diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java | 185 |
1 files changed, 92 insertions, 93 deletions
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java index b4ce10bc3..017441df0 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; + import java.security.cert.X509Certificate; import java.util.Locale; import java.util.Vector; @@ -40,10 +41,11 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; -/** - * Maps a X509 certificate to a LDAP entry by finding an LDAP entry which has an - * attribute whose contents are equal to the cert subject name. - * + +/** + * Maps a X509 certificate to a LDAP entry by finding an LDAP entry + * which has an attribute whose contents are equal to the cert subject name. + * * @version $Revision$, $Date$ */ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { @@ -62,15 +64,13 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { /** * constructs a certificate subject name mapper with search base. - * - * @param searchBase the dn to start searching for the certificate subject - * name. + * @param searchBase the dn to start searching for the certificate + * subject name. */ public LdapCertSubjMap(String searchBase) { if (searchBase == null) throw new IllegalArgumentException( - "a null argument to constructor " - + this.getClass().getName()); + "a null argument to constructor " + this.getClass().getName()); mSearchBase = searchBase; mInited = true; } @@ -82,23 +82,23 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { * @param certSubjNameAttr attribute for certificate subject names. * @param certAttr attribute to find certificate. */ - public LdapCertSubjMap(String searchBase, String certSubjNameAttr, - String certAttr) { - if (searchBase == null || certSubjNameAttr == null || certAttr == null) + public LdapCertSubjMap(String searchBase, + String certSubjNameAttr, String certAttr) { + if (searchBase == null || + certSubjNameAttr == null || certAttr == null) throw new IllegalArgumentException( - "a null argument to constructor " - + this.getClass().getName()); + "a null argument to constructor " + this.getClass().getName()); mCertSubjNameAttr = certSubjNameAttr; mSearchBase = searchBase; mInited = true; } - public LdapCertSubjMap(String searchBase, String certSubjNameAttr, - String certAttr, boolean useAllEntries) { - if (searchBase == null || certSubjNameAttr == null || certAttr == null) + public LdapCertSubjMap(String searchBase, + String certSubjNameAttr, String certAttr, boolean useAllEntries) { + if (searchBase == null || + certSubjNameAttr == null || certAttr == null) throw new IllegalArgumentException( - "a null argument to constructor " - + this.getClass().getName()); + "a null argument to constructor " + this.getClass().getName()); mCertSubjNameAttr = certSubjNameAttr; mSearchBase = searchBase; mUseAllEntries = useAllEntries; @@ -127,15 +127,16 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { "certSubjNameAttr;string;Name of Ldap attribute containing cert subject name", "searchBase;string;Base DN to search from", "useAllEntries;boolean;Use all entries for publishing", - IExtendedPluginInfo.HELP_TOKEN - + ";configuration-ldappublish-mapper-certsubjmapper", - IExtendedPluginInfo.HELP_TEXT - + ";This plugin assumes you want to publish to an LDAP entry which has " - + "an attribute whose contents are equal to the cert subject name" }; + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ldappublish-mapper-certsubjmapper", + IExtendedPluginInfo.HELP_TEXT + + ";This plugin assumes you want to publish to an LDAP entry which has " + + "an attribute whose contents are equal to the cert subject name" + }; return params; } - + public Vector getInstanceParams() { Vector v = new Vector(); @@ -157,25 +158,28 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { return mConfig; } - public void init(IConfigStore config) throws EBaseException { + public void init(IConfigStore config) + throws EBaseException { if (mInited == true) return; mConfig = config; mCertSubjNameAttr = config.getString("certSubjNameAttr", - LDAP_CERTSUBJNAME_ATTR); + LDAP_CERTSUBJNAME_ATTR); mSearchBase = config.getString("searchBase"); mUseAllEntries = config.getBoolean("useAllEntries", false); mInited = true; } /** - * Finds the entry for the certificate by looking for the cert subject name - * in the subject name attribute. + * Finds the entry for the certificate by looking for the cert + * subject name in the subject name attribute. * * @param conn - the LDAP connection. * @param obj - the X509Certificate. - */ - public String map(LDAPConnection conn, Object obj) throws ELdapException { + */ + public String + map(LDAPConnection conn, Object obj) + throws ELdapException { if (conn == null) return null; X500Name subjectDN = null; @@ -183,43 +187,41 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { try { X509Certificate cert = (X509Certificate) obj; - subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN(); + subjectDN = + (X500Name) ((X509Certificate) cert).getSubjectDN(); - CMS.debug("LdapCertSubjMap: cert subject dn:" - + subjectDN.toString()); + CMS.debug("LdapCertSubjMap: cert subject dn:" + subjectDN.toString()); } catch (ClassCastException e) { try { X509CRLImpl crl = (X509CRLImpl) obj; - subjectDN = (X500Name) ((X509CRLImpl) crl).getIssuerDN(); + subjectDN = + (X500Name) ((X509CRLImpl) crl).getIssuerDN(); - CMS.debug("LdapCertSubjMap: crl issuer dn: " - + subjectDN.toString()); - } catch (ClassCastException ex) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT")); + CMS.debug("LdapCertSubjMap: crl issuer dn: " + + subjectDN.toString()); + }catch (ClassCastException ex) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT")); return null; } } try { boolean hasCert = false; boolean hasSubjectName = false; - String[] attrs = new String[] { LDAPv3.NO_ATTRS }; - - log(ILogger.LL_INFO, "search " + mSearchBase + " (" - + mCertSubjNameAttr + "=" + subjectDN + ") " - + mCertSubjNameAttr); + String[] attrs = new String[] { LDAPv3.NO_ATTRS }; - LDAPSearchResults results = conn.search(mSearchBase, - LDAPv2.SCOPE_SUB, "(" + mCertSubjNameAttr + "=" + subjectDN - + ")", attrs, false); + log(ILogger.LL_INFO, "search " + mSearchBase + + " (" + mCertSubjNameAttr + "=" + subjectDN + ") " + mCertSubjNameAttr); + LDAPSearchResults results = + conn.search(mSearchBase, LDAPv2.SCOPE_SUB, + "(" + mCertSubjNameAttr + "=" + subjectDN + ")", attrs, false); + LDAPEntry entry = results.next(); if (results.hasMoreElements()) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", - subjectDN.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", subjectDN.toString())); } if (entry != null) { log(ILogger.LL_INFO, "entry found"); @@ -231,35 +233,38 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage( - "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" - + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "PUBLISH_DN_MAP_EXCEPTION", "LDAPException", - e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_NO_MATCH_FOUND", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); } } /* - * catch (IOException e) { log(ILogger.LL_FAILURE, - * CMS.getLogMessage("PUBLISH_CANT_GET_SUBJECT", e.toString())); throw - * new ELdapException( LdapResources.GET_CERT_SUBJECT_DN_FAILED, e); } - * catch (CertificateEncodingException e) { log(ILogger.LL_FAILURE, - * CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString())); throw - * new ELdapException( LdapResources.GET_DER_ENCODED_CERT_FAILED, e); } + catch (IOException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_CANT_GET_SUBJECT", e.toString())); + throw new ELdapException( + LdapResources.GET_CERT_SUBJECT_DN_FAILED, e); + } + catch (CertificateEncodingException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString())); + throw new ELdapException( + LdapResources.GET_DER_ENCODED_CERT_FAILED, e); + } */ } public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { return map(conn, obj); } - public Vector mapAll(LDAPConnection conn, Object obj) throws ELdapException { + public Vector mapAll(LDAPConnection conn, Object obj) + throws ELdapException { Vector v = new Vector(); if (conn == null) @@ -269,31 +274,28 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { try { X509Certificate cert = (X509Certificate) obj; subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN(); - CMS.debug("LdapCertSubjMap: cert subject dn:" - + subjectDN.toString()); + CMS.debug("LdapCertSubjMap: cert subject dn:" + subjectDN.toString()); } catch (ClassCastException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT")); return v; } try { boolean hasCert = false; boolean hasSubjectName = false; - String[] attrs = new String[] { LDAPv3.NO_ATTRS }; + String[] attrs = new String[] { LDAPv3.NO_ATTRS }; - log(ILogger.LL_INFO, "search " + mSearchBase + " (" - + mCertSubjNameAttr + "=" + subjectDN + ") " - + mCertSubjNameAttr); - - LDAPSearchResults results = conn.search(mSearchBase, - LDAPv2.SCOPE_SUB, "(" + mCertSubjNameAttr + "=" + subjectDN - + ")", attrs, false); + log(ILogger.LL_INFO, "search " + mSearchBase + + " (" + mCertSubjNameAttr + "=" + subjectDN + ") " + mCertSubjNameAttr); + LDAPSearchResults results = + conn.search(mSearchBase, LDAPv2.SCOPE_SUB, + "(" + mCertSubjNameAttr + "=" + subjectDN + ")", attrs, false); + while (results.hasMoreElements()) { LDAPEntry entry = results.next(); String dn = entry.getDN(); v.addElement(dn); - CMS.debug("LdapCertSubjMap: dn=" + dn); + CMS.debug("LdapCertSubjMap: dn="+dn); } CMS.debug("LdapCertSubjMap: Number of entries: " + v.size()); } catch (LDAPException e) { @@ -301,16 +303,12 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage( - "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" - + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "PUBLISH_DN_MAP_EXCEPTION", "LDAPException", - e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_NO_MATCH_FOUND", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); } } @@ -318,13 +316,13 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { } public Vector mapAll(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { return mapAll(conn, obj); } private void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCertSubjMap: " + msg); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, + "LdapCertSubjMap: " + msg); } /** @@ -346,3 +344,4 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { } } + |