summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java129
1 files changed, 63 insertions, 66 deletions
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java
index 22dc1294f..07b62e900 100644
--- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java
+++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.publish.publishers;
-
import java.security.cert.CRLException;
import java.security.cert.X509CRL;
import java.util.Locale;
@@ -42,9 +41,8 @@ import com.netscape.certsrv.ldap.ELdapServerDownException;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.publish.ILdapPublisher;
-
/**
- * For publishing master or global CRL.
+ * For publishing master or global CRL.
* Publishes (replaces) the CRL in the CA's LDAP entry.
*
* @version $Revision$, $Date$
@@ -82,14 +80,14 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
String[] params = {
"crlAttr;string;Name of Ldap attribute in which to store the CRL",
"crlObjectClass;string;The name of the objectclasses which should be " +
- "added to this entry, if they do not already exist. This can be a comma-" +
- "separated list such as 'certificationAuthority,certificationAuthority-V2' " +
- "(if using RFC 2256) or 'pkiCA, deltaCRL' (if using RFC 4523)",
+ "added to this entry, if they do not already exist. This can be a comma-" +
+ "separated list such as 'certificationAuthority,certificationAuthority-V2' " +
+ "(if using RFC 2256) or 'pkiCA, deltaCRL' (if using RFC 4523)",
IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-ldappublish-publisher-crlpublisher",
+ ";configuration-ldappublish-publisher-crlpublisher",
IExtendedPluginInfo.HELP_TEXT +
- ";This plugin knows how to publish CRL's to " +
- "'certificateAuthority' and 'pkiCA' -type entries"
+ ";This plugin knows how to publish CRL's to " +
+ "'certificateAuthority' and 'pkiCA' -type entries"
};
return params;
@@ -115,14 +113,14 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
return mConfig;
}
- public void init(IConfigStore config)
- throws EBaseException {
+ public void init(IConfigStore config)
+ throws EBaseException {
if (mInited)
return;
mConfig = config;
mCrlAttr = mConfig.getString("crlAttr", LDAP_CRL_ATTR);
mCrlObjectClass = mConfig.getString("crlObjectClass",
- LDAP_CRL_OBJECTCLASS);
+ LDAP_CRL_OBJECTCLASS);
mObjAdded = mConfig.getString("crlObjectClassAdded", "");
mObjDeleted = mConfig.getString("crlObjectClassDeleted", "");
@@ -146,7 +144,7 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
* CRL's are published as a DER encoded blob.
*/
public void publish(LDAPConnection conn, String dn, Object crlObj)
- throws ELdapException {
+ throws ELdapException {
if (conn == null) {
log(ILogger.LL_INFO, "publish CRL: no LDAP connection");
return;
@@ -162,28 +160,28 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
// see if we should create local connection
LDAPConnection altConn = null;
try {
- String host = mConfig.getString("host", null);
- String port = mConfig.getString("port", null);
- if (host != null && port != null) {
- int portVal = Integer.parseInt(port);
- int version = Integer.parseInt(mConfig.getString("version", "2"));
- String cert_nick = mConfig.getString("clientCertNickname", null);
- LDAPSSLSocketFactoryExt sslSocket = null;
- if (cert_nick != null) {
- sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick);
+ String host = mConfig.getString("host", null);
+ String port = mConfig.getString("port", null);
+ if (host != null && port != null) {
+ int portVal = Integer.parseInt(port);
+ int version = Integer.parseInt(mConfig.getString("version", "2"));
+ String cert_nick = mConfig.getString("clientCertNickname", null);
+ LDAPSSLSocketFactoryExt sslSocket = null;
+ if (cert_nick != null) {
+ sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick);
+ }
+ String mgr_dn = mConfig.getString("bindDN", null);
+ String mgr_pwd = mConfig.getString("bindPWD", null);
+
+ altConn = CMS.getBoundConnection(host, portVal,
+ version,
+ sslSocket, mgr_dn, mgr_pwd);
+ conn = altConn;
}
- String mgr_dn = mConfig.getString("bindDN", null);
- String mgr_pwd = mConfig.getString("bindPWD", null);
-
- altConn = CMS.getBoundConnection(host, portVal,
- version,
- sslSocket, mgr_dn, mgr_pwd);
- conn = altConn;
- }
} catch (LDAPException e) {
- CMS.debug("Failed to create alt connection " + e);
+ CMS.debug("Failed to create alt connection " + e);
} catch (EBaseException e) {
- CMS.debug("Failed to create alt connection " + e);
+ CMS.debug("Failed to create alt connection " + e);
}
try {
@@ -194,10 +192,10 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
LDAPSearchResults res = null;
if (mCrlAttr.equals(LDAP_CRL_ATTR)) {
res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
- new String[] { LDAP_CACERT_ATTR, LDAP_ARL_ATTR }, true);
+ new String[] { LDAP_CACERT_ATTR, LDAP_ARL_ATTR }, true);
} else {
res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
- new String[] { LDAP_CRL_ATTR, LDAP_CACERT_ATTR, LDAP_ARL_ATTR }, true);
+ new String[] { LDAP_CRL_ATTR, LDAP_CACERT_ATTR, LDAP_ARL_ATTR }, true);
}
LDAPEntry entry = res.next();
@@ -216,26 +214,26 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
String[] oclist = mCrlObjectClass.split(",");
boolean attrsAdded = false;
- for (int i=0; i < oclist.length; i++) {
+ for (int i = 0; i < oclist.length; i++) {
String oc = oclist[i].trim();
boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, oc);
if (!hasoc) {
log(ILogger.LL_INFO, "adding CRL objectclass " + oc + " to " + dn);
modSet.add(LDAPModification.ADD,
- new LDAPAttribute("objectclass", oc));
+ new LDAPAttribute("objectclass", oc));
if ((!attrsAdded) && oc.equalsIgnoreCase("certificationAuthority")) {
// add MUST attributes
if (arls == null)
modSet.add(LDAPModification.ADD,
- new LDAPAttribute(LDAP_ARL_ATTR, ""));
+ new LDAPAttribute(LDAP_ARL_ATTR, ""));
if (certs == null)
modSet.add(LDAPModification.ADD,
- new LDAPAttribute(LDAP_CACERT_ATTR, ""));
+ new LDAPAttribute(LDAP_CACERT_ATTR, ""));
- if ((crls == null) && (!mCrlAttr.equals(LDAP_CRL_ATTR)))
+ if ((crls == null) && (!mCrlAttr.equals(LDAP_CRL_ATTR)))
modSet.add(LDAPModification.ADD,
- new LDAPAttribute(LDAP_CRL_ATTR, ""));
+ new LDAPAttribute(LDAP_CRL_ATTR, ""));
attrsAdded = true;
}
}
@@ -246,11 +244,11 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
// delete objectclasses that have been deleted from config
String[] delList = mObjDeleted.split(",");
if (delList.length > 0) {
- for (int i=0; i< delList.length; i++) {
+ for (int i = 0; i < delList.length; i++) {
String deloc = delList[i].trim();
boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, deloc);
boolean match = false;
- for (int j=0; j< oclist.length; j++) {
+ for (int j = 0; j < oclist.length; j++) {
if ((oclist[j].trim()).equals(deloc)) {
match = true;
break;
@@ -275,7 +273,7 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
} catch (Exception e) {
log(ILogger.LL_INFO, "Failure in updating mObjAdded and mObjDeleted");
}
- }
+ }
conn.modify(dn, modSet);
} catch (CRLException e) {
@@ -286,31 +284,31 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
// need to intercept this because message from LDAP is
// "DSA is unavailable" which confuses with DSA PKI.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+ CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
} else {
log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString()));
throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_CRL_ERROR", e.toString()));
}
} finally {
- if (altConn != null) {
- try {
- altConn.disconnect();
- } catch (LDAPException e) {
- // safely ignored
- }
- }
+ if (altConn != null) {
+ try {
+ altConn.disconnect();
+ } catch (LDAPException e) {
+ // safely ignored
+ }
+ }
}
}
/**
- * There shouldn't be a need to call this.
- * CRLs are always replaced but this is implemented anyway in case
+ * There shouldn't be a need to call this.
+ * CRLs are always replaced but this is implemented anyway in case
* there is ever a reason to remove a global CRL.
*/
public void unpublish(LDAPConnection conn, String dn, Object crlObj)
- throws ELdapException {
+ throws ELdapException {
try {
byte[] crlEnc = ((X509CRL) crlObj).getEncoded();
@@ -320,7 +318,6 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
} catch (EBaseException e) {
}
-
LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
"(objectclass=*)", new String[] { mCrlAttr, "objectclass" }, false);
LDAPEntry e = res.next();
@@ -330,21 +327,21 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
LDAPModificationSet modSet = new LDAPModificationSet();
boolean hasOC = false;
- boolean hasCRL =
- LdapUserCertPublisher.ByteValueExists(crls, crlEnc);
+ boolean hasCRL =
+ LdapUserCertPublisher.ByteValueExists(crls, crlEnc);
if (hasCRL) {
- modSet.add(LDAPModification.DELETE,
- new LDAPAttribute(mCrlAttr, crlEnc));
+ modSet.add(LDAPModification.DELETE,
+ new LDAPAttribute(mCrlAttr, crlEnc));
}
-
+
String[] oclist = mCrlObjectClass.split(",");
- for (int i=0; i < oclist.length; i++) {
+ for (int i = 0; i < oclist.length; i++) {
String oc = oclist[i].trim();
if (LdapUserCertPublisher.StringValueExists(ocs, oc)) {
log(ILogger.LL_INFO, "unpublish: deleting CRL object class " + oc + " from " + dn);
- modSet.add(LDAPModification.DELETE,
- new LDAPAttribute("objectClass", oc));
+ modSet.add(LDAPModification.DELETE,
+ new LDAPAttribute("objectClass", oc));
hasOC = true;
}
}
@@ -353,7 +350,7 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
conn.modify(dn, modSet);
} else {
log(ILogger.LL_INFO,
- "unpublish: " + dn + " already has not CRL");
+ "unpublish: " + dn + " already has not CRL");
}
} catch (CRLException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
@@ -363,7 +360,7 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
// need to intercept this because message from LDAP is
// "DSA is unavailable" which confuses with DSA PKI.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+ CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
} else {
log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
@@ -375,6 +372,6 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
private void log(int level, String msg) {
mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
- "LdapCrlPublisher: " + msg);
+ "LdapCrlPublisher: " + msg);
}
}
generated by cgit (git 2.34.1) at 2024-07-08 19:56:31 +0000