summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/policy/constraints/AttributePresentConstraints.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/policy/constraints/AttributePresentConstraints.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/constraints/AttributePresentConstraints.java217
1 files changed, 99 insertions, 118 deletions
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/AttributePresentConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/AttributePresentConstraints.java
index 4b9291481..6438dc4ae 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/AttributePresentConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/AttributePresentConstraints.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.constraints;
+
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Locale;
@@ -43,20 +44,20 @@ import com.netscape.certsrv.request.PolicyResult;
import com.netscape.certsrv.request.RequestId;
import com.netscape.cms.policy.APolicyRule;
+
/**
* This checks if attribute present.
* <P>
- *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class AttributePresentConstraints extends APolicyRule implements
- IEnrollmentPolicy, IExtendedPluginInfo {
+public class AttributePresentConstraints extends APolicyRule
+ implements IEnrollmentPolicy, IExtendedPluginInfo {
protected static final String PROP_ENABLED = "enabled";
protected static final String PROP_LDAP = "ldap";
@@ -75,59 +76,50 @@ public class AttributePresentConstraints extends APolicyRule implements
private LDAPConnection mCheckAttrLdapConnection = null;
public AttributePresentConstraints() {
- DESC = "Rejects request if ldap attribute is not present in the "
- + "directory.";
+ DESC = "Rejects request if ldap attribute is not present in the " +
+ "directory.";
}
public String[] getExtendedPluginInfo(Locale locale) {
String params[] = {
- PROP_ATTR
- + ";string,required;Ldap attribute to check presence of (default "
- + DEF_ATTR + ")",
- PROP_VALUE
- + ";string;if this parameter is non-empty, the attribute must "
- + "match this value for the request to proceed ",
- PROP_LDAP_BASE
- + ";string,required;Base DN to start searching "
- + "under. If your user's DN is 'uid=jsmith, o=company', you "
- + "might want to use 'o=company' here",
- PROP_LDAP_HOST + ";string,required;"
- + "LDAP host to connect to",
- PROP_LDAP_PORT + ";number,required;"
- + "LDAP port number (use 389, or 636 if SSL)",
- PROP_LDAP_SSL + ";boolean;"
- + "Use SSL to connect to directory?",
- PROP_LDAP_VER + ";choice(3,2),required;"
- + "LDAP protocol version",
- PROP_LDAP_BIND
- + ";string;DN to bind as for attribute checking. "
- + "For example 'CN=Pincheck User'",
- PROP_LDAP_PW + ";password;Enter password used to bind as "
- + "the above user",
- PROP_LDAP_AUTH + ";choice(BasicAuth,SslClientAuth),required;"
- + "How to bind to the directory",
- PROP_LDAP_CERT + ";string;If you want to use "
- + "SSL client auth to the directory, set the client "
- + "cert nickname here",
- PROP_LDAP_BASE
- + ";string,required;Base DN to start searching "
- + "under. If your user's DN is 'uid=jsmith, o=company', you "
- + "might want to use 'o=company' here",
- PROP_LDAP_MINC + ";number;number of connections "
- + "to keep open to directory server. Default "
- + DEF_LDAP_MINC,
- PROP_LDAP_MAXC
- + ";number;when needed, connection "
- + "pool can grow to this many (multiplexed) connections. Default "
- + DEF_LDAP_MAXC,
- IExtendedPluginInfo.HELP_TOKEN
- + ";configuration-policyrules-pinpresent",
- IExtendedPluginInfo.HELP_TEXT
- + ";"
- + DESC
- + " This plugin can be used to "
- + "check the presence (and, optionally, the value) of any LDAP "
- + "attribute for the user. " };
+ PROP_ATTR + ";string,required;Ldap attribute to check presence of (default " +
+ DEF_ATTR + ")",
+ PROP_VALUE + ";string;if this parameter is non-empty, the attribute must " +
+ "match this value for the request to proceed ",
+ PROP_LDAP_BASE + ";string,required;Base DN to start searching " +
+ "under. If your user's DN is 'uid=jsmith, o=company', you " +
+ "might want to use 'o=company' here",
+ PROP_LDAP_HOST + ";string,required;" +
+ "LDAP host to connect to",
+ PROP_LDAP_PORT + ";number,required;" +
+ "LDAP port number (use 389, or 636 if SSL)",
+ PROP_LDAP_SSL + ";boolean;" +
+ "Use SSL to connect to directory?",
+ PROP_LDAP_VER + ";choice(3,2),required;" +
+ "LDAP protocol version",
+ PROP_LDAP_BIND + ";string;DN to bind as for attribute checking. " +
+ "For example 'CN=Pincheck User'",
+ PROP_LDAP_PW + ";password;Enter password used to bind as " +
+ "the above user",
+ PROP_LDAP_AUTH + ";choice(BasicAuth,SslClientAuth),required;" +
+ "How to bind to the directory",
+ PROP_LDAP_CERT + ";string;If you want to use " +
+ "SSL client auth to the directory, set the client " +
+ "cert nickname here",
+ PROP_LDAP_BASE + ";string,required;Base DN to start searching " +
+ "under. If your user's DN is 'uid=jsmith, o=company', you " +
+ "might want to use 'o=company' here",
+ PROP_LDAP_MINC + ";number;number of connections " +
+ "to keep open to directory server. Default " + DEF_LDAP_MINC,
+ PROP_LDAP_MAXC + ";number;when needed, connection " +
+ "pool can grow to this many (multiplexed) connections. Default " + DEF_LDAP_MAXC,
+ IExtendedPluginInfo.HELP_TOKEN +
+ ";configuration-policyrules-pinpresent",
+ IExtendedPluginInfo.HELP_TEXT +
+ ";" + DESC + " This plugin can be used to " +
+ "check the presence (and, optionally, the value) of any LDAP " +
+ "attribute for the user. "
+ };
return params;
}
@@ -188,9 +180,9 @@ public class AttributePresentConstraints extends APolicyRule implements
protected static final String PROP_VALUE = "value";
protected static final String DEF_VALUE = "";
- protected static Vector mParamNames;
+ protected static Vector mParamNames;
protected static Hashtable mParamDefault;
- protected Hashtable mParamValue = null;
+ protected Hashtable mParamValue = null;
static {
mParamNames = new Vector();
@@ -209,7 +201,7 @@ public class AttributePresentConstraints extends APolicyRule implements
addParam(PROP_ATTR, DEF_ATTR);
addParam(PROP_VALUE, DEF_VALUE);
};
-
+
protected static void addParam(String name, Object value) {
mParamNames.addElement(name);
mParamDefault.put(name, value);
@@ -218,33 +210,40 @@ public class AttributePresentConstraints extends APolicyRule implements
protected void getStringConfigParam(IConfigStore config, String paramName) {
try {
mParamValue.put(
- paramName,
- config.getString(paramName,
- (String) mParamDefault.get(paramName)));
+ paramName, config.getString(paramName, (String) mParamDefault.get(paramName))
+ );
} catch (Exception e) {
}
}
protected void getIntConfigParam(IConfigStore config, String paramName) {
try {
- mParamValue.put(paramName, Integer.valueOf(config.getInteger(
- paramName,
- ((Integer) mParamDefault.get(paramName)).intValue())));
+ mParamValue.put(
+ paramName, Integer.valueOf(
+ config.getInteger(paramName,
+ ((Integer) mParamDefault.get(paramName)).intValue()
+ )
+ )
+ );
} catch (Exception e) {
}
}
protected void getBooleanConfigParam(IConfigStore config, String paramName) {
try {
- mParamValue.put(paramName, Boolean.valueOf(config.getBoolean(
- paramName,
- ((Boolean) mParamDefault.get(paramName)).booleanValue())));
+ mParamValue.put(
+ paramName, Boolean.valueOf(
+ config.getBoolean(paramName,
+ ((Boolean) mParamDefault.get(paramName)).booleanValue()
+ )
+ )
+ );
} catch (Exception e) {
}
}
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mConfig = config;
mParamValue = new Hashtable();
@@ -278,16 +277,14 @@ public class AttributePresentConstraints extends APolicyRule implements
String requestType = r.getRequestType();
- if (requestType.equals(IRequest.ENROLLMENT_REQUEST)
- || requestType.equals(IRequest.RENEWAL_REQUEST)) {
+ if (requestType.equals(IRequest.ENROLLMENT_REQUEST) ||
+ requestType.equals(IRequest.RENEWAL_REQUEST)) {
String uid = r.getExtDataInString(IRequest.HTTP_PARAMS, "uid");
if (uid == null) {
- log(ILogger.LL_INFO, "did not find UID parameter in request "
- + r.getRequestId());
- setError(r, CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"),
- "");
+ log(ILogger.LL_INFO, "did not find UID parameter in request " + r.getRequestId());
+ setError(r, CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"), "");
return PolicyResult.REJECTED;
}
@@ -295,34 +292,26 @@ public class AttributePresentConstraints extends APolicyRule implements
try {
String[] attrs = { (String) mParamValue.get(PROP_ATTR) };
- LDAPSearchResults searchResult = mCheckAttrLdapConnection
- .search((String) mParamValue.get(PROP_LDAP_BASE),
- LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", attrs,
- false);
-
+ LDAPSearchResults searchResult =
+ mCheckAttrLdapConnection.search((String) mParamValue.get(PROP_LDAP_BASE),
+ LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", attrs, false);
+
if (!searchResult.hasMoreElements()) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", uid));
- setError(r,
- CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"),
- "");
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", uid));
+ setError(r, CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"), "");
return PolicyResult.REJECTED;
}
LDAPEntry entry = (LDAPEntry) searchResult.nextElement();
userdn = entry.getDN();
-
- LDAPAttribute attr = entry.getAttribute((String) mParamValue
- .get(PROP_ATTR));
+
+ LDAPAttribute attr = entry.getAttribute((String) mParamValue.get(PROP_ATTR));
/* if attribute not present, reject the request */
if (attr == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", userdn));
- setError(r,
- CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"),
- "");
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", userdn));
+ setError(r, CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"), "");
return PolicyResult.REJECTED;
}
String acceptedValue = ((String) mParamValue.get(PROP_VALUE));
@@ -338,24 +327,17 @@ public class AttributePresentConstraints extends APolicyRule implements
}
}
if (matches == 0) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMS_AUTH_NO_PIN_FOUND", userdn));
- setError(
- r,
- CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"),
- "");
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", userdn));
+ setError(r, CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"), "");
return PolicyResult.REJECTED;
}
}
-
- CMS.debug("AttributePresentConstraints: Attribute is present for user: \""
- + userdn + "\"");
+
+ CMS.debug("AttributePresentConstraints: Attribute is present for user: \"" + userdn + "\"");
} catch (LDAPException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_PIN_UNAUTHORIZED"));
- setError(r, CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"),
- "");
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_PIN_UNAUTHORIZED"));
+ setError(r, CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"), "");
return PolicyResult.REJECTED;
}
@@ -401,26 +383,25 @@ public class AttributePresentConstraints extends APolicyRule implements
return params;
/*
- * params.addElement("ldap.ldapconn.host=localhost");
- * params.addElement("ldap.ldapconn.port=389");
- * params.addElement("ldap.ldapconn.secureConn=false");
- * params.addElement("ldap.ldapconn.version=3");
- * params.addElement("ldap.ldapauth.bindDN=CN=Directory Manager");
- * params.addElement("ldap.ldapauth.bindPWPrompt=");
- * params.addElement("ldap.ldapauth.clientCertNickname=");
- * params.addElement("ldap.ldapauth.authtype=BasicAuth");
- * params.addElement("ldap.basedn=");
- * params.addElement("ldap.minConns=1");
- * params.addElement("ldap.maxConns=5");
+ params.addElement("ldap.ldapconn.host=localhost");
+ params.addElement("ldap.ldapconn.port=389");
+ params.addElement("ldap.ldapconn.secureConn=false");
+ params.addElement("ldap.ldapconn.version=3");
+ params.addElement("ldap.ldapauth.bindDN=CN=Directory Manager");
+ params.addElement("ldap.ldapauth.bindPWPrompt=");
+ params.addElement("ldap.ldapauth.clientCertNickname=");
+ params.addElement("ldap.ldapauth.authtype=BasicAuth");
+ params.addElement("ldap.basedn=");
+ params.addElement("ldap.minConns=1");
+ params.addElement("ldap.maxConns=5");
*/
}
protected void log(int level, String msg) {
- if (mLogger == null)
- return;
+ if (mLogger == null) return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, level,
- "AttributePresentConstraints: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
+ level, "AttributePresentConstraints: " + msg);
}
}
generated by cgit (git 2.34.1) at 2024-07-03 11:11:22 +0000