diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/ldap/LdapRequestListener.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cmscore/ldap/LdapRequestListener.java | 350 |
1 files changed, 179 insertions, 171 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/LdapRequestListener.java b/pki/base/common/src/com/netscape/cmscore/ldap/LdapRequestListener.java index ad30be009..6c1e1e8ad 100644 --- a/pki/base/common/src/com/netscape/cmscore/ldap/LdapRequestListener.java +++ b/pki/base/common/src/com/netscape/cmscore/ldap/LdapRequestListener.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.ldap; + import java.math.BigInteger; import java.security.cert.Certificate; import java.util.Hashtable; @@ -41,12 +42,13 @@ import com.netscape.certsrv.request.IRequestListener; import com.netscape.certsrv.request.RequestId; import com.netscape.cmscore.dbs.CertRecord; + public class LdapRequestListener implements IRequestListener { private boolean mInited = false; /** - * handlers for request types (events) each handler implement - * IRequestListener + * handlers for request types (events) + * each handler implement IRequestListener */ private Hashtable mRequestListeners = new Hashtable(); @@ -55,23 +57,23 @@ public class LdapRequestListener implements IRequestListener { public LdapRequestListener() { } - public void set(String name, String val) { - } + public void set(String name, String val) + { + } public void init(ISubsystem sys, IConfigStore config) throws EBaseException { - if (mInited) - return; + if (mInited) return; - mPublisherProcessor = (IPublisherProcessor) sys; + mPublisherProcessor = (IPublisherProcessor)sys; mRequestListeners.put(IRequest.ENROLLMENT_REQUEST, - new LdapEnrollmentListener(mPublisherProcessor)); + new LdapEnrollmentListener(mPublisherProcessor)); mRequestListeners.put(IRequest.RENEWAL_REQUEST, - new LdapRenewalListener(mPublisherProcessor)); + new LdapRenewalListener(mPublisherProcessor)); mRequestListeners.put(IRequest.REVOCATION_REQUEST, - new LdapRevocationListener(mPublisherProcessor)); + new LdapRevocationListener(mPublisherProcessor)); mRequestListeners.put(IRequest.UNREVOCATION_REQUEST, - new LdapUnrevocationListener(mPublisherProcessor)); + new LdapUnrevocationListener(mPublisherProcessor)); mInited = true; } @@ -84,46 +86,45 @@ public class LdapRequestListener implements IRequestListener { if (r.getExtDataInInteger(IRequest.RESULT) == null) return null; - // check if request failed. - if ((r.getExtDataInInteger(IRequest.RESULT)) - .equals(IRequest.RES_ERROR)) { - CMS.debug("Request errored. " - + "Nothing to publish for enrollment request id " - + r.getRequestId()); + // check if request failed. + if ((r.getExtDataInInteger(IRequest.RESULT)).equals(IRequest.RES_ERROR)) { + CMS.debug("Request errored. " + + "Nothing to publish for enrollment request id " + + r.getRequestId()); return null; } - CMS.debug("Checking publishing for request " + r.getRequestId()); + CMS.debug("Checking publishing for request " + + r.getRequestId()); // check if issued certs is set. - X509CertImpl[] certs = r - .getExtDataInCertArray(IRequest.ISSUED_CERTS); + X509CertImpl[] certs = r.getExtDataInCertArray(IRequest.ISSUED_CERTS); if (certs == null || certs.length == 0 || certs[0] == null) { - CMS.debug("No certs to publish for request id " - + r.getRequestId()); + CMS.debug( + "No certs to publish for request id " + + r.getRequestId()); return null; } obj.setCerts(certs); return obj; } else if (type.equals(IRequest.RENEWAL_REQUEST)) { - // Note we do not remove old certs from directory during renewal - X509CertImpl[] certs = r - .getExtDataInCertArray(IRequest.ISSUED_CERTS); + // Note we do not remove old certs from directory during renewal + X509CertImpl[] certs = r.getExtDataInCertArray(IRequest.ISSUED_CERTS); if (certs == null || certs.length == 0) { - CMS.debug("no certs to publish for renewal " + "request " - + r.getRequestId()); + CMS.debug("no certs to publish for renewal " + + "request " + r.getRequestId()); return null; } obj.setCerts(certs); return obj; } else if (type.equals(IRequest.REVOCATION_REQUEST)) { - X509CertImpl[] revcerts = r - .getExtDataInCertArray(IRequest.OLD_CERTS); + X509CertImpl[] revcerts = r.getExtDataInCertArray(IRequest.OLD_CERTS); if (revcerts == null || revcerts.length == 0 || revcerts[0] == null) { // no certs in revoke. - CMS.debug("Nothing to unpublish for revocation " + "request " - + r.getRequestId()); + CMS.debug( + "Nothing to unpublish for revocation " + + "request " + r.getRequestId()); return null; } obj.setCerts(revcerts); @@ -133,15 +134,17 @@ public class LdapRequestListener implements IRequestListener { if (certs == null || certs.length == 0 || certs[0] == null) { // no certs in unrevoke. - CMS.debug("Nothing to publish for unrevocation " + "request " - + r.getRequestId()); + CMS.debug( + "Nothing to publish for unrevocation " + + "request " + r.getRequestId()); return null; } obj.setCerts(certs); return obj; } else { - CMS.debug("Request errored. " - + "Nothing to publish for request id " + r.getRequestId()); + CMS.debug("Request errored. " + + "Nothing to publish for request id " + + r.getRequestId()); return null; } @@ -150,11 +153,11 @@ public class LdapRequestListener implements IRequestListener { public void accept(IRequest r) { String type = r.getRequestType(); - IRequestListener handler = (IRequestListener) mRequestListeners - .get(type); + IRequestListener handler = (IRequestListener) mRequestListeners.get(type); if (handler == null) { - CMS.debug("Nothing to publish for request type " + type); + CMS.debug( + "Nothing to publish for request type " + type); return; } handler.accept(r); @@ -162,6 +165,7 @@ public class LdapRequestListener implements IRequestListener { } + class LdapEnrollmentListener implements IRequestListener { IPublisherProcessor mProcessor = null; @@ -172,48 +176,51 @@ class LdapEnrollmentListener implements IRequestListener { public void init(ISubsystem sys, IConfigStore config) throws EBaseException { } - public void set(String name, String val) { + public void set(String name, String val) + { } public void accept(IRequest r) { - CMS.debug("LdapRequestListener handling publishing for enrollment request id " - + r.getRequestId()); + CMS.debug( + "LdapRequestListener handling publishing for enrollment request id " + + r.getRequestId()); String profileId = r.getExtDataInString("profileId"); if (profileId == null) { - // in case it's not meant for us - if (r.getExtDataInInteger(IRequest.RESULT) == null) - return; + // in case it's not meant for us + if (r.getExtDataInInteger(IRequest.RESULT) == null) + return; // check if request failed. - if ((r.getExtDataInInteger(IRequest.RESULT)) - .equals(IRequest.RES_ERROR)) { - CMS.debug("Request errored. " - + "Nothing to publish for enrollment request id " - + r.getRequestId()); - return; - } - } - CMS.debug("Checking publishing for request " + r.getRequestId()); + if ((r.getExtDataInInteger(IRequest.RESULT)).equals(IRequest.RES_ERROR)) { + CMS.debug("Request errored. " + + "Nothing to publish for enrollment request id " + + r.getRequestId()); + return; + } + } + CMS.debug("Checking publishing for request " + + r.getRequestId()); // check if issued certs is set. Certificate[] certs = null; if (profileId == null) { - certs = r.getExtDataInCertArray(IRequest.ISSUED_CERTS); - } else { - certs = new Certificate[1]; - certs[0] = r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); - } + certs = r.getExtDataInCertArray(IRequest.ISSUED_CERTS); + } else { + certs = new Certificate[1]; + certs[0] = r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); + } if (certs == null || certs.length == 0 || certs[0] == null) { - CMS.debug("No certs to publish for request id " + r.getRequestId()); + CMS.debug( + "No certs to publish for request id " + r.getRequestId()); return; } - + if (certs[0] instanceof X509CertImpl) acceptX509(r, certs); } - + public void acceptX509(IRequest r, Certificate[] certs) { Integer results[] = new Integer[certs.length]; boolean error = false; @@ -221,56 +228,58 @@ class LdapEnrollmentListener implements IRequestListener { for (int i = 0; i < certs.length; i++) { X509CertImpl xcert = (X509CertImpl) certs[i]; - if (xcert == null) + if (xcert == null) continue; try { mProcessor.publishCert(xcert, r); - + results[i] = IRequest.RES_SUCCESS; - CMS.debug("acceptX509: Published cert serial no 0x" - + xcert.getSerialNumber().toString(16)); - // mProcessor.setPublishedFlag(xcert.getSerialNumber(), true); + CMS.debug( + "acceptX509: Published cert serial no 0x" + + xcert.getSerialNumber().toString(16)); + //mProcessor.setPublishedFlag(xcert.getSerialNumber(), true); } catch (ELdapException e) { - mProcessor.log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_CERT_NOT_PUBLISH", xcert - .getSerialNumber().toString(16), e.toString())); + mProcessor.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_PUBLISH", + xcert.getSerialNumber().toString(16), e.toString())); results[i] = IRequest.RES_ERROR; error = true; } } r.setExtData("ldapPublishStatus", results); r.setExtData("ldapPublishOverAllStatus", - (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS)); + (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS)); } } + class LdapRenewalListener implements IRequestListener { private IPublisherProcessor mProcessor = null; public LdapRenewalListener(IPublisherProcessor processor) { mProcessor = processor; } - public void init(ISubsystem sys, IConfigStore config) throws EBaseException { } - public void set(String name, String val) { + public void set(String name, String val) + { } public void accept(IRequest r) { - // Note we do not remove old certs from directory during renewal + // Note we do not remove old certs from directory during renewal Certificate[] certs = r.getExtDataInCertArray(IRequest.ISSUED_CERTS); if (certs == null || certs.length == 0) { - CMS.debug("no certs to publish for renewal " + "request " - + r.getRequestId()); + CMS.debug("no certs to publish for renewal " + + "request " + r.getRequestId()); return; } - + if (certs[0] instanceof X509CertImpl) acceptX509(r, certs); } - + public void acceptX509(IRequest r, Certificate[] certs) { X509CertImpl cert = null; @@ -279,57 +288,61 @@ class LdapRenewalListener implements IRequestListener { for (int i = 0; i < certs.length; i++) { cert = (X509CertImpl) certs[i]; - if (cert == null) + if (cert == null) continue; // there was an error issuing this cert. try { mProcessor.publishCert(cert, r); results[i] = IRequest.RES_SUCCESS; - mProcessor.log(ILogger.LL_INFO, "Published cert serial no 0x" - + cert.getSerialNumber().toString(16)); + mProcessor.log(ILogger.LL_INFO, + "Published cert serial no 0x" + + cert.getSerialNumber().toString(16)); } catch (ELdapException e) { error = true; - mProcessor.log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_CERT_NOT_PUBLISH", cert.getSerialNumber() - .toString(16), e.toString())); + mProcessor.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_PUBLISH", + cert.getSerialNumber().toString(16), e.toString())); results[i] = IRequest.RES_ERROR; } } r.setExtData("ldapPublishStatus", results); r.setExtData("ldapPublishOverAllStatus", - (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS)); + (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS)); } } + class LdapRevocationListener implements IRequestListener { private IPublisherProcessor mProcessor = null; public LdapRevocationListener(IPublisherProcessor processor) { mProcessor = processor; } - public void init(ISubsystem sys, IConfigStore config) throws EBaseException { } - public void set(String name, String val) { + public void set(String name, String val) + { } public void accept(IRequest r) { - CMS.debug("Handle publishing for revoke request id " + r.getRequestId()); + CMS.debug( + "Handle publishing for revoke request id " + r.getRequestId()); // get fields in request. Certificate[] certs = r.getExtDataInCertArray(IRequest.OLD_CERTS); if (certs == null || certs.length == 0 || certs[0] == null) { // no certs in revoke. - CMS.debug("Nothing to unpublish for revocation " + "request " - + r.getRequestId()); + CMS.debug( + "Nothing to unpublish for revocation " + + "request " + r.getRequestId()); return; } - + if (certs[0] instanceof X509CertImpl) acceptX509(r, certs); } - + public void acceptX509(IRequest r, Certificate[] revcerts) { boolean error = false; Integer results[] = new Integer[revcerts.length]; @@ -343,107 +356,105 @@ class LdapRevocationListener implements IRequestListener { // We need the enrollment request to sort out predicate BigInteger serial = cert.getSerialNumber(); ICertRecord certRecord = null; - IAuthority auth = (IAuthority) mProcessor.getAuthority(); + IAuthority auth = (IAuthority)mProcessor.getAuthority(); - if (auth == null || !(auth instanceof ICertificateAuthority)) { - mProcessor - .log(ILogger.LL_WARN, - "Trying to get a certificate from non certificate authority."); + if (auth == null || + !(auth instanceof ICertificateAuthority)) { + mProcessor.log(ILogger.LL_WARN, + "Trying to get a certificate from non certificate authority."); } else { - ICertificateRepository certdb = (ICertificateRepository) ((ICertificateAuthority) auth) - .getCertificateRepository(); + ICertificateRepository certdb = + (ICertificateRepository) ((ICertificateAuthority) auth).getCertificateRepository(); if (certdb == null) { - mProcessor.log(ILogger.LL_WARN, "Cert DB is null for " - + auth); + mProcessor.log(ILogger.LL_WARN, "Cert DB is null for " + auth); } else { try { - certRecord = (ICertRecord) certdb - .readCertificateRecord(serial); + certRecord = (ICertRecord) certdb.readCertificateRecord(serial); } catch (EBaseException e) { - mProcessor.log(ILogger.LL_FAILURE, CMS - .getLogMessage( - "CMSCORE_LDAP_GET_CERT_RECORD", - serial.toString(16), e.toString())); + mProcessor.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_GET_CERT_RECORD", + serial.toString(16), e.toString())); } } } MetaInfo metaInfo = null; String ridString = null; - + if (certRecord != null) - metaInfo = (MetaInfo) certRecord - .get(ICertRecord.ATTR_META_INFO); + metaInfo = + (MetaInfo) certRecord.get(ICertRecord.ATTR_META_INFO); if (metaInfo == null) { - mProcessor.log(ILogger.LL_FAILURE, - "failed getting CertRecord.ATTR_META_INFO for cert serial number 0x" - + serial.toString(16)); + mProcessor.log(ILogger.LL_FAILURE, + "failed getting CertRecord.ATTR_META_INFO for cert serial number 0x" + + serial.toString(16)); } else { - ridString = (String) metaInfo - .get(ICertRecord.META_REQUEST_ID); + ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID); } - + IRequest req = null; if (ridString != null) { RequestId rid = new RequestId(ridString); - + req = auth.getRequestQueue().findRequest(rid); - } + } mProcessor.unpublishCert(cert, req); results[i] = IRequest.RES_SUCCESS; - CMS.debug("Unpublished cert serial no 0x" - + cert.getSerialNumber().toString(16)); + CMS.debug( + "Unpublished cert serial no 0x" + + cert.getSerialNumber().toString(16)); } catch (ELdapException e) { error = true; - mProcessor.log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_CERT_NOT_UNPUBLISH", cert - .getSerialNumber().toString(16), e.toString())); + mProcessor.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_UNPUBLISH", + cert.getSerialNumber().toString(16), e.toString())); } catch (EBaseException e) { error = true; - mProcessor.log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_CERT_NOT_FIND", cert.getSerialNumber() - .toString(16), e.toString())); + mProcessor.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_FIND", + cert.getSerialNumber().toString(16), e.toString())); } } r.setExtData("ldapPublishStatus", results); r.setExtData("ldapPublishOverAllStatus", - (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS)); + (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS)); } } + class LdapUnrevocationListener implements IRequestListener { private IPublisherProcessor mProcessor = null; public LdapUnrevocationListener(IPublisherProcessor processor) { mProcessor = processor; } - public void init(ISubsystem sys, IConfigStore config) throws EBaseException { } - - public void set(String name, String val) { + public void set(String name, String val) + { } public void accept(IRequest r) { - CMS.debug("Handle publishing for unrevoke request id " - + r.getRequestId()); + CMS.debug( + "Handle publishing for unrevoke request id " + r.getRequestId()); // get fields in request. Certificate[] certs = r.getExtDataInCertArray(IRequest.OLD_CERTS); if (certs == null || certs.length == 0 || certs[0] == null) { // no certs in unrevoke. - CMS.debug("Nothing to publish for unrevocation " + "request " - + r.getRequestId()); + CMS.debug( + "Nothing to publish for unrevocation " + + "request " + r.getRequestId()); return; } - + if (certs[0] instanceof X509CertImpl) acceptX509(r, certs); } - + public void acceptX509(IRequest r, Certificate[] certs) { boolean error = false; Integer results[] = new Integer[certs.length]; @@ -456,72 +467,69 @@ class LdapUnrevocationListener implements IRequestListener { // We need the enrollment request to sort out predicate BigInteger serial = xcert.getSerialNumber(); ICertRecord certRecord = null; - IAuthority auth = (IAuthority) mProcessor.getAuthority(); + IAuthority auth = (IAuthority)mProcessor.getAuthority(); - if (auth == null || !(auth instanceof ICertificateAuthority)) { - mProcessor - .log(ILogger.LL_WARN, - "Trying to get a certificate from non certificate authority."); + if (auth == null || + !(auth instanceof ICertificateAuthority)) { + mProcessor.log(ILogger.LL_WARN, + "Trying to get a certificate from non certificate authority."); } else { - ICertificateRepository certdb = (ICertificateRepository) ((ICertificateAuthority) auth) - .getCertificateRepository(); + ICertificateRepository certdb = (ICertificateRepository) + ((ICertificateAuthority) auth).getCertificateRepository(); if (certdb == null) { - mProcessor.log(ILogger.LL_WARN, "Cert DB is null for " - + auth); + mProcessor.log(ILogger.LL_WARN, "Cert DB is null for " + auth); } else { try { - certRecord = (ICertRecord) certdb - .readCertificateRecord(serial); + certRecord = (ICertRecord) certdb.readCertificateRecord(serial); } catch (EBaseException e) { - mProcessor.log(ILogger.LL_FAILURE, CMS - .getLogMessage( - "CMSCORE_LDAP_GET_CERT_RECORD", - serial.toString(16), e.toString())); + mProcessor.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_GET_CERT_RECORD", serial.toString(16), e.toString())); } } } MetaInfo metaInfo = null; String ridString = null; - + if (certRecord != null) - metaInfo = (MetaInfo) certRecord - .get(CertRecord.ATTR_META_INFO); + metaInfo = + (MetaInfo) certRecord.get(CertRecord.ATTR_META_INFO); if (metaInfo == null) { - mProcessor.log(ILogger.LL_FAILURE, - "Failed getting CertRecord.ATTR_META_INFO for cert serial number 0x" - + serial.toString(16)); + mProcessor.log(ILogger.LL_FAILURE, + "Failed getting CertRecord.ATTR_META_INFO for cert serial number 0x" + + serial.toString(16)); } else { - ridString = (String) metaInfo - .get(CertRecord.META_REQUEST_ID); + ridString = (String) metaInfo.get(CertRecord.META_REQUEST_ID); } - + IRequest req = null; if (ridString != null) { RequestId rid = new RequestId(ridString); - + req = auth.getRequestQueue().findRequest(rid); - } + } mProcessor.publishCert(xcert, req); results[i] = IRequest.RES_SUCCESS; - CMS.debug("Published cert serial no 0x" - + xcert.getSerialNumber().toString(16)); + CMS.debug( + "Published cert serial no 0x" + + xcert.getSerialNumber().toString(16)); } catch (ELdapException e) { error = true; - mProcessor.log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_CERT_NOT_PUBLISH", xcert - .getSerialNumber().toString(16), e.toString())); + mProcessor.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_PUBLISH", + xcert.getSerialNumber().toString(16), e.toString())); } catch (EBaseException e) { error = true; - mProcessor.log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_CERT_NOT_FIND", xcert.getSerialNumber() - .toString(16), e.toString())); - } + mProcessor.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_FIND", + xcert.getSerialNumber().toString(16), e.toString())); + } } r.setExtData("ldapPublishStatus", results); r.setExtData("ldapPublishOverAllStatus", - (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS)); + (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS)); } } + |