diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/publish/publishers')
9 files changed, 883 insertions, 760 deletions
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java index f0154e446..c7ccd41e8 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; - import java.io.ByteArrayOutputStream; import java.io.File; import java.io.FileOutputStream; @@ -47,10 +46,9 @@ import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPublisher; -/** - * This publisher writes certificate and CRL into - * a directory. - * +/** + * This publisher writes certificate and CRL into a directory. + * * @version $Revision$, $Date$ */ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { @@ -74,10 +72,10 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { protected String mLinkExt = null; protected int mZipLevel = 9; - public void setIssuingPointId(String crlIssuingPointId) - { + public void setIssuingPointId(String crlIssuingPointId) { mCrlIssuingPointId = crlIssuingPointId; } + /** * Returns the implementation name. */ @@ -95,19 +93,26 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { public String[] getExtendedPluginInfo(Locale locale) { String[] params = { - PROP_DIR + ";string;Directory in which to put the files (absolute path or relative path to cert-* instance directory).", - PROP_DER + ";boolean;Store certificates or CRLs into *.der files.", - PROP_B64 + ";boolean;Store certificates or CRLs into *.b64 files.", - PROP_GMT + ";choice(LocalTime,GMT);Use local time or GMT to time stamp CRL file name with CRL's 'thisUpdate' field.", - PROP_LNK + ";boolean;Generate link to the latest binary CRL. It requires '"+PROP_DER+"' to be enabled.", - PROP_EXT + ";string;Name extension used by link to the latest CRL. Default name extension is 'der'.", + PROP_DIR + + ";string;Directory in which to put the files (absolute path or relative path to cert-* instance directory).", + PROP_DER + + ";boolean;Store certificates or CRLs into *.der files.", + PROP_B64 + + ";boolean;Store certificates or CRLs into *.b64 files.", + PROP_GMT + + ";choice(LocalTime,GMT);Use local time or GMT to time stamp CRL file name with CRL's 'thisUpdate' field.", + PROP_LNK + + ";boolean;Generate link to the latest binary CRL. It requires '" + + PROP_DER + "' to be enabled.", + PROP_EXT + + ";string;Name extension used by link to the latest CRL. Default name extension is 'der'.", PROP_ZIP + ";boolean;Generate compressed CRLs.", - PROP_LEV + ";choice(0,1,2,3,4,5,6,7,8,9);Set compression level from 0 to 9.", - IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-publisher-filepublisher", - IExtendedPluginInfo.HELP_TEXT + - ";Stores the certificates or CRLs into files. Certificate is named as cert-<serialno>.der or *.b64, and CRL is named as <IssuingPoint>-<thisUpdate-time>.der or *.b64." - }; + PROP_LEV + + ";choice(0,1,2,3,4,5,6,7,8,9);Set compression level from 0 to 9.", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ldappublish-publisher-filepublisher", + IExtendedPluginInfo.HELP_TEXT + + ";Stores the certificates or CRLs into files. Certificate is named as cert-<serialno>.der or *.b64, and CRL is named as <IssuingPoint>-<thisUpdate-time>.der or *.b64." }; return params; } @@ -139,14 +144,14 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { try { if (mTimeStamp == null || (!mTimeStamp.equals("GMT"))) mTimeStamp = "LocalTime"; - v.addElement(PROP_DIR+"=" + dir); - v.addElement(PROP_DER+"=" + mConfig.getBoolean(PROP_DER,true)); - v.addElement(PROP_B64+"=" + mConfig.getBoolean(PROP_B64,false)); - v.addElement(PROP_GMT+"=" + mTimeStamp); - v.addElement(PROP_LNK+"=" + mConfig.getBoolean(PROP_LNK,false)); - v.addElement(PROP_EXT+"=" + ext); - v.addElement(PROP_ZIP+"=" + mConfig.getBoolean(PROP_ZIP,false)); - v.addElement(PROP_LEV+"=" + mZipLevel); + v.addElement(PROP_DIR + "=" + dir); + v.addElement(PROP_DER + "=" + mConfig.getBoolean(PROP_DER, true)); + v.addElement(PROP_B64 + "=" + mConfig.getBoolean(PROP_B64, false)); + v.addElement(PROP_GMT + "=" + mTimeStamp); + v.addElement(PROP_LNK + "=" + mConfig.getBoolean(PROP_LNK, false)); + v.addElement(PROP_EXT + "=" + ext); + v.addElement(PROP_ZIP + "=" + mConfig.getBoolean(PROP_ZIP, false)); + v.addElement(PROP_LEV + "=" + mZipLevel); } catch (Exception e) { } return v; @@ -158,14 +163,14 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { public Vector<String> getDefaultParams() { Vector<String> v = new Vector<String>(); - v.addElement(PROP_DIR+"="); - v.addElement(PROP_DER+"=true"); - v.addElement(PROP_B64+"=false"); - v.addElement(PROP_GMT+"=LocalTime"); - v.addElement(PROP_LNK+"=false"); - v.addElement(PROP_EXT+"="); - v.addElement(PROP_ZIP+"=false"); - v.addElement(PROP_LEV+"=9"); + v.addElement(PROP_DIR + "="); + v.addElement(PROP_DER + "=true"); + v.addElement(PROP_B64 + "=false"); + v.addElement(PROP_GMT + "=LocalTime"); + v.addElement(PROP_LNK + "=false"); + v.addElement(PROP_EXT + "="); + v.addElement(PROP_ZIP + "=false"); + v.addElement(PROP_LEV + "=9"); return v; } @@ -193,7 +198,7 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { } // convert to forward slash - dir = dir.replace('\\', '/'); + dir = dir.replace('\\', '/'); config.putString(PROP_DIR, dir); File dirCheck = new File(dir); @@ -209,8 +214,7 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { } catch (Exception e) { throw new RuntimeException("Invalid Instance Dir " + e); } - dirCheck = new File(mInstanceRoot + - File.separator + dir); + dirCheck = new File(mInstanceRoot + File.separator + dir); if (dirCheck.isDirectory()) { mDir = mInstanceRoot + File.separator + dir; } else { @@ -224,18 +228,20 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { } private String[] getCrlNamePrefix(X509CRL crl, boolean useGMT) { - String[] namePrefix = {"crl", "crl"}; + String[] namePrefix = { "crl", "crl" }; if (mCrlIssuingPointId != null && mCrlIssuingPointId.length() != 0) { namePrefix[0] = mCrlIssuingPointId; namePrefix[1] = mCrlIssuingPointId; } - java.text.SimpleDateFormat format = new java.text.SimpleDateFormat("yyyyMMdd-HHmmss"); + java.text.SimpleDateFormat format = new java.text.SimpleDateFormat( + "yyyyMMdd-HHmmss"); TimeZone tz = TimeZone.getTimeZone("GMT"); - if (useGMT) format.setTimeZone(tz); + if (useGMT) + format.setTimeZone(tz); String timeStamp = format.format(crl.getThisUpdate()).toString(); namePrefix[0] += "-" + timeStamp; - if (((netscape.security.x509.X509CRLImpl)crl).isDeltaCRL()) { + if (((netscape.security.x509.X509CRLImpl) crl).isDeltaCRL()) { namePrefix[0] += "-delta"; namePrefix[1] += "-delta"; } @@ -243,65 +249,60 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { return namePrefix; } - private void createLink(String linkName, String fileName) { + private void createLink(String linkName, String fileName) { String cmd = "ln -s " + fileName + " " + linkName + ".new"; if (com.netscape.cmsutil.util.Utils.exec(cmd)) { File oldLink = new File(linkName + ".old"); - if (oldLink.exists()) { // remove old link if exists + if (oldLink.exists()) { // remove old link if exists oldLink.delete(); } File link = new File(linkName); - if (link.exists()) { // current link becomes an old link + if (link.exists()) { // current link becomes an old link link.renameTo(new File(linkName + ".old")); } File newLink = new File(linkName + ".new"); - if (newLink.exists()) { // new link becomes current link + if (newLink.exists()) { // new link becomes current link newLink.renameTo(new File(linkName)); } oldLink = new File(linkName + ".old"); - if (oldLink.exists()) { // remove a new old link + if (oldLink.exists()) { // remove a new old link oldLink.delete(); } } else { - CMS.debug("FileBasedPublisher: createLink: '" + cmd + "' --- failed"); + CMS.debug("FileBasedPublisher: createLink: '" + cmd + + "' --- failed"); } } /** * Publishs a object to the ldap directory. * - * @param conn a Ldap connection - * (null if LDAP publishing is not enabled) - * @param dn dn of the ldap entry to publish cert - * (null if LDAP publishing is not enabled) - * @param object object to publish - * (java.security.cert.X509Certificate or, - * java.security.cert.X509CRL) + * @param conn a Ldap connection (null if LDAP publishing is not enabled) + * @param dn dn of the ldap entry to publish cert (null if LDAP publishing + * is not enabled) + * @param object object to publish (java.security.cert.X509Certificate or, + * java.security.cert.X509CRL) */ public void publish(LDAPConnection conn, String dn, Object object) - throws ELdapException { + throws ELdapException { CMS.debug("FileBasedPublisher: publish"); try { if (object instanceof X509Certificate) { X509Certificate cert = (X509Certificate) object; BigInteger sno = cert.getSerialNumber(); - String name = mDir + - File.separator + "cert-" + - sno.toString(); - if (mDerAttr) - { + String name = mDir + File.separator + "cert-" + sno.toString(); + if (mDerAttr) { String fileName = name + ".der"; FileOutputStream fos = new FileOutputStream(fileName); fos.write(cert.getEncoded()); fos.close(); } - if (mB64Attr) - { + if (mB64Attr) { String fileName = name + ".b64"; FileOutputStream fos = new FileOutputStream(fileName); ByteArrayOutputStream output = new ByteArrayOutputStream(); - Base64OutputStream b64 = - new Base64OutputStream(new PrintStream(new FilterOutputStream(output))); + Base64OutputStream b64 = new Base64OutputStream( + new PrintStream(new FilterOutputStream(output))); b64.write(cert.getEncoded()); b64.flush(); (new PrintStream(fos)).print(output.toString("8859_1")); @@ -309,12 +310,13 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { } } else if (object instanceof X509CRL) { X509CRL crl = (X509CRL) object; - String[] namePrefix = getCrlNamePrefix(crl, mTimeStamp.equals("GMT")); + String[] namePrefix = getCrlNamePrefix(crl, + mTimeStamp.equals("GMT")); String baseName = mDir + File.separator + namePrefix[0]; String tempFile = baseName + ".temp"; FileOutputStream fos; ZipOutputStream zos; - byte [] encodedArray = null; + byte[] encodedArray = null; File destFile = null; String destName = null; File renameFile = null; @@ -325,16 +327,17 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { fos.write(encodedArray); fos.close(); if (mZipCRL) { - zos = new ZipOutputStream(new FileOutputStream(baseName+".zip")); + zos = new ZipOutputStream(new FileOutputStream(baseName + + ".zip")); zos.setLevel(mZipLevel); - zos.putNextEntry(new ZipEntry(baseName+".der")); + zos.putNextEntry(new ZipEntry(baseName + ".der")); zos.write(encodedArray, 0, encodedArray.length); zos.closeEntry(); zos.close(); } destName = baseName + ".der"; destFile = new File(destName); - + if (destFile.exists()) destFile.delete(); renameFile = new File(tempFile); @@ -347,59 +350,71 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { } else { linkExt += "der"; } - String linkName = mDir + File.separator + namePrefix[1] + linkExt; - createLink(linkName, destName); + String linkName = mDir + File.separator + namePrefix[1] + + linkExt; + createLink(linkName, destName); if (mZipCRL) { - linkName = mDir + File.separator + namePrefix[1] + ".zip"; - createLink(linkName, baseName+".zip"); + linkName = mDir + File.separator + namePrefix[1] + + ".zip"; + createLink(linkName, baseName + ".zip"); } } } - + // output base64 file - if(mB64Attr==true) - { - if (encodedArray ==null) - encodedArray = crl.getEncoded(); - - ByteArrayOutputStream os = new ByteArrayOutputStream(); - - fos = new FileOutputStream(tempFile); - fos.write(com.netscape.osutil.OSUtil.BtoA(encodedArray).getBytes()); - fos.close(); - destName = baseName + ".b64"; - destFile = new File(destName); - - if(destFile.exists()) - destFile.delete(); - renameFile = new File(tempFile); - renameFile.renameTo(destFile); - } + if (mB64Attr == true) { + if (encodedArray == null) + encodedArray = crl.getEncoded(); + + ByteArrayOutputStream os = new ByteArrayOutputStream(); + + fos = new FileOutputStream(tempFile); + fos.write(com.netscape.osutil.OSUtil.BtoA(encodedArray) + .getBytes()); + fos.close(); + destName = baseName + ".b64"; + destFile = new File(destName); + + if (destFile.exists()) + destFile.delete(); + renameFile = new File(tempFile); + renameFile.renameTo(destFile); + } } } catch (IOException e) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString())); + mLogger.log( + ILogger.EV_SYSTEM, + ILogger.S_OTHER, + ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", + e.toString())); } catch (CertificateEncodingException e) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString())); + mLogger.log( + ILogger.EV_SYSTEM, + ILogger.S_OTHER, + ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", + e.toString())); } catch (CRLException e) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString())); + mLogger.log( + ILogger.EV_SYSTEM, + ILogger.S_OTHER, + ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", + e.toString())); } } /** * Unpublishs a object to the ldap directory. - * - * @param conn the Ldap connection - * (null if LDAP publishing is not enabled) - * @param dn dn of the ldap entry to unpublish cert - * (null if LDAP publishing is not enabled) - * @param object object to unpublish - * (java.security.cert.X509Certificate) + * + * @param conn the Ldap connection (null if LDAP publishing is not enabled) + * @param dn dn of the ldap entry to unpublish cert (null if LDAP publishing + * is not enabled) + * @param object object to unpublish (java.security.cert.X509Certificate) */ public void unpublish(LDAPConnection conn, String dn, Object object) - throws ELdapException { + throws ELdapException { CMS.debug("FileBasedPublisher: unpublish"); String name = mDir + File.separator; String fileName; @@ -410,7 +425,8 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { name += "cert-" + sno.toString(); } else if (object instanceof X509CRL) { X509CRL crl = (X509CRL) object; - String[] namePrefix = getCrlNamePrefix(crl, mTimeStamp.equals("GMT")); + String[] namePrefix = getCrlNamePrefix(crl, + mTimeStamp.equals("GMT")); name += namePrefix[0]; fileName = name + ".zip"; @@ -425,13 +441,15 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { f = new File(fileName); f.delete(); } - /** + + /** * returns the Der attribute where it'll be published. */ public boolean getDerAttr() { return mDerAttr; } - /** + + /** * returns the B64 attribute where it'll be published. */ public boolean getB64Attr() { diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java index 4727a6907..121636afb 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; - import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.Locale; @@ -42,14 +41,12 @@ import com.netscape.certsrv.ldap.ELdapServerDownException; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPublisher; - -/** - * Interface for publishing a CA certificate to - * +/** + * Interface for publishing a CA certificate to + * * @version $Revision$, $Date$ */ -public class LdapCaCertPublisher - implements ILdapPublisher, IExtendedPluginInfo { +public class LdapCaCertPublisher implements ILdapPublisher, IExtendedPluginInfo { public static final String LDAP_CACERT_ATTR = "caCertificate;binary"; public static final String LDAP_CA_OBJECTCLASS = "pkiCA"; public static final String LDAP_ARL_ATTR = "authorityRevocationList;binary"; @@ -64,7 +61,6 @@ public class LdapCaCertPublisher private boolean mInited = false; protected IConfigStore mConfig = null; private String mcrlIssuingPointId; - /** * constructor constructs default values. @@ -75,15 +71,14 @@ public class LdapCaCertPublisher public String[] getExtendedPluginInfo(Locale locale) { String s[] = { "caCertAttr;string;Name of Ldap attribute in which to store certificate", - "caObjectClass;string;The name of the objectclasses which should be " + - "added to this entry, if they do not already exist. This can be " + - "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)", - IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-publisher-cacertpublisher", - IExtendedPluginInfo.HELP_TEXT + - ";This plugin knows how to publish the CA cert to " + - "'certificateAuthority' and 'pkiCA' -type entries" - }; + "caObjectClass;string;The name of the objectclasses which should be " + + "added to this entry, if they do not already exist. This can be " + + "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ldappublish-publisher-cacertpublisher", + IExtendedPluginInfo.HELP_TEXT + + ";This plugin knows how to publish the CA cert to " + + "'certificateAuthority' and 'pkiCA' -type entries" }; return s; } @@ -116,14 +111,13 @@ public class LdapCaCertPublisher return mConfig; } - public void init(IConfigStore config) - throws EBaseException { - if (mInited) + public void init(IConfigStore config) throws EBaseException { + if (mInited) return; mConfig = config; mCaCertAttr = mConfig.getString("caCertAttr", LDAP_CACERT_ATTR); - mCaObjectclass = mConfig.getString("caObjectClass", - LDAP_CA_OBJECTCLASS); + mCaObjectclass = mConfig + .getString("caObjectClass", LDAP_CA_OBJECTCLASS); mObjAdded = mConfig.getString("caObjectClassAdded", ""); mObjDeleted = mConfig.getString("caObjectClassDeleted", ""); mInited = true; @@ -151,16 +145,16 @@ public class LdapCaCertPublisher } /** - * publish a CA certificate - * Adds the cert to the multi-valued certificate attribute as a - * DER encoded binary blob. Does not check if cert already exists. - * Converts the class to certificateAuthority. + * publish a CA certificate Adds the cert to the multi-valued certificate + * attribute as a DER encoded binary blob. Does not check if cert already + * exists. Converts the class to certificateAuthority. + * * @param conn the LDAP connection * @param dn dn of the entry to publish the certificate - * @param certObj the certificate object. + * @param certObj the certificate object. */ public void publish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { if (conn == null) { log(ILogger.LL_INFO, "LdapCaCertPublisher: no LDAP connection"); return; @@ -168,7 +162,8 @@ public class LdapCaCertPublisher try { mCaCertAttr = mConfig.getString("caCertAttr", LDAP_CACERT_ATTR); - mCaObjectclass = mConfig.getString("caObjectClass", LDAP_CA_OBJECTCLASS); + mCaObjectclass = mConfig.getString("caObjectClass", + LDAP_CA_OBJECTCLASS); } catch (EBaseException e) { } @@ -176,31 +171,31 @@ public class LdapCaCertPublisher // see if we should create local connection LDAPConnection altConn = null; try { - String host = mConfig.getString("host", null); - String port = mConfig.getString("port", null); - if (host != null && port != null) { - int portVal = Integer.parseInt(port); - int version = Integer.parseInt(mConfig.getString("version", "2")); - String cert_nick = mConfig.getString("clientCertNickname", null); - LDAPSSLSocketFactoryExt sslSocket = null; - if (cert_nick != null) { - sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick); + String host = mConfig.getString("host", null); + String port = mConfig.getString("port", null); + if (host != null && port != null) { + int portVal = Integer.parseInt(port); + int version = Integer.parseInt(mConfig + .getString("version", "2")); + String cert_nick = mConfig + .getString("clientCertNickname", null); + LDAPSSLSocketFactoryExt sslSocket = null; + if (cert_nick != null) { + sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick); + } + String mgr_dn = mConfig.getString("bindDN", null); + String mgr_pwd = mConfig.getString("bindPWD", null); + + altConn = CMS.getBoundConnection(host, portVal, version, + sslSocket, mgr_dn, mgr_pwd); + conn = altConn; } - String mgr_dn = mConfig.getString("bindDN", null); - String mgr_pwd = mConfig.getString("bindPWD", null); - - altConn = CMS.getBoundConnection(host, portVal, - version, - sslSocket, mgr_dn, mgr_pwd); - conn = altConn; - } } catch (LDAPException e) { - CMS.debug("Failed to create alt connection " + e); + CMS.debug("Failed to create alt connection " + e); } catch (EBaseException e) { - CMS.debug("Failed to create alt connection " + e); + CMS.debug("Failed to create alt connection " + e); } - if (!(certObj instanceof X509Certificate)) throw new IllegalArgumentException("Illegal arg to publish"); @@ -210,40 +205,40 @@ public class LdapCaCertPublisher byte[] certEnc = cert.getEncoded(); /* search for attribute names to determine existence of attributes */ - LDAPSearchResults res = - conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", - new String[] { LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true); + LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, + "(objectclass=*)", new String[] { LDAP_CRL_ATTR, + LDAP_ARL_ATTR }, true); LDAPEntry entry = res.next(); LDAPAttribute arls = entry.getAttribute(LDAP_ARL_ATTR); LDAPAttribute crls = entry.getAttribute(LDAP_CRL_ATTR); /* search for objectclass and caCert values */ - LDAPSearchResults res1 = - conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", - new String[] { "objectclass", mCaCertAttr }, false); + LDAPSearchResults res1 = conn.search(dn, LDAPv2.SCOPE_BASE, + "(objectclass=*)", new String[] { "objectclass", + mCaCertAttr }, false); LDAPEntry entry1 = res1.next(); LDAPAttribute ocs = entry1.getAttribute("objectclass"); LDAPAttribute certs = entry1.getAttribute(mCaCertAttr); - boolean hasCert = - LdapUserCertPublisher.ByteValueExists(certs, certEnc); + boolean hasCert = LdapUserCertPublisher.ByteValueExists(certs, + certEnc); LDAPModificationSet modSet = new LDAPModificationSet(); if (hasCert) { log(ILogger.LL_INFO, "publish: CA " + dn + " already has Cert"); - } else { + } else { /* - fix for 360458 - if no cert, use add, if has cert but - not equal, use replace + * fix for 360458 - if no cert, use add, if has cert but not + * equal, use replace */ if (certs == null) { - modSet.add(LDAPModification.ADD, - new LDAPAttribute(mCaCertAttr, certEnc)); + modSet.add(LDAPModification.ADD, new LDAPAttribute( + mCaCertAttr, certEnc)); log(ILogger.LL_INFO, "CA cert added"); } else { - modSet.add(LDAPModification.REPLACE, - new LDAPAttribute(mCaCertAttr, certEnc)); + modSet.add(LDAPModification.REPLACE, new LDAPAttribute( + mCaCertAttr, certEnc)); log(ILogger.LL_INFO, "CA cert replaced"); } } @@ -251,22 +246,25 @@ public class LdapCaCertPublisher String[] oclist = mCaObjectclass.split(","); boolean attrsAdded = false; - for (int i=0; i < oclist.length; i++) { + for (int i = 0; i < oclist.length; i++) { String oc = oclist[i].trim(); - boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, oc); + boolean hasoc = LdapUserCertPublisher + .StringValueExists(ocs, oc); if (!hasoc) { - log(ILogger.LL_INFO, "adding CA objectclass " + oc + " to " + dn); - modSet.add(LDAPModification.ADD, - new LDAPAttribute("objectclass", oc)); + log(ILogger.LL_INFO, "adding CA objectclass " + oc + " to " + + dn); + modSet.add(LDAPModification.ADD, new LDAPAttribute( + "objectclass", oc)); - if ((!attrsAdded) && oc.equalsIgnoreCase("certificationAuthority")) { + if ((!attrsAdded) + && oc.equalsIgnoreCase("certificationAuthority")) { // add MUST attributes - if (arls == null) - modSet.add(LDAPModification.ADD, - new LDAPAttribute(LDAP_ARL_ATTR, "")); + if (arls == null) + modSet.add(LDAPModification.ADD, new LDAPAttribute( + LDAP_ARL_ATTR, "")); if (crls == null) - modSet.add(LDAPModification.ADD, - new LDAPAttribute(LDAP_CRL_ATTR, "")); + modSet.add(LDAPModification.ADD, new LDAPAttribute( + LDAP_CRL_ATTR, "")); attrsAdded = true; } } @@ -275,26 +273,28 @@ public class LdapCaCertPublisher // delete objectclasses that have been deleted from config String[] delList = mObjDeleted.split(","); if (delList.length > 0) { - for (int i=0; i< delList.length; i++) { + for (int i = 0; i < delList.length; i++) { String deloc = delList[i].trim(); - boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, deloc); + boolean hasoc = LdapUserCertPublisher.StringValueExists( + ocs, deloc); boolean match = false; - for (int j=0; j< oclist.length; j++) { + for (int j = 0; j < oclist.length; j++) { if ((oclist[j].trim()).equals(deloc)) { match = true; break; - } + } } if (!match && hasoc) { - log(ILogger.LL_INFO, "deleting CA objectclass " + deloc + " from " + dn); - modSet.add(LDAPModification.DELETE, - new LDAPAttribute("objectclass", deloc)); + log(ILogger.LL_INFO, "deleting CA objectclass " + deloc + + " from " + dn); + modSet.add(LDAPModification.DELETE, new LDAPAttribute( + "objectclass", deloc)); } } } // reset mObjAdded and mObjDeleted, if needed - if ((!mObjAdded.equals("")) || (!mObjDeleted.equals(""))) { + if ((!mObjAdded.equals("")) || (!mObjDeleted.equals(""))) { mObjAdded = ""; mObjDeleted = ""; mConfig.putString("caObjectClassAdded", ""); @@ -302,45 +302,53 @@ public class LdapCaCertPublisher try { mConfig.commit(false); } catch (Exception e) { - log(ILogger.LL_INFO, "Failure in updating mObjAdded and mObjDeleted"); + log(ILogger.LL_INFO, + "Failure in updating mObjAdded and mObjDeleted"); } } - - if (modSet.size() > 0) conn.modify(dn, modSet); + + if (modSet.size() > 0) + conn.modify(dn, modSet); } catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", dn)); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", dn)); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage( + "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_CACERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", + e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_PUBLISH_CACERT_ERROR", e.toString())); } } finally { - if (altConn != null) { - try { - altConn.disconnect(); - } catch (LDAPException e) { - // safely ignored - } - } + if (altConn != null) { + try { + altConn.disconnect(); + } catch (LDAPException e) { + // safely ignored + } + } } return; } /** - * deletes the certificate from CA's certificate attribute. - * if it's the last cert will also remove the certificateAuthority - * objectclass. + * deletes the certificate from CA's certificate attribute. if it's the last + * cert will also remove the certificateAuthority objectclass. */ public void unpublish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { if (!(certObj instanceof X509Certificate)) throw new IllegalArgumentException("Illegal arg to publish"); @@ -348,63 +356,74 @@ public class LdapCaCertPublisher try { mCaCertAttr = mConfig.getString("caCertAttr", LDAP_CACERT_ATTR); - mCaObjectclass = mConfig.getString("caObjectClass", LDAP_CA_OBJECTCLASS); + mCaObjectclass = mConfig.getString("caObjectClass", + LDAP_CA_OBJECTCLASS); } catch (EBaseException e) { } try { byte[] certEnc = cert.getEncoded(); - LDAPSearchResults res = - conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", - new String[] { mCaCertAttr, "objectclass" }, false); + LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, + "(objectclass=*)", new String[] { mCaCertAttr, + "objectclass" }, false); LDAPEntry entry = res.next(); LDAPAttribute certs = entry.getAttribute(mCaCertAttr); LDAPAttribute ocs = entry.getAttribute("objectclass"); - boolean hasCert = - LdapUserCertPublisher.ByteValueExists(certs, certEnc); + boolean hasCert = LdapUserCertPublisher.ByteValueExists(certs, + certEnc); if (!hasCert) { - log(ILogger.LL_INFO, "unpublish: " + dn + " has not cert already"); - //throw new ELdapException( - // LdapResources.ALREADY_UNPUBLISHED_1, dn); + log(ILogger.LL_INFO, "unpublish: " + dn + + " has not cert already"); + // throw new ELdapException( + // LdapResources.ALREADY_UNPUBLISHED_1, dn); return; } LDAPModificationSet modSet = new LDAPModificationSet(); - modSet.add(LDAPModification.DELETE, - new LDAPAttribute(mCaCertAttr, certEnc)); + modSet.add(LDAPModification.DELETE, new LDAPAttribute(mCaCertAttr, + certEnc)); if (certs.size() == 1) { // if last ca cert, remove oc also. - String[] oclist = mCaObjectclass.split(","); - for (int i =0 ; i < oclist.length; i++) { + String[] oclist = mCaObjectclass.split(","); + for (int i = 0; i < oclist.length; i++) { String oc = oclist[i].trim(); - boolean hasOC = LdapUserCertPublisher.StringValueExists(ocs, oc); + boolean hasOC = LdapUserCertPublisher.StringValueExists( + ocs, oc); if (hasOC) { - log(ILogger.LL_INFO, "unpublish: deleting CA oc" + oc + " from " + dn); - modSet.add(LDAPModification.DELETE, - new LDAPAttribute("objectclass", oc)); + log(ILogger.LL_INFO, "unpublish: deleting CA oc" + oc + + " from " + dn); + modSet.add(LDAPModification.DELETE, new LDAPAttribute( + "objectclass", oc)); } - } + } } - conn.modify(dn, modSet); + conn.modify(dn, modSet); } catch (CertificateEncodingException e) { - CMS.debug("LdapCaCertPublisher: unpublish: Cannot decode cert for " + dn); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); + CMS.debug("LdapCaCertPublisher: unpublish: Cannot decode cert for " + + dn); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage( + "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_CACERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", + e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_UNPUBLISH_CACERT_ERROR", e.toString())); } } return; @@ -415,7 +434,7 @@ public class LdapCaCertPublisher */ private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCaPublisher: " + msg); + "LdapCaPublisher: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java index 0c596f3b0..3ed46b195 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; - import java.io.IOException; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; @@ -44,12 +43,11 @@ import com.netscape.certsrv.ldap.ELdapServerDownException; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPublisher; - -/** - * Interface for mapping a X509 certificate to a LDAP entry - * Publishes a certificate as binary and its subject name. - * there is one subject name value for each certificate. - * +/** + * Interface for mapping a X509 certificate to a LDAP entry Publishes a + * certificate as binary and its subject name. there is one subject name value + * for each certificate. + * * @version $Revision$, $Date$ */ public class LdapCertSubjPublisher implements ILdapPublisher { @@ -96,21 +94,20 @@ public class LdapCertSubjPublisher implements ILdapPublisher { return mConfig; } - public void init(IConfigStore config) - throws EBaseException { + public void init(IConfigStore config) throws EBaseException { if (mInited) return; mConfig = config; - mCertAttr = mConfig.getString("certAttr", - LdapUserCertPublisher.LDAP_USERCERT_ATTR); - mSubjNameAttr = mConfig.getString("certSubjectName", - LDAP_CERTSUBJNAME_ATTR); + mCertAttr = mConfig.getString("certAttr", + LdapUserCertPublisher.LDAP_USERCERT_ATTR); + mSubjNameAttr = mConfig.getString("certSubjectName", + LDAP_CERTSUBJNAME_ATTR); mInited = true; } /** - * constrcutor using specified certificate attribute and - * certificate subject name attribute. + * constrcutor using specified certificate attribute and certificate subject + * name attribute. */ public LdapCertSubjPublisher(String certAttr, String subjNameAttr) { mCertAttr = certAttr; @@ -134,19 +131,21 @@ public class LdapCertSubjPublisher implements ILdapPublisher { } /** - * publish a user certificate - * Adds the cert to the multi-valued certificate attribute as a - * DER encoded binary blob. Does not check if cert already exists. - * Then adds the subject name of the cert to the subject name attribute. + * publish a user certificate Adds the cert to the multi-valued certificate + * attribute as a DER encoded binary blob. Does not check if cert already + * exists. Then adds the subject name of the cert to the subject name + * attribute. + * * @param conn the LDAP connection * @param dn dn of the entry to publish the certificate - * @param certObj the certificate object. - * @exception ELdapException if cert or subject name already exists, - * if cert encoding fails, if getting cert subject name fails. - * Use ELdapException.getException() to find underlying exception. + * @param certObj the certificate object. + * @exception ELdapException if cert or subject name already exists, if cert + * encoding fails, if getting cert subject name fails. Use + * ELdapException.getException() to find underlying + * exception. */ public void publish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { if (conn == null) { log(ILogger.LL_INFO, "LdapCertSubjPublisher: no LDAP connection"); return; @@ -162,8 +161,8 @@ public class LdapCertSubjPublisher implements ILdapPublisher { byte[] certEnc = cert.getEncoded(); String subjName = ((X500Name) cert.getSubjectDN()).toLdapDNString(); - LDAPSearchResults res = - conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", + LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, + "(objectclass=*)", new String[] { mCertAttr, mSubjNameAttr }, false); LDAPEntry entry = res.next(); @@ -177,14 +176,14 @@ public class LdapCertSubjPublisher implements ILdapPublisher { // check if has subject name already. if (subjnames != null) { - hasSubjname = - LdapUserCertPublisher.StringValueExists(subjnames, subjName); + hasSubjname = LdapUserCertPublisher.StringValueExists( + subjnames, subjName); } // if has both, done. if (hasCert && hasSubjname) { - log(ILogger.LL_INFO, - "publish: " + subjName + " already has cert & subject name"); + log(ILogger.LL_INFO, "publish: " + subjName + + " already has cert & subject name"); return; } @@ -193,44 +192,53 @@ public class LdapCertSubjPublisher implements ILdapPublisher { if (!hasCert) { log(ILogger.LL_INFO, "publish: adding cert to " + subjName); - modSet.add(LDAPModification.ADD, - new LDAPAttribute(mCertAttr, certEnc)); + modSet.add(LDAPModification.ADD, new LDAPAttribute(mCertAttr, + certEnc)); } // add subject name if not already there. if (!hasSubjname) { - log(ILogger.LL_INFO, "publish: adding " + subjName + " to " + dn); - modSet.add(LDAPModification.ADD, - new LDAPAttribute(mSubjNameAttr, subjName)); + log(ILogger.LL_INFO, "publish: adding " + subjName + " to " + + dn); + modSet.add(LDAPModification.ADD, new LDAPAttribute( + mSubjNameAttr, subjName)); } conn.modify(dn, modSet); } catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage( + "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", + e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString())); } } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString())); } } /** - * deletes the certificate from the list of certificates. - * does not check if certificate is already there. - * also takes out the subject name if no other certificate remain - * with the same subject name. + * deletes the certificate from the list of certificates. does not check if + * certificate is already there. also takes out the subject name if no other + * certificate remain with the same subject name. */ public void unpublish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { if (!(certObj instanceof X509Certificate)) throw new IllegalArgumentException("Illegal arg to publish"); @@ -242,8 +250,8 @@ public class LdapCertSubjPublisher implements ILdapPublisher { byte[] certEnc = cert.getEncoded(); - LDAPSearchResults res = - conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", + LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, + "(objectclass=*)", new String[] { mCertAttr, mSubjNameAttr }, false); LDAPEntry entry = res.next(); @@ -266,74 +274,82 @@ public class LdapCertSubjPublisher implements ILdapPublisher { try { X509CertImpl certval = new X509CertImpl(val); // XXX use some sort of X500name equals function here. - String subjnam = - ((X500Name) certval.getSubjectDN()).toLdapDNString(); + String subjnam = ((X500Name) certval.getSubjectDN()) + .toLdapDNString(); if (subjnam.equalsIgnoreCase(subjName)) { hasAnotherCert = true; } } catch (CertificateEncodingException e) { // ignore this certificate. - CMS.debug( - "LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered"); + CMS.debug("LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered"); } catch (CertificateException e) { // ignore this certificate. - CMS.debug( - "LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered"); + CMS.debug("LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered"); } } } // check if doesn't have subject name already. if (subjnames != null) { - hasSubjname = - LdapUserCertPublisher.StringValueExists(subjnames, subjName); + hasSubjname = LdapUserCertPublisher.StringValueExists( + subjnames, subjName); } // if doesn't have both, done. if (!hasCert && !hasSubjname) { - log(ILogger.LL_INFO, - "unpublish: " + subjName + " already has not cert & subjname"); + log(ILogger.LL_INFO, "unpublish: " + subjName + + " already has not cert & subjname"); return; } - // delete cert if there. + // delete cert if there. LDAPModificationSet modSet = new LDAPModificationSet(); if (hasCert) { - log(ILogger.LL_INFO, - "unpublish: deleting cert " + subjName + " from " + dn); - modSet.add(LDAPModification.DELETE, - new LDAPAttribute(mCertAttr, certEnc)); + log(ILogger.LL_INFO, "unpublish: deleting cert " + subjName + + " from " + dn); + modSet.add(LDAPModification.DELETE, new LDAPAttribute( + mCertAttr, certEnc)); } // delete subject name if no other cert has the same name. if (hasSubjname && !hasAnotherCert) { - log(ILogger.LL_INFO, - "unpublish: deleting subject name " + subjName + " from " + dn); - modSet.add(LDAPModification.DELETE, - new LDAPAttribute(mSubjNameAttr, subjName)); + log(ILogger.LL_INFO, "unpublish: deleting subject name " + + subjName + " from " + dn); + modSet.add(LDAPModification.DELETE, new LDAPAttribute( + mSubjNameAttr, subjName)); } - conn.modify(dn, modSet); + conn.modify(dn, modSet); } catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_DECODING_CERT_FAILED", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_DECODING_CERT_FAILED", e.toString())); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_LDAP_DN_STRING_FAILED", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_GET_LDAP_DN_STRING_FAILED", e.toString())); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage( + "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_USERCERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", + e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_UNPUBLISH_USERCERT_ERROR", e.toString())); } } return; @@ -341,7 +357,7 @@ public class LdapCertSubjPublisher implements ILdapPublisher { private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCertSubjPublisher: " + msg); + "LdapCertSubjPublisher: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java index e4a7e0b7c..d61f5bf62 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; - import java.util.Locale; import java.util.Vector; @@ -39,15 +38,14 @@ import com.netscape.certsrv.ldap.ELdapServerDownException; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPublisher; - -/** - * module for publishing a cross certificate pair to ldap - * crossCertificatePair attribute - * +/** + * module for publishing a cross certificate pair to ldap crossCertificatePair + * attribute + * * @version $Revision$, $Date$ */ -public class LdapCertificatePairPublisher - implements ILdapPublisher, IExtendedPluginInfo { +public class LdapCertificatePairPublisher implements ILdapPublisher, + IExtendedPluginInfo { public static final String LDAP_CROSS_CERT_PAIR_ATTR = "crossCertificatePair;binary"; public static final String LDAP_CA_OBJECTCLASS = "pkiCA"; public static final String LDAP_ARL_ATTR = "authorityRevocationList;binary"; @@ -72,15 +70,14 @@ public class LdapCertificatePairPublisher public String[] getExtendedPluginInfo(Locale locale) { String s[] = { "crossCertPairAttr;string;Name of Ldap attribute in which to store cross certificates", - "caObjectClass;string;The name of the objectclasses which should be " + - "added to this entry, if they do not already exist. This can be " + - "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)", - IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-publisher-crosscertpairpublisher", - IExtendedPluginInfo.HELP_TEXT + - ";This plugin knows how to publish the CA cert to " + - "'certificateAuthority' and 'pkiCA' -type entries" - }; + "caObjectClass;string;The name of the objectclasses which should be " + + "added to this entry, if they do not already exist. This can be " + + "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ldappublish-publisher-crosscertpairpublisher", + IExtendedPluginInfo.HELP_TEXT + + ";This plugin knows how to publish the CA cert to " + + "'certificateAuthority' and 'pkiCA' -type entries" }; return s; } @@ -117,14 +114,14 @@ public class LdapCertificatePairPublisher return mConfig; } - public void init(IConfigStore config) - throws EBaseException { - if (mInited) + public void init(IConfigStore config) throws EBaseException { + if (mInited) return; mConfig = config; - mCrossCertPairAttr = mConfig.getString("crossCertPairAttr", LDAP_CROSS_CERT_PAIR_ATTR); - mCaObjectclass = mConfig.getString("caObjectClass", - LDAP_CA_OBJECTCLASS); + mCrossCertPairAttr = mConfig.getString("crossCertPairAttr", + LDAP_CROSS_CERT_PAIR_ATTR); + mCaObjectclass = mConfig + .getString("caObjectClass", LDAP_CA_OBJECTCLASS); mObjAdded = mConfig.getString("caObjectClassAdded", ""); mObjDeleted = mConfig.getString("caObjectClassDeleted", ""); @@ -132,7 +129,8 @@ public class LdapCertificatePairPublisher } // don't think anyone would ever use this but just in case. - public LdapCertificatePairPublisher(String crossCertPairAttr, String caObjectclass) { + public LdapCertificatePairPublisher(String crossCertPairAttr, + String caObjectclass) { mCrossCertPairAttr = crossCertPairAttr; mCaObjectclass = caObjectclass; mInited = true; @@ -153,116 +151,126 @@ public class LdapCertificatePairPublisher } /** - * publish a certificatePair - * -should not be called from listeners. + * publish a certificatePair -should not be called from listeners. + * * @param conn the LDAP connection * @param dn dn of the entry to publish the XcertificatePair - * @param pair the Xcertificate bytes object. + * @param pair the Xcertificate bytes object. */ public synchronized void publish(LDAPConnection conn, String dn, Object pair) - throws ELdapException { + throws ELdapException { publish(conn, dn, (byte[]) pair); } /** - * publish a certificatePair - * -should not be called from listeners. + * publish a certificatePair -should not be called from listeners. + * * @param conn the LDAP connection * @param dn dn of the entry to publish the XcertificatePair * @param pair the cross cert bytes */ - public synchronized void publish(LDAPConnection conn, String dn, - byte[] pair) - throws ELdapException { + public synchronized void publish(LDAPConnection conn, String dn, byte[] pair) + throws ELdapException { if (conn == null) { - log(ILogger.LL_INFO, "LdapCertificatePairPublisher: no LDAP connection"); + log(ILogger.LL_INFO, + "LdapCertificatePairPublisher: no LDAP connection"); return; } try { - mCrossCertPairAttr = mConfig.getString("crossCertPairAttr", LDAP_CROSS_CERT_PAIR_ATTR); - mCaObjectclass = mConfig.getString("caObjectClass", LDAP_CA_OBJECTCLASS); + mCrossCertPairAttr = mConfig.getString("crossCertPairAttr", + LDAP_CROSS_CERT_PAIR_ATTR); + mCaObjectclass = mConfig.getString("caObjectClass", + LDAP_CA_OBJECTCLASS); } catch (EBaseException e) { } try { // search for attributes to determine if they exist - LDAPSearchResults res = - conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", - new String[] { LDAP_CACERT_ATTR, LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true); + LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, + "(objectclass=*)", new String[] { LDAP_CACERT_ATTR, + LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true); LDAPEntry entry = res.next(); LDAPAttribute certs = entry.getAttribute(LDAP_CACERT_ATTR); LDAPAttribute arls = entry.getAttribute(LDAP_ARL_ATTR); LDAPAttribute crls = entry.getAttribute(LDAP_CRL_ATTR); // search for objectclass and crosscertpair attributes and values - LDAPSearchResults res1 = - conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", - new String[] { "objectclass", mCrossCertPairAttr }, false); + LDAPSearchResults res1 = conn.search(dn, LDAPv2.SCOPE_BASE, + "(objectclass=*)", new String[] { "objectclass", + mCrossCertPairAttr }, false); LDAPEntry entry1 = res1.next(); LDAPAttribute ocs = entry1.getAttribute("objectclass"); - LDAPAttribute certPairs = entry1.getAttribute("crosscertificatepair;binary"); + LDAPAttribute certPairs = entry1 + .getAttribute("crosscertificatepair;binary"); LDAPModificationSet modSet = new LDAPModificationSet(); - boolean hasCert = LdapUserCertPublisher.ByteValueExists(certPairs, pair); - if (LdapUserCertPublisher.ByteValueExists(certPairs, pair)) { + boolean hasCert = LdapUserCertPublisher.ByteValueExists(certPairs, + pair); + if (LdapUserCertPublisher.ByteValueExists(certPairs, pair)) { CMS.debug("LdapCertificatePairPublisher: cross cert pair bytes exist in publishing directory, do not publish again."); return; } if (hasCert) { - log(ILogger.LL_INFO, "publish: CA " + dn + " already has cross cert pair bytes"); + log(ILogger.LL_INFO, "publish: CA " + dn + + " already has cross cert pair bytes"); } else { - modSet.add(LDAPModification.ADD, - new LDAPAttribute(mCrossCertPairAttr, pair)); + modSet.add(LDAPModification.ADD, new LDAPAttribute( + mCrossCertPairAttr, pair)); log(ILogger.LL_INFO, "cross cert pair published with dn=" + dn); } String[] oclist = mCaObjectclass.split(","); boolean attrsAdded = false; - for (int i=0; i < oclist.length; i++) { + for (int i = 0; i < oclist.length; i++) { String oc = oclist[i].trim(); - boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, oc); + boolean hasoc = LdapUserCertPublisher + .StringValueExists(ocs, oc); if (!hasoc) { - log(ILogger.LL_INFO, "adding CA objectclass " + oc + " to " + dn); - modSet.add(LDAPModification.ADD, - new LDAPAttribute("objectclass", oc)); + log(ILogger.LL_INFO, "adding CA objectclass " + oc + " to " + + dn); + modSet.add(LDAPModification.ADD, new LDAPAttribute( + "objectclass", oc)); - if ((!attrsAdded) && oc.equalsIgnoreCase("certificationAuthority")) { + if ((!attrsAdded) + && oc.equalsIgnoreCase("certificationAuthority")) { // add MUST attributes - if (arls == null) - modSet.add(LDAPModification.ADD, - new LDAPAttribute(LDAP_ARL_ATTR, "")); + if (arls == null) + modSet.add(LDAPModification.ADD, new LDAPAttribute( + LDAP_ARL_ATTR, "")); if (crls == null) - modSet.add(LDAPModification.ADD, - new LDAPAttribute(LDAP_CRL_ATTR, "")); + modSet.add(LDAPModification.ADD, new LDAPAttribute( + LDAP_CRL_ATTR, "")); if (certs == null) - modSet.add(LDAPModification.ADD, - new LDAPAttribute(LDAP_CACERT_ATTR, "")); + modSet.add(LDAPModification.ADD, new LDAPAttribute( + LDAP_CACERT_ATTR, "")); attrsAdded = true; } } - } + } // delete objectclasses that have been deleted from config String[] delList = mObjDeleted.split(","); if (delList.length > 0) { - for (int i=0; i< delList.length; i++) { + for (int i = 0; i < delList.length; i++) { String deloc = delList[i].trim(); - boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, deloc); + boolean hasoc = LdapUserCertPublisher.StringValueExists( + ocs, deloc); boolean match = false; - for (int j=0; j< oclist.length; j++) { + for (int j = 0; j < oclist.length; j++) { if ((oclist[j].trim()).equals(deloc)) { match = true; break; } } if (!match && hasoc) { - log(ILogger.LL_INFO, "deleting CRL objectclass " + deloc + " from " + dn); - modSet.add(LDAPModification.DELETE, - new LDAPAttribute("objectclass", deloc)); + log(ILogger.LL_INFO, "deleting CRL objectclass " + + deloc + " from " + dn); + modSet.add(LDAPModification.DELETE, new LDAPAttribute( + "objectclass", deloc)); } } } @@ -276,22 +284,29 @@ public class LdapCertificatePairPublisher try { mConfig.commit(false); } catch (Exception e) { - log(ILogger.LL_INFO, "Failure in updating mObjAdded and mObjDeleted"); + log(ILogger.LL_INFO, + "Failure in updating mObjAdded and mObjDeleted"); } } - if (modSet.size() > 0) conn.modify(dn, modSet); + if (modSet.size() > 0) + conn.modify(dn, modSet); CMS.debug("LdapCertificatePairPublisher: in publish() just published"); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage( + "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString())); - throw new ELdapException("error publishing cross cert pair:" + e.toString()); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", + e.toString())); + throw new ELdapException("error publishing cross cert pair:" + + e.toString()); } } return; @@ -301,7 +316,7 @@ public class LdapCertificatePairPublisher * unsupported */ public void unpublish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { CMS.debug("LdapCertificatePairPublisher: unpublish() is unsupported in this revision"); } @@ -310,7 +325,7 @@ public class LdapCertificatePairPublisher */ private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCertificatePairPublisher: " + msg); + "LdapCertificatePairPublisher: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java index 22dc1294f..e6a4e45c6 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; - import java.security.cert.CRLException; import java.security.cert.X509CRL; import java.util.Locale; @@ -42,10 +41,9 @@ import com.netscape.certsrv.ldap.ELdapServerDownException; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPublisher; - /** - * For publishing master or global CRL. - * Publishes (replaces) the CRL in the CA's LDAP entry. + * For publishing master or global CRL. Publishes (replaces) the CRL in the CA's + * LDAP entry. * * @version $Revision$, $Date$ */ @@ -81,16 +79,15 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { public String[] getExtendedPluginInfo(Locale locale) { String[] params = { "crlAttr;string;Name of Ldap attribute in which to store the CRL", - "crlObjectClass;string;The name of the objectclasses which should be " + - "added to this entry, if they do not already exist. This can be a comma-" + - "separated list such as 'certificationAuthority,certificationAuthority-V2' " + - "(if using RFC 2256) or 'pkiCA, deltaCRL' (if using RFC 4523)", - IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-publisher-crlpublisher", - IExtendedPluginInfo.HELP_TEXT + - ";This plugin knows how to publish CRL's to " + - "'certificateAuthority' and 'pkiCA' -type entries" - }; + "crlObjectClass;string;The name of the objectclasses which should be " + + "added to this entry, if they do not already exist. This can be a comma-" + + "separated list such as 'certificationAuthority,certificationAuthority-V2' " + + "(if using RFC 2256) or 'pkiCA, deltaCRL' (if using RFC 4523)", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ldappublish-publisher-crlpublisher", + IExtendedPluginInfo.HELP_TEXT + + ";This plugin knows how to publish CRL's to " + + "'certificateAuthority' and 'pkiCA' -type entries" }; return params; } @@ -115,14 +112,13 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { return mConfig; } - public void init(IConfigStore config) - throws EBaseException { + public void init(IConfigStore config) throws EBaseException { if (mInited) return; mConfig = config; mCrlAttr = mConfig.getString("crlAttr", LDAP_CRL_ATTR); mCrlObjectClass = mConfig.getString("crlObjectClass", - LDAP_CRL_OBJECTCLASS); + LDAP_CRL_OBJECTCLASS); mObjAdded = mConfig.getString("crlObjectClassAdded", ""); mObjDeleted = mConfig.getString("crlObjectClassDeleted", ""); @@ -142,11 +138,11 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { } /** - * Replaces the CRL in the certificateRevocationList attribute. - * CRL's are published as a DER encoded blob. + * Replaces the CRL in the certificateRevocationList attribute. CRL's are + * published as a DER encoded blob. */ public void publish(LDAPConnection conn, String dn, Object crlObj) - throws ELdapException { + throws ELdapException { if (conn == null) { log(ILogger.LL_INFO, "publish CRL: no LDAP connection"); return; @@ -154,7 +150,8 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { try { mCrlAttr = mConfig.getString("crlAttr", LDAP_CRL_ATTR); - mCrlObjectClass = mConfig.getString("crlObjectClass", LDAP_CRL_OBJECTCLASS); + mCrlObjectClass = mConfig.getString("crlObjectClass", + LDAP_CRL_OBJECTCLASS); } catch (EBaseException e) { } @@ -162,28 +159,29 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { // see if we should create local connection LDAPConnection altConn = null; try { - String host = mConfig.getString("host", null); - String port = mConfig.getString("port", null); - if (host != null && port != null) { - int portVal = Integer.parseInt(port); - int version = Integer.parseInt(mConfig.getString("version", "2")); - String cert_nick = mConfig.getString("clientCertNickname", null); - LDAPSSLSocketFactoryExt sslSocket = null; - if (cert_nick != null) { - sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick); + String host = mConfig.getString("host", null); + String port = mConfig.getString("port", null); + if (host != null && port != null) { + int portVal = Integer.parseInt(port); + int version = Integer.parseInt(mConfig + .getString("version", "2")); + String cert_nick = mConfig + .getString("clientCertNickname", null); + LDAPSSLSocketFactoryExt sslSocket = null; + if (cert_nick != null) { + sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick); + } + String mgr_dn = mConfig.getString("bindDN", null); + String mgr_pwd = mConfig.getString("bindPWD", null); + + altConn = CMS.getBoundConnection(host, portVal, version, + sslSocket, mgr_dn, mgr_pwd); + conn = altConn; } - String mgr_dn = mConfig.getString("bindDN", null); - String mgr_pwd = mConfig.getString("bindPWD", null); - - altConn = CMS.getBoundConnection(host, portVal, - version, - sslSocket, mgr_dn, mgr_pwd); - conn = altConn; - } } catch (LDAPException e) { - CMS.debug("Failed to create alt connection " + e); + CMS.debug("Failed to create alt connection " + e); } catch (EBaseException e) { - CMS.debug("Failed to create alt connection " + e); + CMS.debug("Failed to create alt connection " + e); } try { @@ -194,10 +192,11 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { LDAPSearchResults res = null; if (mCrlAttr.equals(LDAP_CRL_ATTR)) { res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", - new String[] { LDAP_CACERT_ATTR, LDAP_ARL_ATTR }, true); + new String[] { LDAP_CACERT_ATTR, LDAP_ARL_ATTR }, true); } else { res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", - new String[] { LDAP_CRL_ATTR, LDAP_CACERT_ATTR, LDAP_ARL_ATTR }, true); + new String[] { LDAP_CRL_ATTR, LDAP_CACERT_ATTR, + LDAP_ARL_ATTR }, true); } LDAPEntry entry = res.next(); @@ -216,50 +215,56 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { String[] oclist = mCrlObjectClass.split(","); boolean attrsAdded = false; - for (int i=0; i < oclist.length; i++) { + for (int i = 0; i < oclist.length; i++) { String oc = oclist[i].trim(); - boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, oc); + boolean hasoc = LdapUserCertPublisher + .StringValueExists(ocs, oc); if (!hasoc) { - log(ILogger.LL_INFO, "adding CRL objectclass " + oc + " to " + dn); - modSet.add(LDAPModification.ADD, - new LDAPAttribute("objectclass", oc)); + log(ILogger.LL_INFO, "adding CRL objectclass " + oc + + " to " + dn); + modSet.add(LDAPModification.ADD, new LDAPAttribute( + "objectclass", oc)); - if ((!attrsAdded) && oc.equalsIgnoreCase("certificationAuthority")) { + if ((!attrsAdded) + && oc.equalsIgnoreCase("certificationAuthority")) { // add MUST attributes if (arls == null) - modSet.add(LDAPModification.ADD, - new LDAPAttribute(LDAP_ARL_ATTR, "")); + modSet.add(LDAPModification.ADD, new LDAPAttribute( + LDAP_ARL_ATTR, "")); if (certs == null) - modSet.add(LDAPModification.ADD, - new LDAPAttribute(LDAP_CACERT_ATTR, "")); + modSet.add(LDAPModification.ADD, new LDAPAttribute( + LDAP_CACERT_ATTR, "")); - if ((crls == null) && (!mCrlAttr.equals(LDAP_CRL_ATTR))) - modSet.add(LDAPModification.ADD, - new LDAPAttribute(LDAP_CRL_ATTR, "")); + if ((crls == null) && (!mCrlAttr.equals(LDAP_CRL_ATTR))) + modSet.add(LDAPModification.ADD, new LDAPAttribute( + LDAP_CRL_ATTR, "")); attrsAdded = true; } } } - modSet.add(LDAPModification.REPLACE, new LDAPAttribute(mCrlAttr, crlEnc)); + modSet.add(LDAPModification.REPLACE, new LDAPAttribute(mCrlAttr, + crlEnc)); // delete objectclasses that have been deleted from config String[] delList = mObjDeleted.split(","); if (delList.length > 0) { - for (int i=0; i< delList.length; i++) { + for (int i = 0; i < delList.length; i++) { String deloc = delList[i].trim(); - boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, deloc); + boolean hasoc = LdapUserCertPublisher.StringValueExists( + ocs, deloc); boolean match = false; - for (int j=0; j< oclist.length; j++) { + for (int j = 0; j < oclist.length; j++) { if ((oclist[j].trim()).equals(deloc)) { match = true; break; } } if (!match && hasoc) { - log(ILogger.LL_INFO, "deleting CRL objectclass " + deloc + " from " + dn); - modSet.add(LDAPModification.DELETE, - new LDAPAttribute("objectclass", deloc)); + log(ILogger.LL_INFO, "deleting CRL objectclass " + + deloc + " from " + dn); + modSet.add(LDAPModification.DELETE, new LDAPAttribute( + "objectclass", deloc)); } } } @@ -273,56 +278,64 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { try { mConfig.commit(false); } catch (Exception e) { - log(ILogger.LL_INFO, "Failure in updating mObjAdded and mObjDeleted"); + log(ILogger.LL_INFO, + "Failure in updating mObjAdded and mObjDeleted"); } - } + } conn.modify(dn, modSet); } catch (CRLException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_CRL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_PUBLISH_CRL_ERROR", e.toString())); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage( + "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_CRL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "PUBLISH_PUBLISH_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_PUBLISH_CRL_ERROR", e.toString())); } } finally { - if (altConn != null) { - try { - altConn.disconnect(); - } catch (LDAPException e) { - // safely ignored - } - } + if (altConn != null) { + try { + altConn.disconnect(); + } catch (LDAPException e) { + // safely ignored + } + } } } /** - * There shouldn't be a need to call this. - * CRLs are always replaced but this is implemented anyway in case - * there is ever a reason to remove a global CRL. + * There shouldn't be a need to call this. CRLs are always replaced but this + * is implemented anyway in case there is ever a reason to remove a global + * CRL. */ public void unpublish(LDAPConnection conn, String dn, Object crlObj) - throws ELdapException { + throws ELdapException { try { byte[] crlEnc = ((X509CRL) crlObj).getEncoded(); try { mCrlAttr = mConfig.getString("crlAttr", LDAP_CRL_ATTR); - mCrlObjectClass = mConfig.getString("crlObjectClass", LDAP_CRL_OBJECTCLASS); + mCrlObjectClass = mConfig.getString("crlObjectClass", + LDAP_CRL_OBJECTCLASS); } catch (EBaseException e) { } - LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, - "(objectclass=*)", new String[] { mCrlAttr, "objectclass" }, false); + "(objectclass=*)", + new String[] { mCrlAttr, "objectclass" }, false); LDAPEntry e = res.next(); LDAPAttribute crls = e.getAttribute(mCrlAttr); LDAPAttribute ocs = e.getAttribute("objectclass"); @@ -330,21 +343,23 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { LDAPModificationSet modSet = new LDAPModificationSet(); boolean hasOC = false; - boolean hasCRL = - LdapUserCertPublisher.ByteValueExists(crls, crlEnc); + boolean hasCRL = LdapUserCertPublisher + .ByteValueExists(crls, crlEnc); if (hasCRL) { - modSet.add(LDAPModification.DELETE, - new LDAPAttribute(mCrlAttr, crlEnc)); + modSet.add(LDAPModification.DELETE, new LDAPAttribute(mCrlAttr, + crlEnc)); } - + String[] oclist = mCrlObjectClass.split(","); - for (int i=0; i < oclist.length; i++) { + for (int i = 0; i < oclist.length; i++) { String oc = oclist[i].trim(); if (LdapUserCertPublisher.StringValueExists(ocs, oc)) { - log(ILogger.LL_INFO, "unpublish: deleting CRL object class " + oc + " from " + dn); - modSet.add(LDAPModification.DELETE, - new LDAPAttribute("objectClass", oc)); + log(ILogger.LL_INFO, + "unpublish: deleting CRL object class " + oc + + " from " + dn); + modSet.add(LDAPModification.DELETE, new LDAPAttribute( + "objectClass", oc)); hasOC = true; } } @@ -352,22 +367,29 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { if (hasCRL || hasOC) { conn.modify(dn, modSet); } else { - log(ILogger.LL_INFO, - "unpublish: " + dn + " already has not CRL"); + log(ILogger.LL_INFO, "unpublish: " + dn + + " already has not CRL"); } } catch (CRLException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_CRL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_PUBLISH_CRL_ERROR", e.toString())); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage( + "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_CRL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", + e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_UNPUBLISH_CRL_ERROR", e.toString())); } } return; @@ -375,6 +397,6 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCrlPublisher: " + msg); + "LdapCrlPublisher: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java index 902763b48..0dedf8f40 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateEncodingException; @@ -51,13 +50,13 @@ import com.netscape.certsrv.ldap.ELdapServerDownException; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPublisher; - -/** - * Interface for mapping a X509 certificate to a LDAP entry - * +/** + * Interface for mapping a X509 certificate to a LDAP entry + * * @version $Revision$, $Date$ */ -public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPluginInfo { +public class LdapEncryptCertPublisher implements ILdapPublisher, + IExtendedPluginInfo { public static final String LDAP_USERCERT_ATTR = "userCertificate;binary"; public static final String PROP_REVOKE_CERT = "revokeCert"; @@ -81,11 +80,10 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin public String[] getExtendedPluginInfo(Locale locale) { String[] params = { "certAttr;string;LDAP attribute in which to store the certificate", - IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-publisher-usercertpublisher", - IExtendedPluginInfo.HELP_TEXT + - ";This plugin knows how to publish user certificates" - }; + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ldappublish-publisher-usercertpublisher", + IExtendedPluginInfo.HELP_TEXT + + ";This plugin knows how to publish user certificates" }; return params; @@ -109,8 +107,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin return mConfig; } - public void init(IConfigStore config) - throws EBaseException { + public void init(IConfigStore config) throws EBaseException { if (mInited) return; mConfig = config; @@ -124,16 +121,16 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin } /** - * publish a user certificate - * Adds the cert to the multi-valued certificate attribute as a - * DER encoded binary blob. Does not check if cert already exists. + * publish a user certificate Adds the cert to the multi-valued certificate + * attribute as a DER encoded binary blob. Does not check if cert already + * exists. * * @param conn the LDAP connection * @param dn dn of the entry to publish the certificate - * @param certObj the certificate object. + * @param certObj the certificate object. */ public void publish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { if (conn == null) return; @@ -147,45 +144,52 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin byte[] certEnc = cert.getEncoded(); // check if cert already exists. - LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, + LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", new String[] { mCertAttr }, false); LDAPEntry entry = res.next(); - LDAPAttribute attr = getModificationAttribute(entry.getAttribute(mCertAttr), certEnc); + LDAPAttribute attr = getModificationAttribute( + entry.getAttribute(mCertAttr), certEnc); if (attr == null) { log(ILogger.LL_INFO, "publish: " + dn + " already has cert."); return; } - // publish - LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, attr); + // publish + LDAPModification mod = new LDAPModification( + LDAPModification.REPLACE, attr); - conn.modify(dn, mod); + conn.modify(dn, mod); } catch (CertificateEncodingException e) { - CMS.debug("LdapEncryptCertPublisher: error in publish: " + e.toString()); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); + CMS.debug("LdapEncryptCertPublisher: error in publish: " + + e.toString()); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage( + "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "PUBLISH_PUBLISH_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString())); } } return; } /** - * unpublish a user certificate - * deletes the certificate from the list of certificates. - * does not check if certificate is already there. + * unpublish a user certificate deletes the certificate from the list of + * certificates. does not check if certificate is already there. */ public void unpublish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { if (!(certObj instanceof X509Certificate)) throw new IllegalArgumentException("Illegal arg to publish"); @@ -195,7 +199,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin byte[] certEnc = cert.getEncoded(); // check if cert already deleted. - LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, + LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", new String[] { mCertAttr }, false); LDAPEntry entry = res.next(); @@ -204,23 +208,31 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin return; } - LDAPModification mod = new LDAPModification(LDAPModification.DELETE, - new LDAPAttribute(mCertAttr, certEnc)); + LDAPModification mod = new LDAPModification( + LDAPModification.DELETE, new LDAPAttribute(mCertAttr, + certEnc)); - conn.modify(dn, mod); + conn.modify(dn, mod); } catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage( + "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_USERCERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", + e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_UNPUBLISH_USERCERT_ERROR", e.toString())); } } return; @@ -228,11 +240,11 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapUserCertPublisher: " + msg); + "LdapUserCertPublisher: " + msg); } - public LDAPAttribute getModificationAttribute( - LDAPAttribute attr, byte[] bval) { + public LDAPAttribute getModificationAttribute(LDAPAttribute attr, + byte[] bval) { LDAPAttribute at = new LDAPAttribute(attr.getName(), bval); // determine if the given cert is a signing or an encryption @@ -256,13 +268,13 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin X509CertImpl cert = new X509CertImpl(val); log(ILogger.LL_INFO, "Checking " + cert); - if (CMS.isEncryptionCert(thisCert) && - CMS.isEncryptionCert(cert)) { + if (CMS.isEncryptionCert(thisCert) + && CMS.isEncryptionCert(cert)) { // skip log(ILogger.LL_INFO, "SKIP ENCRYPTION " + cert); revokeCert(cert); - } else if (CMS.isSigningCert(thisCert) && - CMS.isSigningCert(cert)) { + } else if (CMS.isSigningCert(thisCert) + && CMS.isSigningCert(cert)) { // skip log(ILogger.LL_INFO, "SKIP SIGNING " + cert); revokeCert(cert); @@ -270,33 +282,35 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin at.addValue(val); } } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CHECK_FAILED", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_CHECK_FAILED", e.toString())); } } return at; } - private RevokedCertImpl formCRLEntry( - BigInteger serialNo, RevocationReason reason) - throws EBaseException { + private RevokedCertImpl formCRLEntry(BigInteger serialNo, + RevocationReason reason) throws EBaseException { CRLReasonExtension reasonExt = new CRLReasonExtension(reason); CRLExtensions crlentryexts = new CRLExtensions(); try { crlentryexts.set(CRLReasonExtension.NAME, reasonExt); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_SET_CRL_REASON", reason.toString(), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_SET_CRL_REASON", + reason.toString(), e.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_INTERNAL_ERROR", e.toString())); } - RevokedCertImpl crlentry = - new RevokedCertImpl(serialNo, new Date(), crlentryexts); + RevokedCertImpl crlentry = new RevokedCertImpl(serialNo, new Date(), + crlentryexts); return crlentry; } - private void revokeCert(X509CertImpl cert) - throws EBaseException { + private void revokeCert(X509CertImpl cert) throws EBaseException { try { if (mConfig.getBoolean(PROP_REVOKE_CERT, true) == false) { return; @@ -306,11 +320,11 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin } BigInteger serialNum = cert.getSerialNumber(); // need to revoke certificate also - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem("ca"); ICAService service = (ICAService) ca.getCAService(); - RevokedCertImpl crlEntry = formCRLEntry( - serialNum, RevocationReason.KEY_COMPROMISE); + RevokedCertImpl crlEntry = formCRLEntry(serialNum, + RevocationReason.KEY_COMPROMISE); service.revokeCert(crlEntry); } @@ -354,4 +368,3 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin } } - diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java index f612d005b..3867a3b8c 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; - import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.Enumeration; @@ -43,13 +42,13 @@ import com.netscape.certsrv.logging.AuditFormat; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPublisher; - -/** - * Interface for mapping a X509 certificate to a LDAP entry - * +/** + * Interface for mapping a X509 certificate to a LDAP entry + * * @version $Revision$, $Date$ */ -public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInfo { +public class LdapUserCertPublisher implements ILdapPublisher, + IExtendedPluginInfo { public static final String LDAP_USERCERT_ATTR = "userCertificate;binary"; protected String mCertAttr = LDAP_USERCERT_ATTR; @@ -71,11 +70,10 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf public String[] getExtendedPluginInfo(Locale locale) { String[] params = { "certAttr;string;LDAP attribute in which to store the certificate", - IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-publisher-usercertpublisher", - IExtendedPluginInfo.HELP_TEXT + - ";This plugin knows how to publish user certificates" - }; + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ldappublish-publisher-usercertpublisher", + IExtendedPluginInfo.HELP_TEXT + + ";This plugin knows how to publish user certificates" }; return params; @@ -99,8 +97,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf return mConfig; } - public void init(IConfigStore config) - throws EBaseException { + public void init(IConfigStore config) throws EBaseException { if (mInited) return; mConfig = config; @@ -113,16 +110,16 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf } /** - * publish a user certificate - * Adds the cert to the multi-valued certificate attribute as a - * DER encoded binary blob. Does not check if cert already exists. + * publish a user certificate Adds the cert to the multi-valued certificate + * attribute as a DER encoded binary blob. Does not check if cert already + * exists. * * @param conn the LDAP connection * @param dn dn of the entry to publish the certificate - * @param certObj the certificate object. + * @param certObj the certificate object. */ public void publish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { if (conn == null) return; @@ -130,28 +127,29 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf // see if we should create local connection LDAPConnection altConn = null; try { - String host = mConfig.getString("host", null); - String port = mConfig.getString("port", null); - if (host != null && port != null) { - int portVal = Integer.parseInt(port); - int version = Integer.parseInt(mConfig.getString("version", "2")); - String cert_nick = mConfig.getString("clientCertNickname", null); - LDAPSSLSocketFactoryExt sslSocket = null; - if (cert_nick != null) { - sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick); + String host = mConfig.getString("host", null); + String port = mConfig.getString("port", null); + if (host != null && port != null) { + int portVal = Integer.parseInt(port); + int version = Integer.parseInt(mConfig + .getString("version", "2")); + String cert_nick = mConfig + .getString("clientCertNickname", null); + LDAPSSLSocketFactoryExt sslSocket = null; + if (cert_nick != null) { + sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick); + } + String mgr_dn = mConfig.getString("bindDN", null); + String mgr_pwd = mConfig.getString("bindPWD", null); + + altConn = CMS.getBoundConnection(host, portVal, version, + sslSocket, mgr_dn, mgr_pwd); + conn = altConn; } - String mgr_dn = mConfig.getString("bindDN", null); - String mgr_pwd = mConfig.getString("bindPWD", null); - - altConn = CMS.getBoundConnection(host, portVal, - version, - sslSocket, mgr_dn, mgr_pwd); - conn = altConn; - } } catch (LDAPException e) { - CMS.debug("Failed to create alt connection " + e); + CMS.debug("Failed to create alt connection " + e); } catch (EBaseException e) { - CMS.debug("Failed to create alt connection " + e); + CMS.debug("Failed to create alt connection " + e); } if (!(certObj instanceof X509Certificate)) @@ -169,7 +167,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf byte[] certEnc = cert.getEncoded(); // check if cert already exists. - LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, + LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", new String[] { mCertAttr }, false); LDAPEntry entry = res.next(); @@ -178,59 +176,65 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf return; } - // publish + // publish LDAPModification mod = null; if (deleteCert) { - mod = new LDAPModification(LDAPModification.REPLACE, - new LDAPAttribute(mCertAttr, certEnc)); + mod = new LDAPModification(LDAPModification.REPLACE, + new LDAPAttribute(mCertAttr, certEnc)); } else { - mod = new LDAPModification(LDAPModification.ADD, - new LDAPAttribute(mCertAttr, certEnc)); + mod = new LDAPModification(LDAPModification.ADD, + new LDAPAttribute(mCertAttr, certEnc)); } - conn.modify(dn, mod); + conn.modify(dn, mod); // log a successful message to the "transactions" log - mLogger.log( ILogger.EV_AUDIT, - ILogger.S_LDAP, - ILogger.LL_INFO, - AuditFormat.LDAP_PUBLISHED_FORMAT, - new Object[] { "LdapUserCertPublisher", - cert.getSerialNumber().toString(16), - cert.getSubjectDN() } ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_LDAP, + ILogger.LL_INFO, + AuditFormat.LDAP_PUBLISHED_FORMAT, + new Object[] { "LdapUserCertPublisher", + cert.getSerialNumber().toString(16), + cert.getSubjectDN() }); } catch (CertificateEncodingException e) { - CMS.debug("LdapUserCertPublisher: error in publish: " + e.toString()); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); + CMS.debug("LdapUserCertPublisher: error in publish: " + + e.toString()); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage( + "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "PUBLISH_PUBLISH_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString())); } } finally { - if (altConn != null) { - try { - altConn.disconnect(); - } catch (LDAPException e) { - // safely ignored - } - } + if (altConn != null) { + try { + altConn.disconnect(); + } catch (LDAPException e) { + // safely ignored + } + } } return; } /** - * unpublish a user certificate - * deletes the certificate from the list of certificates. - * does not check if certificate is already there. + * unpublish a user certificate deletes the certificate from the list of + * certificates. does not check if certificate is already there. */ public void unpublish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { boolean disableUnpublish = false; try { @@ -239,8 +243,8 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf } if (disableUnpublish) { - CMS.debug("UserCertPublisher: disable unpublish"); - return; + CMS.debug("UserCertPublisher: disable unpublish"); + return; } if (!(certObj instanceof X509Certificate)) @@ -252,7 +256,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf byte[] certEnc = cert.getEncoded(); // check if cert already deleted. - LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, + LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", new String[] { mCertAttr }, false); LDAPEntry entry = res.next(); @@ -261,23 +265,30 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf return; } - LDAPModification mod = new LDAPModification(LDAPModification.DELETE, - new LDAPAttribute(mCertAttr, certEnc)); + LDAPModification mod = new LDAPModification( + LDAPModification.DELETE, new LDAPAttribute(mCertAttr, + certEnc)); - conn.modify(dn, mod); + conn.modify(dn, mod); } catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage( + "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR")); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_USERCERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR")); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_UNPUBLISH_USERCERT_ERROR", e.toString())); } } return; @@ -285,7 +296,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapUserCertPublisher: " + msg); + "LdapUserCertPublisher: " + msg); } /** diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java index ad37a6669..e6ebf34ab 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; - import java.io.DataInputStream; import java.io.IOException; import java.io.OutputStream; @@ -42,11 +41,9 @@ import com.netscape.certsrv.publish.ILdapPublisher; import com.netscape.cmsutil.http.HttpRequest; import com.netscape.cmsutil.http.JssSSLSocketFactory; - -/** - * This publisher writes certificate and CRL into - * a directory. - * +/** + * This publisher writes certificate and CRL into a directory. + * * @version $Revision$, $Date$ */ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { @@ -83,13 +80,14 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { PROP_HOST + ";string;Host of CMS's OCSP Secure agent service", PROP_PORT + ";string;Port of CMS's OCSP Secure agent service", PROP_PATH + ";string;URI of CMS's OCSP Secure agent service", - PROP_NICK + ";string;Nickname of cert used for client authentication", - PROP_CLIENT_AUTH_ENABLE + ";boolean;Client Authentication enabled", - IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-publisher-ocsppublisher", - IExtendedPluginInfo.HELP_TEXT + - ";Publishes CRLs to a Online Certificate Status Manager, an OCSP responder provided by CMS." - }; + PROP_NICK + + ";string;Nickname of cert used for client authentication", + PROP_CLIENT_AUTH_ENABLE + + ";boolean;Client Authentication enabled", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ldappublish-publisher-ocsppublisher", + IExtendedPluginInfo.HELP_TEXT + + ";Publishes CRLs to a Online Certificate Status Manager, an OCSP responder provided by CMS." }; return params; } @@ -145,12 +143,12 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { try { nickname = config.getString("ca.subsystem.nickname", ""); String tokenname = config.getString("ca.subsystem.tokenname", ""); - if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) - nickname = tokenname+":"+nickname; + if (!tokenname.equals("internal") + && !tokenname.equals("Internal Key Storage Token")) + nickname = tokenname + ":" + nickname; } catch (Exception e) { } - v.addElement(PROP_HOST + "="); v.addElement(PROP_PORT + "="); v.addElement(PROP_PATH + "=/ocsp/agent/ocsp/addCRL"); @@ -169,7 +167,8 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { mPort = mConfig.getString(PROP_PORT, ""); mPath = mConfig.getString(PROP_PATH, ""); mNickname = mConfig.getString(PROP_NICK, ""); - mClientAuthEnabled = mConfig.getBoolean(PROP_CLIENT_AUTH_ENABLE, true); + mClientAuthEnabled = mConfig.getBoolean(PROP_CLIENT_AUTH_ENABLE, + true); } catch (EBaseException e) { } } @@ -178,45 +177,43 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { return mConfig; } - protected Socket Connect(String host, boolean secure, JssSSLSocketFactory factory) - { - Socket socket = null; - StringTokenizer st = new StringTokenizer(host, " "); - while (st.hasMoreTokens()) { - String hp = st.nextToken(); // host:port - StringTokenizer st1 = new StringTokenizer(hp, ":"); - String h = st1.nextToken(); - int p = Integer.parseInt(st1.nextToken()); - try { - if (secure) { - socket = factory.makeSocket(h, p); - } else { - socket = new Socket(h, p); - } - return socket; - } catch (Exception e) { - } - try { - Thread.sleep(5000); // 5 seconds delay - } catch (Exception e) { - } - } - return null; + protected Socket Connect(String host, boolean secure, + JssSSLSocketFactory factory) { + Socket socket = null; + StringTokenizer st = new StringTokenizer(host, " "); + while (st.hasMoreTokens()) { + String hp = st.nextToken(); // host:port + StringTokenizer st1 = new StringTokenizer(hp, ":"); + String h = st1.nextToken(); + int p = Integer.parseInt(st1.nextToken()); + try { + if (secure) { + socket = factory.makeSocket(h, p); + } else { + socket = new Socket(h, p); + } + return socket; + } catch (Exception e) { + } + try { + Thread.sleep(5000); // 5 seconds delay + } catch (Exception e) { + } + } + return null; } /** * Publishs a object to the ldap directory. * - * @param conn a Ldap connection - * (null if LDAP publishing is not enabled) - * @param dn dn of the ldap entry to publish cert - * (null if LDAP publishing is not enabled) - * @param object object to publish - * (java.security.cert.X509Certificate or, - * java.security.cert.X509CRL) + * @param conn a Ldap connection (null if LDAP publishing is not enabled) + * @param dn dn of the ldap entry to publish cert (null if LDAP publishing + * is not enabled) + * @param object object to publish (java.security.cert.X509Certificate or, + * java.security.cert.X509CRL) */ - public synchronized void publish(LDAPConnection conn, String dn, Object object) - throws ELdapException { + public synchronized void publish(LDAPConnection conn, String dn, + Object object) throws ELdapException { try { if (!(object instanceof X509CRL)) return; @@ -226,24 +223,24 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { // open the connection and prepare it to POST boolean secure = true; - + String host = mHost; int port = Integer.parseInt(mPort); String path = mPath; - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_INFO, "OCSPPublisher: " + - "Host='" + host + "' Port='" + port + - "' URL='" + path + "'"); - CMS.debug("OCSPPublisher: " + - "Host='" + host + "' Port='" + port + - "' URL='" + path + "'"); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_INFO, + "OCSPPublisher: " + "Host='" + host + "' Port='" + port + + "' URL='" + path + "'"); + CMS.debug("OCSPPublisher: " + "Host='" + host + "' Port='" + port + + "' URL='" + path + "'"); StringBuffer query = new StringBuffer(); query.append("crl="); - query.append(URLEncoder.encode("-----BEGIN CERTIFICATE REVOCATION LIST-----\n")); + query.append(URLEncoder + .encode("-----BEGIN CERTIFICATE REVOCATION LIST-----\n")); query.append(URLEncoder.encode(CMS.BtoA(crl.getEncoded()))); - query.append(URLEncoder.encode("\n-----END CERTIFICATE REVOCATION LIST-----")); + query.append(URLEncoder + .encode("\n-----END CERTIFICATE REVOCATION LIST-----")); query.append("&noui=true"); Socket socket = null; @@ -256,23 +253,23 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { } if (mHost != null && mHost.indexOf(' ') != -1) { - // support failover hosts configuration - // host parameter can be - // "directory.knowledge.com:1050 people.catalog.com 199.254.1.2" - do { - socket = Connect(mHost, secure, factory); - } while (socket == null); + // support failover hosts configuration + // host parameter can be + // "directory.knowledge.com:1050 people.catalog.com 199.254.1.2" + do { + socket = Connect(mHost, secure, factory); + } while (socket == null); } else { - if (secure) { - socket = factory.makeSocket(host, port); - } else { - socket = new Socket(host, port); - } + if (secure) { + socket = factory.makeSocket(host, port); + } else { + socket = new Socket(host, port); + } } - if( socket == null ) { - CMS.debug( "OCSPPublisher::publish() - socket is null!" ); - throw new ELdapException( "socket is null" ); + if (socket == null) { + CMS.debug("OCSPPublisher::publish() - socket is null!"); + throw new ELdapException("socket is null"); } // use HttpRequest and POST @@ -283,26 +280,28 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { httpReq.setHeader("Connection", "Keep-Alive"); httpReq.setHeader("Content-Type", - "application/x-www-form-urlencoded"); + "application/x-www-form-urlencoded"); httpReq.setHeader("Content-Transfer-Encoding", "7bit"); - httpReq.setHeader("Content-Length", - Integer.toString(query.length())); + httpReq.setHeader("Content-Length", + Integer.toString(query.length())); httpReq.setContent(query.toString()); OutputStream os = socket.getOutputStream(); - OutputStreamWriter outputStreamWriter = new OutputStreamWriter(os, "UTF8"); + OutputStreamWriter outputStreamWriter = new OutputStreamWriter(os, + "UTF8"); - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_INFO, "OCSPPublisher: start sending CRL"); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_INFO, + "OCSPPublisher: start sending CRL"); long startTime = CMS.getCurrentDate().getTime(); CMS.debug("OCSPPublisher: start CRL sending startTime=" + startTime); httpReq.write(outputStreamWriter); long endTime = CMS.getCurrentDate().getTime(); - CMS.debug("OCSPPublisher: done CRL sending endTime=" + endTime + " diff=" + (endTime - startTime)); + CMS.debug("OCSPPublisher: done CRL sending endTime=" + endTime + + " diff=" + (endTime - startTime)); // Read the response - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_INFO, "OCSPPublisher: start getting response"); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_INFO, + "OCSPPublisher: start getting response"); DataInputStream dis = new DataInputStream(socket.getInputStream()); String nextline; String line = ""; @@ -321,40 +320,50 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { } dis.close(); if (status) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_INFO, "OCSPPublisher: successful"); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_INFO, "OCSPPublisher: successful"); } else { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_INFO, "OCSPPublisher: failed - " + error); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_INFO, "OCSPPublisher: failed - " + error); } - + } catch (IOException e) { CMS.debug("OCSPPublisher: publish failed " + e.toString()); - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString())); + mLogger.log( + ILogger.EV_SYSTEM, + ILogger.S_OTHER, + ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", + e.toString())); } catch (CRLException e) { CMS.debug("OCSPPublisher: publish failed " + e.toString()); - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString())); + mLogger.log( + ILogger.EV_SYSTEM, + ILogger.S_OTHER, + ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", + e.toString())); } catch (Exception e) { CMS.debug("OCSPPublisher: publish failed " + e.toString()); - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString())); + mLogger.log( + ILogger.EV_SYSTEM, + ILogger.S_OTHER, + ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", + e.toString())); } } /** * Unpublishs a object to the ldap directory. - * - * @param conn the Ldap connection - * (null if LDAP publishing is not enabled) - * @param dn dn of the ldap entry to unpublish cert - * (null if LDAP publishing is not enabled) - * @param object object to unpublish - * (java.security.cert.X509Certificate) + * + * @param conn the Ldap connection (null if LDAP publishing is not enabled) + * @param dn dn of the ldap entry to unpublish cert (null if LDAP publishing + * is not enabled) + * @param object object to unpublish (java.security.cert.X509Certificate) */ public void unpublish(LDAPConnection conn, String dn, Object object) - throws ELdapException { + throws ELdapException { // NOT USED } } diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/Utils.java b/pki/base/common/src/com/netscape/cms/publish/publishers/Utils.java index d5717aad4..3abc0a442 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/Utils.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/Utils.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; - import java.io.BufferedReader; import java.io.IOException; import java.io.InputStream; @@ -29,10 +28,9 @@ import java.text.SimpleDateFormat; import java.util.Date; import java.util.Vector; - /** * Publisher utility class. - * + * * @version $Revision$, $Date$ */ public class Utils { @@ -40,7 +38,8 @@ public class Utils { InetAddress addr = InetAddress.getByName(hostname); } - public static void copyStream(InputStream in, OutputStream out) throws IOException { + public static void copyStream(InputStream in, OutputStream out) + throws IOException { byte[] buf = new byte[4096]; int len; @@ -49,7 +48,8 @@ public class Utils { } } - public static void copyStream(BufferedReader in, OutputStreamWriter out) throws IOException { + public static void copyStream(BufferedReader in, OutputStreamWriter out) + throws IOException { char[] buf = new char[4096]; int len; @@ -58,8 +58,8 @@ public class Utils { } } - /// Sorts an array of Strings. - // Java currently has no general sort function. Sorting Strings is + // / Sorts an array of Strings. + // Java currently has no general sort function. Sorting Strings is // common enough that it's worth making a special case. public static void sortStrings(String[] strings) { // Just does a bubblesort. @@ -75,8 +75,8 @@ public class Utils { } } - /// Returns a date string formatted in Unix ls style - if it's within - // six months of now, Mmm dd hh:ss, else Mmm dd yyyy. + // / Returns a date string formatted in Unix ls style - if it's within + // six months of now, Mmm dd hh:ss, else Mmm dd yyyy. public static String lsDateStr(Date date) { long dateTime = date.getTime(); @@ -104,9 +104,10 @@ public class Utils { } return true; } - + /** * strips out double quotes around String parameter + * * @param s the string potentially bracketed with double quotes * @return string stripped of surrounding double quotes */ @@ -123,9 +124,8 @@ public class Utils { } /** - * returns an array of strings from a vector of Strings - * there'll be trouble if the Vector contains something other - * than just Strings + * returns an array of strings from a vector of Strings there'll be trouble + * if the Vector contains something other than just Strings */ public static String[] getStringArrayFromVector(Vector v) { String s[] = new String[v.size()]; |