diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/ldapconn')
7 files changed, 535 insertions, 563 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java index fa400341a..7c1d844d7 100644 --- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java +++ b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.ldapconn; - import netscape.ldap.LDAPConnection; import netscape.ldap.LDAPException; import netscape.ldap.LDAPSocketFactory; @@ -30,11 +29,10 @@ import com.netscape.certsrv.ldap.ELdapServerDownException; import com.netscape.certsrv.ldap.ILdapConnFactory; import com.netscape.certsrv.logging.ILogger; - /** - * Factory for getting LDAP Connections to a LDAP server - * each connection is a seperate thread that can be bound to a different - * authentication dn and password. + * Factory for getting LDAP Connections to a LDAP server each connection is a + * seperate thread that can be bound to a different authentication dn and + * password. */ public class LdapAnonConnFactory implements ILdapConnFactory { protected int mMinConns = 5; @@ -49,8 +47,8 @@ public class LdapAnonConnFactory implements ILdapConnFactory { public static final String PROP_ERROR_IF_DOWN = "errorIfDown"; - private int mNumConns = 0; // number of available conns in array - private int mTotal = 0; // total num conns + private int mNumConns = 0; // number of available conns in array + private int mTotal = 0; // total num conns private AnonConnection mConns[] = null; private boolean mInited = false; @@ -59,8 +57,8 @@ public class LdapAnonConnFactory implements ILdapConnFactory { private boolean mDefErrorIfDown = false; /** - * Constructor for initializing from the config store. - * must be followed by init(IConfigStore) + * Constructor for initializing from the config store. must be followed by + * init(IConfigStore) */ public LdapAnonConnFactory() { } @@ -71,13 +69,15 @@ public class LdapAnonConnFactory implements ILdapConnFactory { /** * Constructor for LdapAnonConnFactory + * * @param minConns minimum number of connections to have available - * @param maxConns max number of connections to have available. This is - * the maximum number of clones of this connection one wants to allow. + * @param maxConns max number of connections to have available. This is the + * maximum number of clones of this connection one wants to + * allow. * @param serverInfo server connection info - host, port, etc. */ - public LdapAnonConnFactory(int minConns, int maxConns, - LdapConnInfo connInfo) throws ELdapException { + public LdapAnonConnFactory(int minConns, int maxConns, LdapConnInfo connInfo) + throws ELdapException { init(minConns, maxConns, connInfo); } @@ -107,9 +107,10 @@ public class LdapAnonConnFactory implements ILdapConnFactory { try { minConns = Integer.parseInt(minStr); } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAPCONN_MIN_CONN")); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_NUMBER_FORMAT_1", PROP_MINCONNS)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAPCONN_MIN_CONN")); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_INVALID_NUMBER_FORMAT_1", PROP_MINCONNS)); } } @@ -118,30 +119,31 @@ public class LdapAnonConnFactory implements ILdapConnFactory { try { maxConns = Integer.parseInt(maxStr); } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAPCONN_MAX_CONN")); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_NUMBER_FORMAT_1", PROP_MAXCONNS)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAPCONN_MAX_CONN")); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_INVALID_NUMBER_FORMAT_1", PROP_MAXCONNS)); } } mErrorIfDown = config.getBoolean(PROP_ERROR_IF_DOWN, mDefErrorIfDown); - init(minConns, maxConns, - new LdapConnInfo(config.getSubStore(PROP_LDAPCONNINFO))); + init(minConns, maxConns, + new LdapConnInfo(config.getSubStore(PROP_LDAPCONNINFO))); } /** * initialize routine from parameters. */ protected void init(int minConns, int maxConns, LdapConnInfo connInfo) - throws ELdapException { - if (mInited) - return; // XXX should throw exception here ? + throws ELdapException { + if (mInited) + return; // XXX should throw exception here ? - if (minConns <= 0 || maxConns <= 0 || minConns > maxConns) + if (minConns <= 0 || maxConns <= 0 || minConns > maxConns) throw new ELdapException( CMS.getUserMessage("CMS_LDAP_INVALID_NUMCONN_PARAMETERS")); - if (connInfo == null) + if (connInfo == null) throw new IllegalArgumentException("connInfo is Null!"); mMinConns = minConns; @@ -150,10 +152,9 @@ public class LdapAnonConnFactory implements ILdapConnFactory { mConns = new AnonConnection[mMaxConns]; - log(ILogger.LL_INFO, - "Created: min " + minConns + " max " + maxConns + - " host " + connInfo.getHost() + " port " + connInfo.getPort() + - " secure " + connInfo.getSecure()); + log(ILogger.LL_INFO, "Created: min " + minConns + " max " + maxConns + + " host " + connInfo.getHost() + " port " + connInfo.getPort() + + " secure " + connInfo.getSecure()); // initalize minimum number of connection handles available. makeMinimum(mErrorIfDown); @@ -161,123 +162,122 @@ public class LdapAnonConnFactory implements ILdapConnFactory { } /** - * make the mininum configured connections + * make the mininum configured connections */ protected void makeMinimum(boolean errorIfDown) throws ELdapException { try { if (mNumConns < mMinConns && mTotal < mMaxConns) { - int increment = Math.min(mMinConns - mNumConns, mMaxConns - mTotal); + int increment = Math.min(mMinConns - mNumConns, mMaxConns + - mTotal); - CMS.debug( - "increasing minimum number of connections by " + increment); + CMS.debug("increasing minimum number of connections by " + + increment); for (int i = increment - 1; i >= 0; i--) { mConns[i] = new AnonConnection(mConnInfo); } mTotal += increment; mNumConns += increment; - CMS.debug( - "new total number of connections " + mTotal); - CMS.debug( - "new total available connections " + mNumConns); + CMS.debug("new total number of connections " + mTotal); + CMS.debug("new total available connections " + mNumConns); } } catch (LDAPException e) { // XXX errorCodeToString() used here so users won't see message. - // though why are messages from exceptions being displayed to + // though why are messages from exceptions being displayed to // users ? if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { - // need to intercept this because message from LDAP is + // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - "Cannot connect to Ldap server. Error: " + - "Ldap Server host " + mConnInfo.getHost() + - " int " + mConnInfo.getPort() + " is unavailable."); + "Cannot connect to Ldap server. Error: " + + "Ldap Server host " + mConnInfo.getHost() + + " int " + mConnInfo.getPort() + + " is unavailable."); if (errorIfDown) { - throw new ELdapServerDownException( - CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", - mConnInfo.getHost(), "" + mConnInfo.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage( + "CMS_LDAP_SERVER_UNAVAILABLE", mConnInfo.getHost(), + "" + mConnInfo.getPort())); } } else { - log(ILogger.LL_FAILURE, - "Cannot connect to ldap server. error: " + e.toString()); + log(ILogger.LL_FAILURE, + "Cannot connect to ldap server. error: " + e.toString()); String errmsg = e.errorCodeToString(); if (errmsg == null) errmsg = e.toString(); - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_CONNECT_TO_LDAP_SERVER_FAILED", - mConnInfo.getHost(), "" + (Integer.valueOf(mConnInfo.getPort())), errmsg)); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_CONNECT_TO_LDAP_SERVER_FAILED", + mConnInfo.getHost(), + "" + (Integer.valueOf(mConnInfo.getPort())), errmsg)); } } } /** - * Gets connection from this factory. - * All connections gotten from this factory must be returned. - * If not the max number of connections may be reached prematurely. - * The best thing to put returnConn in a finally clause so it - * always gets called. For example, + * Gets connection from this factory. All connections gotten from this + * factory must be returned. If not the max number of connections may be + * reached prematurely. The best thing to put returnConn in a finally clause + * so it always gets called. For example, + * * <pre> - * LDAPConnection c = null; - * try { - * c = factory.getConn(); - * myclass.do_something_with_c(c); - * } - * catch (ELdapException e) { - * handle_error_here(); - * } - * finally { - * factory.returnConn(c); - * } + * LDAPConnection c = null; + * try { + * c = factory.getConn(); + * myclass.do_something_with_c(c); + * } catch (ELdapException e) { + * handle_error_here(); + * } finally { + * factory.returnConn(c); + * } * </pre> */ - public LDAPConnection getConn() - throws ELdapException { + public LDAPConnection getConn() throws ELdapException { return getConn(true); } /** - * Returns a LDAP connection - a clone of the master connection. - * All connections should be returned to the factory using returnConn() - * to recycle connection objects. - * If not returned the limited max number is affected but if that - * number is large not much harm is done. - * Returns null if maximum number of connections reached. - * <p> - * The best thing to put returnConn in a finally clause so it - * always gets called. For example, + * Returns a LDAP connection - a clone of the master connection. All + * connections should be returned to the factory using returnConn() to + * recycle connection objects. If not returned the limited max number is + * affected but if that number is large not much harm is done. Returns null + * if maximum number of connections reached. + * <p> + * The best thing to put returnConn in a finally clause so it always gets + * called. For example, + * * <pre> - * LDAPConnection c = null; - * try { - * c = factory.getConn(); - * myclass.do_something_with_c(c); - * } - * catch (ELdapException e) { - * handle_error_here(); - * } - * finally { - * factory.returnConn(c); - * } + * LDAPConnection c = null; + * try { + * c = factory.getConn(); + * myclass.do_something_with_c(c); + * } catch (ELdapException e) { + * handle_error_here(); + * } finally { + * factory.returnConn(c); + * } * </pre> - */ - public synchronized LDAPConnection getConn(boolean waitForConn) - throws ELdapException { + */ + public synchronized LDAPConnection getConn(boolean waitForConn) + throws ELdapException { boolean waited = false; CMS.debug("LdapAnonConnFactory::getConn"); - if (mNumConns == 0) + if (mNumConns == 0) makeMinimum(true); if (mNumConns == 0) { if (!waitForConn) return null; try { CMS.debug("getConn(): out of ldap connections"); - log(ILogger.LL_WARN, - "Ran out of ldap connections available " + - "in ldap connection pool to " + - mConnInfo.getHost() + ":" + mConnInfo.getPort() + ". " + - "This could be a temporary condition or an indication of " + - "something more serious that can cause the server to " + - "hang."); + log(ILogger.LL_WARN, + "Ran out of ldap connections available " + + "in ldap connection pool to " + + mConnInfo.getHost() + + ":" + + mConnInfo.getPort() + + ". " + + "This could be a temporary condition or an indication of " + + "something more serious that can cause the server to " + + "hang."); waited = true; while (mNumConns == 0) { wait(); @@ -291,53 +291,56 @@ public class LdapAnonConnFactory implements ILdapConnFactory { mConns[mNumConns] = null; if (waited) { - log(ILogger.LL_WARN, - "Ldap connections are available again in ldap connection pool " + - "to " + mConnInfo.getHost() + ":" + mConnInfo.getPort()); + log(ILogger.LL_WARN, + "Ldap connections are available again in ldap connection pool " + + "to " + mConnInfo.getHost() + ":" + + mConnInfo.getPort()); } - CMS.debug("LdapAnonConnFactory.getConn(): num avail conns now " + mNumConns); - //Beginning of fix for Bugzilla #630176 + CMS.debug("LdapAnonConnFactory.getConn(): num avail conns now " + + mNumConns); + // Beginning of fix for Bugzilla #630176 boolean isConnected = false; - if(conn != null) { + if (conn != null) { isConnected = conn.isConnected(); } - if(!isConnected) { + if (!isConnected) { CMS.debug("LdapAnonConnFactory.getConn(): selected conn is down, try to reconnect..."); conn = null; try { - conn = new AnonConnection(mConnInfo); + conn = new AnonConnection(mConnInfo); } catch (LDAPException e) { - CMS.debug("LdapAnonConnFactory.getConn(): error when trying to bring back a down connection."); - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_CONNECT_TO_LDAP_SERVER_FAILED", - mConnInfo.getHost(), "" + (Integer.valueOf(mConnInfo.getPort())), e.toString())); + CMS.debug("LdapAnonConnFactory.getConn(): error when trying to bring back a down connection."); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_CONNECT_TO_LDAP_SERVER_FAILED", + mConnInfo.getHost(), + "" + (Integer.valueOf(mConnInfo.getPort())), + e.toString())); } } - //This is the end of the fix for Bugzilla #630176 + // This is the end of the fix for Bugzilla #630176 return conn; } - /** - * Returns a connection to the factory for recycling. - * All connections gotten from this factory must be returned. - * If not the max number of connections may be reached prematurely. + /** + * Returns a connection to the factory for recycling. All connections gotten + * from this factory must be returned. If not the max number of connections + * may be reached prematurely. * <p> - * The best thing to put returnConn in a finally clause so it - * always gets called. For example, + * The best thing to put returnConn in a finally clause so it always gets + * called. For example, + * * <pre> - * LDAPConnection c = null; - * try { - * c = factory.getConn(); - * myclass.do_something_with_c(c); - * } - * catch (ELdapException e) { - * handle_error_here(); - * } - * finally { - * factory.returnConn(c); - * } + * LDAPConnection c = null; + * try { + * c = factory.getConn(); + * myclass.do_something_with_c(c); + * } catch (ELdapException e) { + * handle_error_here(); + * } finally { + * factory.returnConn(c); + * } * </pre> */ public synchronized void returnConn(LDAPConnection conn) { @@ -348,12 +351,12 @@ public class LdapAnonConnFactory implements ILdapConnFactory { AnonConnection anon = (AnonConnection) conn; if (anon.getFacId() != mConns) { - // returning a connection not from this factory. + // returning a connection not from this factory. log(ILogger.LL_WARN, "returnConn: unknown connection."); /* swallow this error but see who's doing it. */ - ELdapException e = - new ELdapException(CMS.getUserMessage("CMS_LDAP_UNKNOWN_RETURNED_CONN")); + ELdapException e = new ELdapException( + CMS.getUserMessage("CMS_LDAP_UNKNOWN_RETURNED_CONN")); } // check if conn has already been returned. for (int i = 0; i < mNumConns; i++) { @@ -361,10 +364,10 @@ public class LdapAnonConnFactory implements ILdapConnFactory { if (mConns[i] == anon) { /* swallow this error but see who's doing it. */ - log(ILogger.LL_WARN, - "returnConn: previously returned connection."); - ELdapException e = - new ELdapException(CMS.getUserMessage("CMS_LDAP_BAD_RETURNED_CONN")); + log(ILogger.LL_WARN, + "returnConn: previously returned connection."); + ELdapException e = new ELdapException( + CMS.getUserMessage("CMS_LDAP_BAD_RETURNED_CONN")); } } @@ -377,9 +380,9 @@ public class LdapAnonConnFactory implements ILdapConnFactory { // return conn. CMS.debug("returnConn: mNumConns now " + mNumConns); } catch (LDAPException e) { - log(ILogger.LL_WARN, - "Could not re-authenticate ldap connection to anonymous." + - " Error " + e); + log(ILogger.LL_WARN, + "Could not re-authenticate ldap connection to anonymous." + + " Error " + e); } // return the connection even if can't reauthentication anon. // most likely server was down. @@ -388,8 +391,7 @@ public class LdapAnonConnFactory implements ILdapConnFactory { notify(); } - protected void finalize() - throws Exception { + protected void finalize() throws Exception { reset(); } @@ -401,30 +403,29 @@ public class LdapAnonConnFactory implements ILdapConnFactory { } /** - * resets this factory - if no connections outstanding, - * disconnections all connections and resets everything to 0 as if - * no connections were ever made. intended to be called just before - * shutdown or exit to disconnection & cleanup connections. + * resets this factory - if no connections outstanding, disconnections all + * connections and resets everything to 0 as if no connections were ever + * made. intended to be called just before shutdown or exit to disconnection + * & cleanup connections. */ // ok only if no connections outstanding. - public synchronized void reset() - throws ELdapException { + public synchronized void reset() throws ELdapException { if (mNumConns == mTotal) { for (int i = 0; i < mNumConns; i++) { try { CMS.debug("disconnecting connection " + i); mConns[i].disconnect(); } catch (LDAPException e) { - log(ILogger.LL_INFO, - "exception during disconnect: " + e.toString()); + log(ILogger.LL_INFO, + "exception during disconnect: " + e.toString()); } mConns[i] = null; } mTotal = 0; mNumConns = 0; } else { - log(ILogger.LL_INFO, - "Cannot reset() while connections not all returned"); + log(ILogger.LL_INFO, + "Cannot reset() while connections not all returned"); throw new ELdapException( CMS.getUserMessage("CMS_LDAP_CANNOT_RESET_CONNFAC")); } @@ -434,10 +435,13 @@ public class LdapAnonConnFactory implements ILdapConnFactory { * handy routine for logging in this class. */ private void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "In Ldap (anonymous) connection pool to" + - " host " + mConnInfo.getHost() + - " port " + mConnInfo.getPort() + ", " + msg); + mLogger.log( + ILogger.EV_SYSTEM, + ILogger.S_LDAP, + level, + "In Ldap (anonymous) connection pool to" + " host " + + mConnInfo.getHost() + " port " + mConnInfo.getPort() + + ", " + msg); } /** @@ -449,28 +453,26 @@ public class LdapAnonConnFactory implements ILdapConnFactory { */ private static final long serialVersionUID = 4813780131074412404L; - public AnonConnection(LdapConnInfo connInfo) - throws LDAPException { + public AnonConnection(LdapConnInfo connInfo) throws LDAPException { super(connInfo); } - - public AnonConnection(String host, int port, int version, - LDAPSocketFactory fac) - throws LDAPException { + + public AnonConnection(String host, int port, int version, + LDAPSocketFactory fac) throws LDAPException { super(host, port, version, fac); } - + /** * instantiates a non-secure connection to a ldap server */ public AnonConnection(String host, int port, int version) - throws LDAPException { + throws LDAPException { super(host, port, version); } /** - * used only to identify the factory from which this came. - * mConns to identify factory. + * used only to identify the factory from which this came. mConns to + * identify factory. */ public AnonConnection[] getFacId() { return mConns; diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java index 1d3996dd7..09c77048e 100644 --- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java +++ b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java @@ -17,18 +17,16 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.ldapconn; - import netscape.ldap.LDAPConnection; import netscape.ldap.LDAPException; import netscape.ldap.LDAPSocketFactory; import netscape.ldap.LDAPv2; - /** - * A LDAP connection that is bound to a server host, port and secure type. - * Makes a LDAP connection when instantiated. - * Cannot establish another LDAP connection after construction. - * LDAPConnection connect methods are overridden to prevent this. + * A LDAP connection that is bound to a server host, port and secure type. Makes + * a LDAP connection when instantiated. Cannot establish another LDAP connection + * after construction. LDAPConnection connect methods are overridden to prevent + * this. */ public class LdapAnonConnection extends LDAPConnection { @@ -40,26 +38,24 @@ public class LdapAnonConnection extends LDAPConnection { /** * instantiates a connection to a ldap server */ - public LdapAnonConnection(LdapConnInfo connInfo) - throws LDAPException { + public LdapAnonConnection(LdapConnInfo connInfo) throws LDAPException { super(connInfo.getSecure() ? new LdapJssSSLSocketFactory() : null); - // Set option to automatically follow referrals. + // Set option to automatically follow referrals. // rebind info is also anonymous. boolean followReferrals = connInfo.getFollowReferrals(); setOption(LDAPv2.REFERRALS, new Boolean(followReferrals)); - super.connect(connInfo.getVersion(), - connInfo.getHost(), connInfo.getPort(), null, null); + super.connect(connInfo.getVersion(), connInfo.getHost(), + connInfo.getPort(), null, null); } /** * instantiates a connection to a ldap server */ - public LdapAnonConnection(String host, int port, int version, - LDAPSocketFactory fac) - throws LDAPException { + public LdapAnonConnection(String host, int port, int version, + LDAPSocketFactory fac) throws LDAPException { super(fac); super.connect(version, host, port, null, null); } @@ -68,14 +64,13 @@ public class LdapAnonConnection extends LDAPConnection { * instantiates a non-secure connection to a ldap server */ public LdapAnonConnection(String host, int port, int version) - throws LDAPException { + throws LDAPException { super(); super.connect(version, host, port, null, null); } /** - * overrides superclass connect. - * does not allow reconnect. + * overrides superclass connect. does not allow reconnect. */ public void connect(String host, int port) throws LDAPException { throw new RuntimeException( @@ -83,11 +78,10 @@ public class LdapAnonConnection extends LDAPConnection { } /** - * overrides superclass connect. - * does not allow reconnect. + * overrides superclass connect. does not allow reconnect. */ - public void connect(int version, String host, int port, - String dn, String pw) throws LDAPException { + public void connect(int version, String host, int port, String dn, String pw) + throws LDAPException { throw new RuntimeException( "this LdapAnonConnection already connected: connect(v,h,p)"); } diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAuthInfo.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAuthInfo.java index b499dd07e..450e070a4 100644 --- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAuthInfo.java +++ b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAuthInfo.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.ldapconn; - import java.util.Hashtable; import netscape.ldap.LDAPConnection; @@ -29,7 +28,6 @@ import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.ldap.ILdapAuthInfo; import com.netscape.cmsutil.password.IPasswordStore; - /** * class for reading ldap authentication info from config store */ @@ -56,28 +54,31 @@ public class LdapAuthInfo implements ILdapAuthInfo { } /** - * constructs ldap auth info directly from config store, and verifies - * the password by attempting to connect to the server. + * constructs ldap auth info directly from config store, and verifies the + * password by attempting to connect to the server. */ - public LdapAuthInfo(IConfigStore config, String host, int port, boolean secure) - throws EBaseException { + public LdapAuthInfo(IConfigStore config, String host, int port, + boolean secure) throws EBaseException { init(config, host, port, secure); } - public String getPasswordFromStore (String prompt) { + public String getPasswordFromStore(String prompt) { String pwd = null; CMS.debug("LdapAuthInfo: getPasswordFromStore: try to get it from password store"); -// hey - should use password store interface to allow different implementations -// but the problem is, other parts of the system just go directly to the file -// so calling CMS.getPasswordStore() will give you an outdated one -/* - IConfigStore mainConfig = CMS.getConfigStore(); - String pwdFile = mainConfig.getString("passwordFile"); - FileConfigStore pstore = new FileConfigStore(pwdFile); -*/ + // hey - should use password store interface to allow different + // implementations + // but the problem is, other parts of the system just go directly to the + // file + // so calling CMS.getPasswordStore() will give you an outdated one + /* + * IConfigStore mainConfig = CMS.getConfigStore(); String pwdFile = + * mainConfig.getString("passwordFile"); FileConfigStore pstore = new + * FileConfigStore(pwdFile); + */ IPasswordStore pwdStore = CMS.getPasswordStore(); - CMS.debug("LdapAuthInfo: getPasswordFromStore: about to get from passwored store: "+prompt); + CMS.debug("LdapAuthInfo: getPasswordFromStore: about to get from passwored store: " + + prompt); // support publishing dirsrv with different pwd than internaldb @@ -85,18 +86,18 @@ public class LdapAuthInfo implements ILdapAuthInfo { if (pwdStore != null) { CMS.debug("LdapAuthInfo: getPasswordFromStore: password store available"); pwd = pwdStore.getPassword(prompt); -// pwd = pstore.getString(prompt); - if ( pwd == null) { - CMS.debug("LdapAuthInfo: getPasswordFromStore: password for "+prompt+ - " not found, trying internaldb"); + // pwd = pstore.getString(prompt); + if (pwd == null) { + CMS.debug("LdapAuthInfo: getPasswordFromStore: password for " + + prompt + " not found, trying internaldb"); -// pwd = pstore.getString("internaldb"); + // pwd = pstore.getString("internaldb"); - pwd = pwdStore.getPassword("internaldb"); // last resort + pwd = pwdStore.getPassword("internaldb"); // last resort } else - CMS.debug("LdapAuthInfo: getPasswordFromStore: password found for prompt in password store"); + CMS.debug("LdapAuthInfo: getPasswordFromStore: password found for prompt in password store"); } else - CMS.debug("LdapAuthInfo: getPasswordFromStore: password store not available: pwdStore is null"); + CMS.debug("LdapAuthInfo: getPasswordFromStore: password store not available: pwdStore is null"); return pwd; } @@ -110,19 +111,19 @@ public class LdapAuthInfo implements ILdapAuthInfo { /** * initialize this class from the config store, and verify the password. - * - * @param host The host that the directory server is running on. - * This will be used to verify the password by attempting to connect. - * If it is <code>null</code>, the password will not be verified. + * + * @param host The host that the directory server is running on. This will + * be used to verify the password by attempting to connect. If it + * is <code>null</code>, the password will not be verified. * @param port The port that the directory server is running on. */ public void init(IConfigStore config, String host, int port, boolean secure) - throws EBaseException { + throws EBaseException { CMS.debug("LdapAuthInfo: init()"); - if (mInited) { + if (mInited) { CMS.debug("LdapAuthInfo: already initialized"); - return; // XXX throw exception here ? + return; // XXX throw exception here ? } CMS.debug("LdapAuthInfo: init begins"); @@ -144,30 +145,33 @@ public class LdapAuthInfo implements ILdapAuthInfo { if (prompt == null) { prompt = "LDAP Authentication"; - CMS.debug("LdapAuthInfo: init: prompt is null, change to "+prompt); + CMS.debug("LdapAuthInfo: init: prompt is null, change to " + + prompt); } else - CMS.debug("LdapAuthInfo: init: prompt is "+prompt); + CMS.debug("LdapAuthInfo: init: prompt is " + prompt); if (mParms[1] == null) { CMS.debug("LdapAuthInfo: init: try getting from memory cache"); mParms[1] = (String) passwords.get(prompt); -if (mParms[1] != null) { - inMem = true; -CMS.debug("LdapAuthInfo: init: got password from memory"); -} else -CMS.debug("LdapAuthInfo: init: password not in memory"); + if (mParms[1] != null) { + inMem = true; + CMS.debug("LdapAuthInfo: init: got password from memory"); + } else + CMS.debug("LdapAuthInfo: init: password not in memory"); } else -CMS.debug("LdapAuthInfo: init: found password from config"); + CMS.debug("LdapAuthInfo: init: found password from config"); if (mParms[1] == null) { mParms[1] = getPasswordFromStore(prompt); - } else { + } else { CMS.debug("LdapAuthInfo: init: password found for prompt."); - } + } // verify the password - if ((mParms[1]!= null) && (!mParms[1].equals("")) && (host == null || - authInfoOK(host, port, secure, mParms[0], mParms[1]))) { + if ((mParms[1] != null) + && (!mParms[1].equals("")) + && (host == null || authInfoOK(host, port, secure, + mParms[0], mParms[1]))) { // The password is OK or uncheckable CMS.debug("LdapAuthInfo: password ok: store in memory cache"); passwords.put(prompt, mParms[1]); @@ -176,16 +180,17 @@ CMS.debug("LdapAuthInfo: init: found password from config"); CMS.debug("LdapAuthInfo: password not found"); else { CMS.debug("LdapAuthInfo: password does not work"); -/* what do you know? Our IPasswordStore does not have a remove function. - pstore.remove("internaldb"); -*/ + /* + * what do you know? Our IPasswordStore does not have a + * remove function. pstore.remove("internaldb"); + */ if (inMem) { // this is for the case when admin changes pwd // from console mParms[1] = getPasswordFromStore(prompt); - if(authInfoOK(host, port, secure, mParms[0], mParms[1])) { - CMS.debug("LdapAuthInfo: password ok: store in memory cache"); - passwords.put(prompt, mParms[1]); + if (authInfoOK(host, port, secure, mParms[0], mParms[1])) { + CMS.debug("LdapAuthInfo: password ok: store in memory cache"); + passwords.put(prompt, mParms[1]); } } } @@ -212,16 +217,17 @@ CMS.debug("LdapAuthInfo: init: found password from config"); /** * Verifies the distinguished name and password by attempting to - * authenticate to the server. If we connect to the server but cannot - * authenticate, we conclude that the DN or password is invalid. If - * we cannot connect at all, we don't know, so we return true - * (there's no sense asking for the password again since we can't verify - * it anyway). If we connect and authenticate successfully, we know - * the DN and password are correct, so we return true. + * authenticate to the server. If we connect to the server but cannot + * authenticate, we conclude that the DN or password is invalid. If we + * cannot connect at all, we don't know, so we return true (there's no sense + * asking for the password again since we can't verify it anyway). If we + * connect and authenticate successfully, we know the DN and password are + * correct, so we return true. */ private static LDAPConnection conn = new LDAPConnection(); - private static boolean - authInfoOK(String host, int port, boolean secure, String dn, String pw) { + + private static boolean authInfoOK(String host, int port, boolean secure, + String dn, String pw) { // We dont perform auth checking if we are in SSL mode. if (secure) @@ -238,16 +244,13 @@ CMS.debug("LdapAuthInfo: init: found password from config"); } /** - * There is a bug in LDAP SDK. VM will crash on NT if - * we connect and disconnect too many times. + * There is a bug in LDAP SDK. VM will crash on NT if we connect and + * disconnect too many times. **/ - + /** - if( connected ) { - try { - conn.disconnect(); - } catch( LDAPException e ) { } - } + * if( connected ) { try { conn.disconnect(); } catch( LDAPException e ) + * { } } **/ if (connected && !authenticated) { @@ -258,10 +261,11 @@ CMS.debug("LdapAuthInfo: init: found password from config"); } /** - * get authentication type. + * get authentication type. + * * @return one of: <br> - * LdapAuthInfo.LDAP_AUTHTYPE_BASICAUTH or - * LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH + * LdapAuthInfo.LDAP_AUTHTYPE_BASICAUTH or + * LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH */ public int getAuthType() { return mType; @@ -269,6 +273,7 @@ CMS.debug("LdapAuthInfo: init: found password from config"); /** * get params for authentication + * * @return array of parameters for this authentication. */ public String[] getParms() { @@ -281,7 +286,7 @@ CMS.debug("LdapAuthInfo: init: found password from config"); public void addPassword(String prompt, String pw) { try { passwords.put(prompt, pw); - }catch (Exception e) { + } catch (Exception e) { } } @@ -291,7 +296,7 @@ CMS.debug("LdapAuthInfo: init: found password from config"); public void removePassword(String prompt) { try { passwords.remove(prompt); - }catch (Exception e) { + } catch (Exception e) { } } } diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnFactory.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnFactory.java index a8a107acb..08932ef54 100644 --- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnFactory.java +++ b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnFactory.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.ldapconn; - import netscape.ldap.LDAPConnection; import netscape.ldap.LDAPException; import netscape.ldap.LDAPSocketFactory; @@ -30,12 +29,10 @@ import com.netscape.certsrv.ldap.ELdapServerDownException; import com.netscape.certsrv.ldap.ILdapBoundConnFactory; import com.netscape.certsrv.logging.ILogger; - /** - * Factory for getting LDAP Connections to a LDAP server with the same - * LDAP authentication. - * XXX not sure how useful this is given that LDAPConnection itself can - * be shared by multiple threads and cloned. + * Factory for getting LDAP Connections to a LDAP server with the same LDAP + * authentication. XXX not sure how useful this is given that LDAPConnection + * itself can be shared by multiple threads and cloned. */ public class LdapBoundConnFactory implements ILdapBoundConnFactory { protected int mMinConns = 5; @@ -52,10 +49,10 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory { public static final String PROP_ERROR_IF_DOWN = "errorIfDown"; - private int mNumConns = 0; // number of available conns in array - private int mTotal = 0; // total num conns + private int mNumConns = 0; // number of available conns in array + private int mTotal = 0; // total num conns - private boolean doCloning=true; + private boolean doCloning = true; private LdapBoundConnection mMasterConn = null; // master connection object. private BoundConnection mConns[]; @@ -70,8 +67,8 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory { private boolean mDefErrorIfDown = false; /** - * Constructor for initializing from the config store. - * must be followed by init(IConfigStore) + * Constructor for initializing from the config store. must be followed by + * init(IConfigStore) */ public LdapBoundConnFactory() { } @@ -94,51 +91,52 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory { /** * Constructor for LdapBoundConnFactory + * * @param minConns minimum number of connections to have available - * @param maxConns max number of connections to have available. This is - * the maximum number of clones of this connection or separate connections one wants to allow. + * @param maxConns max number of connections to have available. This is the + * maximum number of clones of this connection or separate + * connections one wants to allow. * @param serverInfo server connection info - host, port, etc. */ - public LdapBoundConnFactory(int minConns, int maxConns, - LdapConnInfo connInfo, LdapAuthInfo authInfo) throws ELdapException { + public LdapBoundConnFactory(int minConns, int maxConns, + LdapConnInfo connInfo, LdapAuthInfo authInfo) throws ELdapException { init(minConns, maxConns, connInfo, authInfo); } /** * Constructor for initialize */ - public void init(IConfigStore config) - throws ELdapException, EBaseException { + public void init(IConfigStore config) throws ELdapException, EBaseException { CMS.debug("LdapBoundConnFactory: init "); - LdapConnInfo connInfo = - new LdapConnInfo(config.getSubStore(PROP_LDAPCONNINFO)); + LdapConnInfo connInfo = new LdapConnInfo( + config.getSubStore(PROP_LDAPCONNINFO)); mErrorIfDown = config.getBoolean(PROP_ERROR_IF_DOWN, mDefErrorIfDown); - doCloning = config.getBoolean("doCloning",true); + doCloning = config.getBoolean("doCloning", true); CMS.debug("LdapBoundConnFactory:doCloning " + doCloning); init(config.getInteger(PROP_MINCONNS, mMinConns), - config.getInteger(PROP_MAXCONNS, mMaxConns), - connInfo, - new LdapAuthInfo(config.getSubStore(PROP_LDAPAUTHINFO), - connInfo.getHost(), connInfo.getPort(), connInfo.getSecure())); + config.getInteger(PROP_MAXCONNS, mMaxConns), + connInfo, + new LdapAuthInfo(config.getSubStore(PROP_LDAPAUTHINFO), + connInfo.getHost(), connInfo.getPort(), connInfo + .getSecure())); } /** - * initialize parameters obtained from either constructor or - * config store + * initialize parameters obtained from either constructor or config store + * * @param minConns minimum number of connection handls to have available. * @param maxConns maximum total number of connections to ever have. * @param connInfo ldap connection info. * @param authInfo ldap authentication info. - * @exception ELdapException if any error occurs. + * @exception ELdapException if any error occurs. */ - private void init(int minConns, int maxConns, - LdapConnInfo connInfo, LdapAuthInfo authInfo) - throws ELdapException { - if (minConns <= 0 || maxConns <= 0 || minConns > maxConns) + private void init(int minConns, int maxConns, LdapConnInfo connInfo, + LdapAuthInfo authInfo) throws ELdapException { + if (minConns <= 0 || maxConns <= 0 || minConns > maxConns) throw new ELdapException( CMS.getUserMessage("CMS_LDAP_INVALID_NUMCONN_PARAMETERS")); if (connInfo == null || authInfo == null) @@ -152,16 +150,14 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory { mConns = new BoundConnection[mMaxConns]; // Create connection handle and make initial connection - CMS.debug( - "init: before makeConnection errorIfDown is " + mErrorIfDown); + CMS.debug("init: before makeConnection errorIfDown is " + mErrorIfDown); makeConnection(mErrorIfDown); - CMS.debug( - "initializing with mininum " + mMinConns + " and maximum " + mMaxConns + - " connections to " + - "host " + mConnInfo.getHost() + " port " + mConnInfo.getPort() + - ", secure connection, " + mConnInfo.getSecure() + - ", authentication type " + mAuthInfo.getAuthType()); + CMS.debug("initializing with mininum " + mMinConns + " and maximum " + + mMaxConns + " connections to " + "host " + + mConnInfo.getHost() + " port " + mConnInfo.getPort() + + ", secure connection, " + mConnInfo.getSecure() + + ", authentication type " + mAuthInfo.getAuthType()); // initalize minimum number of connection handles available. makeMinimum(); @@ -169,6 +165,7 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory { /** * makes the initial master connection used to clone others.. + * * @exception ELdapException if any error occurs. */ protected void makeConnection(boolean errorIfDown) throws ELdapException { @@ -179,32 +176,36 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAPCONN_CONNECT_SERVER", - mConnInfo.getHost(), + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_LDAPCONN_CONNECT_SERVER", mConnInfo.getHost(), Integer.toString(mConnInfo.getPort()))); if (errorIfDown) { - throw new ELdapServerDownException( - CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", - mConnInfo.getHost(), "" + mConnInfo.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage( + "CMS_LDAP_SERVER_UNAVAILABLE", mConnInfo.getHost(), + "" + mConnInfo.getPort())); } } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAPCONN_FAILED_SERVER", e.toString())); - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_CONNECT_TO_LDAP_SERVER_FAILED", - mConnInfo.getHost(), "" + (Integer.valueOf(mConnInfo.getPort())), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAPCONN_FAILED_SERVER", + e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_CONNECT_TO_LDAP_SERVER_FAILED", + mConnInfo.getHost(), + "" + (Integer.valueOf(mConnInfo.getPort())), + e.toString())); } } } - /** * makes subsequent connections if cloning is not used . + * * @exception ELdapException if any error occurs. */ - private LdapBoundConnection makeNewConnection(boolean errorIfDown) throws ELdapException { - CMS.debug("LdapBoundConnFactory:In makeNewConnection: errorIfDown " + errorIfDown); + private LdapBoundConnection makeNewConnection(boolean errorIfDown) + throws ELdapException { + CMS.debug("LdapBoundConnFactory:In makeNewConnection: errorIfDown " + + errorIfDown); LdapBoundConnection conn = null; try { conn = new BoundConnection(mConnInfo, mAuthInfo); @@ -212,47 +213,48 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAPCONN_CONNECT_SERVER", - mConnInfo.getHost(), + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_LDAPCONN_CONNECT_SERVER", mConnInfo.getHost(), Integer.toString(mConnInfo.getPort()))); if (errorIfDown) { - throw new ELdapServerDownException( - CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", - mConnInfo.getHost(), "" + mConnInfo.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage( + "CMS_LDAP_SERVER_UNAVAILABLE", mConnInfo.getHost(), + "" + mConnInfo.getPort())); } } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAPCONN_FAILED_SERVER", e.toString())); - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_CONNECT_TO_LDAP_SERVER_FAILED", - mConnInfo.getHost(), "" + (Integer.valueOf(mConnInfo.getPort())), e.toString())); + CMS.getLogMessage("CMSCORE_LDAPCONN_FAILED_SERVER", + e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_CONNECT_TO_LDAP_SERVER_FAILED", + mConnInfo.getHost(), + "" + (Integer.valueOf(mConnInfo.getPort())), + e.toString())); } } return conn; } + /** * makes the minumum number of connections */ private void makeMinimum() throws ELdapException { - if (mMasterConn == null || mMasterConn.isConnected() == false) + if (mMasterConn == null || mMasterConn.isConnected() == false) return; int increment; if (mNumConns < mMinConns && mTotal <= mMaxConns) { increment = Math.min(mMinConns - mNumConns, mMaxConns - mTotal); - CMS.debug( - "increasing minimum connections by " + increment); + CMS.debug("increasing minimum connections by " + increment); for (int i = increment - 1; i >= 0; i--) { - if(doCloning == true) { + if (doCloning == true) { mConns[i] = (BoundConnection) mMasterConn.clone(); - } - else { + } else { mConns[i] = (BoundConnection) makeNewConnection(true); } - + } mTotal += increment; mNumConns += increment; @@ -262,132 +264,129 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory { } /** - * gets a conenction from this factory. - * All connections obtained from the factory must be returned by - * returnConn() method. - * The best thing to do is to put returnConn in a finally clause so it - * always gets called. For example, + * gets a conenction from this factory. All connections obtained from the + * factory must be returned by returnConn() method. The best thing to do is + * to put returnConn in a finally clause so it always gets called. For + * example, + * * <pre> - * LDAPConnection c = null; - * try { - * c = factory.getConn(); - * myclass.do_something_with_c(c); - * } - * catch (ELdapException e) { - * handle_error_here(); - * } - * finally { - * factory.returnConn(c); - * } + * LDAPConnection c = null; + * try { + * c = factory.getConn(); + * myclass.do_something_with_c(c); + * } catch (ELdapException e) { + * handle_error_here(); + * } finally { + * factory.returnConn(c); + * } * </pre> */ - public LDAPConnection getConn() - throws ELdapException { + public LDAPConnection getConn() throws ELdapException { return getConn(true); } /** - * Returns a LDAP connection - a clone of the master connection. - * All connections should be returned to the factory using returnConn() - * to recycle connection objects. - * If not returned the limited max number is affected but if that - * number is large not much harm is done. - * Returns null if maximum number of connections reached. - * The best thing to do is to put returnConn in a finally clause so it - * always gets called. For example, + * Returns a LDAP connection - a clone of the master connection. All + * connections should be returned to the factory using returnConn() to + * recycle connection objects. If not returned the limited max number is + * affected but if that number is large not much harm is done. Returns null + * if maximum number of connections reached. The best thing to do is to put + * returnConn in a finally clause so it always gets called. For example, + * * <pre> - * LDAPConnection c = null; - * try { - * c = factory.getConn(); - * myclass.do_something_with_c(c); - * } - * catch (ELdapException e) { - * handle_error_here(); - * } - * finally { - * factory.returnConn(c); - * } + * LDAPConnection c = null; + * try { + * c = factory.getConn(); + * myclass.do_something_with_c(c); + * } catch (ELdapException e) { + * handle_error_here(); + * } finally { + * factory.returnConn(c); + * } * </pre> - */ - public synchronized LDAPConnection getConn(boolean waitForConn) - throws ELdapException { + */ + public synchronized LDAPConnection getConn(boolean waitForConn) + throws ELdapException { boolean waited = false; - CMS.debug("In LdapBoundConnFactory::getConn()"); - if(mMasterConn != null) + CMS.debug("In LdapBoundConnFactory::getConn()"); + if (mMasterConn != null) CMS.debug("masterConn is connected: " + mMasterConn.isConnected()); else CMS.debug("masterConn is null."); if (mMasterConn == null || !mMasterConn.isConnected()) { try { - makeConnection(true); - } catch (ELdapException e) { + makeConnection(true); + } catch (ELdapException e) { mMasterConn = null; - CMS.debug("Can't create master connection in LdapBoundConnFactory::getConn! " + e.toString()); + CMS.debug("Can't create master connection in LdapBoundConnFactory::getConn! " + + e.toString()); throw e; } } - if (mNumConns == 0) + if (mNumConns == 0) makeMinimum(); if (mNumConns == 0) { if (!waitForConn) return null; try { CMS.debug("getConn: out of ldap connections"); - log(ILogger.LL_WARN, - "Ran out of ldap connections available " + - "in ldap connection pool to " + - mConnInfo.getHost() + ":" + mConnInfo.getPort() + ". " + - "This could be a temporary condition or an indication of " + - "something more serious that can cause the server to " + - "hang."); + log(ILogger.LL_WARN, + "Ran out of ldap connections available " + + "in ldap connection pool to " + + mConnInfo.getHost() + + ":" + + mConnInfo.getPort() + + ". " + + "This could be a temporary condition or an indication of " + + "something more serious that can cause the server to " + + "hang."); waited = true; - while (mNumConns == 0) + while (mNumConns == 0) wait(); } catch (InterruptedException e) { } - } + } mNumConns--; LDAPConnection conn = mConns[mNumConns]; boolean isConnected = false; - if(conn != null) { + if (conn != null) { isConnected = conn.isConnected(); } CMS.debug("getConn: conn is connected " + isConnected); - //If masterConn is still alive, lets try to bring this one - //back to life + // If masterConn is still alive, lets try to bring this one + // back to life - if((isConnected == false) && (mMasterConn != null) - && (mMasterConn.isConnected() == true)) { + if ((isConnected == false) && (mMasterConn != null) + && (mMasterConn.isConnected() == true)) { CMS.debug("Attempt to bring back down connection."); - if(doCloning == true) { + if (doCloning == true) { mConns[mNumConns] = (BoundConnection) mMasterConn.clone(); - } - else { + } else { try { - mConns[mNumConns] = (BoundConnection) makeNewConnection(true); + mConns[mNumConns] = (BoundConnection) makeNewConnection(true); + } catch (ELdapException e) { + mConns[mNumConns] = null; } - catch (ELdapException e) { - mConns[mNumConns] = null; - } - } - conn = mConns[mNumConns]; + } + conn = mConns[mNumConns]; - CMS.debug("Re-animated connection: " + conn); - } + CMS.debug("Re-animated connection: " + conn); + } - mConns[mNumConns] = null; + mConns[mNumConns] = null; if (waited) { - log(ILogger.LL_WARN, - "Ldap connections are available again in ldap connection pool " + - "to " + mConnInfo.getHost() + ":" + mConnInfo.getPort()); + log(ILogger.LL_WARN, + "Ldap connections are available again in ldap connection pool " + + "to " + mConnInfo.getHost() + ":" + + mConnInfo.getPort()); } CMS.debug("getConn: mNumConns now " + mNumConns); @@ -395,22 +394,20 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory { } /** - * Teturn connection to the factory. - * This is mandatory after a getConn(). + * Teturn connection to the factory. This is mandatory after a getConn(). * The best thing to do is to put returnConn in a finally clause so it - * always gets called. For example, + * always gets called. For example, + * * <pre> - * LDAPConnection c = null; - * try { - * c = factory.getConn(); - * myclass.do_something_with_c(c); - * } - * catch (ELdapException e) { - * handle_error_here(); - * } - * finally { - * factory.returnConn(c); - * } + * LDAPConnection c = null; + * try { + * c = factory.getConn(); + * myclass.do_something_with_c(c); + * } catch (ELdapException e) { + * handle_error_here(); + * } finally { + * factory.returnConn(c); + * } * </pre> */ public synchronized void returnConn(LDAPConnection conn) { @@ -423,17 +420,16 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory { log(ILogger.LL_WARN, "returnConn: unknown connection."); /* swallow this exception but see who's doing it. */ - ELdapException e = - new ELdapException(CMS.getUserMessage("CMS_LDAP_UNKNOWN_RETURNED_CONN")); + ELdapException e = new ELdapException( + CMS.getUserMessage("CMS_LDAP_UNKNOWN_RETURNED_CONN")); } for (int i = 0; i < mNumConns; i++) { if (mConns[i] == conn) { - CMS.debug( - "returnConn: previously returned connection."); + CMS.debug("returnConn: previously returned connection."); - /* swallow this exception but see who's doing it */ - ELdapException e = - new ELdapException(CMS.getUserMessage("CMS_LDAP_BAD_RETURNED_CONN")); + /* swallow this exception but see who's doing it */ + ELdapException e = new ELdapException( + CMS.getUserMessage("CMS_LDAP_BAD_RETURNED_CONN")); } } mConns[mNumConns++] = boundconn; @@ -445,25 +441,25 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory { * handy routine for logging in this class. */ private void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "In Ldap (bound) connection pool to" + - " host " + mConnInfo.getHost() + - " port " + mConnInfo.getPort() + ", " + msg); + mLogger.log( + ILogger.EV_SYSTEM, + ILogger.S_LDAP, + level, + "In Ldap (bound) connection pool to" + " host " + + mConnInfo.getHost() + " port " + mConnInfo.getPort() + + ", " + msg); } - protected void finalize() - throws Exception { + protected void finalize() throws Exception { reset(); } /** - * used for disconnecting all connections and reset everything to 0 - * as if connections were never made. used just before a subsystem - * shutdown or process exit. - * useful only if no connections are outstanding. + * used for disconnecting all connections and reset everything to 0 as if + * connections were never made. used just before a subsystem shutdown or + * process exit. useful only if no connections are outstanding. */ - public synchronized void reset() - throws ELdapException { + public synchronized void reset() throws ELdapException { if (mNumConns == mTotal) { for (int i = 0; i < mNumConns; i++) { try { @@ -477,18 +473,17 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory { log(ILogger.LL_INFO, "disconnecting masterConn"); mMasterConn.disconnect(); } catch (LDAPException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAPCONN_CANNOT_RESET", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_LDAPCONN_CANNOT_RESET", e.toString())); } } mMasterConn = null; mTotal = 0; mNumConns = 0; } else { - CMS.debug( - "Cannot reset factory: connections not all returned"); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_CANNOT_RESET_CONNFAC")); + CMS.debug("Cannot reset factory: connections not all returned"); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_CANNOT_RESET_CONNFAC")); } if (mAuthInfo != null) { @@ -497,7 +492,7 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory { } /** - * return ldap connection info + * return ldap connection info */ public LdapConnInfo getConnInfo() { return mConnInfo; @@ -520,17 +515,16 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory { private static final long serialVersionUID = 1353616391879078337L; public BoundConnection(LdapConnInfo connInfo, LdapAuthInfo authInfo) - throws LDAPException { + throws LDAPException { super(connInfo, authInfo); } - - public BoundConnection(String host, int port, int version, - LDAPSocketFactory fac, - String bindDN, String bindPW) - throws LDAPException { + + public BoundConnection(String host, int port, int version, + LDAPSocketFactory fac, String bindDN, String bindPW) + throws LDAPException { super(host, port, version, fac, bindDN, bindPW); } - + /** * used only to identify the factory from which this came. */ diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnection.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnection.java index 82e0b3159..bfc71f78f 100644 --- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnection.java +++ b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnection.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.ldapconn; - import java.util.Properties; import netscape.ldap.LDAPConnection; @@ -29,13 +28,11 @@ import netscape.ldap.LDAPv2; import com.netscape.certsrv.apps.CMS; - /** - * A LDAP connection that is bound to a server host, port, secure type. - * and authentication. - * Makes a LDAP connection and authentication when instantiated. - * Cannot establish another LDAP connection or authentication after - * construction. LDAPConnection connect and authentication methods are + * A LDAP connection that is bound to a server host, port, secure type. and + * authentication. Makes a LDAP connection and authentication when instantiated. + * Cannot establish another LDAP connection or authentication after + * construction. LDAPConnection connect and authentication methods are * overridden to prevent this. */ public class LdapBoundConnection extends LDAPConnection { @@ -43,7 +40,7 @@ public class LdapBoundConnection extends LDAPConnection { * */ private static final long serialVersionUID = -2242077674357271559L; - // LDAPConnection calls authenticate so must set this for first + // LDAPConnection calls authenticate so must set this for first // authenticate call. private boolean mAuthenticated = false; @@ -51,28 +48,27 @@ public class LdapBoundConnection extends LDAPConnection { * Instantiates a connection to a ldap server, secure or non-secure * connection with Ldap basic bind dn & pw authentication. */ - public LdapBoundConnection( - LdapConnInfo connInfo, LdapAuthInfo authInfo) - throws LDAPException { + public LdapBoundConnection(LdapConnInfo connInfo, LdapAuthInfo authInfo) + throws LDAPException { // this LONG line to satisfy super being the first call. (yuk) super( - authInfo.getAuthType() == LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH ? - new LdapJssSSLSocketFactory(authInfo.getParms()[0]) : - (connInfo.getSecure() ? new LdapJssSSLSocketFactory() : null)); - - // Set option to automatically follow referrals. - // Use the same credentials to follow referrals; this is the easiest - // thing to do without any complicated configuration using + authInfo.getAuthType() == LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH ? new LdapJssSSLSocketFactory( + authInfo.getParms()[0]) + : (connInfo.getSecure() ? new LdapJssSSLSocketFactory() + : null)); + + // Set option to automatically follow referrals. + // Use the same credentials to follow referrals; this is the easiest + // thing to do without any complicated configuration using // different hosts. // If client auth is used don't have dn and pw to follow referrals. boolean followReferrals = connInfo.getFollowReferrals(); setOption(LDAPv2.REFERRALS, new Boolean(followReferrals)); - if (followReferrals && - authInfo.getAuthType() != LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH) { - LDAPRebind rebindInfo = - new ARebindInfo(authInfo.getParms()[0], + if (followReferrals + && authInfo.getAuthType() != LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH) { + LDAPRebind rebindInfo = new ARebindInfo(authInfo.getParms()[0], authInfo.getParms()[1]); setOption(LDAPv2.REFERRALS_REBIND_PROC, rebindInfo); @@ -81,20 +77,19 @@ public class LdapBoundConnection extends LDAPConnection { if (authInfo.getAuthType() == LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH) { // will be bound to client auth cert mapped entry. super.connect(connInfo.getHost(), connInfo.getPort()); - CMS.debug( - "Established LDAP connection with SSL client auth to " + - connInfo.getHost() + ":" + connInfo.getPort()); - } else { // basic auth + CMS.debug("Established LDAP connection with SSL client auth to " + + connInfo.getHost() + ":" + connInfo.getPort()); + } else { // basic auth String binddn = authInfo.getParms()[0]; String bindpw = authInfo.getParms()[1]; - super.connect(connInfo.getVersion(), - connInfo.getHost(), connInfo.getPort(), binddn, bindpw); - CMS.debug( - "Established LDAP connection using basic authentication to" + - " host " + connInfo.getHost() + - " port " + connInfo.getPort() + - " as " + binddn); + super.connect(connInfo.getVersion(), connInfo.getHost(), + connInfo.getPort(), binddn, bindpw); + CMS.debug("Established LDAP connection using basic authentication to" + + " host " + + connInfo.getHost() + + " port " + + connInfo.getPort() + " as " + binddn); } } @@ -102,26 +97,23 @@ public class LdapBoundConnection extends LDAPConnection { * Instantiates a connection to a ldap server, secure or non-secure * connection with Ldap basic bind dn & pw authentication. */ - public LdapBoundConnection(String host, int port, int version, - LDAPSocketFactory fac, - String bindDN, String bindPW) - throws LDAPException { + public LdapBoundConnection(String host, int port, int version, + LDAPSocketFactory fac, String bindDN, String bindPW) + throws LDAPException { super(fac); if (bindDN != null) { - super.connect(version, host, port, bindDN, bindPW); - CMS.debug( - "Established LDAP connection using basic authentication " + - " as " + bindDN + " to " + host + ":" + port); + super.connect(version, host, port, bindDN, bindPW); + CMS.debug("Established LDAP connection using basic authentication " + + " as " + bindDN + " to " + host + ":" + port); } else { if (fac == null && bindDN == null) { throw new IllegalArgumentException( "Ldap bound connection must have authentication info."); } // automatically authenticated if it's ssl client auth. - super.connect(version, host, port, null, null); - CMS.debug( - "Established LDAP connection using SSL client authentication " + - "to " + host + ":" + port); + super.connect(version, host, port, null, null); + CMS.debug("Established LDAP connection using SSL client authentication " + + "to " + host + ":" + port); } } @@ -129,13 +121,11 @@ public class LdapBoundConnection extends LDAPConnection { * Overrides same method in LDAPConnection to do prevent re-authentication. */ public void authenticate(int version, String dn, String pw) - throws LDAPException { + throws LDAPException { /** - if (mAuthenticated) { - throw new RuntimeException( - "this LdapBoundConnection already authenticated: auth(v,dn,pw)"); - } + * if (mAuthenticated) { throw new RuntimeException( + * "this LdapBoundConnection already authenticated: auth(v,dn,pw)"); } **/ super.authenticate(version, dn, pw); mAuthenticated = true; @@ -144,14 +134,11 @@ public class LdapBoundConnection extends LDAPConnection { /** * Overrides same method in LDAPConnection to do prevent re-authentication. */ - public void authenticate(String dn, String pw) - throws LDAPException { + public void authenticate(String dn, String pw) throws LDAPException { /** - if (mAuthenticated) { - throw new RuntimeException( - "this LdapBoundConnection already authenticated: auth(dn,pw)"); - } + * if (mAuthenticated) { throw new RuntimeException( + * "this LdapBoundConnection already authenticated: auth(dn,pw)"); } **/ super.authenticate(3, dn, pw); mAuthenticated = true; @@ -160,15 +147,12 @@ public class LdapBoundConnection extends LDAPConnection { /** * Overrides same method in LDAPConnection to do prevent re-authentication. */ - public void authenticate(String dn, String mech, String packageName, - Properties props, Object getter) - throws LDAPException { + public void authenticate(String dn, String mech, String packageName, + Properties props, Object getter) throws LDAPException { /** - if (mAuthenticated) { - throw new RuntimeException( - "this LdapBoundConnection already authenticated: auth(mech)"); - } + * if (mAuthenticated) { throw new RuntimeException( + * "this LdapBoundConnection already authenticated: auth(mech)"); } **/ super.authenticate(dn, mech, packageName, props, getter); mAuthenticated = true; @@ -177,15 +161,12 @@ public class LdapBoundConnection extends LDAPConnection { /** * Overrides same method in LDAPConnection to do prevent re-authentication. */ - public void authenticate(String dn, String mechs[], String packageName, - Properties props, Object getter) - throws LDAPException { + public void authenticate(String dn, String mechs[], String packageName, + Properties props, Object getter) throws LDAPException { /** - if (mAuthenticated) { - throw new RuntimeException( - "this LdapBoundConnection is already authenticated: auth(mechs)"); - } + * if (mAuthenticated) { throw new RuntimeException( + * "this LdapBoundConnection is already authenticated: auth(mechs)"); } **/ super.authenticate(dn, mechs, packageName, props, getter); mAuthenticated = true; @@ -202,14 +183,13 @@ public class LdapBoundConnection extends LDAPConnection { /** * overrides parent's connect to prevent re-connect. */ - public void connect(int version, String host, int port, - String dn, String pw) throws LDAPException { + public void connect(int version, String host, int port, String dn, String pw) + throws LDAPException { throw new RuntimeException( "this LdapBoundConnection is already connected: conn(version,h,p)"); } } - class ARebindInfo implements LDAPRebind { private LDAPRebindAuth mRebindAuthInfo = null; diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapConnInfo.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapConnInfo.java index 70361f87f..7486241ca 100644 --- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapConnInfo.java +++ b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapConnInfo.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.ldapconn; - import netscape.ldap.LDAPv2; import com.netscape.certsrv.apps.CMS; @@ -27,10 +26,9 @@ import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.ldap.ILdapConnInfo; - /** - * class for reading ldap connection from the config store. - * ldap connection info: host, port, secure connection + * class for reading ldap connection from the config store. ldap connection + * info: host, port, secure connection */ public class LdapConnInfo implements ILdapConnInfo { @@ -43,13 +41,13 @@ public class LdapConnInfo implements ILdapConnInfo { /** * default constructor. must be followed by init(IConfigStore) */ - public LdapConnInfo(IConfigStore config) throws EBaseException, ELdapException { + public LdapConnInfo(IConfigStore config) throws EBaseException, + ELdapException { init(config); } /** - * initializes an instance from a config store. - * required parms: host, port + * initializes an instance from a config store. required parms: host, port * optional parms: secure connection, authentication method & info. */ public void init(IConfigStore config) throws EBaseException, ELdapException { @@ -58,60 +56,61 @@ public class LdapConnInfo implements ILdapConnInfo { String version = (String) config.get(PROP_PROTOCOL); if (version != null && version.equals("")) { - // provide a default when this field is blank from the - // configuration. + // provide a default when this field is blank from the + // configuration. mVersion = LDAP_VERSION_3; } else { mVersion = config.getInteger(PROP_PROTOCOL, LDAP_VERSION_3); if (mVersion != LDAP_VERSION_2 && mVersion != LDAP_VERSION_3) { - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY", PROP_PROTOCOL)); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_INVALID_PROPERTY", PROP_PROTOCOL)); } } if (mHost == null || (mHost.length() == 0) || (mHost.trim().equals(""))) { - throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", PROP_HOST)); + throw new EPropertyNotFound(CMS.getUserMessage( + "CMS_BASE_GET_PROPERTY_FAILED", PROP_HOST)); } if (mPort <= 0) { - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY", PROP_PORT)); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_INVALID_PROPERTY", PROP_PORT)); } - mSecure = config.getBoolean(PROP_SECURE, false); - mFollowReferrals = config.getBoolean(PROP_FOLLOW_REFERRALS, true); + mSecure = config.getBoolean(PROP_SECURE, false); + mFollowReferrals = config.getBoolean(PROP_FOLLOW_REFERRALS, true); } public LdapConnInfo(String host, int port, boolean secure) { - mHost = host; - mPort = port; + mHost = host; + mPort = port; mSecure = secure; if (mHost == null || mPort <= 0) { - // XXX log something here + // XXX log something here throw new IllegalArgumentException("LDAP host or port is null"); } } public LdapConnInfo(String host, int port) { - mHost = host; - mPort = port; + mHost = host; + mPort = port; if (mHost == null || mPort <= 0) { - // XXX log something here + // XXX log something here throw new IllegalArgumentException("LDAP host or port is null"); } } - public String getHost() { - return mHost; + public String getHost() { + return mHost; } - public int getPort() { - return mPort; + public int getPort() { + return mPort; } - public int getVersion() { - return mVersion; + public int getVersion() { + return mVersion; } - public boolean getSecure() { - return mSecure; + public boolean getSecure() { + return mSecure; } public boolean getFollowReferrals() { diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapJssSSLSocketFactory.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapJssSSLSocketFactory.java index 8aa59e304..6236f5b90 100644 --- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapJssSSLSocketFactory.java +++ b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapJssSSLSocketFactory.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.ldapconn; - import java.io.IOException; import java.net.Socket; import java.net.UnknownHostException; @@ -32,9 +31,9 @@ import org.mozilla.jss.ssl.SSLSocket; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.logging.ILogger; - /** * Uses HCL ssl socket. + * * @author Lily Hsiao lhsiao@netscape.com */ public class LdapJssSSLSocketFactory implements LDAPSSLSocketFactoryExt { @@ -56,7 +55,7 @@ public class LdapJssSSLSocketFactory implements LDAPSSLSocketFactoryExt { s = new SSLSocket(host, port); s.setUseClientMode(true); s.enableSSL2(false); - //TODO Do we really want to set the default each time? + // TODO Do we really want to set the default each time? SSLSocket.enableSSL2Default(false); s.enableV2CompatibleHello(false); @@ -67,19 +66,19 @@ public class LdapJssSSLSocketFactory implements LDAPSSLSocketFactoryExt { if (mClientAuthCertNickname != null) { mClientAuth = true; - CMS.debug( - "LdapJssSSLSocket set client auth cert nickname" + - mClientAuthCertNickname); + CMS.debug("LdapJssSSLSocket set client auth cert nickname" + + mClientAuthCertNickname); s.setClientCertNickname(mClientAuthCertNickname); } s.forceHandshake(); } catch (UnknownHostException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAPCONN_UNKNOWN_HOST")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAPCONN_UNKNOWN_HOST")); throw new LDAPException( "Cannot Create JSS SSL Socket - Unknown host"); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAPCONN_IO_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_LDAPCONN_IO_ERROR", e.toString())); throw new LDAPException("IO Error creating JSS SSL Socket"); } return s; @@ -102,10 +101,9 @@ public class LdapJssSSLSocketFactory implements LDAPSSLSocketFactoryExt { public ClientHandshakeCB(Object sc) { this.sc = sc; } - + public void handshakeCompleted(SSLHandshakeCompletedEvent event) { CMS.debug("SSL handshake happened"); } } } - |