summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java173
1 files changed, 92 insertions, 81 deletions
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java
index f612d005b..3867a3b8c 100644
--- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java
+++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.publish.publishers;
-
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
@@ -43,13 +42,13 @@ import com.netscape.certsrv.logging.AuditFormat;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.publish.ILdapPublisher;
-
-/**
- * Interface for mapping a X509 certificate to a LDAP entry
- *
+/**
+ * Interface for mapping a X509 certificate to a LDAP entry
+ *
* @version $Revision$, $Date$
*/
-public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInfo {
+public class LdapUserCertPublisher implements ILdapPublisher,
+ IExtendedPluginInfo {
public static final String LDAP_USERCERT_ATTR = "userCertificate;binary";
protected String mCertAttr = LDAP_USERCERT_ATTR;
@@ -71,11 +70,10 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
"certAttr;string;LDAP attribute in which to store the certificate",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-ldappublish-publisher-usercertpublisher",
- IExtendedPluginInfo.HELP_TEXT +
- ";This plugin knows how to publish user certificates"
- };
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ldappublish-publisher-usercertpublisher",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";This plugin knows how to publish user certificates" };
return params;
@@ -99,8 +97,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
return mConfig;
}
- public void init(IConfigStore config)
- throws EBaseException {
+ public void init(IConfigStore config) throws EBaseException {
if (mInited)
return;
mConfig = config;
@@ -113,16 +110,16 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
}
/**
- * publish a user certificate
- * Adds the cert to the multi-valued certificate attribute as a
- * DER encoded binary blob. Does not check if cert already exists.
+ * publish a user certificate Adds the cert to the multi-valued certificate
+ * attribute as a DER encoded binary blob. Does not check if cert already
+ * exists.
*
* @param conn the LDAP connection
* @param dn dn of the entry to publish the certificate
- * @param certObj the certificate object.
+ * @param certObj the certificate object.
*/
public void publish(LDAPConnection conn, String dn, Object certObj)
- throws ELdapException {
+ throws ELdapException {
if (conn == null)
return;
@@ -130,28 +127,29 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
// see if we should create local connection
LDAPConnection altConn = null;
try {
- String host = mConfig.getString("host", null);
- String port = mConfig.getString("port", null);
- if (host != null && port != null) {
- int portVal = Integer.parseInt(port);
- int version = Integer.parseInt(mConfig.getString("version", "2"));
- String cert_nick = mConfig.getString("clientCertNickname", null);
- LDAPSSLSocketFactoryExt sslSocket = null;
- if (cert_nick != null) {
- sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick);
+ String host = mConfig.getString("host", null);
+ String port = mConfig.getString("port", null);
+ if (host != null && port != null) {
+ int portVal = Integer.parseInt(port);
+ int version = Integer.parseInt(mConfig
+ .getString("version", "2"));
+ String cert_nick = mConfig
+ .getString("clientCertNickname", null);
+ LDAPSSLSocketFactoryExt sslSocket = null;
+ if (cert_nick != null) {
+ sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick);
+ }
+ String mgr_dn = mConfig.getString("bindDN", null);
+ String mgr_pwd = mConfig.getString("bindPWD", null);
+
+ altConn = CMS.getBoundConnection(host, portVal, version,
+ sslSocket, mgr_dn, mgr_pwd);
+ conn = altConn;
}
- String mgr_dn = mConfig.getString("bindDN", null);
- String mgr_pwd = mConfig.getString("bindPWD", null);
-
- altConn = CMS.getBoundConnection(host, portVal,
- version,
- sslSocket, mgr_dn, mgr_pwd);
- conn = altConn;
- }
} catch (LDAPException e) {
- CMS.debug("Failed to create alt connection " + e);
+ CMS.debug("Failed to create alt connection " + e);
} catch (EBaseException e) {
- CMS.debug("Failed to create alt connection " + e);
+ CMS.debug("Failed to create alt connection " + e);
}
if (!(certObj instanceof X509Certificate))
@@ -169,7 +167,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
byte[] certEnc = cert.getEncoded();
// check if cert already exists.
- LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
+ LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
"(objectclass=*)", new String[] { mCertAttr }, false);
LDAPEntry entry = res.next();
@@ -178,59 +176,65 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
return;
}
- // publish
+ // publish
LDAPModification mod = null;
if (deleteCert) {
- mod = new LDAPModification(LDAPModification.REPLACE,
- new LDAPAttribute(mCertAttr, certEnc));
+ mod = new LDAPModification(LDAPModification.REPLACE,
+ new LDAPAttribute(mCertAttr, certEnc));
} else {
- mod = new LDAPModification(LDAPModification.ADD,
- new LDAPAttribute(mCertAttr, certEnc));
+ mod = new LDAPModification(LDAPModification.ADD,
+ new LDAPAttribute(mCertAttr, certEnc));
}
- conn.modify(dn, mod);
+ conn.modify(dn, mod);
// log a successful message to the "transactions" log
- mLogger.log( ILogger.EV_AUDIT,
- ILogger.S_LDAP,
- ILogger.LL_INFO,
- AuditFormat.LDAP_PUBLISHED_FORMAT,
- new Object[] { "LdapUserCertPublisher",
- cert.getSerialNumber().toString(16),
- cert.getSubjectDN() } );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_LDAP,
+ ILogger.LL_INFO,
+ AuditFormat.LDAP_PUBLISHED_FORMAT,
+ new Object[] { "LdapUserCertPublisher",
+ cert.getSerialNumber().toString(16),
+ cert.getSubjectDN() });
} catch (CertificateEncodingException e) {
- CMS.debug("LdapUserCertPublisher: error in publish: " + e.toString());
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
+ CMS.debug("LdapUserCertPublisher: error in publish: "
+ + e.toString());
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
} catch (LDAPException e) {
if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
// need to intercept this because message from LDAP is
// "DSA is unavailable" which confuses with DSA PKI.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
- throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
+ CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+ throw new ELdapServerDownException(CMS.getUserMessage(
+ "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
+ + conn.getPort()));
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "PUBLISH_PUBLISH_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString()));
}
} finally {
- if (altConn != null) {
- try {
- altConn.disconnect();
- } catch (LDAPException e) {
- // safely ignored
- }
- }
+ if (altConn != null) {
+ try {
+ altConn.disconnect();
+ } catch (LDAPException e) {
+ // safely ignored
+ }
+ }
}
return;
}
/**
- * unpublish a user certificate
- * deletes the certificate from the list of certificates.
- * does not check if certificate is already there.
+ * unpublish a user certificate deletes the certificate from the list of
+ * certificates. does not check if certificate is already there.
*/
public void unpublish(LDAPConnection conn, String dn, Object certObj)
- throws ELdapException {
+ throws ELdapException {
boolean disableUnpublish = false;
try {
@@ -239,8 +243,8 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
}
if (disableUnpublish) {
- CMS.debug("UserCertPublisher: disable unpublish");
- return;
+ CMS.debug("UserCertPublisher: disable unpublish");
+ return;
}
if (!(certObj instanceof X509Certificate))
@@ -252,7 +256,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
byte[] certEnc = cert.getEncoded();
// check if cert already deleted.
- LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
+ LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
"(objectclass=*)", new String[] { mCertAttr }, false);
LDAPEntry entry = res.next();
@@ -261,23 +265,30 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
return;
}
- LDAPModification mod = new LDAPModification(LDAPModification.DELETE,
- new LDAPAttribute(mCertAttr, certEnc));
+ LDAPModification mod = new LDAPModification(
+ LDAPModification.DELETE, new LDAPAttribute(mCertAttr,
+ certEnc));
- conn.modify(dn, mod);
+ conn.modify(dn, mod);
} catch (CertificateEncodingException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
} catch (LDAPException e) {
if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
// need to intercept this because message from LDAP is
// "DSA is unavailable" which confuses with DSA PKI.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
- throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
+ CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+ throw new ELdapServerDownException(CMS.getUserMessage(
+ "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
+ + conn.getPort()));
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR"));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_USERCERT_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR"));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_UNPUBLISH_USERCERT_ERROR", e.toString()));
}
}
return;
@@ -285,7 +296,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
private void log(int level, String msg) {
mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
- "LdapUserCertPublisher: " + msg);
+ "LdapUserCertPublisher: " + msg);
}
/**
generated by cgit (git 2.34.1) at 2024-06-28 07:50:09 +0000