summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java185
1 files changed, 92 insertions, 93 deletions
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java
index b4ce10bc3..017441df0 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.publish.mappers;
+
import java.security.cert.X509Certificate;
import java.util.Locale;
import java.util.Vector;
@@ -40,10 +41,11 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.publish.ILdapMapper;
import com.netscape.certsrv.request.IRequest;
-/**
- * Maps a X509 certificate to a LDAP entry by finding an LDAP entry which has an
- * attribute whose contents are equal to the cert subject name.
- *
+
+/**
+ * Maps a X509 certificate to a LDAP entry by finding an LDAP entry
+ * which has an attribute whose contents are equal to the cert subject name.
+ *
* @version $Revision$, $Date$
*/
public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
@@ -62,15 +64,13 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
/**
* constructs a certificate subject name mapper with search base.
- *
- * @param searchBase the dn to start searching for the certificate subject
- * name.
+ * @param searchBase the dn to start searching for the certificate
+ * subject name.
*/
public LdapCertSubjMap(String searchBase) {
if (searchBase == null)
throw new IllegalArgumentException(
- "a null argument to constructor "
- + this.getClass().getName());
+ "a null argument to constructor " + this.getClass().getName());
mSearchBase = searchBase;
mInited = true;
}
@@ -82,23 +82,23 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
* @param certSubjNameAttr attribute for certificate subject names.
* @param certAttr attribute to find certificate.
*/
- public LdapCertSubjMap(String searchBase, String certSubjNameAttr,
- String certAttr) {
- if (searchBase == null || certSubjNameAttr == null || certAttr == null)
+ public LdapCertSubjMap(String searchBase,
+ String certSubjNameAttr, String certAttr) {
+ if (searchBase == null ||
+ certSubjNameAttr == null || certAttr == null)
throw new IllegalArgumentException(
- "a null argument to constructor "
- + this.getClass().getName());
+ "a null argument to constructor " + this.getClass().getName());
mCertSubjNameAttr = certSubjNameAttr;
mSearchBase = searchBase;
mInited = true;
}
- public LdapCertSubjMap(String searchBase, String certSubjNameAttr,
- String certAttr, boolean useAllEntries) {
- if (searchBase == null || certSubjNameAttr == null || certAttr == null)
+ public LdapCertSubjMap(String searchBase,
+ String certSubjNameAttr, String certAttr, boolean useAllEntries) {
+ if (searchBase == null ||
+ certSubjNameAttr == null || certAttr == null)
throw new IllegalArgumentException(
- "a null argument to constructor "
- + this.getClass().getName());
+ "a null argument to constructor " + this.getClass().getName());
mCertSubjNameAttr = certSubjNameAttr;
mSearchBase = searchBase;
mUseAllEntries = useAllEntries;
@@ -127,15 +127,16 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
"certSubjNameAttr;string;Name of Ldap attribute containing cert subject name",
"searchBase;string;Base DN to search from",
"useAllEntries;boolean;Use all entries for publishing",
- IExtendedPluginInfo.HELP_TOKEN
- + ";configuration-ldappublish-mapper-certsubjmapper",
- IExtendedPluginInfo.HELP_TEXT
- + ";This plugin assumes you want to publish to an LDAP entry which has "
- + "an attribute whose contents are equal to the cert subject name" };
+ IExtendedPluginInfo.HELP_TOKEN +
+ ";configuration-ldappublish-mapper-certsubjmapper",
+ IExtendedPluginInfo.HELP_TEXT +
+ ";This plugin assumes you want to publish to an LDAP entry which has " +
+ "an attribute whose contents are equal to the cert subject name"
+ };
return params;
}
-
+
public Vector getInstanceParams() {
Vector v = new Vector();
@@ -157,25 +158,28 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
return mConfig;
}
- public void init(IConfigStore config) throws EBaseException {
+ public void init(IConfigStore config)
+ throws EBaseException {
if (mInited == true)
return;
mConfig = config;
mCertSubjNameAttr = config.getString("certSubjNameAttr",
- LDAP_CERTSUBJNAME_ATTR);
+ LDAP_CERTSUBJNAME_ATTR);
mSearchBase = config.getString("searchBase");
mUseAllEntries = config.getBoolean("useAllEntries", false);
mInited = true;
}
/**
- * Finds the entry for the certificate by looking for the cert subject name
- * in the subject name attribute.
+ * Finds the entry for the certificate by looking for the cert
+ * subject name in the subject name attribute.
*
* @param conn - the LDAP connection.
* @param obj - the X509Certificate.
- */
- public String map(LDAPConnection conn, Object obj) throws ELdapException {
+ */
+ public String
+ map(LDAPConnection conn, Object obj)
+ throws ELdapException {
if (conn == null)
return null;
X500Name subjectDN = null;
@@ -183,43 +187,41 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
try {
X509Certificate cert = (X509Certificate) obj;
- subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN();
+ subjectDN =
+ (X500Name) ((X509Certificate) cert).getSubjectDN();
- CMS.debug("LdapCertSubjMap: cert subject dn:"
- + subjectDN.toString());
+ CMS.debug("LdapCertSubjMap: cert subject dn:" + subjectDN.toString());
} catch (ClassCastException e) {
try {
X509CRLImpl crl = (X509CRLImpl) obj;
- subjectDN = (X500Name) ((X509CRLImpl) crl).getIssuerDN();
+ subjectDN =
+ (X500Name) ((X509CRLImpl) crl).getIssuerDN();
- CMS.debug("LdapCertSubjMap: crl issuer dn: "
- + subjectDN.toString());
- } catch (ClassCastException ex) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT"));
+ CMS.debug("LdapCertSubjMap: crl issuer dn: " +
+ subjectDN.toString());
+ }catch (ClassCastException ex) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT"));
return null;
}
}
try {
boolean hasCert = false;
boolean hasSubjectName = false;
- String[] attrs = new String[] { LDAPv3.NO_ATTRS };
-
- log(ILogger.LL_INFO, "search " + mSearchBase + " ("
- + mCertSubjNameAttr + "=" + subjectDN + ") "
- + mCertSubjNameAttr);
+ String[] attrs = new String[] { LDAPv3.NO_ATTRS };
- LDAPSearchResults results = conn.search(mSearchBase,
- LDAPv2.SCOPE_SUB, "(" + mCertSubjNameAttr + "=" + subjectDN
- + ")", attrs, false);
+ log(ILogger.LL_INFO, "search " + mSearchBase +
+ " (" + mCertSubjNameAttr + "=" + subjectDN + ") " + mCertSubjNameAttr);
+ LDAPSearchResults results =
+ conn.search(mSearchBase, LDAPv2.SCOPE_SUB,
+ "(" + mCertSubjNameAttr + "=" + subjectDN + ")", attrs, false);
+
LDAPEntry entry = results.next();
if (results.hasMoreElements()) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "",
- subjectDN.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", subjectDN.toString()));
}
if (entry != null) {
log(ILogger.LL_INFO, "entry found");
@@ -231,35 +233,38 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
// need to intercept this because message from LDAP is
// "DSA is unavailable" which confuses with DSA PKI.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
- throw new ELdapServerDownException(CMS.getUserMessage(
- "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
- + conn.getPort()));
+ CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+ throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "PUBLISH_DN_MAP_EXCEPTION", "LDAPException",
- e.toString()));
- throw new ELdapException(CMS.getUserMessage(
- "CMS_LDAP_NO_MATCH_FOUND", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString()));
+ throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString()));
}
}
/*
- * catch (IOException e) { log(ILogger.LL_FAILURE,
- * CMS.getLogMessage("PUBLISH_CANT_GET_SUBJECT", e.toString())); throw
- * new ELdapException( LdapResources.GET_CERT_SUBJECT_DN_FAILED, e); }
- * catch (CertificateEncodingException e) { log(ILogger.LL_FAILURE,
- * CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString())); throw
- * new ELdapException( LdapResources.GET_DER_ENCODED_CERT_FAILED, e); }
+ catch (IOException e) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_CANT_GET_SUBJECT", e.toString()));
+ throw new ELdapException(
+ LdapResources.GET_CERT_SUBJECT_DN_FAILED, e);
+ }
+ catch (CertificateEncodingException e) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString()));
+ throw new ELdapException(
+ LdapResources.GET_DER_ENCODED_CERT_FAILED, e);
+ }
*/
}
public String map(LDAPConnection conn, IRequest req, Object obj)
- throws ELdapException {
+ throws ELdapException {
return map(conn, obj);
}
- public Vector mapAll(LDAPConnection conn, Object obj) throws ELdapException {
+ public Vector mapAll(LDAPConnection conn, Object obj)
+ throws ELdapException {
Vector v = new Vector();
if (conn == null)
@@ -269,31 +274,28 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
try {
X509Certificate cert = (X509Certificate) obj;
subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN();
- CMS.debug("LdapCertSubjMap: cert subject dn:"
- + subjectDN.toString());
+ CMS.debug("LdapCertSubjMap: cert subject dn:" + subjectDN.toString());
} catch (ClassCastException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT"));
return v;
}
try {
boolean hasCert = false;
boolean hasSubjectName = false;
- String[] attrs = new String[] { LDAPv3.NO_ATTRS };
+ String[] attrs = new String[] { LDAPv3.NO_ATTRS };
- log(ILogger.LL_INFO, "search " + mSearchBase + " ("
- + mCertSubjNameAttr + "=" + subjectDN + ") "
- + mCertSubjNameAttr);
-
- LDAPSearchResults results = conn.search(mSearchBase,
- LDAPv2.SCOPE_SUB, "(" + mCertSubjNameAttr + "=" + subjectDN
- + ")", attrs, false);
+ log(ILogger.LL_INFO, "search " + mSearchBase +
+ " (" + mCertSubjNameAttr + "=" + subjectDN + ") " + mCertSubjNameAttr);
+ LDAPSearchResults results =
+ conn.search(mSearchBase, LDAPv2.SCOPE_SUB,
+ "(" + mCertSubjNameAttr + "=" + subjectDN + ")", attrs, false);
+
while (results.hasMoreElements()) {
LDAPEntry entry = results.next();
String dn = entry.getDN();
v.addElement(dn);
- CMS.debug("LdapCertSubjMap: dn=" + dn);
+ CMS.debug("LdapCertSubjMap: dn="+dn);
}
CMS.debug("LdapCertSubjMap: Number of entries: " + v.size());
} catch (LDAPException e) {
@@ -301,16 +303,12 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
// need to intercept this because message from LDAP is
// "DSA is unavailable" which confuses with DSA PKI.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
- throw new ELdapServerDownException(CMS.getUserMessage(
- "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
- + conn.getPort()));
+ CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+ throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "PUBLISH_DN_MAP_EXCEPTION", "LDAPException",
- e.toString()));
- throw new ELdapException(CMS.getUserMessage(
- "CMS_LDAP_NO_MATCH_FOUND", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString()));
+ throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString()));
}
}
@@ -318,13 +316,13 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
}
public Vector mapAll(LDAPConnection conn, IRequest req, Object obj)
- throws ELdapException {
+ throws ELdapException {
return mapAll(conn, obj);
}
private void log(int level, String msg) {
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
- "LdapCertSubjMap: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
+ "LdapCertSubjMap: " + msg);
}
/**
@@ -346,3 +344,4 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
}
}
+
generated by cgit (git 2.34.1) at 2024-07-07 10:57:37 +0000