.java b/pki/base/common/src/com/netscape/certsrv/base/ITimeSource.java new file mode 100644 index 000000000..86ca5912e --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/base/ITimeSource.java @@ -0,0 +1,43 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.base; + + +import java.util.*; + + +/** + * This interface represents a time source where + * current time can be retrieved. CMS is installed + * with a default time source that returns + * current time based on the system time. It is + * possible to register a time source that returns + * the current time from a NTP server. + * + * @version $Revision$, $Date$ + */ +public interface ITimeSource { + + /** + * Retrieves current time and date. + * + * @return current time and date + */ + public Date getCurrentDate(); + +} diff --git a/pki/base/common/src/com/netscape/certsrv/base/KeyGenInfo.java b/pki/base/common/src/com/netscape/certsrv/base/KeyGenInfo.java new file mode 100644 index 000000000..634b5d90e --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/base/KeyGenInfo.java @@ -0,0 +1,225 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.base; + + +import java.lang.*; +import java.io.IOException; +import netscape.security.util.*; +import netscape.security.x509.*; + + +/** + * + * The <code>KeyGenInfo</code> represents the information generated by + * the KeyGen tag of the HTML forms. It provides the parsing and accessing + * mechanisms.<p> + * + * <pre> + * SignedPublicKeyAndChallenge ::= SEQUENCE { + * publicKeyAndChallenge PublicKeyAndChallenge, + * signatureAlgorithm AlgorithmIdentifier, + * signature BIT STRING + * } + * + * PublicKeyAndChallenge ::= SEQUENCE { + * spki SubjectPublicKeyInfo, + * challenge IA5STRING + * } + *</pre> + * + * + * @version $Revision$, $Date$ + */ + +public class KeyGenInfo { + + /*========================================================== + * variables + *==========================================================*/ + private String mSPKACString; + private byte mPKAC[]; + private byte mSPKAC[]; + private X509Key mSPKI; + private DerValue mDerSPKI; + private String mChallenge; + private DerValue mDerChallenge; + private byte mSignature[]; + private AlgorithmId mAlgId; + + /*========================================================== + * constructors + *==========================================================*/ + + /** + * Construct empty KeyGenInfo. Need to call decode function + * later to initialize. + */ + public KeyGenInfo() { + + } + + /** + * Construct KeyGenInfo using the SignedPublicKeyAndChallenge + * string representation. + * + * @param spkac SignedPublicKeyAndChallenge string representation + */ + public KeyGenInfo(String spkac) + throws IOException { + decode(spkac); + } + + /*========================================================== + * public methods + *==========================================================*/ + + /** + * Initialize using the SPKAC string + * + * @param spkac SPKAC string from the end user + */ + public void decode(String spkac) throws IOException { + mSPKACString = spkac; + mSPKAC = base64Decode(spkac); + derDecode(mSPKAC); + } + + /** + * Der encoded into buffer + * + * @return Der encoded buffer + */ + public byte[] encode() { + return mSPKAC; + } + + /** + * Get SPKI in DerValue form + * + * @return SPKI in DerValue form + */ + public DerValue getDerSPKI() { + return mDerSPKI; + } + + /** + * Get SPKI as X509Key + * + * @return SPKI in X509Key form + */ + public X509Key getSPKI() { + return mSPKI; + } + + /** + * Get Challenge phrase in DerValue form + * + * @return Challenge in DerValue form. null if none. + */ + public DerValue getDerChallenge() { + return mDerChallenge; + } + + /** + * Get Challenge phrase in string format + * + * @return challenge phrase. null if none. + */ + public String getChallenge() { + return mChallenge; + } + + /** + * Get Signature + * @return signature + */ + public byte[] getSignature() { + return mSignature; + } + + /** + * Get Algorithm ID + * @return the algorithm id + */ + public AlgorithmId getAlgorithmId() { + return mAlgId; + } + + /** + * Validate Signature and Challenge Phrase + * + * @param challenge phrase; null if none + * @return true if validated; otherwise, false + */ + public boolean validateChallenge(String challenge) { + if (challenge != null) { + if (!challenge.equals(mChallenge)) { + return false; + } + } + return true; + } + + /** + * String representation of KenGenInfo + * + * @return string representation of KeGenInfo + */ + public String toString() { + if (mSPKACString != null) + return mSPKACString; + return ""; + } + + /*========================================================== + * private methods + *==========================================================*/ + + private byte[] base64Decode(String spkac) + throws IOException { + + return com.netscape.osutil.OSUtil.AtoB(spkac); + } + + private void derDecode(byte spkac[]) + throws IOException { + DerInputStream derIn = new DerInputStream(spkac); + + /* get SPKAC Algorithm & Signature */ + DerValue derSPKACContent[] = derIn.getSequence(3); + + mAlgId = AlgorithmId.parse(derSPKACContent[1]); + mSignature = derSPKACContent[2].getBitString(); + + /* get PKAC SPKI & Challenge */ + mPKAC = derSPKACContent[0].toByteArray(); + derIn = new DerInputStream(mPKAC); + DerValue derPKACContent[] = derIn.getSequence(2); + + mDerSPKI = derPKACContent[0]; + mSPKI = X509Key.parse(derPKACContent[0]); + + mDerChallenge = derPKACContent[1]; + if (mDerChallenge.length() != 0) + mChallenge = derPKACContent[1].getIA5String(); + + } + +} + diff --git a/pki/base/common/src/com/netscape/certsrv/base/MessageFormatter.java b/pki/base/common/src/com/netscape/certsrv/base/MessageFormatter.java new file mode 100644 index 000000000..796c4255b --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/base/MessageFormatter.java @@ -0,0 +1,155 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.base; + + +import java.io.*; +import java.util.*; +import java.text.*; +import java.lang.reflect.*; + + +/** + * Factors out common function of formatting internatinalized + * messages taking arguments and using java.util.ResourceBundle + * and java.text.MessageFormat mechanism. + * <P> + * + * @version $Revision$, $Date$ + * @see java.text.MessageFormat + * @see java.util.ResourceBundle + */ +public class MessageFormatter { + + private static final Class[] toStringSignature = { Locale.class }; + + /** + * Retrieves the localized string. + * + * @param locale end user locale + * @param resourceBundleBaseName resource bundle class name + * @param formatString format string + * @return localized string + */ + public static String getLocalizedString( + Locale locale, String resourceBundleBaseName, + String formatString) { + return getLocalizedString(locale, resourceBundleBaseName, + formatString, null); + } + + /** + * Retrieves the localized string. + * + * @param locale end user locale + * @param resourceBundleBaseName resource bundle class name + * @param formatString format string + * @param params parameters to be substituted + * @return localized string + */ + public static String getLocalizedString( + Locale locale, String resourceBundleBaseName, + String formatString, Object params) { + Object o[] = new Object[1]; + + o[0] = params; + return getLocalizedString(locale, resourceBundleBaseName, + formatString, o); + } + + /** + * Retrieves the localized string. + * + * @param locale end user locale + * @param resourceBundleBaseName resource bundle class name + * @param formatString format string + * @param params parameters to be substituted + * @return localized string + */ + public static String getLocalizedString( + Locale locale, String resourceBundleBaseName, + String formatString, Object[] params) { + + String localizedFormat = null; + + try { + try { + // if you are worried about the efficiency of the + // following line, dont worry. ResourceBundle has + // an internal cache. So resource bundle wont be + // instantiated everytime you call toString(). + + localizedFormat = ResourceBundle.getBundle( + resourceBundleBaseName, locale).getString(formatString); + } catch (MissingResourceException e) { + return formatString; + + } + Object[] localizedParams = params; + Object[] localeArg = null; + + if (params != null) { + for (int i = 0; i < params.length; ++i) { + if (!(params[i] instanceof String) || + !(params[i] instanceof Date) || + !(params[i] instanceof Number)) { + if (localizedParams == params) { + + // only done once + // NB if the following variant of cloning code is used + // localizedParams = (Object [])mParams.clone(); + // it causes ArrayStoreException in + // localizedParams[i] = params[i].toString(); + // below + + localizedParams = new Object[params.length]; + System.arraycopy(params, 0, localizedParams, 0, + params.length); + } + try { + Method toStringMethod = params[i].getClass().getMethod( + "toString", toStringSignature); + + if (localeArg == null) { + // only done once + localeArg = new Object[] { locale }; + } + localizedParams[i] = toStringMethod.invoke( + params[i], localeArg); + } catch (Exception e) { + // no method for localization, fall back + localizedParams[i] = params[i].toString(); + } + } + } + } + try { + // XXX - runtime exception may be raised by the following function + MessageFormat format = new MessageFormat(localizedFormat); + + return format.format(localizedParams); + } catch (IllegalArgumentException e) { + // XXX - for now, we just print the unformatted message + // if the exception is raised + return localizedFormat; + } + } catch (Exception e) { + return localizedFormat; + } + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/base/MetaAttributeDef.java b/pki/base/common/src/com/netscape/certsrv/base/MetaAttributeDef.java new file mode 100644 index 000000000..fc8c8ec8a --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/base/MetaAttributeDef.java @@ -0,0 +1,198 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.base; + + +import java.util.Enumeration; +import java.util.Hashtable; +import netscape.security.util.ObjectIdentifier; + + +/** + * A class representing a meta attribute defintion. + * <P> + * + * @version $Revision$, $Date$ + */ +public class MetaAttributeDef { + + private String mName; + private ObjectIdentifier mOid; + private Class mValueClass; + private static Hashtable mNameToAttrDef = new Hashtable(); + private static Hashtable mOidToAttrDef = new Hashtable(); + + private MetaAttributeDef() { + } + + /** + * Constructs a MetaAttribute defintion + * <P> + * + * @param name attribute name + * @param valueClass attribute value class + * @param oid attribute object identifier + */ + private MetaAttributeDef(String name, Class valueClass, + ObjectIdentifier oid) { + mName = name; + mValueClass = valueClass; + mOid = oid; + } + + /** + * Gets an attribute OID. + * <P> + * + * @return returns attribute OID or null if not defined. + */ + public ObjectIdentifier getOID() { + return mOid; + } + + /** + * Gets an Java class for the attribute values + * <P> + * + * @return returns Java class for the attribute values + */ + public Class getValueClass() { + return mValueClass; + } + + /** + * Gets attribute name + * <P> + * + * @return returns attribute name + */ + public String getName() { + return mName; + } + + /** + * Registers new MetaAttribute defintion + * Attribute is defined by name, Java class for attribute values and + * optional object identifier + * <P> + * + * @param name attribute name + * @param valueClass attribute value class + * @param oid attribute object identifier + * @exception IllegalArgumentException if name or valueClass are null, or + * conflicting attribute definition already exists + */ + public static MetaAttributeDef register(String name, Class valueClass, + ObjectIdentifier oid) { + if (name == null) { + throw new IllegalArgumentException( + "Attribute name must not be null"); + } + if (valueClass == null) { + throw new IllegalArgumentException( + "Attribute value class must not be null"); + } + + MetaAttributeDef newDef = new MetaAttributeDef(name, valueClass, oid); + MetaAttributeDef oldDef; + + if ((oldDef = (MetaAttributeDef) mNameToAttrDef.get(name)) != null && + !oldDef.equals(newDef)) { + throw new IllegalArgumentException( + "Attribute \'" + name + "\' is already defined"); + } + if (oid != null && + (oldDef = (MetaAttributeDef) mOidToAttrDef.get(oid)) != null && + !oldDef.equals(newDef)) { + throw new IllegalArgumentException( + "OID \'" + oid + "\' is already in use"); + } + mNameToAttrDef.put(name, newDef); + if (oid != null) { + mOidToAttrDef.put(oid, newDef); + } + return newDef; + } + + /** + * Compares this attribute definition with another, for equality. + * <P> + * + * @return true iff names, valueClasses and object identifiers + * are identical. + */ + public boolean equals(Object other) { + if (other == this) + return true; + + if (other instanceof MetaAttributeDef) { + MetaAttributeDef otherDef = (MetaAttributeDef) other; + + if ((mOid != null && otherDef.mOid != null && + !mOid.equals(otherDef.mOid)) || + (mOid == null && otherDef.mOid != null) || + !mName.equals(otherDef.mName) || + !mValueClass.equals(otherDef.mValueClass)) { + return false; + } + } + return false; + } + + /** + * Retrieves attribute definition by name + * <P> + * + * @param name attribute name + * @return attribute definition or null if not found + */ + public static MetaAttributeDef forName(String name) { + return (MetaAttributeDef) mNameToAttrDef.get(name); + } + + /** + * Retrieves attribute definition by object identifier + * <P> + * + * @param oid attribute object identifier + * @return attribute definition or null if not found + */ + public static MetaAttributeDef forOID(ObjectIdentifier oid) { + return (MetaAttributeDef) mOidToAttrDef.get(oid); + } + + /** + * Returns enumeration of the registered attribute names + * <P> + * + * @return returns enumeration of the registered attribute names + */ + public static Enumeration getAttributeNames() { + return mNameToAttrDef.keys(); + } + + /** + * Returns enumeration of the registered attribute object identifiers + * <P> + * + * @return returns enumeration of the attribute object identifiers + */ + public static Enumeration getAttributeNameOids() { + return mOidToAttrDef.keys(); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/base/MetaInfo.java b/pki/base/common/src/com/netscape/certsrv/base/MetaInfo.java new file mode 100644 index 000000000..7db522547 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/base/MetaInfo.java @@ -0,0 +1,116 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.base; + + +import java.util.Enumeration; +import java.util.Hashtable; +import com.netscape.certsrv.base.IAttrSet; +import com.netscape.certsrv.base.AttributeNameHelper; +import com.netscape.certsrv.base.EBaseException; + + +/** + * A class represents meta information. A meta information + * object is just a generic hashtable that is embedded into + * a request object. + * <P> + * + * @version $Revision$, $Date$ + */ +public class MetaInfo implements IAttrSet { + + public static final String REQUEST_ID = "requestId"; + public static final String IN_LDAP_PUBLISH_DIR = "inLdapPublishDir"; + + private Hashtable content = new Hashtable(); + + /** + * Constructs a meta information. + * <P> + */ + public MetaInfo() { + } + + /** + * Returns a short string describing this certificate attribute. + * <P> + * + * @return information about this certificate attribute. + */ + public String toString() { + StringBuffer sb = new StringBuffer(); + + sb.append("[\n"); + sb.append(" Meta information:\n"); + Enumeration enum1 = content.keys(); + + while (enum1.hasMoreElements()) { + String key = (String) enum1.nextElement(); + + sb.append(" " + key + " : " + content.get(key) + "\n"); + } + sb.append("]\n"); + return sb.toString(); + } + + /** + * Gets an attribute value. + * <P> + * + * @param name the name of the attribute to return. + * @exception EBaseException on attribute handling errors. + */ + public Object get(String name) throws EBaseException { + return content.get(name); + } + + /** + * Sets an attribute value. + * + * @param name the name of the attribute + * @param obj the attribute object. + * + * @exception EBaseException on attribute handling errors. + */ + public void set(String name, Object obj) throws EBaseException { + content.put(name, obj); + } + + /** + * Deletes an attribute value from this CertAttrSet. + * <P> + * + * @param name the name of the attribute to delete. + * @exception EBaseException on attribute handling errors. + */ + public void delete(String name) throws EBaseException { + content.remove(name); + } + + /** + * Returns an enumeration of the names of the attributes existing within + * this attribute. + * <P> + * + * @return an enumeration of the attribute names. + */ + public Enumeration getElements() { + return content.keys(); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/base/Nonces.java b/pki/base/common/src/com/netscape/certsrv/base/Nonces.java new file mode 100644 index 000000000..e1d992e40 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/base/Nonces.java @@ -0,0 +1,128 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.base; + +import java.util.*; +import java.security.cert.X509Certificate; + + +/** + * This class manages nonces sometimes used to control request state flow. + * <P> + * + * @version $Revision$, $Date$ + */ +public class Nonces implements IAuthInfo { + + private Hashtable mNonces = new Hashtable(); + private Vector mNonceList = new Vector(); + private int mNonceLimit; + + /** + * Constructs nonces. + */ + public Nonces() { + mNonceLimit = 100; + Vector mNonceList = new Vector(); + Hashtable mNonces = new Hashtable(); + } + + public Nonces(int limit) { + mNonceLimit = limit; + Vector mNonceList = new Vector(); + Hashtable mNonces = new Hashtable(); + } + + public long addNonce(long nonce, X509Certificate cert) { + long i; + long k = 0; + long n = nonce; + long m = (long)((mNonceLimit / 2) + 1); + + for (i = 0; i < m; i++) { + k = n + i; + // avoid collisions + if (!mNonceList.contains((Object)k)) { + break; + } + k = n - i; + // avoid collisions + if (!mNonceList.contains((Object)k)) { + break; + } + } + if (i < m) { + mNonceList.add(k); + mNonces.put(k, cert); + if (mNonceList.size() > mNonceLimit) { + n = ((Long)(mNonceList.firstElement())).longValue(); + mNonceList.remove(0); + mNonces.remove((Object)n); + } + } else { + // failed to resolved collision + k = -nonce; + } + return k; + } + + public X509Certificate getCertificate(long nonce) { + X509Certificate cert = (X509Certificate)mNonces.get(nonce); + return cert; + } + + public X509Certificate getCertificate(int index) { + X509Certificate cert = null; + if (index >= 0 && index < mNonceList.size()) { + long nonce = ((Long)(mNonceList.elementAt(index))).longValue(); + cert = (X509Certificate)mNonces.get(nonce); + } + return cert; + } + + public long getNonce(int index) { + long nonce = 0; + if (index >= 0 && index < mNonceList.size()) { + nonce = ((Long)(mNonceList.elementAt(index))).longValue(); + } + return nonce; + } + + public void removeNonce(long nonce) { + mNonceList.remove((Object)nonce); + mNonces.remove((Object)nonce); + } + + + public int size() { + return mNonceList.size(); + } + + public int maxSize() { + return mNonceLimit; + } + + public void clear() { + mNonceList.clear(); + mNonces.clear(); + } + + public boolean isInSync() { + return (mNonceList.size() == mNonces.size()); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/base/PasswordResources.java b/pki/base/common/src/com/netscape/certsrv/base/PasswordResources.java new file mode 100644 index 000000000..e0cfe429b --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/base/PasswordResources.java @@ -0,0 +1,45 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.base; + + +import java.util.*; + + +/** + * A class represents a resource bundle for the password checker. + * <p> + * + * @version $Revision$, $Date$ + * @see java.util.ListResourceBundle + */ +public class PasswordResources extends ListResourceBundle { + + /** + * Returns the content of this resource. + */ + public Object[][] getContents() { + return contents; + } + + /* + * Constants. The suffix represents the number of possible parameters. + */ + static final Object[][] contents = {}; +} + diff --git a/pki/base/common/src/com/netscape/certsrv/base/Plugin.java b/pki/base/common/src/com/netscape/certsrv/base/Plugin.java new file mode 100644 index 000000000..0b7d7ee86 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/base/Plugin.java @@ -0,0 +1,65 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.base; + + +import com.netscape.certsrv.base.*; +import java.util.*; +import java.lang.*; + + +/** + * This represents a generici CMS plugin. + * <p> + * + * @version $Revision$, $Date$ + */ +public class Plugin { + + private String mId = null; + private String mClassPath = null; + + /** + * Constructs a plugin. + * + * @param id plugin implementation name + * @param classPath class path + */ + public Plugin(String id, String classPath) { + mId = id; + mClassPath = classPath; + } + + /** + * Returns the plugin identifier. + * + * @return plugin id + */ + public String getId() { + return mId; + } + + /** + * Returns the plugin classpath. + * + * @return plugin classpath + */ + public String getClassPath() { + return mClassPath; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/base/SessionContext.java b/pki/base/common/src/com/netscape/certsrv/base/SessionContext.java new file mode 100644 index 000000000..79d429d71 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/base/SessionContext.java @@ -0,0 +1,163 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.base; + + +import java.util.*; + + +/** + * This class specifies the context object that includes + * authentication environment and connection information. + * This object is later used in access control evaluation. + * This is a global object that can be accessible + * throughout the server. It is useful for passing + * global and per-thread infomration in methods. + * <P> + * + * @version $Revision$, $Date$ + */ +public class SessionContext extends Hashtable implements IAuthInfo { + + /** + * End user locale of the current processing request in the current thread. + */ + public static final String LOCALE = "locale"; // Locale + + /** + * Authentication token in the current thread. + */ + public static final String AUTH_TOKEN = "AuthToken"; // IAuthToken + + /** + * ID of the authentication manager in the current thread. + */ + public static final String AUTH_MANAGER_ID = "authManagerId"; // String + + /** + * User object of the authenticated user in the current thread. + */ + public static final String USER = "user"; // IUser + + /** + * User ID of the authenticated user in the current thread. + */ + public static final String USER_ID = "userid"; // String + + /** + * Group ID of the authenticated user in the current thread. + */ + public static final String GROUP_ID = "groupid"; //String + + /** + * ID of the processing request in the current thread. + */ + public static final String REQUESTER_ID = "requesterID"; // String + + /** + * Recovery ID of a recovery operation in KRA in the current thread. + */ + public static final String RECOVERY_ID = "recoveryID"; // String + + /** + * IP Address of the requestor of the request in the current thread. + */ + public static final String IPADDRESS = "ipAddress"; + + private static Hashtable mContexts = new Hashtable(); + + /** + * Constructs a session context. + */ + public SessionContext() { + super(); + } + + /** + * Creates a new context and associates it with + * the current thread. If the current thread is + * also associated with a old context, the old + * context will be replaced. + */ + private static SessionContext createContext() { + SessionContext sc = new SessionContext(); + + setContext(sc); + return sc; + } + + /** + * Sets the current context. This allows the + * caller to associate a specific session context + * with the current thread. + * This methods makes custom session context + * possible. + * + * @param sc session context + */ + public static void setContext(SessionContext sc) { + mContexts.put(Thread.currentThread(), sc); + } + + /** + * Retrieves the session context associated with + * the current thread. If no context is associated, + * a context is created. + * + * @return sesssion context + */ + public static SessionContext getContext() { + SessionContext sc = (SessionContext) mContexts.get( + Thread.currentThread()); + + if (sc == null) { + sc = createContext(); + } + return sc; + } + + /** + * Retrieves the session context associated with + * the current thread. If no context is associated, + * null is returned. + * + * @return sesssion context + */ + public static SessionContext getExistingContext() { + SessionContext sc = (SessionContext) + mContexts.get(Thread.currentThread()); + + if (sc == null) { + return null; + } + + return sc; + } + + /** + * Releases the current session context. + */ + public static void releaseContext() { + SessionContext sc = (SessionContext) mContexts.get( + Thread.currentThread()); + + if (sc != null) { + mContexts.remove(Thread.currentThread()); + } + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/ca/CAResources.java b/pki/base/common/src/com/netscape/certsrv/ca/CAResources.java new file mode 100644 index 000000000..912d48f69 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/ca/CAResources.java @@ -0,0 +1,44 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.ca; + + +import java.util.*; + + +/** + * A class represents a resource bundle for CA subsystem. + * <P> + * + * @version $Revision$ $Date$ + */ +public class CAResources extends ListResourceBundle { + + /** + * Returns the content of this resource. + */ + public Object[][] getContents() { + return contents; + } + + /** + * Constants. The suffix represents the number of + * possible parameters. + */ + static final Object[][] contents = {}; +} diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ECAException.java b/pki/base/common/src/com/netscape/certsrv/ca/ECAException.java new file mode 100644 index 000000000..1d60e3b07 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/ca/ECAException.java @@ -0,0 +1,86 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.ca; + + +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.logging.*; + + +/** + * A class represents a CA exception. + * <P> + * + * @version $Revision$, $Date$ + */ +public class ECAException extends EBaseException { + + /** + * CA resource class name. + */ + private static final String CA_RESOURCES = CAResources.class.getName(); + + /** + * Constructs a CA exception. + * <P> + * @param msgFormat constant from CAResources. + */ + public ECAException(String msgFormat) { + super(msgFormat); + } + + /** + * Constructs a CA exception. + * <P> + * @param msgFormat constant from CAResources. + * @param param additional parameters to the message. + */ + public ECAException(String msgFormat, String param) { + super(msgFormat, param); + } + + /** + * Constructs a CA exception. + * <P> + * @param msgFormat constant from CAResources. + * @param e embedded exception. + */ + public ECAException(String msgFormat, Exception e) { + super(msgFormat, e); + } + + /** + * Constructs a CA exception. + * <P> + * @param msgFormat constant from CAResources. + * @param params additional parameters to the message. + */ + public ECAException(String msgFormat, Object params[]) { + super(msgFormat, params); + } + + /** + * Returns the bundle file name. + * <P> + * @return name of bundle class associated with this exception. + */ + protected String getBundleName() { + return CA_RESOURCES; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/ca/EErrorPublishCRL.java b/pki/base/common/src/com/netscape/certsrv/ca/EErrorPublishCRL.java new file mode 100644 index 000000000..75800304c --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/ca/EErrorPublishCRL.java @@ -0,0 +1,37 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.ca; + + +/** + * A class represents a CA exception associated with publishing error. + * <P> + * + * @version $Revision$ $Date$ + */ +public class EErrorPublishCRL extends ECAException { + + /** + * Constructs a CA exception caused by publishing error. + * <P> + * @param errorString Detailed error message. + */ + public EErrorPublishCRL(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICAService.java b/pki/base/common/src/com/netscape/certsrv/ca/ICAService.java new file mode 100644 index 000000000..d4a4c1278 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/ca/ICAService.java @@ -0,0 +1,101 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.ca; + + +import java.io.*; +import java.net.*; +import java.util.*; +import java.math.*; +import java.security.*; +import java.security.cert.*; +import netscape.security.x509.*; +import netscape.security.util.*; + +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.policy.*; +import com.netscape.certsrv.security.*; +import com.netscape.certsrv.connector.*; +import com.netscape.certsrv.publish.*; +import com.netscape.certsrv.dbs.certdb.*; +import com.netscape.certsrv.dbs.crldb.*; + + +/** + * An interface representing a CA request services. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface ICAService { + + /** + * Marks certificate record as revoked by adding revocation information. + * Updates CRL cache. + * + * @param crlentry revocation information obtained from revocation request + * @exception EBaseException failed to mark certificate record as revoked + */ + public void revokeCert(RevokedCertImpl crlentry) + throws EBaseException; + + /** + * Marks certificate record as revoked by adding revocation information. + * Updates CRL cache. + * + * @param crlentry revocation information obtained from revocation request + * @param requestId revocation request id + * @exception EBaseException failed to mark certificate record as revoked + */ + public void revokeCert(RevokedCertImpl crlentry, String requestId) + throws EBaseException; + + /** + * Issues certificate base on enrollment information, + * creates certificate record, and stores all necessary data. + * + * @param certi information obtain from revocation request + * @exception EBaseException failed to issue certificate or create certificate record + */ + public X509CertImpl issueX509Cert(X509CertInfo certi) + throws EBaseException; + + public X509CertImpl issueX509Cert(X509CertInfo certi, String profileId, String rid) + throws EBaseException; + + /** + * Services profile request. + * + * @param request profile enrollment request information + * @exception EBaseException failed to service profile enrollment request + */ + public void serviceProfileRequest(IRequest request) + throws EBaseException; + + /** + * Returns KRA-CA connector. + * + * @return KRA-CA connector + */ + public IConnector getKRAConnector(); + + public void setKRAConnector(IConnector c); + + public IConnector getConnector(IConfigStore cs) throws EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java b/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java new file mode 100644 index 000000000..3470b206d --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java @@ -0,0 +1,74 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.ca; + + +import netscape.security.x509.Extension; +import netscape.security.x509.CRLExtensions; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.common.NameValuePairs; + + +/** + * An interface representing a CRL extension plugin. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface ICMSCRLExtension { + + /** + * Returns CRL extension OID string. + * + * @return OID of CRL extension + */ + public String getCRLExtOID(); + + /** + * Sets extension criticality and returns extension + * with new criticality. + * + * @param ext CRL extension that will change criticality + * @param critical new criticality to be assigned to CRL extension + * @return extension with new criticality + */ + Extension setCRLExtensionCriticality(Extension ext, + boolean critical); + + /** + * Builds new CRL extension based on configuration data, + * issuing point information, and criticality. + * + * @param config configuration store + * @param crlIssuingPoint CRL issuing point + * @param critical criticality to be assigned to CRL extension + * @return extension new CRL extension + */ + Extension getCRLExtension(IConfigStore config, + Object crlIssuingPoint, + boolean critical); + + /** + * Reads configuration data and converts them to name value pairs. + * + * @param config configuration store + * @param nvp name value pairs obtained from configuration data + */ + public void getConfigParams(IConfigStore config, + NameValuePairs nvp); +} diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtensions.java b/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtensions.java new file mode 100644 index 000000000..6e6a47c9f --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtensions.java @@ -0,0 +1,59 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.ca; + + +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.common.*; + + +/** + * An interface representing a list of CRL extensions. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface ICMSCRLExtensions { + + /** + * Updates configuration store for extension identified by id + * with data delivered in name value pairs. + * + * @param id extension id + * @param nvp name value pairs with new configuration data + * @param config configuration store + */ + public void setConfigParams(String id, NameValuePairs nvp, IConfigStore config); + + /** + * Reads configuration data and returns them as name value pairs. + * + * @param id extension id + * @return name value pairs with configuration data + */ + public NameValuePairs getConfigParams(String id); + + /** + * Returns class name with its path. + * + * @param name extension id + * @return class name with its path + */ + public String getClassPath(String name); +} + diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICRLIssuingPoint.java b/pki/base/common/src/com/netscape/certsrv/ca/ICRLIssuingPoint.java new file mode 100644 index 000000000..97f9792fb --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/ca/ICRLIssuingPoint.java @@ -0,0 +1,546 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.ca; + + +import java.util.*; +import java.math.*; +import java.io.*; +import java.security.*; +import java.security.cert.*; +import netscape.security.x509.*; +import netscape.security.util.*; +import netscape.security.pkcs.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.common.*; +import com.netscape.certsrv.logging.*; +import com.netscape.certsrv.dbs.*; +import com.netscape.certsrv.dbs.crldb.*; +import com.netscape.certsrv.dbs.certdb.*; +import com.netscape.certsrv.ldap.*; +import com.netscape.certsrv.request.IRequest; + + +/** + * This class encapsulates CRL issuing mechanism. CertificateAuthority + * contains a map of CRLIssuingPoint indexed by string ids. Each issuing + * point contains information about CRL issuing and publishing parameters + * as well as state information which includes last issued CRL, next CRL + * serial number, time of the next update etc. + * If autoUpdateInterval is set to non-zero value then worker thread + * is created that will perform CRL update at scheduled intervals. Update + * can also be triggered by invoking updateCRL method directly. Another + * parameter minUpdateInterval can be used to prevent CRL + * from being updated too often + * + * @version $Revision$, $Date$ + */ + +public interface ICRLIssuingPoint { + + public static final String PROP_PUBLISH_DN = "publishDN"; + public static final String PROP_PUBLISH_ON_START = "publishOnStart"; + public static final String PROP_MIN_UPDATE_INTERVAL = "minUpdateInterval"; + public static final String PROP_BEGIN_SERIAL = "crlBeginSerialNo"; + public static final String PROP_END_SERIAL = "crlEndSerialNo"; + + public static final String SC_ISSUING_POINT_ID = "issuingPointId"; + public static final String SC_IS_DELTA_CRL = "isDeltaCRL"; + public static final String SC_CRL_COUNT = "crlCount"; + + /** + * for manual updates - requested by agent + */ + public static final int CRL_UPDATE_DONE = 0; + public static final int CRL_UPDATE_STARTED = 1; + public static final int CRL_PUBLISHING_STARTED = 2; + + public static final int CRL_IP_NOT_INITIALIZED = 0; + public static final int CRL_IP_INITIALIZED = 1; + public static final int CRL_IP_INITIALIZATION_FAILED = -1; + + /** + * Returns true if CRL issuing point is enabled. + * + * @return true if CRL issuing point is enabled + */ + public boolean isCRLIssuingPointEnabled(); + + /** + * Returns true if CRL generation is enabled. + * + * @return true if CRL generation is enabled + */ + public boolean isCRLGenerationEnabled(); + + /** + * Enables or disables CRL issuing point according to parameter. + * + * @param enable if true enables CRL issuing point + */ + public void enableCRLIssuingPoint(boolean enable); + + /** + * Returns CRL update status. + * + * @return CRL update status + */ + public String getCrlUpdateStatusStr(); + + /** + * Returns CRL update error. + * + * @return CRL update error + */ + public String getCrlUpdateErrorStr(); + + /** + * Returns CRL publishing status. + * + * @return CRL publishing status + */ + public String getCrlPublishStatusStr(); + + /** + * Returns CRL publishing error. + * + * @return CRL publishing error + */ + public String getCrlPublishErrorStr(); + + /** + * Returns CRL issuing point initialization status. + * + * @return status of CRL issuing point initialization + */ + public int isCRLIssuingPointInitialized(); + + /** + * Checks if manual update is set. + * + * @return true if manual update is set + */ + public boolean isManualUpdateSet(); + + /** + * Checks if expired certificates are included in CRL. + * + * @return true if expired certificates are included in CRL + */ + public boolean areExpiredCertsIncluded(); + + /** + * Checks if CRL includes CA certificates only. + * + * @return true if CRL includes CA certificates only + */ + public boolean isCACertsOnly(); + + /** + * Checks if CRL includes profile certificates only. + * + * @return true if CRL includes profile certificates only + */ + public boolean isProfileCertsOnly(); + + /** + * Checks if CRL issuing point includes this profile. + * + * @return true if CRL issuing point includes this profile + */ + public boolean checkCurrentProfile(String id); + + /** + * Initializes CRL issuing point. + * + * @param ca certificate authority that holds CRL issuing point + * @param id CRL issuing point id + * @param config configuration sub-store for CRL issuing point + * @exception EBaseException thrown if initialization failed + */ + public void init(ISubsystem ca, String id, IConfigStore config) + throws EBaseException; + + /** + * This method is called during shutdown. + * It updates CRL cache and stops thread controlling CRL updates. + */ + public void shutdown(); + + /** + * Returns internal id of this CRL issuing point. + * + * @return internal id of this CRL issuing point + */ + public String getId(); + + /** + * Returns internal description of this CRL issuing point. + * + * @return internal description of this CRL issuing point + */ + public String getDescription(); + + /** + * Sets internal description of this CRL issuing point. + * + * @param description description for this CRL issuing point. + */ + public void setDescription(String description); + + /** + * Returns DN of the directory entry where CRLs from this issuing point + * are published. + * + * @return DN of the directory entry where CRLs are published. + */ + public String getPublishDN(); + + /** + * Returns signing algorithm. + * + * @return signing algorithm + */ + public String getSigningAlgorithm(); + + /** + * Returns signing algorithm used in last signing operation.. + * + * @return last signing algorithm + */ + public String getLastSigningAlgorithm(); + + /** + * Returns current CRL generation schema for this CRL issuing point. + * <P> + * + * @return current CRL generation schema for this CRL issuing point + */ + public int getCRLSchema(); + + /** + * Returns current CRL number of this CRL issuing point. + * + * @return current CRL number of this CRL issuing point + */ + public BigInteger getCRLNumber(); + + /** + * Returns current delta CRL number of this CRL issuing point. + * <P> + * + * @return current delta CRL number of this CRL issuing point + */ + public BigInteger getDeltaCRLNumber(); + + /** + * Returns next CRL number of this CRL issuing point. + * + * @return next CRL number of this CRL issuing point + */ + public BigInteger getNextCRLNumber(); + + /** + * Returns number of entries in the current CRL. + * + * @return number of entries in the current CRL + */ + public long getCRLSize(); + + /** + * Returns number of entries in delta CRL + * + * @return number of entries in delta CRL + */ + public long getDeltaCRLSize(); + + /** + * Returns time of the last update. + * + * @return last CRL update time + */ + public Date getLastUpdate(); + + /** + * Returns time of the next update. + * + * @return next CRL update time + */ + public Date getNextUpdate(); + + /** + * Returns time of the next delta CRL update. + * + * @return next delta CRL update time + */ + public Date getNextDeltaUpdate(); + + /** + * Returns all the revoked certificates from the CRL cache. + * + * @param start first requested CRL entry + * @param end next after last requested CRL entry + * @return set of all the revoked certificates or null if there are none. + */ + public Set getRevokedCertificates(int start, int end); + + /** + * Returns certificate authority. + * + * @return certificate authority + */ + public ISubsystem getCertificateAuthority(); + + /** + * Schedules immediate CRL manual-update + * and sets signature algorithm to be used for signing. + * + * @param signatureAlgorithm signature algorithm to be used for signing + */ + public void setManualUpdate(String signatureAlgorithm); + + /** + * Returns auto update interval in milliseconds. + * + * @return auto update interval in milliseconds + */ + public long getAutoUpdateInterval(); + + /** + * Returns true if CRL is updated for every change + * of revocation status of any certificate. + * + * @return true if CRL update is always triggered by revocation operation + */ + public boolean getAlwaysUpdate(); + + /** + * Returns next update grace period in minutes. + * + * @return next update grace period in minutes + */ + public long getNextUpdateGracePeriod(); + + /** + * Returns filter used to build CRL based on information stored + * in local directory. + * + * @return filter used to search local directory + */ + public String getFilter(); + + /** + * Builds a list of revoked certificates to put them into CRL. + * Calls certificate record processor to get necessary data + * from certificate records. + * This also regenerates CRL cache. + * + * @param cp certificate record processor + * @exception EBaseException if an error occurred in the database. + */ + public void processRevokedCerts(IElementProcessor cp) + throws EBaseException; + + /** + * Returns date of revoked certificate or null + * if certificated is not listed as revoked. + * + * @param serialNumber serial number of certificate to be checked + * @param checkDeltaCache true if delta CRL cache suppose to be + * included in checking process + * @param includeExpiredCerts true if delta CRL cache with expired + * certificates suppose to be included in checking process + * @return date of revoked certificate or null + */ + public Date getRevocationDateFromCache(BigInteger serialNumber, + boolean checkDeltaCache, + boolean includeExpiredCerts); + /** + * Returns split times from CRL generation. + * + * @return split times from CRL generation in milliseconds + */ + public Vector getSplitTimes(); + + /** + * Generates CRL now based on cache or local directory if cache + * is not available. It also publishes CRL if it is required. + * + * @param signingAlgorithm signing algorithm to be used for CRL signing + * @exception EBaseException if an error occurred during + * CRL generation or publishing + */ + public void updateCRLNow(String signingAlgorithm) + throws EBaseException; + + /** + * Clears CRL cache + */ + public void clearCRLCache(); + + /** + * Clears delta-CRL cache + */ + public void clearDeltaCRLCache(); + + /** + * Returns number of recently revoked certificates. + * + * @return number of recently revoked certificates + */ + public int getNumberOfRecentlyRevokedCerts(); + + /** + * Returns number of recently unrevoked certificates. + * + * @return number of recently unrevoked certificates + */ + public int getNumberOfRecentlyUnrevokedCerts(); + + /** + * Returns number of recently expired and revoked certificates. + * + * @return number of recently expired and revoked certificates + */ + public int getNumberOfRecentlyExpiredCerts(); + + /** + * Converts list of extensions supplied by revocation request + * to list of extensions required to be placed in CRL. + * + * @param exts list of extensions supplied by revocation request + * @return list of extensions required to be placed in CRL + */ + public CRLExtensions getRequiredEntryExtensions(CRLExtensions exts); + + /** + * Adds revoked certificate to delta-CRL cache. + * + * @param serialNumber serial number of revoked certificate + * @param revokedCert revocation information supplied by revocation request + */ + public void addRevokedCert(BigInteger serialNumber, RevokedCertImpl revokedCert); + + /** + * Adds revoked certificate to delta-CRL cache. + * + * @param serialNumber serial number of revoked certificate + * @param revokedCert revocation information supplied by revocation request + * @param requestId revocation request id + */ + public void addRevokedCert(BigInteger serialNumber, RevokedCertImpl revokedCert, + String requestId); + + /** + * Adds unrevoked certificate to delta-CRL cache. + * + * @param serialNumber serial number of unrevoked certificate + */ + public void addUnrevokedCert(BigInteger serialNumber); + + /** + * Adds unrevoked certificate to delta-CRL cache. + * + * @param serialNumber serial number of unrevoked certificate + * @param requestId unrevocation request id + */ + public void addUnrevokedCert(BigInteger serialNumber, String requestId); + + /** + * Adds expired and revoked certificate to delta-CRL cache. + * + * @param serialNumber serial number of expired and revoked certificate + */ + public void addExpiredCert(BigInteger serialNumber); + + /** + * Updates CRL cache into local directory. + */ + public void updateCRLCacheRepository(); + + /** + * Updates issuing point configuration according to supplied data + * in name value pairs. + * + * @param params name value pairs defining new issuing point configuration + * @return true if configuration is updated successfully + */ + public boolean updateConfig(NameValuePairs params); + + /** + * Returns true if delta-CRL is enabled. + * + * @return true if delta-CRL is enabled + */ + public boolean isDeltaCRLEnabled(); + + /** + * Returns true if CRL cache is enabled. + * + * @return true if CRL cache is enabled + */ + public boolean isCRLCacheEnabled(); + + /** + * Returns true if CRL cache is empty. + * + * @return true if CRL cache is empty + */ + public boolean isCRLCacheEmpty(); + + /** + * Returns true if CRL cache testing is enabled. + * + * @return true if CRL cache testing is enabled + */ + public boolean isCRLCacheTestingEnabled(); + + /** + * Returns true if supplied delta-CRL is matching current delta-CRL. + * + * @param deltaCRL delta-CRL to verify against current delta-CRL + * @return true if supplied delta-CRL is matching current delta-CRL + */ + public boolean isThisCurrentDeltaCRL(X509CRLImpl deltaCRL); + + /** + * Returns status of CRL generation. + * + * @return one of the following according to CRL generation status: + * CRL_UPDATE_DONE, CRL_UPDATE_STARTED, and CRL_PUBLISHING_STARTED + */ + public int isCRLUpdateInProgress(); + + /** + * Generates CRL now based on cache or local directory if cache + * is not available. It also publishes CRL if it is required. + * CRL is signed by default signing algorithm. + * + * @exception EBaseException if an error occurred during + * CRL generation or publishing + */ + public void updateCRLNow() throws EBaseException; + + /** + * Returns list of CRL extensions. + * + * @return list of CRL extensions + */ + public ICMSCRLExtensions getCRLExtensions(); +} + diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java b/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java new file mode 100644 index 000000000..bc545a9ba --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java @@ -0,0 +1,497 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.ca; + + +import java.io.*; +import java.net.*; +import java.util.*; +import java.math.*; +import java.security.*; +import java.security.cert.*; +import netscape.security.x509.*; +import netscape.security.util.*; +import org.mozilla.jss.crypto.*; + +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.policy.*; +import com.netscape.certsrv.security.*; +import com.netscape.certsrv.publish.*; +import com.netscape.certsrv.dbs.certdb.*; +import com.netscape.certsrv.dbs.crldb.*; +import com.netscape.certsrv.dbs.replicadb.*; + + +/** + * An interface represents a Certificate Authority that is + * responsible for certificate specific operations. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface ICertificateAuthority extends ISubsystem { + + public static final String ID = "ca"; + + public static final String PROP_CERTDB_INC = "certdbInc"; + public static final String PROP_CRLDB_INC = "crldbInc"; + public static final String PROP_REGISTRATION = "Registration"; + public static final String PROP_POLICY = "Policy"; + public static final String PROP_GATEWAY = "gateway"; + public static final String PROP_CLASS = "class"; + public static final String PROP_TYPE = "type"; + public static final String PROP_IMPL = "impl"; + public static final String PROP_PLUGIN = "plugin"; + public static final String PROP_INSTANCE = "instance"; + public static final String PROP_LISTENER_SUBSTORE = "listener"; + public final static String PROP_LDAP_PUBLISH_SUBSTORE = "ldappublish"; + public final static String PROP_PUBLISH_SUBSTORE = "publish"; + public final static String PROP_ENABLE_PUBLISH = "enablePublish"; + public final static String PROP_ENABLE_LDAP_PUBLISH = "enableLdapPublish"; + + public final static String PROP_X509CERT_VERSION = "X509CertVersion"; + public final static String PROP_ENABLE_PAST_CATIME = "enablePastCATime"; + public final static String PROP_DEF_VALIDITY = "DefaultIssueValidity"; + public final static String PROP_FAST_SIGNING = "fastSigning"; + public static final String PROP_ENABLE_ADMIN_ENROLL = + "enableAdminEnroll"; + + public final static String PROP_CRL_SUBSTORE = "crl"; + // make this public so agent gateway can access for now. + public final static String PROP_CRL_PAGE_SIZE = "pageSize"; + public final static String PROP_MASTER_CRL = "MasterCRL"; + public final static String PROP_CRLEXT_SUBSTORE = "extension"; + public final static String PROP_ISSUING_CLASS = + "com.netscape.cmscore.ca.CRLIssuingPoint"; + public final static String PROP_EXPIREDCERTS_CLASS = + "com.netscape.cmscore.ca.CRLWithExpiredCerts"; + + public final static String PROP_NOTIFY_SUBSTORE = "notification"; + public final static String PROP_CERT_ISSUED_SUBSTORE = "certIssued"; + public final static String PROP_CERT_REVOKED_SUBSTORE = "certRevoked"; + public final static String PROP_REQ_IN_Q_SUBSTORE = "requestInQ"; + public final static String PROP_PUB_QUEUE_SUBSTORE = "publishingQueue"; + + public final static String PROP_ISSUER_NAME = "name"; + public final static String PROP_CA_NAMES = "CAs"; + public final static String PROP_DBS_SUBSTORE = "dbs"; + public final static String PROP_SIGNING_SUBSTORE = "signing"; + public final static String PROP_CA_CHAIN_NUM = "certchainNum"; + public final static String PROP_CA_CHAIN = "certchain"; + public final static String PROP_CA_CERT = "cert"; + public final static String PROP_ENABLE_OCSP = "ocsp"; + public final static String PROP_OCSP_SIGNING_SUBSTORE = "ocsp_signing"; + public final static String PROP_CRL_SIGNING_SUBSTORE = "crl_signing"; + public final static String PROP_ID = "id"; + + public final static String PROP_CERTDB_TRANS_MAXRECORDS = "transitMaxRecords"; + public final static String PROP_CERTDB_TRANS_PAGESIZE = "transitRecordPageSize"; + + /** + * Retrieves the certificate repository where all the locally + * issued certificates are kept. + * + * @return CA's certificate repository + */ + public ICertificateRepository getCertificateRepository(); + + /** + * Retrieves the request queue of this certificate authority. + * + * @return CA's request queue + */ + public IRequestQueue getRequestQueue(); + + /** + * Retrieves the policy processor of this certificate authority. + * + * @return CA's policy processor + */ + public IPolicyProcessor getPolicyProcessor(); + + public boolean noncesEnabled(); + public Nonces getNonces(); + + /** + * Retrieves the publishing processor of this certificate authority. + * + * @return CA's publishing processor + */ + public IPublisherProcessor getPublisherProcessor(); + + /** + * Retrieves the next available serial number. + * + * @return next available serial number + */ + public String getStartSerial(); + + /** + * Sets the next available serial number. + * + * @param serial next available serial number + * @exception EBaseException failed to set next available serial number + */ + public void setStartSerial(String serial) throws EBaseException; + + /** + * Retrieves the last serial number that can be used for + * certificate issuance in this certificate authority. + * + * @return the last serial number + */ + public String getMaxSerial(); + + /** + * Sets the last serial number that can be used for + * certificate issuance in this certificate authority. + * + * @param serial the last serial number + * @exception EBaseException failed to set the last serial number + */ + public void setMaxSerial(String serial) throws EBaseException; + + /** + * Retrieves the default signature algorithm of this certificate authority. + * + * @return the default signature algorithm of this CA + */ + public SignatureAlgorithm getDefaultSignatureAlgorithm(); + + /** + * Retrieves the default signing algorithm of this certificate authority. + * + * @return the default signing algorithm of this CA + */ + public String getDefaultAlgorithm(); + + /** + * Sets the default signing algorithm of this certificate authority. + * + * @param algorithm new default signing algorithm + * @exception EBaseException failed to set the default signing algorithm + */ + public void setDefaultAlgorithm(String algorithm) throws EBaseException; + + /** + * Retrieves the supported signing algorithms of this certificate authority. + * + * @return the supported signing algorithms of this CA + */ + public String[] getCASigningAlgorithms(); + + /** + * Allows certificates to have validities that are longer + * than this certificate authority's. + * + * @param enableCAPast if equals "true", it allows certificates + * to have validity longer than CA's certificate validity + * @exception EBaseException failed to set above option + */ + public void setValidity(String enableCAPast) throws EBaseException; + + /** + * Retrieves the default validity period. + * + * @return the default validity length in days + */ + public long getDefaultValidity(); + + /** + * Retrieves all the CRL issuing points. + * + * @return enumeration of all the CRL issuing points + */ + public Enumeration getCRLIssuingPoints(); + + /** + * Retrieves CRL issuing point with the given identifier. + * + * @param id CRL issuing point id + * @return CRL issuing point with given id + */ + public ICRLIssuingPoint getCRLIssuingPoint(String id); + + /** + * Adds CRL issuing point with the given identifier and description. + * + * @param crlSubStore sub-store with all CRL issuing points + * @param id CRL issuing point id + * @param description CRL issuing point description + * @return true if CRL issuing point was successfully added + */ + public boolean addCRLIssuingPoint(IConfigStore crlSubStore, String id, + boolean enable, String description); + + /** + * Deletes CRL issuing point with the given identifier. + * + * @param crlSubStore sub-store with all CRL issuing points + * @param id CRL issuing point id + */ + public void deleteCRLIssuingPoint(IConfigStore crlSubStore, String id); + + /** + * Retrieves the CRL repository. + * + * @return CA's CRL repository + */ + public ICRLRepository getCRLRepository(); + + /** + * Retrieves the Replica ID repository. + * + * @return CA's Replica ID repository + */ + public IReplicaIDRepository getReplicaRepository(); + + /** + * Retrieves the request in queue listener. + * + * @return the request in queue listener + */ + public IRequestListener getRequestInQListener(); + + /** + * Retrieves all request listeners. + * + * @return name enumeration of all request listeners + */ + public Enumeration getRequestListenerNames(); + + /** + * Retrieves the request listener for issued certificates. + * + * @return the request listener for issued certificates + */ + public IRequestListener getCertIssuedListener(); + + /** + * Retrieves the request listener for revoked certificates. + * + * @return the request listener for revoked certificates + */ + public IRequestListener getCertRevokedListener(); + + /** + * Retrieves the CA certificate chain. + * + * @return the CA certificate chain + */ + public CertificateChain getCACertChain(); + + /** + * Retrieves the CA certificate. + * + * @return the CA certificate + */ + public org.mozilla.jss.crypto.X509Certificate getCaX509Cert(); + + /** + * Retrieves the CA certificate. + * + * @return the CA certificate + */ + public X509CertImpl getCACert(); + + /** + * Updates the CRL immediately for MasterCRL issuing point if it exists. + * + * @exception EBaseException failed to create or publish CRL + */ + public void updateCRLNow() throws EBaseException; + + /** + * Publishes the CRL immediately for MasterCRL issuing point if it exists. + * + * @exception EBaseException failed to publish CRL + */ + public void publishCRLNow() throws EBaseException; + + /** + * Retrieves the signing unit that manages the CA signing key for + * signing certificates. + * + * @return the CA signing unit for certificates + */ + public ISigningUnit getSigningUnit(); + + /** + * Retrieves the signing unit that manages the CA signing key for + * signing CRL. + * + * @return the CA signing unit for CRLs + */ + public ISigningUnit getCRLSigningUnit(); + + /** + * Retrieves the signing unit that manages the CA signing key for + * signing OCSP response. + * + * @return the CA signing unit for OCSP responses + */ + public ISigningUnit getOCSPSigningUnit(); + + /** + * Sets the maximium path length in the basic constraint extension. + * + * @param num the maximium path length + */ + public void setBasicConstraintMaxLen(int num); + + /** + * Is this a clone CA? + * + * @return true if this is a clone CA + */ + public boolean isClone(); + + /** + * Retrieves the request listener by name. + * + * @param name request listener name + * @return the request listener + */ + public IRequestListener getRequestListener(String name); + + /** + * get request notifier + */ + public IRequestNotifier getRequestNotifier(); + + /** + * Registers a request listener. + * + * @param listener request listener to be registered + */ + public void registerRequestListener(IRequestListener listener); + + /** + * Registers a request listener. + * + * @param name under request listener is going to be registered + * @param listener request listener to be registered + */ + public void registerRequestListener(String name, IRequestListener listener); + + /** + * Retrieves the issuer name of this certificate authority. + * + * @return the issuer name of this certificate authority + */ + public X500Name getX500Name(); + + /** + * Retrieves the issuer name of this certificate authority issuing point. + * + * @return the issuer name of this certificate authority issuing point + */ + public X500Name getCRLX500Name(); + + /** + * Signs the given CRL with the specific algorithm. + * + * @param crl CRL to be signed + * @param algname algorithm used for signing + * @return signed CRL + * @exception EBaseException failed to sign CRL + */ + public X509CRLImpl sign(X509CRLImpl crl, String algname) + throws EBaseException; + + /** + * Logs a message to this certificate authority. + * + * @param level logging level + * @param msg logged message + */ + public void log(int level, String msg); + + /** + * Returns the nickname for the CA signing certificate. + * + * @return the nickname for the CA signing certificate + */ + public String getNickname(); + + /** + * Signs a X.509 certificate template. + * + * @param certInfo X.509 certificate template + * @param algname algorithm used for signing + * @return signed certificate + * @exception EBaseException failed to sign certificate + */ + public X509CertImpl sign(X509CertInfo certInfo, String algname) + throws EBaseException; + + /** + * Retrieves the default certificate version. + * + * @return the default version certificate + */ + public CertificateVersion getDefaultCertVersion(); + + /** + * Is this CA allowed to issue certificate that has longer + * validty than the CA's. + * + * @return true if allows certificates to have validity longer than CA's + */ + public boolean isEnablePastCATime(); + + /** + * Retrieves the CA service object that is responsible for + * processing requests. + * + * @return CA service object + */ + public IService getCAService(); + + /** + * Returns the in-memory count of the processed OCSP requests. + * + * @return number of processed OCSP requests in memory + */ + public long getNumOCSPRequest(); + + /** + * Returns the in-memory time (in mini-second) of + * the processed time for OCSP requests. + * + * @return processed times for OCSP requests + */ + public long getOCSPRequestTotalTime(); + + /** + * Returns the in-memory time (in mini-second) of + * the signing time for OCSP requests. + * + * @return processed times for OCSP requests + */ + public long getOCSPTotalSignTime(); + + /** + * Returns the total data signed + * for OCSP requests. + * + * @return processed times for OCSP requests + */ + public long getOCSPTotalData(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/cert/ICrossCertPairSubsystem.java b/pki/base/common/src/com/netscape/certsrv/cert/ICrossCertPairSubsystem.java new file mode 100644 index 000000000..81d5cbefb --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/cert/ICrossCertPairSubsystem.java @@ -0,0 +1,58 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.cert; + + +import com.netscape.certsrv.base.*; +import java.security.cert.*; + + +/** + * Interface for handling cross certs + * + * @version $Revision$, $Date$ + */ +public interface ICrossCertPairSubsystem extends ISubsystem { + + /** + * "import" the CA cert cross-signed by another CA (potentially a + * bridge CA) into internal ldap db. + * If publishing is turned on, and + * if matches up a pair, then publish to publishing directory + * otherwise, leave in internal ldap db and wait for it's matching + * pair + * @param certBytes binary byte array of the cert + * @exception EBaseException when certBytes conversion to X509 + * certificate fails + */ + public void importCert(byte[] certBytes) throws EBaseException; + + /** + * publish all cert pairs, if publisher is on + * @exception EBaseException when publishing fails + */ + public void publishCertPairs() throws EBaseException; + + /** + * convert byte array to X509Certificate + * @return X509Certificate the X509Certificate class + * representation of the certificate byte array + * @exception CertificateException when conversion fails + */ + public X509Certificate byteArray2X509Cert(byte[] certBytes) throws CertificateException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/client/IDataProcessor.java b/pki/base/common/src/com/netscape/certsrv/client/IDataProcessor.java new file mode 100644 index 000000000..3bce367d9 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/client/IDataProcessor.java @@ -0,0 +1,36 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.client; + + +/** + * this class represents the callback interface between + * the client package and the data storage object (data model) + * + * @version $Revision$, $Date$ + */ +public interface IDataProcessor { + + /** + * This method will be callby the client package each time + * data object arrived from the server side. + * @param data data object expected by the interface implementor + */ + public void processData(Object data); + +} diff --git a/pki/base/common/src/com/netscape/certsrv/client/connection/IAuthenticator.java b/pki/base/common/src/com/netscape/certsrv/client/connection/IAuthenticator.java new file mode 100644 index 000000000..139585f2c --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/client/connection/IAuthenticator.java @@ -0,0 +1,29 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.client.connection; + +import java.io.*; +import java.util.*; + +/** + * An interface represents authentiator. + * + * @version $Revision$, $Date$ + */ +public interface IAuthenticator { +} diff --git a/pki/base/common/src/com/netscape/certsrv/client/connection/IConnection.java b/pki/base/common/src/com/netscape/certsrv/client/connection/IConnection.java new file mode 100644 index 000000000..18bd35183 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/client/connection/IConnection.java @@ -0,0 +1,51 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.client.connection; + +import java.io.IOException; +import java.net.SocketException; + +/** + * Interface for all connection objects. + * + * @version $Revision$, $Date$ + */ +public interface IConnection { + + /** + * Send request to the server using this connection + */ + public int sendRequest(String req) throws IOException; + + /** + * Returns the response in byte array format + */ + public byte[] getResponse(); + + /** + * Close the connection + */ + public void disconnect(); + + /** + * SetTimeout + */ + public void setSoTimeout(int timeout) throws SocketException; + + +} diff --git a/pki/base/common/src/com/netscape/certsrv/client/connection/IConnectionFactory.java b/pki/base/common/src/com/netscape/certsrv/client/connection/IConnectionFactory.java new file mode 100644 index 000000000..b4fecd155 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/client/connection/IConnectionFactory.java @@ -0,0 +1,43 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.client.connection; + +import java.net.*; +import java.io.*; + +/** + * Interface for all connection factory. Primarily act as + * the abstraction layer for different kind of connection factory. + * + * @version $Revision$, $Date$ + */ +public interface IConnectionFactory { + + /** + * Creates connection using the host and port + * @param host The host to connect to + * @param port The port to connect to + * @return The created connection + * @throws IOException On an IO Error + * @throws UnknownHostException If the host can't be resolved + */ + public IConnection create(String host, int port) + throws IOException, UnknownHostException; + +} + diff --git a/pki/base/common/src/com/netscape/certsrv/common/ConfigConstants.java b/pki/base/common/src/com/netscape/certsrv/common/ConfigConstants.java new file mode 100644 index 000000000..9f892cd25 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/common/ConfigConstants.java @@ -0,0 +1,334 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.common; + + +/** + * This interface contains constants that are used + * in the protocol between the configuration daemon + * and UI configuration wizard. + * + * @version $Revision$, $Date$ + */ +public interface ConfigConstants { + + public static final String TRUE = "true"; + public static final String FALSE = "false"; + public static final String OPTYPE = "opType"; + public static final String TASKID = "taskID"; + + // Stages + public static final String STAGES = "stages"; + public static final String STAGE_INTERNAL_DB = "stageInternalDB"; + public static final String STAGE_CONNECT_DB = "stageConnectDB"; + public static final String STAGE_SETUP_PORTS = "stageSetupPorts"; + public static final String STAGE_SETUP_ADMINISTRATOR = "stageSetupAdmin"; + public static final String STAGE_SETUP_SUBSYSTEMS = "stageSubsystems"; + public static final String STAGE_DATA_MIGRATION = "stageDataMigration"; + public static final String STAGE_CA_SELFSIGNED_CERT = "stageCASelfSignedCert"; + public static final String STAGE_CA_CERT_REQUEST = "stageCACertRequest"; + public static final String STAGE_CA_CERT_INSTALL = "stageCACertInstall"; + public static final String STAGE_RA_LOCAL_CERT = "stageRALocalCert"; + public static final String STAGE_RA_CERT_REQUEST = "stageRACertRequest"; + public static final String STAGE_RA_CERT_INSTALL = "stageRACertInstall"; + public static final String STAGE_KRA_LOCAL_CERT = "stageKRALocalCert"; + public static final String STAGE_KRA_CERT_REQUEST = "stageKRACertRequest"; + public static final String STAGE_KRA_CERT_INSTALL = "stageKRACertInstall"; + public static final String STAGE_SSL_LOCAL_CERT = "stageSSLLocalCert"; + public static final String STAGE_SSL_CERT_REQUEST = "stageSSLCertRequest"; + public static final String STAGE_SSL_CERT_INSTALL = "stageSSLCertInstall"; + public static final String STAGE_OCSP_LOCAL_CERT = "stageOCSPLocalCert"; + public static final String STAGE_OCSP_CERT_REQUEST = "stageOCSPCertRequest"; + public static final String STAGE_OCSP_CERT_INSTALL = "stageOCSPCertInstall"; + public static final String STAGE_CA_CERTCHAIN_IMPORT = "stageCACertChain"; + public static final String STAGE_RA_CERTCHAIN_IMPORT = "stageRACertChain"; + public static final String STAGE_OCSP_CERTCHAIN_IMPORT = "stageOCSPCertChain"; + public static final String STAGE_KRA_CERTCHAIN_IMPORT = "stageKRACertChain"; + public static final String STAGE_SSL_CERTCHAIN_IMPORT = "stageSSLCertChain"; + public static final String STAGE_OCSP_SERVICE_ADDED = "stageOCSPService"; + public static final String STAGE_CONFIG_WEBSERVER = "stageConfigWebserver"; + public static final String STAGE_REPLICATION_AGREEMENT = "stageReplicationAgreement"; + public static final String PR_ENABLE_REPLICATION = "enableReplication"; + + public static final String CA_CERT_REQUEST = "CACertRequest"; + public static final String RA_CERT_REQUEST = "RACertRequest"; + public static final String OCSP_CERT_REQUEST = "OCSPCertRequest"; + public static final String KRA_CERT_REQUEST = "KRACertRequest"; + public static final String SSL_CERT_REQUEST = "SSLCertRequest"; + public static final String STAGE_CA_REQ_SUCCESS = "stageCAReqSuccess"; + public static final String STAGE_RA_REQ_SUCCESS = "stageRAReqSuccess"; + public static final String STAGE_KRA_REQ_SUCCESS = "stageKRAReqSuccess"; + public static final String STAGE_SSL_REQ_SUCCESS = "stageSSLReqSuccess"; + public static final String STAGE_OCSP_REQ_SUCCESS = "stageOCSPReqSuccess"; + + public static final String STAGE_KRA_NM_SCHEME = "stageKRANMScheme"; + public static final String STAGE_CACLONING = "stageCACloning"; + public static final String STAGE_RACLONING = "stageRACloning"; + public static final String STAGE_KRACLONING = "stageKRACloning"; + public static final String STAGE_TKSCLONING = "stageTKSCloning"; + public static final String STAGE_SSLCLONING = "stageSSLCloning"; + public static final String STAGE_OCSPCLONING = "stageOCSPCloning"; + public static final String STAGE_CLONEMASTER = "stageCloneMaster"; + public static final String STAGE_UPDATE_DB_INFO = "stageUpdateDBInfo"; + + public static final String CA_CERT_REQUEST_BACK = "CACertRequestBack"; + public static final String RA_CERT_REQUEST_BACK = "RACertRequestBack"; + public static final String OCSP_CERT_REQUEST_BACK = "OCSPCertRequestBack"; + public static final String KRA_CERT_REQUEST_BACK = "KRACertRequestBack"; + public static final String SSL_CERT_REQUEST_BACK = "SSLCertRequestBack"; + + // Error messages + public static final String PR_ERROR_MESSAGE = "errorMsg"; + + // Certificate server instance + public static final String PR_CERT_INSTANCE_NAME = "instanceID"; + + // Admin server info + public static final String PR_HOST = "host"; + public static final String PR_LDAP_DB_NAME = "ldapServerDB"; + public static final String PR_SERVER_ROOT = "serverRoot"; + public static final String PR_SIE_URL = "sieURL"; + public static final String PR_ADMIN_PASSWD = "AdminUserPassword"; + public static final String PR_ADMIN_UID = "adminUID"; + public static final String PR_ADMIN_DOMAIN = "adminDomain"; + public static final String PR_MACHINE_NAME = "machineName"; + + public static final String PR_CA_OCSP_SERVICE = "CAOCSPService"; + + // Daemon + public static final String PR_DAEMON_PORT = "daemonPort"; + public static final String PR_DELETE_PASSWD_CONF = "deletePasswdConf"; + + // Internal Database + public static final String PR_DB_SCHEMA = "db.schema"; + public static final String PR_DB_MODE = "db.mode"; + public static final String PR_DB_PORT = "internaldb.ldapconn.port"; + public static final String PR_DB_HOST = "internaldb.ldapconn.host"; + public static final String PR_DB_BINDDN = "internaldb.ldapauth.bindDN"; + public static final String PR_DB_BINDPWD = "internaldb.ldapauth.bindPWPrompt"; + public static final String PR_DB_PWD = "db.password"; + public static final String PR_DB_LOCAL = "db.local"; + public static final String PR_DB_NAME = "db.instanceName"; + public static final String PR_CLONEDDB_NAME = "db.cloned.instanceName"; + public static final String PR_IS_DBCREATED = "db.isCreated"; + public static final String PR_IS_CLONEDDB_CREATED = "db.cloned.isCreated"; + public static final String PR_NEXT_AVAIL_PORT = "nextAvailPort"; + + // Network Ports + public static final String PR_ENABLE = "enabled"; + public static final String PR_EE_PORT = "eeGateway.http.port"; + public static final String PR_EE_SECURE_PORT = "eeGateway.https.port"; + public static final String PR_AGENT_PORT = "agentGateway.https.port"; + public static final String PR_RADM_PORT = "radm.https.port"; + public static final String PR_RADM_PORT_SETUP="radm.port"; + public static final String PR_EE_PORT_ENABLE = "eeGateway.http.enable"; + public static final String PR_EE_PORTS_ENABLE = "eePortsEnable"; + + // Certificate server administrator + public static final String PR_CERT_ADMINNAME = "cert.admin.name"; + public static final String PR_CERT_ADMINUID = "cert.admin.uid"; + public static final String PR_CERT_ADMINPASSWD = "cert.admin.passwd"; + + // Subsystems + public static final String PR_SUBSYSTEMS = "subsystems"; + public static final String PR_CA = "ca"; + public static final String PR_RA = "ra"; + public static final String PR_KRA = "kra"; + public static final String PR_TKS = "tks"; + public static final String PR_OCSP = "ocsp"; + public static final String CA_HOST = "caHostname"; + public static final String CA_PORT = "caPortnum"; + public static final String CA_TIMEOUT = "caTimeout"; + public static final String KRA_HOST = "kraHostname"; + public static final String KRA_PORT = "kraPortnum"; + public static final String KRA_TIMEOUT = "kraTimeout"; + public static final String REMOTE_KRA_ENABLED = "remoteKRA"; + + // Clone Master (CLA) + public static final String CLA_HOST = "claHostname"; + public static final String CLA_PORT = "claPortnum"; + public static final String CLA_PORT_EE = "claPortnumEE"; + public static final String CLA_TIMEOUT = "claTimeout"; + public static final String CLONE_CA = "cloning"; + public static final String PR_CLONE_SETTING_DONE = "cloneSettingDone"; + + // Data Migration + public static final String PR_ENABLE_MIGRATION = "migrationEnable"; + public static final String PR_OUTPUT_PATH = "outputPath"; + public static final String PR_ADD_LDIF_PATH = "addLdifPath"; + public static final String PR_MOD_LDIF_PATH = "modLdifPath"; + public static final String PR_SIGNING_KEY_MIGRATION_TOKEN = + "signingKeyMigrationToken"; + public static final String PR_SSL_KEY_MIGRATION_TOKEN = + "sslKeyMigrationToken"; + public static final String PR_SIGNING_KEY_MIGRATION_TOKEN_PASSWD = + "signingKeyMigrationTokenPasswd"; + public static final String PR_SIGNING_KEY_MIGRATION_TOKEN_SOPPASSWD = + "signingKeyMigrationTokenSOPPasswd"; + public static final String PR_SSL_KEY_MIGRATION_TOKEN_PASSWD = + "sslKeyMigrationTokenPasswd"; + public static final String PR_SSL_KEY_MIGRATION_TOKEN_SOPPASSWD = + "sslKeyMigrationTokenSOPPasswd"; + public static final String PR_NUM_MIGRATION_WARNINGS = + "numMigrationWarnings"; + public static final String PR_MIGRATION_WARNING = "migrationWarning"; + public static final String PR_CA_KEY_TYPE = "caKeyType"; + public static final String PR_LDAP_PASSWORD = "ldapPassword"; + public static final String PR_MIGRATION_PASSWORD = "migrationPassword"; + + // Key and Cert + public static final String PR_HARDWARE_SPLIT = "hardwareSplit"; + public static final String PR_TOKEN_LIST = "tokenList"; + public static final String PR_TOKEN_NAME = "tokenName"; + public static final String PR_SUBJECT_NAME = "subjectName"; + public static final String PR_CA_SUBJECT_NAME = "caSubjectName"; + public static final String PR_RA_SUBJECT_NAME = "raSubjectName"; + public static final String PR_OCSP_SUBJECT_NAME = "ocspSubjectName"; + public static final String PR_KRA_SUBJECT_NAME = "kraSubjectName"; + public static final String PR_SSL_SUBJECT_NAME = "sslSubjectName"; + public static final String PR_KEY_TYPE = "keyType"; + public static final String PR_KEY_LENGTH = "keyLength"; + public static final String PR_CERT_REQUEST = "certReq"; + public static final String PR_REQUEST_ID = "ReqID"; + public static final String PR_REQUEST_FORMAT = "ReqFormat"; + public static final String PR_REQUEST_PKCS10 = "PKCS10"; + public static final String PR_REQUEST_CMC = "CMC"; + public static final String PR_CERTIFICATE_TYPE = "certType"; + public static final String PR_CACERT_LOCALCA = "ca_isLocalCA"; + public static final String PR_RACERT_LOCALCA = "ra_isLocalCA"; + public static final String PR_KRACERT_LOCALCA = "kra_isLocalCA"; + public static final String PR_SSLCERT_LOCALCA = "ssl_isLocalCA"; + public static final String PR_OCSPCERT_LOCALCA = "ocsp_isLocalCA"; + public static final String PR_CERT_CONTENT_ORDER = "contentOrder"; + public static final String PR_CERTIFICATE_EXTENSION = "certificateExtension"; + public static final String CA_REQUEST_DISPLAYED = "caReqDisplayed"; + public static final String RA_REQUEST_DISPLAYED = "raReqDisplayed"; + public static final String OCSP_REQUEST_DISPLAYED = "ocspReqDisplayed"; + public static final String KRA_REQUEST_DISPLAYED = "kraReqDisplayed"; + public static final String SSL_REQUEST_DISPLAYED = "sslReqDisplayed"; + + // KRA Storage Key Generation + public static final String PR_KEY_LEN = "keyLength"; + public static final String PR_KEY_ALG = "keyAlg"; + public static final String PR_STORAGE_TOKEN_PWD = "storageTokenPwd"; + public static final String PR_STORAGE_HARDWARE = "storageHardware"; + + // KRA Agents + public static final String PR_AGENT_N = "n"; + public static final String PR_AGENT_M = "m"; + public static final String PR_AGENT_UID = "uid"; + public static final String PR_AGENT_PWD = "pwd"; + + // Token Info + public static final String PR_TOKEN_NAMES = "tokenNames"; + public static final String PR_TOKEN_INITIALIZED = "tokenInitialized"; + public static final String PR_TOKEN_LOGGED_IN = "tokenLoggedIn"; + public static final String PR_TOKEN_PASSWD = "tokenPasswd"; + public static final String PR_TOKEN_SOP = "sopPasswd"; + public static final String PR_CLONE_SUBSYSTEM = "cloneSubsystem"; + public static final String PR_CLONE_CA_TOKEN_NAME = "cloneCATokenName"; + public static final String PR_CLONE_OCSP_TOKEN_NAME = "cloneOCSPTokenName"; + public static final String PR_CLONE_RA_TOKEN_NAME = "cloneRATokenName"; + public static final String PR_CLONE_KRA_TOKEN_NAME = "cloneKRATokenName"; + public static final String PR_CLONE_STORAGE_TOKEN_NAME = "cloneStorageTokenName"; + public static final String PR_CLONE_SSL_TOKEN_NAME = "cloneSSLTokenName"; + public static final String PR_CLONE_CA_NICKNAME = "cloneCANickname"; + public static final String PR_CLONE_OCSP_NICKNAME = "cloneOCSPNickname"; + public static final String PR_CLONE_RA_NICKNAME = "cloneRANickname"; + public static final String PR_CLONE_KRA_NICKNAME = "cloneKRANickname"; + public static final String PR_CLONE_STORAGE_NICKNAME = "cloneStorageNickname"; + public static final String PR_CLONE_SSL_NICKNAME = "cloneSSLNickname"; + public static final String PR_TOKEN_LOGONLIST = "tokenLogonList"; + public static final String PR_TOKEN_LOGON_PWDS = "tokenLogonPasswords"; + public static final String PR_SUBSYSTEM = "subsystem"; + + // Single Signon + public static final String PR_SINGLE_SIGNON = "singleSignon"; + public static final String PR_SINGLE_SIGNON_PASSWORD = "singleSignonPwd"; + public static final String PR_SINGLE_SIGNON_PW_TAGS = "singleSignonPWTags"; + + public static final String PR_CERT_CHAIN = "certChain"; + + // Token Subsystem Info + public static final String PR_CA_TOKEN = "caToken"; + public static final String PR_RA_TOKEN = "raToken"; + public static final String PR_KRA_TOKEN = "kraToken"; + public static final String PR_SSL_TOKEN = "sslToken"; + //public static final String PR_SUBSYSTEMS = "subsystems"; + + // Key Length + public static final String PR_RSA_MIN_KEYLENGTH = "RSAMinKeyLength"; + public static final String PR_CA_KEYTYPE = "ca_keyType"; + public static final String PR_HASH_TYPE = "hashType"; + public static final String PR_NOTAFTER = "notAfter"; + public static final String PR_CA_O_COMPONENT = "caOComponent"; + public static final String PR_CA_C_COMPONENT = "caCComponent"; + public static final String PR_RA_O_COMPONENT = "raOComponent"; + public static final String PR_RA_C_COMPONENT = "raCComponent"; + public static final String PR_OCSP_O_COMPONENT = "ocspOComponent"; + public static final String PR_OCSP_C_COMPONENT = "ocspCComponent"; + + // Subject DN + public static final String PR_OU_COMPONENT = "OU_Component"; + public static final String PR_O_COMPONENT = "O_Component"; + public static final String PR_L_COMPONENT = "L_Component"; + public static final String PR_ST_COMPONENT = "ST_Component"; + public static final String PR_C_COMPONENT = "C_Component"; + + // CA serial number + public static final String PR_CA_SERIAL_NUMBER = "caSerialNumber"; + public static final String PR_CA_ENDSERIAL_NUMBER = "caEndSerialNumber"; + + // KRA number + public static final String PR_REQUEST_NUMBER = "requestNumber"; + public static final String PR_ENDREQUEST_NUMBER = "endRequestNumber"; + public static final String PR_SERIAL_REQUEST_NUMBER = "serialRequestNumber"; + + // Cloning + public static final String PR_CLONING_INSTANCE = "cloningInstance"; + public static final String PR_CLONE_CERTIFICATES = "clonedCertificates"; + + // Cert request + public static final String CA_EEPORT = "caEEPort"; + public static final String CA_EETYPE = "caEEType"; + + // Certificate chain + public static final String NOT_IMPORT_CHAIN = "notImportChain"; + + public static final String OVERRIDE_VALIDITY = "overrideValidity"; + + // request status: should be consistent with RequestStatus.java + public static String BEGIN_STRING = "begin"; + public static String PENDING_STRING = "pending"; + public static String APPROVED_STRING = "approved"; + public static String SVC_PENDING_STRING = "svc_pending"; + public static String CANCELED_STRING = "canceled"; + public static String REJECTED_STRING = "rejected"; + public static String COMPLETE_STRING = "complete"; + + public static String PR_CMS_SEED = "cmsSeed"; + + public static String PR_WEB_SERVERROOT = "webServerRoot"; + public static String PR_USER_ID = "webUserId"; + + public static final String PR_AGREEMENT_NAME_1 = "agreementName1"; + public static final String PR_REPLICATION_MANAGER_PASSWD_1 = "replicationManagerPwd1"; + public static final String PR_AGREEMENT_NAME_2 = "agreementName2"; + public static final String PR_REPLICATION_MANAGER_PASSWD_2 = "replicationManagerPwd2"; +} + diff --git a/pki/base/common/src/com/netscape/certsrv/common/Constants.java b/pki/base/common/src/com/netscape/certsrv/common/Constants.java new file mode 100644 index 000000000..c85034918 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/common/Constants.java @@ -0,0 +1,750 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.common; + + +/** + * This interface contains constants that are shared + * by certificate server and its client SDK. + * + * @version $Revision$, $Date$ + */ +public interface Constants { + + /*======================================================= + * MESSAGE FORMAT CONSTANTS + *=======================================================*/ + public static final String PASSWORDTYPE = "PasswordField"; + public static final String TEXTTYPE = "TextField"; + public static final String CHECKBOXTYPE = "CheckBox"; + public static final String COMBOTYPE = "ComboBox"; + public final static String TRUE = "true"; + public final static String FALSE = "false"; + public final static String VIEW = "view"; + public final static String EDIT = "edit"; + + public final static String OP_TYPE = "OP_TYPE"; + public final static String OP_SCOPE = "OP_SCOPE"; + + //STATIC RESOURCE IDENTIFIERS + public final static String RS_ID = "RS_ID"; + public final static String RS_ID_CONFIG = "RS_ID_CONFIG"; + public final static String RS_ID_ORDER = "RS_ID_ORDER"; + + //STATIC UI TYPE + public final static String TYPE_PASSWORD = "password"; + + /********************************************************** + * PROPERTY NAME LISTED BELOW + **********************************************************/ + + /*======================================================== + * General + *========================================================*/ + public final static String PR_PORT = "port"; + public final static String PR_SSLPORT = "sslPort"; + + /*======================================================== + * Tasks + *========================================================*/ + public final static String PR_SERVER_START = "start"; + public final static String PR_SERVER_STOP = "stop"; + public final static String PR_SERVER_RESTART = "restart"; + + /*======================================================== + * Networks + *========================================================*/ + public final static String PR_ADMIN_S_PORT = "admin.https.port"; + public final static String PR_AGENT_S_PORT = "agent.https.port"; + public final static String PR_GATEWAY_S_PORT = "gateway.https.port"; + public final static String PR_GATEWAY_PORT = "gateway.http.port"; + public final static String PR_DOC_ROOT = "docroot"; + public final static String PR_ADMIN_S_BACKLOG = "admin.https.backlog"; + public final static String PR_AGENT_S_BACKLOG = "agent.https.backlog"; + public final static String PR_GATEWAY_S_BACKLOG = "gateway.https.backlog"; + public final static String PR_GATEWAY_BACKLOG = "gateway.http.backlog"; + public final static String PR_GATEWAY_PORT_ENABLED = + "gateway.http.enable"; + public final static String PR_MASTER_AGENT_PORT = "master.ca.agent.port"; + public final static String PR_MASTER_AGENT_HOST = "master.ca.agent.host"; + + /*======================================================== + * SMTP + *========================================================*/ + public final static String PR_SERVER_NAME = "server"; + + /*======================================================== + * SNMP + *========================================================*/ + public final static String PR_SNMP_ENABLED = "on"; + public final static String PR_SNMP_MASTER_HOST = "master.host"; + public final static String PR_SNMP_MASTER_PORT = "master.port"; + public final static String PR_SNMP_DESC = "desc"; + public final static String PR_SNMP_ORGN = "orgn"; + public final static String PR_SNMP_LOC = "loc"; + public final static String PR_SNMP_CONTACT = "contact"; + + /*======================================================== + * Self Tests + *========================================================*/ + public final static String PR_RUN_SELFTESTS_ON_DEMAND = "run"; + public final static String PR_RUN_SELFTESTS_ON_DEMAND_CLASS = "class"; + public final static String PR_RUN_SELFTESTS_ON_DEMAND_CONTENT = "runContent"; + + /*======================================================== + * Users and Groups + *========================================================*/ + + //group properties + public final static String PR_GROUP_DESC = "desc"; + public final static String PR_GROUP_USER = "user"; + public final static String PR_GROUP_GROUP = "group"; + + //user properties + public final static String PR_USER_FULLNAME = "fullname"; + public final static String PR_USER_PASSWORD = "password"; + public final static String PR_USER_EMAIL = "email"; + public final static String PR_USER_PHONE = "phone"; + public final static String PR_USER_STATE = "state"; + public final static String PR_USER_CERT = "cert"; + public final static String PR_USER_GROUP = "groups"; + public final static String PR_MULTIROLES = "multiroles"; + + /*======================================================== + * Authentication + *========================================================*/ + public final static String PR_PING = "ping"; + public final static String PR_AUTH_CLASS = "class"; + public final static String PR_AUTH_IMPL_NAME = "implName"; + public final static String PR_AUTH_HOST = "ldapconn.host"; + public final static String PR_AUTH_PORT = "ldapconn.port"; + public final static String PR_AUTH_BASEDN = "basedn"; + public final static String PR_AUTH_ADMIN_DN = "ldapauth.bindDN"; + public final static String PR_AUTH_ADMIN_PWD = "ldapauth.bindPassword"; + + /*======================================================== + * Job Scheduler + *========================================================*/ + public final static String PR_JOBS_CLASS = "class"; + public final static String PR_JOBS_IMPL_NAME = "implName"; + public final static String PR_JOBS_FREQUENCY = "frequency"; + + /*======================================================== + * Notification + *========================================================*/ + public final static String PR_NOTIFICATION_FORM_NAME = "emailTemplate"; + public final static String PR_NOTIFICATION_SUBJECT = + "emailSubject"; + public final static String PR_NOTIFICATION_SENDER = "senderEmail"; + public final static String PR_NOTIFICATION_RECEIVER = "recipientEmail"; + + /*======================================================== + * Logs + *========================================================*/ + public static final String PR_LOG_IMPL_NAME = "implName"; + public static final String PR_EXT_PLUGIN_IMPLTYPE_LOG = "log"; + public final static String PR_LOG_CLASS = "class"; + public final static String PR_LOG_INSTANCE = "instanceName"; + public final static String PR_LOG_ONE = "entry"; + public final static String PR_LOG_ENTRY = "maxentry"; + public final static String PR_LOG_SOURCE = "source"; + public final static String PR_LOG_LEVEL = "level"; + public final static String PR_LOG_ENABLED = "on"; + public final static String PR_LOG_BUFFERSIZE = "bufferSize"; + public final static String PR_LOG_EXPIRED_TIME = "expirationTime"; + public final static String PR_LOG_FILENAME = "fileName"; + public final static String PR_LOG_FLUSHINTERVAL = "flushInterval"; + public final static String PR_LOG_MAXFILESIZE = "maxFileSize"; + public final static String PR_LOG_ROLLEROVER_INTERVAL = "rolloverInterval"; + public final static String PR_LOG_TYPE = "type"; + public static final String PR_LOGSOURCE_KRA = "KRA"; + public static final String PR_LOGSOURCE_RA = "RA"; + public static final String PR_LOGSOURCE_CA = "CA"; + public static final String PR_LOGSOURCE_HTTP = "HTTP"; + public static final String PR_LOGSOURCE_DB = "DB"; + public static final String PR_LOGSOURCE_AUTH = "AUTH"; + public static final String PR_LOGSOURCE_ADMIN = "ADMIN"; + public static final String PR_LOG_NAME = "logname"; + public static final String PR_CURRENT_LOG = "current"; + + public static final String PR_AUTO_CRL = "auto"; + public static final String PR_LOG_SIGNED_AUDIT = "SignedAudit"; + public static final String PR_LOG_TRANSACTIONS = "Transactions"; + public static final String PR_LOG_SYSTEM = "System"; + + public static final String PR_DEBUG_LOG_SHOWCALLER = "debug.showcaller"; + public static final String PR_DEBUG_LOG_ENABLE = "debug.enabled"; + public static final String PR_DEBUG_LOG_LEVEL = "debug.level"; + + /*======================================================== + * LDAP Publishing + *========================================================*/ + + // publishing properties + public final static String PR_BASIC_AUTH = "BasicAuth"; + public final static String PR_SSL_AUTH = "SslClientAuth"; + public final static String PR_AUTH_TYPE = "ldapauth.authtype"; + public final static String PR_BINDPWD_PROMPT = "ldapauth.bindPWPrompt"; + public final static String PR_CERT_NAMES = "ldapauth.nicknames"; + public final static String PR_LDAP_CLIENT_CERT = "ldapauth.clientCertNickname"; + public final static String PR_DIRECTORY_MANAGER_PWD = "directoryManagerPwd"; + + // crl settings + public final static String PR_ENABLE_CRL = "enableCRLUpdates"; + public final static String PR_UPDATE_SCHEMA = "updateSchema"; + public final static String PR_EXTENDED_NEXT_UPDATE = "extendedNextUpdate"; + public final static String PR_UPDATE_ALWAYS = "alwaysUpdate"; + public final static String PR_ENABLE_DAILY = "enableDailyUpdates"; + public final static String PR_DAILY_UPDATES = "dailyUpdates"; + public final static String PR_ENABLE_FREQ = "enableUpdateInterval"; + public final static String PR_UPDATE_FREQ = "autoUpdateInterval"; + public final static String PR_GRACE_PERIOD = "nextUpdateGracePeriod"; + public final static String PR_ENABLE_CACHE = "enableCRLCache"; + public final static String PR_CACHE_FREQ = "cacheUpdateInterval"; + public final static String PR_CACHE_RECOVERY = "enableCacheRecovery"; + public final static String PR_CACHE_TESTING = "enableCacheTesting"; + public final static String PR_EXTENSIONS = "allowExtensions"; + public final static String PR_INCLUDE_EXPIREDCERTS = "includeExpiredCerts"; + public final static String PR_INCLUDE_EXPIREDCERTS_ONEEXTRATIME = "includeExpiredCertsOneExtraTime"; + public final static String PR_CA_CERTS_ONLY = "caCertsOnly"; + public final static String PR_PROFILE_CERTS_ONLY = "profileCertsOnly"; + public final static String PR_PROFILE_LIST = "profileList"; + public final static String PR_SIGNING_ALGORITHM = "signingAlgorithm"; + public final static String PR_MD2_RSA = "MD2withRSA"; + public final static String PR_MD5_RSA = "MD5withRSA"; + public final static String PR_SHA1_RSA = "SHA1withRSA"; + public final static String PR_SHA1_DSA = "SHA1withDSA"; + public final static String PR_DESCRIPTION = "description"; + public final static String PR_CLASS = "class"; + + // ldap settings + public final static String PR_ENABLE = "enable"; + public final static String PR_PUBLISHING_ENABLE = "publishingEnable"; + public final static String PR_HOST_NAME = "ldapconn.host"; + public final static String PR_SECURE_PORT_ENABLED = "ldapconn.secureConn"; + public final static String PR_LDAP_PORT = "ldapconn.port"; + public final static String PR_LDAP_VERSION = "ldapconn.version"; + public final static String PR_BIND_DN = "ldapauth.bindDN"; + public final static String PR_BIND_PASSWD = "ldapauth.bindPassword"; + public final static String PR_BIND_PASSWD_AGAIN = "bindPasswdAgain"; + public final static String PR_LDAP_MAX_CONNS = "maxConns"; + public final static String PR_LDAP_MIN_CONNS = "minConns"; + public final static String PR_PUBLISHING_QUEUE_ENABLE = "queue.enable"; + public final static String PR_PUBLISHING_QUEUE_THREADS = "queue.maxNumberOfThreads"; + public final static String PR_PUBLISHING_QUEUE_PAGE_SIZE = "queue.pageSize"; + public final static String PR_PUBLISHING_QUEUE_PRIORITY = "queue.priorityLevel"; + public final static String PR_PUBLISHING_QUEUE_STATUS = "queue.saveStatus"; + + public final static String PR_BASE_DN = "baseDN"; + public final static String PR_DNCOMPS = "dnComps"; + public final static String PR_FILTERCOMPS = "filterComps"; + + // ldap connection test + public final static String PR_CONN_INITED = "connInited"; + public final static String PR_CONN_INIT_FAIL = "connInitFail"; + public final static String PR_CONN_OK = "connOk"; + public final static String PR_CONN_FAIL = "connFail"; + public final static String PR_AUTH_OK = "authOk"; + public final static String PR_AUTH_FAIL = "authFail"; + public final static String PR_SAVE_OK = "saveOk"; + public final static String PR_SAVE_NOT = "saveOrNot"; + + /*======================================================== + * Plugin + *========================================================*/ + public final static String PR_PLUGIN_IMP = "imp"; + public final static String PR_PLUGIN_INSTANCE = "instance"; + + /*======================================================== + * Policy + *========================================================*/ + public final static String PR_POLICY_CLASS = "class"; + public final static String PR_POLICY_IMPL_NAME = "implName"; + public final static String PR_CRLDP_NAME = "crldpName"; + public final static String PR_POLICY_DESC = "desc"; + public final static String PR_POLICY_ORDER = "order"; + public final static String PR_POLICY_ENABLE = "enable"; + public final static String PR_POLICY_PREDICATE = "predicate"; + + /*======================================================== + * Publish + *========================================================*/ + public final static String PR_PUBLISHER = "publisher"; + public final static String PR_PUBLISHER_CLASS = "class"; + public final static String PR_PUBLISHER_IMPL_NAME = "implName"; + public final static String PR_PUBLISHER_DESC = "desc"; + public final static String PR_PUBLISHER_ORDER = "order"; + public final static String PR_PUBLISHER_ENABLE = "enable"; + + public final static String PR_MAPPER = "mapper"; + public final static String PR_MAPPER_CLASS = "class"; + public final static String PR_MAPPER_IMPL_NAME = "implName"; + public final static String PR_MAPPER_DESC = "desc"; + public final static String PR_MAPPER_ORDER = "order"; + public final static String PR_MAPPER_ENABLE = "enable"; + + public final static String PR_RULE = "rule"; + public final static String PR_RULE_CLASS = "class"; + public final static String PR_RULE_IMPL_NAME = "implName"; + public final static String PR_RULE_DESC = "desc"; + public final static String PR_RULE_ORDER = "order"; + public final static String PR_RULE_ENABLE = "enable"; + + public final static String PR_CRLEXT = "crlExt"; + public final static String PR_CRLEXT_CLASS = "class"; + public final static String PR_CRLEXT_IMPL_NAME = "implName"; + public final static String PR_CRLEXT_DESC = "desc"; + public final static String PR_CRLEXT_ORDER = "order"; + public final static String PR_CRLEXT_ENABLE = "enable"; + + public final static String PR_OCSPSTORE_IMPL_NAME = "implName"; + + /*======================================================== + * Registration Authority + *========================================================*/ + public final static String PR_EE_ENABLED = "eeEnabled"; + public final static String PR_OCSP_ENABLED = "ocspEnabled"; + public final static String PR_RA_ENABLED = "raEnabled"; + public final static String PR_RENEWAL_ENABLED = "renewal.enabled"; + public final static String PR_RENEWAL_VALIDITY = "renewal.validity"; + public final static String PR_RENEWAL_EMAIL = "renewal.email"; + public final static String PR_RENEWAL_EXPIREDNOTIFIEDENABLED = + "renewal.expired.notification.enabled"; + public final static String PR_RENEWAL_NUMNOTIFICATION = + "renewal.numNotification"; + public final static String PR_RENEWAL_INTERVAL = "renewal.interval"; + public final static String PR_SERVLET_CLASS = "class"; + public final static String PR_SERVLET_URI = "uri"; + public final static String PR_IMPL_NAME = "implName"; + public final static String PR_LOCAL = "local"; + public final static String PR_ID = "id"; + public final static String PR_HOST = "host"; + public final static String PR_URI = "uri"; + public final static String PR_ENABLED = "enable"; + + /*======================================================== + * Certificate Authority + *========================================================*/ + public final static String PR_VALIDITY = "validity"; + public final static String PR_DEFAULT_ALGORITHM = "defaultSigningAlgorithm"; + public final static String PR_ALL_ALGORITHMS = "allSigningAlgorithms"; + public final static String PR_SERIAL = "startSerialNumber"; + public final static String PR_MAXSERIAL = "maxSerialNumber"; + + /*======================================================== + * Access Control + *========================================================*/ + public final static String PR_ACL_OPS = "aclOperations"; + public final static String PR_ACI = "aci"; + public final static String PR_ACL_CLASS = "class"; + public final static String PR_ACL_DESC = "desc"; + public final static String PR_ACL_RIGHTS = "rights"; + + /*======================================================== + * Key Recovery + *========================================================*/ + public final static String PR_AUTO_RECOVERY_ON = "autoRecoveryOn"; + public final static String PR_RECOVERY_N = "recoveryN"; + public final static String PR_RECOVERY_M = "recoveryM"; + public final static String PR_OLD_RECOVERY_AGENT = "oldRecoveryAgent"; + public final static String PR_RECOVERY_AGENT = "recoveryAgent"; + public final static String PR_OLD_AGENT_PWD = "oldAgentPwd"; + public final static String PR_AGENT_PWD = "agentPwd"; + public final static String PR_NO_OF_REQUIRED_RECOVERY_AGENTS = "noOfRequiredRecoveryAgents"; + + /*======================================================== + * Status + *========================================================*/ + public final static String PR_STAT_STARTUP = "startup"; + public final static String PR_STAT_TIME = "time"; + public final static String PR_STAT_VERSION = "cms.version"; + public final static String PR_STAT_INSTALLDATE = "installDate"; + public final static String PR_STAT_INSTANCEID = "instanceId"; + + /*======================================================== + * Server Instance + *========================================================*/ + public final static String PR_INSTALL = "install"; + public final static String PR_INSTANCES_INSTALL = "instancesInstall"; + public final static String PR_CA_INSTANCE = "ca"; + public final static String PR_OCSP_INSTANCE = "ocsp"; + public final static String PR_RA_INSTANCE = "ra"; + public final static String PR_KRA_INSTANCE = "kra"; + public final static String PR_TKS_INSTANCE = "tks"; + + /* + * Certificate info + */ + public final static String PR_CA_SIGNING_NICKNAME = "caSigningCert"; + public final static String PR_PKCS10 = "pkcs10"; + public final static String PR_CERT_SUBJECT_NAME = "certSubjectName"; + public final static String PR_ISSUER_NAME = "issuerName"; + public final static String PR_SERIAL_NUMBER = "serialNumber"; + public final static String PR_BEFORE_VALIDDATE = "beforeValidDate"; + public final static String PR_AFTER_VALIDDATE = "afterValidDate"; + public final static String PR_CERT_FINGERPRINT = "certFingerPrint"; + public final static String PR_SIGNATURE_ALGORITHM = "signatureAlg"; + public final static String PR_ALGORITHM_ID = "algorithmId"; + public final static String PR_NICKNAME = "nickname"; + public final static String PR_ADD_CERT = "addCert"; + public final static String PR_CERT_CONTENT = "certContent"; + + /* + * Certificate type + */ + public final static String PR_CERTIFICATE_TYPE = "certType"; + public final static String PR_CERTIFICATE_SUBTYPE = "certSubType"; + public final static String PR_CA_SIGNING_CERT = "caSigningCert"; + public final static String PR_RA_SIGNING_CERT = "raSigningCert"; + public final static String PR_OCSP_SIGNING_CERT = "ocspSigningCert"; + public final static String PR_KRA_TRANSPORT_CERT = "kraTransportCert"; + public final static String PR_SERVER_CERT = "serverCert"; + public final static String PR_SUBSYSTEM_CERT = "subsystemCert"; + public final static String PR_SERVER_CERT_RADM = "serverCertRadm"; + public final static String PR_CROSS_CERT = "crossCert"; + public final static String PR_OTHER_CERT = "otherCert"; + public final static String PR_SERVER_CERT_CHAIN = "serverCertChain"; + public final static String PR_TRUSTED_CA_CERT = "trustedCACert"; + public final static String PR_TRUSTED_CERT = "trustedCert"; + public final static String PR_AUDIT_SIGNING_CERT = "auditSigningCert"; + + /* + * Extensions + */ + public final static String PR_VALIDITY_PERIOD = "validityPeriod"; + public final static String PR_BEGIN_YEAR = "beginYear"; + public final static String PR_BEGIN_MONTH = "beginMonth"; + public final static String PR_BEGIN_DATE = "beginDate"; + public final static String PR_BEGIN_HOUR = "beginHour"; + public final static String PR_BEGIN_MIN = "beginMin"; + public final static String PR_BEGIN_SEC = "beginSec"; + public final static String PR_AFTER_YEAR = "afterYear"; + public final static String PR_AFTER_MONTH = "afterMonth"; + public final static String PR_AFTER_DATE = "afterDate"; + public final static String PR_AFTER_HOUR = "afterHour"; + public final static String PR_AFTER_MIN = "afterMin"; + public final static String PR_AFTER_SEC = "afterSec"; + public final static String PR_AIA = "aia"; + public final static String PR_AKI = "aki"; + public final static String PR_OCSP_SIGNING = "ocspSigning"; + public final static String PR_OCSP_NOCHECK = "ocspNoCheck"; + public final static String PR_SKI = "ski"; + public final static String PR_KEY_USAGE = "keyUsage"; + public final static String PR_DER_EXTENSION = "derExtension"; + public final static String PR_IS_CA = "isCA"; + public final static String PR_CERT_LEN = "certLen"; + public final static String PR_SSL_CLIENT_BIT = "sslClientBit"; + public final static String PR_SSL_SERVER_BIT = "sslServerBit"; + public final static String PR_SSL_MAIL_BIT = "sslMailBit"; + public final static String PR_SSL_CA_BIT = "sslCABit"; + public final static String PR_OBJECT_SIGNING_BIT = "objectSigningBit"; + public final static String PR_MAIL_CA_BIT = "mailCABit"; + public final static String PR_OBJECT_SIGNING_CA_BIT = "objectSigningCABit"; + public final static String PR_TIMESTAMPING_BIT = "timeStampingBit"; + public final static String PR_CA_KEYID = "caKeyid"; + public final static String PR_CA_KEYPAIR = "caKeyPair"; + + /** + * Trust database + */ + public final static String PR_TRUST = "trust"; + + /*======================================================== + * Security + *========================================================*/ + + //functionality + public final static String PR_CERT_SERVER = "SERVER"; + public final static String PR_CERT_ADMIN = "ADMIN"; + public final static String PR_CERT_AGENT = "AGENT"; + public final static String PR_CERT_EE = "EE"; + public final static String PR_CERT_CA = "CA"; + public final static String PR_CERT_RA = "RA"; + public final static String PR_CERT_POA = "POA"; + public final static String PR_CERT_TRANS = "TRANS"; + + // key and certificate management + public final static String PR_OPERATION_TYPE = "operationtype"; + public final static String PR_INSTALL_TYPE = "install"; + public final static String PR_REQUEST_TYPE = "request"; + //public final static String PR_CA_SIGNING_CERT = "cacert"; + //public final static String PR_SERVER_CERT = "servercert"; + public final static String PR_CLIENT_CERT = "clientcert"; + public final static String PR_FULL_INTERNAL_TOKEN_NAME="Internal Key Storage Token"; + public final static String PR_INTERNAL_TOKEN_NAME = + "internal"; + public final static String PR_TOKEN_NAME = "tokenName"; + public final static String PR_TOKEN_PASSWD = "tokenPwd"; + public final static String PR_KEY_LENGTH = "keyLength"; + public final static String PR_KEY_CURVENAME = "keyCurveName"; + public static final String PR_SIGNEDBY_TYPE = "signedBy"; + public final static String PR_KEY_TYPE = "keyType"; + public final static String PR_PQGPARAMS = "pqgParams"; + public final static String PR_CERT_REQUEST = "certReq"; + public final static String PR_CERT_REQUEST_DIR = "certReqDir"; + public final static String PR_CERT_CONFIG_DIR = "certConfigDir"; + public final static String PR_IMPORT_CERT = "importCert"; + public final static String PR_SUBJECT_NAME = "subjectName"; + public final static String PR_CSR = "csr"; + + //encryption + + /* Cipher Version: domestic or export */ + public final static String PR_CIPHER_VERSION = "cipherversion"; + public final static String PR_CIPHER_VERSION_DOMESTIC = "cipherdomestic"; + public final static String PR_CIPHER_VERSION_EXPORT = "cipherexport"; + + /* Cipher Fortezza: true, false */ + public final static String PR_CIPHER_FORTEZZA = "cipherfortezza"; + + /* Token and Certificates */ + public final static String PR_TOKEN_LIST = "tokenlist"; + public final static String PR_TOKEN_PREFIX = "token_"; + public final static String PR_INTERNAL_TOKEN = "internal"; + public final static String PR_KEY_LIST = "keylist"; + + /* SSL Cipher Preferences */ + public final static String PR_CIPHER_PREF = "cipherpref"; + + /* SSL EC Type */ + public final static String PR_ECTYPE = "ectype"; + + /* values for SSL cipher preferences */ + public final static String + PR_SSL2_RC4_128_WITH_MD5 = "rc4"; + public final static String + PR_SSL2_RC4_128_EXPORT40_WITH_MD5 = "rc4export"; + public final static String + PR_SSL2_RC2_128_CBC_WITH_MD5 = "rc2"; + public final static String + PR_SSL2_RC2_128_CBC_EXPORT40_WITH_MD5 = "rc2export"; + public final static String + PR_SSL2_DES_64_CBC_WITH_MD5 = "des"; + public final static String + PR_SSL2_DES_192_EDE3_CBC_WITH_MD5 = "desede3"; + public final static String + PR_SSL3_RSA_WITH_NULL_MD5 = "rsa_null_md5"; + public final static String + PR_SSL3_RSA_EXPORT_WITH_RC4_40_MD5 = "rsa_rc4_40_md5"; + public final static String + PR_SSL3_RSA_WITH_RC4_128_MD5 = "rsa_rc4_128_md5"; + public final static String + PR_SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = "rsa_rc2_40_md5"; + public final static String + PR_SSL3_RSA_WITH_DES_CBC_SHA = "rsa_des_sha"; + public final static String + PR_SSL3_RSA_WITH_3DES_EDE_CBC_SHA = "rsa_3des_sha"; + public final static String + PR_SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA = "fortezza"; + public final static String + PR_SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA = "fortezza_rc4_128_sha"; + public final static String + PR_SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = "rsa_fips_3des_sha"; + public final static String + PR_SSL_RSA_FIPS_WITH_DES_CBC_SHA = "rsa_fips_des_sha"; + public final static String + PR_TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = "tls_rsa_rc4_56_sha"; + public final static String + PR_TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = "tls_rsa_des_sha"; + + /*======================================================== + * Watchdog and Server State Messages + *========================================================*/ + + public final static String SERVER_STARTUP_WARNING_MESSAGE = "CMS Warning: "; + public final static String SERVER_STARTUP_MESSAGE = "Server is started."; + public final static String SERVER_SHUTDOWN_MESSAGE = "Shutting down."; + public final static String SERVER_SHUTDOWN_ERROR_MESSAGE = "Error Starting CMS: "; + public final static String SERVER_SHUTDOWN_EXTENDED_ERROR_MESSAGE = "Extended error information: "; + + /*============================================================ + * THE FOLLOWING LIST WILL BE REMOVED + *============================================================*/ + + // parameter types + public final static String PT_OP = "op"; + public final static String PT_MOD_TYPE = "modType"; + public final static String PT_MOD_OP = "modOp"; + public final static String MOD_REPLACE = "modOpReplace"; + public final static String MOD_ADD = "modOpAdd"; + public final static String MOD_DELETE = "modOpDelete"; + public final static String PT_MOD_VALUE = "modValue"; + + // generic operations + public final static String OP_SET = "set"; + public final static String OP_GET = "get"; + public final static String OP_LIST = "list"; + + // certificate server operations + public final static String CERTSRV_ID = "certsrv"; + + public final static String PT_PORT = "http.http.port"; + public final static String PT_SSL_PORT = "http.https.port"; + public final static String PT_MAPPING = "mapping"; + public final static String PT_DN = "dn"; + + public final static String PV_SYSTEM_ADMINISTRATORS = + "SystemAdministrators"; + public final static String PV_CERTIFICATE_ADMINISTRATORS = + "CertificateAdministrators"; + + public final static String OP_AUTHENTICATE = "authenticate"; + public final static String OP_RESTART = "restart"; + public final static String OP_STOP = "stop"; + + // access manager operation + public final static String PT_ACLS = "acls"; + public final static String OP_GET_ACLS = "getACLs"; + + // authentication operations + public final static String AUTH_ID = "auth"; + public final static String OP_FIND_USERS = "findUsers"; + public final static String OP_FIND_GROUPS = "findGroups"; + public final static String OP_GET_USER = "getUser"; + public final static String OP_GET_GROUP = "getGroup"; + public final static String OP_ADD_USER = "addUser"; + public final static String OP_ADD_GROUP = "addGroup"; + public final static String OP_MODIFY_USER = "modifyUser"; + public final static String OP_MODIFY_GROUP = "modifyGroup"; + + public final static String PT_USER = "user"; + public final static String PT_GROUP = "group"; + + // common operations + public final static String OP_LOCK_REQUEST = "lockRequest"; + public final static String OP_MODIFY_REQUEST = "modifyRequest"; + public final static String OP_EXECUTE_REQUEST = "executeRequest"; + public final static String OP_ACCEPT_REQUEST = "acceptRequest"; + public final static String OP_REJECT_REQUEST = "rejectRequest"; + public final static String OP_CANCEL_REQUEST = "cancelRequest"; + + // certificate authority operations + public final static String PT_PUBLISH_DN = "ldappublish.ldap.admin-dn"; + public final static String PT_PUBLISH_PWD = + "ldappublish.ldap.admin-password"; + public final static String PT_PUBLISH_FREQ = + "crl.crl0.autoUpdateInterval"; + public final static String PT_SERIALNO = "serialno"; + public final static String PT_NAMES = "names"; + public final static String PT_CERTIFICATES = "certificates"; + public final static String PT_CERT_RECORDS = "certRecords"; + public final static String PT_REQUESTS = "requests"; + public final static String PT_REQUEST = "request"; + public final static String PT_EXTENSIONS = "extensions"; + public final static String PT_FILTER = "filter"; + public final static String PT_ATTRS = "attrs"; + public final static String PT_RESULT_ID = "resultId"; + public final static String PT_START_NO = "startNo"; + public final static String PT_END_NO = "endNo"; + public final static String PT_SIZE = "size"; + public final static String PT_RELEASE = "release"; + public final static String PT_CERTREC = "certrec"; + public final static String PT_COMMENT = "comment"; + public final static String PT_REASON_NO = "reasonNo"; + + public final static String OP_CRL_PUBLISH = "publish_now"; + public final static String OP_FIND_CERTIFICATES = "findCertificates"; + public final static String OP_FIND_CERT_RECORDS = "findCertRecords"; + public final static String OP_FIND_REQUESTS = "findRequests"; + public final static String OP_LOCK_CERT_RECORD = "lockCertRecord"; + public final static String OP_MODIFY_CERT_RECORD = "modifyCertRecord"; + public final static String OP_GET_EXTENSIONS = "getExtensions"; + public final static String OP_REVOKE_CERT = "revokeCert"; + public final static String OP_RENEW_CERT = "renewCert"; + public final static String OP_GET_CACERT_CHAIN = "getCACertChain"; + + // escrow authority operations + public final static String PT_OLD_PASSWORD = "oldpassword"; + public final static String PT_NEW_PASSWORD = "newpassword"; + public final static String PT_KEY_RECORD = "keyRecord"; + + public final static String OP_FIND_KEY_RECORDS = "findKeyRecords"; + public final static String OP_LOCK_KEY_RECORD = "lockKeyRecord"; + public final static String OP_MODIFY_KEY_RECORD = "modifyKeyRecord"; + public final static String OP_RECOVER_KEY = "recoverKey"; + + // centralized cetificate management operations + public final static String PT_NOTIF_EMAIL = "notificationEmail"; + public final static String PT_NOTIF_ENABLE = "notificationEnable"; + public final static String PT_NOTIF_EXPIRE = "notificationExpiration"; + public final static String PT_NOTIF_RENEWAL = "notificationRewnewal"; + public final static String PT_DIST_STORE = "storeUserPassword"; + public final static String PT_DIST_EMAIL = "emailUserPassword"; + public final static String PT_REQUEST_LOG = "requestLog"; + public final static String PT_ACCESS_LOG = "accessLog"; + public final static String PT_ERROR_LOG = "errorLog"; + public final static String PR_NT_EVENT_SOURCE = "NTEventSourceName"; + public final static String PR_NT_LOG_LEVEL = "level"; + public final static String PR_NT_LOG_ENABLED = "on"; + + public final static String OP_GET_ACCESS_LOG = "getAccessLog"; + public final static String OP_GET_ERROR_LOG = "getErrorLog"; + public final static String OP_GET_REQUEST_LOG = "getRequestLog"; + + public final static String PR_NICK_NAME = "nickName"; // capital N + public final static String PR_LOGGED_IN = "isLoggedIn"; + + // User Type + public final static String PR_USER_TYPE = "userType"; + public final static String PR_ADMIN_TYPE = "adminType"; + public final static String PR_AGENT_TYPE = "agentType"; + public final static String PR_SUBSYSTEM_TYPE = "subsystemType"; + + // Extended plugin information + public final static String PR_EXT_PLUGIN_IMPLNAME = "implName"; + public final static String PR_EXT_PLUGIN_IMPLTYPE = "implType"; + public final static String PR_EXT_PLUGIN_IMPLTYPE_POLICY = "policy"; + public final static String PR_EXT_PLUGIN_IMPLTYPE_JOBS = "jobs"; + public final static String PR_EXT_PLUGIN_IMPLTYPE_AUTH = "auth"; + public final static String PR_EXT_PLUGIN_IMPLTYPE_LISTENER = "listener"; + public final static String PR_EXT_PLUGIN_IMPLTYPE_PUBLISHRULE = "publishrule"; + public final static String PR_EXT_PLUGIN_IMPLTYPE_PUBLISHER = "publisher"; + public final static String PR_EXT_PLUGIN_IMPLTYPE_MAPPER = "mapperrule"; + public final static String PR_EXT_PLUGIN_IMPLTYPE_CRLEXTSRULE = "crlExtensions"; + public final static String PR_EXT_PLUGIN_IMPLTYPE_OCSPSTORESRULE = "ocspStores"; + + // Miscellaneous + public final static String PR_CERT_FILEPATH = "certFilePath"; + public final static String PR_SERVER_ROOT = "serverRoot"; + public final static String PR_SERVER_ID = "serverID"; + public final static String PR_NT = "NT"; + public final static String PR_TIMEOUT = "timeout"; + public final static String PR_ALL_NICKNAMES = "allNicknames"; + + // request status + public final static String PR_REQUEST_SUCCESS = "2"; + public final static String PR_REQUEST_PENDING = "3"; + public final static String PR_REQUEST_SVC_PENDING = "4"; + public final static String PR_REQUEST_REJECTED = "5"; + + //Profile + public final static String PR_CONSTRAINTS_LIST = "constraintPolicy"; + + //Replication + public final static String PR_REPLICATION_ENABLED = "replication.enabled"; + public final static String PR_REPLICATION_AGREEMENT_NAME_1 = "replication.master1.name"; + public final static String PR_REPLICATION_HOST_1 = "replication.master1.hostname"; + public final static String PR_REPLICATION_PORT_1 = "replication.master1.port"; + public final static String PR_REPLICATION_BINDDN_1 = "replication.master1.binddn"; + public final static String PR_REPLICATION_CHANGELOGDB_1 = "replication.master1.changelogdb"; + public final static String PR_REPLICATION_AGREEMENT_NAME_2 = "replication.master2.name"; + public final static String PR_REPLICATION_HOST_2 = "replication.master2.hostname"; + public final static String PR_REPLICATION_PORT_2 = "replication.master2.port"; + public final static String PR_REPLICATION_BINDDN_2 = "replication.master2.binddn"; + public final static String PR_REPLICATION_CHANGELOGDB_2 = "replication.master2.changelogdb"; +} diff --git a/pki/base/common/src/com/netscape/certsrv/common/DestDef.java b/pki/base/common/src/com/netscape/certsrv/common/DestDef.java new file mode 100644 index 000000000..1d3eaff14 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/common/DestDef.java @@ -0,0 +1,57 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.common; + + +/** + * This interface defines all the operation destination + * used in the administration protocol between the + * console and the server. + * + * @version $Revision$, $Date$ + */ +public interface DestDef { + + public final static String DEST_CA_ADMIN = "caadmin"; + public final static String DEST_OCSP_ADMIN = "ocsp"; + public final static String DEST_RA_ADMIN = "ra"; + public final static String DEST_KRA_ADMIN = "kra"; + public final static String DEST_CA_SERVLET_ADMIN = "caservlet"; + public final static String DEST_KRA_SERVLET_ADMIN = "kraservlet"; + public final static String DEST_RA_SERVLET_ADMIN = "raservlet"; + public final static String DEST_REGISTRY_ADMIN = "registry"; + public final static String DEST_CA_PROFILE_ADMIN = "caprofile"; + public final static String DEST_RA_PROFILE_ADMIN = "raprofile"; + public final static String DEST_CA_POLICY_ADMIN = "capolicy"; + public final static String DEST_RA_POLICY_ADMIN = "rapolicy"; + public final static String DEST_KRA_POLICY_ADMIN = "krapolicy"; + public final static String DEST_LOG_ADMIN = "log"; + public final static String DEST_GROUP_ADMIN = "ug"; + public final static String DEST_USER_ADMIN = "ug"; + public final static String DEST_AUTH_ADMIN = "auths"; + public final static String DEST_JOBS_ADMIN = "jobsScheduler"; + public final static String DEST_NOTIFICATION_ADMIN = "notification"; + public final static String DEST_SERVER_ADMIN = "server"; + public final static String DEST_ACL_ADMIN = "acl"; + public final static String DEST_CA_PUBLISHER_ADMIN = "capublisher"; + public final static String DEST_RA_PUBLISHER_ADMIN = "rapublisher"; + public final static String DEST_CA_MAPPER_ADMIN = "camapper"; + public final static String DEST_RA_MAPPER_ADMIN = "ramapper"; + public final static String DEST_CA_RULE_ADMIN = "carule"; + public final static String DEST_RA_RULE_ADMIN = "rarule"; +} diff --git a/pki/base/common/src/com/netscape/certsrv/common/NameValuePair.java b/pki/base/common/src/com/netscape/certsrv/common/NameValuePair.java new file mode 100644 index 000000000..92466d30d --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/common/NameValuePair.java @@ -0,0 +1,77 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.common; + + +import java.io.*; +import java.util.*; +import java.net.*; +import java.util.*; +import java.text.*; +import java.math.*; + + +/** + * A class represents a name value pair. A name value + * pair consists of a name and a value. + * + * @version $Revision$, $Date$ + */ +public class NameValuePair { + + private String mName = null; + private String mValue = null; + + /** + * Constructs value pair object. + * + * @param name name + * @param value value + */ + public NameValuePair(String name, String value) { + mName = name; + mValue = value; + } + + /** + * Retrieves the name. + * + * @return name + */ + public String getName() { + return mName; + } + + /** + * Retrieves the value. + * + * @return value + */ + public String getValue() { + return mValue; + } + + /** + * Sets the value + * + * @param value value + */ + public void setValue(String value) { + mValue = value; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/common/NameValuePairs.java b/pki/base/common/src/com/netscape/certsrv/common/NameValuePairs.java new file mode 100644 index 000000000..a2530521a --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/common/NameValuePairs.java @@ -0,0 +1,191 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.common; + + +import java.io.*; +import java.util.*; +import java.net.*; +import java.util.*; +import java.text.*; +import java.math.*; + + +/** + * A class represents an ordered list of name + * value pairs. + * + * @version $Revision$, $Date$ + */ +public class NameValuePairs { + + private Vector mPairs = new Vector(); + + // an index to speed up searching + // The key is the name. The element is the NameValuePair. + private Hashtable index = new Hashtable(); + + /** + * Constructs name value pairs. + */ + public NameValuePairs() { + } + + /** + * Adds a name value pair into this set. + * if the name already exist, the value will + * be replaced. + * + * @param name name + * @param value value + */ + public void add(String name, String value) { + NameValuePair pair = getPair(name); + + if (pair == null) { + pair = new NameValuePair(name, value); + mPairs.addElement(pair); + index.put(name, pair); + } else { + pair.setValue(value); + } + } + + /** + * Retrieves name value pair from this set. + * + * @param name name + * @return name value pair + */ + public NameValuePair getPair(String name) { + return (NameValuePair) index.get(name); + } + + /** + * Returns number of pairs in this set. + * + * @return size + */ + public int size() { + return mPairs.size(); + } + + /** + * Retrieves name value pairs in specific position. + * + * @param pos position of the value + * @return name value pair + */ + public NameValuePair elementAt(int pos) { + return (NameValuePair) mPairs.elementAt(pos); + } + + /** + * Removes all name value pairs in this set. + */ + public void removeAllPairs() { + mPairs.removeAllElements(); + index.clear(); + } + + /** + * Retrieves value of the name value pairs that matches + * the given name. + * + * @param name name + * @return value + */ + public String getValue(String name) { + NameValuePair p = getPair(name); + + if (p != null) { + return p.getValue(); + } + return null; + } + + /** + * Retrieves a list of names. + * + * @return a list of names + */ + public Enumeration getNames() { + Vector v = new Vector(); + int size = mPairs.size(); + + for (int i = 0; i < size; i++) { + NameValuePair p = (NameValuePair) mPairs.elementAt(i); + + v.addElement(p.getName()); + } + //System.out.println("getNames: "+v.size()); + return v.elements(); + } + + /** + * Show the content of this name value container as + * string representation. + * + * @return string representation + */ + public String toString() { + StringBuffer buf = new StringBuffer(); + + for (int i = 0; i < mPairs.size(); i++) { + NameValuePair p = (NameValuePair) mPairs.elementAt(i); + + buf.append(p.getName() + "=" + p.getValue()); + buf.append("\n"); + } + return buf.toString(); + } + + /** + * Parses a string into name value pairs. + * + * @param s string + * @param nvp name value pairs + * @return true if successful + */ + public static boolean parseInto(String s, NameValuePairs nvp) { + StringTokenizer st = new StringTokenizer(s, "&"); + + while (st.hasMoreTokens()) { + String t = st.nextToken(); + int i = t.indexOf("="); + + if (i == -1) { + return false; + } + String n = t.substring(0, i); + String v = t.substring(i + 1); + + nvp.add(n, v); + } + return true; + } + + /** + * Returns a list of name value pair object. + * + * @return name value objects + */ + public Enumeration elements() { + return mPairs.elements(); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/common/OpDef.java b/pki/base/common/src/com/netscape/certsrv/common/OpDef.java new file mode 100644 index 000000000..9cfcab4a2 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/common/OpDef.java @@ -0,0 +1,39 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.common; + + +/** + * This interface defines all the administration operations + * used in the administration protocol between the console + * and the server. + * + * @version $Revision$, $Date$ + */ +public interface OpDef { + + public final static String OP_ADD = "OP_ADD"; + public final static String OP_DELETE = "OP_DELETE"; + public final static String OP_MODIFY = "OP_MODIFY"; + public final static String OP_READ = "OP_READ"; + public final static String OP_SEARCH = "OP_SEARCH"; + public final static String OP_AUTH = "OP_AUTH"; + public final static String OP_JOBS = "OP_JOBS"; + public final static String OP_PROCESS = "OP_PROCESS"; + public final static String OP_VALIDATE = "OP_VALIDATE"; +} diff --git a/pki/base/common/src/com/netscape/certsrv/common/PrefixDef.java b/pki/base/common/src/com/netscape/certsrv/common/PrefixDef.java new file mode 100644 index 000000000..11a58c5d2 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/common/PrefixDef.java @@ -0,0 +1,41 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.common; + + +/** + * This interface defines all the prefix tags + * used in the administration protocol between + * the console and the server. + * + * @version $Revision$, $Date$ + */ +public interface PrefixDef { + + //user and group + public final static String PX_GROUP = "group"; + public final static String PX_USER = "user"; + public final static String PX_CERT = "cert"; + public final static String PX_SYS = "SYS_"; + public final static String PX_DEF = "DEF_"; + public final static String PX_PP = "CERT_PP"; + + //log content + public final static String PX_LOG = "log"; + +} diff --git a/pki/base/common/src/com/netscape/certsrv/common/ScopeDef.java b/pki/base/common/src/com/netscape/certsrv/common/ScopeDef.java new file mode 100644 index 000000000..0be3fdf0a --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/common/ScopeDef.java @@ -0,0 +1,193 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.common; + + +/** + * This interface defines all the operation scope + * used in the administration protocol between the + * console and the server. + * + * @version $Revision$, $Date$ + */ +public interface ScopeDef { + + // users and groups + public final static String SC_GROUPS = "groups"; + public final static String SC_USERS = "users"; + public final static String SC_USER_CERTS = "certs"; + + public final static String SC_SNMP = "snmp"; + public final static String SC_SMTP = "smtp"; + public final static String SC_SUBSYSTEM = "subsystem"; + public final static String SC_ENCRYPTION = "encryption"; + public final static String SC_GATEWAY = "gateway"; + public final static String SC_ADMIN = "admin"; + public final static String SC_NETWORK = "network"; + + // profile + public final static String SC_PROFILE_IMPLS = "profile"; + public final static String SC_PROFILE_RULES = "rules"; + public final static String SC_PROFILE_DEFAULT_POLICY = "defaultPolicy"; + public final static String SC_PROFILE_CONSTRAINT_POLICY = "constraintPolicy"; + public final static String SC_PROFILE_POLICIES = "policies"; + public final static String SC_PROFILE_POLICY_CONFIG = "config"; + public final static String SC_PROFILE_INPUT = "profileInput"; + public final static String SC_PROFILE_INPUT_CONFIG = "profileInputConfig"; + public final static String SC_PROFILE_OUTPUT = "profileOutput"; + public final static String SC_PROFILE_OUTPUT_CONFIG = "profileOutputConfig"; + + // policy management + public final static String SC_POLICY_RULES = "rules"; + public final static String SC_POLICY_IMPLS = "impls"; + public final static String SC_POLICY_CRLDPS = "crldps"; + + // publisher management + public final static String SC_PUBLISHER_RULES = "publisherRules"; + public final static String SC_PUBLISHER_IMPLS = "publisherImpls"; + public final static String SC_MAPPER_RULES = "mapperRules"; + public final static String SC_MAPPER_IMPLS = "mapperImpls"; + public final static String SC_RULE_RULES = "ruleRules"; + public final static String SC_RULE_IMPLS = "ruleImpls"; + + // self tests + public final static String SC_SELFTESTS = "selftests"; + + // log config + public final static String SC_AUDITLOG = "transactionsLog"; + public final static String SC_NTAUDITLOG = "ntTransactionsLog"; + public final static String SC_ERRORLOG = "errorLog"; + public final static String SC_SYSTEMLOG = "systemLog"; + public final static String SC_NTSYSTEMLOG = "ntSystemLog"; + public final static String SC_LOG_ARCH = "logArch"; + public final static String SC_LOG_RULES = "logRule"; + public final static String SC_LOG_IMPLS = "logImpls"; + + // log contents + public final static String SC_LOG_INSTANCES = "log_instances"; + public final static String SC_LOG_CONTENT = "log_content"; + public final static String SC_AUDITLOG_CONTENT = "transactionsLog_content"; + public final static String SC_ERRORLOG_CONTENT = "errorLog_content"; + public final static String SC_SYSTEMLOG_CONTENT = "systemLog_content"; + + //LDAP publishing + public final static String SC_LDAP = "ldap"; + public final static String SC_CRL = "crl"; + public final static String SC_USERCERT = "userCert"; + public final static String SC_CACERT = "caCert"; + public final static String SC_CAMAPPER = "caMapper"; + public final static String SC_CAPUBLISHER = "caPublisher"; + public final static String SC_USERMAPPER = "userMapper"; + public final static String SC_USERPUBLISHER = "userPublisher"; + + // CRL issuing points + public final static String SC_CRLIPS = "crlIPs"; + + // CRL extensions + public final static String SC_CRLEXTS_RULES = "crlExtsRules"; + + public final static String SC_OCSPSTORES_RULES = "ocspStoresRules"; + public final static String SC_OCSPSTORE_DEFAULT = "ocspStoreDef"; + + // KRA + public final static String SC_AUTO_RECOVERY = "autoRecovery"; + public final static String SC_RECOVERY = "recovery"; + public final static String SC_AGENT_PWD = "agentPwd"; + public final static String SC_MNSCHEME = "mnScheme"; + + //stat + public final static String SC_STAT = "stat"; + + // RA + public final static String SC_GENERAL = "general"; + public final static String SC_CLM = "clm"; + public final static String SC_PKIGW = "pkigw"; + public final static String SC_SERVLET = "servlet"; + public final static String SC_CONNECTOR = "connector"; + + //tasks + public final static String SC_TASKS = "tasks"; + + //authentication + public final static String SC_AUTH = "auths"; + public final static String SC_AUTHTYPE = "authType"; + public final static String SC_AUTH_IMPLS = "impl"; + public final static String SC_AUTH_MGR_INSTANCE = "instance"; + + //jobs scheduler + public final static String SC_JOBS = "jobScheduler"; + public final static String SC_JOBS_IMPLS = "impl"; + public final static String SC_JOBS_INSTANCE = "job"; + public final static String SC_JOBS_RULES = "rules"; + + //notification + public final static String SC_NOTIFICATION_REQ_COMP = "notificationREQC"; + public final static String SC_NOTIFICATION_REV_COMP = "notificationREVC"; + public final static String SC_NOTIFICATION_RIQ = "notificationRIQ"; + + // acl + public final static String SC_ACL_IMPLS = "impl"; + public final static String SC_ACL = "acls"; + public final static String SC_EVALUATOR_TYPES = "evaluatorTypes"; + + // token + public final static String SC_TOKEN = "token"; + + // keycert + public final static String SC_CA_SIGNINGCERT = "caSigningCert"; + public final static String SC_RA_SIGNINGCERT = "raSigningCert"; + public final static String SC_KRA_TRANSPORTCERT = "kraTransportCert"; + public final static String SC_SERVER_CERT = "serverCert"; + public final static String SC_SERVER_CERTCHAIN = "serverCertChain"; + public final static String SC_TRUSTED_CACERT = "trustedCACert"; + public final static String SC_TRUSTED_CERT = "trustedCert"; + public final static String SC_SUBJECT_NAME = "subjectName"; + public final static String SC_CERTINFO = "certInfo"; + public final static String SC_CERT_REQUEST = "certRequest"; + public final static String SC_ISSUE_IMPORT_CERT = "issueImportCert"; + public final static String SC_INSTALL_CERT = "installCert"; + public final static String SC_IMPORT_CROSS_CERT = "importXCert"; + public final static String SC_CA_CERTLIST = "caCertList"; + public final static String SC_ALL_CERTLIST = "allCertList"; + public final static String SC_DELETE_CERTS = "deleteCert"; + public final static String SC_CERT_PRETTY_PRINT = "certPrint"; + public final static String SC_TRUST = "trust"; + + // Key Pair + public final static String SC_KEY_LENGTH = "keyLength"; + public final static String SC_KEY_CURVENAME = "keyCurveName"; + public final static String SC_CERTIFICATE_EXTENSION = "certificateExt"; + public final static String SC_TOKEN_STATUS = "tokenStatus"; + public final static String SC_TOKEN_LOGON = "tokenLogon"; + + public final static String SC_EXTENDED_PLUGIN_INFO = "extendedPluginInfo"; + + public final static String SC_USER_TYPE = "userType"; + public final static String SC_PLATFORM = "platform"; + + public final static String SC_GET_NICKNAMES = "getNicknames"; + + // Profile + public final static String SC_SUPPORTED_CONSTRAINTPOLICIES = "supportedConstraintPolicies"; + + // Manage certificate admin + public final static String SC_USERCERTSLIST = "userCertsList"; + public final static String SC_TKSKEYSLIST = "tksKeysList"; + public final static String SC_ROOTCERTSLIST = "rootCertsList"; + public final static String SC_ROOTCERT_TRUSTBIT = "rootTrustBit"; +} diff --git a/pki/base/common/src/com/netscape/certsrv/common/TaskId.java b/pki/base/common/src/com/netscape/certsrv/common/TaskId.java new file mode 100644 index 000000000..458822ff5 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/common/TaskId.java @@ -0,0 +1,130 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.common; + + +/** + * This interface defines all the tasks used in + * the configuration protocol between the + * configuration wizard and the configuration + * daemon. + * + * @version $Revision$, $Date$ + */ +public interface TaskId { + + // list out all the previously performed tasks + public final static String TASK_LIST_PREVIOUS_STAGES = "listPreviousStages"; + + // retrieve all information in the previously performed tasks + public final static String TASK_GET_DEFAULT_INFO = "getStagesInfo"; + + // retrieve all information to setup the wizardInfo + public final static String TASK_SETUP_WIZARDINFO = "setupWizardInfo"; + + // services to be installed: ca, kra, ra + public final static String TASK_INSTALL_SUBSYSTEMS = "installSubsystems"; + + // create the internal database + public final static String TASK_CREATE_INTERNALDB = "createInternalDB"; + + // configure network ports + public final static String TASK_CONFIGURE_NETWORK = "configureNetwork"; + + // setup certificate administrator + public final static String TASK_SETUP_ADMINISTRATOR = "setupAdmin"; + + // select subsystems + public final static String TASK_SELECT_SUBSYSTEMS = "selectSubsystems"; + + // data migration + public final static String TASK_MIGRATION = "migration"; + + // create certificate + public final static String TASK_CREATE_CERT = "createCert"; + + // kra storage key + public final static String TASK_STORAGE_KEY = "storageKey"; + + // kra agents + public final static String TASK_AGENTS = "agents"; + + // get information about all cryptotokens + public final static String TASK_TOKEN_INFO = "tokenInfo"; + + // server get master or clone setting + public final static String TASK_MASTER_OR_CLONE = "SetMasterOrClone"; + // single signon + public final static String TASK_SINGLE_SIGNON = "singleSignon"; + + // init token + public final static String TASK_INIT_TOKEN = "initToken"; + + // certificate request + public final static String TASK_CERT_REQUEST = "certRequest"; + + // certificate request submited successfully + public final static String TASK_REQUEST_SUCCESS = "reqSuccess"; + + // certificate content + public final static String TASK_GET_CERT_CONTENT = "certContent"; + + public final static String TASK_IMPORT_CERT_CHAIN = "importCertChain"; + + // install certificate + public final static String TASK_INSTALL_CERT = "installCert"; + + public final static String TASK_CHECK_DN = "checkDN"; + + // miscellaneous things + public final static String TASK_MISCELLANEOUS = "doMiscStuffs"; + + // validate directory manager password + public final static String TASK_VALIDATE_DSPASSWD = "validateDSPassword"; + + // set CA starting serial number + public final static String TASK_SET_CA_SERIAL = "setCASerial"; + + // set CA starting serial number + public final static String TASK_SET_KRA_NUMBER = "setKRANumber"; + + // check key length + public final static String TASK_CHECK_KEYLENGTH = "checkKeyLength"; + + // check certificate extension + public final static String TASK_CHECK_EXTENSION = "checkExtension"; + + // check validity period: make sure the notAfterDate of the certificate + // will not go beyond the notAfterDate of the CA cert which signs the certificate. + public final static String TASK_VALIDITY_PERIOD = "checkValidityPeriod"; + + public final static String TASK_CLONING = "taskCloning"; + public final static String TASK_CLONE_MASTER = "taskCloneMaster"; + + // daemon exit + public final static String TASK_EXIT = "exit"; + + public final static String TASK_ADD_OCSP_SERVICE = "addOCSPService"; + + public final static String TASK_CONFIG_WEB_SERVER = "configWebServer"; + + public final static String TASK_CREATE_REPLICATION_AGREEMENT = "createReplAgreement"; + public final static String TASK_LOGON_ALL_TOKENS = "logonAllTokens"; + public final static String TASK_UPDATE_DB_INFO = "updateDBInfo"; + public final static String TASK_ADD_DBSCHEMA_INDEXES = "addDBSchemaIndexes"; +} diff --git a/pki/base/common/src/com/netscape/certsrv/connector/IConnector.java b/pki/base/common/src/com/netscape/certsrv/connector/IConnector.java new file mode 100644 index 000000000..e89c14f57 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/connector/IConnector.java @@ -0,0 +1,62 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.connector; + + +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.base.*; + + +/** + * This interface represents a connector that forwards + * CMS requests to a remote authority. + * + * To register a connector, one can add the following + * to the CMS.cfg: + * + * <pre> + * + * Example for KRA type connector. + * ca.connector.KRA.enable=true + * ca.connector.KRA.host=thehost.netscape.com #Remote host. + * ca.connector.KRA.port=1974 #Remote host port. + * ca.connector.KRA.nickName="cert-kra" #Nickname of connector for identity purposes. + * ca.connector.KRA.uri="/kra/connector" #Uri of the KRA server. + * ca.connector.KRA.id="kra" + * ca.connector.KRA.minHttpConns=1 #Min connection pool connections. + * ca.connector.KRA.maxHttpConns=10 #Max connection pool connections. + * </pre> + * + * @version $Revision$, $Date$ + */ +public interface IConnector { + + /** + * Sends the request to a remote authority. + * @param req Request to be forwarded to remote authority. + * @return true for success, otherwise false. + * @exception EBaseException Failure to send request to remote authority. + */ + public boolean send(IRequest req) + throws EBaseException; + + /** + * Starts this connector. + */ + public void start(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/connector/IHttpConnFactory.java b/pki/base/common/src/com/netscape/certsrv/connector/IHttpConnFactory.java new file mode 100644 index 000000000..a52d90e94 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/connector/IHttpConnFactory.java @@ -0,0 +1,53 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.connector; + + +import netscape.ldap.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.connector.*; + +/** + * Maintains a pool of connections to to a Remote Authority. + * Utilized by the IHttpConnector interface. + * Multiple threads use this interface to utilize and release + * the Ldap connection resources. This factory will maintain a + * list of Http type connections to the remote host. + * + * @version $Revision$, $Date$ + */ +public interface IHttpConnFactory { + + + /** + * Request access to a Ldap connection from the pool. + * @exception EBaseException if any error occurs, such as a + * @return Ldap connection object. + * connection is not available + */ + public IHttpConnection getConn() + throws EBaseException; + + /** + * Return connection to the factory. mandatory after a getConn(). + * @param conn Ldap connection object to be returned to the free list of the pool. + * @exception EBaseException On any failure to return the connection. + */ + public void returnConn(IHttpConnection conn) + throws EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/connector/IHttpConnection.java b/pki/base/common/src/com/netscape/certsrv/connector/IHttpConnection.java new file mode 100644 index 000000000..610ab30ed --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/connector/IHttpConnection.java @@ -0,0 +1,48 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.connector; + + +import com.netscape.cmsutil.http.*; +import com.netscape.cmsutil.net.*; +import com.netscape.certsrv.request.IRequest; +import com.netscape.certsrv.connector.*; +import com.netscape.certsrv.authority.*; +import com.netscape.certsrv.base.*; +import java.io.*; + + +/** + * This represents a HTTP connection to a remote authority. + * Http connection is used by the connector to send + * PKI messages to a remote authority. The remote authority + * will reply with a PKI message as well. An example would + * be the communication between a CA and a KRA. + * + * @version $Revision$, $Date$ + */ +public interface IHttpConnection { + + /** + * Sends the PKI message to the remote authority. + * @param tomsg Message to forward to authority. + * @exception EBaseException Failed to send message. + */ + public IPKIMessage send(IPKIMessage tomsg) + throws EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/connector/IHttpPKIMessage.java b/pki/base/common/src/com/netscape/certsrv/connector/IHttpPKIMessage.java new file mode 100644 index 000000000..83241170a --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/connector/IHttpPKIMessage.java @@ -0,0 +1,59 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.connector; + + +import com.netscape.certsrv.request.IRequest; +import com.netscape.certsrv.connector.*; +import java.util.*; +import java.io.*; + + +/** + * This represents a Http PKI message. It contains + * simple name/value pair values. Also maintains information + * about the status and type of the message. + * + * @version $Revision$, $Date$ + */ +public interface IHttpPKIMessage extends IPKIMessage { + + /** + * Retrieves the request type. + * @return String with the type of request. + */ + public String getReqType(); + + /** + * Retrieves the request identifier. + * @return String of name of request. + */ + public String getReqId(); + + /** + * Copies contents of request to make a simple name/value message. + * @param r Instance of IRequest to be copied from. + */ + public void fromRequest(IRequest r); + + /** + * Copies contents to request. + * @param r Instance of IRequest to be copied to. + */ + public void toRequest(IRequest r); +} diff --git a/pki/base/common/src/com/netscape/certsrv/connector/IPKIMessage.java b/pki/base/common/src/com/netscape/certsrv/connector/IPKIMessage.java new file mode 100644 index 000000000..593261d9e --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/connector/IPKIMessage.java @@ -0,0 +1,68 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.connector; + + +import com.netscape.certsrv.request.IRequest; +import java.io.Serializable; + + +/** + * Messages that are serialized and go over the wire. + * It must be serializable, and + * later will be inherited by CRMF message. + * + * @version $Revision$, $Date$ + */ +public interface IPKIMessage extends Serializable { + + /** + * + * Returns status of request. + * @return String of request status. + */ + public String getReqStatus(); + + /** + * Retrieves the request type. + * @return String of type of request. + */ + public String getReqType(); + + + /** + * Retrieves the request identifer. + * @return String of name of request. + */ + public String getReqId(); + + /** + * Makes a PKIMessage from a request + * PKIMessage will be sent to wire. + * @param r Request to copy from. + */ + public void fromRequest(IRequest r); + + /** + * Copies contents of PKIMessage to the request + * PKIMessage is from the wire. + * @param r Request to copy to. + */ + public void toRequest(IRequest r); + +} diff --git a/pki/base/common/src/com/netscape/certsrv/connector/IRemoteAuthority.java b/pki/base/common/src/com/netscape/certsrv/connector/IRemoteAuthority.java new file mode 100644 index 000000000..90dcbaa26 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/connector/IRemoteAuthority.java @@ -0,0 +1,56 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.connector; + + +import com.netscape.certsrv.base.*; + + +/** + * This represents a remote authority that can be + * a certificate manager, or key recovery manager or + * some other manager. + * + * @version $Revision$, $Date$ + */ +public interface IRemoteAuthority { + + /** + * Retrieves the host name of the remote Authority. + * @return String with the name of host of remote Authority. + */ + public String getHost(); + + /** + * Retrieves the port number of the remote Authority. + * @return Int with port number of remote Authority. + */ + public int getPort(); + + /** + * Retrieves the URI of the remote Authority. + * @return String with URI of remote Authority. + */ + public String getURI(); + + /** + * Retrieves the timeout value for the connection to the remote Authority. + * @return In with remote Authority timeout value. + */ + public int getTimeout(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/connector/IRequestEncoder.java b/pki/base/common/src/com/netscape/certsrv/connector/IRequestEncoder.java new file mode 100644 index 000000000..7838aa5eb --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/connector/IRequestEncoder.java @@ -0,0 +1,50 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.connector; + + +import java.io.IOException; + + +/** + * This represents a rquest encoder that serializes and + * deserializes a request to a Remote Authority so that it can be sent through + * the connector. + * + * @version $Revision$, $Date$ + */ +public interface IRequestEncoder { + + /** + * Encodes a request object. + * @param r Object to serve as the source of the message. + * @return String containing encoded message. + * @exception IOException Failure of the encoding operation due to IO error. + */ + String encode(Object r) + throws IOException; + + /** + * Dncodes a String into an object. + * @return Object which is the result of the decoded message. + * @exception IOException Failure of the decoding operation due to IO error. + */ + Object decode(String s) + throws IOException; +} + diff --git a/pki/base/common/src/com/netscape/certsrv/connector/IResender.java b/pki/base/common/src/com/netscape/certsrv/connector/IResender.java new file mode 100644 index 000000000..b9305816e --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/connector/IResender.java @@ -0,0 +1,51 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.connector; + + +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.connector.*; +import com.netscape.certsrv.authority.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.authentication.*; +import com.netscape.certsrv.logging.*; +import com.netscape.cmsutil.http.*; + +import java.util.Vector; +import java.util.Enumeration; +import java.io.*; + + +/** + * Resend requests at intervals to the server to ensure completion of requests. + * Default interval is 5 minutes. The need to resend a message could arise + * due to an error or the fact that the message could not be serviced + * immediately. + * + * @version $Revision$, $Date$ + */ +public interface IResender extends Runnable { + + /** + * Adds the request to the resend queue. + * @param r Request to be placed on the resend queue. + */ + public void addRequest(IRequest r); + +} + diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/DBResources.java b/pki/base/common/src/com/netscape/certsrv/dbs/DBResources.java new file mode 100644 index 000000000..54e65ce30 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/DBResources.java @@ -0,0 +1,41 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs; + + +import java.util.*; + + +/** + * A class represents a resource bundle for DBS subsystem. + * <P> + * + * @version $Revision$, $Date$ + */ +public class DBResources extends ListResourceBundle { + + /** + * Returns the content of this resource. + */ + public Object[][] getContents() { + return contents; + } + + static final Object[][] contents = {}; +} + diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/EDBException.java b/pki/base/common/src/com/netscape/certsrv/dbs/EDBException.java new file mode 100644 index 000000000..b0fa4bff0 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/EDBException.java @@ -0,0 +1,84 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs; + + +import java.util.*; +import com.netscape.certsrv.base.*; + + +/** + * A class represents a database exception. + * <P> + * + * @version $Revision$, $Date$ + */ +public class EDBException extends EBaseException { + + /** + * Resource class name. + */ + private static final String DB_RESOURCES = DBResources.class.getName(); + + /** + * Constructs a database exception. + * <P> + * + * @param msgFormat message format + */ + public EDBException(String msgFormat) { + super(msgFormat); + } + + /** + * Constructs a database exception. + * <P> + * + * @param msgFormat message format + * @param param parameter + */ + public EDBException(String msgFormat, String param) { + super(msgFormat, param); + } + + /** + * Constructs a database exception. + * <P> + * + * @param msgFormat message format + * @param e exception as parameter + */ + public EDBException(String msgFormat, Exception e) { + super(msgFormat, e); + } + + /** + * Constructs a database exception. + * <P> + * + * @param msgFormat message format + * @param params list of parameters + */ + public EDBException(String msgFormat, Object params[]) { + super(msgFormat, params); + } + + protected String getBundleName() { + return DB_RESOURCES; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/EDBNotAvailException.java b/pki/base/common/src/com/netscape/certsrv/dbs/EDBNotAvailException.java new file mode 100644 index 000000000..28709b705 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/EDBNotAvailException.java @@ -0,0 +1,36 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs; + + +/** + * Indicates internal db is down. + * + * @version $Revision$, $Date$ + */ +public class EDBNotAvailException extends EDBException { + + /** + * Constructs a ldap server down exception with host & port info. + * + * @param errorString Detailed error message. + */ + public EDBNotAvailException(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/EDBRecordNotFoundException.java b/pki/base/common/src/com/netscape/certsrv/dbs/EDBRecordNotFoundException.java new file mode 100644 index 000000000..28402dba7 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/EDBRecordNotFoundException.java @@ -0,0 +1,36 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs; + + +/** + * Indicates internal db is down. + * + * @version $Revision$, $Date$ + */ +public class EDBRecordNotFoundException extends EDBException { + + /** + * Constructs a ldap server down exception with host & port info. + * + * @param errorString Detailed error message. + */ + public EDBRecordNotFoundException(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBAttrMapper.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBAttrMapper.java new file mode 100644 index 000000000..d7b82f25d --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBAttrMapper.java @@ -0,0 +1,80 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs; + + +import java.util.*; +import netscape.ldap.*; +import com.netscape.certsrv.base.*; + + +/** + * An interface represents an attribute mapper. A mapper + * has knowledge on how to convert a db attribute into + * zero or more LDAP attribute, and vice versa. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IDBAttrMapper { + + /** + * Retrieves a list of LDAP attributes that are used + * in the mapper. By having this, the framework can + * provide search on selective attributes. + * + * @return a list of supported attribute names + */ + public Enumeration getSupportedLDAPAttributeNames(); + + /** + * Maps object attribute into LDAP attributes. + * + * @param parent parent object where the object comes from + * @param name name of db attribute + * @param obj object itself + * @param attrs LDAP attribute set where the result should be stored + * @exception EBaseException failed to map object + */ + public void mapObjectToLDAPAttributeSet(IDBObj parent, + String name, Object obj, LDAPAttributeSet attrs) + throws EBaseException; + + /** + * Maps LDAP attributes into object, and puts the object + * into 'parent'. + * + * @param attrs LDAP attribute set + * @param name name of db attribute to be processed + * @param parent parent object where the object should be added + * @exception EBaseException failed to map object + */ + public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, + String name, IDBObj parent) throws EBaseException; + + /** + * Maps search filters into LDAP search filter. + * + * @param name name of db attribute + * @param op filte operation (i.e. "=", ">=") + * @param value attribute value + * @exception EBaseException failed to map filter + */ + public String mapSearchFilter(String name, String op, + String value) throws EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBDynAttrMapper.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBDynAttrMapper.java new file mode 100644 index 000000000..c1c8c3b39 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBDynAttrMapper.java @@ -0,0 +1,22 @@ +package com.netscape.certsrv.dbs; + +/** + * An interface representing a dynamic attribute mapper. + * A dynamic mapper has knowledge on how to convert a set of dynamically + * assigned db attribute into zero or more dynamically assigned LDAP + * attributes, and vice versa. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IDBDynAttrMapper extends IDBAttrMapper { + + /** + * Returns true if the LDAP attribute can be mapped by this + * dynamic mapper. + * + * @param attrName LDAP attribute name to check + * @return a list of supported attribute names + */ + public boolean supportsLDAPAttributeName(String attrName); +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBObj.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBObj.java new file mode 100644 index 000000000..1616e7418 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBObj.java @@ -0,0 +1,42 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs; + + +import java.util.*; +import com.netscape.certsrv.base.*; + + +/** + * An interface represents a database object + * that is serializable. + * + * @version $Revision$, $Date$ + */ +public interface IDBObj extends IAttrSet { + + /** + * Returns a list of serializable attribute + * names. This method should return the + * attribute name even if there is no attribute + * value for the attribute. + * + * @return a list of serializable attribute names + */ + public Enumeration getSerializableAttrNames(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBRegistry.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBRegistry.java new file mode 100644 index 000000000..faf18a342 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBRegistry.java @@ -0,0 +1,171 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs; + + +import java.util.*; +import netscape.ldap.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.logging.*; + + +/** + * A class represents a registry where all the + * schema (object classes and attribute) information + * is stored. + * + * Attribute mappers can be registered with this + * registry. + * + * Given the schema information stored, this registry + * has knowledge to convert a Java object into a + * LDAPAttributeSet or vice versa. + * + * @version $Revision$, $Date$ + */ +public interface IDBRegistry extends ISubsystem { + + /** + * Registers object class. + * + * @param className java class to create for the object classes + * @param ldapNames a list of LDAP object classes + * @exception EDBException failed to register + */ + public void registerObjectClass(String className, String ldapNames[]) + throws EDBException; + + /** + * See if an object class is registered. + * + * @param className java class to create + * @return true if object class is registered already + */ + public boolean isObjectClassRegistered(String className); + + /** + * Registers attribute mapper. + * + * @param ufName LDAP attribute name + * @param mapper mapper to invoke for the attribute + * @exception EDBException failed to register + */ + public void registerAttribute(String ufName, IDBAttrMapper mapper) + throws EDBException; + + /** + * See if an attribute is registered. + * + * @param ufName attribute name + * @return true if attribute is registered already + */ + public boolean isAttributeRegistered(String ufName); + + /** + * Registers a dynamic attribute mapper. + * @param mapper The dynamic mapper to register + */ + public void registerDynamicMapper(IDBDynAttrMapper mapper); + + /** + * Creates LDAP-based search filters with help of + * registered mappers. + * Parses filter from filter string specified in RFC1558. + * <pre> + * <filter> ::= '(' <filtercomp> ')' + * <filtercomp> ::= <and> | <or> | <not> | <item> + * <and> ::= '&' <filterlist> + * <or> ::= '|' <filterlist> + * <not> ::= '!' <filter> + * <filterlist> ::= <filter> | <filter> <filterlist> + * <item> ::= <simple> | <present> | <substring> + * <simple> ::= <attr> <filtertype> <value> + * <filtertype> ::= <equal> | <approx> | <greater> | <less> + * <equal> ::= '=' + * <approx> ::= '~=' + * <greater> ::= '>=' + * <less> ::= '<=' + * <present> ::= <attr> '=*' + * <substring> ::= <attr> '=' <initial> <any> <final> + * <initial> ::= NULL | <value> + * <any> ::= '*' <starval> + * <starval> ::= NULL | <value> '*' <starval> + * <final> ::= NULL | <value> + * </pre> + * + * @param filter CMS-based filter + * @return LDAP-based filter string + * @exception EBaseException failed to convert filter + */ + public String getFilter(String filter) throws EBaseException; + + /** + * Creates LDAP-based search filters with help of + * registered mappers. + * + * @param filter CMS-based filter + * @param c filter converter + * @return LDAP-based filter string + * @exception EBaseException failed to convert filter + */ + public String getFilter(String filter, IFilterConverter c) + throws EBaseException; + + /** + * Maps object into LDAP attribute set. + * + * @param parent object's parent + * @param name name of the object + * @param obj object to be mapped + * @param attrs LDAP attribute set + * @exception EBaseException failed to map object + */ + public void mapObject(IDBObj parent, String name, Object obj, + LDAPAttributeSet attrs) throws EBaseException; + + /** + * Retrieves a list of LDAP attributes that are associated + * with the given attributes. + * + * @param attrs attributes + * @return LDAP-based attributes + * @exception EBaseException failed to map attributes + */ + public String[] getLDAPAttributes(String attrs[]) + throws EBaseException; + + /** + * Creates attribute set from object. + * + * @param obj database object + * @return LDAP attribute set + * @exception EBaseException failed to create set + */ + public LDAPAttributeSet createLDAPAttributeSet(IDBObj obj) + throws EBaseException; + + /** + * Creates object from attribute set. + * + * @param attrs LDAP attribute set + * @return database object + * @exception EBaseException failed to create object + */ + public IDBObj createObject(LDAPAttributeSet attrs) + throws EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBSSession.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBSSession.java new file mode 100644 index 000000000..09364dc69 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBSSession.java @@ -0,0 +1,211 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs; + + +import java.util.*; +import netscape.ldap.*; +import com.netscape.certsrv.base.*; + + +/** + * An interface represents the database session. Operations + * can be performed with a session. + * + * Transaction and Caching support can be integrated + * into session. + * + * @version $Revision$, $Date$ + */ +public interface IDBSSession { + + /** + * Returns database subsystem. + * + * @return subsystem + */ + public ISubsystem getDBSubsystem(); + + /** + * Closes this session. + * + * @exception EDBException failed to close session + */ + public void close() throws EDBException; + + /** + * Adds object to backend database. For example, + * <PRE> + * session.add("cn=123459,o=certificate repository,o=airius.com", + * certRec); + * </PRE> + * + * @param name name of the object + * @param obj object to be added + * @exception EDBException failed to add object + */ + public void add(String name, IDBObj obj) throws EBaseException; + + /** + * Reads an object from the database. + * + * @param name name of the object that is to be read + * @return database object + * @exception EBaseException failed to read object + */ + public IDBObj read(String name) throws EBaseException; + + /** + * Reads an object from the database, and only populates + * the selected attributes. + * + * @param name name of the object that is to be read + * @param attrs selected attributes + * @return database object + * @exception EBaseException failed to read object + */ + public IDBObj read(String name, String attrs[]) + throws EBaseException; + + /** + * Deletes object from database. + * + * @param name name of the object that is to be deleted + * @exception EBaseException failed to delete object + */ + public void delete(String name) throws EBaseException; + + /** + * Modify an object in the database. + * + * @param name name of the object that is to be modified + * @param mods modifications + * @exception EBaseException failed to modify + */ + public void modify(String name, ModificationSet mods) + throws EBaseException; + + /** + * Searchs for a list of objects that match the + * filter. + * + * @param base starting point of the search + * @param filter search filter + * @return search results + * @exception EBaseException failed to search + */ + public IDBSearchResults search(String base, String filter) + throws EBaseException; + + /** + * Searchs for a list of objects that match the + * filter. + * + * @param base starting point of the search + * @param filter search filter + * @param maxSize max number of entries + * @return search results + * @exception EBaseException failed to search + */ + public IDBSearchResults search(String base, String filter, int maxSize) + throws EBaseException; + + /** + * Searchs for a list of objects that match the + * filter. + * + * @param base starting point of the search + * @param filter search filter + * @param maxSize max number of entries + * @param timeLimit timeout limit + * @return search results + * @exception EBaseException failed to search + */ + public IDBSearchResults search(String base, String filter, int maxSize, + int timeLimit) throws EBaseException; + + /** + * Retrieves a list of object that satifies the given + * filter. + * + * @param base starting point of the search + * @param filter search filter + * @param attrs selected attributes + * @return search results + * @exception EBaseException failed to search + */ + public IDBSearchResults search(String base, String filter, + String attrs[]) throws EBaseException; + + /** + * Retrieves a list of objects. + * + * @param base starting point of the search + * @param filter search filter + * @param attrs selected attributes + * @return search results in virtual list + * @exception EBaseException failed to search + */ + public IDBVirtualList createVirtualList(String base, String filter, + String attrs[]) throws EBaseException; + + /** + * Sets persistent search to retrieve modified + * certificate records. + * + * @param base starting point of the search + * @param filter search filter + * @param attrs selected attributes + * @return LDAP search results + * @exception EBaseException failed to search + */ + public LDAPSearchResults persistentSearch(String base, String filter, + String attrs[]) throws EBaseException; + + /** + * Retrieves a list of objects. + * + * @param base starting point of the search + * @param filter search filter + * @param attrs selected attributes + * @param sortKey key used to sort the list + * @param pageSize page size in the virtual list + * @return search results in virtual list + * @exception EBaseException failed to search + */ + public IDBVirtualList createVirtualList(String base, String filter, + String attrs[], String sortKey, int pageSize) + throws EBaseException; + + /** + * Retrieves a list of objects. + * + * @param base starting point of the search + * @param filter search filter + * @param attrs selected attributes + * @param startFrom starting point + * @param sortKey key used to sort the list + * @param pageSize page size in the virtual list + * @return search results in virtual list + * @exception EBaseException failed to search + */ + public IDBVirtualList createVirtualList(String base, String filter, + String attrs[], String startFrom, + String sortKey, int pageSize) + throws EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBSearchResults.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBSearchResults.java new file mode 100644 index 000000000..71356eb4f --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBSearchResults.java @@ -0,0 +1,49 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs; + + +import java.util.*; +import netscape.ldap.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.logging.*; + + +/** + * A class represents the search results. A search + * results object contain a enumeration of + * Java objects that are just read from the database. + * + * @version $Revision$, $Date$ + */ +public interface IDBSearchResults extends Enumeration { + + /** + * Checks if any element is available. + * + * @return true if there is more elements + */ + public boolean hasMoreElements(); + + /** + * Retrieves next element. + * + * @return next element + */ + public Object nextElement(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBSubsystem.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBSubsystem.java new file mode 100644 index 000000000..e82a3a14c --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBSubsystem.java @@ -0,0 +1,213 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs; + + +import java.math.*; +import netscape.ldap.*; +import com.netscape.certsrv.base.*; + + +/** + * An interface represents certificate server + * backend database. + * <P> + * This interface separate the database subsystem + * functionalities from internal implementation. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IDBSubsystem extends ISubsystem { + + public static final String SUB_ID = "dbs"; + + + // values for repos + public static final int CERTS = 0; + public static final int REQUESTS = 1; + public static final int REPLICA_ID = 2; + public static final int NUM_REPOS = 3; + + /** + * Retrieves the base DN. + * + * @return base DN of the subsystem + */ + public String getBaseDN(); + + /** + * Retrieves the registry. + * + * @return registry + */ + public IDBRegistry getRegistry(); + + /** + * Creates a database session. + * + * @return database session + * @exception EDBException failed to create session + */ + public IDBSSession createSession() throws EDBException; + + /** + * Avoids losing serial number. + * + * @return true if serial number recovery option is enabled + */ + public boolean enableSerialNumberRecovery(); + + /** + * Records next serial number in config file + * + * @param serial next serial number + * @exception EBaseException failed to set + */ + public void setNextSerialConfig(BigInteger serial) throws EBaseException; + + /** + * Gets the next serial number in config file + * + * @return next serial number + */ + public BigInteger getNextSerialConfig(); + + /** + * Records maximum serial number limit in config file + * + * @param serial max serial number + * @param repo repo identifier + * @exception EBaseException failed to set + */ + public void setMaxSerialConfig(int repo, String serial) throws EBaseException; + + /** + * Records minimum serial number limit in config file + * + * @param serial min serial number + * @param repo repo identifier + * @exception EBaseException failed to set + */ + public void setMinSerialConfig(int repo, String serial) throws EBaseException; + + /** + * Records maximum serial number limit for the next range in config file + * + * @param serial max serial number + * @param repo repo identifier + * @exception EBaseException failed to set + */ + public void setNextMaxSerialConfig(int repo, String serial) throws EBaseException; + + /** + * Records minimum serial number limit for the next range in config file + * + * @param serial min serial number + * @param repo repo identifier + * @exception EBaseException failed to set + */ + public void setNextMinSerialConfig(int repo, String serial) throws EBaseException; + + /** + * Gets minimum serial number limit in config file + * + * @param repo repo identifier + * @return min serial number + */ + public String getMinSerialConfig(int repo); + + /** + * Gets the maximum serial number limit in config file + * + * @param repo repo identifier + * @return max serial number + */ + public String getMaxSerialConfig(int repo); + + /** + * Gets the maximum serial number limit for next range in config file + * + * @param repo repo identifier + * @return max serial number + */ + public String getNextMaxSerialConfig(int repo); + + /** + * Gets minimum serial number limit for next range in config file + * + * @param repo repo identifier + * @return min serial number + */ + public String getNextMinSerialConfig(int repo); + + /** + * Gets low water mark limit in config file + * + * @param repo repo identifier + * @return low water mark + */ + public String getLowWaterMarkConfig(int repo); + + /** + * Gets range increment limit for next range in config file + * + * @param repo repo identifier + * @return range increment + */ + public String getIncrementConfig(int repo); + + /** + * Gets number corresponding to start of next range from database + * + * @param repo repo identifier + * @return start of next range + */ + public String getNextRange(int repo); + + /** + * Determines if a range conflict has been observed in database + * + * @param repo repo identifier + * @return true if range conflict, false otherwise + */ + public boolean hasRangeConflict(int repo); + + /** + * Determines if serial number management has been enabled + * + * @return true if enabled, false otherwise + */ + public boolean getEnableSerialMgmt(); + + /** + * Sets whether serial number management is enabled for certs + * and requests. + * + * @param value true/false + * @exception EBaseException failed to set + */ + public void setEnableSerialMgmt(boolean value) throws EBaseException; + + /** + * Returns LDAP connection to connection pool. + * + * @param conn connection to be returned + */ + public void returnConn(LDAPConnection conn); +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBVirtualList.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBVirtualList.java new file mode 100644 index 000000000..93b1f87fb --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBVirtualList.java @@ -0,0 +1,149 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs; + + +import java.util.*; +import netscape.ldap.*; +import netscape.ldap.controls.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.logging.*; + + +/** + * A interface represents a virtual list of search results. + * Note that this class must be used with DS4.0. + * + * @version $Revision$, $Date$ + */ +public interface IDBVirtualList { + + /** + * Sets the paging size of this virtual list. + * The page size here is just a buffer size. A buffer is kept around + * that is three times as large as the number of visible entries. + * That way, you can scroll up/down several items(up to a page-full) + * without refetching entries from the directory. + * + * @param size the page size + */ + public void setPageSize(int size); + + /** + * Sets the sort key + * + * @param sortKey the attribute to sort by + * @exception EBaseException failed to set + */ + public void setSortKey(String sortKey) throws EBaseException; + + /** + * Sets the sort key + * + * @param sortKeys the attributes to sort by + * @exception EBaseException failed to set + */ + public void setSortKey(String[] sortKeys) throws EBaseException; + + /** + * Retrieves the size of this virtual list. + * Recommend to call getSize() before getElementAt() or getElements() + * since you'd better check if the index is out of bound first. + * + * @return current size in list + */ + public int getSize(); + + /** + * Returns current index. + * + * @return current index + */ + + public int getSizeBeforeJumpTo(); + public int getSizeAfterJumpTo(); + + public int getCurrentIndex(); + + /** + * Get a page starting at "first" (although we may also fetch + * some preceding entries) + * Recommend to call getSize() before getElementAt() or getElements() + * since you'd better check if the index is out of bound first. + * + * @param first the index of the first entry of the page you want to fetch + */ + public boolean getPage(int first); + + /** + * Called by application to scroll the list with initial letters. + * Consider text to be an initial substring of the attribute of the + * primary sorting key(the first one specified in the sort key array) + * of an entry. + * If no entries match, the one just before(or after, if none before) + * will be returned as mSelectedIndex + * + * @param text the prefix of the first entry of the page you want to fetch + */ + public boolean getPage(String text); + + /** + * Fetchs data of a single list item + * Recommend to call getSize() before getElementAt() or getElements() + * since you'd better check if the index is out of bound first. + * If the index is out of range of the virtual list, an exception + * will be thrown and return null + * + * @param index the index of the element to fetch + */ + public Object getElementAt(int index); + + /** + * Retrieves and jumps to element in the given position. + * + * @param i position + * @return object + */ + public Object getJumpToElementAt(int i); + + /** + * Processes elements as soon as it arrives. It is + * more memory-efficient. + * + * @param startidx starting index + * @param endidx ending index + * @param ep object to call + * @exception EBaseException failed to process elements + */ + public void processElements(int startidx, int endidx, IElementProcessor ep) + throws EBaseException; + + /** + * Gets the virutal selected index + * + * @return selected index + */ + public int getSelectedIndex(); + + /** + * Gets the top of the buffer + * + * @return first index + */ + public int getFirstIndex(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IElementProcessor.java b/pki/base/common/src/com/netscape/certsrv/dbs/IElementProcessor.java new file mode 100644 index 000000000..d43145d8b --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/IElementProcessor.java @@ -0,0 +1,38 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs; + + +import com.netscape.certsrv.base.*; + + +/** + * Processor handles object read from the session. + * + * @version $Revision$, $Date$ + */ +public interface IElementProcessor { + + /** + * Handles object + * + * @param o object to be processed + * @exception EBaseException failed to process object + */ + public void process(Object o) throws EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IFilterConverter.java b/pki/base/common/src/com/netscape/certsrv/dbs/IFilterConverter.java new file mode 100644 index 000000000..d31ccd468 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/IFilterConverter.java @@ -0,0 +1,53 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs; + + +import java.util.*; +import netscape.ldap.*; +import com.netscape.certsrv.base.*; + + +/** + * An interface represents a filter converter + * that understands how to convert a attribute + * type from one defintion to another. + * For example, + * <PRE> + * (1) database layer need to convert + * registered attribute type to ldap attribute + * type. + * (2) high level subsystem need to convert + * locale specific attribute type to registered + * attribute type. + * </PRE> + * + * @version $Revision$, $Date$ + */ +public interface IFilterConverter { + + /** + * Converts attribute into LDAP attribute. + * + * @param attr attribute name + * @param op attribute operation + * @param value attribute value + * @return The LDAP attribute + */ + public String convert(String attr, String op, String value); +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/Modification.java b/pki/base/common/src/com/netscape/certsrv/dbs/Modification.java new file mode 100644 index 000000000..3a28b1337 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/Modification.java @@ -0,0 +1,91 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs; + + +import java.util.*; + + +/** + * A class represents a modification. This is used by the + * database (dbs) framework for modification operations. + * It specifices the modification type and values. + * + * @version $Revision$, $Date$ + */ +public class Modification { + + /** + * Add new value. + */ + public static final int MOD_ADD = 0; + + /** + * Deletes old value. + */ + public static final int MOD_DELETE = 1; + + /** + * Replace old value. + */ + public static final int MOD_REPLACE = 2; + + private String mName = null; + private int mOp; + private Object mValue = null; + + /** + * Constructs a role modification. + * + * @param name attribute name + * @param op attribute operation (i.e. MOD_ADD, MOD_DELETE, or MOD_REPLACE) + * @param value attribute value + */ + public Modification(String name, int op, Object value) { + mName = name; + mOp = op; + mValue = value; + } + + /** + * Retrieves attribute name. + * + * @return attribute name + */ + public String getName() { + return mName; + } + + /** + * Retrieves modification operation type. + * + * @return modification type + */ + public int getOp() { + return mOp; + } + + /** + * Retrieves attribute value. + * + * @return attribute value + */ + public Object getValue() { + return mValue; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/ModificationSet.java b/pki/base/common/src/com/netscape/certsrv/dbs/ModificationSet.java new file mode 100644 index 000000000..0e3108182 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/ModificationSet.java @@ -0,0 +1,62 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs; + + +import java.util.*; + + +/** + * A class represents a modification set. A modification + * set contains zero or more modifications. + * + * @version $Revision$, $Date$ + */ +public class ModificationSet { + + /** + * A list of modifications + */ + private Vector mods = new Vector(); + + /** + * Constructs modification set. + */ + public ModificationSet() { + } + + /** + * Adds modification to this set. + * + * @param name attribute name + * @param op modification operation + * @param value attribute value + */ + public void add(String name, int op, Object value) { + mods.addElement(new Modification(name, op, value)); + } + + /** + * Retrieves a list of modifications. + * + * @return a list of Modifications + */ + public Enumeration getModifications() { + return mods.elements(); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecord.java b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecord.java new file mode 100644 index 000000000..febb684cc --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecord.java @@ -0,0 +1,176 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs.certdb; + + +import java.util.Date; +import java.math.BigInteger; +import com.netscape.certsrv.dbs.IDBObj; +import com.netscape.certsrv.base.MetaInfo; +import netscape.security.x509.X509CertImpl; + + +/** + * An interface contains constants for certificate record. + * + * @version $Revision$, $Date$ + */ +public interface ICertRecord extends IDBObj { + + public final static String ATTR_ID = "certRecordId"; + public final static String ATTR_META_INFO = "certMetaInfo"; + public final static String ATTR_REVO_INFO = "certRevoInfo"; + public final static String ATTR_CERT_STATUS = "certStatus"; + public final static String ATTR_CREATE_TIME = "certCreateTime"; + public final static String ATTR_MODIFY_TIME = "certModifyTime"; + public final static String ATTR_AUTO_RENEW = "certAutoRenew"; + public final static String ATTR_ISSUED_BY = "certIssuedBy"; + public final static String ATTR_REVOKED_BY = "certRevokedBy"; + public final static String ATTR_REVOKED_ON = "certRevokedOn"; + public final static String ATTR_X509CERT = "x509cert"; + + public static final String META_LDAPPUBLISH = "inLdapPublishDir"; + public static final String META_REQUEST_ID = "requestId"; + public static final String META_RENEWED_CERT = "renewedCertSerialNo"; + public static final String META_OLD_CERT = "oldCertSerialNo"; + public static final String META_CERT_TYPE = "certType"; + public static final String META_CRMF_REQID = "crmfReqId"; + public static final String META_CHALLENGE_PHRASE = "challengePhrase"; + public static final String META_PROFILE_ID = "profileId"; + + public final static String STATUS_VALID = "VALID"; + public final static String STATUS_INVALID = "INVALID"; + public final static String STATUS_REVOKED = "REVOKED"; + public final static String STATUS_EXPIRED = "EXPIRED"; + public final static String STATUS_REVOKED_EXPIRED = "REVOKED_EXPIRED"; + + public final static String AUTO_RENEWAL_DISABLED = "DISABLED"; + public final static String AUTO_RENEWAL_ENABLED = "ENABLED"; + public final static String AUTO_RENEWAL_DONE = "DONE"; + public final static String AUTO_RENEWAL_NOTIFIED = "NOTIFIED"; + + public final static String X509CERT_NOT_BEFORE = "notBefore"; + public final static String X509CERT_NOT_AFTER = "notAfter"; + public final static String X509CERT_DURATION = "duration"; + public final static String X509CERT_EXTENSION = "extension"; + public final static String X509CERT_SUBJECT = "subject"; + public final static String X509CERT_PUBLIC_KEY_DATA ="publicKeyData"; + public final static String X509CERT_VERSION = "version"; + public final static String X509CERT_ALGORITHM = "algorithm"; + public final static String X509CERT_SIGNING_ALGORITHM = "signingAlgorithm"; + public final static String X509CERT_SERIAL_NUMBER = "serialNumber"; + + /* attribute type used the following with search filter */ + public final static String ATTR_X509CERT_NOT_BEFORE = + ATTR_X509CERT + "." + X509CERT_NOT_BEFORE; + public final static String ATTR_X509CERT_NOT_AFTER = + ATTR_X509CERT + "." + X509CERT_NOT_AFTER; + public final static String ATTR_X509CERT_DURATION = + ATTR_X509CERT + "." + X509CERT_DURATION; + public final static String ATTR_X509CERT_EXTENSION = + ATTR_X509CERT + "." + X509CERT_EXTENSION; + public final static String ATTR_X509CERT_SUBJECT = + ATTR_X509CERT + "." + X509CERT_SUBJECT; + public final static String ATTR_X509CERT_VERSION = + ATTR_X509CERT + "." + X509CERT_VERSION; + public final static String ATTR_X509CERT_ALGORITHM = + ATTR_X509CERT + "." + X509CERT_ALGORITHM; + public final static String ATTR_X509CERT_SIGNING_ALGORITHM = + ATTR_X509CERT + "." + X509CERT_SIGNING_ALGORITHM; + public final static String ATTR_X509CERT_SERIAL_NUMBER = + ATTR_X509CERT + "." + X509CERT_SERIAL_NUMBER; + public final static String ATTR_X509CERT_PUBLIC_KEY_DATA = + ATTR_X509CERT + "." + X509CERT_PUBLIC_KEY_DATA; + + /** + * Retrieves serial number from stored certificate. + * + * @return certificate serial number + */ + public BigInteger getCertificateSerialNumber(); + + /** + * Retrieves serial number from certificate record. + * + * @return certificate serial number + */ + public BigInteger getSerialNumber(); + + /** + * Retrieves certificate from certificate record. + * + * @return certificate + */ + public X509CertImpl getCertificate(); + + /** + * Retrieves name of who issued this certificate. + * + * @return name of who issued this certificate + */ + public String getIssuedBy(); + + /** + * Retrieves name of who revoked this certificate. + * + * @return name of who revoked this certificate + */ + public String getRevokedBy(); + + /** + * Retrieves date when this certificate was revoked. + * + * @return date when this certificate was revoked + */ + public Date getRevokedOn(); + + /** + * Retrieves meta info. + * + * @return meta info + */ + public MetaInfo getMetaInfo(); + + /** + * Retrieves certificate status. + * + * @return certificate status + */ + public String getStatus(); + + /** + * Retrieves time of creation of this certificate record. + * + * @return time of creation of this certificate record + */ + public Date getCreateTime(); + + /** + * Retrieves time of modification of this certificate record. + * + * @return time of modification of this certificate record + */ + public Date getModifyTime(); + + /** + * Retrieves revocation info. + * + * @return revocation info + */ + public IRevocationInfo getRevocationInfo(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecordList.java b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecordList.java new file mode 100644 index 000000000..cc8c38187 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecordList.java @@ -0,0 +1,97 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs.certdb; + + +import java.util.*; +import java.io.*; +import java.math.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.dbs.*; + + +/** + * A class represents a list of certificate records. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface ICertRecordList { + + /** + * Gets the current index. + * + * @return current index + */ + public int getCurrentIndex(); + + /** + * Retrieves the size of request list. + * + * @return size + */ + public int getSize(); + + /** + * Gets size before jump to index. + * + * @return size + */ + public int getSizeBeforeJumpTo(); + + /** + * Gets size after jump to index. + * + * @return size + */ + public int getSizeAfterJumpTo(); + + /** + * Process certificate record as soon as it is returned. + * + * @param startidx starting index + * @param endidx ending index + * @param ep element processor + * @exception EBaseException failed to process cert records + */ + public void processCertRecords(int startidx, int endidx, + IElementProcessor ep) throws EBaseException; + + /** + * Retrieves requests. + * It's no good to call this if you didnt check + * if the startidx, endidx are valid. + * + * @param startidx starting index + * @param endidx ending index + * @exception EBaseException failed to retrieve + */ + public Enumeration getCertRecords(int startidx, int endidx) + throws EBaseException; + + /** + * Gets one single record at a time similar to + * processCertRecords but no extra class needed. + * + * @param index position of the record to be retrieved + * @return object + * @exception EBaseException failed to retrieve + */ + public Object getCertRecord(int index) + throws EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java new file mode 100644 index 000000000..c036909de --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java @@ -0,0 +1,512 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs.certdb; + + +import java.math.*; +import java.util.*; +import java.io.*; +import java.security.*; +import java.security.cert.*; +import java.security.cert.Certificate; +import netscape.security.x509.*; +import netscape.ldap.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.dbs.*; +import com.netscape.certsrv.dbs.repository.*; + + +/** + * An interface represents a CMS certificate repository. + * It stores all the issued certificate. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface ICertificateRepository extends IRepository { + + /** + * Adds a certificate record to the repository. Each certificate + * record contains four parts: certificate, meta-attributes, + * issue information and reovcation information. + * <P> + * + * @param record X.509 certificate + * @exception EBaseException failed to add new certificate to + * the repository + */ + public void addCertificateRecord(ICertRecord record) + throws EBaseException; + + /** + * Reads the certificate identified by the given serial no. + * + * @param serialNo serial number of certificate + * @return certificate + * @exception EBaseException failed to retrieve certificate + */ + public X509CertImpl getX509Certificate(BigInteger serialNo) + throws EBaseException; + + /** + * Reads certificate from repository. + * + * @param serialNo serial number of certificate + * @return certificate record + * @exception EBaseException failed to retrieve certificate + */ + public ICertRecord readCertificateRecord(BigInteger serialNo) + throws EBaseException; + + /** + * Sets certificate status update internal + * + * @param requestRepo request repository + * @param interval update interval + * @param listenToCloneModifications enable listening to clone modifications + */ + public void setCertStatusUpdateInterval(IRepository requestRepo, + int interval, + boolean listenToCloneModifications); + + /** + * Updates certificate status now. This is a blocking method. + * + * @exception EBaseException failed to update + */ + public void updateCertStatus() throws EBaseException; + + /** + * Modifies certificate record. + * + * @param serialNo serial number of record + * @param mods modifications + * @exception EBaseException failed to modify + */ + public void modifyCertificateRecord(BigInteger serialNo, + ModificationSet mods) throws EBaseException; + + /** + * Checks if the certificate exists in this repository. + * + * @param serialNo serial number of certificate + * @return true if it exists + * @exception EBaseException failed to check + */ + public boolean containsCertificate(BigInteger serialNo) + throws EBaseException; + + /** + * Deletes certificate from this repository. + * + * @param serialNo serial number of certificate + * @exception EBaseException failed to delete + */ + public void deleteCertificateRecord(BigInteger serialNo) + throws EBaseException; + + /** + * Marks certificate as revoked. + * + * @param id serial number + * @param info revocation information + * @exception EBaseException failed to mark + */ + public void markAsRevoked(BigInteger id, IRevocationInfo info) + throws EBaseException; + + /** + * Updates certificate status. + * + * @param id serial number + * @param status certificate status + * @exception EBaseException failed to update status + */ + public void updateStatus(BigInteger id, String status) + throws EBaseException; + + /** + * Marks certificate as renewable. + * + * @param record certificate record to modify + * @exception EBaseException failed to update + */ + public void markCertificateAsRenewable(ICertRecord record) + throws EBaseException; + + /** + * Marks certificate as not renewable. + * + * @param record certificate record to modify + * @exception EBaseException failed to update + */ + public void markCertificateAsNotRenewable(ICertRecord record) + throws EBaseException; + + /** + * Marks certificate as renewed. + * + * @param serialNo certificate record to modify + * @exception EBaseException failed to update + */ + public void markCertificateAsRenewed(String serialNo) + throws EBaseException; + + /** + * Marks certificate as renewed and notified. + * + * @param serialNo certificate record to modify + * @exception EBaseException failed to update + */ + public void markCertificateAsRenewalNotified(String serialNo) + throws EBaseException; + + /** + * Finds a list of certificate records that satisifies + * the filter. + * Here is a list of filter + * attribute can be used: + * <pre> + * certRecordId + * certMetaInfo + * certStatus + * certCreateTime + * certModifyTime + * x509Cert.notBefore + * x509Cert.notAfter + * x509Cert.subject + * </pre> + * The filter should follow RFC1558 LDAP filter syntax. + * For example, + * <pre> + * (&(certRecordId=5)(x509Cert.notBefore=934398398)) + * </pre> + * + * @param filter search filter + * @param maxSize max size to return + * @return a list of certificates + * @exception EBaseException failed to search + */ + public Enumeration searchCertificates(String filter, int maxSize) + throws EBaseException; + + /** + * Finds a list of certificate records that satisifies + * the filter. + * + * @param filter search filter + * @param maxSize max size to return + * @param timeLimit timeout value + * @return a list of certificates + * @exception EBaseException failed to search + */ + public Enumeration searchCertificates(String filter, int maxSize, + int timeLimit) throws EBaseException; + + /** + * Finds a list of certificate records that satisifies + * the filter. + * + * @param filter search filter + * @param attrs selected attribute + * @param pageSize page size + * @return a list of certificates + * @exception EBaseException failed to search + */ + public ICertRecordList findCertRecordsInList(String filter, + String attrs[], int pageSize) throws EBaseException; + + /** + * Finds a list of certificate records that satisifies + * the filter. + * + * @param filter search filter + * @param attrs selected attribute + * @param sortKey key to use for sorting the returned elements + * @param pageSize page size + * @return a list of certificates + * @exception EBaseException failed to search + */ + public ICertRecordList findCertRecordsInList(String filter, + String attrs[], String sortKey, int pageSize) + throws EBaseException; + + /** + * Finds a list of certificate records that satisifies + * the filter. + * + * @param filter search filter + * @param attrs selected attribute + * @param jumpTo jump to index + * @param sortKey key to use for sorting the returned elements + * @param pageSize page size + * @return a list of certificates + * @exception EBaseException failed to search + */ + public ICertRecordList findCertRecordsInList(String filter, + String attrs[], String jumpTo, String sortKey, int pageSize) + throws EBaseException; + + public ICertRecordList findCertRecordsInList(String filter, + String attrs[], String jumpTo, boolean hardJumpTo, String sortKey, int pageSize) + throws EBaseException; + + /** + * Finds a list of certificate records that satisifies + * the filter. + * + * @param filter search filter + * @param attrs selected attribute + * @param jumpTo jump to index + * @param sortKey key to use for sorting the returned elements + * @param pageSize page size + * @return a list of certificates + * @exception EBaseException failed to search + */ + public ICertRecordList findCertRecordsInListRawJumpto(String filter, + String attrs[], String jumpTo, String sortKey, int pageSize) + throws EBaseException; + + public static final int ALL_CERTS = 0; + public static final int ALL_VALID_CERTS = 1; + public static final int ALL_UNREVOKED_CERTS = 2; + + /** + * Gets all valid and unexpired certificates pertaining + * to a subject DN. + * + * @param subjectDN The distinguished name of the subject. + * @param validityType The type of certificatese to retrieve. + * @return An array of certificates. + * @throws EBaseException on error. + */ + public X509CertImpl[] getX509Certificates(String subjectDN, + int validityType) throws EBaseException; + + /** + * Retrieves all the revoked certificates that have not expired. + * + * @param asOfDate as of date + * @return a list of revoked certificates + * @exception EBaseException failed to retrieve + */ + public Enumeration getRevokedCertificates(Date asOfDate) + throws EBaseException; + + /** + * Retrieves all revoked certificates including ones that have expired + * or that are not yet valid. + * + * @return a list of revoked certificates + * @exception EBaseException failed to search + */ + public Enumeration getAllRevokedCertificates() + throws EBaseException; + + /** + * Retrieves all revoked but not expired certificates. + * + * @return a list of revoked certificates + * @exception EBaseException failed to search + */ + public Enumeration getAllRevokedNonExpiredCertificates() + throws EBaseException; + + /** + * Finds all certificates given a filter. + * + * @param filter search filter + * @return a list of certificates + * @exception EBaseException failed to search + */ + public Enumeration findCertificates(String filter) + throws EBaseException; + + /** + * Finds all certificate records given a filter. + * + * @param filter search filter + * @return a list of certificates + * @exception EBaseException failed to search + */ + public Enumeration findCertRecords(String filter) + throws EBaseException; + + /** + * Gets Revoked certs orderes by noAfter date, jumps to records + * where notAfter date is greater than current. + * + * @param date reference date + * @param pageSize page size + * @return a list of certificate records + * @exception EBaseException failed to retrieve + */ + public ICertRecordList getRevokedCertsByNotAfterDate(Date date, + int pageSize) throws EBaseException; + + /** + * Gets Invalid certs orderes by noAfter date, jumps to records + * where notAfter date is greater than current. + * + * @param date reference date + * @param pageSize page size + * @return a list of certificate records + * @exception EBaseException failed to retrieve + */ + public ICertRecordList getInvalidCertsByNotBeforeDate(Date date, + int pageSize) throws EBaseException; + + /** + * Gets valid certs orderes by noAfter date, jumps to records + * where notAfter date is greater than current. + * + * @param date reference date + * @param pageSize page size + * @return a list of certificate records + * @exception EBaseException failed to retrieve + */ + public ICertRecordList getValidCertsByNotAfterDate(Date date, + int pageSize) throws EBaseException; + + /** + * Creates certificate record. + * + * @param id serial number + * @param cert certificate + * @param meta meta information + * @return certificate record + */ + public ICertRecord createCertRecord(BigInteger id, + Certificate cert, MetaInfo meta); + + /** + * Finds certificate records. + * + * @param filter search filter + * @return a list of certificate records + * @exception EBaseException failed to retrieve cert records + */ + public Enumeration findCertRecs(String filter) + throws EBaseException; + + /** + * Retrieves renewable certificates. + * + * @param renewalTime renewal time + * @return certificates + * @exception EBaseException failed to retrieve + */ + public Hashtable getRenewableCertificates(String renewalTime) + throws EBaseException; + + /** + * Unmark a revoked certificates. + * + * @param id serial number + * @param info revocation information + * @param revokedOn revocation date + * @param revokedBy userid + * @exception EBaseException failed to unmark + */ + public void unmarkRevoked(BigInteger id, IRevocationInfo info, + Date revokedOn, String revokedBy) + throws EBaseException; + + /** + * Retrieves valid and not published certificates. + * + * @param from starting serial number + * @param to ending serial number + * @return a list of certificates + * @exception EBaseException failed to retrieve + */ + public Enumeration getValidNotPublishedCertificates(String from, String to) + throws EBaseException; + + /** + * Retrieves expired and published certificates. + * + * @param from starting serial number + * @param to ending serial number + * @return a list of certificates + * @exception EBaseException failed to retrieve + */ + public Enumeration getExpiredPublishedCertificates(String from, String to) + throws EBaseException; + + /** + * Retrieves revoked and published certificates. + * + * @param from starting serial number + * @param to ending serial number + * @return a list of certificates + * @exception EBaseException failed to retrieve + */ + public Enumeration getRevokedPublishedCertificates(String from, String to) + throws EBaseException; + + /** + * Retrieves valid certificates. + * + * @param from starting serial number + * @param to ending serial number + * @return a list of certificates + * @exception EBaseException failed to retrieve + */ + public Enumeration getValidCertificates(String from, String to) + throws EBaseException; + + /** + * Retrieves expired certificates. + * + * @param from starting serial number + * @param to ending serial number + * @return a list of certificates + * @exception EBaseException failed to retrieve + */ + public Enumeration getExpiredCertificates(String from, String to) + throws EBaseException; + + /** + * Retrieves revoked certificates. + * + * @param from starting serial number + * @param to ending serial number + * @return a list of certificates + * @exception EBaseException failed to retrieve + */ + public Enumeration getRevokedCertificates(String from, String to) + throws EBaseException; + + /** + * Retrieves modified certificate records. + * + * @param entry LDAPEntry with modified data + */ + public void getModifications(LDAPEntry entry); + + /** + * Removes certificate records with this repository. + * + * @param beginS BigInteger with radix 16 + * @param endS BigInteger with radix 16 + */ + public void removeCertRecords(BigInteger beginS, BigInteger endS) throws EBaseException; + + public void shutdown(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/certdb/IRevocationInfo.java b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/IRevocationInfo.java new file mode 100644 index 000000000..15e396943 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/IRevocationInfo.java @@ -0,0 +1,54 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs.certdb; + + +import java.util.*; +import java.io.*; +import java.math.*; +import java.security.cert.*; +import netscape.security.x509.*; +import netscape.security.util.*; +import netscape.security.pkcs.*; +import com.netscape.certsrv.base.*; + + +/** + * A class represents a certificate revocation info. This + * object is written as an attribute of certificate record + * which essentially signifies a revocation act. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IRevocationInfo { + + /** + * Retrieves revocation date. + * + * @return revocation date + */ + public Date getRevocationDate(); + + /** + * Retrieves CRL entry extensions. + * + * @return CRL entry extensions + */ + public CRLExtensions getCRLEntryExtensions(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/crldb/ICRLIssuingPointRecord.java b/pki/base/common/src/com/netscape/certsrv/dbs/crldb/ICRLIssuingPointRecord.java new file mode 100644 index 000000000..f0d98fd59 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/crldb/ICRLIssuingPointRecord.java @@ -0,0 +1,165 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs.crldb; + + +import java.util.*; +import java.math.*; +import java.io.*; +import java.security.cert.*; +import netscape.ldap.*; +import netscape.security.x509.*; +import netscape.security.util.*; +import netscape.security.pkcs.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.dbs.*; + + +/** + * An interface that defines abilities of + * a CRL issuing point record. + * + * @version $Revision$, $Date$ + */ +public interface ICRLIssuingPointRecord extends IDBObj { + + public static final String ATTR_ID = "id"; + public static final String ATTR_CRL_NUMBER = "crlNumber"; + public static final String ATTR_DELTA_NUMBER = "deltaNumber"; + public static final String ATTR_CRL_SIZE = "crlSize"; + public static final String ATTR_DELTA_SIZE = "deltaSize"; + public static final String ATTR_THIS_UPDATE = "thisUpdate"; + public static final String ATTR_NEXT_UPDATE = "nextUpdate"; + public static final String ATTR_FIRST_UNSAVED = "firstUnsaved"; + public static final String ATTR_CRL = "certificaterevocationlist"; + public static final String ATTR_CRL_CACHE = "crlCache"; + public static final String ATTR_CA_CERT = "cACertificate"; + public static final String ATTR_REVOKED_CERTS = "revokedCerts"; + public static final String ATTR_UNREVOKED_CERTS = "unrevokedCerts"; + public static final String ATTR_EXPIRED_CERTS = "expiredCerts"; + public static final String ATTR_DELTA_CRL = "deltaRevocationList"; + + public static final String CLEAN_CACHE = "-1"; + public static final String NEW_CACHE = "-2"; + + /** + * Retrieve unique CRL identifier. + * + * @return unique CRL identifier + */ + public String getId(); + + /** + * Retrieves current CRL number out of CRL issuing point record. + * + * @return current CRL number + */ + public BigInteger getCRLNumber(); + + /** + * Retrieves CRL size measured by the number of entries. + * + * @return CRL size + */ + public Long getCRLSize(); + + /** + * Retrieves this update time. + * + * @return time of this update + */ + public Date getThisUpdate(); + + /** + * Retrieves next update time. + * + * @return time of next update + */ + public Date getNextUpdate(); + + /** + * Retrieves current delta CRL number out of CRL issuing point record. + * + * @return current delta CRL number + */ + public BigInteger getDeltaCRLNumber(); + + /** + * Retrieves delta CRL size measured by the number of entries. + * + * @return delta CRL size + */ + public Long getDeltaCRLSize(); + + /** + * Retrieve Retrieve reference to the first unsaved data. + * + * @return reference to the first unsaved data + */ + public String getFirstUnsaved(); + + /** + * Retrieves encoded CRL. + * + * @return encoded CRL + */ + public byte[] getCRL(); + + /** + * Retrieves encoded delta CRL. + * + * @return encoded delta CRL + */ + public byte[] getDeltaCRL(); + + /** + * Retrieves encoded CA certificate. + * + * @return encoded CA certificate + */ + public byte[] getCACert(); + + /** + * Retrieves cache information about CRL. + * + * @return list of recently revoked certificates + */ + public Hashtable getCRLCacheNoClone(); + public Hashtable getCRLCache(); + + /** + * Retrieves cache information about revoked certificates. + * + * @return list of recently revoked certificates + */ + public Hashtable getRevokedCerts(); + + /** + * Retrieves cache information about certificates released from hold. + * + * @return list of certificates recently released from hold + */ + public Hashtable getUnrevokedCerts(); + + /** + * Retrieves cache information about expired certificates. + * + * @return list of recently expired certificates + */ + public Hashtable getExpiredCerts(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/crldb/ICRLRepository.java b/pki/base/common/src/com/netscape/certsrv/dbs/crldb/ICRLRepository.java new file mode 100644 index 000000000..ffac9b37b --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/crldb/ICRLRepository.java @@ -0,0 +1,183 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs.crldb; + + +import java.math.*; +import java.util.*; +import java.io.*; +import java.security.*; +import java.security.cert.*; +import netscape.security.x509.*; +import netscape.ldap.*; +import com.netscape.certsrv.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.dbs.*; +import com.netscape.certsrv.dbs.repository.*; + + +/** + * An interface represents a CMS CRL repository. It stores + * all the CRL issuing points. + * + * @version $Revision$, $Date$ + */ +public interface ICRLRepository { + + /** + * Adds CRL issuing point record. + * + * @param rec issuing point record + * @exception EBaseException failed to add new issuing point record + */ + public void addCRLIssuingPointRecord(ICRLIssuingPointRecord rec) + throws EBaseException; + + /** + * Retrieves all the issuing points' names. + * + * @return A list of issuing points' names. + * @exception EBaseException failed to retrieve all the issuing points' names. + */ + public Vector getIssuingPointsNames() throws EBaseException; + + /** + * Reads issuing point record. + * + * @return issuing point record + * @exception EBaseException failed to read issuing point record + */ + public ICRLIssuingPointRecord readCRLIssuingPointRecord(String id) + throws EBaseException; + + /** + * Deletes issuing point record. + * + * @param id issuing point record id + * @exception EBaseException failed to delete issuing point record + */ + public void deleteCRLIssuingPointRecord(String id) + throws EBaseException; + + /** + * Modifies issuing point record. + * + * @param id issuing point record id + * @param mods set of modifications + * @exception EBaseException failed to modify issuing point record + */ + public void modifyCRLIssuingPointRecord(String id, ModificationSet mods) + throws EBaseException; + + /** + * Updates CRL issuing point record. + * + * @param id issuing point record id + * @param newCRL encoded binary CRL + * @param thisUpdate time of this update + * @param nextUpdate time of next update + * @param crlNumber CRL number + * @param crlSize CRL size + * @exception EBaseException failed to update issuing point record + */ + public void updateCRLIssuingPointRecord(String id, byte[] newCRL, + Date thisUpdate, Date nextUpdate, BigInteger crlNumber, Long crlSize) + throws EBaseException; + + /** + * Updates CRL issuing point record. + * + * @param id issuing point record id + * @param newCRL encoded binary CRL + * @param thisUpdate time of this update + * @param nextUpdate time of next update + * @param crlNumber CRL number + * @param crlSize CRL size + * @param revokedCerts list of revoked certificates + * @param unrevokedCerts list of released from hold certificates + * @param expiredCerts list of expired certificates + * @exception EBaseException failed to update issuing point record + */ + public void updateCRLIssuingPointRecord(String id, byte[] newCRL, + Date thisUpdate, Date nextUpdate, BigInteger crlNumber, Long crlSize, + Hashtable revokedCerts, Hashtable unrevokedCerts, Hashtable expiredCerts) + throws EBaseException; + + /** + * Updates CRL issuing point record. + * + * @param id issuing point record id + * @param revokedCerts list of revoked certificates + * @param unrevokedCerts list of released from hold certificates + * @exception EBaseException failed to update issuing point record + */ + public void updateRevokedCerts(String id, Hashtable revokedCerts, Hashtable unrevokedCerts) + throws EBaseException; + + /** + * Updates CRL issuing point record. + * + * @param id issuing point record id + * @param expiredCerts list of expired certificates + * @exception EBaseException failed to update issuing point record + */ + public void updateExpiredCerts(String id, Hashtable expiredCerts) + throws EBaseException; + + /** + * Updates CRL issuing point record. + * + * @param id issuing point record id + * @param crlSize CRL size + * @param revokedCerts list of revoked certificates + * @param unrevokedCerts list of released from hold certificates + * @param expiredCerts list of expired certificates + * @exception EBaseException failed to update issuing point record + */ + public void updateCRLCache(String id, Long crlSize, + Hashtable revokedCerts, + Hashtable unrevokedCerts, + Hashtable expiredCerts) + throws EBaseException; + + /** + * Updates CRL issuing point record with delta-CRL. + * + * @param id issuing point record id + * @param deltaCRLNumber delta CRL number + * @param deltaCRLSize delta CRL size + * @param nextUpdate time of next update + * @param deltaCRL delta CRL in binary form + * @exception EBaseException failed to update issuing point record + */ + public void updateDeltaCRL(String id, BigInteger deltaCRLNumber, + Long deltaCRLSize, Date nextUpdate, + byte[] deltaCRL) + throws EBaseException; + + /** + * Updates CRL issuing point record with reference to the first + * unsaved data. + * + * @param id issuing point record id + * @param firstUnsaved reference to the first unsaved data + * @exception EBaseException failed to update issuing point record + */ + public void updateFirstUnsaved(String id, String firstUnsaved) + throws EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecord.java b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecord.java new file mode 100644 index 000000000..f795ff9a6 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecord.java @@ -0,0 +1,125 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs.keydb; + + +import java.util.*; +import java.math.*; +import com.netscape.certsrv.base.*; + + +/** + * An interface contains constants for key record. + * + * @version $Revision$, $Date$ + */ +public interface IKeyRecord { + public static final String ATTR_ID = "keySerialNumber"; + public static final String ATTR_STATE = "keyState"; + public static final String ATTR_ALGORITHM = "algorithm"; + public static final String ATTR_KEY_SIZE = "keySize"; + public static final String ATTR_OWNER_NAME = "keyOwnerName"; + public static final String ATTR_PRIVATE_KEY_DATA = "privateKey"; + public static final String ATTR_PUBLIC_KEY_DATA = "publicKey"; + public static final String ATTR_DATE_OF_RECOVERY = "dateOfRecovery"; + public static final String ATTR_CREATE_TIME = "keyCreateTime"; + public static final String ATTR_MODIFY_TIME = "keyModifyTime"; + public static final String ATTR_META_INFO = "keyMetaInfo"; + public static final String ATTR_ARCHIVED_BY = "keyArchivedBy"; + + // key state + public static final String STATUS_ANY = "ANY"; + public static final String STATUS_VALID = "VALID"; + public static final String STATUS_INVALID = "INVALID"; + + /** + * Retrieves the state of the key. + * + * @return key state + * @exception EBaseException failed to retrieve state of the key + */ + public KeyState getState() throws EBaseException; + + /** + * Retrieves key identifier. + * + * @return key id + * @exception EBaseException failed to retrieve key id + */ + public BigInteger getSerialNumber() throws EBaseException; + + /** + * Retrieves key owner name. + * + * @return key owner name + * @exception EBaseException failed to retrieve key owner name + */ + public String getOwnerName() throws EBaseException; + + /** + * Retrieves key algorithm. + * + * @return key algorithm + */ + public String getAlgorithm(); + + /** + * Retrieves key length. + * + * @return key length + * @exception EBaseException failed to retrieve key length + */ + public Integer getKeySize() throws EBaseException; + + /** + * Retrieves archiver identifier. + * + * @return archiver uid + */ + public String getArchivedBy(); + + /** + * Retrieves creation time. + * + * @return creation time + */ + public Date getCreateTime(); + + /** + * Retrieves last modification time. + * + * @return modification time + */ + public Date getModifyTime(); + + /** + * Retrieves dates of recovery. + * + * @return recovery history + * @exception EBaseException failed to retrieve recovery history + */ + public Date[] getDateOfRevocation() throws EBaseException; + + /** + * Retrieves public key data. + * + * @return public key data + * @exception EBaseException failed to retrieve public key data + */ + public byte[] getPublicKeyData() throws EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecordList.java b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecordList.java new file mode 100644 index 000000000..aced5cc1f --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecordList.java @@ -0,0 +1,54 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs.keydb; + + +import java.util.*; +import java.io.*; +import java.math.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.dbs.*; +import com.netscape.certsrv.dbs.repository.*; + + +/** + * A class represents a list of key records. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IKeyRecordList { + + /** + * Retrieves the size of key list. + * + * @return size of key list + */ + public int getSize(); + + /** + * Retrieves key records. + * + * @param startidx start index + * @param endidx end index + * @return key records + * @exception EBaseException failed to retrieve key records + */ + public Enumeration getKeyRecords(int startidx, int endidx) + throws EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRepository.java b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRepository.java new file mode 100644 index 000000000..324a7df17 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRepository.java @@ -0,0 +1,177 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs.keydb; + + +import java.math.*; +import java.io.*; +import java.util.*; +import java.security.*; +import java.security.cert.*; +import netscape.security.x509.*; +import netscape.ldap.*; +import com.netscape.certsrv.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.dbs.*; +import com.netscape.certsrv.dbs.repository.*; + + +/** + * An interface represents a Key repository. This is the + * container of archived keys. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IKeyRepository extends IRepository { + + /** + * Archives a key to the repository. + * <P> + * + * @param record key record + * @exception EBaseException failed to archive key + */ + public void addKeyRecord(IKeyRecord record) throws EBaseException; + + /** + * Reads an archived key by serial number. + * <P> + * + * @param serialNo serial number + * @return key record + * @exception EBaseException failed to recover key + */ + public IKeyRecord readKeyRecord(BigInteger serialNo) + throws EBaseException; + + /** + * Reads an archived key by b64 encoded cert. + * <P> + * + * @param cert b64 encoded cert + * @return key record + * @exception EBaseException failed to recover key + */ + public IKeyRecord readKeyRecord(String cert) + throws EBaseException; + + /** + * Reads an archived key by owner name. + * <P> + * + * @param ownerName owner name + * @return key record + * @exception EBaseException failed to recover key + */ + public IKeyRecord readKeyRecord(X500Name ownerName) + throws EBaseException; + + /** + * Reads archived key using public key. + * + * @param publicKey public key that is corresponding + * to the private key + * @return key record + * @exception EBaseException failed to read key + */ + public IKeyRecord readKeyRecord(PublicKey publicKey) + throws EBaseException; + + /** + * Searches for private keys. + * + * @param filter LDAP filter for the search + * @param maxSize maximium number of entries to be returned + * @return a list of private key records + * @exception EBaseException failed to search keys + */ + public Enumeration searchKeys(String filter, int maxSize) + throws EBaseException; + + /** + * Searches for private keys. + * + * @param filter LDAP filter for the search + * @param maxSize maximium number of entries to be returned + * @param timeLimt timeout value + * @return a list of private key records + * @exception EBaseException failed to search keys + */ + public Enumeration searchKeys(String filter, int maxSize, int timeLimt) + throws EBaseException; + + /** + * Deletes a key record. + * + * @param serialno key identifier + * @exception EBaseException failed to delete key record + */ + public void deleteKeyRecord(BigInteger serialno) + throws EBaseException; + + /** + * Modifies key record in this repository. + * + * @param serialNo key identifier + * @param mods modification of key records + * @exception EBaseException failed to modify key record + */ + public void modifyKeyRecord(BigInteger serialNo, + ModificationSet mods) throws EBaseException; + + /** + * Searchs for a list of key records. + * Here is a list of supported filter attributes: + * <pre> + * keySerialNumber + * keyState + * algorithm + * keySize + * keyOwnerName + * privateKey + * publicKey + * dateOfRecovery + * keyCreateTime + * keyModifyTime + * keyMetaInfo + * </pre> + * + * @param filter search filter + * @param attrs list of attributes to be returned + * @param pageSize virtual list page size + * @return list of key records + * @exception EBaseException failed to search key records + */ + public IKeyRecordList findKeyRecordsInList(String filter, + String attrs[], int pageSize) throws EBaseException; + + /** + * Searchs for a list of key records. + * + * @param filter search filter + * @param attrs list of attributes to be returned + * @param sortKey name of attribute that the list should be sorted by + * @param pageSize virtual list page size + * @return list of key records + * @exception EBaseException failed to search key records + */ + public IKeyRecordList findKeyRecordsInList(String filter, + String attrs[], String sortKey, int pageSize) + throws EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/keydb/KeyState.java b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/KeyState.java new file mode 100644 index 000000000..a6b7fa031 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/KeyState.java @@ -0,0 +1,102 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs.keydb; + + +import java.util.*; +import java.io.*; +import netscape.security.x509.*; +import com.netscape.certsrv.base.*; + + +/** + * A class represents key state. This object is to + * encapsulate the life cycle of a key. + * <P> + * + * @version $Revision$, $Date$ + */ +public final class KeyState implements Serializable { + + private int mStateCode; + + /** + * Constructs a key state. + */ + private KeyState(int code) { + mStateCode = code; + } + + /** + * Request state. + */ + public final static KeyState ANY = new KeyState(-1); + public final static KeyState VALID = new KeyState(0); + public final static KeyState INVALID = new KeyState(1); + + /** + * Checks if the given object equals to this object. + * + * @param other object to be compared + * @return true if both objects are the same + */ + public boolean equals(Object other) { + if (this == other) + return true; + else if (other instanceof KeyState) + return ((KeyState) other).mStateCode == mStateCode; + else + return false; + } + + /** + * Returns the hash code. + * + * @return hash code + */ + public int hashCode() { + return mStateCode; + } + + /** + * Return the string-representation of this object. + * + * @return string value + */ + public String toString() { + if (mStateCode == -1) return "ANY"; + if (mStateCode == 0) return "VALID"; + if (mStateCode == 1) return "INVAILD"; + return "[UNDEFINED]"; + + } + + /** + * Converts a string into a key state object. + * + * @param state state in string-representation + * @return key state object + */ + public static KeyState toKeyState(String state) { + if (state.equalsIgnoreCase("ANY")) return ANY; + if (state.equalsIgnoreCase("VALID")) return VALID; + if (state.equalsIgnoreCase("INVALID")) return INVALID; + return null; + } +} + diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/replicadb/IReplicaIDRepository.java b/pki/base/common/src/com/netscape/certsrv/dbs/replicadb/IReplicaIDRepository.java new file mode 100644 index 000000000..e92d13a16 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/replicadb/IReplicaIDRepository.java @@ -0,0 +1,32 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs.replicadb; + +import com.netscape.certsrv.dbs.*; +import com.netscape.certsrv.dbs.repository.*; + + +/** + * An interface represents a ReplicaID Repository. + * It provides unique managed replica IDs. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IReplicaIDRepository extends IRepository { +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepository.java b/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepository.java new file mode 100644 index 000000000..7ee01b3f1 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepository.java @@ -0,0 +1,92 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs.repository; + +import java.util.*; +import java.io.*; +import java.math.*; +import netscape.ldap.*; +import netscape.security.x509.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.dbs.*; + +/** + * An interface represents a generic repository. It maintains unique + * serial number within repository. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IRepository { + + /** + * Retrieves the next serial number, and also increase the + * serial number by one. + * + * @return serial number + * @exception EBaseException failed to retrieve next serial number + */ + public BigInteger getNextSerialNumber() throws EBaseException; + + /** + * Resets serial number. + */ + public void resetSerialNumber(BigInteger serial) throws EBaseException; + + /** + * Retrieves the next serial number without increasing the serial number. + * + * @return serial number + * @exception EBaseException failed to retrieve next serial number + */ + public BigInteger getTheSerialNumber() throws EBaseException; + + /** + * Set the maximum serial number. + * + * @param serial maximum number + * @exception EBaseException failed to set maximum serial number + */ + public void setMaxSerial (String serial) throws EBaseException; + + /** + * Set the maximum serial number in next range. + * + * @param serial maximum number + * @exception EBaseException failed to set maximum serial number in next range + */ + public void setNextMaxSerial(String serial) throws EBaseException; + + /** + * Checks to see if a new range is needed, or if we have reached the end of the + * current range, or if a range conflict has occurred. + * + * @exception EBaseException failed to check next range for conflicts + */ + public void checkRanges() throws EBaseException; + + /** + * Sets whether serial number management is enabled for certs + * and requests. + * + * @param value true/false + * @exception EBaseException failed to set + */ + public void setEnableSerialMgmt(boolean value) throws EBaseException; + +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepositoryRecord.java b/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepositoryRecord.java new file mode 100644 index 000000000..5e6db669f --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepositoryRecord.java @@ -0,0 +1,49 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs.repository; + +import java.util.*; +import java.io.*; +import java.math.*; +import netscape.ldap.*; +import netscape.security.x509.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.logging.*; +import com.netscape.certsrv.dbs.*; + +/** + * An interface represents a generic repository record. + * It maintains unique serial number within repository. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IRepositoryRecord extends IDBObj { + + public final static String ATTR_SERIALNO = "serialNo"; + public final static String ATTR_PUB_STATUS = "publishingStatus"; + + /** + * Retrieves serial number. + * + * @return serial number + */ + public BigInteger getSerialNumber(); + + public String getPublishingStatus(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/evaluators/IAccessEvaluator.java b/pki/base/common/src/com/netscape/certsrv/evaluators/IAccessEvaluator.java new file mode 100644 index 000000000..5764f4005 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/evaluators/IAccessEvaluator.java @@ -0,0 +1,89 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.evaluators; + + +import java.util.*; +import java.security.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.authentication.*; + + +/** + * A class represents an evaluator. An evaluator is used to + * evaluate an expression. For example, one can write an evaluator to + * evaluate if a user belongs to a certain group. An evaluator is + * generally used for access control expression evaluation, however, it + * can be used for other evaluation-related operations. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IAccessEvaluator { + + /** + * Initialize the evaluator + */ + public void init(); + + /** + * Gets the type of the evaluator. Type is defined by each + * evaluator plugin. Each evaluator plugin should have a unique type. + * @return type of the evaluator + */ + public String getType(); + + /** + * Gets the description of the evaluator + * @return a text description for this evaluator + */ + public String getDescription(); + + /** + * Evaluates if the given value satisfies the access + * control in current context. + * @param type Type of the evaluator, eg, user, group etc + * @param op Operator of the evaluator, eg, =, != + * @param value Part of the expression that can be used to + * evaluate, e.g, value can be the name of the group if the + * purpose of the evaluator is to evaluate if the user is a member + * of the group. + * @return true if the evaluation expression is matched; false otherwise. + */ + public boolean evaluate(String type, String op, String value); + + /** + * Evaluates if the given value satisfies the access + * control in authToken obtained from Authentication. + * @param authToken Authentication token + * @param type Type of the evaluator, eg, user, group etc + * @param op Operator of the evaluator, eg, =, != + * @param value Part of the expression that can be used to + * evaluate, e.g, value can be the name of the group if the + * purpose of the evaluator is to evaluate if the user is a member + * of the group. + * @return true if the evaluation expression is matched; false otherwise. + */ + public boolean evaluate(IAuthToken authToken, String type, String op, String value); + + /** + * Get the supported operators for this evaluator + * @return Supported operators in string array + */ + public String[] getSupportedOperators(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/extensions/EExtensionsException.java b/pki/base/common/src/com/netscape/certsrv/extensions/EExtensionsException.java new file mode 100644 index 000000000..297b44262 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/extensions/EExtensionsException.java @@ -0,0 +1,57 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.extensions; + + +import java.util.*; +import com.netscape.certsrv.base.*; + + +/** + * This represents the extensions exception. + * + * @version $Revision$, $Date$ + */ +public class EExtensionsException extends EBaseException { + + /** + * Resource class name. + */ + private static final String EXTENSIONS_RESOURCES = + ExtensionsResources.class.getName(); + + public EExtensionsException(String msgFormat) { + super(msgFormat); + } + + public EExtensionsException(String msgFormat, String param) { + super(msgFormat, param); + } + + public EExtensionsException(String msgFormat, Exception e) { + super(msgFormat, e); + } + + public EExtensionsException(String msgFormat, Object params[]) { + super(msgFormat, params); + } + + protected String getBundleName() { + return EXTENSIONS_RESOURCES; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/extensions/ExtensionsResources.java b/pki/base/common/src/com/netscape/certsrv/extensions/ExtensionsResources.java new file mode 100644 index 000000000..b50638ddc --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/extensions/ExtensionsResources.java @@ -0,0 +1,36 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.extensions; + + +import java.util.*; + + +/** + * This represents the resources for extensions. + * + * @version $Revision$, $Date$ + */ +public class ExtensionsResources extends ListResourceBundle { + + public Object[][] getContents() { + return contents; + } + + static final Object[][] contents = {}; +} diff --git a/pki/base/common/src/com/netscape/certsrv/extensions/ICMSExtension.java b/pki/base/common/src/com/netscape/certsrv/extensions/ICMSExtension.java new file mode 100644 index 000000000..55f348b11 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/extensions/ICMSExtension.java @@ -0,0 +1,77 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.extensions; + + +import java.util.Locale; +import java.util.Vector; + +import com.netscape.certsrv.base.ISubsystem; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.IArgBlock; + +import netscape.security.x509.Extension; +import netscape.security.util.ObjectIdentifier; + + +/** + * CMS extension interface, for creating extensions from http input and + * displaying extensions to html forms. + * + * @version $Revision$, $Date$ + */ +public interface ICMSExtension { + public static String EXT_IS_CRITICAL = "isCritical"; + + public static String EXT_PREFIX = "ext_"; + + /** + * initialize from configuration file + */ + public void init(ISubsystem owner, IConfigStore config) + throws EBaseException; + + /** + * Get name of this extension. + * @return the name of this CMS extension, for + */ + public String getName(); + + /** + * Get object identifier associated with this extension. + */ + public ObjectIdentifier getOID(); + + /** + * Get an instance of the extension given http input. + * @return an instance of the extension. + */ + public Extension getExtension(IArgBlock argblock) + throws EBaseException; + + /** + * Get Javascript name value pairs to put into the request processing + * template. + * @return name value pairs + */ + public IArgBlock getFormParams(Extension extension) + throws EBaseException; + +} + diff --git a/pki/base/common/src/com/netscape/certsrv/jobs/EJobsException.java b/pki/base/common/src/com/netscape/certsrv/jobs/EJobsException.java new file mode 100644 index 000000000..37528c603 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/jobs/EJobsException.java @@ -0,0 +1,77 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.jobs; + + +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.logging.*; + + +/** + * A class represents a jobs exception. + * <P> + * + * @version $Revision$, $Date$ + */ +public class EJobsException extends EBaseException { + + /** + * Identity resource class name. + */ + private static final String JOBS_RESOURCES = JobsResources.class.getName(); + + /** + * Constructs a Job Scheduler exception + * <P> + */ + public EJobsException(String msgFormat) { + super(msgFormat); + } + + /** + * Constructs a Identity exception. + * <P> + */ + public EJobsException(String msgFormat, String param) { + super(msgFormat, param); + } + + /** + * Constructs a Identity exception. + * <P> + */ + public EJobsException(String msgFormat, Exception e) { + super(msgFormat, e); + } + + /** + * Constructs a Identity exception. + * <P> + */ + public EJobsException(String msgFormat, Object params[]) { + super(msgFormat, params); + } + + /** + * Retrieves bundle name. + */ + protected String getBundleName() { + return JOBS_RESOURCES; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/jobs/IJob.java b/pki/base/common/src/com/netscape/certsrv/jobs/IJob.java new file mode 100644 index 000000000..410629982 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/jobs/IJob.java @@ -0,0 +1,87 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.jobs; + + +import com.netscape.certsrv.base.*; + + +/** + * An interface to be implemented from for a job to be scheduled by + * the Jobs Scheduler. + * + * @version $Revision$, $Date$ + */ +public interface IJob { + + /** + * Initialize from the configuration file. + * @param id String name of this instance + * @param implName string name of this implementation + * @param config configuration store for this instance + * @exception EBaseException any initilization failure + */ + public void init(ISubsystem owner, String id, String implName, + IConfigStore config) throws EBaseException; + + /** + * tells if the job is enabled + * @return a boolean value indicating whether the job is enabled + * or not + */ + public boolean isEnabled(); + + /** + * set instance id. + * @param id String id of the instance + */ + public void setId(String id); + + /** + * get instance id. + * @return a String identifier + */ + public String getId(); + + /** + * get cron string associated with this job + * @return a JobCron object that represents the schedule of this job + */ + public IJobCron getJobCron(); + + /** + * Returns a list of configuration parameter names. + * The list is passed to the configuration console so instances of + * this implementation can be configured through the console. + * + * @return String array of configuration parameter names. + */ + public String[] getConfigParams(); + + /** + * gets the plugin name of this job. + * @return a String that is the name of this implementation + */ + public String getImplName(); + + /** + * Gets the configuration substore used by this job + * @return configuration store + */ + public IConfigStore getConfigStore(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/jobs/IJobCron.java b/pki/base/common/src/com/netscape/certsrv/jobs/IJobCron.java new file mode 100644 index 000000000..9e6d2b4de --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/jobs/IJobCron.java @@ -0,0 +1,55 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.jobs; + + +import com.netscape.certsrv.logging.*; +import com.netscape.certsrv.base.*; + +import java.util.*; +import java.lang.*; + + +/** + * class representing one Job cron information + * <p>here, an "item" refers to one of the 5 fields in a cron string; + * "element" refers to any comma-deliminated element in an + * "item"...which includes both numbers and '-' separated ranges. + * A cron string in the configuration takes the following format: + * <i>minute (0-59), + * hour (0-23), + * day of the month (1-31), + * month of the year (1-12), + * day of the week (0-6 with 0=Sunday)</i> + * <p> + * e.g. jobsScheduler.job.rnJob1.cron=30 11,23 * * 1-5 + * In this example, the job "rnJob1" will be executed from Monday + * through Friday, at 11:30am and 11:30pm. + * <p> + * + * @version $Revision$, $Date$ + */ +public interface IJobCron { + /** + * constant that represents the configuration parameter + * "cron" for the job that this JobCron is associated with. The + * value of which should conform to the cron format specified above. + */ + public static final String PROP_CRON = "cron"; + +} diff --git a/pki/base/common/src/com/netscape/certsrv/jobs/IJobsScheduler.java b/pki/base/common/src/com/netscape/certsrv/jobs/IJobsScheduler.java new file mode 100644 index 000000000..d30ccbf35 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/jobs/IJobsScheduler.java @@ -0,0 +1,160 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.jobs; + + +import java.util.*; +import com.netscape.certsrv.base.*; + + +/** + * An interface that represents the job scheduler component. A JobScheduler + * is a daemon thread that handles scheduled jobs like cron would + * do with different jobs. This daemon wakes up at a pre-configured + * interval to see + * if there is any job to be done, if so, a thread is created to execute + * the job(s). + * <p> + * The interval <b>jobsScheduler.interval</b> in the configuration is + * specified as number of minutes. If not set, the default is 1 minute. + * Note that the cron specification for each job CAN NOT be finer than + * the granularity of the Scheduler daemon interval. For example, if + * the daemon interval is set to 5 minute, a job cron for every minute + * at 7am on each Tuesday (e.g. * 7 * * 2) will result in the + * execution of the job thread only once every 5 minutes during that + * hour. <b>The inteval value is recommended at 1 minute, setting it + * otherwise has the potential of forever missing the beat</b>. Use + * with caution. + * + * @version $Revision$, $Date$ + */ +public interface IJobsScheduler extends ISubsystem { + /** + * The ID of this component + */ + public final static String ID = "jobsScheduler"; + + /** + * constant that represents the configuration parameter + * "enabled" for this component in CMS.cfg. The value of which + * tells CMS whether the JobsScheduler is enabled or not + */ + public static final String PROP_ENABLED = "enabled"; + + /** + * constant that represents the configuration parameter + * "interval" for this component in CMS.cfg. The value of which + * tells CMS the interval that the JobsScheduler thread should + * wake up and look for jobs to execute + */ + public static final String PROP_INTERVAL = "interval"; + + /** + * constant that represents the configuration parameter + * "class" for this component in CMS.cfg. The values of which are + * the actual implementation classes + */ + public static final String PROP_CLASS = "class"; + + /** + * constant that represents the configuration parameter + * "job" for this component in CMS.cfg. The values of which gives + * configuration information specific to one single job instance. + * There may be multiple jobs served by the jobsScheduler + */ + public static final String PROP_JOB = "job"; + + /** + * constant that represents the configuration parameter + * "impl" for this component in CMS.cfg. The values of which are + * actual plugin implementation(s) + */ + public static final String PROP_IMPL = "impl"; + + /** + * constant that represents the configuration parameter + * "pluginName" for this component in CMS.cfg. The value of which + * gives the pluginName for the job it associates with + */ + public static final String PROP_PLUGIN = "pluginName"; + + /** + * Retrieves all the job implementations. + * @return a Hashtable of available job plugin implementations + */ + public Hashtable getPlugins(); + + /** + * Retrieves all the job instances. + * @return a Hashtable of job instances + */ + public Hashtable getInstances(); + + /** + * Retrieves the configuration parameters of the given + * implementation. It is used to return to the Console for + * configuration + * @param implName the pulubin implementation name + * @return a String array of required configuration parameters of + * the given implementation. + * @exception EJobsException when job plugin implementation can + * not be found, instantiation is impossible, permission problem + * with the class. + */ + public String[] getConfigParams(String implName) + throws EJobsException; + + /** + * Writes a message to the system log. + * @param level an integer representing the log message level. + * Depending on the configuration set by the administrator, this + * value is a determining factor for whether this message will be + * actually logged or not. The lower the level, the higher the + * priority, and the higher chance it will be logged. + * @param msg the message to be written. Ideally should call + * CMS.getLogMessage() to get the localizable message + * from the log properties file. + */ + public void log(int level, String msg); + + /** + * Sets daemon's wakeup interval. + * @param minutes time in minutes that is to be the frequency of + * JobsScheduler wakeup call. + */ + public void setInterval(int minutes); + + /** + * Starts up the JobsScheduler daemon. Usually called from the + * initialization method when it's successfully initialized. + */ + public void startDaemon(); + + /** + * Creates a job cron. Each job is associated with a "cron" which + * specifies the rule of frequency that this job should be + * executed (e.g. every Sunday at midnight). This method is + * called by each job at initialization time. + * @param cs the string that represents the cron. See IJobCron + * for detail of the format. + * @return IJobCron an IJobCron + * @exception EBaseException when the cron string, cs, can not be + * parsed correctly + */ + public IJobCron createJobCron(String cs) throws EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/jobs/JobPlugin.java b/pki/base/common/src/com/netscape/certsrv/jobs/JobPlugin.java new file mode 100644 index 000000000..d610ee909 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/jobs/JobPlugin.java @@ -0,0 +1,75 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.jobs; + + +import com.netscape.certsrv.base.*; +import java.util.*; +import java.lang.*; + + +/** + * This class represents a job plugin registered with the + * JobScheduler. A Job plugin can be instantiated into a Job instance + * and scheduled by the JobScheduler to run at a scheduled interval + * <P> + * + * @version $Revision$, $Date$ + */ +public class JobPlugin { + /** + * The plugin name of this job + */ + protected String mId = null; + /** + * The Java class name of this job plugin. + * e.g. com.netscape.cms.RenewalNotificationJob + */ + protected String mClassPath = null; + + /* + * Seems to be unused, should be removed + */ + // protected Class mClass = null; + + /** + * Constructor for a Job plugin. + * @param id job plugin name + * @param classPath the Java class name of this job plugin + */ + public JobPlugin(String id, String classPath) { + mId = id; + mClassPath = classPath; + } + + /** + * get the job plugin name + * @return the name of this job plugin + */ + public String getId() { + return mId; + } + + /** + * get the Java class name + * @return the Java class name of this plugin + */ + public String getClassPath() { + return mClassPath; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/jobs/JobsResources.java b/pki/base/common/src/com/netscape/certsrv/jobs/JobsResources.java new file mode 100644 index 000000000..00c057902 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/jobs/JobsResources.java @@ -0,0 +1,45 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.jobs; + + +import java.util.*; + + +/** + * A class represents a resource bundle for the + * Jobs package + * + * @version $Revision$, $Date$ + */ +public class JobsResources extends ListResourceBundle { + + /** + * Returns the content of this resource. + */ + public Object[][] getContents() { + return contents; + } + + /** + * Constants. The suffix represents the number of + * possible parameters. + */ + + static final Object[][] contents = {}; +} diff --git a/pki/base/common/src/com/netscape/certsrv/kra/EKRAException.java b/pki/base/common/src/com/netscape/certsrv/kra/EKRAException.java new file mode 100644 index 000000000..7992d5fb0 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/kra/EKRAException.java @@ -0,0 +1,88 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.kra; + + +import java.util.*; +import com.netscape.certsrv.base.*; + + +/** + * A class represents a KRA exception. This is the base + * exception for all the KRA specific exceptions. It is + * associated with <CODE>KRAResources</CODE>. + * <P> + * + * @version $Revision$, $Date$ + */ +public class EKRAException extends EBaseException { + + /** + * KRA resource class name. + * <P> + */ + private static final String KRA_RESOURCES = KRAResources.class.getName(); + + /** + * Constructs a KRA exception. + * <P> + * @param msgFormat constant from KRAResources. + */ + public EKRAException(String msgFormat) { + super(msgFormat); + } + + /** + * Constructs a KRA exception. + * <P> + * @param msgFormat constant from KRAResources. + * @param param additional parameters to the message. + */ + public EKRAException(String msgFormat, String param) { + super(msgFormat, param); + } + + /** + * Constructs a KRA exception. + * <P> + * @param msgFormat constant from KRAResources. + * @param e embedded exception. + */ + public EKRAException(String msgFormat, Exception e) { + super(msgFormat, e); + } + + /** + * Constructs a KRA exception. + * <P> + * @param msgFormat constant from KRAResources. + * @param params additional parameters to the message. + */ + public EKRAException(String msgFormat, Object params[]) { + super(msgFormat, params); + } + + /** + * Returns the bundle file name. + * <P> + * @return name of bundle class associated with this exception. + */ + protected String getBundleName() { + return KRA_RESOURCES; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/kra/IJoinShares.java b/pki/base/common/src/com/netscape/certsrv/kra/IJoinShares.java new file mode 100644 index 000000000..e130b95c2 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/kra/IJoinShares.java @@ -0,0 +1,33 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.kra; + +/** + * Use Java's reflection API to leverage CMS's + * old Share and JoinShares implementations. + * + * @deprecated + * @version $Revision$ $Date$ + */ +public interface IJoinShares { + + public void initialize(int threshold) throws Exception; + public void addShare(int shareNum, byte[] share); + public int getShareCount(); + public byte[] recoverSecret(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/kra/IKeyRecoveryAuthority.java b/pki/base/common/src/com/netscape/certsrv/kra/IKeyRecoveryAuthority.java new file mode 100644 index 000000000..b2d02f2a3 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/kra/IKeyRecoveryAuthority.java @@ -0,0 +1,319 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.kra; + + +import java.util.*; +import java.io.*; +import java.net.*; +import java.security.*; +import java.math.*; +import netscape.security.x509.*; +import com.netscape.certsrv.logging.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.dbs.*; +import com.netscape.certsrv.dbs.keydb.*; +import com.netscape.certsrv.dbs.replicadb.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.policy.*; +import com.netscape.certsrv.security.*; +import org.mozilla.jss.crypto.*; + + +/** + * An interface represents key recovery authority. The + * key recovery authority is responsibile for archiving + * and recovering user encryption private keys. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IKeyRecoveryAuthority extends ISubsystem { + + public static final String ID = "kra"; + + public final static String PROP_NAME = "name"; + public final static String PROP_HTTP = "http"; + public final static String PROP_POLICY = "policy"; + public final static String PROP_DBS = "dbs"; + public final static String PROP_TOKEN = "token"; + public final static String PROP_SHARE = "share"; + public final static String PROP_PROTECTOR = "protector"; + public final static String PROP_LOGGING = "logging"; + public final static String PROP_QUEUE_REQUESTS = "queueRequests"; + public final static String PROP_STORAGE_KEY = "storageUnit"; + public final static String PROP_TRANSPORT_KEY = "transportUnit"; + public static final String PROP_NEW_NICKNAME = "newNickname"; + public static final String PROP_KEYDB_INC = "keydbInc"; + + public final static String PROP_NOTIFY_SUBSTORE = "notification"; + public final static String PROP_REQ_IN_Q_SUBSTORE = "requestInQ"; + + /** + * Returns the name of this subsystem. + * <P> + * + * @return KRA name + */ + public X500Name getX500Name(); + + /** + * Retrieves KRA request repository. + * <P> + * + * @return request repository + */ + public IRequestQueue getRequestQueue(); + + /** + * Retrieves the key repository. The key repository + * stores archived keys. + * <P> + */ + public IKeyRepository getKeyRepository(); + + /** + * Retrieves the Replica ID repository. + * + * @return KRA's Replica ID repository + */ + public IReplicaIDRepository getReplicaRepository(); + + /** + * Enables the auto recovery state. Once KRA is in the auto + * recovery state, no recovery agents need to be present for + * providing credentials. This feature is for enabling + * user-based recovery operation. + * <p> + * + * @param cs list of agent credentials + * @param on true if auto recovery state is on + * @return current auto recovery state + */ + public boolean setAutoRecoveryState(Credential cs[], boolean on); + + /** + * Returns the current auto recovery state. + * + * @return true if auto recvoery state is on + */ + public boolean getAutoRecoveryState(); + + /** + * Adds credentials to the given authorizated recovery operation. + * In distributed recovery mode, recovery agent login to the + * agent interface and submit its credential for a particular + * recovery operation. + * + * @param id authorization identifier + * @param creds list of credentials + */ + public void addAutoRecovery(String id, Credential creds[]); + + /** + * Removes a particular auto recovery operation. + * + * @param id authorization identifier + */ + public void removeAutoRecovery(String id); + + /** + * Returns the number of required agents. In M-out-of-N + * recovery schema, only M agents are required even there + * are N agents. This method returns M. + * + * @return number of required agents + */ + public int getNoOfRequiredAgents() throws EBaseException; + + /** + * Sets the number of required recovery agents + * + * @param number number of agents + */ + public void setNoOfRequiredAgents(int number) throws EBaseException; + + /** + * Returns the current recovery identifier. + * + * @return recovery identifier + */ + public String getRecoveryID(); + + /** + * Returns a list of recovery identifiers. + * + * @return list of auto recovery identifiers + */ + public Enumeration getAutoRecoveryIDs(); + + /** + * Returns the storage key unit that manages the + * stoarge key. + * + * @return storage key unit + */ + public IStorageKeyUnit getStorageKeyUnit(); + + /** + * Returns the transport key unit that manages the + * transport key. + * + * @return transport key unit + */ + public ITransportKeyUnit getTransportKeyUnit(); + + /** + * Returns the token that generates user key pairs for supporting server-side keygen + * + * @return keygen token + */ + public CryptoToken getKeygenToken(); + + /** + * Adds entropy to the token used for supporting server-side keygen + * Parameters are set in the config file + * @param logflag create log messages at info level to report entropy shortage + */ + public void addEntropy(boolean logflag); + + + /** + * Returns the request listener that listens on + * the request completion event. + * + * @return request listener + */ + public IRequestListener getRequestInQListener(); + + /** + * Returns policy processor of the key recovery + * authority. + * + * @return policy processor + */ + public IPolicyProcessor getPolicyProcessor(); + + /** + * Returns the nickname of the transport certificate. + * + * @return transport certificate nickname. + */ + public String getNickname(); + + /** + * Sets the nickname of the transport certificate. + * + * @param str nickname + */ + public void setNickname(String str); + + /** + * Returns the new nickname of the transport certifiate. + * + * @return new nickname + */ + public String getNewNickName() throws EBaseException; + + /** + * Sets the new nickname of the transport certifiate. + * + * @param name new nickname + */ + public void setNewNickName(String name); + + /** + * Logs event into key recovery authority logging. + * + * @param level log level + * @param msg log message + */ + public void log(int level, String msg); + + /** + * Creates a request object to store attributes that + * will not be serialized. Currently, request queue + * framework will try to serialize all the attribute into + * persistent storage. Things like passwords are not + * desirable to be stored. + * + * @param id request id + * @return volatile requests + */ + public Hashtable createVolatileRequest(RequestId id); + + /** + * Retrieves the request object. + * + * @param id request id + * @return volatile requests + */ + public Hashtable getVolatileRequest(RequestId id); + + /** + * Destroys the request object. + * + * @param id request id + */ + public void destroyVolatileRequest(RequestId id); + + public Vector getAppAgents( + String recoveryID) throws EBaseException; + + /** + * Creates error for a specific recovery operation. + * + * @param recoveryID recovery id + * @param error error + * @exception EBaseException failed to create error + */ + public void createError(String recoveryID, String error) + throws EBaseException; + + /** + * Retrieves error by recovery identifier. + * + * @param recoveryID recovery id + * @return error message + */ + public String getError(String recoveryID) + throws EBaseException; + + /** + * Retrieves PKCS12 package by recovery identifier. + * + * @param recoveryID recovery id + * @return pkcs12 package in bytes + */ + public byte[] getPk12(String recoveryID) + throws EBaseException; + + /** + * Creates PKCS12 package in memory. + * + * @param recoveryID recovery id + * @param pk12 package in bytes + */ + public void createPk12(String recoveryID, byte[] pk12) + throws EBaseException; + + /** + * Retrieves the transport certificate. + */ + public org.mozilla.jss.crypto.X509Certificate getTransportCert(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/kra/IKeyService.java b/pki/base/common/src/com/netscape/certsrv/kra/IKeyService.java new file mode 100644 index 000000000..5fe5a4025 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/kra/IKeyService.java @@ -0,0 +1,177 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.kra; + + +import java.math.BigInteger; +import java.util.Hashtable; +import java.security.cert.X509Certificate; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.security.*; +import netscape.security.x509.X509CertImpl; + + +/** + * An interface representing a recovery service. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IKeyService { + + /** + * Retrieves number of agent required to perform + * key recovery operation. + * + * @return number of required recovery agents + * @exception EBaseException failed to retrieve value + */ + public int getNoOfRequiredAgents() throws EBaseException; + + /** + * is async recovery request status APPROVED - + * i.e. all required # of recovery agents approved + * @param reqID request id + * @return true if # of recovery required agents approved; false otherwise + */ + public boolean isApprovedAsyncKeyRecovery(String reqID) + throws EBaseException; + + /** + * get async recovery request initiating agent + * @param reqID request id + * @return agentUID + */ + public String getInitAgentAsyncKeyRecovery(String reqID) + throws EBaseException; + + /** + * Initiate asynchronous key recovery + * @param kid key identifier + * @param cert certificate embedded in PKCS12 + * @return requestId + * @exception EBaseException failed to initiate async recovery + */ + public String initAsyncKeyRecovery(BigInteger kid, X509CertImpl cert, String agent) + throws EBaseException; + + /** + * add approving agent in asynchronous key recovery + * @param reqID request id + * @param agentID agent id + * @exception EBaseException failed to initiate async recovery + */ + public void addAgentAsyncKeyRecovery(String reqID, String agentID) + throws EBaseException; + + /** + * Performs administrator-initiated key recovery. + * + * @param kid key identifier + * @param creds list of credentials (id and password) + * @param pwd password to protect PKCS12 + * @param cert certificate embedded in PKCS12 + * @param delivery delivery mechanism + * @return pkcs12 + * @exception EBaseException failed to perform recovery + */ + public byte[] doKeyRecovery(BigInteger kid, + Credential creds[], String pwd, X509CertImpl cert, + String delivery, String nickname, String agent) throws EBaseException; + + /** + * Async Recovers key for administrators. This method is + * invoked by the agent operation of the key recovery servlet. + * <P> + * + * <ul> + * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST used whenever + * a user private key recovery request is made (this is when the DRM + * receives the request) + * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED used whenever + * a user private key recovery request is processed (this is when the DRM + * processes the request) + * </ul> + * @param reqID request id + * @param password password of the PKCS12 package + * subsystem + * @exception EBaseException failed to recover key + * @return a byte array containing the key + */ + public byte[] doKeyRecovery( + String reqID, + String password) + throws EBaseException; + + /** + * Retrieves recovery identifier. + * + * @return recovery id + */ + public String getRecoveryID(); + + /** + * Creates recovery parameters for the given recovery operation. + * + * @param recoveryID recovery id + * @return recovery parameters + * @exception EBaseException failed to create + */ + public Hashtable createRecoveryParams(String recoveryID) + throws EBaseException; + + /** + * Destroys recovery parameters for the given recovery operation. + * + * @param recoveryID recovery id + * @exception EBaseException failed to destroy + */ + public void destroyRecoveryParams(String recoveryID) + throws EBaseException; + + /** + * Retrieves recovery parameters for the given recovery operation. + * + * @param recoveryID recovery id + * @return recovery parameters + * @exception EBaseException failed to retrieve + */ + public Hashtable getRecoveryParams(String recoveryID) + throws EBaseException; + + /** + * Adds password in the distributed recovery operation. + * + * @param recoveryID recovery id + * @param uid agent uid + * @param pwd agent password + * @exception EBaseException failed to add + */ + public void addDistributedCredential(String recoveryID, + String uid, String pwd) throws EBaseException; + + /** + * Retrieves credentials in the distributed recovery operation. + * + * @param recoveryID recovery id + * @return agent's credentials + * @exception EBaseException failed to retrieve + */ + public Credential[] getDistributedCredentials(String recoveryID) + throws EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/kra/IProofOfArchival.java b/pki/base/common/src/com/netscape/certsrv/kra/IProofOfArchival.java new file mode 100644 index 000000000..571380eaf --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/kra/IProofOfArchival.java @@ -0,0 +1,87 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.kra; + + +import java.io.*; +import java.math.*; +import java.util.*; +import java.security.*; +import netscape.security.util.*; +import netscape.security.pkcs.*; +import netscape.security.x509.*; +import com.netscape.certsrv.base.*; + + +/** + * An interface represents a proof of archival. + * <P> + * Here is the ASN1 definition of a proof of escrow: + * <PRE> + * ProofOfArchival ::= SIGNED { + * SEQUENCE { + * version [0] Version DEFAULT v1, + * serialNumber INTEGER, + * subjectName Name, + * issuerName Name, + * dateOfArchival Time, + * extensions [1] Extensions OPTIONAL + * } + * } + * </PRE> + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IProofOfArchival { + + /** + * Retrieves version of this proof. + * + * @return version + */ + public BigInteger getVersion(); + + /** + * Retrieves the serial number. + * + * @return serial number + */ + public BigInteger getSerialNumber(); + + /** + * Retrieves the subject name. + * + * @return subject name + */ + public String getSubjectName(); + + /** + * Retrieves the issuer name. + * + * @return issuer name + */ + public String getIssuerName(); + + /** + * Returns the beginning of the escrowed perioid. + * + * @return date of archival + */ + public Date getDateOfArchival(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/kra/IShare.java b/pki/base/common/src/com/netscape/certsrv/kra/IShare.java new file mode 100644 index 000000000..c4d58f0a0 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/kra/IShare.java @@ -0,0 +1,32 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.kra; + +/** + * Use Java's reflection API to leverage CMS's + * old Share and JoinShares implementations. + * + * @deprecated + * @version $Revision$ $Date$ + */ +public interface IShare { + + public void initialize(byte[] secret, int threshold) throws Exception; + public byte[] createShare(int sharenumber); + +} diff --git a/pki/base/common/src/com/netscape/certsrv/kra/KRAResources.java b/pki/base/common/src/com/netscape/certsrv/kra/KRAResources.java new file mode 100644 index 000000000..74f66992b --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/kra/KRAResources.java @@ -0,0 +1,41 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.kra; + + +import java.util.*; + + +/** + * A class represents a resource bundle for KRA subsystem. + * <P> + * + * @version $Revision$, $Date$ + */ +public class KRAResources extends ListResourceBundle { + + /** + * Returns the content of this resource. + */ + public Object[][] getContents() { + return contents; + } + + static final Object[][] contents = { + }; +} diff --git a/pki/base/common/src/com/netscape/certsrv/kra/ProofOfArchival.java b/pki/base/common/src/com/netscape/certsrv/kra/ProofOfArchival.java new file mode 100644 index 000000000..5fe06f921 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/kra/ProofOfArchival.java @@ -0,0 +1,440 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.kra; + + +import java.io.*; +import java.math.*; +import java.util.*; +import java.security.*; +import netscape.security.util.*; +import netscape.security.pkcs.*; +import netscape.security.x509.*; +//import com.netscape.cmscore.util.*; +import com.netscape.certsrv.apps.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.dbs.*; + + +/** + * A class represents a proof of escrow. It indicates a key + * pairs have been escrowed by appropriate authority. The + * structure of this object is very similar (if not exact) to + * X.509 certificate. A proof of escrow is signed by an escrow + * authority. It is possible to have a CMS policy to reject + * the certificate issuance request if proof of escrow is not + * presented. + * <P> + * Here is the ASN1 definition of a proof of escrow: + * <PRE> + * ProofOfEscrow ::= SIGNED { + * SEQUENCE { + * version [0] Version DEFAULT v1, + * serialNumber INTEGER, + * subjectName Name, + * issuerName Name, + * dateOfArchival Time, + * extensions [1] Extensions OPTIONAL + * } + * } + * </PRE> + * <P> + * + * @author thomask + * @version $Revision$, $Date$ + */ +public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable { + + /** + * Constants + */ + public static final BigInteger DEFAULT_VERSION = new BigInteger("1"); + + public static final String ATTR_VERSION = "pofVersion"; + public static final String ATTR_SERIALNO = "pofSerialNo"; + public static final String ATTR_SUBJECT = "pofSubject"; + public static final String ATTR_ISSUER = "pofIssuer"; + public static final String ATTR_DATE_OF_ARCHIVAL = "pofDateOfArchival"; + + protected BigInteger mSerialNo = null; + protected BigInteger mVersion = null; + protected String mSubject = null; + protected String mIssuer = null; + protected Date mDateOfArchival = null; + + protected static Vector mNames = new Vector(); + static { + mNames.addElement(ATTR_VERSION); + mNames.addElement(ATTR_SERIALNO); + mNames.addElement(ATTR_SUBJECT); + mNames.addElement(ATTR_ISSUER); + mNames.addElement(ATTR_DATE_OF_ARCHIVAL); + } + + /** + * Constructs a proof of escrow. + * <P> + * @param serialNo serial number of proof + * @param subject subject name + * @param issuer issuer name + * @param dateOfArchival date of archival + */ + public ProofOfArchival(BigInteger serialNo, String subject, + String issuer, Date dateOfArchival) { + mVersion = DEFAULT_VERSION; + mSerialNo = serialNo; + mSubject = subject; + mIssuer = issuer; + mDateOfArchival = dateOfArchival; + } + + /** + * Constructs proof of escrow from input stream. + * <P> + * @param in encoding source + * @exception EBaseException failed to decode + */ + public ProofOfArchival(InputStream in) throws EBaseException { + decode(in); + } + + /** + * Sets an attribute value. + * <P> + * @param name attribute name + * @param obj attribute value + * @exception EBaseException failed to set attribute + */ + public void set(String name, Object obj) throws EBaseException { + if (name.equals(ATTR_VERSION)) { + mVersion = (BigInteger) obj; + } else if (name.equals(ATTR_SERIALNO)) { + mSerialNo = (BigInteger) obj; + } else if (name.equals(ATTR_SUBJECT)) { + mSubject = (String) obj; + } else if (name.equals(ATTR_ISSUER)) { + mIssuer = (String) obj; + } else if (name.equals(ATTR_DATE_OF_ARCHIVAL)) { + mDateOfArchival = (Date) obj; + } else { + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", name)); + } + } + + /** + * Retrieves the value of an named attribute. + * <P> + * @param name attribute name + * @return attribute value + * @exception EBaseException failed to get attribute + */ + public Object get(String name) throws EBaseException { + if (name.equals(ATTR_VERSION)) { + return mVersion; + } else if (name.equals(ATTR_SERIALNO)) { + return mSerialNo; + } else if (name.equals(ATTR_SUBJECT)) { + return mSubject; + } else if (name.equals(ATTR_ISSUER)) { + return mIssuer; + } else if (name.equals(ATTR_DATE_OF_ARCHIVAL)) { + return mDateOfArchival; + } else { + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", name)); + } + } + + /** + * Deletes an attribute. + * <P> + * @param name attribute name + * @exception EBaseException failed to get attribute + */ + public void delete(String name) throws EBaseException { + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", name)); + } + + /** + * Retrieves a list of possible attribute names. + * <P> + * + * @return a list of names + */ + public Enumeration getElements() { + return mNames.elements(); + } + + /** + * Retrieves serializable attribute names. + * + * @return a list of serializable attribute names + */ + public Enumeration getSerializableAttrNames() { + return mNames.elements(); + } + + /** + * Retrieves version of this proof. + * <P> + * @return version + */ + public BigInteger getVersion() { + return mVersion; + } + + /** + * Retrieves the serial number. + * <P> + * @return serial number + */ + public BigInteger getSerialNumber() { + return mSerialNo; + } + + /** + * Retrieves the subject name. + * <P> + * @return subject name + */ + public String getSubjectName() { + return mSubject; + } + + /** + * Retrieves the issuer name. + * <P> + * @return issuer name + */ + public String getIssuerName() { + return mIssuer; + } + + /** + * Returns the beginning of the escrowed perioid. + * <P> + * @return date of archival + */ + public Date getDateOfArchival() { + return mDateOfArchival; + } + + /** + * Encodes this proof of escrow into the given + * output stream. + * <P> + */ + public void encode(DerOutputStream out) throws EBaseException { + try { + DerOutputStream seq = new DerOutputStream(); + + // version (OPTIONAL) + if (!mVersion.equals(DEFAULT_VERSION)) { + DerOutputStream version = new DerOutputStream(); + + version.putInteger(new BigInt(mVersion)); + seq.write(DerValue.createTag( + DerValue.TAG_CONTEXT, true, (byte) 0), + version); + } + + // serial number + DerOutputStream serialno = new DerOutputStream(); + + seq.putInteger(new BigInt(mSerialNo)); + + // subject name + DerOutputStream subject = new DerOutputStream(); + + (new X500Name(mSubject)).encode(seq); + + // issuer name + DerOutputStream issuer = new DerOutputStream(); + + (new X500Name(mIssuer)).encode(seq); + + // issue date + seq.putUTCTime(mDateOfArchival); + out.write(DerValue.tag_Sequence, seq); + + } catch (IOException e) { + throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_DECODE_FAILED", e.toString())); + } + } + + /** + * Encodes and signs this proof of escrow. + * <P> + */ + public void encodeAndSign(PrivateKey key, String algorithm, + String provider, DerOutputStream out) + throws EBaseException { + + try { + Signature sigEngine = null; + + if (provider == null) { + sigEngine = Signature.getInstance(algorithm); + } else { + sigEngine = Signature.getInstance(algorithm, + provider); + } + + sigEngine.initSign(key); + DerOutputStream tmp = new DerOutputStream(); + + encode(tmp); + + AlgorithmId sigAlgId = AlgorithmId.get( + sigEngine.getAlgorithm()); + + sigAlgId.encode(tmp); + byte dataToSign[] = tmp.toByteArray(); + + sigEngine.update(dataToSign, 0, dataToSign.length); + byte signature[] = sigEngine.sign(); + + tmp.putBitString(signature); + out.write(DerValue.tag_Sequence, tmp); + return; + } catch (NoSuchAlgorithmException e) { + throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_ENCODE_FAILED_1", e.toString())); + } catch (NoSuchProviderException e) { + throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_ENCODE_FAILED_1", e.toString())); + } catch (InvalidKeyException e) { + throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_ENCODE_FAILED_1", e.toString())); + } catch (SignatureException e) { + throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_ENCODE_FAILED_1", e.toString())); + } catch (IOException e) { + throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_ENCODE_FAILED_1", e.toString())); + } + } + + /** + * Decodes the input stream. + * <P> + */ + public void decode(InputStream in) throws EBaseException { + try { + // POA is a SIGNED ASN.1 macro, a three element sequence: + // - Data to be signed (ToBeSigned) -- the "raw" data + // - Signature algorithm (SigAlgId) + // - The Signature bits + + DerValue val = new DerValue(in); + + DerValue seq[] = new DerValue[3]; + + seq[0] = val.data.getDerValue(); + if (seq[0].tag == DerValue.tag_Sequence) { + // with signature + seq[1] = val.data.getDerValue(); + seq[2] = val.data.getDerValue(); + if (seq[1].data.available() != 0) { + throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_DECODE_FAILED_1", + "no algorithm found")); + } + + if (seq[2].data.available() != 0) { + throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_DECODE_FAILED_1", + "no signature found")); + } + + AlgorithmId algid = AlgorithmId.parse(seq[1]); + byte signature[] = seq[2].getBitString(); + + decodePOA(val, null); + } else { + // without signature + decodePOA(val, seq[0]); + } + } catch (IOException e) { + throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_DECODE_FAILED_1", e.toString())); + } + } + + /** + * Decodes proof of escrow. + * <P> + */ + private void decodePOA(DerValue val, DerValue preprocessed) + throws EBaseException { + try { + DerValue tmp = null; + + if (preprocessed == null) { + if (val.tag != DerValue.tag_Sequence) { + throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_DECODE_FAILED_1", + "not start with sequence")); + } + tmp = val.data.getDerValue(); + } else { + tmp = preprocessed; + } + + // version + if (tmp.isContextSpecific((byte) 0)) { + if (tmp.isConstructed() && tmp.isContextSpecific()) { + DerValue version = tmp.data.getDerValue(); + BigInt ver = version.getInteger(); + + mVersion = ver.toBigInteger(); + tmp = val.data.getDerValue(); + } + } else { + mVersion = DEFAULT_VERSION; + } + + // serial number + DerValue serialno = tmp; + + mSerialNo = serialno.getInteger().toBigInteger(); + + // subject + DerValue subject = val.data.getDerValue(); + + // mSubject = new X500Name(subject); // doesnt work + mSubject = new String(subject.toByteArray()); + + // issuer + DerValue issuer = val.data.getDerValue(); + + mIssuer = new String(issuer.toByteArray()); + + // date of archival + mDateOfArchival = val.data.getUTCTime(); + } catch (IOException e) { + throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_DECODE_FAILED_1", e.toString())); + } + } + + /** + * Retrieves the string reprensetation of this + * proof of archival. + */ + public String toString() { + return "Version: " + mVersion.toString() + "\n" + + "SerialNo: " + mSerialNo.toString() + "\n" + + "Subject: " + mSubject + "\n" + + "Issuer: " + mIssuer + "\n" + + "DateOfArchival: " + mDateOfArchival.toString(); + } + +} diff --git a/pki/base/common/src/com/netscape/certsrv/ldap/ELdapException.java b/pki/base/common/src/com/netscape/certsrv/ldap/ELdapException.java new file mode 100644 index 000000000..3f829aa31 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/ldap/ELdapException.java @@ -0,0 +1,86 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.ldap; + + +import com.netscape.certsrv.base.*; + + +/** + * A class that represents a Ldap exception. Various + * errors can occur when interacting with a Ldap directory server. + * <P> + * + * @version $Revision$, $Date$ + */ +public class ELdapException extends EBaseException { + + /** + * Ldap resource class name. + */ + private static final String LDAP_RESOURCES = LdapResources.class.getName(); + + /** + * Constructs a Ldap exception. + * @param msgFormat Resource Key, if key not present, serves as the message. + * <P> + */ + public ELdapException(String msgFormat) { + super(msgFormat); + } + + /** + * Constructs a Ldap exception. + * @param msgFormat Resource Key, if key not present, serves as the message. + * Include a message string parameter for variable content. + * @param param Message string parameter. + * <P> + */ + public ELdapException(String msgFormat, String param) { + super(msgFormat, param); + } + + /** + * Constructs a Ldap exception. + * @param msgFormat Resource Key, if key not present, serves as the message. + * @param e Common exception. + * <P> + */ + public ELdapException(String msgFormat, Exception e) { + super(msgFormat, e); + } + + /** + * Constructs a Ldap exception. + * @param msgFormat Resource Key, if key not present, serves as the message. + * @param params Array of Message string parameters. + * <P> + */ + public ELdapException(String msgFormat, Object params[]) { + super(msgFormat, params); + } + + /** + * Gets the resource bundle name + * @return Name of the Ldap Exception resource bundle name. + * <p> + */ + protected String getBundleName() { + return LDAP_RESOURCES; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/ldap/ELdapServerDownException.java b/pki/base/common/src/com/netscape/certsrv/ldap/ELdapServerDownException.java new file mode 100644 index 000000000..b6b04a760 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/ldap/ELdapServerDownException.java @@ -0,0 +1,35 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.ldap; + + +/** + * This represents exception which indicates Ldap server is down. + * + * @version $Revision$, $Date$ + */ +public class ELdapServerDownException extends ELdapException { + + /** + * Constructs a ldap server down exception with host & port info. + * @param errorString Detailed error message. + */ + public ELdapServerDownException(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/ldap/ILdapAuthInfo.java b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapAuthInfo.java new file mode 100644 index 000000000..13cadf2ab --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapAuthInfo.java @@ -0,0 +1,103 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.ldap; + + +import java.util.Hashtable; +import netscape.ldap.LDAPConnection; +import netscape.ldap.LDAPException; +import org.mozilla.jss.util.Password; +import org.mozilla.jss.util.PasswordCallback; +import org.mozilla.jss.util.PasswordCallbackInfo; +import org.mozilla.jss.util.ConsolePasswordCallback; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.ldap.*; + + +/** + * Class for obtaining ldap authentication info from the configuration store. + * Two types of authentication is basic and SSL client authentication. + * + * @version $Revision$, $Date$ + */ +public interface ILdapAuthInfo { + static public final String PROP_LDAPAUTHTYPE = "authtype"; + static public final String PROP_CLIENTCERTNICKNAME = "clientCertNickname"; + static public final String PROP_BINDDN = "bindDN"; + static public final String PROP_BINDPW = "bindPassword"; + static public final String PROP_BINDPW_PROMPT = "bindPWPrompt"; + static public final String PROP_BINDDN_DEFAULT = "cn=Directory Manager"; + + static public final String LDAP_BASICAUTH_STR = "BasicAuth"; + static public final String LDAP_SSLCLIENTAUTH_STR = "SslClientAuth"; + + static public final int LDAP_AUTHTYPE_NONE = 0; // illegal + static public final int LDAP_AUTHTYPE_BASICAUTH = 1; + static public final int LDAP_AUTHTYPE_SSLCLIENTAUTH = 2; + + /** + * Initialize this class from the config store. + * @param config The config store from which to initialize. + * @exception EBaseException Due to failure of the initialization process. + * + */ + public void init(IConfigStore config) throws EBaseException; + + /** + * Initialize this class from the config store. + * Based on host, port, and secure boolean info. + * which allows an actual attempt on the server to verify credentials. + * @param config The config store from which to initialize. + * @exception EBaseException Due to failure of the initialization process. + * + */ + public void init(IConfigStore config, String host, int port, boolean secure) + throws EBaseException; + + /** + * Reset the connection to the host + */ + public void reset(); + + /** + * Get authentication type. + * @return one of: <br> + * LdapAuthInfo.LDAP_AUTHTYPE_BASICAUTH or + * LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH + */ + public int getAuthType(); + + /** + * Get params for authentication. + * @return array of parameters for this authentication as an array of Strings. + */ + public String[] getParms(); + + /** + * Add password to private password data structure. + * @param prompt Password prompt. + * @param pw Password itself. + */ + public void addPassword(String prompt, String pw); + + /** + * Remove password from private password data structure. + * @param prompt Identify password to remove with prompt. + */ + public void removePassword(String prompt); +} diff --git a/pki/base/common/src/com/netscape/certsrv/ldap/ILdapBoundConnFactory.java b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapBoundConnFactory.java new file mode 100644 index 000000000..71b810709 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapBoundConnFactory.java @@ -0,0 +1,43 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.ldap; + + +import netscape.ldap.*; +import com.netscape.certsrv.base.*; + + +/** + * Maintains a pool of connections to the LDAP server. + * CMS requests are processed on a multi threaded basis. + * A pool of connections then must be be maintained so this + * access to the Ldap server can be easily managed. The min and + * max size of this connection pool should be configurable. Once + * the maximum limit of connections is exceeded, the factory + * should provide proper synchronization to resolve contention issues. + * + * @version $Revision$, $Date$ + */ +public interface ILdapBoundConnFactory extends ILdapConnFactory { + + public static final String PROP_MINCONNS = "minConns"; + public static final String PROP_MAXCONNS = "maxConns"; + public static final String PROP_LDAPCONNINFO = "ldapconn"; + public static final String PROP_LDAPAUTHINFO = "ldapauth"; + +} diff --git a/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnFactory.java b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnFactory.java new file mode 100644 index 000000000..8ac2cd505 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnFactory.java @@ -0,0 +1,90 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.ldap; + + +import netscape.ldap.*; +import com.netscape.certsrv.base.*; + + +/** + * Maintains a pool of connections to the LDAP server. + * Multiple threads use this interface to utilize and release + * the Ldap connection resources. + * + * @version $Revision$, $Date$ + */ +public interface ILdapConnFactory { + + /** + * Initialize the poll from the config store. + * @param config The configuration substore. + * @exception EBaseException On configuration error. + * @exception ELdapException On all other errors. + */ + public void init(IConfigStore config) + throws EBaseException, ELdapException; + + /** + * + * Used for disconnecting all connections. + * Used just before a subsystem + * shutdown or process exit. + * @exception EldapException on Ldap failure when closing connections. + */ + public void reset() + throws ELdapException; + + /** + * Returns the number of free connections available from this pool. + * @return Integer number of free connections. + */ + + public int freeConn(); + + /** + * Returns the number of total connections available from this pool. + * Includes sum of free and in use connections. + * @return Integer number of total connections. + */ + public int totalConn(); + + /** + * Returns the maximum number of connections available from this pool. + * @return Integer maximum number of connections. + */ + public int maxConn(); + + /** + * Request access to a Ldap connection from the pool. + * @exception ELdapException if any error occurs, such as a + * @return Ldap connection object. + * connection is not available + */ + public LDAPConnection getConn() + throws ELdapException; + + /** + * Return connection to the factory. mandatory after a getConn(). + * @param conn Ldap connection object to be returned to the free list of the pool. + * @exception ELdapException On any failure to return the connection. + */ + public void returnConn(LDAPConnection conn) + throws ELdapException; + +} diff --git a/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnInfo.java b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnInfo.java new file mode 100644 index 000000000..f56bf4d3e --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnInfo.java @@ -0,0 +1,84 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.ldap; + + +import netscape.ldap.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.base.EPropertyNotFound; +import com.netscape.certsrv.ldap.*; + + +/** + * Class for reading ldap connection information from the config store. + * Ldap connection info: host name, port number,whether of not it is a secure connection. + * + * @version $Revision$, $Date$ + */ +public interface ILdapConnInfo { + public static final String PROP_HOST = "host"; + public static final String PROP_PORT = "port"; + public static final String PROP_SECURE = "secureConn"; + public static final String PROP_PROTOCOL = "version"; + public static final String PROP_FOLLOW_REFERRALS = "followReferrals"; + public static final String PROP_HOST_DEFAULT = "localhost"; + public static final String PROP_PORT_DEFAULT = "389"; + + public static final int LDAP_VERSION_2 = 2; + public static final int LDAP_VERSION_3 = 3; + + /** + * Initializes an instance from a config store. + * @param config Configuration store. + * @exception ELdapException Ldap related error found. + * @exception EBaseException Other errors and errors with params included in the config store. + */ + public void init(IConfigStore config) throws EBaseException, ELdapException; + + /** + * Return the name of the Host. + * + */ + + + public String getHost(); + + /** + * Return the port number of the host. + * + */ + public int getPort(); + + /** + * Return the Ldap version number of the Ldap server. + */ + + public int getVersion(); + + /** + * Return whether or not the connection is secure. + */ + public boolean getSecure(); + + /** + * Return whether or not the server is to follow referrals + * to other servers when servicing a query. + */ + public boolean getFollowReferrals(); + +} diff --git a/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnModule.java b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnModule.java new file mode 100644 index 000000000..3cf762663 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnModule.java @@ -0,0 +1,60 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.ldap; + + +import com.netscape.certsrv.base.*; +import java.security.cert.*; + + +/** + * Class on behalf of the Publishing system that controls an instance of an ILdapConnFactory. + * Allows a factory to be intialized and grants access + * to the factory to other interested parties. + * + * @version $Revision$, $Date$ + */ + +public interface ILdapConnModule { + + /** + * Initialize ldap publishing module with config store. + * @param owner Entity that is interested in this instance of Publishing. + * @param config Config store containing the info needed to set up Publishing. + * @exception ELdapException Due to Ldap error. + * @exception EBaseException Due to config value errors and all other errors. + */ + public void init(ISubsystem owner, IConfigStore config) + throws EBaseException, ELdapException; + + /** + * Returns the internal ldap connection factory. + * This can be useful to get a ldap connection to the + * ldap publishing directory without having to get it again from the + * config file. Note that this means sharing a ldap connection pool + * with the ldap publishing module so be sure to return connections to pool. + * Use ILdapConnFactory.getConn() to get a Ldap connection to the ldap + * publishing directory. + * Use ILdapConnFactory.returnConn() to return the connection. + * + * @return Instance of ILdapConnFactory. + */ + + public ILdapConnFactory getLdapConnFactory(); +} + diff --git a/pki/base/common/src/com/netscape/certsrv/ldap/LdapResources.java b/pki/base/common/src/com/netscape/certsrv/ldap/LdapResources.java new file mode 100644 index 000000000..79a8aecb4 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/ldap/LdapResources.java @@ -0,0 +1,44 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.ldap; + + +import java.util.*; + + +/** + * A resource bundle for ldap subsystem. + * + * @version $Revision$, $Date$ + */ +public class LdapResources extends ListResourceBundle { + + /** + * Returns the content of this resource. + */ + public Object[][] getContents() { + return contents; + } + + /** + * Constants. The suffix represents the number of + * possible parameters. + */ + + static final Object[][] contents = {}; +} diff --git a/pki/base/common/src/com/netscape/certsrv/listeners/EListenersException.java b/pki/base/common/src/com/netscape/certsrv/listeners/EListenersException.java new file mode 100644 index 000000000..40dad6eb9 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/listeners/EListenersException.java @@ -0,0 +1,84 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.listeners; + + +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.logging.*; + + +/** + * A class represents a listener exception. + * <P> + * @version $Revision$, $Date$ + */ +public class EListenersException extends EBaseException { + + /** + * CA resource class name. + */ + private static final String LISTENERS_RESOURCES = ListenersResources.class.getName(); + + /** + * Constructs a listeners exception. + * <P> + * @param msgFormat The error message resource key. + */ + public EListenersException(String msgFormat) { + super(msgFormat); + } + + /** + * Constructs a listeners exception. + * <P> + * @param msgFormat exception details in message string format. + * @param param message string parameter. + */ + public EListenersException(String msgFormat, String param) { + super(msgFormat, param); + } + + /** + * Constructs a Listeners exception. + * <P> + * @param msgFormat The resource key. + * @param e The parameter as an exception. + */ + public EListenersException(String msgFormat, Exception e) { + super(msgFormat, e); + } + + /** + * Constructs a Listeners exception. + * <P> + * @param msgFormat The resource key. + * @param params Array of params. + */ + public EListenersException(String msgFormat, Object params[]) { + super(msgFormat, params); + } + /** + * get the listener resource class name. + * <P> + * @return the class name of the resource. + */ + protected String getBundleName() { + return LISTENERS_RESOURCES; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/listeners/IRequestListenerPlugin.java b/pki/base/common/src/com/netscape/certsrv/listeners/IRequestListenerPlugin.java new file mode 100644 index 000000000..83f6bd68d --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/listeners/IRequestListenerPlugin.java @@ -0,0 +1,77 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.listeners; + + +import com.netscape.certsrv.base.*; + +/** + * This interface represents a plug-in listener. Implement this class to + * add the listener to an ARequestNotifier of a subsystem. + * <P> + * @version $Revision$, $Date$ + */ +public interface IRequestListenerPlugin { + + /** + * get the registered class name set in the init() method. + * <P> + * @return the Name. + */ + public String getName(); + + /** + * get the plugin implementaion name set in the init() method. + * <P> + * @return the plugin implementation name. + */ + public String getImplName(); + + /** + * the subsystem call this method to initialize the plug-in. + * <P> + * @param name the registered class name of the plug-in. + * @param implName the implemetnation name of the plug-in. + * @param config the configuration store where the. + * properties of the plug-in are stored. + * @exception EBaseException throws base exception in the certificate server. + */ + public void init(String name, String implName, IConfigStore config) + throws EBaseException; + /** + * shutdown the plugin. + */ + public void shutdown(); + /** + * get the configuration parameters of the plug-in. + * <P> + * @return the configuration parameters. + * @exception EBaseException throws base exception in the certificate server. + */ + public String[] getConfigParams() + throws EBaseException; + /** + * get the configuration store of the plugin where the + * configuration parameters of the plug-in are stored. + * <P> + * @return the configuration store. + */ + + public IConfigStore getConfigStore(); + +} diff --git a/pki/base/common/src/com/netscape/certsrv/listeners/ListenersResources.java b/pki/base/common/src/com/netscape/certsrv/listeners/ListenersResources.java new file mode 100644 index 000000000..7fae366d8 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/listeners/ListenersResources.java @@ -0,0 +1,41 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.listeners; + + +import java.util.*; + +/** + * A class represents a resource bundle for the + * listeners package. + * + * @version $Revision$, $Date$ + */ +public class ListenersResources extends ListResourceBundle { + + /** + * get the content of the resource. + * <P> + * @return the content of this resource is a value pairs array of keys and values. + */ + public Object[][] getContents() { + return contents; + } + static final Object[][] contents = { + }; +} diff --git a/pki/base/common/src/com/netscape/certsrv/logging/AuditEvent.java b/pki/base/common/src/com/netscape/certsrv/logging/AuditEvent.java new file mode 100644 index 000000000..8fa1249f6 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/logging/AuditEvent.java @@ -0,0 +1,331 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.logging; + + +import java.io.*; +import java.util.*; +import java.text.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.logging.*; + + +/** + * The log event object that carries message detail of a log event + * that goes into the Transaction log. Note that the name of this + * class "AuditEvent" is legacy and has nothing to do with the signed + * audit log events, whcih are represented by SignedAuditEvent. + * + * @version $Revision$, $Date$ + * @see java.text.MessageFormat + * @see com.netscape.certsrv.logging.LogResources + */ +public class AuditEvent implements IBundleLogEvent { + + protected Object mParams[] = null; + + private String mEventType = null; + private String mMessage = null; + private int mLevel = -1; + private int mNTEventType = -1; + private int mSource = -1; + private boolean mMultiline = false; + private long mTimeStamp = System.currentTimeMillis(); + + /** + * The bundle name for this event. + */ + private String mBundleName = LogResources.class.getName(); + private static final String INVALID_LOG_LEVEL="log level: {0} is invalid, should be 0-6"; + + /** + * Constructs a message event + * <P> + * + * @param msgFormat the message string + */ + public AuditEvent(String msgFormat) { + mMessage = msgFormat; + mParams = null; + } + + /** + * Constructs a message with a parameter. For example, + * <PRE> + * new AuditEvent("failed to load {0}", fileName); + * </PRE> + * <P> + * + * @param msgFormat details in message string format + * @param param message string parameter + */ + public AuditEvent(String msgFormat, String param) { + this(msgFormat); + mParams = new String[1]; + mParams[0] = param; + } + + /** + * Constructs a message from an exception. It can be used to carry + * a system exception that may contain information about + * the context. For example, + * <PRE> + * try { + * ... + * } catch (IOExeption e) { + * logHandler.log(new AuditEvent("Encountered System Error {0}", e); + * } + * </PRE> + * <P> + * + * @param msgFormat exception details in message string format + * @param exception system exception + */ + public AuditEvent(String msgFormat, Exception exception) { + this(msgFormat); + mParams = new Exception[1]; + mParams[0] = exception; + } + + /** + * Constructs a message from a base exception. This will use the msgFormat + * from the exception itself. + * <PRE> + * try { + * ... + * } catch (Exception e) { + * logHandler.log(new AuditEvent(e)); + * } + * </PRE> + * <P> + * + * @param e CMS exception + */ + public AuditEvent(Exception e) { + this(e.getMessage()); + if (e instanceof EBaseException) { + mParams = ((EBaseException) e).getParameters(); + } else { + mParams = new Exception[1]; + mParams[0] = e; + } + } + + /** + * Constructs a message event with a list of parameters + * that will be substituted into the message format. + * <P> + * + * @param msgFormat message string format + * @param params list of message format parameters + */ + public AuditEvent(String msgFormat, Object params[]) { + this(msgFormat); + mParams = params; + } + + /** + * Returns the current message format string. + * <P> + * + * @return details message + */ + public String getMessage() { + return mMessage; + } + + /** + * Returns a list of parameters. + * <P> + * + * @return list of message format parameters + */ + public Object[] getParameters() { + return mParams; + } + + /** + * Returns localized message string. This method should + * only be called if a localized string is necessary. + * <P> + * + * @return details message + */ + public String toContent() { + return toContent(Locale.getDefault()); + } + + /** + * Returns the string based on the given locale. + * <P> + * + * @param locale locale + * @return details message + */ + public String toContent(Locale locale) { + return MessageFormatter.getLocalizedString(locale, getBundleName(), + getMessage(), + getParameters()); + } + + /** + * Gets the resource bundle name for this class instance. This should + * be overridden by subclasses who have their own resource bundles. + * @param bundle String that represents the resource bundle name to be set + */ + public void setBundleName(String bundle) { + mBundleName = bundle; + } + + /** + * Retrieves bundle name. + * @return a String that represents the resource bundle name + */ + protected String getBundleName() { + return mBundleName; + } + + /** + * Retrieves log source. + * @return an integer that indicates the component source + * where this message event was triggered + */ + public int getSource() { + return mSource; + } + + /** + * Sets log source. + * @param source an integer that represents the component source + * where this message event was triggered + */ + public void setSource(int source) { + mSource = source; + } + + + /** + * Retrieves log level. + * The log level of an event represents its relative importance + * or severity within CMS. + * @return Integer log level value. + */ + public int getLevel() { + return mLevel; + } + + /** + * Retrieves NT specific log event type. + * @return Integer NTEventType value. + */ + public int getNTEventType() { + return mNTEventType; + } + + /** + * Sets log level, NT log event type. + * For certain log levels the NT log event type gets + * set as well. + * @param level Integer log level value. + */ + public void setLevel(int level) { + mLevel = level; + switch (level) { + case ILogger.LL_DEBUG: + case ILogger.LL_INFO: + mNTEventType = ILogger.NT_INFO; + break; + + case ILogger.LL_WARN: + mNTEventType = ILogger.NT_WARN; + break; + + case ILogger.LL_FAILURE: + case ILogger.LL_MISCONF: + case ILogger.LL_CATASTRPHE: + case ILogger.LL_SECURITY: + mNTEventType = ILogger.NT_ERROR; + break; + + default: + ConsoleError.send(new SystemEvent(INVALID_LOG_LEVEL, + Integer.toString(level))); + break; + } + } + + /** + * Retrieves log multiline attribute. + * @return Boolean whether or not this event is multiline. + * A multiline message simply consists of more than one line. + */ + public boolean getMultiline() { + return mMultiline; + } + + /** + * Sets log multiline attribute. A multiline message consists of + * more than one line. + * @param multiline Boolean multiline value. + */ + public void setMultiline(boolean multiline) { + mMultiline = multiline; + } + + /** + * Retrieves event time stamp. + * @return Long integer of the time the event was created. + */ + public long getTimeStamp() { + return mTimeStamp; + } + + + /** + * Retrieves log event type. Each type of event + * has an associated String type value. + * @return String containing the type of event. + */ + public String getEventType() { + return mEventType; + } + + + /** + * Sets log event type. Each type of event + * has an associated String type value. + * @param eventType String containing the type of event. + */ + public void setEventType(String eventType) { + mEventType = eventType; + } + + /** + * Return string representation of log message. + * @return String containing log message. + */ + public String toString() { + if (getBundleName() == null) { + MessageFormat detailMessage = new MessageFormat(mMessage); + + return detailMessage.format(mParams); + //return getMessage(); + } else + return toContent(); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/logging/AuditFormat.java b/pki/base/common/src/com/netscape/certsrv/logging/AuditFormat.java new file mode 100644 index 000000000..8d870ad90 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/logging/AuditFormat.java @@ -0,0 +1,112 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.logging; + + +/** + * Define audit log message format. Note that the name of this + * class "AuditFormat" is legacy and has nothing to do with the signed + * audit log events format + * + * @version $Revision$, $Date$ + */ +public class AuditFormat { + + /** + * default log level for writing audit log + */ + public static final int LEVEL = ILogger.LL_INFO; + + /** + * initiative: the event is from EE + */ + public static final String FROMUSER = "fromUser"; + + /** + * initiative: the event is from agent + */ + public static final String FROMAGENT = "fromAgent"; + + /** + * initiative: the event is from router + */ + public static final String FROMROUTER = "fromRouter"; + + /** + * initiative: the event is from remote authority + */ + public static final String FROMRA = "fromRemoteAuthority"; + + /** + * authentication module: no Authentication manager + */ + public static final String NOAUTH = "noAuthManager"; + + // for ProcessCertReq.java ,kra + /** + 0: request type + 1: request ID + 2: initiative + 3: auth module + 4: status + 5: cert dn + 6: other info. eg cert serial number, violation policies + */ + public static final String FORMAT = + "{0} reqID {1} {2} authenticated by {3} is {4} DN requested: {5} {6}"; + public static final String NODNFORMAT = + "{0} reqID {1} {2} authenticated by {3} is {4}"; + + public static final String ENROLLMENTFORMAT = + "Enrollment request reqID {0} {1} authenticated by {2} is {3}. DN requested: {4} {5}"; + public static final String RENEWALFORMAT = + "Renewal request reqID {0} {1} authenticated by {2} is {3}. DN requested: {4} old serial number: 0x{5} {6}"; + public static final String REVOCATIONFORMAT = + "Revocation request reqID {0} {1} authenticated by {2} is {3}. DN requested: {4} serial number: 0x{5} revocation reason: {6} {7}"; + + // 1: fromAgent AgentID: xxx authenticated by xxx + public static final String DOREVOKEFORMAT = + "Revocation request reqID {0} {1} is {2}. DN requested: {3} serial number: 0x{4} revocation reason: {5}"; + // 1: fromAgent AgentID: xxx authenticated by xxx + public static final String DOUNREVOKEFORMAT = + "Unrevocation request reqID {0} {1} is {2}. DN requested: {3} serial number: 0x{4}"; + + // 0:initiative + public static final String CRLUPDATEFORMAT = + "CRLUpdate request {0} authenticated by {1} is {2}. Id: {3}\ncrl Number: {4} last update time: {5} next update time: {6} number of entries in the CRL: {7}"; + + // audit user/group + public static final String ADDUSERFORMAT = + "Admin UID: {0} added User UID: {1}"; + public static final String REMOVEUSERFORMAT = + "Admin UID: {0} removed User UID: {1} "; + public static final String MODIFYUSERFORMAT = + "Admin UID: {0} modified User UID: {1}"; + public static final String ADDUSERCERTFORMAT = + "Admin UID: {0} added cert for User UID: {1}. cert DN: {2} serial number: 0x{3}"; + public static final String REMOVEUSERCERTFORMAT = + "Admin UID: {0} removed cert of User UID: {1}. cert DN: {2} serial number: 0x{3}"; + public static final String ADDUSERGROUPFORMAT = + "Admin UID: {0} added User UID: {1} to group: {2}"; + public static final String REMOVEUSERGROUPFORMAT = + "Admin UID: {0} removed User UID: {1} from group: {2}"; + + // LDAP publishing + public static final String LDAP_PUBLISHED_FORMAT = + "{0} successfully published serial number: 0x{1} with DN: {2}"; +} diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ConsoleError.java b/pki/base/common/src/com/netscape/certsrv/logging/ConsoleError.java new file mode 100644 index 000000000..750e35807 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/logging/ConsoleError.java @@ -0,0 +1,42 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.logging; + + +import com.netscape.certsrv.logging.*; + + +/** + * A static class to log error messages to the Console + * + * @version $Revision$, $Date$ + */ +public class ConsoleError { + private static final ConsoleLog console = new ConsoleLog(); + + /** + * Send the given event to the Console. + * + * @param ev log event to be sent to the console + */ + public static void send(ILogEvent ev) { + console.log(ev); + console.flush(); + } + +} diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ConsoleLog.java b/pki/base/common/src/com/netscape/certsrv/logging/ConsoleLog.java new file mode 100644 index 000000000..c45b5d129 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/logging/ConsoleLog.java @@ -0,0 +1,121 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.logging; + + +import javax.servlet.*; +import javax.servlet.http.*; +import java.io.*; +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.common.*; +import com.netscape.certsrv.logging.*; + + +/** + * A log event listener which sends all log events to the system console/tty + * + * @version $Revision$, $Date$ + */ +public class ConsoleLog implements ILogEventListener { + + /** + * Log the given event. Usually called from a log manager. + * + * @param ev log event + */ + public void log(ILogEvent ev) { + System.err.println(Thread.currentThread().getName() + ": " + ev); + } + + /** + * Flush the system output stream. + * + */ + public void flush() { + System.err.flush(); + } + + /** + * All operations need to be cleaned up for shutdown are done here + */ + public void shutdown() { + } + + /** + * get the configuration store that is associated with this + * log listener + * @return the configuration store that is associated with this + * log listener + */ + public IConfigStore getConfigStore() { + return null; + } + + public void init(ISubsystem owner, IConfigStore config) + throws EBaseException { + } + + public void startup() throws EBaseException { + } + + /** + * Retrieve last "maxLine" number of system log with log lever >"level" + * and from source "source". If the parameter is omitted. All entries + * are sent back. + * @param req a Hashtable containing the required information such as + * log entry, log level, log source, and log name + * @return the content of the log that match the criteria in req + * @exception servletException + * @exception IOException + * @exception EBaseException + */ + public synchronized NameValuePairs retrieveLogContent(Hashtable req) throws ServletException, + IOException, EBaseException { + return null; + } + + /** + * Retrieve log file list. + * <br> unimplemented + */ + public synchronized NameValuePairs retrieveLogList(Hashtable req) throws ServletException, + IOException, EBaseException { + return null; + } + + public String getImplName() { + return "ConsoleLog"; + } + + public String getDescription() { + return "ConsoleLog"; + } + + public Vector getDefaultParams() { + Vector v = new Vector(); + + return v; + } + + public Vector getInstanceParams() { + Vector v = new Vector(); + + return v; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ELogException.java b/pki/base/common/src/com/netscape/certsrv/logging/ELogException.java new file mode 100644 index 000000000..d15033657 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/logging/ELogException.java @@ -0,0 +1,148 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.logging; + + +import java.io.*; +import java.util.*; +import java.text.*; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.MessageFormatter; + + +/** + * This class implements a Log exception. LogExceptions + * should be caught by LogSubsystem managers. + * <P> + * + * @version $Revision$, $Date$ + * @see java.text.MessageFormat + */ +public class ELogException extends EBaseException { + + /** + * Resource bundle class name. + */ + private static final String LOG_RESOURCES = LogResources.class.getName(); + + /** + * Constructs a log exception. + * <P> + * + * @param msgFormat Exception details. + */ + public ELogException(String msgFormat) { + super(msgFormat); + mParams = null; + } + + /** + * Constructs a log exception with a parameter. For example, + * <PRE> + * new ELogException("failed to load {0}", fileName); + * </PRE> + * <P> + * + * @param msgFormat Exception details in message string format. + * @param param Message string parameter. + */ + public ELogException(String msgFormat, String param) { + super(msgFormat); + mParams = new String[1]; + mParams[0] = param; + } + + /** + * Constructs a log exception. It can be used to carry + * a system exception that may contain information about + * the context. For example, + * <PRE> + * try { + * ... + * } catch (IOExeption e) { + * throw new ELogException("Encountered System Error {0}", e); + * } + * </PRE> + * <P> + * + * @param msgFormat Exception details in message string format. + * @param param System exception. + */ + public ELogException(String msgFormat, Exception param) { + super(msgFormat); + mParams = new Exception[1]; + mParams[0] = param; + } + + /** + * Constructs a log exception with a list of parameters + * that will be substituted into the message format. + * <P> + * + * @param msgFormat Exception details in message string format. + * @param params List of message format parameters. + */ + public ELogException(String msgFormat, Object params[]) { + super(msgFormat); + mParams = params; + } + + /** + * Returns a list of parameters. + * <P> + * + * @return list of message format parameters. + */ + public Object[] getParameters() { + return mParams; + } + + /** + * Returns localized exception string. This method should + * only be called if a localized string is necessary. + * <P> + * + * @return Details message. + */ + public String toString() { + return toString(Locale.getDefault()); + } + + /** + * Returns the string based on the given locale. + * <P> + * + * @param locale Locale. + * @return Details message. + */ + public String toString(Locale locale) { + return MessageFormatter.getLocalizedString(locale, getBundleName(), + super.getMessage(), mParams); + } + + /** + * Retrieves resource bundle name. + * Subclasses should override this as necessary + * @return String containing name of resource bundle. + */ + + protected String getBundleName() { + return LOG_RESOURCES; + } + +} diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ELogNotFound.java b/pki/base/common/src/com/netscape/certsrv/logging/ELogNotFound.java new file mode 100644 index 000000000..49d55f360 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/logging/ELogNotFound.java @@ -0,0 +1,35 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.logging; + + +/** + * Exception for log not found. + * + * @version $Revision$, $Date$ + */ +public class ELogNotFound extends ELogException { + + /** + * Constructs a exception for a missing required log. + * @param errorString Detailed error message. + */ + public ELogNotFound(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ELogPluginNotFound.java b/pki/base/common/src/com/netscape/certsrv/logging/ELogPluginNotFound.java new file mode 100644 index 000000000..1775c8644 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/logging/ELogPluginNotFound.java @@ -0,0 +1,36 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.logging; + + +/** + * Exception for log plugin not found. + * + * @version $Revision$, $Date$ + */ +public class ELogPluginNotFound extends ELogException { + + /** + * Constructs a exception for a missing log plugin. + * @param errorString Detailed error message. + */ + public ELogPluginNotFound(String errorString) { + super(errorString); + } +} + diff --git a/pki/base/common/src/com/netscape/certsrv/logging/IBundleLogEvent.java b/pki/base/common/src/com/netscape/certsrv/logging/IBundleLogEvent.java new file mode 100644 index 000000000..fc9540e55 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/logging/IBundleLogEvent.java @@ -0,0 +1,41 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.logging; + + +import java.io.Serializable; +import java.util.Locale; + + +/** + * An interface which all loggable events must implement. + * See ILogEvent class. + * This class maintains a resource bundle name for given + * event type. + * + * @version $Revision$, $Date$ + */ +public interface IBundleLogEvent extends ILogEvent { + + /** + * Sets the name of the resource bundle to be associated + * with this event type. + * @param bundle name of resource bundle. + */ + public void setBundleName(String bundle); +} diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ILogEvent.java b/pki/base/common/src/com/netscape/certsrv/logging/ILogEvent.java new file mode 100644 index 000000000..d0caca71d --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/logging/ILogEvent.java @@ -0,0 +1,106 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.logging; + + +import java.io.Serializable; +import java.util.Locale; + + +/** + * An interface which all loggable events must implement. CMS comes + * with a limited set of ILogEvent types to implement: audit, system, and + * signed audit. This is the base class of all the subsequent implemented types. + * A log event represents a certain kind of log message designed for a specific purpose. + * For instance, an audit type event represents messages having to do with auditable CMS + * actions. The resulting message will ultimately appear into a specific log file. + * + * @version $Revision$, $Date$ + */ +public interface ILogEvent extends Serializable { + + /** + * Retrieves event time stamp. + * @return Long integer of the time the event was created. + */ + public long getTimeStamp(); + + /** + * Retrieves log source. + * This is an id of the subsystem responsible + * for creating the log event. + * @return Integer source id. + */ + public int getSource(); + + + /** + * Retrieves log level. + * The log level of an event represents its relative importance + * or severity within CMS. + * @return Integer log level value. + */ + public int getLevel(); + + /** + * Retrieves NT specific log event type. + * @return Integer NTEventType value. + */ + public int getNTEventType(); + + /** + * Retrieves multiline attribute. + * Does this message consiste of more than one line. + * @return Boolean of multiline status. + */ + public boolean getMultiline(); + + + /** + * Retrieves log event type. Each type of event + * has an associated String type value. + * @return String containing the type of event. + */ + public String getEventType(); + + /** + * Sets log event type. Each type of event + * has an associated String type value. + * @param eventType String containing the type of event. + */ + public void setEventType(String eventType); + + + /** + * Returns localized message string. This method should + * only be called if a localized string is necessary. + * <P> + * + * @return Details message. + */ + public String toContent(); + + /** + * Returns the string based on the given locale. + * <P> + * + * @param locale locale + * @return Details message. + */ + public String toContent(Locale locale); +} diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ILogEventFactory.java b/pki/base/common/src/com/netscape/certsrv/logging/ILogEventFactory.java new file mode 100644 index 000000000..b0fd0ce18 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/logging/ILogEventFactory.java @@ -0,0 +1,55 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.logging; + + +import java.io.*; +import java.util.*; + + +/** + * An interface represents a log event factory. This + * factory will be responsible for creating and returning ILogEvent objects + * on demand. + * + * @version $Revision$, $Date$ + */ +public interface ILogEventFactory { + + /** + * Creates an event of a particular event type/class. + * + * @param evtClass The event type. + * @param prop The resource bundle. + * @param source The subsystem ID who creates the log event. + * @param level The severity of the log event. + * @param multiline The log message has more than one line or not. + * @param msg The detail message of the log. + * @param params The parameters in the detail log message. + * @return The created ILogEvent object. + */ + public ILogEvent create(int evtClass, Properties prop, int source, + int level, boolean multiline, String msg, Object params[]); + + /** + * Releases previously created event. + * + * @param event The log event. + */ + public void release(ILogEvent event); +} diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ILogEventListener.java b/pki/base/common/src/com/netscape/certsrv/logging/ILogEventListener.java new file mode 100644 index 000000000..e970d4182 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/logging/ILogEventListener.java @@ -0,0 +1,125 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.logging; + + +import com.netscape.certsrv.base.*; +import java.util.*; +import java.io.*; +import javax.servlet.*; +import javax.servlet.http.*; +import com.netscape.certsrv.common.*; + + +/** + * An interface reprensents a log event listener. + * A ILogEventListener is registered to a specific + * ILogQueue to be notified of created ILogEvents. + * the log queue will notify all its registered listeners + * of the logged event. The listener will then proceed to + * process the event accordingly which will result in a log + * message existing in some file. + * + * @version $Revision$, $Date$ + */ +public interface ILogEventListener extends EventListener { + + /** + * The event notification method: Logs event. + * + * @param event The log event to be processed. + */ + public void log(ILogEvent event) throws ELogException; + + /** + * Flushes the log buffers (if any). Will result in the messages + * being actually written to their destination. + */ + public void flush(); + + /** + * Closes the log file and destroys any associated threads. + */ + public void shutdown(); + + /** + * Get the configuration store for the log event listener. + * @return The configuration store of this log event listener. + */ + public IConfigStore getConfigStore(); + + /** + * Initialize this log listener + * @param owner The subsystem. + * @param config Configuration store for this log listener. + * @exception Any initialization error. + */ + public void init(ISubsystem owner, IConfigStore config) + throws EBaseException; + + /** + * Startup the instance. + */ + public void startup() + throws EBaseException; + + /** + * Retrieve last "maxLine" number of system logs with log level >"level" + * and from source "source". If the parameter is omitted. All entries + * are sent back. + * @param req a Hashtable containing the required information such as + * log entry, log level, log source, and log name. + * @return NameValue pair list of log messages. + * @exception ServletException For Servelet errros. + * @exception IOException For input/output problems. + * @exception EBaseException For other problems. + */ + public NameValuePairs retrieveLogContent(Hashtable req) throws ServletException, + IOException, EBaseException; + + /** + * Retrieve list of log files. + * + */ + public NameValuePairs retrieveLogList(Hashtable req) throws ServletException, + IOException, EBaseException; + + /** + * Returns implementation name. + * @return String name of event listener implementation. + */ + public String getImplName(); + + /** + * Returns the description of this log event listener. + * @return String with listener description. + */ + public String getDescription(); + + /** + * Return list of default config parameters for this log event listener. + * @return Vector of default parameters. + */ + public Vector getDefaultParams(); + + /** + * Return list of instance config parameters for this log event listener. + * @return Vector of instance parameters. + */ + public Vector getInstanceParams(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ILogQueue.java b/pki/base/common/src/com/netscape/certsrv/logging/ILogQueue.java new file mode 100644 index 000000000..65d4136c7 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/logging/ILogQueue.java @@ -0,0 +1,74 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.logging; + + +import java.util.*; + + +/** + * An interface represents a log queue. A log queue + * is a queue of pending log events to be dispatched + * to a set of registered ILogEventListeners. + * + * @version $Revision$, $Date$ + */ +public interface ILogQueue { + + /** + * Dispatch the log event to all registered log event listeners. + * + * @param evt the log event + */ + public void log(ILogEvent evt); + + /** + * Flushes log queue, flushes all registered listeners. + * Messages should be written to their destination. + */ + public void flush(); + + /** + * Registers an event listener. + * + * @param listener The log event listener to be registered + * to this queue. + */ + public void addLogEventListener(ILogEventListener listener); + + /** + * Removes an event listener. + * + * @param listener The log event listener to be removed from this queue. + */ + public void removeLogEventListener(ILogEventListener listener); + + /** + * Initializes the log queue. + * <P> + * + */ + public void init(); + + /** + * Stops this log queue:shuts down all registered log event listeners. + * <P> + */ + public void shutdown(); + +} diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ILogSubsystem.java b/pki/base/common/src/com/netscape/certsrv/logging/ILogSubsystem.java new file mode 100644 index 000000000..82bde43f4 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/logging/ILogSubsystem.java @@ -0,0 +1,105 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.logging; + + +import java.io.*; +import java.util.*; +import java.text.MessageFormat; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.logging.*; + + +/** + * An interface that represents a logging component. The logging + * component is a framework that handles different types of log types, + * each represented by an ILogEventListener, and each implements a log + * plugin. CMS comes + * with three standard log types: "signedAudit", "system", and + * "transaction". Each log plugin can be instantiated into log + * instances. Each log instance can be individually configured and is + * associated with its own configuration entries in the configuration file. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface ILogSubsystem extends ISubsystem { + + /** + * The ID of this component + */ + public static final String ID = "log"; + + /** + * Retrieve plugin name (implementation name) of the log event + * listener. If no plug name found, an empty string is returned + * @param log the log event listener + * @return the log event listener's plugin name + */ + public String getLogPluginName(ILogEventListener log); + + /** + * Retrieve the log event listener by instance name + * @param insName the log instance name in String + * @return the log instance in ILogEventListener + */ + public ILogEventListener getLogInstance(String insName); + + /** + * get the list of log plugins that are available + * @return log plugins in a Hashtable. Each entry in the + * Hashtable contains the name/value pair of pluginName/LogPlugin + * @see LogPlugin + */ + public Hashtable getLogPlugins(); + + /** + * get the list of log instances that are available + * @return log instances in a Hashtable. Each entry in the + * Hashtable contains the name/value pair of instName/ILogEventListener + * @see LogPlugin + */ + public Hashtable getLogInsts(); + + /** + * Get the default configuration parameter names associated with a + * plugin. It is used by + * administration servlet to handle log configuration when a new + * log instance is added. + * @param implName The implementation name for which the + * configuration parameters are to be configured + * @return a Vector of default configuration paramter names + * associated with this log plugin + * @exception ELogException when instantiation of the plugin + * implementation fails. + */ + public Vector getLogDefaultParams(String implName) throws + ELogException; + + /** + * Get the default configuration parameter names associated with a + * log instance. It is used by administration servlet to handle + * log instance configuration. + * @param insName The instance name for which the configuration + * parameters are to be configured + * @return a Vector of default configuration paramter names + * associated with this log instance. + */ + public Vector getLogInstanceParams(String insName) + throws ELogException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ILogger.java b/pki/base/common/src/com/netscape/certsrv/logging/ILogger.java new file mode 100644 index 000000000..b4a7070a7 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/logging/ILogger.java @@ -0,0 +1,496 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.logging; + + +import java.util.*; +import com.netscape.certsrv.common.*; + + +/** + * An interface represents a logger for certificate server. This object is used to + * issue log messages for the various types of logging event types. A log message results + * in a ILogEvent being created. This event is then placed on a ILogQueue to be ultimately + * written to the destination log file. This object also maintains a collection of ILogFactory objects + * which are used to create the supported types of ILogEvents. CMS comes out of the box with three event + * types: "signedAudit", "system", and "audit". + * + * @version $Revision$, $Date$ + */ +public interface ILogger { + + //List of defined log classes. + /** + * log class: audit event. + */ + public static final int EV_AUDIT = 0; + public static final String PROP_AUDIT = "transaction"; + + /** + * log class: system event. + * System event with log level >= LL_FAILURE will also be logged in error log + */ + public static final int EV_SYSTEM = 1; + public static final String PROP_SYSTEM = "system"; + + /** + * log class: SignedAudit event. + */ + public static final int EV_SIGNED_AUDIT = 2; + public static final String PROP_SIGNED_AUDIT = "signedAudit"; + + //List of defined log sources. + + /** + * log source: used by servlet to retrieve all logs + */ + public static final int S_ALL = 0; //used by servlet only + + /** + * log source: identify the log entry is from KRA + */ + public static final int S_KRA = 1; + + /** + * log source: identify the log entry is from RA + */ + public static final int S_RA = 2; + + /** + * log source: identify the log entry is from CA + */ + public static final int S_CA = 3; + + /** + * log source: identify the log entry is from http subsystem + */ + public static final int S_HTTP = 4; + + /** + * log source: identify the log entry is from database subsystem + */ + public static final int S_DB = 5; + + /** + * log source: identify the log entry is from authentication subsystem + */ + public static final int S_AUTHENTICATION = 6; + + /** + * log source: identify the log entry is from admin subsystem + */ + public static final int S_ADMIN = 7; + + /** + * log source: identify the log entry is from ldap subsystem + */ + public static final int S_LDAP = 8; + + /** + * log source: identify the log entry is from request queue subsystem + */ + public static final int S_REQQUEUE = 9; + + /** + * log source: identify the log entry is from acl subsystem + */ + public static final int S_ACLS = 10; + + /** + * log source: identify the log entry is from usergrp subsystem + */ + public static final int S_USRGRP = 11; + public static final int S_OCSP = 12; + + /** + * log source: identify the log entry is from authorization subsystem + */ + public static final int S_AUTHORIZATION = 13; + + /** + * log source: identify the log entry is from signed audit + */ + public static final int S_SIGNED_AUDIT = 14; + + /** + * log source: identify the log entry is from CrossCertPair subsystem + */ + public static final int S_XCERT = 15; + + /** + * log source: identify the log entry is from CrossCertPair subsystem + */ + + public static final int S_TKS = 16; + + /** + * log source: identify the log entry is from other subsystem + * eg. policy, security, connector,registration + */ + public static final int S_OTHER = 20; + + + // List of defined log levels. + /** + * log level: used by servlet to retrieve all level logs + */ + public static final int LL_ALL = -1; //used by servlet only + public static final String LL_ALL_STRING = "All"; //used by servlet only + + /** + * log level: indicate this log entry is debug info + */ + + /** + * Debug level is depreciated since CMS6.1. Please use + * CMS.debug() to output messages to debugging file. + */ + public static final int LL_DEBUG = 0; // depreciated + public static final String LL_DEBUG_STRING = "Debug"; + + /** + * log level: indicate this log entry is for info note + */ + public static final int LL_INFO = 1; + public static final String LL_INFO_STRING = "Information"; + + /** + * log level: indicate this log entry is warning info + */ + public static final int LL_WARN = 2; + public static final String LL_WARN_STRING = "Warning"; + + /** + * log level: indicate this log entry is fail/error info + */ + public static final int LL_FAILURE = 3; + public static final String LL_FAILURE_STRING = "Failure"; + + /** + * log level: indicate this log entry is about misconfiguration + */ + public static final int LL_MISCONF = 4; + public static final String LL_MISCONF_STRING = "Misconfiguration"; + + /** + * log level: indicate this log entry is catastrphe info + */ + public static final int LL_CATASTRPHE = 5; + public static final String LL_CATASTRPHE_STRING = "Catastrophe"; + + /** + * log level: indicate this log entry is security info + */ + public static final int LL_SECURITY = 6; + public static final String LL_SECURITY_STRING = "Security"; + + /** + * "SubjectID" for system-initiated events logged + * in signed audit log messages + */ + public static final String SYSTEM_UID = "$System$"; + + /** + * A constant string value used to denote a single "unknown" identity + * in signed audit log messages + */ + public static final String UNIDENTIFIED = "$Unidentified$"; + + /** + * A constant string value used to denote a single "non-role" identity + * in signed audit log messages + */ + public static final String NONROLEUSER = "$NonRoleUser$"; + + /** + * "Outcome" for events logged in signed audit log messages + */ + public static final String SUCCESS = "Success"; + public static final String FAILURE = "Failure"; + + /** + * A constant string value used to denote a "non-applicable" + * data value in signed audit log messages + */ + public final static String SIGNED_AUDIT_NON_APPLICABLE = "N/A"; + + /** + * A constant string value used to denote an "empty", or "null", + * data value in signed audit log messages + */ + public final static String SIGNED_AUDIT_EMPTY_VALUE = "<null>"; + + /** + * Constant string values associated with the type of certificate + * processing stored in the "InfoName" field in certain signed + * audit log messages + */ + public final static String SIGNED_AUDIT_ACCEPTANCE = "certificate"; + public final static String SIGNED_AUDIT_CANCELLATION = "cancelReason"; + public final static String SIGNED_AUDIT_REJECTION = "rejectReason"; + + // List of all NT event type + /** + * NT event type: correspond to log level LL_DEBUG or LL_INFO + */ + public static final int NT_INFO = 4; + + /** + * NT event type: correspond to log level LL_WARNING + */ + public static final int NT_WARN = 2; + + /** + * NT event type: correspont to log level LL_FAILURE and above + */ + public static final int NT_ERROR = 1; + + // List of defined log multiline attribute. + /** + * indicate the log message has more than one line + */ + public static final boolean L_MULTILINE = true; + + /** + * indicate the log message has one line + */ + public static final boolean L_SINGLELINE = false; + + /** + * Logs an event to the log queue. + * + * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT. + * @param source The source of the log event. + * @param msg The detail message to be logged. + */ + public void log(int evtClass, int source, String msg); + + /** + * Logs an event to the log queue. + * + * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT. + * @param props The resource bundle used for the detailed message. + * @param source The source of the log event. + * @param msg The detail message to be logged. + */ + public void log(int evtClass, Properties props, int source, String msg); + + /** + * Logs an event to the log queue. + * + * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT. + * @param source The source of the log event. + * @param level The level of the log event. + * @param msg The detail message to be logged. + */ + public void log(int evtClass, int source, int level, String msg); + + /** + * Logs an event to the log queue. + * + * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT. + * @param props The resource bundle used for the detailed message. + * @param source The source of the log event. + * @param level The level of the log event. + * @param msg The detail message to be logged. + */ + public void log(int evtClass, Properties props, int source, int level, String msg); + + /** + * Logs an event to the log queue. + * + * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT. + * @param source The source of the log event. + * @param level The level of the log event. + * @param msg The detail message to be logged. + * @param param The parameter in the detail message. + */ + public void log(int evtClass, int source, int level, String msg, Object param); + + /** + * Logs an event to the log queue. + * + * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT. + * @param source The source of the log event. + * @param level The level of the log event. + * @param msg The detail message to be logged. + * @param params The parameters in the detail message. + */ + public void log(int evtClass, int source, int level, String msg, Object params[]); + + /** + * Logs an event to the log queue. + * + * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT. + * @param props The resource bundle used for the detailed message. + * @param source The source of the log event. + * @param msg The detail message to be logged. + * @param param The parameters in the detail message. + */ + public void log(int evtClass, Properties props, int source, String msg, Object param); + + /** + * Logs an event to the log queue. + * + * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT. + * @param props The resource bundle used for the detailed message. + * @param source The source of the log event. + * @param level The level of the log event. + * @param msg The detail message to be logged. + * @param param The parameter in the detail message. + */ + public void log(int evtClass, Properties props, int source, int level, String msg, + Object param); + + /** + * Logs an event to the log queue. + * + * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT. + * @param prop The resource bundle used for the detailed message. + * @param source The source of the log event. + * @param level The level of the log event. + * @param msg The detail message to be logged. + * @param params The parameters in the detail message. + */ + public void log(int evtClass, Properties prop, int source, int level, String msg, + Object params[]); + + //multiline log + + /** + * Logs an event to the log queue. + * + * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT. + * @param source The source of the log event. + * @param msg The detail message to be logged. + * @param multiline true If the message has more than one line, otherwise false. + */ + public void log(int evtClass, int source, String msg, boolean multiline); + + /** + * Logs an event to the log queue. + * + * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT. + * @param props The resource bundle used for the detailed message. + * @param source The source of the log event. + * @param msg The detail message to be logged. + * @param multiline True if the message has more than one line, otherwise false. + */ + public void log(int evtClass, Properties props, int source, String msg, boolean multiline); + + /** + * Logs an event to the log queue. + * + * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT. + * @param source The source of the log event. + * @param level The level of the log event. + * @param msg The detail message to be logged. + * @param multiline True if the message has more than one line, otherwise false. + */ + public void log(int evtClass, int source, int level, String msg, boolean multiline); + + /** + * Logs an event to the log queue. + * + * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT. + * @param props The resource bundle used for the detailed message. + * @param source The source of the log event. + * @param level The level of the log event. + * @param msg The detail message to be logged. + * @param multiline True if the message has more than one line, otherwise false. + */ + public void log(int evtClass, Properties props, int source, int level, String msg, boolean multiline); + + /** + * Logs an event to the log queue. + * + * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT. + * @param source The source of the log event. + * @param level The level of the log event. + * @param msg The detail message to be logged. + * @param param The parameter in the detail message. + * @param multiline True if the message has more than one line, otherwise false. + */ + public void log(int evtClass, int source, int level, String msg, Object param, boolean multiline); + + /** + * Logs an event to the log queue. + * + * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT. + * @param props The resource bundle used for the detailed message. + * @param source TTTTsource of the log event. + * @param msg The detail message to be logged. + * @param param The parameter in the detail message. + * @param multiline True if the message has more than one line, otherwise false. + */ + public void log(int evtClass, Properties props, int source, String msg, Object param, boolean multiline); + + /** + * Logs an event to the log queue. + * + * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT. + * @param props The resource bundle used for the detailed message. + * @param source The source of the log event. + * @param level The level of the log event. + * @param msg The detail message to be logged. + * @param param The parameter in the detail message. + * @param multiline True if the message has more than one line, otherwise false. + */ + public void log(int evtClass, Properties props, int source, int level, String msg, + Object param, boolean multiline); + + /** + * Logs an event to the log queue. + * + * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT. + * @param prop The resource bundle used for the detailed message. + * @param source The source of the log event. + * @param level The level of the log event. + * @param msg The detail message to be logged. + * @param params The parameters in the detail message. + * @param multiline True if the message has more than one line, otherwise false. + */ + public void log(int evtClass, Properties prop, int source, int level, String msg, + Object params[], boolean multiline); + + /* + * Generates an ILogEvent + * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT. + * @param props The resource bundle used for the detailed message. + * @param source The source of the log event. + * @param level The level of the log event. + * @param msg The detail message to be logged. + * @param params The parameters in the detail message. + * @param multiline True if the message has more than one line, otherwise false. + * @return ILogEvent, a log event. + */ + public ILogEvent create(int evtClass, Properties prop, int source, int level, + String msg, Object params[], boolean multiline); + + /** + * Register a log event factory. Which will create the desired ILogEvents. + */ + public void register(int evtClass, ILogEventFactory f); + + /** + * Retrieves the associated log queue. The log queue is where issued log events + * are collected for later processing. + */ + public ILogQueue getLogQueue(); + +} diff --git a/pki/base/common/src/com/netscape/certsrv/logging/LogPlugin.java b/pki/base/common/src/com/netscape/certsrv/logging/LogPlugin.java new file mode 100644 index 000000000..30ee30836 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/logging/LogPlugin.java @@ -0,0 +1,38 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.logging; + + +import java.util.*; +import java.lang.*; + +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.logging.*; + + +/** + * This class represents a registered logger plugin. + * <P> + * + * @version $Revision$, $Date$ + */ +public class LogPlugin extends Plugin { + public LogPlugin (String id, String path) { + super(id, path); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/logging/LogResources.java b/pki/base/common/src/com/netscape/certsrv/logging/LogResources.java new file mode 100644 index 000000000..942b570db --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/logging/LogResources.java @@ -0,0 +1,59 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.logging; + + +import java.util.*; +import com.netscape.certsrv.base.*; + + +/** + * This is the fallback resource bundle for all log events. + * <P> + * + * @version $Revision$, $Date$ + * @see java.util.ListResourceBundle + */ +public class LogResources extends ListResourceBundle { + public static final String BASE_RESOURCES = BaseResources.class.getName(); + + /** + * Contructs a log resource bundle and sets it's parent to the base + * resource bundle. + * + * @see com.netscape.certsrv.base.BaseResources + */ + public LogResources() { + super(); + setParent(ResourceBundle.getBundle(BASE_RESOURCES)); + } + + /** + * Returns the content of this resource. + * @return Array of objects making up the contents of this resource. + */ + public Object[][] getContents() { + return contents; + } + + /* + * Contents. + */ + + static final Object[][] contents = {}; +} diff --git a/pki/base/common/src/com/netscape/certsrv/logging/SignedAuditEvent.java b/pki/base/common/src/com/netscape/certsrv/logging/SignedAuditEvent.java new file mode 100644 index 000000000..ea97fe3d6 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/logging/SignedAuditEvent.java @@ -0,0 +1,334 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.logging; + + +import java.io.*; +import java.util.*; +import java.text.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.logging.*; + + +/** + * The log event object that carries message detail of a log event + * that goes into the Signed Audit Event log. This log has the + * property of being digitally signed for security considerations. + * + * + * @version $Revision$, $Date$ + * @see java.text.MessageFormat + * @see com.netscape.certsrv.logging.LogResources + */ +public class SignedAuditEvent implements IBundleLogEvent { + + protected Object mParams[] = null; + + private String mEventType = null; + private String mMessage = null; + private int mLevel = -1; + private int mNTEventType = -1; + private int mSource = -1; + private boolean mMultiline = false; + private long mTimeStamp = System.currentTimeMillis(); + + private static final String INVALID_LOG_LEVEL="log level: {0} is invalid, should be 0-6"; + + /** + * The bundle name for this event. + * ....not anymore...keep for now and clean up later + */ + private String mBundleName = LogResources.class.getName(); + + /** + * Constructs a SignedAuditEvent message event. + * <P> + * + * @param msgFormat The message string. + */ + public SignedAuditEvent(String msgFormat) { + mMessage = msgFormat; + mParams = null; + } + + /** + * Constructs a message with a parameter. For example, + * <PRE> + * new SignedAuditEvent("failed to load {0}", fileName); + * </PRE> + * <P> + * + * @param msgFormat Details in message string format. + * @param param Message string parameter. + */ + public SignedAuditEvent(String msgFormat, String param) { + this(msgFormat); + mParams = new String[1]; + mParams[0] = param; + } + + /** + * Constructs a message from an exception. It can be used to carry + * a signed audit exception that may contain information about + * the context. For example, + * <PRE> + * try { + * ... + * } catch (IOExeption e) { + * logHandler.log(new SignedAuditEvent("Encountered Signed Audit Error {0}", e); + * } + * </PRE> + * <P> + * + * @param msgFormat Exception details in message string format. + * @param exception System exception. + */ + public SignedAuditEvent(String msgFormat, Exception exception) { + this(msgFormat); + mParams = new Exception[1]; + mParams[0] = exception; + } + + /** + * Constructs a message from a base exception. This will use the msgFormat + * from the exception itself. + * <PRE> + * try { + * ... + * } catch (Exception e) { + * logHandler.log(new SignedAuditEvent(e)); + * } + * </PRE> + * <P> + * + * @param e CMS exception. + */ + public SignedAuditEvent(Exception e) { + this(e.getMessage()); + if (e instanceof EBaseException) { + mParams = ((EBaseException) e).getParameters(); + } else { + mParams = new Exception[1]; + mParams[0] = e; + } + } + + /** + * Constructs a message event with a list of parameters + * that will be substituted into the message format. + * <P> + * + * @param msgFormat Message string format. + * @param params List of message format parameters. + */ + public SignedAuditEvent(String msgFormat, Object params[]) { + this(msgFormat); + mParams = params; + } + + /** + * Returns the current message format string. + * <P> + * + * @return Details message. + */ + public String getMessage() { + return mMessage; + } + + /** + * Returns a list of parameters. These parameters can be + * used to assist in formatting the message. + * <P> + * + * @return List of message format parameters. + */ + public Object[] getParameters() { + return mParams; + } + + /** + * Returns localized message string. This method should + * only be called if a localized string is necessary. + * <P> + * + * @return Details message. + */ + public String toContent() { + return toContent(Locale.getDefault()); + } + + /** + * Returns the string based on the given locale. + * <P> + * + * @param locale Locale. + * @return Details message. + */ + public String toContent(Locale locale) { + return MessageFormatter.getLocalizedString(locale, getBundleName(), + getMessage(), + getParameters()); + } + + /** + * Sets the resource bundle name for this class instance. This should + * be overridden by subclasses who have their own resource bundles. + * @param bundle String with name of resource bundle. + */ + public void setBundleName(String bundle) { + mBundleName = bundle; + } + + /** + * Retrieves bundle name. + * @return String with name of resource bundle. + */ + protected String getBundleName() { + return mBundleName; + } + + /** + * Retrieves log source. + * This is an id of the subsystem responsible + * for creating the log event. + * @return Integer source id. + */ + public int getSource() { + return mSource; + } + + /** + * Sets log source. + * @param source Integer id of log source. + */ + public void setSource(int source) { + mSource = source; + } + + /** + * Retrieves log level. + * The log level of an event represents its relative importance + * or severity within CMS. + * @return Integer log level value. + */ + public int getLevel() { + return mLevel; + } + + + /** + * Retrieves NT specific log event type. + * @return Integer NTEventType value. + */ + public int getNTEventType() { + return mNTEventType; + } + + /** + * Sets log level, NT log event type. + * For certain log levels the NT log event type gets + * set as well. + * @param level Integer log level value. + */ + public void setLevel(int level) { + mLevel = level; + switch (level) { + case ILogger.LL_DEBUG: + case ILogger.LL_INFO: + mNTEventType = ILogger.NT_INFO; + break; + + case ILogger.LL_WARN: + mNTEventType = ILogger.NT_WARN; + break; + + case ILogger.LL_FAILURE: + case ILogger.LL_MISCONF: + case ILogger.LL_CATASTRPHE: + case ILogger.LL_SECURITY: + mNTEventType = ILogger.NT_ERROR; + break; + + default: + ConsoleError.send(new SignedAuditEvent(INVALID_LOG_LEVEL, + Integer.toString(level))); + break; + } + } + + /** + * Retrieves log multiline attribute. + * @return Boolean whether or not this event is multiline. + * A multiline message simply consists of more than one line. + */ + public boolean getMultiline() { + return mMultiline; + } + + /** + * Sets log multiline attribute. A multiline message consists of + * more than one line. + * @param multiline Boolean multiline value. + */ + public void setMultiline(boolean multiline) { + mMultiline = multiline; + } + + + /** + * Retrieves event time stamp. + * @return Long integer of the time the event was created. + */ + public long getTimeStamp() { + return mTimeStamp; + } + + + /** + * Retrieves log event type. Each type of event + * has an associated String type value. + * @return String containing the type of event. + */ + public String getEventType() { + return mEventType; + } + + + /** + * Sets log event type. Each type of event + * has an associated String type value. + * @param eventType String containing the type of event. + */ + public void setEventType(String eventType) { + mEventType = eventType; + } + + /** + * Return string representation of log message. + * @return String containing log message. + */ + public String toString() { + if (getBundleName() == null) { + MessageFormat detailMessage = new MessageFormat(mMessage); + + return detailMessage.format(mParams); + } else + return toContent(); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/logging/SystemEvent.java b/pki/base/common/src/com/netscape/certsrv/logging/SystemEvent.java new file mode 100644 index 000000000..648d3b18c --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/logging/SystemEvent.java @@ -0,0 +1,330 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.logging; + + +import java.io.*; +import java.util.*; +import java.text.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.logging.*; + + +/** + * The log event object that carries a log message. + * This class represents System events which are CMS events + * which need to be logged to a log file. + * + * @version $Revision$, $Date$ + * @see java.text.MessageFormat + * @see com.netscape.certsrv.logging.LogResources + */ +public class SystemEvent implements IBundleLogEvent { + + protected Object mParams[] = null; + + private String mEventType = null; + private String mMessage = null; + private int mLevel = -1; + private int mNTEventType = -1; + private int mSource = -1; + private boolean mMultiline = false; + private long mTimeStamp = System.currentTimeMillis(); + + /** + * The bundle name for this event. + */ + private String mBundleName = LogResources.class.getName(); + + private static final String INVALID_LOG_LEVEL="log level: {0} is invalid, should be 0-6"; + + /** + * Constructs a SystemEvent message event. + * <P> + * + * @param msgFormat The message string. + */ + public SystemEvent(String msgFormat) { + mMessage = msgFormat; + mParams = null; + } + + /** + * Constructs a SystemEvent message with a parameter. For example, + * <PRE> + * new SystemEvent("failed to load {0}", fileName); + * </PRE> + * <P> + * + * @param msgFormat Details in message string format. + * @param param Message string parameter. + */ + public SystemEvent(String msgFormat, String param) { + this(msgFormat); + mParams = new String[1]; + mParams[0] = param; + } + + /** + * Constructs a SystemEvent message from an exception. It can be used to carry + * a system exception that may contain information about + * the context. For example, + * <PRE> + * try { + * ... + * } catch (IOExeption e) { + * logHandler.log(new SystemEvent("Encountered System Error {0}", e); + * } + * </PRE> + * <P> + * + * @param msgFormat Exception details in message string format. + * @param exception System exception. + */ + public SystemEvent(String msgFormat, Exception exception) { + this(msgFormat); + mParams = new Exception[1]; + mParams[0] = exception; + } + + /** + * Constructs a SystemEvent message from a base exception. This will use the msgFormat + * from the exception itself. + * <PRE> + * try { + * ... + * } catch (Exception e) { + * logHandler.log(new SystemEvent(e)); + * } + * </PRE> + * <P> + * + * @param e CMS exception. + */ + public SystemEvent(Exception e) { + this(e.getMessage()); + if (e instanceof EBaseException) { + mParams = ((EBaseException) e).getParameters(); + } else { + mParams = new Exception[1]; + mParams[0] = e; + } + } + + /** + * Constructs a SystemEvent message event with a list of parameters + * that will be substituted into the message format. + * <P> + * + * @param msgFormat Message string format. + * @param params List of message format parameters. + */ + public SystemEvent(String msgFormat, Object params[]) { + this(msgFormat); + mParams = params; + } + + /** + * Returns the current message format string. + * <P> + * + * @return Details message. + */ + public String getMessage() { + return mMessage; + } + + /** + * Returns a list of parameters. These parameters can be + * used to assist in formatting the message. + * <P> + * + * @return List of message format parameters. + */ + public Object[] getParameters() { + return mParams; + } + + /** + * Returns localized message string. This method should + * only be called if a localized string is necessary. + * <P> + * + * @return Details message. + */ + public String toContent() { + return toContent(Locale.getDefault()); + } + + /** + * Returns the string based on the given locale. + * <P> + * + * @param locale Locale. + * @return Details message. + */ + public String toContent(Locale locale) { + return MessageFormatter.getLocalizedString(locale, getBundleName(), + getMessage(), + getParameters()); + } + + /** + * Sets the resource bundle name for this class instance. This should + * be overridden by subclasses who have their own resource bundles. + * @param bundle String with the name of resource bundle. + */ + public void setBundleName(String bundle) { + mBundleName = bundle; + } + + /** + * Retrieves bundle name. + * @return String with name of resource bundle. + */ + protected String getBundleName() { + return mBundleName; + } + + /** + * Retrieves log source. + * This is an id of the subsystem responsible + * for creating the log event. + * @return Integer source id. + */ + public int getSource() { + return mSource; + } + + /** + * Sets log source. + * Sets the id of the subsystem issuing the event. + * @param source Integer source id. + */ + public void setSource(int source) { + mSource = source; + } + + /** + * Retrieves log level. + * The log level of an event represents its relative importance + * or severity within CMS. + * @return Integer log level value. + */ + public int getLevel() { + return mLevel; + } + + /** + * Retrieves NT specific log event type. + * @return Integer NTEventType value. + */ + public int getNTEventType() { + return mNTEventType; + } + + /** + * Sets log level, NT log event type. + * For certain log levels the NT log event type gets + * set as well. + * @param level Integer log level value. + */ + public void setLevel(int level) { + mLevel = level; + switch (level) { + case ILogger.LL_DEBUG: + case ILogger.LL_INFO: + mNTEventType = ILogger.NT_INFO; + break; + + case ILogger.LL_WARN: + mNTEventType = ILogger.NT_WARN; + break; + + case ILogger.LL_FAILURE: + case ILogger.LL_MISCONF: + case ILogger.LL_CATASTRPHE: + case ILogger.LL_SECURITY: + mNTEventType = ILogger.NT_ERROR; + break; + + default: + ConsoleError.send(new SystemEvent(INVALID_LOG_LEVEL, + Integer.toString(level))); + break; + } + } + + /** + * Retrieves log multiline attribute. + * @return Boolean whether or not this event is multiline. + * A multiline message simply consists of more than one line. + */ + public boolean getMultiline() { + return mMultiline; + } + + /** + * Sets log multiline attribute. A multiline message consists of + * more than one line. + * @param multiline Boolean multiline value. + */ + public void setMultiline(boolean multiline) { + mMultiline = multiline; + } + + /** + * Retrieves event time stamp. + * @return Long integer of the time the event was created. + */ + public long getTimeStamp() { + return mTimeStamp; + } + + /** + * Retrieves log event type. Each type of event + * has an associated String type value. + * @return String containing the type of event. + */ + public String getEventType() { + return mEventType; + } + + + /** + * Sets log event type. Each type of event + * has an associated String type value. + * @param eventType String containing the type of event. + */ + public void setEventType(String eventType) { + mEventType = eventType; + } + + /** + * Return string representation of log message. + * @return String containing log message. + */ + public String toString() { + if (getBundleName() == null) { + MessageFormat detailMessage = new MessageFormat(mMessage); + + return detailMessage.format(mParams); + } else + return toContent(); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/notification/ENotificationException.java b/pki/base/common/src/com/netscape/certsrv/notification/ENotificationException.java new file mode 100644 index 000000000..a5347ff43 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/notification/ENotificationException.java @@ -0,0 +1,77 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.notification; + + +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.logging.*; + + +/** + * A class represents a notification exception. + * <P> + * + * @version $Revision$, $Date$ + */ +public class ENotificationException extends EBaseException { + + /** + * Identity resource class name. + */ + private static final String NOTIFICATION_RESOURCES = NotificationResources.class.getName(); + + /** + * Constructs a notification exception + * <P> + */ + public ENotificationException(String msgFormat) { + super(msgFormat); + } + + /** + * Constructs a Identity exception. + * <P> + */ + public ENotificationException(String msgFormat, String param) { + super(msgFormat, param); + } + + /** + * Constructs a Identity exception. + * <P> + */ + public ENotificationException(String msgFormat, Exception e) { + super(msgFormat, e); + } + + /** + * Constructs a Identity exception. + * <P> + */ + public ENotificationException(String msgFormat, Object params[]) { + super(msgFormat, params); + } + + /** + * Retrieves bundle name. + */ + protected String getBundleName() { + return NOTIFICATION_RESOURCES; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/notification/IEmailFormProcessor.java b/pki/base/common/src/com/netscape/certsrv/notification/IEmailFormProcessor.java new file mode 100644 index 000000000..234c7a46d --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/notification/IEmailFormProcessor.java @@ -0,0 +1,84 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.notification; + + +import com.netscape.certsrv.logging.*; +import com.netscape.certsrv.notification.*; +import java.util.*; +import java.lang.*; + + +/** + * formulates the final email. Escape character '\' is understood. + * '$' is used preceeding a token name. A token name should not be a + * substring of any other token name + * <p> + * + * @version $Revision$, $Date$ + */ +public interface IEmailFormProcessor { + + // list of token names + public final static String TOKEN_ID = "InstanceID"; + public final static String TOKEN_SERIAL_NUM = "SerialNumber"; + public final static String TOKEN_HEX_SERIAL_NUM = "HexSerialNumber"; + public final static String TOKEN_REQUEST_ID = "RequestId"; + public final static String TOKEN_HTTP_HOST = "HttpHost"; + public final static String TOKEN_HTTP_PORT = "HttpPort"; + public final static String TOKEN_ISSUER_DN = "IssuerDN"; + public final static String TOKEN_SUBJECT_DN = "SubjectDN"; + public final static String TOKEN_REQUESTOR_EMAIL = "RequestorEmail"; + public final static String TOKEN_CERT_TYPE = "CertType"; + public final static String TOKEN_REQUEST_TYPE = "RequestType"; + public final static String TOKEN_STATUS = "Status"; + public final static String TOKEN_NOT_AFTER = "NotAfter"; + public final static String TOKEN_NOT_BEFORE = "NotBefore"; + public final static String TOKEN_SENDER_EMAIL = "SenderEmail"; + public final static String TOKEN_RECIPIENT_EMAIL = "RecipientEmail"; + public final static String TOKEN_SUMMARY_ITEM_LIST = "SummaryItemList"; + public final static String TOKEN_SUMMARY_TOTAL_NUM = "SummaryTotalNum"; + public final static String TOKEN_SUMMARY_SUCCESS_NUM = "SummaryTotalSuccess"; + public final static String TOKEN_SUMMARY_FAILURE_NUM = "SummaryTotalFailure"; + public final static String TOKEN_EXECUTION_TIME = "ExecutionTime"; + + public final static String TOKEN_REVOCATION_DATE = "RevocationDate"; + + /* + * takes the form template, parse and replace all $tokens with the + * right values. It handles escape character '\' + * @param form The locale specific form template, + * @param tok2vals a hashtable containing one to one mapping + * from $tokens used by the admins in the form template to the real + * values corresponding to the $tokens + * @return mail content + */ + public String getEmailContent(String form, + Hashtable tok2vals); + + /** + * takes a vector of strings and concatenate them + */ + public String formContent(Vector vec); + + /** + * logs an entry in the log file. + */ + public void log(int level, String msg); +} + diff --git a/pki/base/common/src/com/netscape/certsrv/notification/IEmailResolver.java b/pki/base/common/src/com/netscape/certsrv/notification/IEmailResolver.java new file mode 100644 index 000000000..6b654da40 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/notification/IEmailResolver.java @@ -0,0 +1,41 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.notification; + + +import com.netscape.certsrv.base.*; + + +/** + * An email resolver that first checks the request email, if none, + * then follows by checking the subjectDN of the certificate + * <p> + * + * @version $Revision$, $Date$ + */ +public interface IEmailResolver { + + /** + * returns an email address by using the resolver keys. The + * return value can possibly be null + * @param keys list of keys used for resolving the email address + */ + public String getEmail(IEmailResolverKeys keys) + throws EBaseException, ENotificationException; + +} diff --git a/pki/base/common/src/com/netscape/certsrv/notification/IEmailResolverKeys.java b/pki/base/common/src/com/netscape/certsrv/notification/IEmailResolverKeys.java new file mode 100644 index 000000000..2382412c4 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/notification/IEmailResolverKeys.java @@ -0,0 +1,38 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.notification; + + +import com.netscape.certsrv.base.*; +import java.util.*; + + +/** + * An interface represents email resolver (ordered) keys for resolving + * emails + * e.g. request/cert, cert/request, request, request/cert/subjectalternatename etc. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IEmailResolverKeys extends IAttrSet { + + public static final String KEY_REQUEST = "request"; + public static final String KEY_CERT = "cert"; + +} diff --git a/pki/base/common/src/com/netscape/certsrv/notification/IEmailTemplate.java b/pki/base/common/src/com/netscape/certsrv/notification/IEmailTemplate.java new file mode 100644 index 000000000..74c97402b --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/notification/IEmailTemplate.java @@ -0,0 +1,57 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.notification; + + +import java.lang.*; +import java.io.*; +import java.util.*; + +import com.netscape.certsrv.logging.*; +import com.netscape.certsrv.notification.*; + + +/** + * Files to be processed and returned to the requested parties. It + * is a template with $tokens to be used by the form/template processor. + * + * @version $Revision$, $Date$ + */ + +public interface IEmailTemplate { + + public boolean init(); + + /** + * @return Template Name in string form + */ + public String getTemplateName(); + + /** + * @return true if template is an html file, false otherwise + */ + public boolean isHTML(); + + /** + * @return Content of the template + */ + public String toString(); + + public int length(); + +} diff --git a/pki/base/common/src/com/netscape/certsrv/notification/IMailNotification.java b/pki/base/common/src/com/netscape/certsrv/notification/IMailNotification.java new file mode 100644 index 000000000..4301f5327 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/notification/IMailNotification.java @@ -0,0 +1,85 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.notification; + + +import java.util.*; +import java.io.*; +import java.lang.String; +import netscape.net.smtp.*; +import netscape.ldap.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.dbs.*; +import com.netscape.certsrv.dbs.certdb.*; +import com.netscape.certsrv.logging.*; +import com.netscape.certsrv.notification.*; +import netscape.security.x509.*; + + +/** + * This class handles mail notification via SMTP. + * This class uses <b>smtp.host</b> in the configuration for smtp + * host. The port default (25) is used. If no smtp specified, local + * host is used + * + * @version $Revision$, $Date$ + */ +public interface IMailNotification { + + /** + * send one message to one or more addressees + */ + public void sendNotification() throws IOException, ENotificationException; + + /** + * sets the "From" field + * @param from email address of the sender + */ + public void setFrom(String from); + + /** + * sets the "Subject" field + * @param subject subject of the email + */ + public void setSubject(String subject); + + /** + * sets the "Content-Type" field + * @param contentType content type of the email + */ + public void setContentType(String contentType); + + /** + * sets the content of the email + * @param content the message content + */ + public void setContent(String content); + + /** + * sets the recipients' email addresses + * @param addresses a list of email addresses of the recipients + */ + public void setTo(Vector addresses); + + /** + * sets the recipient's email address + * @param to address of the recipient email address + */ + public void setTo(String to); + +} diff --git a/pki/base/common/src/com/netscape/certsrv/notification/NotificationResources.java b/pki/base/common/src/com/netscape/certsrv/notification/NotificationResources.java new file mode 100644 index 000000000..e9cdbdfa1 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/notification/NotificationResources.java @@ -0,0 +1,45 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.notification; + + +import java.util.*; + + +/** + * A class represents a resource bundle for the + * Mail Notification package + * + * @version $Revision$, $Date$ + */ +public class NotificationResources extends ListResourceBundle { + + /** + * Returns the content of this resource. + */ + public Object[][] getContents() { + return contents; + } + + /** + * Constants. The suffix represents the number of + * possible parameters. + */ + + static final Object[][] contents = {}; +} diff --git a/pki/base/common/src/com/netscape/certsrv/ocsp/IDefStore.java b/pki/base/common/src/com/netscape/certsrv/ocsp/IDefStore.java new file mode 100644 index 000000000..a9c24fdc1 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/ocsp/IDefStore.java @@ -0,0 +1,181 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.ocsp; + + +import java.util.*; +import java.math.*; +import java.security.cert.*; +import com.netscape.certsrv.common.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.dbs.crldb.*; +import com.netscape.certsrv.dbs.repository.*; +import com.netscape.cmsutil.ocsp.*; + + +/** + * This class defines an Online Certificate Status Protocol (OCSP) store which + * has been extended to provide information from the internal database. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IDefStore extends IOCSPStore +{ + /** + * This method retrieves the number of CRL updates since startup. + * <P> + * + * @return count the number of OCSP default stores + */ + public int getStateCount(); + + /** + * This method retrieves the number of OCSP requests since startup. + * <P> + * + * @param id a string associated with an OCSP request + * @return count the number of this type of OCSP requests + */ + public long getReqCount(String id); + + /** + * This method creates a an OCSP default store repository record. + * <P> + * + * @return IRepositoryRecord an instance of the repository record object + */ + public IRepositoryRecord createRepositoryRecord(); + + /** + * This method adds a request to the default OCSP store repository. + * <P> + * + * @param name a string representing the name of this request + * @param thisUpdate the current request + * @param rec an instance of the repository record object + * @exception EBaseException occurs when there is an error attempting to + * add this request to the repository + */ + public void addRepository(String name, String thisUpdate, + IRepositoryRecord rec) + throws EBaseException; + + /** + * This method specifies whether or not to wait for the Certificate + * Revocation List (CRL) to be updated. + * <P> + * + * @return boolean true or false + */ + public boolean waitOnCRLUpdate(); + + /** + * This method updates the specified CRL. + * <P> + * + * @param crl the CRL to be updated + * @exception EBaseException occurs when the CRL cannot be updated + */ + public void updateCRL(X509CRL crl) throws EBaseException; + + /** + * This method attempts to read the CRL issuing point. + * <P> + * + * @param name the name of the CRL to be read + * @return ICRLIssuingPointRecord the CRL issuing point + * @exception EBaseException occurs when the specified CRL cannot be located + */ + public ICRLIssuingPointRecord readCRLIssuingPoint(String name) + throws EBaseException; + + /** + * This method searches all CRL issuing points. + * <P> + * + * @param maxSize specifies the largest number of hits from the search + * @return Enumeration a list of the CRL issuing points + * @exception EBaseException occurs when no CRL issuing point exists + */ + public Enumeration searchAllCRLIssuingPointRecord( + int maxSize) + throws EBaseException; + + /** + * This method searches all CRL issuing points constrained by the specified + * filtering mechanism. + * <P> + * + * @param filter a string which constrains the search + * @param maxSize specifies the largest number of hits from the search + * @return Enumeration a list of the CRL issuing points + * @exception EBaseException occurs when no CRL issuing point exists + */ + public Enumeration searchCRLIssuingPointRecord(String filter, + int maxSize) + throws EBaseException; + + /** + * This method creates a CRL issuing point record. + * <P> + * + * @param name a string representation of this CRL issuing point record + * @param crlNumber the number of this CRL issuing point record + * @param crlSize the size of this CRL issuing point record + * @param thisUpdate the time for this CRL issuing point record + * @param nextUpdate the time for the next CRL issuing point record + * @return ICRLIssuingPointRecord this CRL issuing point record + */ + public ICRLIssuingPointRecord createCRLIssuingPointRecord( + String name, BigInteger crlNumber, + Long crlSize, Date thisUpdate, Date nextUpdate); + + /** + * This method adds a CRL issuing point + * <P> + * + * @param name a string representation of this CRL issuing point record + * @param rec this CRL issuing point record + * @exception EBaseException occurs when the specified CRL issuing point + * record cannot be added + */ + public void addCRLIssuingPoint(String name, ICRLIssuingPointRecord rec) + throws EBaseException; + + /** + * This method deletes a CRL issuing point record + * <P> + * + * @param id a string representation of this CRL issuing point record + * @exception EBaseException occurs when the specified CRL issuing point + * record cannot be deleted + */ + public void deleteCRLIssuingPointRecord(String id) + throws EBaseException; + + /** + * This method checks to see if the OCSP response should return good + * when the certificate is not found. + * <P> + * + * @return boolean true or false + */ + public boolean isNotFoundGood(); +} + diff --git a/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPAuthority.java b/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPAuthority.java new file mode 100644 index 000000000..84b223a88 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPAuthority.java @@ -0,0 +1,197 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.ocsp; + + +import java.util.*; +import java.security.*; +import java.util.Vector; +import java.io.*; +import java.io.InputStream; +import java.io.IOException; + +import org.mozilla.jss.pkix.primitive.*; +import org.mozilla.jss.asn1.*; +import org.mozilla.jss.asn1.INTEGER; +import org.mozilla.jss.pkix.cert.Certificate; +import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier; +import org.mozilla.jss.asn1.BIT_STRING; + +import netscape.security.x509.*; + +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.security.*; +import com.netscape.certsrv.dbs.crldb.*; +import com.netscape.certsrv.dbs.certdb.*; +import com.netscape.certsrv.logging.*; + +import com.netscape.cmsutil.ocsp.*; + + +/** + * This class represents the primary interface for the Online Certificate + * Status Protocol (OCSP) server. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IOCSPAuthority extends ISubsystem +{ + public static final String ID = "ocsp"; + + public final static OBJECT_IDENTIFIER OCSP_NONCE = new OBJECT_IDENTIFIER("1.3.6.1.5.5.7.48.1.2"); + + public final static String PROP_DEF_STORE_ID = "storeId"; + public final static String PROP_STORE = "store"; + public final static String PROP_SIGNING_SUBSTORE = "signing"; + public static final String PROP_NICKNAME = "certNickname"; + public final static String PROP_NEW_NICKNAME = "newNickname"; + + /** + * This method retrieves the OCSP store given its name. + * <P> + * + * @param id the string representation of an OCSP store + * @return IOCSPStore an instance of an OCSP store object + */ + public IOCSPStore getOCSPStore(String id); + + /** + * This method retrieves the signing unit. + * <P> + * + * @return ISigningUnit an instance of a signing unit object + */ + public ISigningUnit getSigningUnit(); + + /** + * This method retrieves the responder ID by its name. + * <P> + * + * @return ResponderID an instance of a responder ID + */ + public ResponderID getResponderIDByName(); + + /** + * This method retrieves the responder ID by its hash. + * <P> + * + * @return ResponderID an instance of a responder ID + */ + public ResponderID getResponderIDByHash(); + + /** + * This method retrieves the default OCSP store + * (i. e. - information from the internal database). + * <P> + * + * @return IDefStore an instance of the default OCSP store + */ + public IDefStore getDefaultStore(); + + /** + * This method sets the supplied algorithm as the default signing algorithm. + * <P> + * + * @param algorithm a string representing the requested algorithm + * @exception EBaseException if the algorithm is unknown or disallowed + */ + public void setDefaultAlgorithm(String algorithm) + throws EBaseException; + + /** + * This method retrieves the default signing algorithm. + * <P> + * + * @return String the name of the default signing algorithm + */ + public String getDefaultAlgorithm(); + + /** + * This method retrieves all potential OCSP signing algorithms. + * <P> + * + * @return String[] the names of all potential OCSP signing algorithms + */ + public String[] getOCSPSigningAlgorithms(); + + /** + * This method logs the specified message at the specified level. + * <P> + * + * @param level the log level + * @param msg the log message + */ + public void log(int level, String msg); + + /** + * This method logs the specified message at the specified level given + * the specified event. + * <P> + * + * @param event the log event + * @param level the log message + * @param msg the log message + */ + public void log(int event, int level, String msg); + + /** + * This method retrieves the X500Name of an OCSP server instance. + * <P> + * + * @return X500Name an instance of the X500 name object + */ + public X500Name getName(); + + /** + * This method retrieves an OCSP server instance digest name as a string. + * <P> + * + * @param alg the signing algorithm + * @return String the digest name of the related OCSP server + */ + public String getDigestName(AlgorithmIdentifier alg); + + /** + * This method signs the basic OCSP response data provided as a parameter. + * <P> + * + * @param rd response data + * @return BasicOCSPResponse signed response data + * @exception EBaseException error associated with an inability to sign + * the specified response data + */ + public BasicOCSPResponse sign(ResponseData rd) + throws EBaseException; + + /** + * This method compares two byte arrays to see if they are equivalent. + * <P> + * + * @param bytes the first byte array + * @param ints the second byte array + * @return boolean true or false + */ + public boolean arraysEqual(byte[] bytes, byte[] ints); + + public void incTotalTime(long inc); + public void incSignTime(long inc); + public void incLookupTime(long inc); + public void incNumOCSPRequest(long inc); +} + diff --git a/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPService.java b/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPService.java new file mode 100644 index 000000000..9bd9ba027 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPService.java @@ -0,0 +1,100 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.ocsp; + + +import java.util.*; +import java.security.*; +import java.util.Vector; +import java.io.*; +import java.io.InputStream; +import java.io.IOException; + +import org.mozilla.jss.pkix.primitive.*; +import org.mozilla.jss.asn1.*; +import org.mozilla.jss.asn1.INTEGER; +import org.mozilla.jss.pkix.cert.Certificate; +import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier; +import org.mozilla.jss.asn1.BIT_STRING; + +import netscape.security.x509.*; + +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.dbs.crldb.*; +import com.netscape.certsrv.dbs.certdb.*; +import com.netscape.certsrv.logging.*; + +import com.netscape.cmsutil.ocsp.*; + + +/** + * This class represents the servlet that serves the Online Certificate + * Status Protocol (OCSP) requests. + * + * @version $Revision$ $Date$ + */ +public interface IOCSPService +{ + /** + * This method validates the information associated with the specified + * OCSP request and returns an OCSP response. + * <P> + * + * @param r an OCSP request + * @return OCSPResponse the OCSP response associated with the specified + * OCSP request + * @exception EBaseException an error associated with the inability to + * process the supplied OCSP request + */ + public OCSPResponse validate(OCSPRequest r) + throws EBaseException; + + /** + * Returns the in-memory count of the processed OCSP requests. + * + * @return number of processed OCSP requests in memory + */ + public long getNumOCSPRequest(); + + /** + * Returns the in-memory time (in mini-second) of + * the processed time for OCSP requests. + * + * @return processed times for OCSP requests + */ + public long getOCSPRequestTotalTime(); + + /** + * Returns the in-memory time (in mini-second) of + * the signing time for OCSP requests. + * + * @return processed times for OCSP requests + */ + public long getOCSPTotalSignTime(); + + public long getOCSPTotalLookupTime(); + + /** + * Returns the total data signed + * for OCSP requests. + * + * @return processed times for OCSP requests + */ + public long getOCSPTotalData(); +} + diff --git a/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPStore.java b/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPStore.java new file mode 100644 index 000000000..8576864e8 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPStore.java @@ -0,0 +1,76 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.ocsp; + + +import java.util.*; +import java.math.*; +import com.netscape.certsrv.common.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.dbs.crldb.*; +import com.netscape.cmsutil.ocsp.*; + + +/** + * This class represents the generic interface for an Online Certificate + * Status Protocol (OCSP) store. Users can plugin different OCSP stores + * by extending this class. For example, imagine that if a user wants to + * use the corporate LDAP server for revocation checking, then the user + * would merely create a new class that extends this class (e. g. - + * "public interface ICorporateLDAPStore extends IOCSPStore"). + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IOCSPStore extends ISubsystem +{ + /** + * This method validates the information associated with the specified + * OCSP request and returns an OCSP response. + * <P> + * + * @param req an OCSP request + * @return OCSPResponse the OCSP response associated with the specified + * OCSP request + * @exception EBaseException an error associated with the inability to + * process the supplied OCSP request + */ + public OCSPResponse validate(OCSPRequest req) + throws EBaseException; + + /** + * This method retrieves the configuration parameters associated with this + * OCSP store. + * <P> + * + * @return NameValuePairs all configuration items + */ + public NameValuePairs getConfigParameters(); + + /** + * This method stores the configuration parameters specified by the + * passed-in Name Value pairs object. + * <P> + * + * @param pairs a name-value pair object + * @exception EBaseException an illegal name-value pair + */ + public void setConfigParameters(NameValuePairs pairs) + throws EBaseException; +} + diff --git a/pki/base/common/src/com/netscape/certsrv/password/EPasswordCheckException.java b/pki/base/common/src/com/netscape/certsrv/password/EPasswordCheckException.java new file mode 100644 index 000000000..5c814fd2e --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/password/EPasswordCheckException.java @@ -0,0 +1,83 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.password; + +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.logging.*; + +/** + * A class represents a password checker exception. + * <P> + * + * @version $Revision$, $Date$ + */ +public class EPasswordCheckException extends EBaseException { + + /** + * Resource class name. + */ + private static final String PASSWORD_CHECK_RESOURCES = PasswordResources.class.getName(); + + /** + * Constructs a password checker exception + * <P> + * @param msgFormat exception details + */ + public EPasswordCheckException(String msgFormat) { + super(msgFormat); + } + + /** + * Constructs a password checker exception. + * <P> + * @param msgFormat exception details in message string format + * @param param message string parameter + */ + public EPasswordCheckException(String msgFormat, String param) { + super(msgFormat, param); + } + + /** + * Constructs a password checker exception. + * <P> + * @param msgFormat exception details in message string format + * @param exception system exception + */ + public EPasswordCheckException(String msgFormat, Exception exception) { + super(msgFormat, exception); + } + + /** + * Constructs a password checker exception. + * <P> + * @param msgFormat the message format. + * @param params list of message format parameters + */ + public EPasswordCheckException(String msgFormat, Object params[]) { + super(msgFormat, params); + } + + /** + * Retrieves bundle name. + * @return resource bundle name. + */ + protected String getBundleName() { + return PASSWORD_CHECK_RESOURCES; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/password/IConfigPasswordCheck.java b/pki/base/common/src/com/netscape/certsrv/password/IConfigPasswordCheck.java new file mode 100644 index 000000000..ddf4325c2 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/password/IConfigPasswordCheck.java @@ -0,0 +1,43 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.password; + + +/** + * Configuration Wizard Password quality checker interface. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IConfigPasswordCheck { + + /** + * Check if the password meets the quality requirement + * @param pwd the given password + * @return true if the password meets the quality requirement; otherwise false + */ + public boolean isGoodConfigPassword(String pwd); + + /** + * Returns a reason if the password doesnt meet the quality requirement. + * @param pwd the given password + * @return a reason if the password quality requirement is not met. + */ + public String getConfigReason(String pwd); +} + diff --git a/pki/base/common/src/com/netscape/certsrv/password/IPasswordCheck.java b/pki/base/common/src/com/netscape/certsrv/password/IPasswordCheck.java new file mode 100644 index 000000000..bb84a72fa --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/password/IPasswordCheck.java @@ -0,0 +1,43 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.password; + + +/** + * Password quality checker interface. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IPasswordCheck { + + /** + * Check if the password meets the quality requirement + * @param pwd the given password + * @return true if the password meets the quality requirement; otherwise false + */ + public boolean isGoodPassword(String pwd); + + /** + * Returns a reason if the password doesnt meet the quality requirement. + * @param pwd the given password + * @return a reason if the password quality requirement is not met. + */ + public String getReason(String pwd); +} + diff --git a/pki/base/common/src/com/netscape/certsrv/pattern/AttrSetCollection.java b/pki/base/common/src/com/netscape/certsrv/pattern/AttrSetCollection.java new file mode 100644 index 000000000..ef6c5af66 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/pattern/AttrSetCollection.java @@ -0,0 +1,58 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.pattern; + + +import java.util.*; +import com.netscape.certsrv.base.*; + +/** + * This class represents a collection of attribute + * sets. + * + * @version $Revision$, $Date$ + */ +public class AttrSetCollection extends Hashtable { + + /** + * Constructs a collection. + */ + public AttrSetCollection() { + super(); + } + + /** + * Retrieves a attribute set from this collection. + * + * @param name name of the attribute set + * @return attribute set + */ + public IAttrSet getAttrSet(String name) { + return (IAttrSet) get(name); + } + + /** + * Sets attribute set in this collection. + * + * @param name set of the attribute set + * @param set attribute set + */ + public void putAttrSet(String name, IAttrSet set) { + put(name, set); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/pattern/Pattern.java b/pki/base/common/src/com/netscape/certsrv/pattern/Pattern.java new file mode 100644 index 000000000..fe6426306 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/pattern/Pattern.java @@ -0,0 +1,164 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.pattern; + + +import java.util.*; +import com.netscape.certsrv.base.*; + + +/** + * This is a generic pattern subtitution engine. The + * pattern format should be: + * <p> + * $[attribute set key].[attribute name]$ + * <p> + * For example, + * <p> + * $request.requestor_email$ + * $ctx.user_id$ + * <p> + * + * @version $Revision$, $Date$ + */ +public class Pattern { + + private String mS = null; + + /** + * Constructs a pattern object with the given string. + * + * @param s string with pattern (i.e. $request.requestor_email$) + */ + public Pattern(String s) { + mS = s; + } + + /** + * Subtitutes this pattern with the given attribute set. + * + * @param key key name of the given attribute set + * @param attrSet attribute set + * @return substituted string + */ + public String substitute(String key, IAttrSet attrSet) { + return substitute2(key, attrSet); + } + + /** + * Subtitutes this pattern with the given attribute set. + * + * @param attrSetCollection attribute set collection + * @return substituted string + */ + public String substitute(AttrSetCollection attrSetCollection) { + String temp = mS; + Enumeration keys = attrSetCollection.keys(); + + while (keys.hasMoreElements()) { + String key = (String) keys.nextElement(); + Pattern p = new Pattern(temp); + + temp = p.substitute(key, + attrSetCollection.getAttrSet(key)); + + } + return temp; + } + + /** + * Subtitutes this pattern with the given attribute set. + * + * This is an extended version of the substitute() method. + * It takes a more flexible pattern format that could have + * non-token ($...$) format. e.g. + * $request.screenname$@redhat.com + * where "@redhat.com" is not in token pattern format, and will be + * literally put in place. e.g. + * TomRiddle@redhat.com + * + * @param key key name of the given attribute set + * @param attrSet attribute set + * @return substituted string + */ + public String substitute2(String key, IAttrSet attrSet) { + StringBuffer sb = new StringBuffer(); + + int startPos = 0; + int lastPos; + + do { + // from startPos to right before '$' or end of string + // need to be copied over + + lastPos = mS.indexOf('$', startPos); + + // if no '$', return the entire string + if (lastPos == -1 && startPos == 0) + return mS; + + // no more '$' found, copy the rest of chars, done + if (lastPos == -1) { + sb.append(mS.substring(startPos)); // + return sb.toString(); // + // continue; + } + + // found '$' + if (startPos < lastPos) { + sb.append(mS.substring(startPos, lastPos)); + } + + // look for the ending '$' + int endPos = mS.indexOf('$', lastPos + 1); + String token = mS.substring(lastPos + 1, endPos); + int dotPos = token.indexOf('.'); + + // it's assuming there's always a '.' + String attrKey = token.substring(0, dotPos); + String attrName = token.substring(dotPos + 1); + + if (!key.equals(attrKey)) { + startPos = endPos + 1; + sb.append("$" + attrKey + "." + attrName + "$"); + continue; + } + + try { + Object o = attrSet.get(attrName); + + if (!(o instanceof String)) { + startPos = endPos + 1; + // if no such attrName, copy the token pattern over + sb.append("$" + attrKey + "." + attrName + "$"); + continue; + } + String val = (String) o; + + sb.append(val); + } catch (EBaseException e) { + sb.append("$" + attrKey + "." + attrName + "$"); + } + startPos = endPos + 1; + } + while (lastPos != -1); + + return sb.toString(); + } + +} diff --git a/pki/base/common/src/com/netscape/certsrv/policy/EPolicyException.java b/pki/base/common/src/com/netscape/certsrv/policy/EPolicyException.java new file mode 100644 index 000000000..a65e2e5ff --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/policy/EPolicyException.java @@ -0,0 +1,165 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.policy; + + +import java.io.*; +import java.util.*; +import java.text.*; +import java.lang.reflect.*; +import com.netscape.certsrv.base.*; + + +/** + * This class represents Exceptions used by the policy package. + * The policies themselves do not raise exceptions but use them + * to format error messages. + * + * Adapted from EBasException + * <P> + * <PRE> + * NOTE: The Policy Framework has been replaced by the Profile Framework. + * </PRE> + * <P> + * + * @deprecated + * @version $Revision$, $Date$ + * @see java.text.MessageFormat + */ +public class EPolicyException extends EBaseException { + + /** + * Resource class name. + */ + private static final String POLICY_RESOURCES = PolicyResources.class.getName(); + + /** + * Constructs a base exception. + * <P> + * + * @param msgFormat exception details + */ + public EPolicyException(String msgFormat) { + super(msgFormat); + mParams = null; + } + + /** + * Constructs a base exception with a parameter. For example, + * <PRE> + * new EPolicyException("failed to load {0}", fileName); + * </PRE> + * <P> + * + * @param msgFormat exception details in message string format + * @param param message string parameter + */ + public EPolicyException(String msgFormat, String param) { + super(msgFormat); + mParams = new String[1]; + mParams[0] = param; + } + + /** + * Constructs a base exception with two String parameters. For example, + * <P> + * + * @param msgFormat exception details in message string format + * @param param1 message string parameter + * @param param2 message string parameter + */ + public EPolicyException(String msgFormat, String param1, String param2) { + super(msgFormat); + mParams = new String[2]; + mParams[0] = param1; + mParams[1] = param2; + } + + /** + * Constructs a base exception. It can be used to carry + * a system exception that may contain information about + * the context. For example, + * <PRE> + * try { + * ... + * } catch (IOExeption e) { + * throw new EPolicyException("Encountered System Error {0}", e); + * } + * </PRE> + * <P> + * + * @param msgFormat exception details in message string format + * @param param system exception + */ + public EPolicyException(String msgFormat, Exception param) { + super(msgFormat); + mParams = new Exception[1]; + mParams[0] = param; + } + + /** + * Constructs a base exception with a list of parameters + * that will be substituted into the message format. + * <P> + * + * @param msgFormat exception details in message string format + * @param params list of message format parameters + */ + public EPolicyException(String msgFormat, Object params[]) { + super(msgFormat); + mParams = params; + } + + /** + * Returns a list of parameters. + * <P> + * + * @return list of message format parameters + */ + public Object[] getParameters() { + return mParams; + } + + /** + * Returns localized exception string. This method should + * only be called if a localized string is necessary. + * <P> + * + * @return details message + */ + public String toString() { + return toString(Locale.getDefault()); + } + + /** + * Returns the string based on the given locale. + * <P> + * + * @param locale locale + * @return details message + */ + public String toString(Locale locale) { + return MessageFormatter.getLocalizedString(locale, getBundleName(), + super.getMessage(), mParams); + } + + protected String getBundleName() { + return POLICY_RESOURCES; + } + +} diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IEnrollmentPolicy.java b/pki/base/common/src/com/netscape/certsrv/policy/IEnrollmentPolicy.java new file mode 100644 index 000000000..bfd0e7c20 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/policy/IEnrollmentPolicy.java @@ -0,0 +1,36 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.policy; + + +/** + * Interface for an enrollment policy rule. This provides general + * typing for rules so that a policy processor can group rules + * based on a particular type. + * <P> + * <PRE> + * NOTE: The Policy Framework has been replaced by the Profile Framework. + * </PRE> + * <P> + * + * @deprecated + * @version $Revision$, $Date$ + */ +public interface IEnrollmentPolicy extends IPolicyRule { +} + diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IExpression.java b/pki/base/common/src/com/netscape/certsrv/policy/IExpression.java new file mode 100644 index 000000000..e5deb476a --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/policy/IExpression.java @@ -0,0 +1,63 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.policy; + + +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.request.IRequest; + + +/** + * Interface for a policy expression. + * <P> + * <PRE> + * NOTE: The Policy Framework has been replaced by the Profile Framework. + * </PRE> + * <P> + * + * @deprecated + * @version $Revision$, $Date$ + */ +public interface IExpression { + public static final int OP_EQUAL = 1; + public static final int OP_NEQUAL = 2; + public static final int OP_GT = 3; + public static final int OP_LT = 4; + public static final int OP_GE = 5; + public static final int OP_LE = 6; + public static final String EQUAL_STR = "=="; + public static final String NEQUAL_STR = "!="; + public static final String GT_STR = ">"; + public static final String GE_STR = ">="; + public static final String LT_STR = "<"; + public static final String LE_STR = "<="; + + /** + * Evaluate the Expression. + * + * @param req The PKIRequest on which we are applying the condition. + * @return The return value. + */ + boolean evaluate(IRequest req) + throws EPolicyException; + + /** + * Convert to a string. + */ + public String toString(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameAsConstraintsConfig.java b/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameAsConstraintsConfig.java new file mode 100644 index 000000000..0dac71068 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameAsConstraintsConfig.java @@ -0,0 +1,54 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.policy; + + +import java.util.*; +import netscape.security.x509.*; +import netscape.security.util.*; + + +/** + * Class that can be used to form general names from configuration file. + * Used by policies and extension commands. + * <P> + * <PRE> + * NOTE: The Policy Framework has been replaced by the Profile Framework. + * </PRE> + * <P> + * + * @deprecated + * @version $Revision$, $Date$ + */ +public interface IGeneralNameAsConstraintsConfig { + + /** + * Retrieves instance parameters. + * + * @param params parameters + */ + public void getInstanceParams(Vector params); + + /** + * Retrieves the general name. + * + * @return general name + */ + public GeneralName getGeneralName(); + +} diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameConfig.java b/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameConfig.java new file mode 100644 index 000000000..5b33fc888 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameConfig.java @@ -0,0 +1,67 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.policy; + + +import java.util.*; +import netscape.security.x509.*; +import netscape.security.util.*; +import com.netscape.certsrv.base.*; + + +/** + * Class that can be used to form general names from configuration file. + * Used by policies and extension commands. + * <P> + * <PRE> + * NOTE: The Policy Framework has been replaced by the Profile Framework. + * </PRE> + * <P> + * + * @deprecated + * @version $Revision$, $Date$ + */ +public interface IGeneralNameConfig { + + /** + * Forms a general name from string. + * + * @param value general name in string + * @return general name object + * @exception EBaseException failed to form general name + */ + public GeneralName formGeneralName(String value) + throws EBaseException; + + /** + * Forms general names from the given value. + * + * @param value general name in string + * @return a vector of general names + * @exception EBaseException failed to form general name + */ + public Vector formGeneralNames(Object value) + throws EBaseException; + + /** + * Retrieves the instance parameters. + * + * @param params parameters + */ + public void getInstanceParams(Vector params); +} diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameUtil.java b/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameUtil.java new file mode 100644 index 000000000..c1526284a --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameUtil.java @@ -0,0 +1,80 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.policy; + + +/** + * Class that can be used to form general names from configuration file. + * Used by policies and extension commands. + * <P> + * <PRE> + * NOTE: The Policy Framework has been replaced by the Profile Framework. + * </PRE> + * <P> + * + * @deprecated + * @version $Revision$, $Date$ + */ +public interface IGeneralNameUtil { + + public static final String PROP_NUM_GENERALNAMES = "numGeneralNames"; + public static final String PROP_GENERALNAME = "generalName"; + public static final String PROP_GENNAME_CHOICE = "generalNameChoice"; + public static final String PROP_GENNAME_VALUE = "generalNameValue"; + public static final String GENNAME_CHOICE_RFC822NAME = "rfc822Name"; + public static final String GENNAME_CHOICE_DIRECTORYNAME = "directoryName"; + public static final String GENNAME_CHOICE_DNSNAME = "dNSName"; + public static final String GENNAME_CHOICE_X400ADDRESS = "x400Address"; + public static final String GENNAME_CHOICE_EDIPARTYNAME = "ediPartyName"; + public static final String GENNAME_CHOICE_URL = "URL"; + public static final String GENNAME_CHOICE_IPADDRESS = "iPAddress"; + public static final String GENNAME_CHOICE_REGISTEREDID = "OID"; + public static final String GENNAME_CHOICE_OTHERNAME = "otherName"; + + /** + * Default number of general names. + */ + public static final int DEF_NUM_GENERALNAMES = 8; + + /** + * Default extended plugin info. + */ + public static String + NUM_GENERALNAMES_INFO = "number;The total number of alternative names or identities permitted in the extension."; + public static String GENNAME_CHOICE_INFO = + "choice(" + + IGeneralNameUtil.GENNAME_CHOICE_RFC822NAME + "," + + IGeneralNameUtil.GENNAME_CHOICE_DIRECTORYNAME + "," + + IGeneralNameUtil.GENNAME_CHOICE_DNSNAME + "," + + IGeneralNameUtil.GENNAME_CHOICE_EDIPARTYNAME + "," + + IGeneralNameUtil.GENNAME_CHOICE_URL + "," + + IGeneralNameUtil.GENNAME_CHOICE_IPADDRESS + "," + + IGeneralNameUtil.GENNAME_CHOICE_REGISTEREDID + "," + + IGeneralNameUtil.GENNAME_CHOICE_OTHERNAME + ");" + + "GeneralName choice. See RFC 2459 appendix B2 on GeneralName."; + public static String GENNAME_VALUE_INFO = + "string;Value according to the GeneralName choice."; + + public static String + PROP_NUM_GENERALNAMES_INFO = PROP_NUM_GENERALNAMES + ";" + NUM_GENERALNAMES_INFO; + public static String + PROP_GENNAME_CHOICE_INFO = PROP_GENNAME_CHOICE + ";" + GENNAME_CHOICE_INFO; + public static String + PROP_GENNAME_VALUE_INFO = PROP_GENNAME_VALUE + ";" + GENNAME_VALUE_INFO; + +} diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNamesAsConstraintsConfig.java b/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNamesAsConstraintsConfig.java new file mode 100644 index 000000000..dbaa97394 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNamesAsConstraintsConfig.java @@ -0,0 +1,54 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.policy; + + +import java.util.*; +import netscape.security.x509.*; +import netscape.security.util.*; + + +/** + * Class that can be used to form general names from configuration file. + * Used by policies and extension commands. + * <P> + * <PRE> + * NOTE: The Policy Framework has been replaced by the Profile Framework. + * </PRE> + * <P> + * + * @deprecated + * @version $Revision$, $Date$ + */ +public interface IGeneralNamesAsConstraintsConfig { + + /** + * Retrieves a list of configured general names. + * + * @return a list of general names + */ + public GeneralNames getGeneralNames(); + + /** + * Retrieves instance parameters. + * + * @param params instance parameters + */ + public void getInstanceParams(Vector params); + +} diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNamesConfig.java b/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNamesConfig.java new file mode 100644 index 000000000..51584fb96 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNamesConfig.java @@ -0,0 +1,53 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.policy; + + +import java.util.*; +import netscape.security.x509.*; +import netscape.security.util.*; + + +/** + * Class that can be used to form general names from configuration file. + * Used by policies and extension commands. + * <P> + * <PRE> + * NOTE: The Policy Framework has been replaced by the Profile Framework. + * </PRE> + * <P> + * + * @deprecated + * @version $Revision$, $Date$ + */ +public interface IGeneralNamesConfig { + + /** + * Retrieves a list of configured general names. + * + * @return general names + */ + public GeneralNames getGeneralNames(); + + /** + * Retrieves the instance parameters. + * + * @param params instance parameters + */ + public void getInstanceParams(Vector params); +} diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IKeyArchivalPolicy.java b/pki/base/common/src/com/netscape/certsrv/policy/IKeyArchivalPolicy.java new file mode 100644 index 000000000..13ba5f616 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/policy/IKeyArchivalPolicy.java @@ -0,0 +1,34 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.policy; + + +/** + * Interface for a key recovery policy rule. + * <P> + * <PRE> + * NOTE: The Policy Framework has been replaced by the Profile Framework. + * </PRE> + * <P> + * + * @deprecated + * @version $Revision$, $Date$ + */ +public interface IKeyArchivalPolicy extends IPolicyRule { +} + diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IKeyRecoveryPolicy.java b/pki/base/common/src/com/netscape/certsrv/policy/IKeyRecoveryPolicy.java new file mode 100644 index 000000000..1d173f28f --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/policy/IKeyRecoveryPolicy.java @@ -0,0 +1,34 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.policy; + + +/** + * Interface for a key recovery policy rule. + * <P> + * <PRE> + * NOTE: The Policy Framework has been replaced by the Profile Framework. + * </PRE> + * <P> + * + * @deprecated + * @version $Revision$, $Date$ + */ +public interface IKeyRecoveryPolicy extends IPolicyRule { +} + diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IPolicyPredicateParser.java b/pki/base/common/src/com/netscape/certsrv/policy/IPolicyPredicateParser.java new file mode 100644 index 000000000..7b5f44650 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/policy/IPolicyPredicateParser.java @@ -0,0 +1,43 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.policy; + + +/** + * Interface for policy predicate parsers. + * <P> + * <PRE> + * NOTE: The Policy Framework has been replaced by the Profile Framework. + * </PRE> + * <P> + * + * @deprecated + * @version $Revision$, $Date$ + */ +public interface IPolicyPredicateParser { + + /** + * Parse the predicate expression and return a vector of expressions. + * + * @param predicateExpression The predicate expression as read from the + * config file. + * @return expVector The vector of expressions. + */ + IExpression parse(String predicateExpression) + throws EPolicyException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IPolicyProcessor.java b/pki/base/common/src/com/netscape/certsrv/policy/IPolicyProcessor.java new file mode 100644 index 000000000..341c006f0 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/policy/IPolicyProcessor.java @@ -0,0 +1,195 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.policy; + + +import java.util.*; +import com.netscape.certsrv.common.*; +import com.netscape.certsrv.base.*; + + +/** + * A generic interface for a policy processor. By making a processor + * extend the policy interface, we make even the processor a rule - + * which makes sense because a processor may be based on some rule + * such as evaluate all policies before returning the final result or + * return as soon as one of the policies return a failure and so on. + * + * By making both processor and policy rules implement a common + * interface, one can write rules that are processors as well. + * <P> + * <PRE> + * NOTE: The Policy Framework has been replaced by the Profile Framework. + * </PRE> + * <P> + * + * @deprecated + * @version $Revision$, $Date$ + */ +public interface IPolicyProcessor extends ISubsystem, + com.netscape.certsrv.request.IPolicy { + + public final static String PROP_DEF_POLICIES = "systemPolicies"; + public final static String PROP_UNDELETABLE_POLICIES = "undeletablePolicies"; + public final static String PROP_ENABLE = "enable"; + public final static String PROP_RULE = "rule"; + public final static String PROP_CLASS = "class"; + public final static String PROP_IMPL_NAME = "implName"; + public final static String PROP_PREDICATE = "predicate"; + public final static String PROP_IMPL = "impl"; + public final static String PROP_ORDER = "order"; + + public ISubsystem getAuthority(); + + /** + * Returns the policy substore id. + * + * @return storeID The policy store id used by this processor. + */ + String getPolicySubstoreId(); + + /** + * Returns information on Policy impls. + * + * @return An enumeration of strings describing the information + * about policy implementations. Currently only the + * the implementation id is expected. + */ + Enumeration getPolicyImplsInfo(); + + /** + * Returns the rule implementations registered with this processor. + * + * @return An Enumeration of uninitialized IPolicyRule + * objects. + */ + Enumeration getPolicyImpls(); + + /** + * Returns an implementation identified by a given id. + * + * @param id The implementation id. + * @return The uninitialized instance of the policy rule. + */ + IPolicyRule getPolicyImpl(String id); + + /** + * Returns configuration for an implmentation. + * + * @param id The implementation id. + * @return A vector of name/value pairs in the form of + * name=value. + */ + Vector getPolicyImplConfig(String id); + + /** + * Deletes a policy implementation identified by an impl id. + * + * + * @param id The impl id of the policy to be deleted. + * There shouldn't be any active instance for this + * implementation. + * @exception EBaseException is thrown if an error occurs in deletion. + */ + void deletePolicyImpl(String id) + throws EBaseException; + + /** + * Adds a policy implementation identified by an impl id. + * + * @param id The impl id of the policy to be added. + * The id should be unique. + * @param classPath The fully qualified path for the implementation. + * @exception EBaseException is thrown if an error occurs in addition. + */ + void addPolicyImpl(String id, String classPath) + throws EBaseException; + + /** + * Returns information on Policy instances. + * + * @return An Enumeration of Strings describing the information + * about policy rule instances. + */ + Enumeration getPolicyInstancesInfo(); + + /** + * Returns policy instances registered with this processor. + * + * @return An Enumeration of policy instances. + */ + Enumeration getPolicyInstances(); + + /** + * Returns instance configuration for a given instance id. + * + * @param id The rule id. + * @return A vector of name/value pairs in the form of + * name=value. + */ + Vector getPolicyInstanceConfig(String id); + + /** + * Returns instance configuration for a given instance id. + * + * @param id The rule id. + * @return the policy instance identified by the id. + */ + IPolicyRule getPolicyInstance(String id); + + /** + * Deletes a policy instance identified by an instance id. + * + * @param id The instance id of the policy to be deleted. + * @exception EBaseException is thrown if an error occurs in deletion. + */ + void deletePolicyInstance(String id) + throws EBaseException; + + /** + * Adds a policy instance + * + * @param id The impl id of the policy to be added. + * The id should be unique. + * @param ht a Hashtable of config params. + * @exception EBaseException is thrown if an error occurs in addition. + */ + void addPolicyInstance(String id, Hashtable ht) + throws EBaseException; + + /** + * Modifies a policy instance + * + * @param id The impl id of the policy to be modified. + * The policy instance with this id should be present. + * @param ht a Hashtable of config params. + * @exception EBaseException is thrown if an error occurs in addition. + */ + void modifyPolicyInstance(String id, Hashtable ht) + throws EBaseException; + + /** + * Modifies policy ordering. + * + * @param policyOrderStr The comma separated list of instance ids. + * + */ + void changePolicyInstanceOrdering(String policyOrderStr) + throws EBaseException; +} + diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IPolicyRule.java b/pki/base/common/src/com/netscape/certsrv/policy/IPolicyRule.java new file mode 100644 index 000000000..d7eeb1cfb --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/policy/IPolicyRule.java @@ -0,0 +1,127 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.policy; + + +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.common.*; +import com.netscape.certsrv.request.PolicyResult; +import com.netscape.certsrv.request.IRequest; + + +/** + * Interface for a policy rule. + * <P> + * <PRE> + * NOTE: The Policy Framework has been replaced by the Profile Framework. + * </PRE> + * <P> + * + * @deprecated + * @version $Revision$, $Date$ + */ +public interface IPolicyRule + extends com.netscape.certsrv.request.IPolicy { + public static final String PROP_ENABLE = "enable"; + public static final String PROP_PREDICATE = "predicate"; + public static final String PROP_IMPLNAME = "implName"; + + /** + * Initializes the policy rule. + * <P> + * + * @param config The config store reference + */ + void init(ISubsystem owner, IConfigStore config) + throws EBaseException; + + /** + * Gets the description for this policy rule. + * <P> + * @return The Description for this rule. + */ + String getDescription(); + + /** + * Returns the name of the policy rule class. + * <P> + * + * @return The name of the policy class. + */ + String getName(); + + /** + * Returns the name of the policy rule instance. + * <P> + * + * @return The name of the policy rule instance. If none + * is set the name of the implementation will be returned. + * + */ + String getInstanceName(); + + /** + * Sets a predicate expression for rule matching. + * <P> + * + * @param exp The predicate expression for the rule. + */ + void setPredicate(IExpression exp); + + /** + * Returns the predicate expression for the rule. + * <P> + * + * @return The predicate expression for the rule. + */ + IExpression getPredicate(); + + /** + * Applies the policy on the given Request. This may modify + * the request appropriately. + * <P> + * + * @param req The request on which to apply policy. + * @return The PolicyResult object. + */ + PolicyResult apply(IRequest req); + + /** + * Return configured parameters for a policy rule instance. + * + * @return nvPairs A Vector of name/value pairs. Each name/value + * pair is constructed as a String in name=value format. + */ + public Vector getInstanceParams(); + + /** + * Return default parameters for a policy implementation. + * + * @return nvPairs A Vector of name/value pairs. Each name/value + * pair is constructed as a String in name=value. + */ + public Vector getDefaultParams(); + + public void setError(IRequest req, String format, Object[] params); + + public void setInstanceName(String instanceName); + + public void setPolicyException(IRequest req, EBaseException ex); +} + diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IPolicySet.java b/pki/base/common/src/com/netscape/certsrv/policy/IPolicySet.java new file mode 100644 index 000000000..1132b9831 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/policy/IPolicySet.java @@ -0,0 +1,106 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.policy; + + +import java.util.*; +import com.netscape.certsrv.common.*; +import com.netscape.certsrv.request.PolicyResult; +import com.netscape.certsrv.request.IRequest; + + +/** + * Represents a set of policy rules. Policy rules are ordered from + * lowest priority to highest priority. The priority assignment for rules + * is not enforced by this interface. Various implementation may + * use different mechanisms such as a linear ordering of rules + * in a configuration file or explicit assignment of priority levels ..etc. + * The policy system initialization needs to deal with reading the rules, sorting + * them in increasing order of priority and presenting an ordered vector of rules + * via the IPolicySet interface. + * <P> + * <PRE> + * NOTE: The Policy Framework has been replaced by the Profile Framework. + * </PRE> + * <P> + * + * @deprecated + * @version $Revision$, $Date$ + */ +public interface IPolicySet { + + /** + * Returns the name of the rule set. + * <P> + * + * @return The name of the rule set. + */ + String getName(); + + /** + * Returns the no of rules in a set. + * <P> + * @return the no of rules. + */ + int count(); + + /** + * Add a policy rule. + * <P> + * + * @param ruleName The name of the rule to be added. + * @param rule The rule to be added. + */ + void addRule(String ruleName, IPolicyRule rule); + + /** + * Removes a policy rule identified by the given name. + * + * @param ruleName The name of the rule to be removed. + */ + void removeRule(String ruleName); + + /** + * Returns the rule identified by a given name. + * <P> + * + * @param ruleName The name of the rule to be return. + * @return The rule identified by the given name or null if none exists. + */ + IPolicyRule getRule(String ruleName); + + /** + * Returns an enumeration of rules. + * <P> + * + * @return An enumeration of rules. + */ + Enumeration getRules(); + + /** + * Apply policy rules on a request. This call may modify + * the request content. + * + * @param req The request to apply policies on. + * + * <P> + * @return The policy result. + */ + PolicyResult apply(IRequest req); +} + diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IRenewalPolicy.java b/pki/base/common/src/com/netscape/certsrv/policy/IRenewalPolicy.java new file mode 100644 index 000000000..7bf2026e2 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/policy/IRenewalPolicy.java @@ -0,0 +1,34 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.policy; + + +/** + * Interface for a renewal policy rule. + * <P> + * <PRE> + * NOTE: The Policy Framework has been replaced by the Profile Framework. + * </PRE> + * <P> + * + * @deprecated + * @version $Revision$, $Date$ + */ +public interface IRenewalPolicy extends IPolicyRule { +} + diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IRevocationPolicy.java b/pki/base/common/src/com/netscape/certsrv/policy/IRevocationPolicy.java new file mode 100644 index 000000000..e0ecfb16f --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/policy/IRevocationPolicy.java @@ -0,0 +1,34 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.policy; + + +/** + * Interface for a revocation policy rule. + * <P> + * <PRE> + * NOTE: The Policy Framework has been replaced by the Profile Framework. + * </PRE> + * <P> + * + * @deprecated + * @version $Revision$, $Date$ + */ +public interface IRevocationPolicy extends IPolicyRule { +} + diff --git a/pki/base/common/src/com/netscape/certsrv/policy/ISubjAltNameConfig.java b/pki/base/common/src/com/netscape/certsrv/policy/ISubjAltNameConfig.java new file mode 100644 index 000000000..ca7b1f01e --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/policy/ISubjAltNameConfig.java @@ -0,0 +1,53 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.policy; + + +import java.util.*; +import netscape.security.x509.*; +import netscape.security.util.*; + + +/** + * Class that can be used to form general names from configuration file. + * Used by policies and extension commands. + * <P> + * <PRE> + * NOTE: The Policy Framework has been replaced by the Profile Framework. + * </PRE> + * <P> + * + * @deprecated + * @version $Revision$, $Date$ + */ +public interface ISubjAltNameConfig extends IGeneralNameConfig { + + /** + * Retrieves configuration prefix. + * + * @return prefix + */ + public String getPfx(); + + /** + * Retrieves configuration attribute. + * + * @return attribute + */ + public String getAttr(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/policy/PolicyResources.java b/pki/base/common/src/com/netscape/certsrv/policy/PolicyResources.java new file mode 100644 index 000000000..f7c80f1f8 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/policy/PolicyResources.java @@ -0,0 +1,46 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.policy; + + +import java.util.*; + + +/** + * Error messages for Policies. + * <P> + * <PRE> + * NOTE: The Policy Framework has been replaced by the Profile Framework. + * </PRE> + * <P> + * + * @deprecated + * @version $Revision$, $Date$ + * @see java.util.ListResourceBundle + */ +public class PolicyResources extends ListResourceBundle { + + /** + * Returns the content of this resource. + */ + public Object[][] getContents() { + return contents; + } + + static final Object[][] contents = {}; +} diff --git a/pki/base/common/src/com/netscape/certsrv/profile/CertInfoProfile.java b/pki/base/common/src/com/netscape/certsrv/profile/CertInfoProfile.java new file mode 100644 index 000000000..8593da163 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/profile/CertInfoProfile.java @@ -0,0 +1,112 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.profile; + +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.common.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.property.*; +import com.netscape.certsrv.authentication.*; +import com.netscape.certsrv.apps.*; + +import netscape.security.x509.*; + +public class CertInfoProfile +{ + private Vector mDefaults = new Vector(); + private String mName = null; + private String mID = null; + private String mDescription = null; + private String mProfileIDMapping = null; + private String mProfileSetIDMapping = null; + + public CertInfoProfile(String cfg) throws Exception + { + IConfigStore config = CMS.createFileConfigStore(cfg); + mID = config.getString("id"); + mName = config.getString("name"); + mDescription = config.getString("description"); + mProfileIDMapping = config.getString("profileIDMapping"); + mProfileSetIDMapping = config.getString("profileSetIDMapping"); + StringTokenizer st = new StringTokenizer(config.getString("list"), ","); + while (st.hasMoreTokens()) { + String id = (String)st.nextToken(); + String c = config.getString(id + ".default.class"); + try { + /* load defaults */ + ICertInfoPolicyDefault def = (ICertInfoPolicyDefault) + Class.forName(c).newInstance(); + init(config.getSubStore(id + ".default"), def); + mDefaults.addElement(def); + } catch (Exception e) { + CMS.debug("CertInfoProfile: " + e.toString()); + } + } + } + + private void init(IConfigStore config, ICertInfoPolicyDefault def) + throws Exception + { + try { + def.init(null, config); + } catch (Exception e) { + CMS.debug("CertInfoProfile.init: " + e.toString()); + } + } + + public String getID() + { + return mID; + } + + public String getName() + { + return mName; + } + + public String getDescription() + { + return mDescription; + } + + public String getProfileIDMapping() + { + return mProfileIDMapping; + } + + public String getProfileSetIDMapping() + { + return mProfileSetIDMapping; + } + + public void populate(X509CertInfo info) + { + Enumeration e1 = mDefaults.elements(); + while (e1.hasMoreElements()) { + ICertInfoPolicyDefault def = + (ICertInfoPolicyDefault)e1.nextElement(); + try { + def.populate(null /* request */, info); + } catch (Exception e) { + CMS.debug(e); + CMS.debug("CertInfoProfile.populate: " + e.toString()); + } + } + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/profile/EDeferException.java b/pki/base/common/src/com/netscape/certsrv/profile/EDeferException.java new file mode 100644 index 000000000..6c48fcb91 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/profile/EDeferException.java @@ -0,0 +1,47 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.profile; + +import com.netscape.certsrv.base.*; + +/** + * This represents a profile specific exception. The + * framework raises this exception when a request is + * deferred. + * <p> + * A deferred request will not be processed + * immediately. Manual approval is required for + * processing the request again. + * <p> + * + * @version $Revision$, $Date$ + */ +public class EDeferException extends EProfileException { + + /** + * Creates a defer exception. + * + * @param msg localized message that will be + * displayed to end user. This message + * should indicate the reason why a request + * is deferred. + */ + public EDeferException(String msg) { + super(msg); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/profile/EProfileException.java b/pki/base/common/src/com/netscape/certsrv/profile/EProfileException.java new file mode 100644 index 000000000..197db3bcf --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/profile/EProfileException.java @@ -0,0 +1,43 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.profile; + +import com.netscape.certsrv.base.*; + +/** + * This represents a generic profile exception. + * <p> + * This is the base class for all profile-specific + * exception. + * <p> + * + * @version $Revision$, $Date$ + */ +public class EProfileException extends EBaseException { + + /** + * Creates a profile exception. + * + * @param msg additional message for the handler + * of the exception. The message may + * or may not be localized. + */ + public EProfileException(String msg) { + super(msg); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/profile/ERejectException.java b/pki/base/common/src/com/netscape/certsrv/profile/ERejectException.java new file mode 100644 index 000000000..9a626ef22 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/profile/ERejectException.java @@ -0,0 +1,45 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.profile; + +import com.netscape.certsrv.base.*; + +/** + * This represents a profile specific exception. This + * exception is raised when a request is rejected. + * <p> + * A rejected request cannot be reprocessed. Rejected + * request is considered as a request in its terminal + * state. + * <p> + * + * @version $Revision$, $Date$ + */ +public class ERejectException extends EProfileException { + + /** + * Creates a rejection exception. + * + * @param msg localized message that indicates + * the reason why a request is + * rejected. + */ + public ERejectException(String msg) { + super(msg); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/profile/ICertInfoPolicyDefault.java b/pki/base/common/src/com/netscape/certsrv/profile/ICertInfoPolicyDefault.java new file mode 100644 index 000000000..c8af3275c --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/profile/ICertInfoPolicyDefault.java @@ -0,0 +1,36 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.profile; + +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.common.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.property.*; +import com.netscape.certsrv.authentication.*; + +import netscape.security.x509.*; + +public interface ICertInfoPolicyDefault extends IPolicyDefault { + + /** + * Populates certificate info directly. + */ + public void populate(IRequest request, X509CertInfo info) + throws EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IEnrollProfile.java b/pki/base/common/src/com/netscape/certsrv/profile/IEnrollProfile.java new file mode 100644 index 000000000..f56f47160 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/profile/IEnrollProfile.java @@ -0,0 +1,158 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.profile; + +import com.netscape.certsrv.request.*; + +/** + * This interface represents an enrollment profile. + * <p> + * An enrollment profile contains a list of enrollment + * specific input plugins, default policies, constriant + * policies and output plugins. + * <p> + * This interface also defines a set of enrollment specific + * attribute names that can be used to retrieve values + * from an enrollment request. + * <p> + * + * @version $Revision$, $Date$ + */ +public interface IEnrollProfile extends IProfile { + + /** + * Name of request attribute that stores the User + * Supplied Certificate Request Type. + */ + public static final String CTX_CERT_REQUEST_TYPE = "cert_request_type"; + + /** + * Name of request attribute that stores the User + * Supplied Certificate Request. + */ + public static final String CTX_CERT_REQUEST = "cert_request"; + + /** + * Possible values for CTX_CERT_REQUEST_TYPE attribute. + */ + public static final String REQ_TYPE_PKCS10 = "pkcs10"; + public static final String REQ_TYPE_CRMF = "crmf"; + public static final String REQ_TYPE_CMC = "cmc"; + public static final String REQ_TYPE_KEYGEN = "keygen"; + + /** + * Name of request attribute that stores the End-User Locale. + * <p> + * The value is of type java.util.Locale. + */ + public static final String REQUEST_LOCALE = "req_locale"; + + /** + * Name of request attribute that stores the sequence number. Consider + * a CRMF request that may contain multiple certificate request. + * The first sub certificate certificate request has a sequence + * number of 0, the next one has a sequence of 1, and so on. + * <p> + * The value is of type java.lang.Integer. + */ + public static final String REQUEST_SEQ_NUM = "req_seq_num"; + + /** + * Name of the request attribute that stores the sequence number for a + * renewal request. Only one request at a time is permitted for a renewal. + * This value corresponds to the sequence number (and hence the appropriate + * certificate) of the original request + */ + public static final String CTX_RENEWAL_SEQ_NUM = "renewal_seq_num"; + + /** + * Name of request attribute to indicate if this is a renewal + */ + public static final String CTX_RENEWAL = "renewal"; + + /** + * Name of request attribute that stores the End-User Supplied + * Key. + * <p> + * The value is of type netscape.security.x509.CertificateX509Key + */ + public static final String REQUEST_KEY = "req_key"; + + /** + * Name of request attribute that stores the End-User Supplied + * Subject Name. + * <p> + * The value is of type netscape.security.x509.CertificateSubjectName + */ + public static final String REQUEST_SUBJECT_NAME = "req_subject_name"; + + /** + * Name of request attribute that stores the End-User Supplied + * Validity. + * <p> + * The value is of type netscape.security.x509.CertificateValidity + */ + public static final String REQUEST_VALIDITY = "req_validity"; + + /** + * Name of request attribute that stores the End-User Supplied + * Signing Algorithm. + * <p> + * The value is of type netscape.security.x509.CertificateAlgorithmId + */ + public static final String REQUEST_SIGNING_ALGORITHM = "req_signing_alg"; + + /** + * Name of request attribute that stores the End-User Supplied + * Extensions. + * <p> + * The value is of type netscape.security.x509.CertificateExtensions + */ + public static final String REQUEST_EXTENSIONS = "req_extensions"; + + /** + * Name of request attribute that stores the End-User Supplied + * PKI Archive Option extension. This extension is extracted + * from a CRMF request that has the user-provided private key. + * <p> + * The value is of type byte [] + */ + public static final String REQUEST_ARCHIVE_OPTIONS = "req_archive_options"; + + /** + * Name of request attribute that stores the certificate template + * that will be signed and then become a certificate. + * <p> + * The value is of type netscape.security.x509.X509CertInfo + */ + public static final String REQUEST_CERTINFO = "req_x509info"; + + /** + * Name of request attribute that stores the issued certificate. + * <p> + * The value is of type netscape.security.x509.X509CertImpl + */ + public static final String REQUEST_ISSUED_CERT = "req_issued_cert"; + + /** + * Set Default X509CertInfo in the request. + * @param request profile-based certificate request. + * @exception EProfileException failed to set the X509CertInfo. + */ + public void setDefaultCertInfo(IRequest request) throws EProfileException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IPolicyConstraint.java b/pki/base/common/src/com/netscape/certsrv/profile/IPolicyConstraint.java new file mode 100644 index 000000000..cb368f9da --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/profile/IPolicyConstraint.java @@ -0,0 +1,90 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.profile; + + +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.property.*; + + +/** + * This represents a constraint policy. A constraint policy + * validates if the given request conforms to the set + * rules. + * <p> + * + * @version $Revision$, $Date$ + */ +public interface IPolicyConstraint extends IConfigTemplate { + + /** + * Initializes this constraint policy. + * + * @param profile owner of this policy + * @param config configuration store for this constraint + * @exception EProfileException failed to initialize + */ + public void init(IProfile profile, IConfigStore config) + throws EProfileException; + + /** + * Returns the corresponding configuration store + * of this constraint policy. + * + * @return config store of this constraint + */ + public IConfigStore getConfigStore(); + + /** + * Validates the request. The request is not modified + * during the validation. + * + * @param request request to be validated + * @exception ERejectException reject the given request + */ + public void validate(IRequest request) + throws ERejectException; + + /** + * Returns localized description of this constraint. + * + * @param locale locale of the end-user + * @return localized description of this constraint + */ + public String getText(Locale locale); + + /** + * Returns localized name of this constraint. + * + * @param locale locale of the end-user + * @return localized name of this constraint + */ + public String getName(Locale locale); + + /** + * Checks if this constraint is applicable to the + * given default policy. + * + * @param def default policy to be checked + * @return true if this constraint can be applied to + * the given default policy + */ + public boolean isApplicable(IPolicyDefault def); +} diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IPolicyDefault.java b/pki/base/common/src/com/netscape/certsrv/profile/IPolicyDefault.java new file mode 100644 index 000000000..0aa8bb234 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/profile/IPolicyDefault.java @@ -0,0 +1,144 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.profile; + + +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.property.*; +import com.netscape.certsrv.request.*; + + +/** + * This represents a default policy that populates + * the request with additional values. + * <p> + * + * During request submission process, a default + * policy is invoked to populate the default values + * in the request. The default values will later + * on be used for execution. The default values + * are like the parameters for the request. + * <p> + * + * This policy is called in 2 places. For + * automated enrollment request, this policy + * is invoked to populate the HTTP parameters + * into the request. For request that cannot + * be executed immediately, this policy will be + * invoked again right after the agent's + * approval. + * <p> + * + * Each default policy may contain zero or more + * properties that describe the default value. + * For example, a X509 Key can be described by + * its key type, key length, and key data. The + * properties help to describe the default value + * into human readable values. + * <p> + * + * @version $Revision$, $Date$ + */ +public interface IPolicyDefault extends IConfigTemplate { + + /** + * Initializes this default policy. + * + * @param profile owner of this default policy + * @param config configuration store for this default + * @exception EProfileException failed to initialize + */ + public void init(IProfile profile, IConfigStore config) + throws EProfileException; + + /** + * Retrieves the configuration store of this default. + * + * @return configuration store of this default policy + */ + public IConfigStore getConfigStore(); + + /** + * Populates the request with this policy default. + * + * @param request request to be populated + * @exception EProfileException failed to populate + */ + public void populate(IRequest request) + throws EProfileException; + + /** + * Retrieves the localizable name of this policy. + * + * @param locale locale of the end user + * @return localized name of this default policy + */ + public String getName(Locale locale); + + /** + * Retrieves the localizable description of this policy. + * + * @param locale locale of the end user + * @return localized description of this default policy + */ + public String getText(Locale locale); + + /** + * Retrieves a list of names of the property. + * + * @return a list of property names. The values are + * of type java.lang.String + */ + public Enumeration getValueNames(); + + /** + * Retrieves the descriptor of the given property + * by name. The descriptor contains syntax + * information. + * + * @param locale locale of the end user + * @param name name of property + * @return descriptor of the property + */ + public IDescriptor getValueDescriptor(Locale locale, String name); + + /** + * Sets the value of the given value property by name. + * + * @param name name of property + * @param locale locale of the end user + * @param request request + * @param value value to be set in the given request + * @exception EPropertyException failed to set property + */ + public void setValue(String name, Locale locale, IRequest request, + String value) throws EPropertyException; + + /** + * Retrieves the value of the given value + * property by name. + * + * @param name name of property + * @param locale locale of the end user + * @param request request + * @exception EPropertyException failed to get property + */ + public String getValue(String name, Locale locale, IRequest request) + throws EPropertyException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IProfile.java b/pki/base/common/src/com/netscape/certsrv/profile/IProfile.java new file mode 100644 index 000000000..262d3eafb --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/profile/IProfile.java @@ -0,0 +1,407 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.profile; + +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.common.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.property.*; +import com.netscape.certsrv.authentication.*; + +/** + * This interface represents a profile. A profile contains + * a list of input policies, default policies, constraint + * policies and output policies. + * <p> + * + * The input policy is for building the enrollment page. + * <p> + * + * The default policy is for populating user-supplied and + * system-supplied values into the request. + * <p> + * + * The constraint policy is for validating the request before + * processing. + * <p> + * + * The output policy is for building the result page. + * <p> + * + * Each profile can have multiple policy set. Each set + * is composed of zero or more default policies and zero + * or more constraint policies. + * <p> + * + * @version $Revision$, $Date$ + */ +public interface IProfile { + + /** + * Initializes this profile. + * + * @param owner profile subsystem + * @param config configuration store for this profile + * @exception EBaseException failed to initialize + */ + public void init(IProfileSubsystem owner, IConfigStore config) + throws EBaseException; + + /** + * Retrieves the request queue that is associated with + * this profile. The request queue is for creating + * new requests. + * + * @return request queue + */ + public IRequestQueue getRequestQueue(); + + /** + * Sets id of this profile. + * + * @param id profile identifier + */ + public void setId(String id); + + /** + * Returns the identifier of this profile. + * + * @return profile id + */ + public String getId(); + + /** + * Retrieves a localized string that represents + * requestor's distinguished name. This string + * displayed in the request listing user interface. + * + * @param request request + * @return distringuished name of the request owner + */ + public String getRequestorDN(IRequest request); + + /** + * Retrieves the configuration store of this profile. + * + * @return configuration store + */ + public IConfigStore getConfigStore(); + + /** + * Retrieves the instance id of the authenticator for this profile. + * + * @return authenticator instance id + */ + public String getAuthenticatorId(); + + public String getAuthzAcl(); + + /** + * Sets the instance id of the authenticator for this profile. + * + * @param id authenticator instance id + */ + public void setAuthenticatorId(String id); + + /** + * Retrieves the associated authenticator instance. + * + * @return profile authenticator instance. + * if no associated authenticator, null is returned + * @exception EProfileException failed to retrieve + */ + public IProfileAuthenticator getAuthenticator() + throws EProfileException; + + /** + * Retrieves a list of input policy IDs. + * + * @return input policy id list + */ + public Enumeration getProfileInputIds(); + + /** + * Retrieves input policy by id. + * + * @param id input policy id + * @return input policy instance + */ + public IProfileInput getProfileInput(String id); + + /** + * Retrieves a list of output policy IDs. + * + * @return output policy id list + */ + public Enumeration getProfileOutputIds(); + + /** + * Retrieves output policy by id. + * + * @param id output policy id + * @return output policy instance + */ + public IProfileOutput getProfileOutput(String id); + + /** + * Checks if this profile is end-user profile or not. + * End-user profile will be displayed to the end user. + * Non end-user profile mainly is for registration + * manager. + * + * @return end-user profile or not + */ + public boolean isVisible(); + + /** + * Sets this profile end-user profile or not. + * + * @param v end-user profile or not + */ + public void setVisible(boolean v); + + /** + * Retrieves the user id of the person who + * approves this profile. + * + * @return user id of the approver of this profile + */ + public String getApprovedBy(); + + /* + * Is this a renewal profile + */ + public String isRenewal(); + + /* + * is output going to be in xml? + */ + public String isXmlOutput(); + + /** + * Returns the profile name. + * + * @param locale end-user locale + * @param name profile name + */ + public void setName(Locale locale, String name); + + /** + * Retrieves the profile name. + * + * @param locale end-user locale + * @return localized profile name + */ + public String getName(Locale locale); + + /** + * Returns the profile description. + * + * @param locale end-user locale + * @param desc profile description + */ + public void setDescription(Locale locale, String desc); + + /** + * Retrieves the profile description. + * + * @param locale end-user locale + * @return localized profile description + */ + public String getDescription(Locale locale); + + /** + * Retrieves profile context. The context stores + * information about the requestor before the + * actual request is created. + * + * @return profile context. + */ + public IProfileContext createContext(); + + /** + * Returns the profile policy set identifiers. + * + * @return a list of policy set id + */ + public Enumeration getProfilePolicySetIds(); + + /** + * Creates a profile policy. + * + * @param setId id of the policy set that owns this policy + * @param id policy id + * @param defaultClassId id of the registered default implementation + * @param constraintClassId id of the registered constraint implementation + * @exception EProfileException failed to create policy + * @return profile policy instance + */ + public IProfilePolicy createProfilePolicy(String setId, String id, + String defaultClassId, String constraintClassId) + throws EProfileException; + + /** + * Deletes input policy by id. + * + * @param inputId id of the input policy + * @exception EProfileException failed to delete + */ + public void deleteProfileInput(String inputId) throws EProfileException; + + /** + * Deletes output policy by id. + * + * @param outputId id of the output policy + * @exception EProfileException failed to delete + */ + public void deleteProfileOutput(String outputId) throws EProfileException; + + /** + * Creates a input policy. + * + * @param id input policy id + * @param inputClassId id of the registered input implementation + * @param nvp default parameters + * @return input policy + * @exception EProfileException failed to create + */ + public IProfileInput createProfileInput(String id, String inputClassId, + NameValuePairs nvp) + throws EProfileException; + + /** + * Creates a output policy. + * + * @param id output policy id + * @param outputClassId id of the registered output implementation + * @param nvp default parameters + * @return output policy + * @exception EProfileException failed to create + */ + public IProfileOutput createProfileOutput(String id, String outputClassId, + NameValuePairs nvp) throws EProfileException; + + /** + * Deletes a policy. + * + * @param setId id of the policy set + * @param policyId id of policy to delete + * @exception EProfileException failed to delete + */ + public void deleteProfilePolicy(String setId, String policyId) + throws EProfileException; + + /** + * Retrieves a policy. + * + * @param setId set id + * @param id policy id + * @return profile policy + */ + public IProfilePolicy getProfilePolicy(String setId, String id); + + /** + * Retrieves all the policy id within a set. + * + * @param setId set id + * @return a list of policy id + */ + public Enumeration getProfilePolicyIds(String setId); + + /** + * Retrieves a default set id for the given request. + * It is the profile's responsibility to return + * an appropriate set id for the request. + * + * @param req request + * @return policy set id + */ + public String getPolicySetId(IRequest req); + + /** + * Returns a list of profile policies. + * + * @param setId set id + * @return a list of policies + */ + public Enumeration getProfilePolicies(String setId); + + /** + * Creates one or more requests. Normally, only one request will + * be created. In case of CRMF request, multiple requests may be + * created for one submission. + * + * @param ctx profile context + * @param locale user locale + * @return a list of requests + * @exception EProfileException failed to create requests + */ + public IRequest[] createRequests(IProfileContext ctx, Locale locale) + throws EProfileException; + + /** + * Populates user-supplied input values into the requests. + * + * @param ctx profile context + * @param request request + * @exception EProfileException failed to populate + */ + public void populateInput(IProfileContext ctx, IRequest request) + throws EProfileException; + + /** + * Passes the request to the set of default policies that + * populate the profile information against the profile. + * + * @param request request + * @exception EProfileException failed to populate default values + */ + public void populate(IRequest request) + throws EProfileException; + + /** + * Passes the request to the set of constraint policies + * that validate the request against the profile. + * + * @param request request + * @exception ERejectException validation violation + */ + public void validate(IRequest request) + throws ERejectException; + + /** + * Process a request after validation. + * + * @param request request to be processed + * @exception EProfileException failed to process + */ + public void execute(IRequest request) + throws EProfileException; + + /** + * Handles end-user request submission. + * + * @param token authentication token + * @param request request to be processed + * @exception EDeferException defer request + * @exception EProfileException failed to submit + */ + public void submit(IAuthToken token, IRequest request) + throws EDeferException, EProfileException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IProfileAuthenticator.java b/pki/base/common/src/com/netscape/certsrv/profile/IProfileAuthenticator.java new file mode 100644 index 000000000..149cf33c2 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/profile/IProfileAuthenticator.java @@ -0,0 +1,118 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.profile; + +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.property.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.authentication.*; + + +/** + * This interface represents an authenticator for profile. + * An authenticator is responsibile for authenting + * the end-user. If authentication is successful, request + * can be processed immediately. Otherwise, the request will + * be defered and manual approval is then required. + * + * @version $Revision$, $Date$ + */ +public interface IProfileAuthenticator extends IAuthManager { + + public static final String AUTHENTICATED_NAME = "authenticatedName"; + + /** + * Initializes this default policy. + * + * @param profile owner of this authenticator + * @param config configuration store + * @exception EProfileException failed to initialize + */ + public void init(IProfile profile, IConfigStore config) + throws EProfileException; + + /** + * Retrieves the configuration store. + * + * @return configuration store + */ + public IConfigStore getConfigStore(); + + /** + * Populates authentication specific information into the + * request for auditing purposes. + * + * @param token authentication token + * @param request request + * @exception EProfileException failed to populate + */ + public void populate(IAuthToken token, IRequest request) + throws EProfileException; + + /** + * Retrieves the localizable name of this policy. + * + * @param locale end user locale + * @return localized authenticator name + */ + public String getName(Locale locale); + + /** + * Retrieves the localizable description of this policy. + * + * @param locale end user locale + * @return localized authenticator description + */ + public String getText(Locale locale); + + /** + * Retrieves a list of names of the property. + * + * @return a list of property names + */ + public Enumeration getValueNames(); + + /** + * Checks if the value of the given property should be + * serializable into the request. Passsword or other + * security-related value may not be desirable for + * storage. + * + * @param name property name + * @return true if the property is not security related + */ + public boolean isValueWriteable(String name); + + /** + * Retrieves the descriptor of the given value + * property by name. + * + * @param locale user locale + * @param name property name + * @return descriptor of the requested property + */ + public IDescriptor getValueDescriptor(Locale locale, String name); + + /** + * Checks if this authenticator requires SSL client authentication. + * + * @return client authentication required or not + */ + public boolean isSSLClientRequired(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IProfileContext.java b/pki/base/common/src/com/netscape/certsrv/profile/IProfileContext.java new file mode 100644 index 000000000..aa8492210 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/profile/IProfileContext.java @@ -0,0 +1,48 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.profile; + +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.request.*; + +/** + * This interface represents a profile context which + * stores system-wide and user-provided information for + * assisting request creation. + * + * @version $Revision$, $Date$ + */ +public interface IProfileContext { + + /** + * Sets a value into the context. + * + * @param name property name + * @param value property value + */ + public void set(String name, String value); + + /** + * Retrieves a value from the context. + * + * @param name property name + * @return property value + */ + public String get(String name); +} diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IProfileEx.java b/pki/base/common/src/com/netscape/certsrv/profile/IProfileEx.java new file mode 100644 index 000000000..20b9af977 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/profile/IProfileEx.java @@ -0,0 +1,41 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.profile; + +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.common.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.property.*; +import com.netscape.certsrv.authentication.*; + +/** + * This interface represents the extension version of + * profile. + * <p> + * + * @version $Revision$, $Date$ + */ +public interface IProfileEx extends IProfile { + + /** + * Called after initialization. It populates default + * policies, inputs, and outputs. + */ + public void populate() throws EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IProfileInput.java b/pki/base/common/src/com/netscape/certsrv/profile/IProfileInput.java new file mode 100644 index 000000000..1b6bea720 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/profile/IProfileInput.java @@ -0,0 +1,116 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.profile; + +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.property.*; +import com.netscape.certsrv.request.*; + +/** + * This interface represents a input policy which + * provides information on how to create the + * end-user enrollment page. + * + * @version $Revision$, $Date$ + */ +public interface IProfileInput extends IConfigTemplate { + + /** + * Initializes this default policy. + * + * @param profile owner of this input + * @param config configuration store + * @exception EProfileException failed to initialize + */ + public void init(IProfile profile, IConfigStore config) + throws EProfileException; + + /** + * Returns configuration store. + * + * @return configuration store + */ + public IConfigStore getConfigStore(); + + /** + * Populates the request with this policy default. + * + * @param ctx profile context + * @param request request + * @exception EProfileException failed to populate + */ + public void populate(IProfileContext ctx, IRequest request) + throws EProfileException; + + /** + * Retrieves the localizable name of this policy. + * + * @param locale user locale + * @return localized input name + */ + public String getName(Locale locale); + + /** + * Retrieves the localizable description of this policy. + * + * @param locale user locale + * @return localized input description + */ + public String getText(Locale locale); + + /** + * Retrieves a list of names of the property. + * + * @return a list of property names + */ + public Enumeration getValueNames(); + + /** + * Retrieves the descriptor of the given value + * property by name. + * + * @param locale user locale + * @param name property name + * @return descriptor of the property + */ + public IDescriptor getValueDescriptor(Locale locale, String name); + + /** + * Retrieves value from the request. + * + * @param name property name + * @param locale user locale + * @param request request + * @exception EProfileException failed to get value + */ + public String getValue(String name, Locale locale, IRequest request) + throws EProfileException; + + /** + * Sets the value of the given property by name. + * + * @param name property name + * @param locale user locale + * @param request request + * @param value value + * @exception EProfileException failed to get value + */ + public void setValue(String name, Locale locale, IRequest request, + String value) throws EPropertyException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IProfileOutput.java b/pki/base/common/src/com/netscape/certsrv/profile/IProfileOutput.java new file mode 100644 index 000000000..ad9484648 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/profile/IProfileOutput.java @@ -0,0 +1,117 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.profile; + +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.property.*; +import com.netscape.certsrv.request.*; + +/** + * This interface represents a output policy which + * provides information on how to build the result + * page for the enrollment. + * + * @version $Revision$, $Date$ + */ +public interface IProfileOutput extends IConfigTemplate { + + /** + * Initializes this default policy. + * + * @param profile owner of this policy + * @param config configuration store + * @exception EProfileException failed to initialize + */ + public void init(IProfile profile, IConfigStore config) + throws EProfileException; + + /** + * Retrieves configuration store. + * + * @return configuration store + */ + public IConfigStore getConfigStore(); + + /** + * Populates the request with this policy default. + * + * @param ctx profile context + * @param request request + * @exception EProfileException failed to populate + */ + public void populate(IProfileContext ctx, IRequest request) + throws EProfileException; + + /** + * Retrieves the localizable name of this policy. + * + * @param locale user locale + * @return output policy name + */ + public String getName(Locale locale); + + /** + * Retrieves the localizable description of this policy. + * + * @param locale user locale + * @return output policy description + */ + public String getText(Locale locale); + + /** + * Retrieves a list of names of the value parameter. + * + * @return a list of property names + */ + public Enumeration getValueNames(); + + /** + * Retrieves the descriptor of the given value + * parameter by name. + * + * @param locale user locale + * @param name property name + * @return property descriptor + */ + public IDescriptor getValueDescriptor(Locale locale, String name); + + /** + * Retrieves the value of the given value parameter by name. + * + * @param name property name + * @param locale user locale + * @param request request + * @return property value + * @exception EProfileException failed to retrieve value + */ + public String getValue(String name, Locale locale, IRequest request) + throws EProfileException; + + /** + * Sets the value of the given value parameter by name. + * + * @param name property name + * @param locale user locale + * @param request request + * @param value property value + * @exception EProfileException failed to retrieve value + */ + public void setValue(String name, Locale locale, IRequest request, + String value) throws EPropertyException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IProfilePolicy.java b/pki/base/common/src/com/netscape/certsrv/profile/IProfilePolicy.java new file mode 100644 index 000000000..9577cb08f --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/profile/IProfilePolicy.java @@ -0,0 +1,49 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.profile; + +/** + * This interface represents a profile policy + * which consists a default policy and a + * constraint policy. + * + * @version $Revision$, $Date$ + */ +public interface IProfilePolicy { + + /** + * Retrieves the policy id + * + * @return policy id + */ + public String getId(); + + /** + * Retrieves the default policy. + * + * @return default policy + */ + public IPolicyDefault getDefault(); + + /** + * Retrieves the constraint policy. + * + * @return constraint policy + */ + public IPolicyConstraint getConstraint(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IProfileSubsystem.java b/pki/base/common/src/com/netscape/certsrv/profile/IProfileSubsystem.java new file mode 100644 index 000000000..cf54a4ba4 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/profile/IProfileSubsystem.java @@ -0,0 +1,136 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.profile; + + +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.request.*; + + +/** + * This represents the profile subsystem that manages + * a list of profiles. + * + * @version $Revision$, $Date$ + */ +public interface IProfileSubsystem extends ISubsystem { + public static final String ID = "profile"; + + /** + * Retrieves a profile by id. + * + * @return profile + * @exception EProfileException failed to retrieve + */ + public IProfile getProfile(String id) + throws EProfileException; + + /** + * Checks if a profile is approved by an agent or not. + * + * @param id profile id + * @return true if profile is approved + */ + public boolean isProfileEnable(String id); + + /** + * Retrieves the approver of the given profile. + * + * @param id profile id + * @return user id of the agent who has approved the profile + */ + public String getProfileEnableBy(String id); + + /** + * Creates new profile. + * + * @param id profile id + * @param classid implementation id + * @param className class Name + * @param configFile configuration file + * @exception EProfileException failed to create profile + */ + public IProfile createProfile(String id, String classid, + String className, String configFile) + throws EProfileException; + + /** + * Deletes profile. + * + * @param id profile id + * @param configFile configuration file + * @exception EProfileException failed to delete profile + */ + public void deleteProfile(String id, String configFile) + throws EProfileException; + + /** + * Creates a new profile configuration file. + * + * @param id profile id + * @param classId implementation id + * @param configPath location to create the configuration file + * @exception failed to create profile + */ + public void createProfileConfig(String id, String classId, + String configPath) throws EProfileException; + + /** + * Enables a profile. + * + * @param id profile id + * @param enableBy agent's user id + * @exception EProfileException failed to enable profile + */ + public void enableProfile(String id, String enableBy) + throws EProfileException; + + /** + * Disables a profile. + * + * @param id profile id + * @exception EProfileException failed to disable + */ + public void disableProfile(String id) + throws EProfileException; + + /** + * Retrieves the id of the implementation of the given profile. + * + * @param id profile id + * @return implementation id managed by the registry + */ + public String getProfileClassId(String id); + + /** + * Retrieves a list of profile ids. The return + * list is of type String. + * + * @return a list of profile ids + */ + public Enumeration getProfileIds(); + + /** + * Checks if owner id should be enforced during profile approval. + * + * @return true if approval should be checked + */ + public boolean checkOwner(); + +} diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IProfileUpdater.java b/pki/base/common/src/com/netscape/certsrv/profile/IProfileUpdater.java new file mode 100644 index 000000000..a550b6445 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/profile/IProfileUpdater.java @@ -0,0 +1,75 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.profile; + +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.property.*; +import com.netscape.certsrv.request.*; + +/** + * This interface represents an updater that will be + * called when the request's state changes. + * + * @version $Revision$, $Date$ + */ +public interface IProfileUpdater extends IConfigTemplate { + + /** + * Initializes this default policy. + * + * @param profile owner of this policy + * @param config configuration store + * @exception EProfileException failed to initialize + */ + public void init(IProfile profile, IConfigStore config) + throws EProfileException; + + /** + * Retrieves configuration store. + * + * @return configuration store + */ + public IConfigStore getConfigStore(); + + /** + * Notifies of state change. + * + * @param req request + * @param status The status to check for. + * @exception EProfileException failed to populate + */ + public void update(IRequest req, RequestStatus status) + throws EProfileException; + + /** + * Retrieves the localizable name of this policy. + * + * @param locale user locale + * @return output policy name + */ + public String getName(Locale locale); + + /** + * Retrieves the localizable description of this policy. + * + * @param locale user locale + * @return output policy description + */ + public String getText(Locale locale); +} diff --git a/pki/base/common/src/com/netscape/certsrv/property/Descriptor.java b/pki/base/common/src/com/netscape/certsrv/property/Descriptor.java new file mode 100644 index 000000000..a4b0ecb2d --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/property/Descriptor.java @@ -0,0 +1,94 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.property; + +import java.util.*; + + +/** + * This interface represents a property descriptor. A descriptor + * includes information that describe a property. + * + * @version $Revision$, $Date$ + */ +public class Descriptor implements IDescriptor { + + protected String mSyntax = null; + protected String mConstraint = null; + protected String mDescription = null; + protected String mDef = null; + + /** + * Constructs a descriptor. + * + * @param syntax syntax + * @param constraint constraint + * @param defValue default value + * @param description description + */ + public Descriptor(String syntax, String constraint, String defValue, String description) { + mSyntax = syntax; + mConstraint = constraint; + mDef = defValue; + mDescription = description; + } + + /** + * Returns the syntax of the property. + * + * @return syntax + */ + public String getSyntax() { + return mSyntax; + } + + /** + * Returns the default value of the property. + * + * @return default value + */ + public String getDefaultValue() { + return mDef; + } + + /** + * Constraint for the given syntax. For example, + * <p> + * - number(1-5): 1-5 is the constraint, and it indicates + * that the number must be in the range of 1 to 5. + * <p> + * - choice(cert,crl): cert,crl is the constraint + * for choice + * <p> + * If null, no constraint shall be enforced. + * <p> + * @return constraint + */ + public String getConstraint() { + return mConstraint; + } + + /** + * Retrieves the description of the property. + * @param locale user locale + * @return description + */ + public String getDescription(Locale locale) { + return mDescription; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/property/EPropertyException.java b/pki/base/common/src/com/netscape/certsrv/property/EPropertyException.java new file mode 100644 index 000000000..3be0aa1ea --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/property/EPropertyException.java @@ -0,0 +1,38 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.property; + + +import com.netscape.certsrv.base.*; + +/** + * This is the base exception for property handling. + * + * @version $Revision$, $Date$ + */ +public class EPropertyException extends EBaseException { + + /** + * Constructs property exception + * + * @param msg exception message + */ + public EPropertyException(String msg) { + super(msg); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/property/IConfigTemplate.java b/pki/base/common/src/com/netscape/certsrv/property/IConfigTemplate.java new file mode 100644 index 000000000..c37d484b8 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/property/IConfigTemplate.java @@ -0,0 +1,70 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.property; + + +import java.util.*; + + +/** + * This interface provides a standard way to describe + * a set of configuration parameters and its associated syntax. + * It provides programmatic methods for querying + * template description. + * <p> + * A plugin, for example, can be described as a + * property template. + * <p> + * + * @version $Revision$, $Date$ + */ +public interface IConfigTemplate { + + /** + * Returns a list of configuration parameter names. + * + * @return parameter names + */ + public Enumeration getConfigNames(); + + /** + * Returns the descriptors of configuration parameter. + * + * @param locale user locale + * @param name configuration parameter name + * @return descriptor + */ + public IDescriptor getConfigDescriptor(Locale locale, String name); + + /** + * Sets configuration parameter. + * + * @param name parameter name + * @param value parameter value + * @exception EPropertyException failed to set parameter + */ + public void setConfig(String name, String value) + throws EPropertyException; + + /** + * Retrieves configuration parameter by name. + * + * @return parameter + */ + public String getConfig(String name); +} diff --git a/pki/base/common/src/com/netscape/certsrv/property/IDescriptor.java b/pki/base/common/src/com/netscape/certsrv/property/IDescriptor.java new file mode 100644 index 000000000..d3db4b494 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/property/IDescriptor.java @@ -0,0 +1,88 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.property; + + +import java.util.*; + + +/** + * This interface represents a property descriptor. + * + * @version $Revision$, $Date$ + */ +public interface IDescriptor { + + // syntax + public static String DATE = "date"; + public static String PASSWORD = "password"; + public static String PRETTY_PRINT = "pretty_print"; + public static String IMAGE_URL = "image_url"; + public static String INTEGER = "integer"; + public static String BOOLEAN = "boolean"; + public static String STRING = "string"; + public static String STRING_LIST = "string_list"; + public static String KEYGEN_REQUEST = "keygen_request"; + public static String KEYGEN_REQUEST_TYPE = "keygen_request_type"; + public static String DUAL_KEYGEN_REQUEST = "dual_keygen_request"; + public static String DUAL_KEYGEN_REQUEST_TYPE = "dual_keygen_request_type"; + public static String CERT_REQUEST = "cert_request"; + public static String CERT_REQUEST_TYPE = "cert_request_type"; + public static String CHOICE = "choice"; // choice of strings + public static String DN = "dn"; + public static String IP = "ip"; + public static String EMAIL = "email"; + + // constraint + public static String READONLY = "readonly"; + public static String HIDDEN = "hidden"; + + /** + * Returns the syntax of the property. + * + * @return syntax + */ + public String getSyntax(); + + /** + * Constraint for the given syntax. For example, + * - number(1-5): 1-5 is the constraint, and it indicates + * that the number must be in the range of 1 to 5. + * - choice(cert,crl): cert,crl is the constraint + * for choice + * If null, no constraint shall be enforced. + * + * @return constraint + */ + public String getConstraint(); + + /** + * Retrieves the description of the property. + * + * @param locale user locale + * @return localized description + */ + public String getDescription(Locale locale); + + /** + * Retrieves the default value of the property. + * + * @return default value + */ + public String getDefaultValue(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/property/PropertySet.java b/pki/base/common/src/com/netscape/certsrv/property/PropertySet.java new file mode 100644 index 000000000..c6d66b43b --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/property/PropertySet.java @@ -0,0 +1,58 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.property; + +import java.util.*; + + +/** + * A set of properties. + */ +public class PropertySet { + + private Hashtable mProperties = new Hashtable(); + + public PropertySet() + { + } + + public void add(String name, IDescriptor desc) + { + mProperties.put(name, desc); + } + + public Enumeration getNames() + { + return mProperties.keys(); + } + + public IDescriptor getDescriptor(String name) + { + return (IDescriptor)mProperties.get(name); + } + + public void remove(String name) + { + mProperties.remove(name); + } + + public int size() + { + return mProperties.size(); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ECompSyntaxErr.java b/pki/base/common/src/com/netscape/certsrv/publish/ECompSyntaxErr.java new file mode 100644 index 000000000..be33dc599 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/publish/ECompSyntaxErr.java @@ -0,0 +1,42 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + + +import com.netscape.certsrv.ldap.*; + + +/** + * This type of exception is thrown in cases where an parsing + * error is found while evaluating a PKI component. An example + * would be in trying to evaluate a PKI authentication message and + * the parsing operation fails due to a missing token. + * + * @version $Revision$ $Date$ + */ +public class ECompSyntaxErr extends ELdapException { + + /** + * Construct a ECompSyntaxErr + * @param errorString The descriptive error condition. + */ + + public ECompSyntaxErr(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/publish/EMapperNotFound.java b/pki/base/common/src/com/netscape/certsrv/publish/EMapperNotFound.java new file mode 100644 index 000000000..16ad10b4d --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/publish/EMapperNotFound.java @@ -0,0 +1,38 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + + +import com.netscape.certsrv.ldap.*; + + +/** + * Exception for Publish Mapper not found. + * + * @version $Revision$ $Date$ + */ +public class EMapperNotFound extends ELdapException { + + /** + * Constructs a exception for a missing required mapper + * @param errorString Detailed error message. + */ + public EMapperNotFound(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/publish/EMapperPluginNotFound.java b/pki/base/common/src/com/netscape/certsrv/publish/EMapperPluginNotFound.java new file mode 100644 index 000000000..6e0a98121 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/publish/EMapperPluginNotFound.java @@ -0,0 +1,39 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + + +import com.netscape.certsrv.ldap.*; + + +/** + * Exception for Mapper Plugin not found. + * + * @version $Revision$ $Date$ + */ +public class EMapperPluginNotFound extends ELdapException { + + /** + * Constructs a exception for a missing mapper plugin + * @param errorString Detailed error message. + */ + public EMapperPluginNotFound(String errorString) { + super(errorString); + } +} + diff --git a/pki/base/common/src/com/netscape/certsrv/publish/EPublisherNotFound.java b/pki/base/common/src/com/netscape/certsrv/publish/EPublisherNotFound.java new file mode 100644 index 000000000..f7198edef --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/publish/EPublisherNotFound.java @@ -0,0 +1,38 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + + +import com.netscape.certsrv.ldap.*; + + +/** + * Exception for Publisher not found. Required for successful publishing. + * + * @version $Revision$ $Date$ + */ +public class EPublisherNotFound extends ELdapException { + + /** + * Constructs a exception for a missing required publisher. + * @param errorString Detailed error message. + */ + public EPublisherNotFound(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/publish/EPublisherPluginNotFound.java b/pki/base/common/src/com/netscape/certsrv/publish/EPublisherPluginNotFound.java new file mode 100644 index 000000000..325207a32 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/publish/EPublisherPluginNotFound.java @@ -0,0 +1,39 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + + +import com.netscape.certsrv.ldap.*; + + +/** + * Exception for Publisher Plugin not found. Plugin implementation is required to actually publish. + * + * @version $Revision$ $Date$ + */ +public class EPublisherPluginNotFound extends ELdapException { + + /** + * Constructs a exception for a missing publisher plugin. + * @param errorString Detailed error message. + */ + public EPublisherPluginNotFound(String errorString) { + super(errorString); + } +} + diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ERuleNotFound.java b/pki/base/common/src/com/netscape/certsrv/publish/ERuleNotFound.java new file mode 100644 index 000000000..8294c6772 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/publish/ERuleNotFound.java @@ -0,0 +1,38 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + + +import com.netscape.certsrv.ldap.*; + + +/** + * Exception for Ldap Publishing Rule not found. + * + * @version $Revision$ $Date$ + */ +public class ERuleNotFound extends ELdapException { + + /** + * Constructs a exception for a missing required rule, which links a publisher and mapper. + * @param errorString Detailed error message. + */ + public ERuleNotFound(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ERulePluginNotFound.java b/pki/base/common/src/com/netscape/certsrv/publish/ERulePluginNotFound.java new file mode 100644 index 000000000..ed1592aab --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/publish/ERulePluginNotFound.java @@ -0,0 +1,39 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + + +import com.netscape.certsrv.ldap.*; + + +/** + * Exception for Publisher Rule plugin not found. Plugin required to implement Ldap Rule. + * + * @version $Revision$ $Date$ + */ +public class ERulePluginNotFound extends ELdapException { + + /** + * Constructs a exception for a missing rule plugin. + * @param errorString Detailed error message. + */ + public ERulePluginNotFound(String errorString) { + super(errorString); + } +} + diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ICRLPublisher.java b/pki/base/common/src/com/netscape/certsrv/publish/ICRLPublisher.java new file mode 100644 index 000000000..d7ac48046 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/publish/ICRLPublisher.java @@ -0,0 +1,106 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + + +import netscape.security.x509.*; +import com.netscape.certsrv.base.*; + + +/** + * This interface represents a CRL publisher that is + * invoked when CRL publishing is requested by CMS. + * Note that CMS, by default, shipped with a LDAP-based + * CRL publisher that can be configured via + * Certificiate Manager/LDAP Publishing panel. This + * interface provides administrator additional capability + * of publishing CRL to different destinations. + * + * The CRL publishing frequency is configured via + * Netscape Certificate Server Console's + * Certificate Manager/Revocation List panel. + * The CRL publishing may occur either everytime a + * certificate is revoked or at a pre-defined interval. + * + * To try out this new CRL publisher mechanism, do + * the following: + * (1) Write a sample CRL publisher class that implements + * ICRLPublisher interface. For example, + * + * <code> + * public class CRLPublisher implements ICRLPublisher + * { + * public void init(ISubsystem owner, IConfigStore config) + * throws EBaseException + * { + * log(ILogger.LL_DEBUG, "CRLPublisher: Initialized"); + * } + * + * public void publish(String issuingPointId, X509CRLImpl crl) + * throws EBaseException + * { + * log(ILogger.LL_DEBUG, "CRLPublisher: " + issuingPointId + + * " crl=" + crl); + * } + * + * public void log(int level, String msg) + * { + * Logger.getLogger().log(ILogger.EV_SYSTEM, + * null, ILogger.S_OTHER, level, + * msg); + * } + * } + * </code> + * + * (2) Compile the class and place the class into + * <server-root>\bin\cert\classes directory. + * (3) Add the following parameter to CMS.cfg + * ca.crlPublisher.class=<implementation class> + * For example, + * ca.crlPublisher.class=myCRLPublisher + * + * @version $Revision$, $Date$ + */ +public interface ICRLPublisher { + + /** + * Initializes this CRL publisher. + * + * @param owner parent of the publisher. An object of type + * CertificateAuthority. + * @param config config store for this publisher. If this + * publisher requires configuration parameters for + * initialization, the parameters should be placed + * in CMS.cfg as ca.crlPublisher.<paramType>=<paramValue> + * @exception EBaseException failed to initialize this publisher + */ + public void init(ISubsystem owner, IConfigStore config) + throws EBaseException; + + /** + * Publishes CRL. This method is invoked by CMS based + * on the configured CRL publishing frequency. + * + * @param issuingPointId CRL issuing point identifier + * (i.e. MasterCRL) + * @param crl CRL that is publishing + * @exception EBaseException failed to publish + */ + public void publish(String issuingPointId, X509CRLImpl crl) + throws EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ILdapCertMapper.java b/pki/base/common/src/com/netscape/certsrv/publish/ILdapCertMapper.java new file mode 100644 index 000000000..51252c55a --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/publish/ILdapCertMapper.java @@ -0,0 +1,70 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + + +import netscape.ldap.*; +import java.util.*; +import java.security.cert.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.ldap.*; + + +/** + * Interface for mapping a X509 certificate to a LDAP entry. + * + * @version $Revision$ $Date$ + */ +public interface ILdapCertMapper extends ILdapPlugin { + + /** + * Returns implementation name. + */ + public String getImplName(); + + /** + * Returns the description of this mapper. + */ + public String getDescription(); + + /** + * Returns the default parameters. + */ + public Vector getDefaultParams(); + + /** + * Returns the instance parameters. + */ + public Vector getInstanceParams(); + + /** + * maps a certificate to a LDAP entry. + * returns dn of the mapped LDAP entry. + * @param conn the LDAP connection + * @param cert the certificate to map + * @param checkForCert whether to check for the presence of the cert + * @exception ELdapException Failed to map. + * @return LdapCertMapResult indicates whether a mapping was successful + * and whether a certificate was found if checkForCert was true. + * If checkForCert was not set the hasCert method in LdapCertMapResult + * should be ignored. + */ + public LdapCertMapResult map(LDAPConnection conn, + X509Certificate cert, boolean checkForCert) + throws ELdapException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ILdapCrlMapper.java b/pki/base/common/src/com/netscape/certsrv/publish/ILdapCrlMapper.java new file mode 100644 index 000000000..5fa549025 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/publish/ILdapCrlMapper.java @@ -0,0 +1,59 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + + +import netscape.ldap.*; +import java.security.cert.*; +import netscape.security.x509.X509CRLImpl; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.ldap.*; + + +/** + * Interface for mapping a CRL to a LDAP entry. + * + * @version $Revision$ $Date$ + */ +public interface ILdapCrlMapper { + + /** + * maps a crl to a LDAP entry. + * returns dn of the mapped LDAP entry. + * @param conn the LDAP connection + * @param crl the CRL to map + * @param checkForCrl whether to check for the presence of the CRL + * @exception ELdapException Failed to map CRL to entry. + * @return LdapCertMapResult indicates whether a mapping was successful + * and whether a certificate was found if checkForCert was true. + * If checkForCert was not set the hasCert method in LdapCertMapResult + * should be ignored. + */ + public LdapCertMapResult + map(LDAPConnection conn, X509CRLImpl crl, boolean checkForCrl) + throws ELdapException; + + /** + * initialize from config store. + * @param config the configuration store to initialize from. + * @exception ELdapException Initialization failed due to Ldap error. + * @exception EBaseException Initialization failed. + */ + public void init(IConfigStore config) + throws ELdapException, EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ILdapExpression.java b/pki/base/common/src/com/netscape/certsrv/publish/ILdapExpression.java new file mode 100644 index 000000000..bc9cda999 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/publish/ILdapExpression.java @@ -0,0 +1,71 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + + +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.ldap.*; + + +/** + * Interface for a Ldap predicate expression. + * + * @version $Revision$, $Date$ + */ +public interface ILdapExpression { + public static final int OP_EQUAL = 1; + public static final int OP_NEQUAL = 2; + public static final int OP_GT = 3; + public static final int OP_LT = 4; + public static final int OP_GE = 5; + public static final int OP_LE = 6; + public static final String EQUAL_STR = "=="; + public static final String NEQUAL_STR = "!="; + public static final String GT_STR = ">"; + public static final String GE_STR = ">="; + public static final String LT_STR = "<"; + public static final String LE_STR = "<="; + + /** + * Evaluate the Expression. + * + * @param sc The SessionContext on which we are applying the condition. + * @return The return value. + * @exception ELdapExeption Failed to evaluate expression. + */ + boolean evaluate(SessionContext sc) + throws ELdapException; + + /** + * Evaluate the Expression. + * + * @param req The PKIRequest on which we are applying the condition. + * @return The return value. + * @exception ELdapExeption Failed to evaluate expression. + */ + boolean evaluate(IRequest req) + throws ELdapException; + + /** + * Convert to a string. + * @return String representation of expression. + */ + public String toString(); +} + diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ILdapMapper.java b/pki/base/common/src/com/netscape/certsrv/publish/ILdapMapper.java new file mode 100644 index 000000000..2201c1bad --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/publish/ILdapMapper.java @@ -0,0 +1,81 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + + +import netscape.ldap.*; +import java.util.*; +import java.security.cert.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.request.IRequest; +import com.netscape.certsrv.ldap.*; + + +/** + * Interface for mapping a X509 certificate to a LDAP entry. + * + * @version $Revision$ $Date$ + */ +public interface ILdapMapper extends ILdapPlugin { + + /** + * Returns implementation name. + */ + public String getImplName(); + + /** + * Returns the description of this mapper. + */ + public String getDescription(); + + /** + * Returns the initial default parameters. + */ + public Vector getDefaultParams(); + + /** + * Returns the current instance parameters. + */ + public Vector getInstanceParams(); + + /** + * maps a certificate to a LDAP entry. + * returns dn of the mapped LDAP entry. + * @param conn the LDAP connection + * @param obj the object to map + * @return dn indicates whether a mapping was successful + * @exception ELdapException Map operation failed. + */ + public String + map(LDAPConnection conn, Object obj) + throws ELdapException; + + /** + * maps a certificate to a LDAP entry. + * returns dn of the mapped LDAP entry. + * @param conn the LDAP connection + * @param r the request to map + * @param obj the object to map + * @return dn indicates whether a mapping was successful + * @exception ELdapException Map operation failed. + */ + public String + map(LDAPConnection conn, IRequest r, Object obj) + throws ELdapException; +} + diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ILdapPlugin.java b/pki/base/common/src/com/netscape/certsrv/publish/ILdapPlugin.java new file mode 100644 index 000000000..700e0c6de --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/publish/ILdapPlugin.java @@ -0,0 +1,46 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + + +import netscape.ldap.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.ldap.*; + + +/** + * Interface for any Ldap plugin. + * + * @version $Revision$ $Date$ + */ +public interface ILdapPlugin { + + /** + * Initialize from config store. + * @param config the configuration store to initialize from. + * @exception ELdapException initialization failed due to Ldap error. + * @exception EBaseException initialization failed. + */ + public void init(IConfigStore config) + throws EBaseException, ELdapException; + + /** + * Return config store. + */ + public IConfigStore getConfigStore(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ILdapPluginImpl.java b/pki/base/common/src/com/netscape/certsrv/publish/ILdapPluginImpl.java new file mode 100644 index 000000000..42e33af5d --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/publish/ILdapPluginImpl.java @@ -0,0 +1,51 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + + +import netscape.ldap.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.ldap.*; + + +/** + * Interface for any ldap plugin. Plugin implementation is defined here. + * + * @version $Revision$ $Date$ + */ +public interface ILdapPluginImpl extends IPluginImpl { + + /** + * initialize from config store. + * @param config the configuration store to initialize from. + * @exception ELdapException initializtion failed due to Ldap error. + * @exception EBaseException initialization failed. + */ + public void init(ISubsystem sys, IConfigStore config) + throws EBaseException, ELdapException; + + /** + * initialize from config store and Isubsystem. + * @param config the configuration store to initialize from. + * @exception ELdapException initializtion failed due to Ldap error. + * @exception EBaseException initialization failed. + */ + public void init(IConfigStore config) + throws EBaseException, ELdapException; + +} diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ILdapPublishModule.java b/pki/base/common/src/com/netscape/certsrv/publish/ILdapPublishModule.java new file mode 100644 index 000000000..6f4b52586 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/publish/ILdapPublishModule.java @@ -0,0 +1,47 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + + +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.request.*; +import java.security.cert.*; +import com.netscape.certsrv.ldap.*; + + +/** + * Handles requests to perform Ldap publishing. + * + * @version $Revision$ $Date$ + */ +public interface ILdapPublishModule extends IRequestListener { + + /** + * initialize ldap publishing module with config store + */ + // public void init(ICertAuthority owner, IConfigStore config) + // throws EBaseException, ELdapException; + + /** + * Accepts completed requests from an authority and + * performs ldap publishing. + * @param request The publishing request. + */ + public void accept(IRequest request); +} + diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ILdapPublisher.java b/pki/base/common/src/com/netscape/certsrv/publish/ILdapPublisher.java new file mode 100644 index 000000000..8b51a8f79 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/publish/ILdapPublisher.java @@ -0,0 +1,86 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + + +import java.util.*; +import netscape.ldap.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.ldap.*; + + +/** + * Interface for publishing certificate or crl to database store. + * + * @version $Revision$ $Date$ + */ +public interface ILdapPublisher extends ILdapPlugin { + public static final String PROP_PREDICATE = "predicate"; + public static final String PROP_ENABLE = "enable"; + public static final String PROP_IMPLNAME = "implName"; + + /** + * Returns the implementation name. + */ + public String getImplName(); + + /** + * Returns the description of the publisher. + */ + public String getDescription(); + + /** + * Returns the current instance parameters. + */ + public Vector getInstanceParams(); + + /** + * Returns the initial default parameters. + */ + public Vector getDefaultParams(); + + /** + * Publish an object. + * + * @param conn a Ldap connection + * (null for non-LDAP publishing) + * @param dn dn of the ldap entry to publish cert + * (null for non-LDAP publishing) + * @param object object to publish + * (java.security.cert.X509Certificate or, + * java.security.cert.X509CRL) + * @exception ELdapException publish failed. + */ + public void publish(LDAPConnection conn, String dn, Object object) + throws ELdapException; + + /** + * Unpublish an object. + * + * @param conn the Ldap connection + * (null for non-LDAP publishing) + * @param dn dn of the ldap entry to unpublish cert + * (null for non-LDAP publishing) + * @param object object to unpublish + * (java.security.cert.X509Certificate) + * @exception ELdapException unpublish failed. + */ + public void unpublish(LDAPConnection conn, String dn, Object object) + throws ELdapException; +} + diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ILdapRule.java b/pki/base/common/src/com/netscape/certsrv/publish/ILdapRule.java new file mode 100644 index 000000000..cbefe9ed6 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/publish/ILdapRule.java @@ -0,0 +1,78 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + + +import java.util.*; +import netscape.ldap.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.ldap.*; + + +/** + * Interface for publishing rule which associates a Publisher with a Mapper. + * + * @version $Revision$ $Date$ + */ +public interface ILdapRule extends ILdapPlugin { + public static final String PROP_PREDICATE = "predicate"; + public static final String PROP_ENABLE = "enable"; + public static final String PROP_IMPLNAME = "implName"; + + /** + * Initialize the plugin. + * @exception EBaseException Initialization failed. + */ + public void init(IPublisherProcessor processor, IConfigStore + config) throws EBaseException; + + /** + * Returns the implementation name. + */ + public String getImplName(); + + /** + * Returns the description of the ldap publisher. + */ + public String getDescription(); + + /** + * Sets the instance name. + */ + public void setInstanceName(String name); + + /** + * Returns the instance name. + */ + public String getInstanceName(); + + /** + * Returns the current instance parameters. + */ + public Vector getInstanceParams(); + + /** + * Returns the initial default parameters. + */ + public Vector getDefaultParams(); + + /** + * Returns true if the rule is enabled, false if it's disabled. + */ + public boolean enabled(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/publish/IPublishRuleSet.java b/pki/base/common/src/com/netscape/certsrv/publish/IPublishRuleSet.java new file mode 100644 index 000000000..245771e75 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/publish/IPublishRuleSet.java @@ -0,0 +1,122 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + + +import java.util.*; +import netscape.ldap.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.common.*; +import com.netscape.certsrv.ldap.*; +import com.netscape.certsrv.request.IRequest; +import com.netscape.certsrv.ldap.*; + + +/** + * Represents a set of publishing rules. Publishing rules are ordered from + * lowest priority to highest priority. The priority assignment for publishing + * rules is not enforced by this interface. Various implementation may + * use different mechanisms such as a linear ordering of publishing rules + * in a configuration file or explicit assignment of priority levels ..etc. + * The publishing rule initialization needs to deal with reading the + * publishing rules, sorting them in increasing order of priority and + * presenting an ordered vector of publishing rules via the IPublishRuleSet + * interface. + * When a request comes, the predicates of the publishing rules will be + * checked in the order to find the first matched publishing rule as the + * mapping rule to (un)publish the object. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IPublishRuleSet { + void init(ISubsystem sys, IConfigStore conf) throws EBaseException; + + /** + * Returns the name of the publishing rule set. + * <P> + * + * @return The name of the publishing rule set. + */ + String getName(); + + /** + * Returns the no of publishing rules in a set. + * <P> + * @return the no of publishing rules. + */ + int count(); + + /** + * Add a publishing rule + * <P> + * + * @param aliasName The name of the publishing rule to be added. + * @param rule rule The publishing rule to be added. + */ + void addRule(String aliasName, ILdapRule rule); + + /** + * Removes a publishing rule identified by the given name. + * + * @param ruleName The name of the publishing rule to be removed. + */ + void removeRule(String ruleName); + + /** + * Get the publishing rule identified by a given name. + * <P> + * + * @param ruleName The name of the publishing rule to be return. + * @return The publishing rule identified by the given name or null if none exists. + */ + ILdapRule getRule(String ruleName); + + /** + * Get the publishing rule identified by a corresponding request. + * <P> + * + * @param req The request from which rule will be identified. + * @return The publishing rule or null if none exists. + */ + ILdapRule getRule(IRequest req); + + /** + * Get an enumeration of publishing rules. + * <P> + * + * @return An enumeration of publishing rules. + */ + Enumeration getRules(); + + /** + * Apply publishing rules on a request. + * The predicates of the publishing rules will be checked in the order + * to find the first matched publishing rule. + * Use the mapper to find the dn of the LDAP entry and use the publisher + * to publish the object in the request. + * <P> + * + * @param conn The Ldap connection + * @param req The request to apply policies on. + * @exception ELdapException publish failed due to Ldap error. + */ + public void publish(LDAPConnection conn, IRequest req) + throws ELdapException; +} + diff --git a/pki/base/common/src/com/netscape/certsrv/publish/IPublisherProcessor.java b/pki/base/common/src/com/netscape/certsrv/publish/IPublisherProcessor.java new file mode 100644 index 000000000..445d0aa15 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/publish/IPublisherProcessor.java @@ -0,0 +1,341 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + + +import java.io.*; +import java.util.*; +import java.net.*; +import java.util.*; +import java.text.*; +import java.math.*; +import java.security.*; +import java.security.cert.X509Certificate; +import netscape.ldap.*; +import java.security.cert.*; +import netscape.security.util.*; +import netscape.security.x509.*; +import com.netscape.certsrv.common.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.logging.*; +import com.netscape.certsrv.dbs.certdb.*; +import com.netscape.certsrv.request.IRequest; +import com.netscape.certsrv.ldap.*; + + +/** + * Controls the publishing process from the top level. Maintains + * a collection of Publishers , Mappers, and Publish Rules. + * + * @version $Revision$ $Date$ + */ + +public interface IPublisherProcessor extends ISubsystem { + + public final static String PROP_PUBLISH_SUBSTORE = "publish"; + public final static String PROP_LDAP_PUBLISH_SUBSTORE = "ldappublish"; + public final static String PROP_QUEUE_PUBLISH_SUBSTORE = "queue"; + + public static final String PROP_LOCAL_CA = "cacert"; + public static final String PROP_LOCAL_CRL = "crl"; + public static final String PROP_CERTS = "certs"; + public static final String PROP_XCERT = "xcert"; + + public static final String PROP_CLASS = "class"; + public static final String PROP_IMPL = "impl"; + public static final String PROP_PLUGIN = "pluginName"; + public static final String PROP_INSTANCE = "instance"; + + public static final String PROP_PREDICATE = "predicate"; + public static final String PROP_ENABLE = "enable"; + public static final String PROP_LDAP = "ldap"; + public static final String PROP_MAPPER = "mapper"; + public static final String PROP_PUBLISHER = "publisher"; + public static final String PROP_TYPE = "type"; + + /** + * + * Returns Hashtable of rule plugins. + */ + + public Hashtable getRulePlugins(); + + /** + * + * Returns Hashtable of rule instances. + */ + + public Hashtable getRuleInsts(); + + /** + * + * Returns Hashtable of mapper plugins. + */ + + public Hashtable getMapperPlugins(); + + /** + * + * Returns Hashtable of publisher plugins. + */ + public Hashtable getPublisherPlugins(); + + /** + * + * Returns Hashtable of rule mapper instances. + */ + public Hashtable getMapperInsts(); + + /** + * + * Returns Hashtable of rule publisher instances. + */ + public Hashtable getPublisherInsts(); + + /** + * + * Returns list of rules based on publishing type. + * @param publishingType Type for which to retrieve rule list. + */ + + public Enumeration getRules(String publishingType); + + /** + * + * Returns list of rules based on publishing type and publishing request. + * @param publishingType Type for which to retrieve rule list. + * @param req Corresponding publish request. + */ + public Enumeration getRules(String publishingType, IRequest req); + + /** + * + * Returns mapper initial default parameters. + * @param implName name of MapperPlugin. + */ + + public Vector getMapperDefaultParams(String implName) throws + ELdapException; + + /** + * + * Returns mapper current instance parameters. + * @param insName name of MapperProxy. + * @exception ELdapException failed due to Ldap error. + */ + + public Vector getMapperInstanceParams(String insName) throws + ELdapException; + + /** + * + * Returns publisher initial default parameters. + * @param implName name of PublisherPlugin. + * @exception ELdapException failed due to Ldap error. + */ + public Vector getPublisherDefaultParams(String implName) throws + ELdapException; + + /** + * + * Returns true if MapperInstance is enabled. + * @param insName name of MapperProxy. + * @return true if enabled. false if disabled. + */ + + public boolean isMapperInstanceEnable(String insName); + + /** + * + * Returns ILdapMapper instance that is currently active. + * @param insName name of MapperProxy. + * @return instance of ILdapMapper. + */ + public ILdapMapper getActiveMapperInstance(String insName); + + /** + * + * Returns ILdapMapper instance based on name of MapperProxy. + * @param insName name of MapperProxy. + * @return instance of ILdapMapper. + */ + public ILdapMapper getMapperInstance(String insName); + + /** + * + * Returns true publisher instance is currently enabled. + * @param insName name of PublisherProxy. + * @return true if enabled. + */ + public boolean isPublisherInstanceEnable(String insName); + + /** + * + * Returns ILdapPublisher instance that is currently active. + * @param insName name of PublisherProxy. + * @return instance of ILdapPublisher. + */ + public ILdapPublisher getActivePublisherInstance(String insName); + + /** + * + * Returns ILdapPublisher instance. + * @param insName name of PublisherProxy. + * @return instance of ILdapPublisher. + */ + public ILdapPublisher getPublisherInstance(String insName); + + /** + * + * Returns Vector of PublisherIntance's current instance parameters. + * @param insName name of PublisherProxy. + * @return Vector of current instance parameters. + */ + public Vector getPublisherInstanceParams(String insName) throws + ELdapException; + + /** + * + * Returns Vector of RulePlugin's initial default parameters. + * @param implName name of RulePlugin. + * @return Vector of initial default parameters. + * @exception ELdapException failed due to Ldap error. + */ + public Vector getRuleDefaultParams(String implName) throws + ELdapException; + + /** + * + * Returns Vector of RulePlugin's current instance parameters. + * @param implName name of RulePlugin. + * @return Vector of current instance parameters. + * @exception ELdapException failed due to Ldap error. + */ + public Vector getRuleInstanceParams(String implName) throws + ELdapException; + + /** + * Set published flag - true when published, false when unpublished. + * Not exist means not published. + * @param serialNo serial number of publishable object. + * @param published true for published, false for not. + */ + public void setPublishedFlag(BigInteger serialNo, boolean published); + + /** + * Publish ca cert, UpdateDir.java, jobs, request listeners + * @param cert X509 certificate to be published. + * @exception ELdapException publish failed due to Ldap error. + */ + public void publishCACert(X509Certificate cert) + throws ELdapException; + + /** + * This function is never called. CMS does not unpublish + * CA certificate. + */ + public void unpublishCACert(X509Certificate cert) + throws ELdapException; + + /** + * Publishs regular user certificate based on the criteria + * set in the request. + * @param cert X509 certificate to be published. + * @param req request which provides the criteria + * @exception ELdapException publish failed due to Ldap error. + */ + public void publishCert(X509Certificate cert, IRequest req) + throws ELdapException; + + /** + * Unpublish user certificate. This is used by + * UnpublishExpiredJob. + * @param cert X509 certificate to be unpublished. + * @param req request which provides the criteria + * @exception ELdapException unpublish failed due to Ldap error. + */ + public void unpublishCert(X509Certificate cert, IRequest req) + throws ELdapException; + + /** + * publishes a crl by mapping the issuer name in the crl to an entry + * and publishing it there. entry must be a certificate authority. + * Note that this is used by cmsgateway/cert/UpdateDir.java + * @param crl Certificate Revocation List + * @param crlIssuingPointId name of the issuing point. + * @exception ELdapException publish failed due to Ldap error. + */ + public void publishCRL(X509CRLImpl crl,String crlIssuingPointId) + throws ELdapException; + + /** + * publishes a crl by mapping the issuer name in the crl to an entry + * and publishing it there. entry must be a certificate authority. + * @param dn Distinguished name to publish. + * @param crl Certificate Revocation List + * @exception ELdapException publish failed due to Ldap error. + */ + public void publishCRL(String dn, X509CRL crl) + throws ELdapException; + + /** + * + * Return true if Ldap is enabled. + * @return true if Ldap is enabled,otherwise false. + */ + + public boolean ldapEnabled(); + + /** + * + * Return true of PublisherProcessor is enabled. + * @return true if is enabled, otherwise false. + * + */ + public boolean enabled(); + + /** + * + * Return Authority for which this Processor operates. + * @return Authority. + */ + + public ISubsystem getAuthority(); + + /** + * + * Perform logging function for this Processor. + * @param level Log level to be used for this message + * @param msg Message to be logged. + */ + + public void log(int level, String msg); + + /** + * + * Returns LdapConnModule belonging to this Processor. + * @return LdapConnModule. + */ + public ILdapConnModule getLdapConnModule(); + + /** + * Sets the LdapConnModule belonging to this Processor. + * @param m ILdapConnModule. + */ + public void setLdapConnModule(ILdapConnModule m); +} diff --git a/pki/base/common/src/com/netscape/certsrv/publish/IXcertPublisherProcessor.java b/pki/base/common/src/com/netscape/certsrv/publish/IXcertPublisherProcessor.java new file mode 100644 index 000000000..f9a47a1c5 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/publish/IXcertPublisherProcessor.java @@ -0,0 +1,39 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + + +import com.netscape.certsrv.ldap.*; + + +/** + * Interface for a publisher that has the capability of publishing + * cross certs + * + * @version $Revision$, $Date$ + */ +public interface IXcertPublisherProcessor extends IPublisherProcessor { + + /** + * Publish crossCertificatePair. + * @param pair Byte array representing cert pair. + * @exception EldapException publish failed due to Ldap error. + */ + public void publishXCertPair(byte[] pair) + throws ELdapException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/publish/LdapCertMapResult.java b/pki/base/common/src/com/netscape/certsrv/publish/LdapCertMapResult.java new file mode 100644 index 000000000..4444fc947 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/publish/LdapCertMapResult.java @@ -0,0 +1,58 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + + +import com.netscape.certsrv.ldap.*; + + +/** + * Class that represents the result of a Ldap Mapping operation. + * certificate map result: + * Represented by a mapped entry as a DN and whether entry has the certificate. + * + * @version $Revision$ $Date$ + */ +public class LdapCertMapResult { + private String mDn; + private boolean mHasCert; + + /** + * Constructs ldap cert map result with a dn and hasCert boolean. + */ + public LdapCertMapResult(String dn, boolean hasCert) { + mDn = dn; + mHasCert = hasCert; + } + + /** + * Gets DN from the result. + * @return Distinguished Name. + */ + public String getDn() { + return mDn; + } + + /** + * Gets whether the ldap entry had a certificate from result. + * @return true if cert is present, false otherwise. + */ + public boolean hasCert() { + return mHasCert; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/publish/MapperPlugin.java b/pki/base/common/src/com/netscape/certsrv/publish/MapperPlugin.java new file mode 100644 index 000000000..56a8f92dd --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/publish/MapperPlugin.java @@ -0,0 +1,45 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + + +import java.util.*; +import java.lang.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.ldap.*; +import com.netscape.certsrv.publish.*; + + +/** + * This class represents a registered mapper plugin. + * <P> + * + * @version $Revision$, $Date$ + */ +public class MapperPlugin extends Plugin { + + /** + * Constructs a MapperPlugin based on a name and a path. + * @param id Name of plugin. + * @param path Classpath of plugin. + */ + public MapperPlugin (String id, String path) { + super(id, path); + } +} + diff --git a/pki/base/common/src/com/netscape/certsrv/publish/MapperProxy.java b/pki/base/common/src/com/netscape/certsrv/publish/MapperProxy.java new file mode 100644 index 000000000..9a80083f6 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/publish/MapperProxy.java @@ -0,0 +1,64 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + + +import com.netscape.certsrv.ldap.*; +import com.netscape.certsrv.publish.*; + + +/** + * + * Class representing a LdapMapper. + * + * @version $Revision$ $Date$ + */ + +public class MapperProxy { + private boolean mEnable; + private ILdapMapper mMapper; + + /** + * + * Contructs MapperProxy . + * @param enable Enabled or not. + * @param mapper Corresponding ILdapMapper object. + */ + public MapperProxy(boolean enable, ILdapMapper mapper) { + mEnable = enable; + mMapper = mapper; + } + + /** + * + * Returns if enabled. + * @return true if enabled, otherwise false. + */ + public boolean isEnable() { + return mEnable; + } + + /** + * + * Returns ILdapMapper object. + * @return Intance of ILdapMapper object. + */ + public ILdapMapper getMapper() { + return mMapper; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/publish/PublisherPlugin.java b/pki/base/common/src/com/netscape/certsrv/publish/PublisherPlugin.java new file mode 100644 index 000000000..7408e9cbf --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/publish/PublisherPlugin.java @@ -0,0 +1,45 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + + +import com.netscape.certsrv.base.*; +import java.util.*; +import java.lang.*; +import com.netscape.certsrv.ldap.*; + + +/** + * This class represents a registered publisher plugin. + * <P> + * + * @version $Revision$, $Date$ + */ +public class PublisherPlugin extends Plugin { + + /** + * + * Constructs a PublisherPlugin based on name and classpath. + * @param id name of plugin. + * @param path Classpath of plugin. + */ + public PublisherPlugin (String id, String path) { + super(id, path); + } +} + diff --git a/pki/base/common/src/com/netscape/certsrv/publish/PublisherProxy.java b/pki/base/common/src/com/netscape/certsrv/publish/PublisherProxy.java new file mode 100644 index 000000000..5a126cf9b --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/publish/PublisherProxy.java @@ -0,0 +1,63 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + + +import com.netscape.certsrv.ldap.*; +import com.netscape.certsrv.publish.*; + + +/** + * + * Class representing a proxy for a ILdapPublisher. + * + * @version $Revision$ $Date$ + */ + + +public class PublisherProxy { + private boolean mEnable; + private ILdapPublisher mPublisher; + + /** + * + * Constructs a PublisherProxy based on a ILdapPublisher object and enabled boolean. + * @param enable Proxy is enabled or not. + * @param publisher Corresponding ILdapPublisher object. + */ + public PublisherProxy(boolean enable, ILdapPublisher publisher) { + mEnable = enable; + mPublisher = publisher; + } + + /** + * Return if enabled or not. + * @return true if enabled, otherwise false. + */ + public boolean isEnable() { + return mEnable; + } + + /** + * Return ILdapPublisher object. + * @return Instance of ILdapPublisher. + */ + public ILdapPublisher getPublisher() { + return mPublisher; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/publish/RulePlugin.java b/pki/base/common/src/com/netscape/certsrv/publish/RulePlugin.java new file mode 100644 index 000000000..1de355906 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/publish/RulePlugin.java @@ -0,0 +1,42 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + + +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.ldap.*; + + +/** + * This class represents a registered Publishing Rule plugin. + * <P> + * + * @version $Revision$, $Date$ + */ +public class RulePlugin extends Plugin { + + /** + * + * Constructs a RulePlugin based on name and classpath. + * @param id name of RulePlugin. + * @param path Classpath of RulePlugin. + */ + public RulePlugin (String id, String path) { + super(id, path); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/ra/IRAService.java b/pki/base/common/src/com/netscape/certsrv/ra/IRAService.java new file mode 100644 index 000000000..09b37e39c --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/ra/IRAService.java @@ -0,0 +1,74 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.ra; + + +import java.io.*; +import java.net.*; +import java.util.*; +import java.math.*; +import java.security.*; +import java.security.cert.*; +import netscape.security.x509.*; +import netscape.security.util.*; + +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.policy.*; +import com.netscape.certsrv.connector.*; +import com.netscape.certsrv.publish.*; +import com.netscape.certsrv.request.*; + + +/** + * An interface representing a RA request services. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IRAService extends IService { + + /** + * Services request. + * + * @param req request data + */ + public boolean serviceRequest(IRequest req); + + /** + * Services profile request. + * + * @param request profile enrollment request information + * @exception EBaseException failed to service profile enrollment request + */ + public void serviceProfileRequest(IRequest request) + throws EBaseException; + + /** + * Returns CA connector. + * + * @return CA connector + */ + public IConnector getCAConnector(); + + /** + * Returns KRA connector. + * + * @return KRA connector + */ + public IConnector getKRAConnector(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/ra/IRegistrationAuthority.java b/pki/base/common/src/com/netscape/certsrv/ra/IRegistrationAuthority.java new file mode 100644 index 000000000..9eb438c4f --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/ra/IRegistrationAuthority.java @@ -0,0 +1,175 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.ra; + + +import java.io.*; +import java.net.*; +import java.util.*; +import java.math.*; +import java.security.*; +import java.security.cert.*; +import netscape.security.x509.*; +import netscape.security.util.*; + +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.policy.*; +import com.netscape.certsrv.publish.*; +import com.netscape.certsrv.request.*; + + +/** + * An interface represents a Registration Authority that is + * responsible for certificate enrollment operations. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IRegistrationAuthority extends ISubsystem { + public static final String ID = "ra"; + + public static final String PROP_POLICY = "Policy"; + public static final String PROP_REGISTRATION = "Registration"; + public static final String PROP_GATEWAY = "gateway"; + public static final String PROP_NICKNAME = "certNickname"; + //public final static String PROP_PUBLISH_SUBSTORE = "publish"; + //public final static String PROP_LDAP_PUBLISH_SUBSTORE = "ldappublish"; + public final static String PROP_CONNECTOR = "connector"; + public final static String PROP_NEW_NICKNAME = "newNickname"; + + // for the notification listeners + public final static String PROP_NOTIFY_SUBSTORE = "notification"; + public final static String PROP_CERT_ISSUED_SUBSTORE = "certIssued"; + public final static String PROP_CERT_REVOKED_SUBSTORE = "certRevoked"; + public final static String PROP_REQ_IN_Q_SUBSTORE = "requestInQ"; + + /** + * Retrieves the request queue of this registration authority. + * + * @return RA's request queue + */ + public IRequestQueue getRequestQueue(); + + /** + * Retrieves the publishing processor of this registration authority. + * + * @return RA's publishing processor + */ + public IPublisherProcessor getPublisherProcessor(); + + /** + * Retrieves the policy processor of this registration authority. + * + * @return RA's policy processor + */ + public IPolicyProcessor getPolicyProcessor(); + + /** + * Retrieves the RA certificate. + * + * @return the RA certificate + */ + public org.mozilla.jss.crypto.X509Certificate getRACert(); + + /** + * Retrieves the request in queue listener. + * + * @return the request in queue listener + */ + public IRequestListener getRequestInQListener(); + + /** + * Retrieves the request listener for issued certificates. + * + * @return the request listener for issued certificates + */ + public IRequestListener getCertIssuedListener(); + + /** + * Retrieves the request listener for revoked certificates. + * + * @return the request listener for revoked certificates + */ + public IRequestListener getCertRevokedListener(); + + /** + * Returns the nickname of the RA certificate. + * + * @return the nickname of the RA certificate + */ + public String getNickname(); + + /** + * Retrieves the nickname of the RA certificate from configuration store. + * + * @return the nickname of the RA certificate + * @exception EBaseException failed to get nickname + */ + public String getNewNickName() throws EBaseException; + + /** + * Sets the new nickname of the RA certifiate. + * + * @param name new nickname + */ + public void setNewNickName(String name); + + /** + * Sets the nickname of the RA certifiate. + * + * @param str nickname + */ + public void setNickname(String str); + + /** + * Retrieves the default validity period. + * + * @return the default validity length in days + */ + public long getDefaultValidity(); + + /** + * Retrieves the issuer name of this registration authority. + * + * @return the issuer name of this registration authority + */ + public X500Name getX500Name(); + + /** + * Retrieves the RA service object that is responsible for + * processing requests. + * + * @return RA service object + */ + public IRAService getRAService(); + + /** + * Retrieves the request listener by name. + * + * @param name request listener name + * @return the request listener + */ + public IRequestListener getRequestListener(String name); + + /** + * Retrieves all request listeners. + * + * @return name enumeration of all request listeners + */ + public Enumeration getRequestListenerNames(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/registry/ERegistryException.java b/pki/base/common/src/com/netscape/certsrv/registry/ERegistryException.java new file mode 100644 index 000000000..6d9f89d5d --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/registry/ERegistryException.java @@ -0,0 +1,39 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.registry; + + +import com.netscape.certsrv.base.*; + + +/** + * This represents a registry exception. + * + * @version $Revision$, $Date$ + */ +public class ERegistryException extends EBaseException { + + /** + * Constructs a registry exception. + * + * @param msg message carried along with the exception + */ + public ERegistryException(String msg) { + super(msg); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/registry/IPluginInfo.java b/pki/base/common/src/com/netscape/certsrv/registry/IPluginInfo.java new file mode 100644 index 000000000..b7bdfbf2c --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/registry/IPluginInfo.java @@ -0,0 +1,65 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.registry; + + +import java.util.*; +import com.netscape.certsrv.base.*; + + +/** + * The plugin information includes name, + * class name, and description. The localizable + * name and description are information + * for end-users. + * <p> + * + * The class name can be used to create + * an instance of the plugin. + * <p> + * + * @version $Revision$, $Date$ + */ +public interface IPluginInfo { + + /** + * Retrieves the localized plugin name. + * + * @param locale end-user locale + * @return plugin name + */ + public String getName(Locale locale); + + /** + * Retrieves the localized plugin description. + * + * @param locale end-user locale + * @return plugin description + */ + public String getDescription(Locale locale); + + /** + * Retrieves the class name of the plugin. + * Instance of plugin can be created with + * <p> + * Class.forName(info.getClassName()); + * + * @return java class name + */ + public String getClassName(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/registry/IPluginRegistry.java b/pki/base/common/src/com/netscape/certsrv/registry/IPluginRegistry.java new file mode 100644 index 000000000..d567e8f46 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/registry/IPluginRegistry.java @@ -0,0 +1,91 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.registry; + + +import java.util.*; +import com.netscape.certsrv.base.*; + + +/** + * This represents the registry subsystem that manages + * mulitple types of plugin information. + * + * The plugin information includes id, name, + * classname, and description. + * + * @version $Revision$, $Date$ + */ +public interface IPluginRegistry extends ISubsystem { + + public static final String ID = "registry"; + + /** + * Returns handle to the registry configuration file. + * + * @return configuration store of registry subsystem + */ + public IConfigStore getFileConfigStore(); + + /** + * Returns all type names. + * + * @return a list of String-based names + */ + public Enumeration getTypeNames(); + + /** + * Returns a list of plugin identifiers of the given type. + * + * @param type plugin type + * @return a list of plugin IDs + */ + public Enumeration getIds(String type); + + /** + * Retrieves the plugin information. + * + * @param type plugin type + * @param id plugin id + * @return plugin info + */ + public IPluginInfo getPluginInfo(String type, String id); + + /** + * Adds plugin info. + * + * @param type plugin type + * @param id plugin id + * @param info plugin info + * @exception ERegistryException failed to add plugin + */ + public void addPluginInfo(String type, String id, IPluginInfo info) + throws ERegistryException; + + /** + * Removes plugin info. + */ + public void removePluginInfo(String type, String id) + throws ERegistryException; + + /** + * Creates a pluginInfo + */ + public IPluginInfo createPluginInfo(String name, String desc, + String classPath); +} diff --git a/pki/base/common/src/com/netscape/certsrv/request/ARequestNotifier.java b/pki/base/common/src/com/netscape/certsrv/request/ARequestNotifier.java new file mode 100644 index 000000000..a2704eed1 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/request/ARequestNotifier.java @@ -0,0 +1,538 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + + +import java.util.*; +import java.math.*; + +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.apps.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.ldap.*; +import com.netscape.certsrv.logging.ILogger; +import com.netscape.certsrv.ca.ICertificateAuthority; +import com.netscape.certsrv.publish.IPublisherProcessor; + +/** + * The ARequestNotifier class implements the IRequestNotifier interface, + * which notifies all registered request listeners. + * + * @version $Revision$, $Date$ + */ +public class ARequestNotifier implements IRequestNotifier { + private Hashtable mListeners = new Hashtable(); + private Vector mNotifierThreads = new Vector(); + private Vector mRequests = new Vector(); + private int mMaxRequests = 100; + private boolean mSearchForRequests = false; + private int mMaxThreads = 1; + private ICertificateAuthority mCA = null; + private boolean mIsPublishingQueueEnabled = false; + private int mPublishingQueuePriority = 0; + private int mMaxPublishingQueuePageSize = 1; + private IRequestQueue mRequestQueue = null; + private String mPublishingStatus = null; + private int mSavePublishingStatus = 0; + private int mSavePublishingCounter = 0; + + + public ARequestNotifier() { + mPublishingQueuePriority = Thread.currentThread().getPriority(); + } + + public ARequestNotifier (ICertificateAuthority ca) { + mCA = ca; + if (mCA != null) mRequestQueue = mCA.getRequestQueue(); + } + + public void setPublishingQueue (boolean isPublishingQueueEnabled, + int publishingQueuePriorityLevel, + int maxNumberOfPublishingThreads, + int publishingQueuePageSize, + int savePublishingStatus) { + CMS.debug("setPublishingQueue: Publishing Queue Enabled: " + isPublishingQueueEnabled+ + " Priority Level: " + publishingQueuePriorityLevel+ + " Maximum Number of Threads: " + maxNumberOfPublishingThreads+ + " Page Size: "+ publishingQueuePageSize); + mIsPublishingQueueEnabled = isPublishingQueueEnabled; + mMaxThreads = maxNumberOfPublishingThreads; + mMaxRequests = publishingQueuePageSize; + mSavePublishingStatus = savePublishingStatus; + + // Publishing Queue Priority Levels: 2 - maximum, 1 - higher, 0 - normal, -1 - lower, -2 - minimum + if (publishingQueuePriorityLevel > 1) { + mPublishingQueuePriority = Thread.MAX_PRIORITY; + } else if (publishingQueuePriorityLevel > 0) { + mPublishingQueuePriority = (Thread.currentThread().getPriority() + Thread.MAX_PRIORITY) / 2; + } else if (publishingQueuePriorityLevel < -1) { + mPublishingQueuePriority = Thread.MIN_PRIORITY; + } else if (publishingQueuePriorityLevel < 0) { + mPublishingQueuePriority = (Thread.currentThread().getPriority() + Thread.MIN_PRIORITY) / 2; + } else { + mPublishingQueuePriority = Thread.currentThread().getPriority(); + } + + if (mCA != null && mRequestQueue == null) mRequestQueue = mCA.getRequestQueue(); + if (mIsPublishingQueueEnabled && mSavePublishingStatus > 0 && mRequestQueue != null) { + mPublishingStatus = mRequestQueue.getPublishingStatus(); + BigInteger status = new BigInteger("-2"); + try { + status = new BigInteger(mPublishingStatus); + if (status.compareTo(BigInteger.ZERO) > -1) { + recoverPublishingQueue(mPublishingStatus); + } + } catch (Exception e) { + } + } + + } + + /** + * Registers a request listener. + * + * @param listener listener to be registered + */ + public void registerListener(IRequestListener listener) { + // XXX should check for duplicates here or allow listeners + // to register twice and call twice ? + mListeners.put(listener.getClass().getName(), listener); + } + + /** + * Registers a request listener. + * + * @param name listener name + * @param listener listener to be registered + */ + public void registerListener(String name, IRequestListener listener) { + mListeners.put(name, listener); + } + + /** + * Removes listener from the list of registered listeners. + * + * @param listener listener to be removed from the list + */ + public void removeListener(IRequestListener listener) { + // XXX should check for duplicates here or allow listeners + // to register twice and call twice ? + mListeners.remove(listener.getClass().getName()); + } + + /** + * Gets list of listener names. + * + * @return enumeration of listener names + */ + public Enumeration getListenerNames() { + return mListeners.keys(); + } + + /** + * Removes listener from the list of registered listeners. + * + * @param name listener name to be removed from the list + */ + public void removeListener(String name) { + mListeners.remove(name); + } + + /** + * Gets listener from the list of registered listeners. + * + * @param name listener name + * @return listener + */ + public IRequestListener getListener(String name) { + return (IRequestListener) mListeners.get(name); + } + + /** + * Gets list of listeners. + * + * @return enumeration of listeners + */ + public Enumeration getListeners() { + return mListeners.elements(); + } + + + private Object publishingCounterMonitor = new Object(); + + public void updatePublishingStatus(String id) { + if (mRequestQueue != null) { + synchronized (publishingCounterMonitor) { + if (mSavePublishingCounter == 0) { + CMS.debug("updatePublishingStatus requestId: "+id); + mRequestQueue.setPublishingStatus(id); + } + mSavePublishingCounter++; + CMS.debug("updatePublishingStatus mSavePublishingCounter: "+mSavePublishingCounter+ + " mSavePublishingStatus: "+mSavePublishingStatus); + if (mSavePublishingCounter >= mSavePublishingStatus) { + mSavePublishingCounter = 0; + } + } + } else { + CMS.debug("updatePublishingStatus mRequestQueue == null"); + } + } + + /** + * Gets request from publishing queue. + * + * @return request + */ + public synchronized IRequest getRequest() { + IRequest r = null; + String id = null; + + CMS.debug("getRequest mRequests=" + mRequests.size() + " mSearchForRequests=" + mSearchForRequests); + if (mSearchForRequests && mRequests.size() == 1) { + id = (String)mRequests.elementAt(0); + if (mCA != null && mRequestQueue == null) mRequestQueue = mCA.getRequestQueue(); + if (id != null && mRequestQueue != null) { + CMS.debug("getRequest request id=" + id); + IRequestVirtualList list = mRequestQueue.getPagedRequestsByFilter( + new RequestId(id), + "(requeststate=complete)", mMaxRequests, "requestId"); + int s = list.getSize() - list.getCurrentIndex(); + CMS.debug("getRequest list size: "+s); + for (int i = 0; i < s; i++) { + r = null; + try { + r = list.getElementAt(i); + } catch (Exception e) { + // handled below + } + if (r == null) { + continue; + } + String requestType = r.getRequestType(); + if (requestType == null) { + continue; + } + if (!(requestType.equals(IRequest.ENROLLMENT_REQUEST) || + requestType.equals(IRequest.RENEWAL_REQUEST) || + requestType.equals(IRequest.REVOCATION_REQUEST) || + requestType.equals(IRequest.CMCREVOKE_REQUEST) || + requestType.equals(IRequest.UNREVOCATION_REQUEST))) { + continue; + } + if (i == 0 && id.equals(r.getRequestId().toString())) { + if (s == 1) { + break; + } else { + continue; + } + } + if (mRequests.size() < mMaxRequests) { + mRequests.addElement(r.getRequestId().toString()); + CMS.debug("getRequest added "+r.getRequestType()+" request "+r.getRequestId().toString()+ + " to mRequests: " + mRequests.size()+" ("+mMaxRequests+")"); + } else { + break; + } + } + CMS.debug("getRequest done with adding requests to mRequests: " + mRequests.size()); + } else { + CMS.debug("getRequest has no access to the request queue"); + } + } + if (mRequests.size() > 0) { + id = (String)mRequests.elementAt(0); + if (id != null) { + CMS.debug("getRequest getting request: " + id); + if (mCA != null && mRequestQueue == null) mRequestQueue = mCA.getRequestQueue(); + if (mRequestQueue != null) { + try { + r = mRequestQueue.findRequest(new RequestId(id)); + mRequests.remove(0); + CMS.debug("getRequest request "+ id + ((r != null)?" found":" not found")); + //updatePublishingStatus(id); + } catch (EBaseException e) { + CMS.debug("getRequest EBaseException " + e.toString()); + } + } else { + CMS.debug("getRequest has no access to the request queue"); + } + } + if (mRequests.size() == 0) { + mSearchForRequests = false; + } + } + CMS.debug("getRequest mRequests=" + mRequests.size() + " mSearchForRequests=" + mSearchForRequests + " done"); + + return r; + } + + /** + * Gets number of requests in publishing queue. + * + * @return number of requests in publishing queue + */ + public int getNumberOfRequests() { + return mRequests.size(); + } + + /** + * Checks if publishing queue is enabled. + * + * @return true if publishing queue is enabled, false otherwise + */ + public boolean isPublishingQueueEnabled() { + return mIsPublishingQueueEnabled; + } + + /** + * Removes a notifier thread from the pool of publishing queue threads. + * + * @param notifierThread Thread + */ + public void removeNotifierThread(Thread notifierThread) { + if (mNotifierThreads.size() > 0) { + mNotifierThreads.remove(notifierThread); + if (mNotifierThreads.size() == 0) { + mRequestQueue.setPublishingStatus("-1"); + } + } + CMS.debug("Number of publishing threads: " + mNotifierThreads.size()); + } + + /** + * Notifies all registered listeners about request. + * + * @param r request + */ + public void notify(IRequest r) { + CMS.debug("ARequestNotifier notify mIsPublishingQueueEnabled="+mIsPublishingQueueEnabled+ + " mMaxThreads="+mMaxThreads); + if (mIsPublishingQueueEnabled) { + addToNotify(r); + } else if (mMaxThreads == 0) { + Enumeration listeners = mListeners.elements(); + if (listeners != null && r != null) { + while (listeners.hasMoreElements()) { + IRequestListener l = (IRequestListener) listeners.nextElement(); + CMS.debug("RunListeners: IRequestListener = " + l.getClass().getName()); + l.accept(r); + } + } + } else { + // spawn a seperate thread to call the listeners and return. + try { + new Thread(new RunListeners(r, mListeners.elements())).start(); + } catch (Throwable e) { + + /* + CMS.getLogger().log( + ILogger.EV_SYSTEM, ILogger.S_REQQUEUE, ILogger.LL_FAILURE, + "Could not run listeners for request " + r.getRequestId() + + ". Error " + e + ";" + e.getMessage()); + */ + } + } + } + + /** + * Checks for available publishing connections + * + * @return true if there are available publishing connections, false otherwise + */ + private boolean checkAvailablePublishingConnections() { + boolean availableConnections = false; + + IPublisherProcessor pp = null; + if (mCA != null) pp = mCA.getPublisherProcessor(); + if (pp != null && pp.enabled()) { + ILdapConnModule ldapConnModule = pp.getLdapConnModule(); + if (ldapConnModule != null) { + ILdapConnFactory ldapConnFactory = ldapConnModule.getLdapConnFactory(); + if (ldapConnFactory != null) { + CMS.debug("checkAvailablePublishingConnections maxConn: " + ldapConnFactory.maxConn() + + " totalConn: " + ldapConnFactory.totalConn()); + if (ldapConnFactory.maxConn() > ldapConnFactory.totalConn()) { + availableConnections = true; + } + } else { + CMS.debug("checkAvailablePublishingConnections ldapConnFactory is not accessible"); + } + } else { + CMS.debug("checkAvailablePublishingConnections ldapConnModule is not accessible"); + } + } else { + CMS.debug("checkAvailablePublishingConnections PublisherProcessor is not " + + ((pp != null)?"enabled":"accessible")); + } + + return availableConnections; + } + + /** + * Checks if more publishing threads can be added. + * + * @return true if more publishing threads can be added, false otherwise + */ + private boolean morePublishingThreads() { + boolean moreThreads = false; + + if (mNotifierThreads.size() == 0) { + moreThreads = true; + } else if (mNotifierThreads.size() < mMaxThreads) { + CMS.debug("morePublishingThreads ("+mRequests.size()+">"+ + ((mMaxRequests * mNotifierThreads.size()) / mMaxThreads)+ + " "+"("+mMaxRequests+"*"+mNotifierThreads.size()+"):"+mMaxThreads); + // gradually add new publishing threads + if (mRequests.size() > ((mMaxRequests * mNotifierThreads.size()) / mMaxThreads)) { + // check for available publishing connections + if (checkAvailablePublishingConnections()) { + moreThreads = true; + } + } + } + CMS.debug("morePublishingThreads moreThreads: " + moreThreads); + + return moreThreads; + } + + + /** + * Notifies all registered listeners about request. + * + * @param r request + */ + public synchronized void addToNotify(IRequest r) { + if (!mSearchForRequests) { + if (mRequests.size() < mMaxRequests) { + mRequests.addElement(r.getRequestId().toString()); + CMS.debug("addToNotify extended buffer to "+mRequests.size()+"("+mMaxRequests+")"+ + " requests by adding request "+r.getRequestId().toString()); + if (morePublishingThreads()) { + try { + Thread notifierThread = new Thread(new RunListeners((IRequestNotifier)this)); + if (notifierThread != null) { + mNotifierThreads.addElement(notifierThread); + CMS.debug("Number of publishing threads: " + mNotifierThreads.size()); + if (mPublishingQueuePriority > 0) { + notifierThread.setPriority(mPublishingQueuePriority); + } + notifierThread.start(); + } + } catch (Throwable e) { + CMS.debug("addToNotify exception: " + e.toString()); + } + } + } else { + mSearchForRequests = true; + } + } + } + + + /** + * Recovers publishing queue. + * + * @param id request request + */ + public void recoverPublishingQueue(String id) { + CMS.debug("recoverPublishingQueue mRequests.size()="+mRequests.size()+"("+mMaxRequests+")"+ + " requests by adding request "+id); + if (mRequests.size() == 0) { + mRequests.addElement(id); + CMS.debug("recoverPublishingQueue extended buffer to "+mRequests.size()+"("+mMaxRequests+")"+ + " requests by adding request "+id); + if (morePublishingThreads()) { + mSearchForRequests = true; + try { + Thread notifierThread = new Thread(new RunListeners((IRequestNotifier)this)); + if (notifierThread != null) { + mNotifierThreads.addElement(notifierThread); + CMS.debug("Number of publishing threads: " + mNotifierThreads.size()); + if (mPublishingQueuePriority > 0) { + notifierThread.setPriority(mPublishingQueuePriority); + } + notifierThread.start(); + } + } catch (Throwable e) { + CMS.debug("recoverPublishingQueue exception: " + e.toString()); + } + } + } + } +} + + +/** + * The RunListeners class implements Runnable interface. + * This class executes notification of registered listeners. + */ +class RunListeners implements Runnable { + IRequest mRequest = null; + Enumeration mListeners = null; + IRequestNotifier mRequestNotifier = null; + + /** + * RunListeners class constructor. + * + * @param r request + * @param listeners list of listeners + */ + public RunListeners(IRequest r, Enumeration listeners) { + mRequest = r; + mListeners = listeners; + } + + /** + * RunListeners class constructor. + * + * @param r request + * @param listeners list of listeners + */ + public RunListeners(IRequestNotifier requestNotifier) { + mRequestNotifier = requestNotifier; + mListeners = mRequestNotifier.getListeners(); + } + + /** + * RunListeners thread implementation. + */ + public void run() { + CMS.debug("RunListeners::"+((mRequestNotifier != null && mRequestNotifier.getNumberOfRequests() > 0)?" Queue: "+mRequestNotifier.getNumberOfRequests():" noQueue")+ + " "+((mRequest != null)?" SingleRequest":" noSingleRequest")); + do { + if (mRequestNotifier != null) mRequest = (IRequest)mRequestNotifier.getRequest(); + if (mListeners != null && mRequest != null) { + while (mListeners.hasMoreElements()) { + IRequestListener l = (IRequestListener) mListeners.nextElement(); + CMS.debug("RunListeners: IRequestListener = " + l.getClass().getName()); + l.accept(mRequest); + } + if (mRequestNotifier != null) { + CMS.debug("RunListeners: mRequest = " + mRequest.getRequestId().toString()); + mRequestNotifier.updatePublishingStatus(mRequest.getRequestId().toString()); + } + } + CMS.debug("RunListeners: "+((mRequestNotifier != null && mRequestNotifier.getNumberOfRequests() > 0)?" Queue: "+mRequestNotifier.getNumberOfRequests():" noQueue")+ + " "+((mRequest != null)?" SingleRequest":" noSingleRequest")); + if (mRequestNotifier != null) mListeners = mRequestNotifier.getListeners(); + } while (mRequestNotifier != null && mRequestNotifier.getNumberOfRequests() > 0); + + if (mRequestNotifier != null) mRequestNotifier.removeNotifierThread(Thread.currentThread()); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/request/AgentApproval.java b/pki/base/common/src/com/netscape/certsrv/request/AgentApproval.java new file mode 100644 index 000000000..5e41b54f2 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/request/AgentApproval.java @@ -0,0 +1,64 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + + +import java.io.Serializable; + +import java.util.Date; + + +/** + * The AgentApproval class contains the record of a + * single agent approval. + * + * @version $Revision$, $Date$ + */ +public class AgentApproval + implements Serializable { + + /** + * Returns the approving agent's user name. + * + * @return an identifier for the agent + */ + public String getUserName() { + return mUserName; + } + + /** + * Returns the date of the approval + * + * @return date and time of the approval + */ + public Date getDate() { + return mDate; + } + + /** + * AgentApproval class constructor + * + * @param userName user name of the approving agent + */ + AgentApproval(String userName) { + mUserName = userName; + } + + String mUserName; + Date mDate = new Date(); /* CMS.getCurrentDate(); */ +} diff --git a/pki/base/common/src/com/netscape/certsrv/request/AgentApprovals.java b/pki/base/common/src/com/netscape/certsrv/request/AgentApprovals.java new file mode 100644 index 000000000..9bd7fa857 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/request/AgentApprovals.java @@ -0,0 +1,156 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + + +import java.io.Serializable; + +import java.util.Date; +import java.util.Enumeration; +import java.util.Vector; + + +/** + * A collection of AgentApproval objects. + * <single-threaded> + * + * @version $Revision$, $Date$ + */ +public class AgentApprovals + implements Serializable { + + /** + * Adds an approval to approval's list. + * <p> + * If an approval is already present for this user, + * it is updated with a new date. Otherwise a new + * value is inserted. + * + * @param userName user name of the approving agent + */ + public void addApproval(String userName) { + AgentApproval a = findApproval(userName); + + // update existing approval + if (a != null) { + a.mDate = new Date(); /* CMS.getCurrentDate(); */ + return; + } + + a = new AgentApproval(userName); + mVector.addElement(a); + } + + /** + * Removes an approval from approval's list. + * <p> + * If there is no approval for this userName, this + * call does nothing. + * + * @param userName user name of the approving agent + */ + public void removeApproval(String userName) { + AgentApproval a = findApproval(userName); + + if (a != null) + mVector.removeElement(a); + } + + /** + * Finds an existing AgentApproval for the named user. + * + * @param userName user name of the approving agent + * @return an AgentApproval object + */ + public AgentApproval findApproval(String userName) { + AgentApproval a = null; + + // search + for (int i = 0; i < mVector.size(); i++) { + a = (AgentApproval) mVector.elementAt(i); + + if (a.mUserName.equals(userName)) break; + } + + return a; + } + + /** + * Returns an enumeration of the agent approvals + * + * @return an enumeration of the agent approvals + */ + public Enumeration elements() { + return mVector.elements(); + } + + /** + * Returns the AgentApprovals as a Vector of strings. + * Each entry in the vector is of the format: + * epoch;username + * where epoch is the date.getTime() + * <p> + * This is used for serialization in Request.setExtData(). + * @return The string vector. + */ + public Vector toStringVector() { + Vector retval = new Vector(mVector.size()); + for (int i = 0; i < mVector.size(); i++) { + AgentApproval a = (AgentApproval) mVector.elementAt(i); + retval.add(a.getDate().getTime() + ";" + a.getUserName()); + } + + return retval; + } + + /** + * Recreates an AgentApprovals instance from a Vector of strings that + * was created by toStringVector(). + * @param stringVector The vector of strings to translate + * @return the AgentApprovals instance or null if it can't be translated. + */ + public static AgentApprovals fromStringVector(Vector stringVector) { + if (stringVector == null) { + return null; + } + AgentApprovals approvals = new AgentApprovals(); + for (int i = 0; i < stringVector.size(); i++) { + try { + String approvalString = (String)stringVector.get(i); + String[] parts = approvalString.split(";", 2); + if (parts.length != 2) { + return null; + } + Long epoch = new Long(parts[0]); + Date date = new Date(epoch.longValue()); + + AgentApproval approval = new AgentApproval(parts[1]); + approval.mDate = date; + + approvals.mVector.add(approval); + } catch (ClassCastException e) { + return null; + } catch (NumberFormatException e) { + return null; + } + } + return approvals; + } + + protected Vector mVector = new Vector(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/request/IEnrollmentRequest.java b/pki/base/common/src/com/netscape/certsrv/request/IEnrollmentRequest.java new file mode 100644 index 000000000..e7036d1ec --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/request/IEnrollmentRequest.java @@ -0,0 +1,31 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + + +/** + * An example of a more specialized request interface. + * This version (currently) doesn't supply any additional + * data, but is implementated only for testing and + * demonstration purposes. + * + * @version $Revision$, $Date$ + */ +public interface IEnrollmentRequest + extends IRequest { +} diff --git a/pki/base/common/src/com/netscape/certsrv/request/INotify.java b/pki/base/common/src/com/netscape/certsrv/request/INotify.java new file mode 100644 index 000000000..d4ff15b7c --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/request/INotify.java @@ -0,0 +1,41 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + + +/** + * The INotify interface defines operations that are invoked + * when a request is completely processed. A class implementing + * this interface may be registered with a IRequestQueue. + * The interface will be invoked when a request is completely + * serviced by the IService object. + * + * @version $Revision$ $Date$ + */ +public interface INotify { + + /** + * Provides notification that a request has been completed. + * The implementation may use values stored in the IRequest + * object, and may implement any type publishing (such as email + * or writing values into a directory) + * + * @param request the request that is completed. + */ + public void notify(IRequest request); +} diff --git a/pki/base/common/src/com/netscape/certsrv/request/IPolicy.java b/pki/base/common/src/com/netscape/certsrv/request/IPolicy.java new file mode 100644 index 000000000..d74a32a43 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/request/IPolicy.java @@ -0,0 +1,53 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + + +/** + * Interface to a policy. The policy evaluates the request for + * correctness and completeness. It may change or add to values + * stored in the request. The policy object also decides + * whether a request should be queue to await approval by + * an agent. + * FUTURE: In this case, the policy should set the + * 'agentGroup' entry in the request to indicate the group + * of agents allowed to perform further processing. If none + * is set, a default value ("defaultAgentGroup") will be + * set instead. + * + * @version $Revision$, $Date$ + */ +public interface IPolicy { + + /** + * Applies the policy check to the request. The policy should + * determine whether the request can be processed immediately, + * or should be held pending manual approval. + * <p> + * The policy can update fields in the request, to add additional values + * or to restrict the values to pre-determined ranges. + * <p> + * @param request + * the request to check + * @return + * a result code indicating the result of the evaluation. The + * processor will determine the next request processing step based + * on this value + */ + PolicyResult apply(IRequest request); +} diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequest.java b/pki/base/common/src/com/netscape/certsrv/request/IRequest.java new file mode 100644 index 000000000..f54352ce1 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/request/IRequest.java @@ -0,0 +1,729 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + + +//import java.io.Serializable; + +import com.netscape.certsrv.authentication.AuthToken; +import com.netscape.certsrv.authentication.IAuthToken; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.IAttrSet; +import netscape.security.x509.RevokedCertImpl; +import netscape.security.x509.X509CertImpl; +import netscape.security.x509.X509CertInfo; +import netscape.security.x509.CertificateExtensions; +import netscape.security.x509.CertificateSubjectName; + +import java.math.BigInteger; +import java.util.Date; +import java.util.Enumeration; +import java.util.Hashtable; +import java.util.Locale; +import java.util.Vector; + + +/** + * An interface that defines abilities of request objects, + * + * @version $Revision$, $Date$ + */ +public interface IRequest { + + public static final String REQ_VERSION = "requestVersion"; + + public static final String REQ_STATUS = "requestStatus"; + public static final String REQ_TYPE = "requestType"; + public static final String REQ_FORMAT = "requestFormat"; + + // request type values. + public static final String ENROLLMENT_REQUEST = "enrollment"; + public static final String RENEWAL_REQUEST = "renewal"; + public static final String REVOCATION_REQUEST = "revocation"; + public static final String CMCREVOKE_REQUEST = "CMCRevReq"; + public static final String UNREVOCATION_REQUEST = "unrevocation"; + public static final String KEYARCHIVAL_REQUEST = "archival"; + public static final String KEYRECOVERY_REQUEST = "recovery"; + public static final String KEY_RECOVERY_REQUEST = "keyRecovery"; + public static final String KEY_ARCHIVAL_REQUEST = "keyArchival"; + public static final String GETCACHAIN_REQUEST = "getCAChain"; + public static final String GETREVOCATIONINFO_REQUEST = "getRevocationInfo"; + public static final String GETCRL_REQUEST = "getCRL"; + public static final String GETCERTS_REQUEST = "getCertificates"; + public static final String REVOCATION_CHECK_CHALLENGE_REQUEST = "revocationChallenge"; + public static final String GETCERT_STATUS_REQUEST = "getCertStatus"; + public static final String GETCERTS_FOR_CHALLENGE_REQUEST = "getCertsForChallenge"; + public static final String CLA_CERT4CRL_REQUEST = "cert4crl"; + public static final String CLA_UNCERT4CRL_REQUEST = "uncert4crl"; + public static final String NETKEY_KEYGEN_REQUEST = "netkeyKeygen"; + public static final String NETKEY_KEYRECOVERY_REQUEST = "netkeyKeyRecovery"; + + public static final String REQUESTOR_NAME = "csrRequestorName"; + public static final String REQUESTOR_PHONE = "csrRequestorPhone"; + public static final String REQUESTOR_EMAIL = "csrRequestorEmail"; + public static final String REQUESTOR_COMMENTS = "csrRequestorComments"; + + // request attributes for all + public static final String AUTH_TOKEN = "AUTH_TOKEN"; + public static final String HTTP_PARAMS = "HTTP_PARAMS"; + public static final String HTTP_HEADERS = "HTTP_HEADERS"; + // Params added by agents on agent approval page + public static final String AGENT_PARAMS = "AGENT_PARAMS"; + // server attributes: attributes generated by server modules. + public static final String SERVER_ATTRS = "SERVER_ATTRS"; + + public static final String RESULT = "Result"; // service result. + public static final Integer RES_SUCCESS = Integer.valueOf(1); // result value + public static final Integer RES_ERROR = Integer.valueOf(2); // result value + public static final String REMOTE_SERVICE_AUTHORITY = "RemServiceAuthority"; + public static final String SVCERRORS = "serviceErrors"; + public static final String REMOTE_STATUS = "remoteStatus"; + public static final String REMOTE_REQID = "remoteReqID"; + public static final String CERT_STATUS = "certStatus"; + + // enrollment request attributes (from http request) + public static final String CERT_TYPE = "certType"; + public static final String CRMF_REQID = "crmfReqId"; + public static final String PKCS10_REQID = "pkcs10ReqId"; + // CMC request attributes + public static final String CMC_REQIDS = "cmcReqIds"; + public static final String CMC_TRANSID = "transactionId"; + public static final String CMC_SENDERNONCE = "senderNonce"; + public static final String CMC_RECIPIENTNONCE = "recipientNonce"; + public static final String CMC_REGINFO = "regInfo"; + + // enrollment request attributes (generated internally) + // also used for renewal + public static final String CERT_INFO = "CERT_INFO"; + public static final String ISSUED_CERTS = "issuedCerts"; + public static final String + REQUEST_TRUSTEDMGR_PRIVILEGE = "requestTrustedManagerPrivilege"; + public static final String FINGERPRINTS = "fingerprints"; + + // enrollment request values + public static final String SERVER_CERT = "server"; + public static final String CLIENT_CERT = "client"; + public static final String CA_CERT = "ca"; + public static final String RA_CERT = "ra"; + public static final String OCSP_CERT = "ocsp"; + public static final String OBJECT_SIGNING_CERT = "objSignClient"; + public static final String OTHER_CERT = "other"; + public static final String ROUTER_CERT = "router"; // deprecated + public static final String CEP_CERT = "CEP-Request"; + + // renewal request attributes. (internally set) + // also used for revocation + public static final String OLD_CERTS = "OLD_CERTS"; + public static final String OLD_SERIALS = "OLD_SERIALS"; + public static final String ISSUERDN = "issuerDN"; + + // revocation request attributes (internally set) + public static final String REVOKED_CERTS = "revokedCerts"; + public static final String REVOKED_REASON = "revocationReason"; + // CCA -> CLA request attributes + public static final String REVOKED_CERT_RECORDS = "revokedCertRecs"; + // crl update status after a revocation. + public final static String CRL_UPDATE_STATUS = "crlUpdateStatus"; + public final static String CRL_UPDATE_ERROR = "crlUpdateError"; + public final static String CRL_PUBLISH_STATUS = "crlPublishStatus"; + public final static String CRL_PUBLISH_ERROR = "crlPublishError"; + public static final String REQUESTOR_TYPE = "requestorType"; + + // Netkey request attributes + public final static String NETKEY_ATTR_CUID = "CUID"; + public final static String NETKEY_ATTR_USERID = "USERID"; + public final static String NETKEY_ATTR_DRMTRANS_DES_KEY = "drm_trans_desKey"; + public final static String NETKEY_ATTR_ARCHIVE_FLAG ="archive"; + public final static String NETKEY_ATTR_SERVERSIDE_MUSCLE_FLAG ="serverSideMuscle"; + public final static String NETKEY_ATTR_ENC_PRIVKEY_FLAG ="encryptPrivKey"; + public final static String NETKEY_ATTR_USER_CERT = "cert"; + public final static String NETKEY_ATTR_KEY_SIZE = "keysize"; + + // requestor type values. + public static final String REQUESTOR_EE = "EE"; + public static final String REQUESTOR_RA = "RA"; + public static final String REQUESTOR_NETKEY_RA = "NETKEY_RA"; + public static final String REQUESTOR_KRA = "KRA"; + public static final String REQUESTOR_AGENT = "Agent"; + + // others (internally set) + public final static String CACERTCHAIN = "CACertChain"; + public final static String CRL = "CRL"; + public final static String DOGETCACHAIN = "doGetCAChain"; + public final static String CERT_FILTER = "certFilter"; + + // used by policy + public static final String ERRORS = "errors"; + public static final String SMIME = "SMIME"; + public static final String OBJECT_SIGNING = "ObjectSigning"; + public static final String SSL_CLIENT = "SSLClient"; + + /** + * Gets the primary identifier for this request. + * + * @return request id + */ + RequestId getRequestId(); + + /** + * Gets the current state of this request. + * + * @return request status + */ + RequestStatus getRequestStatus(); + + /** + * Gets the "sourceId" for the request. The sourceId is + * assigned by the originator of the request (for example, + * the EE servlet or the RA servlet. + * <p> + * The sourceId should be unique so that it can be used + * to retrieve request later without knowing the locally + * assigned primary id (RequestID) + * <p> + * @return + * the sourceId value (or null if none has been set) + */ + public String getSourceId(); + + /** + * Sets the "sourceId" for this request. The request must be updated + * in the database for this change to take effect. This can be done + * by calling IRequestQueue.update() or by performing one of the + * other operations like processRequest or approveRequest. + * + * @param id source id for this request + */ + public void setSourceId(String id); + + /** + * Gets the current owner of this request. + * + * @return request owner + */ + public String getRequestOwner(); + + /** + * Sets the current owner of this request. + * + * @param owner + * The new owner of this request. If this value is set to null + * there will be no current owner + */ + public void setRequestOwner(String owner); + + /** + * Gets the type of this request. + * + * @return request type + */ + public String getRequestType(); + + /** + * Sets the type or this request. + * + * @param type request type + */ + public void setRequestType(String type); + + /** + * Gets the version of this request. + * + * @return request version + */ + public String getRequestVersion(); + + /** + * Gets the time this request was created. + * + * @return request creation time + */ + Date getCreationTime(); + + /** + * Gets the time this request was last modified (defined + * as updated in the queue) (See IRequestQueue.update) + * + * @return request last modification time + */ + Date getModificationTime(); + + /* + * Attribute names for performing searches. + */ + public final static String ATTR_REQUEST_OWNER = "requestOwner"; + public final static String ATTR_REQUEST_STATUS = "requestStatus"; + public final static String ATTR_SOURCE_ID = "requestSourceId"; + public final static String ATTR_REQUEST_TYPE = "requestType"; + + /* + * Other attributes stored in the attribute set + */ + public final static String UPDATED_BY = "updatedBy"; + // String error messages + public static final String ERROR = "Error"; + + /** + * Copies meta attributes (excluding request Id, etc.) of another request + * to this request. + * + * @param req another request + */ + public void copyContents(IRequest req); + + /** + * Gets context of this request. + * + * @return request context + */ + public String getContext(); + + /** + * Sets context of this request. + * + * @param ctx request context + */ + public void setContext(String ctx); + + /** + * Sets status of this request. + * + * @param s request status + */ + public void setRequestStatus(RequestStatus s); + + /** + * Gets status of connector transfer. + * + * @return status of connector transfer + */ + public boolean isSuccess(); + + /** + * Gets localized error message from connector transfer. + * + * @param locale request locale + * @return error message from connector transfer + */ + public String getError(Locale locale); + + + /************************************************************** + * ExtData data methods: + * + * These methods should be used in place of the mAttrData methods + * deprecated above. + * + * These methods all store Strings in LDAP. This means they can no longer + * be used as a garbage dump for all sorts of objects. A limited number + * of helper methods are provided for Vectors/Arrays/Hashtables but the + * keys and values for all of these should be Strings. + * + * The keys are used in the LDAP attribute names, and so much obey LDAP + * key syntax rules: A-Za-z0-9 and hyphen. + */ + + /** + * Sets an Extended Data string-key string-value pair. + * All keys are lower cased because LDAP does not preserve case. + * + * @param key The extended data key + * @param value The extended data value + * @return false if key is invalid. + */ + public boolean setExtData(String key, String value); + + /** + * Sets an Extended Data string-key string-value pair. + * The key and hashtable keys are all lowercased because LDAP does not + * preserve case. + * + * @param key The extended data key + * @param value The extended data value + * the Hashtable contains an illegal key. + * @return false if the key or hashtable keys are invalid + */ + public boolean setExtData(String key, Hashtable value); + + /** + * Checks whether the key is storing a simple String value, or a complex + * (Vector/hashtable) structure. + * @param key The key to check for. + * @return True if the key maps to a string. False if it maps to a + * hashtable. + */ + public boolean isSimpleExtDataValue(String key); + + /** + * Returns the String value stored for the String key. Returns null + * if not found. Throws exception if key stores a complex data structure + * (Vector/Hashtable). + * @param key The key to lookup (case-insensitive) + * @return The value associated with the key. null if not found or if the + * key is associated with a non-string value. + */ + public String getExtDataInString(String key); + + /** + * Returns the Hashtable value for the String key. Returns null if not + * found. Throws exception if the key stores a String value. + * + * The Hashtable returned is actually a subclass of Hashtable that + * lowercases all keys used to access the hashtable. Its purpose is to + * to make lookups seemless, but be aware it is not a normal hashtable and + * might behave strangely in some cases (e.g., iterating keys) + * + * @param key The key to lookup (case-insensitive) + * @return The hashtable value associated with the key. null if not found + * or if the key is associated with a string-value. + */ + public Hashtable getExtDataInHashtable(String key); + + /** + * Returns all the keys stored in ExtData + * @return Enumeration of all the keys. + */ + public Enumeration getExtDataKeys(); + + /** + * Stores an array of Strings in ExtData. + * The indices of the array are used as subkeys. + * @param key the ExtData key + * @param values the array of string values to store + * @return False if the key is invalid + */ + public boolean setExtData(String key, String[] values); + + /** + * Retrieves an array of Strings stored with the key. + * This only works if the data was stored as an array. If the data + * is not correct, this method will return null. + * @param key The ExtData key + * @return The value. Null if not found or the data isn't an array. + */ + public String[] getExtDataInStringArray(String key); + + /** + * Removes the value of an extdata attribute. + * + * @param type key to delete + */ + void deleteExtData(String type); + + /***************************** + * Helper methods for ExtData + ****************************/ + + /** + * Helper method to add subkey/value pair to a ExtData hashtable. + * If the hashtable it exists, the subkey/value are added to it. Otherwise + * a new hashtable is created. + * + * The key and subkey are lowercased because LDAP does not preserve case. + * + * @param key The top level key + * @param subkey The hashtable data key + * @param value The hashtable value + * @return False if the key or subkey are invalid + */ + public boolean setExtData(String key, String subkey, String value); + + /** + * Helper method to retrieve an individual value from a Hashtable value. + * @param key the ExtData key + * @param subkey the key in the Hashtable value (case insensitive) + * @return the value corresponding to the key/subkey + */ + public String getExtDataInString(String key, String subkey); + + /** + * Helper method to store an Integer value. It converts the integer value + * to a String and stores it. + * + * @param key the ExtData key + * @param value the Integer to store (as a String) + * @return False if the key or value are invalid + */ + public boolean setExtData(String key, Integer value); + + /** + * Retrieves an integer value. Returns null if not found or + * the value can't be represented as an Integer. + * + * @param key The ExtData key to lookup + * @return The integer value or null if not possible. + */ + public Integer getExtDataInInteger(String key); + + /** + * Stores an array of Integers + * @param key The extdata key + * @param values The array of Integers to store + * @return false if the key is invalid + */ + public boolean setExtData(String key, Integer[] values); + + /** + * Retrieves an array of Integers + * @param key The extdata key + * @return The array of Integers or null on error. + */ + public Integer[] getExtDataInIntegerArray(String key); + + /** + * Helper method to store a BigInteger value. It converts the integer value + * to a String and stores it. + * + * @param key the ExtData key + * @param value the BigInteger to store (as a String) + * @return False if the key or value are invalid + */ + public boolean setExtData(String key, BigInteger value); + + /** + * Retrieves a BigInteger value. Returns null if not found or + * the value can't be represented as a BigInteger. + * + * @param key The ExtData key to lookup + * @return The integer value or null if not possible. + */ + public BigInteger getExtDataInBigInteger(String key); + + /** + * Stores an array of BigIntegers + * @param key The extdata key + * @param values The array of BigIntegers to store + * @return false if the key is invalid + */ + public boolean setExtData(String key, BigInteger[] values); + + /** + * Retrieves an array of BigIntegers + * @param key The extdata key + * @return The array of BigIntegers or null on error. + */ + public BigInteger[] getExtDataInBigIntegerArray(String key); + + /** + * Helper method to store an exception. + * It actually stores the e.toString() value. + * + * @param key The ExtData key to store under + * @param e The throwable to store + * @return False if the key is invalid. + */ + public boolean setExtData(String key, Throwable e); + + /** + * Stores a byte array as base64 encoded text + * @param key The ExtData key + * @param data The byte array to store + * @return False if the key is invalid. + */ + public boolean setExtData(String key, byte[] data); + + /** + * Retrieves the data, which should be base64 encoded as a byte array. + * @param key The ExtData key + * @return The data, or null if an error occurs. + */ + public byte[] getExtDataInByteArray(String key); + + /** + * Stores a X509CertImpl as base64 encoded text using the getEncode() + * method. + * @param key The ExtData key + * @param data certificate + * @return False if the key is invalid. + */ + public boolean setExtData(String key, X509CertImpl data); + + /** + * Retrieves the data, which should be base64 encoded as a byte array. + * @param key The ExtData key + * @return The data, or null if an error occurs. + */ + public X509CertImpl getExtDataInCert(String key); + + /** + * Stores an array of X509CertImpls as a base64 encoded text. + * @param key The ExtData key + * @param data The array of certs to store + * @return False if the key or data is invalid. + */ + public boolean setExtData(String key, X509CertImpl[] data); + + /** + * Retrieves an array of X509CertImpl. + * @param key The ExtData key + * @return Array of certs, or null if not found or invalid data. + */ + public X509CertImpl[] getExtDataInCertArray(String key); + + /** + * Stores a X509CertInfo as base64 encoded text using the getEncodedInfo() + * method. + * @param key The ExtData key + * @param data certificate + * @return False if the key is invalid. + */ + public boolean setExtData(String key, X509CertInfo data); + + /** + * Retrieves the data, which should be base64 encoded as a byte array. + * @param key The ExtData key + * @return The data, or null if an error occurs. + */ + public X509CertInfo getExtDataInCertInfo(String key); + + /** + * Stores an array of X509CertInfos as a base64 encoded text. + * @param key The ExtData key + * @param data The array of cert infos to store + * @return False if the key or data is invalid. + */ + public boolean setExtData(String key, X509CertInfo[] data); + + /** + * Retrieves an array of X509CertInfo. + * @param key The ExtData key + * @return Array of cert infos, or null if not found or invalid data. + */ + public X509CertInfo[] getExtDataInCertInfoArray(String key); + + /** + * Stores an array of RevokedCertImpls as a base64 encoded text. + * @param key The ExtData key + * @param data The array of cert infos to store + * @return False if the key or data is invalid. + */ + public boolean setExtData(String key, RevokedCertImpl[] data); + + /** + * Retrieves an array of RevokedCertImpl. + * @param key The ExtData key + * @return Array of cert infos, or null if not found or invalid data. + */ + public RevokedCertImpl[] getExtDataInRevokedCertArray(String key); + + /** + * Stores the contents of the String Vector in ExtData. + * TODO - as soon as we're allowed to use JDK5 this should be changed + * to use Vector<String> data. + * + * Note that modifications to the Vector are not automatically reflected + * after it is stored. You must call set() again to make the changes. + * + * @param key The extdata key to store + * @param data A vector of Strings to store + * @return False on key error or invalid data. + */ + public boolean setExtData(String key, Vector data); + + /** + * Returns a vector of strings for the key. + * Note that the returned vector, if modified, does not make changes + * in ExtData. You must call setExtData() to propogate changes back + * into ExtData. + * + * @param key The extdata key + * @return A Vector of strings, or null on error. + */ + public Vector getExtDataInStringVector(String key); + + /** + * Gets boolean value for given type or default value + * if attribute is absent. + * + * @param type attribute type + * @param defVal default attribute value + * @return attribute value + */ + boolean getExtDataInBoolean(String type, boolean defVal); + + + /** + * Gets extdata boolean value for given type or default value + * if attribute is absent for this request with this prefix. + * + * @param prefix request prefix + * @param type attribute type + * @param defVal default attribute value + * @return attribute value + */ + public boolean getExtDataInBoolean(String prefix, String type, boolean defVal); + + + /** + * Stores an AuthToken the same as a Hashtable. + * @param key The ExtData key + * @param data The authtoken to store + * @return False if the key or data is invalid. + */ + public boolean setExtData(String key, IAuthToken data); + + /** + * Retrieves an authtoken. + * @param key The ExtData key + * @return AuthToken, or null if not found or invalid data. + */ + public IAuthToken getExtDataInAuthToken(String key); + + /** + * Stores a CertificateExtensions in extdata. + * @param key The ExtData key + * @param data The CertificateExtensions to store + * @return False if the key or data is invalid. + */ + public boolean setExtData(String key, CertificateExtensions data); + + /** + * Retrieves the CertificateExtensions associated with the key. + * @param key The ExtData key + * @return the object, or null if not found or invalid data. + */ + public CertificateExtensions getExtDataInCertExts(String key); + + /** + * Stores a CertificateSubjectName in extdata. + * @param key The ExtData key + * @param data The CertificateSubjectName to store + * @return False if the key or data is invalid. + */ + public boolean setExtData(String key, CertificateSubjectName data); + + /** + * Retrieves the CertificateSubjectName associated with the key. + * @param key The ExtData key + * @return the object, or null if not found or invalid data. + */ + public CertificateSubjectName getExtDataInCertSubjectName(String key); + + /** + * This method returns an IAttrSet wrapper for the IRequest. + * Use of this method is strongly discouraged. It provides extremely + * limited functionality, and is only provided for the two places IRequest + * is being used as such in the code. If you are considering using this + * method, please don't. + * + * @return IAttrSet wrapper with basic "get" functionality. + * @deprecated + */ + public IAttrSet asIAttrSet(); + +} diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequestList.java b/pki/base/common/src/com/netscape/certsrv/request/IRequestList.java new file mode 100644 index 000000000..a01ceb8cd --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/request/IRequestList.java @@ -0,0 +1,58 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + + +import java.util.Enumeration; + + +/** + * An interface providing a list of RequestIds that match + * some criteria. It could be a list of all elements in a + * queue, or just some defined sub-set. + * + * @version $Revision$, $Date$ + */ +public interface IRequestList + extends Enumeration { + + /** + * Gets the next RequestId from this list. null is + * returned when there are no more elements in the list. + * <p> + * Callers should be sure there is another element in the + * list by calling hasMoreElements first. + * <p> + * @return next request id + */ + RequestId nextRequestId(); + + /** + * Gets next request from the list. + * + * @return next request + */ + public Object nextRequest(); + + /** + * Gets next request Object from the list. + * + * @return next request + */ + public IRequest nextRequestObject(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequestListener.java b/pki/base/common/src/com/netscape/certsrv/request/IRequestListener.java new file mode 100644 index 000000000..29adf3a0f --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/request/IRequestListener.java @@ -0,0 +1,55 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + + +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.request.*; + + +/** + * An interface that defines abilities of request listener, + * + * @version $Revision$, $Date$ + */ +public interface IRequestListener { + + /** + * Initializes request listener for the specific subsystem + * and configuration store. + * + * @param sub subsystem + * @param config configuration store + */ + public void init(ISubsystem sub, IConfigStore config) throws EBaseException; + + /** + * Accepts request. + * + * @param request request + */ + public void accept(IRequest request); + + /** + * Sets attribute. + * + * @param name attribute name + * @param val attribute value + */ + public void set(String name, String val); +} diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequestNotifier.java b/pki/base/common/src/com/netscape/certsrv/request/IRequestNotifier.java new file mode 100644 index 000000000..7cf31557f --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/request/IRequestNotifier.java @@ -0,0 +1,133 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + + +import java.util.*; +import com.netscape.certsrv.request.*; + + +/** + * IRequestNotifier interface defines methods to register listeners, + * + * @version $Revision$, $Date$ + */ +public interface IRequestNotifier extends INotify { + + /** + * Registers a request listener. + * + * @param listener listener to be registered + */ + public void registerListener(IRequestListener listener); + + /** + * Registers a request listener. + * + * @param name listener name + * @param listener listener to be registered + */ + public void registerListener(String name, IRequestListener listener); + + /** + * Removes listener from the list of registered listeners. + * + * @param listener listener to be removed from the list + */ + public void removeListener(IRequestListener listener); + + /** + * Removes listener from the list of registered listeners. + * + * @param name listener name to be removed from the list + */ + public void removeListener(String name); + + /** + * Gets list of listener names. + * + * @return enumeration of listener names + */ + public Enumeration getListenerNames(); + + /** + * Gets listener from the list of registered listeners. + * + * @param name listener name + * @return listener + */ + public IRequestListener getListener(String name); + + /** + * Gets list of listeners. + * + * @return enumeration of listeners + */ + public Enumeration getListeners(); + + /** + * Gets request from publishing queue. + * + * @return request + */ + public IRequest getRequest(); + + /** + * Gets number of requests in publishing queue. + * + * @return number of requests in publishing queue + */ + public int getNumberOfRequests(); + + /** + * Checks if publishing queue is enabled. + * + * @return true if publishing queue is enabled, false otherwise + */ + public boolean isPublishingQueueEnabled(); + + /** + * Removes a notifier thread from the pool of publishing queue threads. + * + * @param notifierThread Thread + */ + public void removeNotifierThread(Thread notifierThread); + + /** + * Notifies all registered listeners about request. + * + * @param r request + */ + public void addToNotify(IRequest r); + + /** + * Sets publishing queue parameters. + * + * @param isPublishingQueueEnabled publishing queue switch + * @param publishingQueuePriorityLevel publishing queue priority level + * @param maxNumberOfPublishingThreads maximum number of publishing threads + * @param publishingQueuePageSize publishing queue page size + */ + public void setPublishingQueue (boolean isPublishingQueueEnabled, + int publishingQueuePriorityLevel, + int maxNumberOfPublishingThreads, + int publishingQueuePageSize, + int savePublishingStatus); + + public void updatePublishingStatus(String id); +} diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequestQueue.java b/pki/base/common/src/com/netscape/certsrv/request/IRequestQueue.java new file mode 100644 index 000000000..9b2edf9b4 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/request/IRequestQueue.java @@ -0,0 +1,414 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + +import java.math.*; +import java.util.Enumeration; +import com.netscape.certsrv.dbs.repository.IRepository; + +import com.netscape.certsrv.base.EBaseException; + + +/** + * The IRequestQueue interface defines the operations on + * a collection of requests within the certificate server. + * There are may several collections, such as KRA, RA and CA + * requests. Each of these request collection has a defined + * set of policies, a notification service (for request + * completion) and a service routine. The request queue + * provides an interface for creating and viewing requests, + * as well as performing operations on them. + * <p> + * @version $Revision$ $Date$ + */ +public interface IRequestQueue { + + /** + * Creates a new request object. A request id is + * assigned to it - see IRequest.getRequestId, and + * the status is set to RequestStatus.BEGIN + * <p> + * The request is LOCKED. The caller MUST release the + * request object by calling releaseRequest(). + * <p> + * TODO: provide other required values (such as type + * and sourceId) + * + * @param requestType request type + * @return new request + * @exception EBaseException failed to create new request + */ + public IRequest newRequest(String requestType) + throws EBaseException; + + /** + * Clones a request object. A new request id is assigned + * and all attributes of the request is copied to cloned request, + * except for the sourceID of the original request + * (remote authority's request Id). + * <p> + * The cloned request that is returned is LOCKED. The caller MUST + * release the request object by calling releaseRequest(). + * + * @param r request to be cloned + * @return cloned request + * @exception EBaseException failed to clone request + */ + public IRequest cloneRequest(IRequest r) + throws EBaseException; + + /** + * Gets the Request corresponding to id. + * Returns null if the id does not correspond + * to a valid request id. + * <p> + * Errors may be generated for other conditions. + * + * @param id request id + * @return found request + * @exception EBaseException failed to access request queue + */ + public IRequest findRequest(RequestId id) + throws EBaseException; + + /** + * Begins processing for this request. This call + * is valid only on requests with status BEGIN + * An error is generated for other cases. + * + * @param req request to be processed + * @exception EBaseException failed to process request + */ + public void processRequest(IRequest req) + throws EBaseException; + + /** + * Sets request scheduler. + * + * @param scheduler request scheduler + */ + public void setRequestScheduler(IRequestScheduler scheduler); + + /** + * Gets request scheduler. + * + * @return request scheduler + */ + public IRequestScheduler getRequestScheduler(); + + /** + * Puts a new request into the PENDING state. This call is + * only valid for requests with status BEGIN. An error is + * generated for other cases. + * <p> + * This call might be used by agent servlets that want to + * copy a previous request, and resubmit it. By putting it + * into PENDING state, the normal agent screens can be used + * for further processing. + * + * @param req + * the request to mark PENDING + * @exception EBaseException failed to mark request as pending + */ + public void markRequestPending(IRequest req) + throws EBaseException; + + /** + * Clones a request object and mark it pending. A new request id is assigned + * and all attributes of the request is copied to cloned request, + * except for the sourceID of the original request + * (remote authority's request Id). + * <p> + * The cloned request that is returned is LOCKED. The caller MUST + * release the request object by calling releaseRequest(). + * + * @param r request to be cloned + * @return cloned request mark PENDING + * @exception EBaseException failed to clone or mark request + */ + public IRequest cloneAndMarkPending(IRequest r) + throws EBaseException; + + /** + * Approves a request. The request must be locked. + * <p> + * This call will fail if: + * the request is not in PENDING state + * the policy modules do not accept the request + * <p> + * If the policy modules reject the request, then the request + * will remain in the PENDING state. Messages from the policy + * module can be display to the agent to indicate the source + * of the problem. + * <p> + * The request processing code adds an AgentApproval to this + * request that contains the authentication id of the agent. This + * data is retrieved from the Session object (qv). + * + * @param request + * the request that is being approved + * @exception EBaseException failed to approve request + */ + public void approveRequest(IRequest request) + throws EBaseException; + + /** + * Rejects a request. The request must be locked. + * <p> + * This call will fail if: + * the request is not in PENDING state + * <p> + * The agent servlet (or other application) may wish to store + * AgentMessage values to indicate the reason for the action + * + * @param request + * the request that is being rejected + * @exception EBaseException failed to reject request + */ + public void rejectRequest(IRequest request) + throws EBaseException; + + /** + * Cancels a request. The request must be locked. + * <p> + * This call will fail if: + * the request is not in PENDING state + * <p> + * The agent servlet (or other application) may wish to store + * AgentMessage values to indicate the reason for the action + * + * @param request + * the request that is being canceled + * @exception EBaseException failed to cancel request + */ + public void cancelRequest(IRequest request) + throws EBaseException; + + /** + * Updates the request in the permanent data store. + * <p> + * This call can be made after changing a value like source + * id or owner, to force the new value to be written. + * <p> + * The request must be locked to make this call. + * + * @param request + * the request that is being updated + * @exception EBaseException failed to update request + */ + public void updateRequest(IRequest request) + throws EBaseException; + + /** + * Returns an enumerator that lists all RequestIds in the + * queue. The caller should use the RequestIds to locate + * each request by calling findRequest(). + * <p> + * NOTE: This interface will not be useful for large databases. + * This needs to be replace by a VLV (paged) search object. + * + * @return request list + */ + public IRequestList listRequests(); + + /** + * Returns an enumerator that lists all RequestIds for requests + * that are in the given status. For example, all the PENDING + * requests could be listed by specifying RequestStatus.PENDING + * as the <i>status</i> argument + * <p> + * NOTE: This interface will not be useful for large databases. + * This needs to be replace by a VLV (paged) search object. + * + * @param status request status + * @return request list + */ + public IRequestList listRequestsByStatus(RequestStatus status); + + /** + * Returns an enumerator that lists all RequestIds for requests + * that match the filter. + * <p> + * NOTE: This interface will not be useful for large databases. + * This needs to be replace by a VLV (paged) search object. + * + * @param filter search filter + * @return request list + */ + public IRequestList listRequestsByFilter(String filter); + + /** + * Returns an enumerator that lists all RequestIds for requests + * that match the filter. + * <p> + * NOTE: This interface will not be useful for large databases. + * This needs to be replace by a VLV (paged) search object. + * + * @param filter search filter + * @param maxSize max size to return + * @return request list + */ + public IRequestList listRequestsByFilter(String filter, int maxSize); + + /** + * Returns an enumerator that lists all RequestIds for requests + * that match the filter. + * <p> + * NOTE: This interface will not be useful for large databases. + * This needs to be replace by a VLV (paged) search object. + * + * @param filter search filter + * @param maxSize max size to return + * @param timeLimit timeout value for the search + * @return request list + */ + public IRequestList listRequestsByFilter(String filter, int maxSize, int timeLimit); + + /** + * Gets requests that are pending on handling by the service + * <p> + * @return list of pending requests + */ + // public IRequestList listServicePendingRequests(); + + /** + * Locates a request from the SourceId. + * + * @param id + * a unique identifier for the record that is based on the source + * of the request, and possibly an identify assigned by the source. + * @return + * The requestid corresponding to this source id. null is + * returned if the source id does not exist. + */ + public RequestId findRequestBySourceId(String id); + + /** + * Locates all requests with a particular SourceId. + * <p> + * @param id + * an identifier for the record that is based on the source + * of the request + * @return + * A list of requests corresponding to this source id. null is + * returned if the source id does not exist. + */ + public IRequestList findRequestsBySourceId(String id); + + /** + * Releases the LOCK on a request obtained from findRequest() or + * newRequest() + * <p> + * @param r request + */ + public void releaseRequest(IRequest r); + + /** + * Marks as serviced after destination authority has serviced request. + * Used by connector. + * + * @param r request + */ + public void markAsServiced(IRequest r); + + /** + * Resends requests + */ + public void recover(); + + /** + * Gets a pageable list of IRequest entries in this queue. + * + * @param pageSize page size + * @return request list + */ + public IRequestVirtualList getPagedRequests(int pageSize); + + /** + * Gets a pageable list of IRequest entries in this queue. + * + * @param filter search filter + * @param pageSize page size + * @param sortKey the attributes to sort by + * @return request list + */ + public IRequestVirtualList getPagedRequestsByFilter(String filter, + int pageSize, + String sortKey); + /** + * Gets a pageable list of IRequest entries in this queue. + * + * @param fromId request id to start with + * @param filter search filter + * @param pageSize page size + * @param sortKey the attributes to sort by + * @return request list + */ + public IRequestVirtualList getPagedRequestsByFilter(RequestId fromId, + String filter, + int pageSize, + String sortKey); + + /** + * Gets a pageable list of IRequest entries in this queue. This + * jumps right to the end of the list + * + * @param fromId request id to start with + * @param jumpToEnd jump to end of list (set fromId to null) + * @param filter search filter + * @param pageSize page size + * @param sortKey the attributes to sort by + * @return request list + */ + public IRequestVirtualList getPagedRequestsByFilter(RequestId fromId, + boolean jumpToEnd, String filter, + int pageSize, + String sortKey); + + + /** + * Retrieves the notifier for pending request. + * + * @return notifier for pending request + */ + public INotify getPendingNotify(); + + + public BigInteger getLastRequestIdInRange(BigInteger reqId_low_bound, BigInteger reqId_upper_bound); + + /** + * Resets serial number. + */ + public void resetSerialNumber(BigInteger serial) throws EBaseException; + + /** + * Removes all objects with this repository. + */ + public void removeAllObjects() throws EBaseException; + + /** + * Gets request repository. + * + * @return request repository + */ + public IRepository getRequestRepository(); + + public String getPublishingStatus(); + + public void setPublishingStatus(String status); +} diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequestRecord.java b/pki/base/common/src/com/netscape/certsrv/request/IRequestRecord.java new file mode 100644 index 000000000..a04c6b342 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/request/IRequestRecord.java @@ -0,0 +1,113 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + + +import java.util.Enumeration; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.dbs.IDBObj; +import com.netscape.certsrv.request.RequestId; + + +/** + * A request record is the stored version of a request. + * It has a set of attributes that are mapped into LDAP + * attributes for actual directory operations. + * <p> + * @version $Revision$ $Date$ + */ +public interface IRequestRecord + extends IDBObj { + // + // The names of the attributes stored in this record + // + + // RequestId - identifies the record + public final static String ATTR_REQUEST_ID = "requestId"; + + // RequestStatus - indicates the current state + public final static String ATTR_REQUEST_STATE = "requestState"; + + // CreateTime - indicates the current state + public final static String ATTR_CREATE_TIME = "requestCreateTime"; + + // ModifyTime - indicates the current state + public final static String ATTR_MODIFY_TIME = "requestModifyTime"; + + // SourceId - indicates the current state + public final static String ATTR_SOURCE_ID = "requestSourceId"; + + // SourceId - indicates the current state + public final static String ATTR_REQUEST_OWNER = "requestOwner"; + + public final static String ATTR_REQUEST_TYPE = "requestType"; + + // Placeholder for ExtAttr data. this attribute is not in LDAP, but + // is used to trigger the ExtAttrDynMapper during conversion between LDAP + // and the RequestRecord. + public final static String ATTR_EXT_DATA = "requestExtData"; + + /** + * Gets the request id. + * + * @return request id + */ + public RequestId getRequestId(); + + /** + * Gets attribute names of the request. + * + * @return list of attribute names + */ + public Enumeration getAttrNames(); + + /** + * Gets the request attribute value by the name. + * + * @param name attribute name + * @return attribute value + */ + public Object get(String name); + + /** + * Sets new attribute for the request. + * + * @param name attribute name + * @param o attribute value + */ + public void set(String name, Object o); + + /** + * Removes attribute from the request. + * + * @param name attribute name + */ + public void delete(String name) + throws EBaseException; + + /** + * Gets attribute list of the request. + * + * @return attribute list + */ + public Enumeration getElements(); + + // IDBObj.getSerializableAttrNames + //public Enumeration getSerializableAttrNames(); + +} diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequestScheduler.java b/pki/base/common/src/com/netscape/certsrv/request/IRequestScheduler.java new file mode 100644 index 000000000..ecb2e0fa3 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/request/IRequestScheduler.java @@ -0,0 +1,53 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + + +//import java.io.Serializable; + +import java.util.Date; +import java.util.Enumeration; + +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.IAttrSet; + + +/** + * This is an interface to a request scheduler that prioritizes + * the threads based on the request processing order. + * The request that enters the request queue first should + * be processed first. + * + * @version $Revision$ $Date$ + */ +public interface IRequestScheduler { + + /** + * Request entered the request queue processing. + * + * @param r request + */ + public void requestIn(IRequest r); + + /** + * Request exited the request queue processing. + * + * @param r request + */ + public void requestOut(IRequest r); +} diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequestSubsystem.java b/pki/base/common/src/com/netscape/certsrv/request/IRequestSubsystem.java new file mode 100644 index 000000000..c32c66985 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/request/IRequestSubsystem.java @@ -0,0 +1,105 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + + +import com.netscape.certsrv.base.EBaseException; + + +/** + * This interface defines storage of request objects + * in the local database. + * <p> + * @version $Revision$, $Date$ + */ +public interface IRequestSubsystem { + public static final String SUB_ID = "request"; + + /** + * Creates a new request queue. + * (Currently unimplemented. Just use getRequestQueue to create + * an in-memory queue.) + * <p> + * @param name The name of the queue object. This name can be used + * in getRequestQueue to retrieve the queue later. + * @exception EBaseException failed to create request queue + */ + public void createRequestQueue(String name) + throws EBaseException; + + /** + * Retrieves a request queue. This operation should only be done + * once on each queue. For example, the RA subsystem should retrieve + * its queue, and store it somewhere for use by related services, and + * servlets. + * <p> + * WARNING: retrieving the same queue twice with result in multi-thread + * race conditions. + * <p> + * @param name + * the name of the request queue. (Ex: "ca" "ra") + * @param p + * A policy enforcement module. This object is called to make + * adjustments to the request, and decide whether it needs agent + * approval. + * @param s + * The service object. This object actually performs the request + * after it is finalized and approved. + * @param n + * A notifier object (optional). The notify() method of this object + * is invoked when the request is completed (COMPLETE, REJECTED or + * CANCELED states). + * @exception EBaseException failed to retrieve request queue + */ + public IRequestQueue + getRequestQueue(String name, int increment, IPolicy p, IService s, INotify n) + throws EBaseException; + + /** + * Retrieves a request queue. This operation should only be done + * once on each queue. For example, the RA subsystem should retrieve + * its queue, and store it somewhere for use by related services, and + * servlets. + * <p> + * WARNING: retrieving the same queue twice with result in multi-thread + * race conditions. + * <p> + * @param name + * the name of the request queue. (Ex: "ca" "ra") + * @param p + * A policy enforcement module. This object is called to make + * adjustments to the request, and decide whether it needs agent + * approval. + * @param s + * The service object. This object actually performs the request + * after it is finalized and approved. + * @param n + * A notifier object (optional). The notify() method of this object + * is invoked when the request is completed (COMPLETE, REJECTED or + * CANCELED states). + * @param pendingNotifier + * A notifier object (optional). Like the 'n' argument, except the + * notification happens if the request is made PENDING. May be the + * same as the 'n' argument if desired. + * @exception EBaseException failed to retrieve request queue + */ + public IRequestQueue + getRequestQueue(String name, int increment, IPolicy p, IService s, INotify n, + INotify pendingNotifier) + throws EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequestVirtualList.java b/pki/base/common/src/com/netscape/certsrv/request/IRequestVirtualList.java new file mode 100644 index 000000000..4d877a775 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/request/IRequestVirtualList.java @@ -0,0 +1,50 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + + +/** + * This interface defines access to request virtual list. + * <p> + * @version $Revision$, $Date$ + */ +public interface IRequestVirtualList { + + /** + * Gets the total size of the result set. Elements of the + * list are numbered from 0..(size-1) + * + * @return size of the result set + */ + int getSize(); + + /** + * Gets the element at the specified index + * + * @param index index of the element + * @return specified request + */ + IRequest getElementAt(int index); + + /** + * Gets the current index + * + * @return current index + */ + int getCurrentIndex(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/request/IService.java b/pki/base/common/src/com/netscape/certsrv/request/IService.java new file mode 100644 index 000000000..aeaf757a6 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/request/IService.java @@ -0,0 +1,48 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + + +import com.netscape.certsrv.base.EBaseException; + + +/** + * This interface defines how requests are serviced. + * This covers certificate generation, revocation, renewals, + * revocation checking, and much more. + * <p> + * @version $Revision$, $Date$ + */ +public interface IService { + + /** + * Performs the service (such as certificate generation) + * represented by this request. + * <p> + * @param request + * The request that needs service. The service may use + * attributes stored in the request, and may update the + * values, or store new ones. + * @return + * an indication of whether this request is still pending. + * 'false' means the request will wait for further notification. + * @exception EBaseException indicates major processing failure. + */ + boolean serviceRequest(IRequest request) + throws EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/request/PolicyMessage.java b/pki/base/common/src/com/netscape/certsrv/request/PolicyMessage.java new file mode 100644 index 000000000..6c750903d --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/request/PolicyMessage.java @@ -0,0 +1,41 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + + +import com.netscape.certsrv.base.EBaseException; + + +/** + * A (localizable) message recorded by a policy module that describes + * the reason for rejecting a request. + * <p> + * @version $Revision$, $Date$ + */ +public class PolicyMessage + extends EBaseException { + + /** + * Class constructor that registers policy message. + * <p> + * @param message message string + */ + public PolicyMessage(String message) { + super(message); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/request/PolicyResult.java b/pki/base/common/src/com/netscape/certsrv/request/PolicyResult.java new file mode 100644 index 000000000..2750e3d82 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/request/PolicyResult.java @@ -0,0 +1,36 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + + +/** + * This class defines results for policy actions. + * + * @version $Revision$, $Date$ + */ +public final class PolicyResult { + public final static PolicyResult REJECTED = new PolicyResult(); + public final static PolicyResult DEFERRED = new PolicyResult(); + public final static PolicyResult ACCEPTED = new PolicyResult(); + + /** + * Class constructor. + */ + private PolicyResult() { + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/request/RequestId.java b/pki/base/common/src/com/netscape/certsrv/request/RequestId.java new file mode 100644 index 000000000..01bd65d3b --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/request/RequestId.java @@ -0,0 +1,72 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + + +/** + * The RequestId class represents the identifier for a particular + * request within a request queue. This identifier may be used to + * retrieve the request object itself from the request queue. + * <p> + * @version $Revision$ $Date$ + */ +public final class RequestId { + + /** + * Creates a new RequestId from its string representation. + * <p> + * @param id + * a string containing the decimal (base 10) value for the identifier. + */ + public RequestId(String id) { + mString = id; + } + + /** + * Converts the RequestId into its string representation. The string + * form can be stored in a database (such as the LDAP directory) + * <p> + * @return + * a string containing the decimal (base 10) value for the identifier. + */ + public String toString() { + return mString; + } + + /** + * Implements Object.hashCode. + * <p> + * @return hash code of the object + */ + public int hashCode() { + return mString.hashCode(); + } + + /** + * Implements Object.equals. + * <p> + * @param obj object to compare + * @return true if objects are equal + */ + public boolean equals(Object obj) { + return mString.equals(obj); + } + + // instance variables + private final String mString; +} diff --git a/pki/base/common/src/com/netscape/certsrv/request/RequestStatus.java b/pki/base/common/src/com/netscape/certsrv/request/RequestStatus.java new file mode 100644 index 000000000..ad3b91e78 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/request/RequestStatus.java @@ -0,0 +1,171 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request; + + +/** + * The RequestStatus class represents the current state of a request + * in a request queue. The state of the request changes as actions + * are performed on it. + * + * The request is created in the BEGIN state, then general progresses + * through the PENDING, APPROVED, SVC_PENDING, and COMPLETE states. + * Some requests may bypass the PENDING state if no agent action is + * required. + * + * Requests may be CANCELED (not implemented) or REJECTED. These are + * error conditions, and usually result because the request was invalid + * or was not approved by an agent. + * + * @version $Revision$ $Date$ + */ +public final class RequestStatus { + public static String BEGIN_STRING = "begin"; + public static String PENDING_STRING = "pending"; + public static String APPROVED_STRING = "approved"; + public static String SVC_PENDING_STRING = "svc_pending"; + public static String CANCELED_STRING = "canceled"; + public static String REJECTED_STRING = "rejected"; + public static String COMPLETE_STRING = "complete"; + + /** + * The initial state of a request. Requests in this state have not + * been review by policy. + * + * While in this state the source of the request (usually the servlet, + * but it could be some other protocol module, such as email) + * should populate the request with data need to service it. + */ + public static RequestStatus BEGIN = new RequestStatus(BEGIN_STRING); + + /** + * The state of a request that is waiting for action by an agent. + * When the agent approves or rejects the request, process will + * continue as appropriate. + * + * In this state there may be PolicyMessages present that indicate + * the reason for the pending status. + */ + public static RequestStatus PENDING = new RequestStatus(PENDING_STRING); + + /** + * The state of a request that has been approved by an agent, or + * automatically by the policy engine, but have not been successfully + * transmitted to the service module. + * + * These requests are resent to the service during the recovery + * process that runs at server startup. + */ + public static RequestStatus APPROVED = new RequestStatus(APPROVED_STRING); + + /** + * The state of a request that has been sent to the service, but + * has not been fully processed. The service will invoke the + * serviceComplete() method to cause processing to continue. + */ + public static RequestStatus SVC_PENDING = + new RequestStatus(SVC_PENDING_STRING); + + /** + * Not implemented. This is intended to be a final state that is + * reached when a request is removed from the processing queue without + * normal notification occurring. (see REJECTED) + */ + public static RequestStatus CANCELED = new RequestStatus(CANCELED_STRING); + + /** + * The state of a request after it is rejected. When a request is + * rejected, the notifier is called prior to making the finl status + * change. + * + * Rejected requests may have PolicyMessages indicating the reason for + * the rejection, or AgentMessages, which allow the agent to give + * reasons for the action. + */ + public static RequestStatus REJECTED = new RequestStatus(REJECTED_STRING); + + /** + * The normal final state of a request. The completion status attribute + * gives other information about the request. The request is not + * necessarily successful, but may indicated that service processing + * did not succeed. + */ + public static RequestStatus COMPLETE = new RequestStatus(COMPLETE_STRING); + + /** + * Converts a string name for a request status into the + * request status enum object. + * <p> + * @param s + * The string representation of the state. + * @return + * request status + */ + public static RequestStatus fromString(String s) { + if (s.equals(BEGIN_STRING)) return BEGIN; + if (s.equals(PENDING_STRING)) return PENDING; + if (s.equals(APPROVED_STRING)) return APPROVED; + if (s.equals(SVC_PENDING_STRING)) return SVC_PENDING; + if (s.equals(CANCELED_STRING)) return CANCELED; + if (s.equals(REJECTED_STRING)) return REJECTED; + if (s.equals(COMPLETE_STRING)) return COMPLETE; + + return null; + } + + /** + * Returns the string form of the RequestStatus, which may be used + * to record the status in a database. + * + * @return request status + */ + public String toString() { + return mString; + } + + /** + * Class constructor. Creates request status from the string. + * + * @param string string describing request status + */ + private RequestStatus(String string) { + mString = string; + } + + private String mString; + + /** + * Compares request status with specified string. + * + * @param string string describing request status + */ + public boolean equals(String string) { + if (string.equals(mString)) return true; + else return false; + } + + /** + * Compares current request status with request status. + * + * @param rs request status + */ + public boolean equals(RequestStatus rs) { + if (mString.equals(rs.mString)) return true; + else return false; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/request/ldap/IRequestMod.java b/pki/base/common/src/com/netscape/certsrv/request/ldap/IRequestMod.java new file mode 100644 index 000000000..17367befd --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/request/ldap/IRequestMod.java @@ -0,0 +1,56 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.request.ldap; + +import java.util.Date; + +import com.netscape.certsrv.request.RequestId; +import com.netscape.certsrv.request.RequestStatus; +import com.netscape.certsrv.request.IRequest; + +/** + * This interface defines how to update request record. + * <p> + * @version $Revision$, $Date$ + */ +public interface IRequestMod +{ + /** + * Modifies request status. + * + * @param r request + * @param s request status + */ + void modRequestStatus(IRequest r, RequestStatus s); + + /** + * Modifies request creation time. + * + * @param r request + * @param d date + */ + void modCreationTime(IRequest r, Date d); + + /** + * Modifies request modification time. + * + * @param r request + * @param d date + */ + void modModificationTime(IRequest r, Date d); +} diff --git a/pki/base/common/src/com/netscape/certsrv/security/Credential.java b/pki/base/common/src/com/netscape/certsrv/security/Credential.java new file mode 100644 index 000000000..3b50d3294 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/security/Credential.java @@ -0,0 +1,61 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.security; + + +/** + * A class represents a credential. A credential contains + * information that identifies a user. In this case, + * identifier and password are used. + * + * @version $Revision$, $Date$ + */ +public class Credential implements java.io.Serializable { + + private String mId = null; + private String mPassword = null; + + /** + * Constructs credential object. + * + * @param id user id + * @param password user password + */ + public Credential(String id, String password) { + mId = id; + mPassword = password; + } + + /** + * Retrieves identifier. + * + * @return user id + */ + public String getIdentifier() { + return mId; + } + + /** + * Retrieves password. + * + * @return user password + */ + public String getPassword() { + return mPassword; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java b/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java new file mode 100644 index 000000000..2e4c0a9ee --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java @@ -0,0 +1,462 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.security; + + +import org.mozilla.jss.crypto.*; +import org.mozilla.jss.*; +import org.mozilla.jss.CryptoManager.*; +import java.io.*; +import java.security.*; +import java.util.*; +import java.security.*; +import java.security.cert.*; +import netscape.security.x509.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.common.*; + + +/** + * This interface represents the cryptographics subsystem + * that provides all the security related functions. + * + * @version $Revision$, $Date$ + */ +public interface ICryptoSubsystem extends ISubsystem { + + public static final String ID = "jss"; + + /** + * Retrieves a list of nicknames of certificates that are + * in the installed tokens. + * + * @return a list of comma-separated nicknames + * @exception EBaseException failed to retrieve nicknames + */ + public String getAllCerts() throws EBaseException; + + /** + * Retrieves certificate in pretty-print format by the nickname. + * + * @param nickname nickname of certificate + * @param date not after of the returned certificate must be date + * @param locale user locale + * @return certificate in pretty-print format + * @exception EBaseException failed to retrieve certificate + */ + public String getCertPrettyPrint(String nickname, String date, + Locale locale) throws EBaseException; + public String getRootCertTrustBit(String nickname, String serialno, + String issuerName) throws EBaseException; + public String getCertPrettyPrint(String nickname, String serialno, + String issuername, Locale locale) throws EBaseException; + public String getCertPrettyPrintAndFingerPrint(String nickname, String serialno, + String issuername, Locale locale) throws EBaseException; + + /** + * Retrieves the certificate in the pretty print format. + * + * @param b64E certificate in mime-64 encoded format + * @param locale end user locale + * @return certificate in pretty-print format + * @exception EBaseException failed to retrieve certificate + */ + public String getCertPrettyPrint(String b64E, Locale locale) + throws EBaseException; + + /** + * Imports certificate into the server. + * + * @param b64E certificate in mime-64 encoded format + * @param nickname nickname for the importing certificate + * @param certType certificate type + * @exception EBaseException failed to import certificate + */ + public void importCert(String b64E, String nickname, String certType) + throws EBaseException; + + /** + * Imports certificate into the server. + * + * @param signedCert certificate + * @param nickname nickname for the importing certificate + * @param certType certificate type + * @exception EBaseException failed to import certificate + */ + public void importCert(X509CertImpl signedCert, String nickname, + String certType) throws EBaseException; + + /** + * Generates a key pair based on the given parameters. + * + * @param properties key parameters + * @return key pair + * @exception EBaseException failed to generate key pair + */ + public KeyPair getKeyPair(KeyCertData properties) throws EBaseException; + + /** + * Retrieves the key pair based on the given nickname. + * + * @param nickname nickname of the public key + * @exception EBaseException failed to retrieve key pair + */ + public KeyPair getKeyPair(String nickname) throws EBaseException; + + /** + * Generates a key pair based on the given parameters. + * + * @param tokenName name of token where key is generated + * @param alg key algorithm + * @param keySize key size + * @return key pair + * @exception EBaseException failed to generate key pair + */ + public KeyPair getKeyPair(String tokenName, String alg, + int keySize) throws EBaseException; + + /** + * Generates a key pair based on the given parameters. + * + * @param tokenName name of token where key is generated + * @param alg key algorithm + * @param keySize key size + * @param pqg pqg parameters if DSA key, otherwise null + * @return key pair + * @exception EBaseException failed to generate key pair + */ + public KeyPair getKeyPair(String tokenName, String alg, + int keySize, PQGParams pqg) throws EBaseException; + + /** + * Generates an ECC key pair based on the given parameters. + * + * @param properties key parameters + * @return key pair + * @exception EBaseException failed to generate key pair + */ + public KeyPair getECCKeyPair(KeyCertData properties) throws EBaseException; + + /** + * Generates an ECC key pair based on the given parameters. + * + * @param token token name + * @param curveName curve name + * @param certType type of cert(sslserver etc..) + * @return key pair + * @exception EBaseException failed to generate key pair + */ + public KeyPair getECCKeyPair(String token, String curveName, String certType) throws EBaseException; + + /** + * Retrieves the signature algorithm of the certificate named + * by the given nickname. + * + * @param nickname nickname of the certificate + * @return signature algorithm + * @exception EBaseException failed to retrieve signature + */ + public String getSignatureAlgorithm(String nickname) throws EBaseException; + + /** + * Checks if the given dn is a valid distinguished name. + * + * @param dn distinguished name + * @exception EBaseException failed to check + */ + public void isX500DN(String dn) throws EBaseException; + + /** + * Retrieves CA's signing algorithm id. If it is DSA algorithm, + * algorithm is constructed by reading the parameters + * ca.dsaP, ca.dsaQ, ca.dsaG. + * + * @param algname DSA or RSA + * @param store configuration store. + * @return algorithm id + * @exception EBaseException failed to retrieve algorithm id + */ + public AlgorithmId getAlgorithmId(String algname, IConfigStore store) throws EBaseException; + + /** + * Retrieves subject name of the certificate that is identified by + * the given nickname. + * + * @param tokenname name of token where the nickname is valid + * @param nickname nickname of the certificate + * @return subject name + * @exception EBaseException failed to get subject name + */ + public String getCertSubjectName(String tokenname, String nickname) + throws EBaseException; + + /** + * Retrieves extensions of the certificate that is identified by + * the given nickname. + * + * @param tokenname name of token where the nickname is valid + * @param nickname nickname of the certificate + * @return certificate extensions + * @exception EBaseException failed to get extensions + */ + public CertificateExtensions getExtensions(String tokenname, String nickname + ) + throws EBaseException; + + /** + * Deletes certificate of the given nickname. + * + * @param nickname nickname of the certificate + * @param pathname path where a copy of the deleted certificate is stored + * @exception EBaseException failed to delete certificate + */ + public void deleteTokenCertificate(String nickname, String pathname) + throws EBaseException; + + /** + * Delete certificate of the given nickname. + * + * @param nickname nickname of the certificate + * @param notAfterTime The notAfter of the certificate. It + * is possible to ge t multiple certificates under + * the same nickname. If one of the certificates match + * the notAfterTime, then the certificate will get + * deleted. The format of the notAfterTime has to be + * in "MMMMM dd, yyyy HH:mm:ss" format. + * @exception EBaseException failed to delete certificate + */ + public void deleteCert(String nickname, String notAfterTime) + throws EBaseException; + + /** + * Retrieves the subject DN of the certificate identified by + * the nickname. + * + * @param nickname nickname of the certificate + * @return subject distinguished name + * @exception EBaseException failed to retrieve subject DN + */ + public String getSubjectDN(String nickname) throws EBaseException; + + /** + * Trusts a certificate for all available purposes. + * + * @param nickname nickname of the certificate + * @param date certificate's not before + * @param trust "Trust" or other + * @exception EBaseException failed to trust certificate + */ + public void trustCert(String nickname, String date, String trust) + throws EBaseException; + + /** + * Checks if the given base-64 encoded string contains an extension + * or a sequence of extensions. + * + * @param ext extension or sequence of extension encoded in base-64 + * @exception EBaseException failed to check encoding + */ + public void checkCertificateExt(String ext) throws EBaseException; + + /** + * Gets all certificates on all tokens for Certificate Database Management. + * + * @return all certificates + * @exception EBaseException failed to retrieve certificates + */ + public NameValuePairs getAllCertsManage() throws EBaseException; + public NameValuePairs getUserCerts() throws EBaseException; + + /** + * Gets all CA certificates on all tokens. + * + * @return all CA certificates + * @exception EBaseException failed to retrieve certificates + */ + public NameValuePairs getCACerts() throws EBaseException; + + public NameValuePairs getRootCerts() throws EBaseException; + + public void setRootCertTrust(String nickname, String serialno, + String issuername, String trust) throws EBaseException; + + public void deleteRootCert(String nickname, String serialno, + String issuername) throws EBaseException; + + public void deleteUserCert(String nickname, String serialno, + String issuername) throws EBaseException; + + /** + * Retrieves PQG parameters based on key size. + * + * @param keysize key size + * @return pqg parameters + */ + public PQGParams getPQG(int keysize); + + /** + * Retrieves PQG parameters based on key size. + * + * @param keysize key size + * @param store configuration store + * @return pqg parameters + */ + public PQGParams getCAPQG(int keysize, IConfigStore store) + throws EBaseException; + + /** + * Retrieves extensions of the certificate that is identified by + * the given nickname. + * + * @param tokenname token name + * @param nickname nickname + * @return certificate extensions + */ + public CertificateExtensions getCertExtensions(String tokenname, String nickname + ) + throws NotInitializedException, TokenException, ObjectNotFoundException, + + IOException, CertificateException; + + /** + * Checks if the given token is logged in. + * + * @param name token name + * @return true if token is logged in + * @exception EBaseException failed to login + */ + public boolean isTokenLoggedIn(String name) throws EBaseException; + + /** + * Logs into token. + * + * @param tokenName name of the token + * @param pwd token password + * @exception EBaseException failed to login + */ + public void loggedInToken(String tokenName, String pwd) + throws EBaseException; + + /** + * Generates certificate request from the given key pair. + * + * @param subjectName subject name to use in the request + * @param kp key pair that contains public key material + * @return certificate request in base-64 encoded format + * @exception EBaseException failed to generate request + */ + public String getCertRequest(String subjectName, KeyPair kp) + throws EBaseException; + + /** + * Checks if fortezza is enabled. + * + * @return "true" if fortezza is enabled + */ + public String isCipherFortezza() throws EBaseException; + + /** + * Retrieves the SSL cipher version. + * + * @return cipher version (i.e. "cipherdomestic") + */ + public String getCipherVersion() throws EBaseException; + + /** + * Retrieves the cipher preferences. + * + * @return cipher preferences (i.e. "rc4export,rc2export,...") + */ + public String getCipherPreferences() throws EBaseException; + + /** + * Sets the current SSL cipher preferences. + * + * @param cipherPrefs cipher preferences (i.e. "rc4export,rc2export,...") + * @exception EBaseException failed to set cipher preferences + */ + public void setCipherPreferences(String cipherPrefs) + throws EBaseException; + + /** + * Retrieves a list of currently registered token names. + * + * @return list of token names + * @exception EBaseException failed to retrieve token list + */ + public String getTokenList() throws EBaseException; + + /** + * Retrieves all certificates. The result list will not + * contain the token tag. + * + * @param name token name + * @return list of certificates without token tag + * @exception EBaseException failed to retrieve + */ + public String getCertListWithoutTokenName(String name) throws EBaseException; + + /** + * Retrieves the token name of the internal (software) token. + * + * @return the token name + * @exception EBaseException failed to retrieve token name + */ + public String getInternalTokenName() throws EBaseException; + + /** + * Checks to see if the certificate of the given nickname is a + * CA certificate. + * + * @param fullNickname nickname of the certificate to check + * @return true if it is a CA certificate + * @exception EBaseException failed to check + */ + public boolean isCACert(String fullNickname) throws EBaseException; + + /** + * Adds the specified number of bits of entropy from the system + * entropy generator to the RNG of the default PKCS#11 RNG token. + * The default token is set using the modutil command. + * Note that the system entropy generator (usually /dev/random) + * will block until sufficient entropy is collected. + * + * @param bits number of bits of entropy + * @exception org.mozilla.jss.util.NotImplementedException If the Crypto device does not support + * adding entropy + * @exception TokenException If there was some other problem with the Crypto device + * @exception IOException If there was a problem reading from the /dev/random + */ + + public void addEntropy(int bits) + throws org.mozilla.jss.util.NotImplementedException, + IOException, + TokenException; + + /** + * Signs the certificate template into the given data and returns + * a signed certificate. + * + * @param data data that contains certificate template + * @param certType certificate type + * @param priKey CA signing key + * @return certificate + * @exception EBaseException failed to sign certificate template + */ + public X509CertImpl getSignedCert(KeyCertData data, String certType, java.security.PrivateKey priKey) throws EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java b/pki/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java new file mode 100644 index 000000000..af7030f06 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java @@ -0,0 +1,130 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.security; + + +import java.util.*; +import java.io.*; +import java.net.*; +import java.security.*; +import java.security.cert.X509Certificate; +import netscape.security.x509.*; +import netscape.security.util.*; +import com.netscape.certsrv.base.*; +import org.mozilla.jss.crypto.PrivateKey; + + +/** + * An interface represents a encryption unit. + * + * @version $Revision$, $Date$ + */ +public interface IEncryptionUnit extends IToken { + + /** + * Retrieves the public key in this unit. + * + * @return public key + */ + public PublicKey getPublicKey(); + + /** + * Wraps data. The given key will be wrapped by the + * private key in this unit. + * + * @param priKey private key to be wrapped + * @return wrapped data + * @exception EBaseException failed to wrap + */ + public byte[] wrap(PrivateKey priKey) throws EBaseException; + + /** + * Verifies the given key pair. + * + * @param publicKey public key + * @param privateKey private key + */ + public void verify(PublicKey publicKey, PrivateKey privateKey) throws + EBaseException; + + /** + * Unwraps data. This method rebuilds the private key by + * unwrapping the private key data. + * + * @param sessionKey session key that unwrap the private key + * @param symmAlgOID symmetric algorithm + * @param symmAlgParams symmetric algorithm parameters + * @param privateKey private key data + * @param pubKey public key + * @return private key object + * @exception EBaseException failed to unwrap + */ + public PrivateKey unwrap(byte sessionKey[], String symmAlgOID, + byte symmAlgParams[], byte privateKey[], + PublicKey pubKey) + throws EBaseException; + + /** + * Unwraps data. This method rebuilds the private key by + * unwrapping the private key data. + * + * @param privateKey private key data + * @param pubKey public key object + * @return private key object + * @exception EBaseException failed to unwrap + */ + public PrivateKey unwrap(byte privateKey[], PublicKey pubKey) + throws EBaseException; + + /** + * Encrypts the internal private key (private key to the KRA's + * internal storage). + * + * @param rawPrivate user's private key (key to be archived) + * @return encrypted data + * @exception EBaseException failed to encrypt + */ + public byte[] encryptInternalPrivate(byte rawPrivate[]) + throws EBaseException; + + /** + * Decrypts the internal private key (private key from the KRA's + * internal storage). + * + * @param wrappedPrivateData unwrapped private key data (key to be recovered) + * @return raw private key + * @exception EBaseException failed to decrypt + */ + public byte[] decryptInternalPrivate(byte wrappedPrivateData[]) + throws EBaseException; + + /** + * Decrypts the external private key (private key from the end-user). + * + * @param sessionKey session key that protects the user private + * @param symmAlgOID symmetric algorithm + * @param symmAlgParams symmetric algorithm parameters + * @param privateKey private key data + * @return private key data + * @exception EBaseException failed to decrypt + */ + public byte[] decryptExternalPrivate(byte sessionKey[], + String symmAlgOID, + byte symmAlgParams[], byte privateKey[]) + throws EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/security/ISigningUnit.java b/pki/base/common/src/com/netscape/certsrv/security/ISigningUnit.java new file mode 100644 index 000000000..ac46a271d --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/security/ISigningUnit.java @@ -0,0 +1,165 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.security; + + +import java.security.*; +import org.mozilla.jss.*; +import org.mozilla.jss.crypto.*; +import org.mozilla.jss.util.*; +import org.mozilla.jss.crypto.Signature; +import com.netscape.certsrv.base.*; +import netscape.security.x509.*; + +/** + * A class represents the signing unit which is + * capable of signing data. + * + * @version $Revision$, $Date$ + */ +public interface ISigningUnit { + + public static final String PROP_DEFAULT_SIGNALG = "defaultSigningAlgorithm"; + public static final String PROP_CERT_NICKNAME = "cacertnickname"; + // This signing unit is being used in OCSP and CRL also. So + // it is better to have a more generic name + public static final String PROP_RENAMED_CERT_NICKNAME = "certnickname"; + public static final String PROP_TOKEN_NAME = "tokenname"; + public static final String PROP_NEW_NICKNAME = "newNickname"; + + /** + * Retrieves the nickname of the signing certificate. + */ + public String getNickname(); + + /** + * Retrieves the new nickname in the renewal process. + * + * @return new nickname + * @exception EBaseException failed to get new nickname + */ + public String getNewNickName() throws EBaseException; + + /** + * Sets new nickname of the signing certificate. + * + * @param name nickname + */ + public void setNewNickName(String name); + + /** + * Retrieves the signing certificate. + * + * @return signing certificate + */ + public X509Certificate getCert(); + + /** + * Retrieves the signing certificate. + * + * @return signing certificate + */ + public X509CertImpl getCertImpl(); + + /** + * Signs the given data in specific algorithm. + * + * @param data data to be signed + * @param algname signing algorithm to be used + * @return signed data + * @exception EBaseException failed to sign + */ + public byte[] sign(byte[] data, String algname) + throws EBaseException; + + /** + * Verifies the signed data. + * + * @param data signed data + * @param signature signature + * @param algname signing algorithm + * @return true if verification is good + * @exception EBaseException failed to verify + */ + public boolean verify(byte[] data, byte[] signature, String algname) + throws EBaseException; + + /** + * Retrieves the default algorithm. + * + * @return default signing algorithm + */ + public SignatureAlgorithm getDefaultSignatureAlgorithm(); + + /** + * Retrieves the default algorithm name. + * + * @return default signing algorithm name + */ + public String getDefaultAlgorithm(); + + /** + * Set default signing algorithm. + * + * @param algorithm signing algorithm + * @exception EBaseException failed to set default signing algorithm + */ + public void setDefaultAlgorithm(String algorithm) throws EBaseException; + + /** + * Retrieves all supported signing algorithm of this unit. + * + * @return a list of signing algorithms + * @exception EBaseException failed to list + */ + public String[] getAllAlgorithms() throws EBaseException; + + /** + * Retrieves the token name of this unit. + * + * @return token name + * @exception EBaseException failed to retrieve name + */ + public String getTokenName() throws EBaseException; + + /** + * Updates new nickname and tokename in the configuration file. + * + * @param nickname new nickname + * @param tokenname new tokenname + */ + public void updateConfig(String nickname, String tokenname); + + /** + * Checks if the given algorithm name is supported. + * + * @param algname algorithm name + * @return signing algorithm + * @exception EBaseException failed to check signing algorithm + */ + public SignatureAlgorithm checkSigningAlgorithmFromName(String algname) + throws EBaseException; + + /** + * Retrieves the public key associated in this unit. + * + * @return public key + */ + public PublicKey getPublicKey(); +} + diff --git a/pki/base/common/src/com/netscape/certsrv/security/IStorageKeyUnit.java b/pki/base/common/src/com/netscape/certsrv/security/IStorageKeyUnit.java new file mode 100644 index 000000000..0b484bdc7 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/security/IStorageKeyUnit.java @@ -0,0 +1,106 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.security; + + +import java.util.*; +import java.io.*; +import java.net.*; +import java.security.*; +import java.security.cert.X509Certificate; +import netscape.security.x509.*; +import netscape.security.util.*; +import com.netscape.certsrv.base.*; +import org.mozilla.jss.crypto.*; +import org.mozilla.jss.crypto.PrivateKey; + + +/** + * An interface represents a storage key unit. This storage + * unit contains a storage key pair that is used for + * encrypting the user private key for long term storage. + * + * @version $Revision$, $Date$ + */ +public interface IStorageKeyUnit extends IEncryptionUnit { + + /** + * Retrieves total number of recovery agents. + * + * @return total number of recovery agents + */ + public int getNoOfAgents() throws EBaseException; + + /** + * Retrieves number of recovery agents required to + * perform recovery operation. + * + * @return required number of recovery agents for recovery operation + */ + public int getNoOfRequiredAgents() throws EBaseException; + + /** + * Sets the numer of required recovery agents + * + * @param number number of required agents + */ + public void setNoOfRequiredAgents(int number); + + /** + * Retrieves a list of agents in this unit. + * + * @return a list of string-based agent identifiers + */ + public Enumeration getAgentIdentifiers(); + + /** + * Changes agent password. + * + * @param id agent id + * @param oldpwd old password + * @param newpwd new password + * @return true if operation successful + * @exception EBaseException failed to change password + */ + public boolean changeAgentPassword(String id, String oldpwd, + String newpwd) throws EBaseException; + + /** + * Changes M-N recovery scheme. + * + * @param n total number of agents + * @param m required number of agents for recovery operation + * @param oldcreds all old credentials + * @param newcreds all new credentials + * @return true if operation successful + * @exception EBaseException failed to change schema + */ + public boolean changeAgentMN(int n, int m, Credential oldcreds[], + Credential newcreds[]) throws EBaseException; + + /** + * Logins to this unit. + * + * @param ac agent's credentials + * @exception EBaseException failed to login + */ + public void login(Credential ac[]) throws EBaseException; + + public CryptoToken getToken(); + +} diff --git a/pki/base/common/src/com/netscape/certsrv/security/IToken.java b/pki/base/common/src/com/netscape/certsrv/security/IToken.java new file mode 100644 index 000000000..4211806fc --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/security/IToken.java @@ -0,0 +1,50 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.security; + + +import java.util.*; +import java.io.*; +import java.net.*; +import java.security.*; +import java.security.cert.*; +import netscape.security.x509.*; +import netscape.security.util.*; +import com.netscape.certsrv.base.*; + + +/** + * An interface represents a generic token unit. + * + * @version $Revision$, $Date$ + */ +public interface IToken { + + /** + * Logins to the token unit. + * + * @param pin password to access the token + * @exception EBaseException failed to login to this token + */ + public void login(String pin) throws EBaseException; + + /** + * Logouts token. + */ + public void logout(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java b/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java new file mode 100644 index 000000000..1ad0e378c --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java @@ -0,0 +1,55 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.security; + + +import java.util.*; +import java.io.*; +import java.net.*; +import java.security.*; +import java.security.cert.X509Certificate; +import netscape.security.x509.*; +import netscape.security.util.*; +import com.netscape.certsrv.base.*; +import org.mozilla.jss.crypto.*; +import org.mozilla.jss.crypto.PrivateKey; + + +/** + * An interface represents the transport key pair. + * This key pair is used to protected EE's private + * key in transit. + * + * @version $Revision$, $Date$ + */ +public interface ITransportKeyUnit extends IEncryptionUnit { + + /** + * Retrieves public key. + * + * @return certificate + */ + public org.mozilla.jss.crypto.X509Certificate getCertificate(); + public SymmetricKey unwrap_sym(byte encSymmKey[]); + public SymmetricKey unwrap_encrypt_sym(byte encSymmKey[]); + public PrivateKey unwrap_temp(byte wrappedKeyData[], PublicKey + pubKey) throws EBaseException; + public CryptoToken getToken(); + public String getSigningAlgorithm() throws EBaseException; + public void setSigningAlgorithm(String str) throws EBaseException; +} diff --git a/pki/base/common/src/com/netscape/certsrv/security/KeyCertData.java b/pki/base/common/src/com/netscape/certsrv/security/KeyCertData.java new file mode 100644 index 000000000..87dd298f7 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/security/KeyCertData.java @@ -0,0 +1,813 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.security; + + +import java.util.*; +import java.security.*; +import java.math.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.common.*; +import org.mozilla.jss.crypto.*; +import netscape.security.x509.*; + +/** + * This class represents a container for storaging + * data in the security package. + * + * @version $Revision$, $Date$ + */ +public class KeyCertData extends Properties { + + /** + * Constructs a key certificate data. + */ + public KeyCertData() { + super(); + } + + /** + * Retrieves the key pair from this container. + * + * @return key pair + */ + public KeyPair getKeyPair() { + return (KeyPair) get("keypair"); + } + + /** + * Sets key pair into this container. + * + * @param keypair key pair + */ + public void setKeyPair(KeyPair keypair) { + put("keypair", keypair); + } + + /** + * Retrieves the issuer name from this container. + * + * @return issuer name + */ + public String getIssuerName() { + return (String) get(Constants.PR_ISSUER_NAME); + } + + /** + * Sets the issuer name in this container. + * + * @param name issuer name + */ + public void setIssuerName(String name) { + put(Constants.PR_ISSUER_NAME, name); + } + + /** + * Retrieves certificate server instance name. + * + * @return instance name + */ + public String getCertInstanceName() { + return (String) get(ConfigConstants.PR_CERT_INSTANCE_NAME); + } + + /** + * Sets certificate server instance name. + * + * @param name instance name + */ + public void setCertInstanceName(String name) { + put(ConfigConstants.PR_CERT_INSTANCE_NAME, name); + } + + /** + * Retrieves certificate nickname. + * + * @return certificate nickname + */ + public String getCertNickname() { + return (String) get(Constants.PR_NICKNAME); + } + + /** + * Sets certificate nickname. + * + * @param nickname certificate nickname + */ + public void setCertNickname(String nickname) { + put(Constants.PR_NICKNAME, nickname); + } + + /** + * Retrieves key length. + * + * @return key length + */ + public String getKeyLength() { + return (String) get(Constants.PR_KEY_LENGTH); + } + + /** + * Sets key length. + * + * @param len key length + */ + public void setKeyLength(String len) { + put(Constants.PR_KEY_LENGTH, len); + } + + /** + * Retrieves key type. + * + * @return key type + */ + public String getKeyType() { + return (String) get(Constants.PR_KEY_TYPE); + } + + /** + * Sets key type. + * + * @param type key type + */ + public void setKeyType(String type) { + put(Constants.PR_KEY_TYPE, type); + } + + /** + * Retrieves key curve name. + * + * @return key curve name + */ + public String getKeyCurveName() { + return (String) get(Constants.PR_KEY_CURVENAME); + } + + /** + * Sets key curvename. + * + * @param len key curvename + */ + public void setKeyCurveName(String len) { + put(Constants.PR_KEY_CURVENAME, len); + } + + /** + * Retrieves signature algorithm. + * + * @return signature algorithm + */ + public SignatureAlgorithm getSignatureAlgorithm() { + return (SignatureAlgorithm) get(Constants.PR_SIGNATURE_ALGORITHM); + } + + /** + * Sets signature algorithm + * + * @param alg signature algorithm + */ + public void setSignatureAlgorithm(SignatureAlgorithm alg) { + put(Constants.PR_SIGNATURE_ALGORITHM, alg); + } + + /** + * Retrieves algorithm used to sign the root CA Cert. + * + * @return signature algorithm + */ + public String getSignedBy() { + return (String) get(Constants.PR_SIGNEDBY_TYPE); + } + + /** + * Sets signature algorithm used to sign root CA cert + * + * @param alg signature algorithm + */ + public void setSignedBy(String alg) { + put(Constants.PR_SIGNEDBY_TYPE, alg); + } + + /** + * Retrieves signature algorithm. + * + * @return signature algorithm + */ + public AlgorithmId getAlgorithmId() { + return (AlgorithmId) get(Constants.PR_ALGORITHM_ID); + } + + /** + * Sets algorithm identifier + * + * @param id signature algorithm + */ + public void setAlgorithmId(AlgorithmId id) { + put(Constants.PR_ALGORITHM_ID, id); + } + + /** + * Retrieves serial number. + * + * @return serial number + */ + public BigInteger getSerialNumber() { + return (BigInteger) get("serialno"); + } + + /** + * Sets serial number. + * + * @param num serial number + */ + public void setSerialNumber(BigInteger num) { + put("serialno", num); + } + + /** + * Retrieves configuration file. + * + * @return configuration file + */ + public IConfigStore getConfigFile() { + return (IConfigStore)(get("cmsFile")); + } + + /** + * Sets configuration file. + * + * @param file configuration file + */ + public void setConfigFile(IConfigStore file) { + put("cmsFile", file); + } + + /** + * Retrieves begining year of validity. + * + * @return begining year + */ + public String getBeginYear() { + return (String) get(Constants.PR_BEGIN_YEAR); + } + + /** + * Sets begining year of validity. + * + * @param year begining year + */ + public void setBeginYear(String year) { + put(Constants.PR_BEGIN_YEAR, year); + } + + /** + * Retrieves ending year of validity. + * + * @return ending year + */ + public String getAfterYear() { + return (String) get(Constants.PR_AFTER_YEAR); + } + + /** + * Sets ending year of validity. + * + * @param year ending year + */ + public void setAfterYear(String year) { + put(Constants.PR_AFTER_YEAR, year); + } + + /** + * Retrieves begining month of validity. + * + * @return begining month + */ + public String getBeginMonth() { + return (String) get(Constants.PR_BEGIN_MONTH); + } + + /** + * Sets begining month of validity. + * + * @param month begining month + */ + public void setBeginMonth(String month) { + put(Constants.PR_BEGIN_MONTH, month); + } + + /** + * Retrieves ending month of validity. + * + * @return ending month + */ + public String getAfterMonth() { + return (String) get(Constants.PR_AFTER_MONTH); + } + + /** + * Sets ending month of validity. + * + * @param month ending month + */ + public void setAfterMonth(String month) { + put(Constants.PR_AFTER_MONTH, month); + } + + /** + * Retrieves begining date of validity. + * + * @return begining date + */ + public String getBeginDate() { + return (String) get(Constants.PR_BEGIN_DATE); + } + + /** + * Sets begining date of validity. + * + * @param date begining date + */ + public void setBeginDate(String date) { + put(Constants.PR_BEGIN_DATE, date); + } + + /** + * Retrieves ending date of validity. + * + * @return ending date + */ + public String getAfterDate() { + return (String) get(Constants.PR_AFTER_DATE); + } + + /** + * Sets ending date of validity. + * + * @param date ending date + */ + public void setAfterDate(String date) { + put(Constants.PR_AFTER_DATE, date); + } + + /** + * Retrieves starting hour of validity. + * + * @return starting hour + */ + public String getBeginHour() { + return (String) get(Constants.PR_BEGIN_HOUR); + } + + /** + * Sets starting hour of validity. + * + * @param hour starting hour + */ + public void setBeginHour(String hour) { + put(Constants.PR_BEGIN_HOUR, hour); + } + + /** + * Retrieves ending hour of validity. + * + * @return ending hour + */ + public String getAfterHour() { + return (String) get(Constants.PR_AFTER_HOUR); + } + + /** + * Sets ending hour of validity. + * + * @param hour ending hour + */ + public void setAfterHour(String hour) { + put(Constants.PR_AFTER_HOUR, hour); + } + + /** + * Retrieves starting minute of validity. + * + * @return starting minute + */ + public String getBeginMin() { + return (String) get(Constants.PR_BEGIN_MIN); + } + + /** + * Sets starting minute of validity. + * + * @param min starting minute + */ + public void setBeginMin(String min) { + put(Constants.PR_BEGIN_MIN, min); + } + + /** + * Retrieves ending minute of validity. + * + * @return ending minute + */ + public String getAfterMin() { + return (String) get(Constants.PR_AFTER_MIN); + } + + /** + * Sets ending minute of validity. + * + * @param min ending minute + */ + public void setAfterMin(String min) { + put(Constants.PR_AFTER_MIN, min); + } + + /** + * Retrieves starting second of validity. + * + * @return starting second + */ + public String getBeginSec() { + return (String) get(Constants.PR_BEGIN_SEC); + } + + /** + * Sets starting second of validity. + * + * @param sec starting second + */ + public void setBeginSec(String sec) { + put(Constants.PR_BEGIN_SEC, sec); + } + + /** + * Retrieves ending second of validity. + * + * @return ending second + */ + public String getAfterSec() { + return (String) get(Constants.PR_AFTER_SEC); + } + + /** + * Sets ending second of validity. + * + * @param sec ending second + */ + public void setAfterSec(String sec) { + put(Constants.PR_AFTER_SEC, sec); + } + + /** + * Retrieves CA key pair + * + * @return CA key pair + */ + public KeyPair getCAKeyPair() { + return (KeyPair) get(Constants.PR_CA_KEYPAIR); + } + + /** + * Sets CA key pair + * + * @param keypair key pair + */ + public void setCAKeyPair(KeyPair keypair) { + put(Constants.PR_CA_KEYPAIR, keypair); + } + + /** + * Retrieves extensions + * + * @return extensions + */ + public String getDerExtension() { + return (String) get(Constants.PR_DER_EXTENSION); + } + + /** + * Sets extensions + * + * @param ext extensions + */ + public void setDerExtension(String ext) { + put(Constants.PR_DER_EXTENSION, ext); + } + + /** + * Retrieves isCA + * + * @return "true" if it is CA + */ + public String isCA() { + return (String) get(Constants.PR_IS_CA); + } + + /** + * Sets isCA + * + * @param ext "true" if it is CA + */ + public void setCA(String ext) { + put(Constants.PR_IS_CA, ext); + } + + /** + * Retrieves key length + * + * @return certificate's key length + */ + public String getCertLen() { + return (String) get(Constants.PR_CERT_LEN); + } + + /** + * Sets key length + * + * @param len certificate's key length + */ + public void setCertLen(String len) { + put(Constants.PR_CERT_LEN, len); + } + + /** + * Retrieves SSL Client bit + * + * @return SSL Client bit + */ + public String getSSLClientBit() { + return (String) get(Constants.PR_SSL_CLIENT_BIT); + } + + /** + * Sets SSL Client bit + * + * @param sslClientBit SSL Client bit + */ + public void setSSLClientBit(String sslClientBit) { + put(Constants.PR_SSL_CLIENT_BIT, sslClientBit); + } + + /** + * Retrieves SSL Server bit + * + * @return SSL Server bit + */ + public String getSSLServerBit() { + return (String) get(Constants.PR_SSL_SERVER_BIT); + } + + /** + * Sets SSL Server bit + * + * @param sslServerBit SSL Server bit + */ + public void setSSLServerBit(String sslServerBit) { + put(Constants.PR_SSL_SERVER_BIT, sslServerBit); + } + + /** + * Retrieves SSL Mail bit + * + * @return SSL Mail bit + */ + public String getSSLMailBit() { + return (String) get(Constants.PR_SSL_MAIL_BIT); + } + + /** + * Sets SSL Mail bit + * + * @param sslMailBit SSL Mail bit + */ + public void setSSLMailBit(String sslMailBit) { + put(Constants.PR_SSL_MAIL_BIT, sslMailBit); + } + + /** + * Retrieves SSL CA bit + * + * @return SSL CA bit + */ + public String getSSLCABit() { + return (String) get(Constants.PR_SSL_CA_BIT); + } + + /** + * Sets SSL CA bit + * + * @param cabit SSL CA bit + */ + public void setSSLCABit(String cabit) { + put(Constants.PR_SSL_CA_BIT, cabit); + } + + /** + * Retrieves SSL Signing bit + * + * @return SSL Signing bit + */ + public String getObjectSigningBit() { + return (String) get(Constants.PR_OBJECT_SIGNING_BIT); + } + + /** + * Retrieves Time Stamping bit + * + * @return Time Stamping bit + */ + public String getTimeStampingBit() { + return (String) get(Constants.PR_TIMESTAMPING_BIT); + } + + /** + * Sets SSL Signing bit + * + * @param objectSigningBit SSL Signing bit + */ + public void setObjectSigningBit(String objectSigningBit) { + put(Constants.PR_OBJECT_SIGNING_BIT, objectSigningBit); + } + + /** + * Retrieves SSL Mail CA bit + * + * @return SSL Mail CA bit + */ + public String getMailCABit() { + return (String) get(Constants.PR_MAIL_CA_BIT); + } + + /** + * Sets SSL Mail CA bit + * + * @param mailCABit SSL Mail CA bit + */ + public void setMailCABit(String mailCABit) { + put(Constants.PR_MAIL_CA_BIT, mailCABit); + } + + /** + * Retrieves SSL Object Signing bit + * + * @return SSL Object Signing bit + */ + public String getObjectSigningCABit() { + return (String) get(Constants.PR_OBJECT_SIGNING_CA_BIT); + } + + /** + * Sets SSL Object Signing bit + * + * @param bit SSL Object Signing bit + */ + public void setObjectSigningCABit(String bit) { + put(Constants.PR_OBJECT_SIGNING_CA_BIT, bit); + } + + /** + * Retrieves OCSP Signing flag + * + * @return OCSP Signing flag + */ + public String getOCSPSigning() { + return (String) get(Constants.PR_OCSP_SIGNING); + } + + /** + * Sets OCSP Signing flag + * + * @param aki OCSP Signing flag + */ + public void setOCSPSigning(String aki) { + put(Constants.PR_OCSP_SIGNING, aki); + } + + /** + * Retrieves OCSP No Check flag + * + * @return OCSP No Check flag + */ + public String getOCSPNoCheck() { + return (String) get(Constants.PR_OCSP_NOCHECK); + } + + /** + * Sets OCSP No Check flag + * + * @param noCheck OCSP No Check flag + */ + public void setOCSPNoCheck(String noCheck) { + put(Constants.PR_OCSP_NOCHECK, noCheck); + } + + /** + * Retrieves Authority Information Access flag + * + * @return Authority Information Access flag + */ + public String getAIA() { + return (String) get(Constants.PR_AIA); + } + + /** + * Sets Authority Information Access flag + * + * @param aia Authority Information Access flag + */ + public void setAIA(String aia) { + put(Constants.PR_AIA, aia); + } + + /** + * Retrieves Authority Key Identifier flag + * + * @return Authority Key Identifier flag + */ + public String getAKI() { + return (String) get(Constants.PR_AKI); + } + + /** + * Sets Authority Key Identifier flag + * + * @param aki Authority Key Identifier flag + */ + public void setAKI(String aki) { + put(Constants.PR_AKI, aki); + } + + /** + * Retrieves Subject Key Identifier flag + * + * @return Subject Key Identifier flag + */ + public String getSKI() { + return (String) get(Constants.PR_SKI); + } + + /** + * Sets Subject Key Identifier flag + * + * @param ski Subject Key Identifier flag + */ + public void setSKI(String ski) { + put(Constants.PR_SKI, ski); + } + + /** + * Retrieves key usage extension + * + * @return true if key usage extension set + */ + public boolean getKeyUsageExtension() { + String str = (String) get(Constants.PR_KEY_USAGE); + + if (str == null || str.equals(ConfigConstants.FALSE)) + return false; + return true; + } + + /** + * Sets CA extensions + * + * @param ext CA extensions + */ + public void setCAExtensions(CertificateExtensions ext) { + put("CAEXTENSIONS", ext); + } + + /** + * Retrieves CA extensions + * + * @return CA extensions + */ + public CertificateExtensions getCAExtensions() { + return (CertificateExtensions) get("CAEXTENSIONS"); + } + + /** + * Retrieves hash type + * + * @return hash type + */ + public String getHashType() { + return (String) get(ConfigConstants.PR_HASH_TYPE); + } +} + diff --git a/pki/base/common/src/com/netscape/certsrv/selftests/EDuplicateSelfTestException.java b/pki/base/common/src/com/netscape/certsrv/selftests/EDuplicateSelfTestException.java new file mode 100644 index 000000000..697646493 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/selftests/EDuplicateSelfTestException.java @@ -0,0 +1,225 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +// package statement // +/////////////////////// + +package com.netscape.certsrv.selftests; + + +/////////////////////// +// import statements // +/////////////////////// + +import com.netscape.certsrv.base.*; + + +////////////////////// +// class definition // +////////////////////// + +/** + * This class implements a duplicate self test exception. + * EDuplicateSelfTestExceptions are derived from ESelfTestExceptions + * in order to allow users to easily do self tests without try-catch clauses. + * + * EDuplicateSelfTestExceptions should be caught by SelfTestSubsystem managers. + * <P> + * + * @version $Revision$, $Date$ + */ +public class EDuplicateSelfTestException + extends ESelfTestException { + //////////////////////// + // default parameters // + //////////////////////// + + + + /////////////////////// + // helper parameters // + /////////////////////// + + private String mInstanceName = null; + private String mInstanceStore = null; + private String mInstanceParameter = null; + private String mInstanceValue = null; + + //////////////////////////////////////////// + // EDuplicateSelfTestException parameters // + //////////////////////////////////////////// + + + + /////////////////////////////////////////////// + // ESelfTestException parameters (inherited) // + /////////////////////////////////////////////// + + + + ///////////////////// + // default methods // + ///////////////////// + + /** + * Constructs a "duplicate" self test exception. + * <P> + * + * @param instanceName duplicate "instanceName" exception details + */ + public EDuplicateSelfTestException(String instanceName) { + super("The self test plugin property named " + + instanceName + + " already exists."); + + // strip preceding/trailing whitespace + // from passed-in String parameters + if (instanceName != null) { + instanceName = instanceName.trim(); + } + + // store passed-in parameters for use by helper methods + mInstanceName = instanceName; + } + + /** + * Constructs a "duplicate" self test exception where the value is always + * a duplicate from a name/value pair + * <P> + * + * @param instanceName duplicate "instanceName" exception details + * @param instanceValue duplicate "instanceValue" exception details + */ + public EDuplicateSelfTestException(String instanceName, + String instanceValue) { + super("The self test plugin property named " + + instanceName + + " contains a value of " + + instanceValue + + " which already exists."); + + // strip preceding/trailing whitespace + // from passed-in String parameters + if (instanceName != null) { + instanceName = instanceName.trim(); + } + if (instanceValue != null) { + instanceValue = instanceValue.trim(); + } + + // store passed-in parameters for use by helper methods + mInstanceName = instanceName; + mInstanceValue = instanceValue; + } + + /** + * Constructs a "duplicate" self test exception where the parameter is a + * duplicate from a substore.parameter/value pair; (the value passed in may + * be null). + * <P> + * + * @param instanceStore duplicate "instanceStore" exception details + * @param instanceParameter duplicate "instanceParameter" exception details + * @param instanceValue duplicate "instanceValue" exception details + * (may be null) + */ + public EDuplicateSelfTestException(String instanceStore, + String instanceParameter, + String instanceValue) { + super("The self test plugin property named " + + instanceStore + "." + instanceParameter + + " is a duplicate."); + + // strip preceding/trailing whitespace + // from passed-in String parameters + if (instanceStore != null) { + instanceStore = instanceStore.trim(); + } + if (instanceParameter != null) { + instanceParameter = instanceParameter.trim(); + } + if (instanceValue != null) { + instanceValue = instanceValue.trim(); + } + + // store passed-in parameters for use by helper methods + mInstanceStore = instanceStore; + mInstanceParameter = instanceParameter; + mInstanceValue = instanceValue; + } + + //////////////////// + // helper methods // + //////////////////// + + /** + * Returns the instance name associated with this self test. + * <P> + * + * @return name portion of the name/value pair + */ + public String getInstanceName() { + return mInstanceName; + } + + /** + * Returns the store associated with this self test. + * <P> + * + * @return substore portion of the substore.parameter/value pair + */ + public String getInstanceStore() { + return mInstanceStore; + } + + /** + * Returns the parameter associated with this self test. + * <P> + * + * @return parameter portion of the substore.parameter/value pair + */ + public String getInstanceParameter() { + return mInstanceParameter; + } + + /** + * Returns the value associated with this self test. + * <P> + * + * @return value portion of the name/value pair + */ + public String getInstanceValue() { + return mInstanceValue; + } + + ///////////////////////////////////////// + // EDuplicateSelfTestException methods // + ///////////////////////////////////////// + + + + //////////////////////////////////////////// + // ESelfTestException methods (inherited) // + //////////////////////////////////////////// + + /* Note that all of the following ESelfTestException methods + * are inherited from the ESelfTestException class: + * + * public ESelfTestException( String msg ); + */ +} + diff --git a/pki/base/common/src/com/netscape/certsrv/selftests/EInvalidSelfTestException.java b/pki/base/common/src/com/netscape/certsrv/selftests/EInvalidSelfTestException.java new file mode 100644 index 000000000..b38b574cf --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/selftests/EInvalidSelfTestException.java @@ -0,0 +1,225 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +// package statement // +/////////////////////// + +package com.netscape.certsrv.selftests; + + +/////////////////////// +// import statements // +/////////////////////// + +import com.netscape.certsrv.base.*; + + +////////////////////// +// class definition // +////////////////////// + +/** + * This class implements an invalid self test exception. + * EInvalidSelfTestExceptions are derived from ESelfTestExceptions + * in order to allow users to easily do self tests without try-catch clauses. + * + * EInvalidSelfTestExceptions should be caught by SelfTestSubsystem managers. + * <P> + * + * @version $Revision$, $Date$ + */ +public class EInvalidSelfTestException + extends ESelfTestException { + //////////////////////// + // default parameters // + //////////////////////// + + + + /////////////////////// + // helper parameters // + /////////////////////// + + private String mInstanceName = null; + private String mInstanceStore = null; + private String mInstanceParameter = null; + private String mInstanceValue = null; + + ////////////////////////////////////////// + // EInvalidSelfTestException parameters // + ////////////////////////////////////////// + + + + /////////////////////////////////////////////// + // ESelfTestException parameters (inherited) // + /////////////////////////////////////////////// + + + + ///////////////////// + // default methods // + ///////////////////// + + /** + * Constructs an "invalid" self test exception. + * <P> + * + * @param instanceName invalid "instanceName" exception details + */ + public EInvalidSelfTestException(String instanceName) { + super("The self test plugin named " + + instanceName + + " is invalid."); + + // strip preceding/trailing whitespace + // from passed-in String parameters + if (instanceName != null) { + instanceName = instanceName.trim(); + } + + // store passed-in parameters for use by helper methods + mInstanceName = instanceName; + } + + /** + * Constructs a "invalid" self test exception where the value is always + * invalid from a name/value pair + * <P> + * + * @param instanceName invalid "instanceName" exception details + * @param instanceValue invalid "instanceValue" exception details + */ + public EInvalidSelfTestException(String instanceName, + String instanceValue) { + super("The self test plugin named " + + instanceName + + " contains a value " + + instanceValue + + " which is invalid."); + + // strip preceding/trailing whitespace + // from passed-in String parameters + if (instanceName != null) { + instanceName = instanceName.trim(); + } + if (instanceValue != null) { + instanceValue = instanceValue.trim(); + } + + // store passed-in parameters for use by helper methods + mInstanceName = instanceName; + mInstanceValue = instanceValue; + } + + /** + * Constructs an "invalid" self test exception where the parameter is always + * invalid from a substore.parameter/value pair; (the value passed in may + * be null). + * <P> + * + * @param instanceStore invalid "instanceStore" exception details + * @param instanceParameter invalid "instanceParameter" exception details + * @param instanceValue invalid "instanceValue" exception details + * (may be null) + */ + public EInvalidSelfTestException(String instanceStore, + String instanceParameter, + String instanceValue) { + super("The self test plugin parameter named " + + instanceStore + "." + instanceParameter + + " is invalid."); + + // strip preceding/trailing whitespace + // from passed-in String parameters + if (instanceStore != null) { + instanceStore = instanceStore.trim(); + } + if (instanceParameter != null) { + instanceParameter = instanceParameter.trim(); + } + if (instanceValue != null) { + instanceValue = instanceValue.trim(); + } + + // store passed-in parameters for use by helper methods + mInstanceStore = instanceStore; + mInstanceParameter = instanceParameter; + mInstanceValue = instanceValue; + } + + //////////////////// + // helper methods // + //////////////////// + + /** + * Returns the instance name associated with this self test. + * <P> + * + * @return name portion of the name/value pair + */ + public String getInstanceName() { + return mInstanceName; + } + + /** + * Returns the store associated with this self test. + * <P> + * + * @return substore portion of the substore.parameter/value pair + */ + public String getInstanceStore() { + return mInstanceStore; + } + + /** + * Returns the parameter associated with this self test. + * <P> + * + * @return parameter portion of the substore.parameter/value pair + */ + public String getInstanceParameter() { + return mInstanceParameter; + } + + /** + * Returns the value associated with this self test. + * <P> + * + * @return value portion of the name/value pair + */ + public String getInstanceValue() { + return mInstanceValue; + } + + /////////////////////////////////////// + // EInvalidSelfTestException methods // + /////////////////////////////////////// + + + + //////////////////////////////////////////// + // ESelfTestException methods (inherited) // + //////////////////////////////////////////// + + /* Note that all of the following ESelfTestException methods + * are inherited from the ESelfTestException class: + * + * public ESelfTestException( String msg ); + */ +} + diff --git a/pki/base/common/src/com/netscape/certsrv/selftests/EMissingSelfTestException.java b/pki/base/common/src/com/netscape/certsrv/selftests/EMissingSelfTestException.java new file mode 100644 index 000000000..8c2353287 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/selftests/EMissingSelfTestException.java @@ -0,0 +1,234 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +// package statement // +/////////////////////// + +package com.netscape.certsrv.selftests; + + +/////////////////////// +// import statements // +/////////////////////// + +import com.netscape.certsrv.base.*; + + +////////////////////// +// class definition // +////////////////////// + +/** + * This class implements a missing self test exception. + * EMissingSelfTestExceptions are derived from ESelfTestExceptions + * in order to allow users to easily do self tests without try-catch clauses. + * + * EMissingSelfTestExceptions should be caught by SelfTestSubsystem managers. + * <P> + * + * @version $Revision$, $Date$ + */ +public class EMissingSelfTestException + extends ESelfTestException { + //////////////////////// + // default parameters // + //////////////////////// + + + + /////////////////////// + // helper parameters // + /////////////////////// + + private String mInstanceName = null; + private String mInstanceStore = null; + private String mInstanceParameter = null; + private String mInstanceValue = null; + + ////////////////////////////////////////// + // EMissingSelfTestException parameters // + ////////////////////////////////////////// + + + + /////////////////////////////////////////////// + // ESelfTestException parameters (inherited) // + /////////////////////////////////////////////// + + + + ///////////////////// + // default methods // + ///////////////////// + + /** + * Constructs a "missing" self test exception where the name is null + * <P> + * + */ + public EMissingSelfTestException() { + super("The self test plugin property name is null."); + } + + /** + * Constructs a "missing" self test exception where the name is always + * missing from a name/value pair. + * <P> + * + * @param instanceName missing "instanceName" exception details + */ + public EMissingSelfTestException(String instanceName) { + super("The self test plugin property named " + + instanceName + + " does not exist."); + + // strip preceding/trailing whitespace + // from passed-in String parameters + if (instanceName != null) { + instanceName = instanceName.trim(); + } + + // store passed-in parameters for use by helper methods + mInstanceName = instanceName; + } + + /** + * Constructs a "missing" self test exception where the value is always + * missing from a name/value pair; (the value passed in is always null). + * <P> + * + * @param instanceName missing "instanceName" exception details + * @param instanceValue missing "instanceValue" exception details + * (always null) + */ + public EMissingSelfTestException(String instanceName, + String instanceValue) { + super("The self test plugin property named " + + instanceName + + " contains no values."); + + // strip preceding/trailing whitespace + // from passed-in String parameters + if (instanceName != null) { + instanceName = instanceName.trim(); + } + if (instanceValue != null) { + instanceValue = instanceValue.trim(); + } + + // store passed-in parameters for use by helper methods + mInstanceName = instanceName; + mInstanceValue = instanceValue; + } + + /** + * Constructs a "missing" self test exception where the parameter is always + * missing from a substore.parameter/value pair; (the value passed in may + * be null). + * <P> + * + * @param instanceStore missing "instanceStore" exception details + * @param instanceParameter missing "instanceParameter" exception details + * @param instanceValue missing "instanceValue" exception details + * (may be null) + */ + public EMissingSelfTestException(String instanceStore, + String instanceParameter, + String instanceValue) { + super("The self test plugin property named " + + instanceStore + "." + instanceParameter + + " is missing."); + + // strip preceding/trailing whitespace + // from passed-in String parameters + if (instanceStore != null) { + instanceStore = instanceStore.trim(); + } + if (instanceParameter != null) { + instanceParameter = instanceParameter.trim(); + } + if (instanceValue != null) { + instanceValue = instanceValue.trim(); + } + + // store passed-in parameters for use by helper methods + mInstanceStore = instanceStore; + mInstanceParameter = instanceParameter; + mInstanceValue = instanceValue; + } + + //////////////////// + // helper methods // + //////////////////// + + /** + * Returns the instance name associated with this self test. + * <P> + * + * @return name portion of the name/value pair + */ + public String getInstanceName() { + return mInstanceName; + } + + /** + * Returns the store associated with this self test. + * <P> + * + * @return substore portion of the substore.parameter/value pair + */ + public String getInstanceStore() { + return mInstanceStore; + } + + /** + * Returns the parameter associated with this self test. + * <P> + * + * @return parameter portion of the substore.parameter/value pair + */ + public String getInstanceParameter() { + return mInstanceParameter; + } + + /** + * Returns the value associated with this self test. + * <P> + * + * @return value portion of the name/value pair + */ + public String getInstanceValue() { + return mInstanceValue; + } + + /////////////////////////////////////// + // EMissingSelfTestException methods // + /////////////////////////////////////// + + + + //////////////////////////////////////////// + // ESelfTestException methods (inherited) // + //////////////////////////////////////////// + + /* Note that all of the following ESelfTestException methods + * are inherited from the ESelfTestException class: + * + * public ESelfTestException( String msg ); + */ +} + diff --git a/pki/base/common/src/com/netscape/certsrv/selftests/ESelfTestException.java b/pki/base/common/src/com/netscape/certsrv/selftests/ESelfTestException.java new file mode 100644 index 000000000..2124e5d4a --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/selftests/ESelfTestException.java @@ -0,0 +1,123 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +// package statement // +/////////////////////// + +package com.netscape.certsrv.selftests; + + +/////////////////////// +// import statements // +/////////////////////// + +import com.netscape.certsrv.base.*; + + +////////////////////// +// class definition // +////////////////////// + +/** + * This class implements a self test exception. ESelfTestExceptions + * are derived from EBaseExceptions in order to allow users + * to easily do self tests without try-catch clauses. + * + * ESelfTestExceptions should be caught by SelfTestSubsystem managers. + * <P> + * + * @version $Revision$, $Date$ + */ +public class ESelfTestException + extends EBaseException { + //////////////////////// + // default parameters // + //////////////////////// + + + + /////////////////////////////////// + // ESelfTestException parameters // + /////////////////////////////////// + + private static final String SELFTEST_RESOURCES = SelfTestResources.class.getName(); + + + /////////////////////////////////////////// + // EBaseException parameters (inherited) // + /////////////////////////////////////////// + + /* Note that all of the following EBaseException parameters + * are inherited from the EBaseException class: + * + * public Object mParams[]; + */ + + + + ///////////////////// + // default methods // + ///////////////////// + + /** + * Constructs a self test exception. + * <P> + * + * @param msg exception details + */ + public ESelfTestException(String msg) { + super(msg); + } + + + //////////////////////////////// + // ESelfTestException methods // + //////////////////////////////// + + /** + * Returns the bundle file name. + * <P> + * @return name of bundle class associated with this exception. + */ + protected String getBundleName() { + return SELFTEST_RESOURCES; + } + + + //////////////////////////////////////// + // EBaseException methods (inherited) // + //////////////////////////////////////// + + /* Note that all of the following EBaseException methods + * are inherited from the EBaseException class: + * + * public EBaseException( String msgFormat ); + * + * public EBaseException( String msgFormat, String param ); + * + * public EBaseException( String msgFormat, Exception param ); + * + * public EBaseException( String msgFormat, Object params[] ); + * + * public Object[] getParameters(); + * + * public String toString(); + * + * public String toString( Locale locale ); + */ +} + diff --git a/pki/base/common/src/com/netscape/certsrv/selftests/ISelfTest.java b/pki/base/common/src/com/netscape/certsrv/selftests/ISelfTest.java new file mode 100644 index 000000000..783f8955d --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/selftests/ISelfTest.java @@ -0,0 +1,140 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +// package statement // +/////////////////////// + +package com.netscape.certsrv.selftests; + + +/////////////////////// +// import statements // +/////////////////////// + +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.logging.*; +import com.netscape.certsrv.selftests.*; + + +////////////////////// +// class definition // +////////////////////// + +/** + * This class defines the interface of an individual self test. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface ISelfTest { + //////////////////////// + // default parameters // + //////////////////////// + + + + ////////////////////////// + // ISelfTest parameters // + ////////////////////////// + + public static final String PROP_PLUGIN = "plugin"; + + ///////////////////// + // default methods // + ///////////////////// + + + + /////////////////////// + // ISelfTest methods // + /////////////////////// + + /** + * Initializes this subsystem with the configuration store + * associated with this instance name. + * <P> + * + * @param subsystem the associated subsystem + * @param instanceName the name of this self test instance + * @param parameters configuration store (self test parameters) + * @exception EDuplicateSelfTestException subsystem has duplicate name/value + * @exception EInvalidSelfTestException subsystem has invalid name/value + * @exception EMissingSelfTestException subsystem has missing name/value + */ + public void initSelfTest(ISelfTestSubsystem subsystem, + String instanceName, + IConfigStore parameters) + throws EDuplicateSelfTestException, + EInvalidSelfTestException, + EMissingSelfTestException; + + /** + * Notifies this subsystem if it is in execution mode. + * <P> + * + * @exception ESelfTestException failed to start + */ + public void startupSelfTest() + throws ESelfTestException; + + /** + * Stops this subsystem. The subsystem may call shutdownSelfTest + * anytime after initialization. + * <P> + */ + public void shutdownSelfTest(); + + /** + * Returns the name associated with this self test. This method may + * return null if the self test has not been intialized. + * <P> + * + * @return instanceName of this self test + */ + public String getSelfTestName(); + + /** + * Returns the root configuration storage (self test parameters) + * associated with this subsystem. + * <P> + * + * @return configuration store (self test parameters) of this subsystem + */ + public IConfigStore getSelfTestConfigStore(); + + /** + * Retrieves description associated with an individual self test. + * This method may return null. + * <P> + * + * @param locale locale of the client that requests the description + * @return description of self test + */ + public String getSelfTestDescription(Locale locale); + + /** + * Execute an individual self test. + * <P> + * + * @param logger specifies logging subsystem + * @exception ESelfTestException self test exception + */ + public void runSelfTest(ILogEventListener logger) + throws ESelfTestException; +} + diff --git a/pki/base/common/src/com/netscape/certsrv/selftests/ISelfTestSubsystem.java b/pki/base/common/src/com/netscape/certsrv/selftests/ISelfTestSubsystem.java new file mode 100644 index 000000000..a44626b64 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/selftests/ISelfTestSubsystem.java @@ -0,0 +1,358 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +// package statement // +/////////////////////// + +package com.netscape.certsrv.selftests; + + +/////////////////////// +// import statements // +/////////////////////// + +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.logging.*; +import com.netscape.certsrv.selftests.*; + + +////////////////////// +// class definition // +////////////////////// + +/** + * This class defines the interface of a container for self tests. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface ISelfTestSubsystem + extends ISubsystem { + //////////////////////// + // default parameters // + //////////////////////// + + + + ////////////////////////////////// + // ISelfTestSubsystem constants // + ////////////////////////////////// + + public static final String ID = "selftests"; + public static final String PROP_CONTAINER = "container"; + public static final String PROP_INSTANCE = "instance"; + public static final String PROP_LOGGER = "logger"; + public static final String PROP_LOGGER_CLASS = "class"; + public static final String PROP_ORDER = "order"; + public static final String PROP_ON_DEMAND = "onDemand"; + public static final String PROP_STARTUP = "startup"; + + /////////////////////////////////////// + // ISubsystem parameters (inherited) // + /////////////////////////////////////// + + + + ///////////////////// + // default methods // + ///////////////////// + + + + //////////////////////////////// + // ISelfTestSubsystem methods // + //////////////////////////////// + + // + // methods associated with the list of on demand self tests + // + + /** + * List the instance names of all the self tests enabled to run on demand + * (in execution order); may return null. + * <P> + * + * @return list of self test instance names run on demand + */ + public String[] listSelfTestsEnabledOnDemand(); + + /** + * Enable the specified self test to be executed on demand. + * <P> + * + * @param instanceName instance name of self test + * @param isCritical isCritical is either a critical failure (true) or + * a non-critical failure (false) + * @exception EInvalidSelfTestException subsystem has invalid name/value + * @exception EMissingSelfTestException subsystem has missing name/value + */ + // public void enableSelfTestOnDemand( String instanceName, + // boolean isCritical ) + // throws EInvalidSelfTestException, EMissingSelfTestException; + + + /** + * Disable the specified self test from being able to be executed on demand. + * <P> + * + * @param instanceName instance name of self test + * @exception EMissingSelfTestException subsystem has missing name + */ + // public void disableSelfTestOnDemand( String instanceName ) + // throws EMissingSelfTestException; + + + /** + * Determine if the specified self test is enabled to be executed on demand. + * <P> + * + * @param instanceName instance name of self test + * @return true if the specified self test is enabled on demand + * @exception EMissingSelfTestException subsystem has missing name + */ + public boolean isSelfTestEnabledOnDemand(String instanceName) + throws EMissingSelfTestException; + + /** + * Determine if failure of the specified self test is fatal when + * it is executed on demand. + * <P> + * + * @param instanceName instance name of self test + * @return true if failure of the specified self test is fatal when + * it is executed on demand + * @exception EMissingSelfTestException subsystem has missing name + */ + public boolean isSelfTestCriticalOnDemand(String instanceName) + throws EMissingSelfTestException; + + /** + * Execute all self tests specified to be run on demand. + * <P> + * + * @exception EMissingSelfTestException subsystem has missing name + * @exception ESelfTestException self test exception + */ + public void runSelfTestsOnDemand() + throws EMissingSelfTestException, ESelfTestException; + + // + // methods associated with the list of startup self tests + // + + /** + * List the instance names of all the self tests enabled to run + * at server startup (in execution order); may return null. + * <P> + * + * @return list of self test instance names run at server startup + */ + public String[] listSelfTestsEnabledAtStartup(); + + /** + * Enable the specified self test at server startup. + * <P> + * + * @param instanceName instance name of self test + * @param isCritical isCritical is either a critical failure (true) or + * a non-critical failure (false) + * @exception EInvalidSelfTestException subsystem has invalid name/value + * @exception EMissingSelfTestException subsystem has missing name/value + */ + // public void enableSelfTestAtStartup( String instanceName, + // boolean isCritical ) + // throws EInvalidSelfTestException, EMissingSelfTestException; + + + /** + * Disable the specified self test at server startup. + * <P> + * + * @param instanceName instance name of self test + * @exception EMissingSelfTestException subsystem has missing name + */ + // public void disableSelfTestAtStartup( String instanceName ) + // throws EMissingSelfTestException; + + + /** + * Determine if the specified self test is executed automatically + * at server startup. + * <P> + * + * @param instanceName instance name of self test + * @return true if the specified self test is executed at server startup + * @exception EMissingSelfTestException subsystem has missing name + */ + public boolean isSelfTestEnabledAtStartup(String instanceName) + throws EMissingSelfTestException; + + /** + * Determine if failure of the specified self test is fatal to + * server startup. + * <P> + * + * @param instanceName instance name of self test + * @return true if failure of the specified self test is fatal to + * server startup + * @exception EMissingSelfTestException subsystem has missing name + */ + public boolean isSelfTestCriticalAtStartup(String instanceName) + throws EMissingSelfTestException; + + /** + * Execute all self tests specified to be run at server startup. + * <P> + * + * @exception EMissingSelfTestException subsystem has missing name + * @exception ESelfTestException self test exception + */ + public void runSelfTestsAtStartup() + throws EMissingSelfTestException, ESelfTestException; + + // + // methods associated with the list of self test instances + // + + /** + * Retrieve an individual self test from the instances list + * given its instance name. + * <P> + * + * @param instanceName instance name of self test + * @return individual self test + */ + public ISelfTest getSelfTest(String instanceName); + + // + // methods associated with multiple self test lists + // + + /** + * Returns the ILogEventListener of this subsystem. + * This method may return null. + * <P> + * + * @return ILogEventListener of this subsystem + */ + public ILogEventListener getSelfTestLogger(); + + /** + * This method represents the log interface for the self test subsystem. + * <P> + * + * @param logger log event listener + * @param msg self test log message + */ + public void log(ILogEventListener logger, String msg); + + /** + * Register an individual self test on the instances list AND + * on the "on demand" list (note that the specified self test + * will be appended to the end of each list). + * <P> + * + * @param instanceName instance name of self test + * @param isCritical isCritical is either a critical failure (true) or + * a non-critical failure (false) + * @param instance individual self test + * @exception EDuplicateSelfTestException subsystem has duplicate name + * @exception EInvalidSelfTestException subsystem has invalid name/value + * @exception EMissingSelfTestException subsystem has missing name/value + */ + // public void registerSelfTestOnDemand( String instanceName, + // boolean isCritical, + // ISelfTest instance ) + // throws EDuplicateSelfTestException, + // EInvalidSelfTestException, + // EMissingSelfTestException; + + + /** + * Deregister an individual self test on the instances list AND + * on the "on demand" list (note that the specified self test + * will be removed from each list). + * <P> + * + * @param instanceName instance name of self test + * @exception EMissingSelfTestException subsystem has missing name + */ + // public void deregisterSelfTestOnDemand( String instanceName ) + // throws EMissingSelfTestException; + + + /** + * Register an individual self test on the instances list AND + * on the "startup" list (note that the specified self test + * will be appended to the end of each list). + * <P> + * + * @param instanceName instance name of self test + * @param isCritical isCritical is either a critical failure (true) or + * a non-critical failure (false) + * @param instance individual self test + * @exception EDuplicateSelfTestException subsystem has duplicate name + * @exception EInvalidSelfTestException subsystem has invalid name/value + * @exception EMissingSelfTestException subsystem has missing name/value + */ + // public void registerSelfTestAtStartup( String instanceName, + // boolean isCritical, + // ISelfTest instance ) + // throws EDuplicateSelfTestException, + // EInvalidSelfTestException, + // EMissingSelfTestException; + + + /** + * Deregister an individual self test on the instances list AND + * on the "startup" list (note that the specified self test + * will be removed from each list). + * <P> + * + * @param instanceName instance name of self test + * @exception EMissingSelfTestException subsystem has missing name + */ + // public void deregisterSelfTestAtStartup( String instanceName ) + // throws EMissingSelfTestException; + + + + //////////////////////////////////// + // ISubsystem methods (inherited) // + //////////////////////////////////// + + /* Note that all of the following ISubsystem methods + * are inherited from the ISubsystem class: + * + * public String getId(); + * + * public void setId( String id ) + * throws EBaseException; + * + * public void init( ISubsystem owner, IConfigStore config ) + * throws EBaseException; + * + * public void startup() + * throws EBaseException; + * + * public void shutdown(); + * + * public IConfigStore getConfigStore(); + */ +} + diff --git a/pki/base/common/src/com/netscape/certsrv/selftests/SelfTestResources.java b/pki/base/common/src/com/netscape/certsrv/selftests/SelfTestResources.java new file mode 100644 index 000000000..1c1551c5a --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/selftests/SelfTestResources.java @@ -0,0 +1,41 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.selftests; + + +import java.util.*; + + +/** + * A class represents a resource bundle for Self Tests. + * <P> + * + * @version $Revision$, $Date$ + */ +public class SelfTestResources extends ListResourceBundle { + + /** + * Returns the content of this resource. + */ + public Object[][] getContents() { + return contents; + } + + static final Object[][] contents = { + }; +} diff --git a/pki/base/common/src/com/netscape/certsrv/template/ArgList.java b/pki/base/common/src/com/netscape/certsrv/template/ArgList.java new file mode 100644 index 000000000..f3b955c27 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/template/ArgList.java @@ -0,0 +1,68 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.template; + +import java.util.*; + +/** + * This class represents a list of arguments + * that will be returned to the end-user via + * the template framework. + * <p> + * + * @version $Revision$, $Date$ + */ +public class ArgList implements IArgValue { + + private Vector mList = new Vector(); + + /** + * Constructs a argument list object. + */ + public ArgList() { + } + + /** + * Adds an argument to the list. + * + * @param arg argument to be added + */ + public void add(IArgValue arg) { + mList.addElement(arg); + } + + /** + * Returns the number of arguments in the list. + * + * @return size of the list + */ + public int size() { + return mList.size(); + } + + /** + * Returns the argument at the given position + * Position starts from 0. + * + * @param pos position + * @return argument + */ + public IArgValue get(int pos) { + return (IArgValue) mList.elementAt(pos); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/template/ArgSet.java b/pki/base/common/src/com/netscape/certsrv/template/ArgSet.java new file mode 100644 index 000000000..ca8d866ea --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/template/ArgSet.java @@ -0,0 +1,74 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.template; + +import java.util.*; + +/** + * This class represents a set of arguments. + * Unlike ArgList, this set of arguments is + * not ordered. + * <p> + * Each argument in the set is tagged with + * a name (key). + * <p> + * + * @version $Revision$, $Date$ + */ +public class ArgSet implements IArgValue { + private Hashtable mArgs = new Hashtable(); + + /** + * Returns a list of argument names. + * + * @return list of argument names + */ + public Enumeration getNames() { + return mArgs.keys(); + } + + /** + * Sets string argument into the set with the given name. + * + * @param name argument name + * @param arg argument in string + */ + public void set(String name, String arg) { + mArgs.put(name, new ArgString (arg)); + } + + /** + * Sets argument into the set with the given name. + * + * @param name argument name + * @param arg argument value + */ + public void set(String name, IArgValue arg) { + mArgs.put(name, arg); + } + + /** + * Retrieves argument from the set. + * + * @param name argument name + * @return argument value + */ + public IArgValue get(String name) { + return (IArgValue) mArgs.get(name); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/template/ArgString.java b/pki/base/common/src/com/netscape/certsrv/template/ArgString.java new file mode 100644 index 000000000..b932a1855 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/template/ArgString.java @@ -0,0 +1,48 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.template; + + +import java.util.*; + +/** + * This class represents a string-based argument. + * + * @version $Revision$, $Date$ + */ +public class ArgString implements IArgValue { + private String mValue = null; + + /** + * Constructs a string-based argument value. + * + * @param value argument value + */ + public ArgString(String value) { + mValue = value; + } + + /** + * Returns the argument value. + * + * @return argument value + */ + public String getValue() { + return mValue; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/template/IArgValue.java b/pki/base/common/src/com/netscape/certsrv/template/IArgValue.java new file mode 100644 index 000000000..d679f0a1f --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/template/IArgValue.java @@ -0,0 +1,28 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.template; + +/** + * This interface presents a generic argument value. + * Argument value can be in string, in a list, or + * in a set. + * + * @version $Revision$, $Date$ + */ +public interface IArgValue { +} diff --git a/pki/base/common/src/com/netscape/certsrv/tks/ITKSAuthority.java b/pki/base/common/src/com/netscape/certsrv/tks/ITKSAuthority.java new file mode 100644 index 000000000..dfaa04cc4 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/tks/ITKSAuthority.java @@ -0,0 +1,71 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.tks; + + +import java.io.*; +import java.net.*; +import java.util.*; +import java.math.*; +import java.security.*; +import java.security.cert.*; +import netscape.security.x509.*; +import netscape.security.util.*; + +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.policy.*; +import com.netscape.certsrv.publish.*; +import com.netscape.certsrv.request.*; + + +/** + * An interface represents a Registration Authority that is + * responsible for certificate enrollment operations. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface ITKSAuthority extends ISubsystem { + public static final String ID = "tks"; + + public static final String PROP_POLICY = "Policy"; + public static final String PROP_REGISTRATION = "Registration"; + public static final String PROP_GATEWAY = "gateway"; + public static final String PROP_NICKNAME = "certNickname"; + //public final static String PROP_PUBLISH_SUBSTORE = "publish"; + //public final static String PROP_LDAP_PUBLISH_SUBSTORE = "ldappublish"; + public final static String PROP_CONNECTOR = "connector"; + public final static String PROP_NEW_NICKNAME = "newNickname"; + + + + /** + * Retrieves the request queue of this registration authority. + * + * @return RA's request queue + */ + public IRequestQueue getRequestQueue(); + + /** + * Returns the nickname of the RA certificate. + * + * @return the nickname of the RA certificate + */ + public String getNickname(); + +} diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/Certificates.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/Certificates.java new file mode 100644 index 000000000..6d8ec2b8f --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/Certificates.java @@ -0,0 +1,50 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.usrgrp; + + +import java.security.*; +import java.security.cert.*; + + +/** + * This class defines the strong authentication basic elements, + * the X509 certificates. + * + * @version $Revision$, $Date$ + */ +public class Certificates { + + private X509Certificate mCerts[] = null; + + /** + * Constructs strong authenticator. + * @param certs a list of X509Certificates + */ + public Certificates(X509Certificate certs[]) { + mCerts = certs; + } + + /** + * Retrieves certificates. + * @return a list of X509Certificates + */ + public X509Certificate[] getCertificates() { + return mCerts; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/EUsrGrpException.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/EUsrGrpException.java new file mode 100644 index 000000000..db2aca24c --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/EUsrGrpException.java @@ -0,0 +1,83 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.usrgrp; + + +import java.util.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.logging.*; + + +/** + * A class represents a Identity exception. + * <P> + * + * @version $Revision$, $Date$ + */ +public class EUsrGrpException extends EBaseException { + + /** + * Identity resource class name. + */ + private static final String USRGRP_RESOURCES = UsrGrpResources.class.getName(); + + /** + * Constructs a usr/grp management exception + * @param msgFormat exception details in message string format + * <P> + */ + public EUsrGrpException(String msgFormat) { + super(msgFormat); + } + + /** + * Constructs a Identity exception. + * @param msgFormat exception details in message string format + * @param param message string parameter + * <P> + */ + public EUsrGrpException(String msgFormat, String param) { + super(msgFormat, param); + } + + /** + * Constructs a Identity exception. + * @param e system exception + * <P> + */ + public EUsrGrpException(String msgFormat, Exception e) { + super(msgFormat, e); + } + + /** + * Constructs a Identity exception. + * @param msgFormat exception details in message string format + * @param params list of message format parameters + * <P> + */ + public EUsrGrpException(String msgFormat, Object params[]) { + super(msgFormat, params); + } + + /** + * Retrieves bundle name. + */ + protected String getBundleName() { + return USRGRP_RESOURCES; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/ICertUserLocator.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/ICertUserLocator.java new file mode 100644 index 000000000..8644e4f6f --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/ICertUserLocator.java @@ -0,0 +1,49 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.usrgrp; + + +import netscape.ldap.*; +import java.util.*; +import com.netscape.certsrv.ldap.*; + + +/** + * This interface defines a certificate mapping strategy to locate + * a user + * + * @version $Revision$, $Date$ + */ +public interface ICertUserLocator { + + /** + * Returns a user whose certificates match with the given certificates + * @return an user interface + * @exception EUsrGrpException thrown when failed to build user + * @exception LDAPException thrown when LDAP internal database is not available + * @exception ELdapException thrown when the LDAP search failed + */ + public IUser locateUser(Certificates certs) throws + EUsrGrpException, LDAPException, ELdapException; + + /** + * Retrieves description. + * @return description + */ + public String getDescription(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/IGroup.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/IGroup.java new file mode 100644 index 000000000..3e36d9cc2 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/IGroup.java @@ -0,0 +1,70 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.usrgrp; + + +import java.util.*; +import com.netscape.certsrv.common.*; +import com.netscape.certsrv.base.*; + + +/** + * This interface defines the basic interfaces for + * an identity group. (get/set methods for a group entry attributes) + * + * @version $Revision$, $Date$ + */ +public interface IGroup extends IAttrSet, IGroupConstants { + + /** + * Retrieves the group name. + * @return the group name + */ + public String getName(); + + /** + * Retrieves group identifier. + * @return the group id + */ + public String getGroupID(); + + /** + * Retrieves group description. + * @return description + */ + public String getDescription(); + + /** + * Checks if the given name is member of this group. + * @param name the given name + * @return true if the given name is the member of this group; otherwise false. + */ + public boolean isMember(String name); + + /** + * Adds new member. + * @param name the given name. + */ + public void addMemberName(String name); + + /** + * Retrieves a list of member names. + * @return a list of member names for this group. + */ + public Enumeration getMemberNames(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/IGroupConstants.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/IGroupConstants.java new file mode 100644 index 000000000..2f7e10a71 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/IGroupConstants.java @@ -0,0 +1,50 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.usrgrp; + + +import java.util.*; + + +/** + * This interface defines the attribute names for a group entry + * + * @version $Revision$, $Date$ + */ +public interface IGroupConstants { + + /** + * Contant for groupName + */ + public static final String ATTR_NAME = "groupName"; + + /** + * Constant for dn + */ + public static final String ATTR_ID = "dn"; + + /** + * Constant for description + */ + public static final String ATTR_DESCRIPTION = "description"; + + /** + * Constant for uniquemember + */ + public static final String ATTR_MEMBERS = "uniquemember"; +} diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/IIdEvaluator.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/IIdEvaluator.java new file mode 100644 index 000000000..b34ba8f4a --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/IIdEvaluator.java @@ -0,0 +1,44 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.usrgrp; + + +import java.util.*; +import java.security.*; +import com.netscape.certsrv.base.*; + + +/** + * A class represents an ID evaluator. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IIdEvaluator { + + /** + * Evaluates if the given value satisfies the ID evaluation: + * is a user a member of a group + * @param type the type of evaluator, in this case, it is group + * @param id the user id for the given user + * @param op operator, only "=" and "!=" are supported + * @param value the name of the group, eg, "Certificate Manager Agents" + * @return true if the given user is a member of the group + */ + public boolean evaluate(String type, IUser id, String op, String value); +} diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/IUGSubsystem.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/IUGSubsystem.java new file mode 100644 index 000000000..59266fedc --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/IUGSubsystem.java @@ -0,0 +1,232 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.usrgrp; + + +import java.util.*; +import java.lang.*; +import netscape.ldap.*; +import java.security.*; +import java.security.cert.*; +import netscape.security.x509.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.logging.*; + + +/** + * This class defines low-level LDAP usr/grp management + * usr/grp information is located remotely on another + * LDAP server. + * + * @version $Revision$, $Date$ + */ +public interface IUGSubsystem extends ISubsystem, IUsrGrp { + + /** + * Constant for ID + */ + public static final String ID = "usrgrp"; + + /** + * Constant for super administrators + */ + public static final String SUPER_CERT_ADMINS = "Administrators"; + + /** + * Retrieves a user from LDAP + * @param userid the given user id + * @exception EUsrGrpException thrown when failed to find the user + */ + public IUser getUser(String userid) throws EUsrGrpException; + + /** + * Searches for users that matches the filter. + * @param filter search filter for efficiency + * @return list of users + * @exception EUsrGrpException thrown when any internal error occurs + */ + public Enumeration listUsers(String filter) throws EUsrGrpException; + + /** + * Adds the given user to the internal database + * @param identity the given user + * @exception EUsrGrpException thrown when failed to add user to the group + * @exception LDAPException thrown when the LDAP internal database is not available + */ + public void addUser(IUser identity) throws EUsrGrpException, LDAPException; + + /** + * Adds a user certificate to user + * @param identity user interface + * @exception EUsrGrpException thrown when failed to add the user certificate to the given user + * @exception LDAPException thrown when the LDAP internal database is not available + */ + public void addUserCert(IUser identity) throws EUsrGrpException, + LDAPException; + + /** + * Removes a user certificate for a user entry + * given a user certificate DN (actually, a combination of version, + * serialNumber, issuerDN, and SubjectDN), and it gets removed + * @param identity the given user whose user certificate is going to be + * be removed. + * @exception EUsrGrpException thrown when failed to remove user certificate + */ + public void removeUserCert(IUser identity) throws EUsrGrpException; + + /** + * Removes identity. + * @param userid the given user id + * @exception EUsrGrpException thrown when failed to remove user + */ + public void removeUser(String userid) throws EUsrGrpException; + + /** + * Modifies user attributes. Certs are handled separately + * @param identity the given identity which contains all the user + * attributes being modified + * @exception EUsrGrpException thrown when modification failed + */ + public void modifyUser(IUser identity) throws EUsrGrpException; + + /** + * Finds groups that match the filter. + * @param filter the search filter + * @return a list of groups that match the given search filter + */ + public Enumeration findGroups(String filter); + + /** + * Find a group for the given name + * @param name the given name + * @return a group that matched the given name + */ + public IGroup findGroup(String name); + + /** + * List groups. This method is more efficient than findGroups because + * this method retrieves group names and description only. Each + * retrieved group just contains group name and description. + * @param filter the search filter + * @return a list of groups, each group just contains group name and + * its description. + * @exception EUsrGrpException thrown when failed to list groups + */ + public Enumeration listGroups(String filter) throws EUsrGrpException; + + /** + * Retrieves a group from LDAP for the given group name + * @param name the given group name + * @return a group interface + */ + public IGroup getGroupFromName(String name); + + /** + * Retrieves a group from LDAP for the given DN. + * @param DN the given DN + * @return a group interface for the given DN. + */ + public IGroup getGroup(String DN); + + /** + * Checks if the given group exists. + * @param name the given group name + * @return true if the given group exists in the internal database; otherwise false. + */ + public boolean isGroupPresent(String name); + + /** + * Checks if the given context is a member of the given group + * @param uid the given user id + * @param name the given group name + * @return true if the user with the given user id is a member of the given + * group + */ + public boolean isMemberOf(String uid, String name); + public boolean isMemberOf(IUser id, String name); + + /** + * Adds a group of identities. + * @param group the given group + * @exception EUsrGrpException thrown when failed to add group. + */ + public void addGroup(IGroup group) throws EUsrGrpException; + + /** + * Removes a group. Can't remove SUPER_CERT_ADMINS + * @param name the given group name + * @exception EUsrGrpException thrown when the given group failed to remove + */ + public void removeGroup(String name) throws EUsrGrpException; + + /** + * Modifies a group. + * @param group the given group which contain all group attributes being + * modified. + * @exception EUsrGrpException thrown when failed to modify group. + */ + public void modifyGroup(IGroup group) throws EUsrGrpException; + + /** + * Removes the user with the given id from the given group + * @param grp the given group + * @param userid the given user id + * @exception EUsrGrpException thrown when failed to remove the user from + * the given group + */ + public void removeUserFromGroup(IGroup grp, String userid) + throws EUsrGrpException; + + /** + * Create user with the given id. + * @param id the user with the given id. + * @return a new user + */ + public IUser createUser(String id); + + /** + * Create group with the given id. + * @param id the group with the given id. + * @return a new group + */ + public IGroup createGroup(String id); + + /** + * Get string representation of the given certificate + * @param cert given certificate + * @return the string representation of the given certificate + */ + public String getCertificateString(X509Certificate cert); + + /** + * Searchs for identities that matches the certificate locater + * generated filter. + * @param filter search filter + * @return an user + * @exception EUsrGrpException thrown when failed to find user + * @exception LDAPException thrown when the internal database is not available + */ + public IUser findUsersByCert(String filter) throws + EUsrGrpException, LDAPException; + + /** + * Get user locator which does the mapping between the user and the certificate. + * @return CertUserLocator + */ + public ICertUserLocator getCertUserLocator(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/IUser.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/IUser.java new file mode 100644 index 000000000..febcb9e84 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/IUser.java @@ -0,0 +1,154 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.usrgrp; + + +import com.netscape.certsrv.common.*; +import com.netscape.certsrv.base.*; +import java.security.cert.*; +import netscape.security.x509.*; + + +/** + * This interface defines the basic interfaces for + * a user identity. (get/set methods for a user entry attributes) + * + * @version $Revision$, $Date$ + */ +public interface IUser extends IAttrSet, IUserConstants { + + /** + * Retrieves name. + * @return user name + */ + public String getName(); + + /** + * Retrieves user identifier. + * @return user id + */ + public String getUserID(); + + /** + * Retrieves user full name. + * @return user fullname + */ + public String getFullName(); + + /** + * Retrieves user phonenumber. + * @return user phonenumber + */ + public String getPhone(); + + /** + * Retrieves user state + * @return user state + */ + public String getState(); + + /** + * Sets user full name. + * @param name the given full name + */ + public void setFullName(String name); + + /** + * Sets user ldap DN. + * @param userdn the given user DN + */ + public void setUserDN(String userdn); + + /** + * Gets user ldap dn + * @return user DN + */ + public String getUserDN(); + + /** + * Retrieves user password. + * @return user password + */ + public String getPassword(); + + /** + * Sets user password. + * @param p the given password + */ + public void setPassword(String p); + + /** + * Sets user phonenumber + * @param p user phonenumber + */ + public void setPhone(String p); + + /** + * Sets user state + * @param p the given user state + */ + public void setState(String p); + + /** + * Sets user type + * @param userType the given user type + */ + public void setUserType(String userType); + + /** + * Gets user email address. + * @return email address + */ + public String getEmail(); + + /** + * Sets user email address. + * @param email the given email address + */ + public void setEmail(String email); + + /** + * Gets list of certificates from this user + * @return list of certificates + */ + public X509Certificate[] getX509Certificates(); + + /** + * Sets list of certificates in this user + * @param certs list of certificates + */ + public void setX509Certificates(X509Certificate certs[]); + + /** + * Get certificate DN + * @return certificate DN + */ + public String getCertDN(); + + /** + * Set certificate DN + * @param userdn the given DN + */ + public void setCertDN(String userdn); + + /** + * Get user type + * @return user type. + */ + public String getUserType(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/IUserConstants.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/IUserConstants.java new file mode 100644 index 000000000..01a392494 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/IUserConstants.java @@ -0,0 +1,70 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.usrgrp; + + +import com.netscape.certsrv.base.*; + + +/** + * This interface defines the attribute names for a user entry + * + * @version $Revision$, $Date$ + */ +public interface IUserConstants { + + /** + * Constant for userScope + */ + public static final String ATTR_SCOPE = "userScope"; + + /** + * Constant for userName + */ + public static final String ATTR_NAME = "userName"; + + /** + * Constant for userId + */ + public static final String ATTR_ID = "userId"; + + /** + * Constant for userFullName + */ + public static final String ATTR_FULLNAME = "userFullName"; + + /** + * Constant for userPassword + */ + public static final String ATTR_PASSWORD = "userPassword"; + + /** + * Constant for userState + */ + public static final String ATTR_STATE = "userstate"; + + /** + * Constant for userEmail + */ + public static final String ATTR_EMAIL = "userEmail"; + + /** + * Constant for usertype + */ + public static final String ATTR_USERTYPE = "usertype"; +} diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/IUsrGrp.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/IUsrGrp.java new file mode 100644 index 000000000..98eb9e9b5 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/IUsrGrp.java @@ -0,0 +1,110 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.usrgrp; + +import java.util.*; +import com.netscape.certsrv.base.*; +import netscape.ldap.*; + +/** + * This interface defines the basic capabilities of + * a usr/group manager. (get/add/modify/remove users or groups) + * + * @version $Revision$, $Date$ + */ +public interface IUsrGrp extends IIdEvaluator { + + /** + * Retrieves usr/grp manager identifier. + * @return id + */ + public String getId(); + + /** + * Retrieves the description + * @return description + */ + public String getDescription(); + + /** + * Retrieves an identity + * @param userid the user id for the given user + * @return user interface + */ + public IUser getUser(String userid) throws EUsrGrpException; + + /** + * Adds a user identity to the LDAP server. For example, + * <code> + * User user = new User("joe"); + * user.setFullName("joe doe"); + * user.setPassword("secret"); + * usrgrp.addUser(user); + * </code> + * @param user an user interface + * @exception EUsrGrpException thrown when some of the user attribute values + * are null + * @exception LDAPException thrown when the LDAP internal database is not + * available, or the add operation failed + */ + public void addUser(IUser user) throws EUsrGrpException, LDAPException; + + /** + * Removes a user. + * @param userid the user id for the given user + * @exception EUsrGrpException thrown when failed to remove user + */ + public void removeUser(String userid) throws EUsrGrpException; + + /** + * Modifies user. + * @param user the user interface which contains the modified information + * @exception EUsrGrpException thrown when failed to modify user + */ + public void modifyUser(IUser user) throws EUsrGrpException; + + /** + * Retrieves an identity group + * @param groupid the given group id. + * @return the group interface + */ + public IGroup getGroup(String groupid); + + /** + * Adds a group + * @param group the given group + * @exception EUsrGrpException thrown when failed to add the group. + */ + public void addGroup(IGroup group) throws EUsrGrpException; + + /** + * Modifies a group + * @param group the given group contains the new information for modification. + * @exception EUsrGrpException thrown when failed to modify the group. + */ + public void modifyGroup(IGroup group) throws EUsrGrpException; + + /** + * Removes a group + * @param name the group name + * @exception EUsrGrpException thrown when failed to remove the given + * group. + */ + public void removeGroup(String name) throws EUsrGrpException; + +} diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/UsrGrpResources.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/UsrGrpResources.java new file mode 100644 index 000000000..ed4f28b83 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/UsrGrpResources.java @@ -0,0 +1,45 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.usrgrp; + +import java.util.ListResourceBundle; + +/** + * A class represents a resource bundle for the + * user/group manager + * + * @deprecated + * @version $Revision$, $Date$ + */ +public class UsrGrpResources extends ListResourceBundle { + + /** + * Returns the content of this resource. + * @return the content of this resource. + */ + public Object[][] getContents() { + return contents; + } + + /** + * Constants. The suffix represents the number of + * possible parameters. + */ + + static final Object[][] contents = {}; +} diff --git a/pki/base/common/src/com/netscape/certsrv/util/HttpInput.java b/pki/base/common/src/com/netscape/certsrv/util/HttpInput.java new file mode 100644 index 000000000..b64ac4622 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/util/HttpInput.java @@ -0,0 +1,296 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.util; + +import netscape.ldap.*; +import java.io.*; +import java.net.*; +import javax.servlet.http.*; +import javax.servlet.*; +import java.util.*; +import java.math.*; +import java.util.regex.*; + +public class HttpInput +{ + public static int getPortNumberInInt(HttpServletRequest request, String name) + throws IOException + { + String val = request.getParameter(name); + int p = Integer.parseInt(val); + return p; + } + + public static String getBoolean(HttpServletRequest request, String name) + throws IOException + { + String val = request.getParameter(name); + if (val.equals("true") || val.equals("false")) { + return val; + } + throw new IOException("Invalid boolean value '" + val + "'"); + } + + public static String getCheckbox(HttpServletRequest request, String name) + throws IOException + { + String val = request.getParameter(name); + if (val == null || val.equals("")) { + return "off"; + } else if (val.equals("on") || val.equals("off")) { + return val; + } + throw new IOException("Invalid checkbox value '" + val + "'"); + } + + public static String getInteger(HttpServletRequest request, String name) + throws IOException + { + String val = request.getParameter(name); + int p = 0; + try { + p = Integer.parseInt(val); + } catch (NumberFormatException e) { + throw new IOException("Input '" + val + "' is not an integer"); + } + + if (!val.equals(Integer.toString(p))) { + throw new IOException("Input '" + val + "' is not an integer"); + } + return val; + } + + public static String getInteger(HttpServletRequest request, String name, + int min, int max) throws IOException + { + String val = getInteger(request, name); + int p = Integer.parseInt(val); + if (p < min || p > max) { + throw new IOException("Input '" + val + "' is out of range"); + } + return val; + } + + public static String getPortNumber(HttpServletRequest request, String name) + throws IOException + { + String v = getInteger(request, name); + return v; + } + + public static String getString(HttpServletRequest request, String name) + throws IOException + { + String val = request.getParameter(name); + return val; + } + + public static String getString(HttpServletRequest request, String name, + int minlen, int maxlen) throws IOException + { + String val = request.getParameter(name); + if (val.length() < minlen || val.length() > maxlen) { + throw new IOException("String length of '" + val + + "' is out of range"); + } + return val; + } + + public static String getLdapDatabase(HttpServletRequest request, String name) + throws IOException + { + return getString(request, name); + } + + public static String getURL(HttpServletRequest request, String name) + throws IOException + { + String v = getString(request, name); + try { + URL u = new URL(v); + } catch (Exception e) { + throw new IOException("Invalid URL " + v); + } + return v; + } + + public static String getUID(HttpServletRequest request, String name) + throws IOException + { + return getString(request, name); + } + + public static String getPassword(HttpServletRequest request, String name) + throws IOException + { + return getString(request, name); + } + + public static String getKeyType(HttpServletRequest request, String name) + throws IOException + { + String v = getString(request, name); + if (v.equals("rsa")) { + return v; + } + if (v.equals("ecc")) { + return v; + } + throw new IOException("Invalid key type '" + v + "' not supported."); + } + + public static String getKeySize(HttpServletRequest request, String name) + throws IOException + { + String i = getInteger(request, name); + if (i.equals("256") || i.equals("512") || i.equals("1024") || + i.equals("2048") || i.equals("4096")) { + return i; + } + throw new IOException("Invalid key length '" + i + "'. Currently supported key lengths are 256, 512, 1024, 2048, 4096."); + } + + public static String getKeySize(HttpServletRequest request, String name, String keyType) + throws IOException + { + String i = getInteger(request, name); + if (keyType.equals("rsa")) { + if (i.equals("256") || i.equals("512") || i.equals("1024") || + i.equals("2048") || i.equals("4096")) { + return i; + } else { + throw new IOException("Invalid key length '" + i + "'. Currently supported RSA key lengths are 256, 512, 1024, 2048, 4096."); + } + } + if (keyType.equals("ecc")) { + int p = 0; + try { + p = Integer.parseInt(i); + } catch (NumberFormatException e) { + throw new IOException("Input '" + i + "' is not an integer"); + } + if ((p >= 112) && (p <= 571)) + return i; + else { + throw new IOException("Invalid key length '" + i + "'. Please consult your security officer for a proper length, or take the default value. Here are examples of some commonly used key lengths: 256, 384, 521."); + } +/* + + if (i.equals("256") || i.equals("384") || i.equals("521")) { + return i; + } else { + throw new IOException("Invalid key length '" + i + "'. Currently supported ECC key lengths are 256, 384, 521."); + } +*/ + } + throw new IOException("Invalid key type '" + keyType + "'"); + } + + public static String getDN(HttpServletRequest request, String name) + throws IOException + { + String v = getString(request, name); + String dn[] = LDAPDN.explodeDN(v, true); + if (dn == null || dn.length <= 0) { + throw new IOException("Invalid DN " + v + " in " + name); + } + return v; + } + + public static String getID(HttpServletRequest request, String name) + throws IOException + { + return getString(request, name); + } + + public static String getName(HttpServletRequest request, String name) + throws IOException + { + return getString(request, name); + } + + public static String getCertRequest(HttpServletRequest request, String name) + throws IOException + { + return getString(request, name); + } + + public static String getCertChain(HttpServletRequest request, String name) + throws IOException + { + return getString(request, name); + } + + public static String getCert(HttpServletRequest request, String name) + throws IOException + { + return getString(request, name); + } + + public static String getNickname(HttpServletRequest request, String name) + throws IOException + { + return getString(request, name); + } + + public static String getHostname(HttpServletRequest request, String name) + throws IOException + { + return getString(request, name); + } + + public static String getTokenName(HttpServletRequest request, String name) + throws IOException + { + return getString(request, name); + } + + public static String getReplicationAgreementName(HttpServletRequest request, String name) + throws IOException + { + return getString(request, name); + } + + public static String getEmail(HttpServletRequest request, String name) + throws IOException + { + String v = getString(request, name); + if (v.indexOf('@') == -1) { + throw new IOException("Invalid email " + v); + } + return v; + } + + public static String getDomainName(HttpServletRequest request, String name) + throws IOException + { + return getString(request, name); + } + + public static String getSecurityDomainName(HttpServletRequest request, String name) + throws IOException + { + String v = getName(request, name); + Pattern p = Pattern.compile("[A-Za-z0-9]+[A-Za-z0-9 -]*"); + Matcher m = p.matcher(v); + if (!m.matches()) { + throw new IOException("Invalid characters found in Security Domain Name " + v + ". Valid characters are A-Z, a-z, 0-9, dash and space"); + } + return v; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/util/IStatsSubsystem.java b/pki/base/common/src/com/netscape/certsrv/util/IStatsSubsystem.java new file mode 100644 index 000000000..05a92f8d4 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/util/IStatsSubsystem.java @@ -0,0 +1,63 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.util; + + +import java.util.*; +import com.netscape.certsrv.base.*; + + +/** + * A class represents a internal subsystem. This subsystem + * can be loaded into cert server kernel to perform + * statistics collection. + * <P> + * + * @author thomask + * @version $Revision$, $Date$ + */ +public interface IStatsSubsystem extends ISubsystem +{ + /** + * Retrieves the start time since startup or + * clearing of statistics. + */ + public Date getStartTime(); + + /** + * Starts timing of a operation. + */ + public void startTiming(String id); + + public void startTiming(String id, boolean main); + + /** + * Stops timing of a operation. + */ + public void endTiming(String id); + + /** + * Resets counters. + */ + public void resetCounters(); + + /** + * Resets all internal counters. + */ + public StatsEvent getMainStatsEvent(); +} diff --git a/pki/base/common/src/com/netscape/certsrv/util/StatsEvent.java b/pki/base/common/src/com/netscape/certsrv/util/StatsEvent.java new file mode 100644 index 000000000..2849f5ecc --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/util/StatsEvent.java @@ -0,0 +1,194 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.util; + + +import java.util.*; +import java.math.*; + +/** + * A statistics transaction. + * <P> + * + * @author thomask + * @version $Revision$, $Date$ + */ +public class StatsEvent +{ + private String mName = null; + private long mMin = -1; + private long mMax = -1; + private long mTimeTaken = 0; + private long mTimeTakenSqSum = 0; + private long mNoOfOperations = 0; + private Vector mSubEvents = new Vector(); + private StatsEvent mParent = null; + + public StatsEvent(StatsEvent parent) + { + mParent = parent; + } + + public void setName(String name) + { + mName = name; + } + + /** + * Retrieves Transaction name. + */ + public String getName() + { + return mName; + } + + public void addSubEvent(StatsEvent st) + { + mSubEvents.addElement(st); + } + + /** + * Retrieves a list of sub transaction names. + */ + public Enumeration getSubEventNames() + { + Vector names = new Vector(); + Enumeration e = mSubEvents.elements(); + while (e.hasMoreElements()) { + StatsEvent st = (StatsEvent)e.nextElement(); + names.addElement(st.getName()); + } + return names.elements(); + } + + /** + * Retrieves a sub transaction. + */ + public StatsEvent getSubEvent(String name) + { + Enumeration e = mSubEvents.elements(); + while (e.hasMoreElements()) { + StatsEvent st = (StatsEvent)e.nextElement(); + if (st.getName().equals(name)) { + return st; + } + } + return null; + } + + public void resetCounters() + { + mMin = -1; + mMax = -1; + mNoOfOperations = 0; + mTimeTaken = 0; + mTimeTakenSqSum = 0; + Enumeration e = getSubEventNames(); + while (e.hasMoreElements()) { + String n = (String)e.nextElement(); + StatsEvent c = getSubEvent(n); + c.resetCounters(); + } + } + + public long getMax() + { + return mMax; + } + + public long getMin() + { + return mMin; + } + + public void incNoOfOperations(long c) + { + mNoOfOperations += c; + } + + public long getTimeTakenSqSum() + { + return mTimeTakenSqSum; + } + + public long getPercentage() + { + if (mParent == null || mParent.getTimeTaken() == 0) { + return 100; + } else { + return (mTimeTaken * 100 / mParent.getTimeTaken()); + } + } + + public long getStdDev() + { + if (getNoOfOperations() == 0) { + return 0; + } else { + long a = getTimeTakenSqSum(); + long b = (-2 * getAvg() *getTimeTaken()); + long c = getAvg() * getAvg() * getNoOfOperations(); + return (long)Math.sqrt((a + b + c)/getNoOfOperations()); + } + } + + public long getAvg() + { + if (mNoOfOperations == 0) { + return -1; + } else { + return mTimeTaken/mNoOfOperations; + } + } + + /** + * Retrieves number of operations performed. + */ + public long getNoOfOperations() + { + return mNoOfOperations; + } + + public void incTimeTaken(long c) + { + if (mMin == -1) { + mMin = c; + } else { + if (c < mMin) { + mMin = c; + } + } + if (mMax == -1) { + mMax = c; + } else { + if (c > mMax) { + mMax = c; + } + } + mTimeTaken += c; + mTimeTakenSqSum += (c * c); + } + + /** + * Retrieves total time token in msec. + */ + public long getTimeTaken() + { + return mTimeTaken; + } +} |