summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java91
1 files changed, 45 insertions, 46 deletions
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java
index 50cfd7c5a..791b8acc9 100644
--- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java
+++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.publish.publishers;
-
import java.io.IOException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
@@ -44,12 +43,11 @@ import com.netscape.certsrv.ldap.ELdapServerDownException;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.publish.ILdapPublisher;
-
-/**
- * Interface for mapping a X509 certificate to a LDAP entry
+/**
+ * Interface for mapping a X509 certificate to a LDAP entry
* Publishes a certificate as binary and its subject name.
- * there is one subject name value for each certificate.
- *
+ * there is one subject name value for each certificate.
+ *
* @version $Revision$, $Date$
*/
public class LdapCertSubjPublisher implements ILdapPublisher {
@@ -97,19 +95,19 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
}
public void init(IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
if (mInited)
return;
mConfig = config;
- mCertAttr = mConfig.getString("certAttr",
+ mCertAttr = mConfig.getString("certAttr",
LdapUserCertPublisher.LDAP_USERCERT_ATTR);
- mSubjNameAttr = mConfig.getString("certSubjectName",
+ mSubjNameAttr = mConfig.getString("certSubjectName",
LDAP_CERTSUBJNAME_ATTR);
mInited = true;
}
/**
- * constrcutor using specified certificate attribute and
+ * constrcutor using specified certificate attribute and
* certificate subject name attribute.
*/
public LdapCertSubjPublisher(String certAttr, String subjNameAttr) {
@@ -138,15 +136,16 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
* Adds the cert to the multi-valued certificate attribute as a
* DER encoded binary blob. Does not check if cert already exists.
* Then adds the subject name of the cert to the subject name attribute.
+ *
* @param conn the LDAP connection
* @param dn dn of the entry to publish the certificate
- * @param certObj the certificate object.
- * @exception ELdapException if cert or subject name already exists,
- * if cert encoding fails, if getting cert subject name fails.
- * Use ELdapException.getException() to find underlying exception.
+ * @param certObj the certificate object.
+ * @exception ELdapException if cert or subject name already exists,
+ * if cert encoding fails, if getting cert subject name fails.
+ * Use ELdapException.getException() to find underlying exception.
*/
public void publish(LDAPConnection conn, String dn, Object certObj)
- throws ELdapException {
+ throws ELdapException {
if (conn == null) {
log(ILogger.LL_INFO, "LdapCertSubjPublisher: no LDAP connection");
return;
@@ -162,9 +161,9 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
byte[] certEnc = cert.getEncoded();
String subjName = ((X500Name) cert.getSubjectDN()).toLdapDNString();
- LDAPSearchResults res =
- conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
- new String[] { mCertAttr, mSubjNameAttr }, false);
+ LDAPSearchResults res =
+ conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
+ new String[] { mCertAttr, mSubjNameAttr }, false);
LDAPEntry entry = res.next();
LDAPAttribute certs = entry.getAttribute(mCertAttr);
@@ -177,14 +176,14 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
// check if has subject name already.
if (subjnames != null) {
- hasSubjname =
+ hasSubjname =
LdapUserCertPublisher.StringValueExists(subjnames, subjName);
}
// if has both, done.
if (hasCert && hasSubjname) {
- log(ILogger.LL_INFO,
- "publish: " + subjName + " already has cert & subject name");
+ log(ILogger.LL_INFO,
+ "publish: " + subjName + " already has cert & subject name");
return;
}
@@ -193,14 +192,14 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
if (!hasCert) {
log(ILogger.LL_INFO, "publish: adding cert to " + subjName);
- modSet.add(LDAPModification.ADD,
- new LDAPAttribute(mCertAttr, certEnc));
+ modSet.add(LDAPModification.ADD,
+ new LDAPAttribute(mCertAttr, certEnc));
}
// add subject name if not already there.
if (!hasSubjname) {
log(ILogger.LL_INFO, "publish: adding " + subjName + " to " + dn);
- modSet.add(LDAPModification.ADD,
- new LDAPAttribute(mSubjNameAttr, subjName));
+ modSet.add(LDAPModification.ADD,
+ new LDAPAttribute(mSubjNameAttr, subjName));
}
conn.modify(dn, modSet);
} catch (CertificateEncodingException e) {
@@ -211,7 +210,7 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
// need to intercept this because message from LDAP is
// "DSA is unavailable" which confuses with DSA PKI.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+ CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
} else {
log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString()));
@@ -230,7 +229,7 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
* with the same subject name.
*/
public void unpublish(LDAPConnection conn, String dn, Object certObj)
- throws ELdapException {
+ throws ELdapException {
if (!(certObj instanceof X509Certificate))
throw new IllegalArgumentException("Illegal arg to publish");
@@ -242,9 +241,9 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
byte[] certEnc = cert.getEncoded();
- LDAPSearchResults res =
- conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
- new String[] { mCertAttr, mSubjNameAttr }, false);
+ LDAPSearchResults res =
+ conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
+ new String[] { mCertAttr, mSubjNameAttr }, false);
LDAPEntry entry = res.next();
LDAPAttribute certs = entry.getAttribute(mCertAttr);
@@ -266,8 +265,8 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
try {
X509CertImpl certval = new X509CertImpl(val);
// XXX use some sort of X500name equals function here.
- String subjnam =
- ((X500Name) certval.getSubjectDN()).toLdapDNString();
+ String subjnam =
+ ((X500Name) certval.getSubjectDN()).toLdapDNString();
if (subjnam.equalsIgnoreCase(subjName)) {
hasAnotherCert = true;
@@ -275,25 +274,25 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
} catch (CertificateEncodingException e) {
// ignore this certificate.
CMS.debug(
- "LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered");
+ "LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered");
} catch (CertificateException e) {
// ignore this certificate.
CMS.debug(
- "LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered");
+ "LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered");
}
}
}
// check if doesn't have subject name already.
if (subjnames != null) {
- hasSubjname =
+ hasSubjname =
LdapUserCertPublisher.StringValueExists(subjnames, subjName);
}
// if doesn't have both, done.
if (!hasCert && !hasSubjname) {
- log(ILogger.LL_INFO,
- "unpublish: " + subjName + " already has not cert & subjname");
+ log(ILogger.LL_INFO,
+ "unpublish: " + subjName + " already has not cert & subjname");
return;
}
@@ -301,19 +300,19 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
LDAPModificationSet modSet = new LDAPModificationSet();
if (hasCert) {
- log(ILogger.LL_INFO,
- "unpublish: deleting cert " + subjName + " from " + dn);
+ log(ILogger.LL_INFO,
+ "unpublish: deleting cert " + subjName + " from " + dn);
modSet.add(LDAPModification.DELETE,
- new LDAPAttribute(mCertAttr, certEnc));
+ new LDAPAttribute(mCertAttr, certEnc));
}
// delete subject name if no other cert has the same name.
if (hasSubjname && !hasAnotherCert) {
- log(ILogger.LL_INFO,
- "unpublish: deleting subject name " + subjName + " from " + dn);
+ log(ILogger.LL_INFO,
+ "unpublish: deleting subject name " + subjName + " from " + dn);
modSet.add(LDAPModification.DELETE,
- new LDAPAttribute(mSubjNameAttr, subjName));
+ new LDAPAttribute(mSubjNameAttr, subjName));
}
- conn.modify(dn, modSet);
+ conn.modify(dn, modSet);
} catch (CertificateEncodingException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
@@ -325,7 +324,7 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
// need to intercept this because message from LDAP is
// "DSA is unavailable" which confuses with DSA PKI.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+ CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
} else {
log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
@@ -337,7 +336,7 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
private void log(int level, String msg) {
mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
- "LdapCertSubjPublisher: " + msg);
+ "LdapCertSubjPublisher: " + msg);
}
}
generated by cgit (git 2.34.1) at 2024-07-06 04:38:02 +0000