diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/ldapconn')
7 files changed, 0 insertions, 1834 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java deleted file mode 100644 index dc4c86547..000000000 --- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java +++ /dev/null @@ -1,467 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cmscore.ldapconn; - -import netscape.ldap.LDAPConnection; -import netscape.ldap.LDAPException; -import netscape.ldap.LDAPSocketFactory; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.ldap.ELdapException; -import com.netscape.certsrv.ldap.ELdapServerDownException; -import com.netscape.certsrv.ldap.ILdapConnFactory; -import com.netscape.certsrv.logging.ILogger; - -/** - * Factory for getting LDAP Connections to a LDAP server - * each connection is a seperate thread that can be bound to a different - * authentication dn and password. - */ -public class LdapAnonConnFactory implements ILdapConnFactory { - protected int mMinConns = 5; - protected int mMaxConns = 1000; - protected LdapConnInfo mConnInfo = null; - - private ILogger mLogger = CMS.getLogger(); - - public static final String PROP_MINCONNS = "minConns"; - public static final String PROP_MAXCONNS = "maxConns"; - public static final String PROP_LDAPCONNINFO = "ldapconn"; - - public static final String PROP_ERROR_IF_DOWN = "errorIfDown"; - - private int mNumConns = 0; // number of available conns in array - private int mTotal = 0; // total num conns - private AnonConnection mConns[] = null; - - private boolean mInited = false; - - private boolean mErrorIfDown; - private boolean mDefErrorIfDown = false; - - /** - * Constructor for initializing from the config store. - * must be followed by init(IConfigStore) - */ - public LdapAnonConnFactory() { - } - - public LdapAnonConnFactory(boolean defErrorIfDown) { - mDefErrorIfDown = defErrorIfDown; - } - - /** - * Constructor for LdapAnonConnFactory - * - * @param minConns minimum number of connections to have available - * @param maxConns max number of connections to have available. This is - * the maximum number of clones of this connection one wants to allow. - * @param serverInfo server connection info - host, port, etc. - */ - public LdapAnonConnFactory(int minConns, int maxConns, - LdapConnInfo connInfo) throws ELdapException { - init(minConns, maxConns, connInfo); - } - - public int totalConn() { - return mTotal; - } - - public int freeConn() { - return mNumConns; - } - - public int maxConn() { - return mMaxConns; - } - - /** - * init routine to be called when initialize from config store. - */ - public void init(IConfigStore config) throws EBaseException, ELdapException { - String minStr = config.getString(PROP_MINCONNS, ""); - String maxStr = config.getString(PROP_MAXCONNS, ""); - int minConns = mMinConns; - int maxConns = mMaxConns; - - // if it is "", use the default value - if (!minStr.equals("")) { - try { - minConns = Integer.parseInt(minStr); - } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAPCONN_MIN_CONN")); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_NUMBER_FORMAT_1", PROP_MINCONNS)); - } - } - - // if it is "", use the default value - if (!maxStr.equals("")) { - try { - maxConns = Integer.parseInt(maxStr); - } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAPCONN_MAX_CONN")); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_NUMBER_FORMAT_1", PROP_MAXCONNS)); - } - } - - mErrorIfDown = config.getBoolean(PROP_ERROR_IF_DOWN, mDefErrorIfDown); - - init(minConns, maxConns, - new LdapConnInfo(config.getSubStore(PROP_LDAPCONNINFO))); - } - - /** - * initialize routine from parameters. - */ - protected void init(int minConns, int maxConns, LdapConnInfo connInfo) - throws ELdapException { - if (mInited) - return; // XXX should throw exception here ? - - if (minConns <= 0 || maxConns <= 0 || minConns > maxConns) - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_INVALID_NUMCONN_PARAMETERS")); - if (connInfo == null) - throw new IllegalArgumentException("connInfo is Null!"); - - mMinConns = minConns; - mMaxConns = maxConns; - mConnInfo = connInfo; - - mConns = new AnonConnection[mMaxConns]; - - log(ILogger.LL_INFO, - "Created: min " + minConns + " max " + maxConns + - " host " + connInfo.getHost() + " port " + connInfo.getPort() + - " secure " + connInfo.getSecure()); - - // initalize minimum number of connection handles available. - makeMinimum(mErrorIfDown); - mInited = true; - } - - /** - * make the mininum configured connections - */ - protected void makeMinimum(boolean errorIfDown) throws ELdapException { - try { - if (mNumConns < mMinConns && mTotal < mMaxConns) { - int increment = Math.min(mMinConns - mNumConns, mMaxConns - mTotal); - - CMS.debug( - "increasing minimum number of connections by " + increment); - for (int i = increment - 1; i >= 0; i--) { - mConns[i] = new AnonConnection(mConnInfo); - } - mTotal += increment; - mNumConns += increment; - CMS.debug( - "new total number of connections " + mTotal); - CMS.debug( - "new total available connections " + mNumConns); - } - } catch (LDAPException e) { - // XXX errorCodeToString() used here so users won't see message. - // though why are messages from exceptions being displayed to - // users ? - if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { - // need to intercept this because message from LDAP is - // "DSA is unavailable" which confuses with DSA PKI. - log(ILogger.LL_FAILURE, - "Cannot connect to Ldap server. Error: " + - "Ldap Server host " + mConnInfo.getHost() + - " int " + mConnInfo.getPort() + " is unavailable."); - if (errorIfDown) { - throw new ELdapServerDownException( - CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", - mConnInfo.getHost(), "" + mConnInfo.getPort())); - } - } else { - log(ILogger.LL_FAILURE, - "Cannot connect to ldap server. error: " + e.toString()); - String errmsg = e.errorCodeToString(); - - if (errmsg == null) - errmsg = e.toString(); - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_CONNECT_TO_LDAP_SERVER_FAILED", - mConnInfo.getHost(), "" + (Integer.valueOf(mConnInfo.getPort())), errmsg)); - } - } - } - - /** - * Gets connection from this factory. - * All connections gotten from this factory must be returned. - * If not the max number of connections may be reached prematurely. - * The best thing to put returnConn in a finally clause so it - * always gets called. For example, - * - * <pre> - * LDAPConnection c = null; - * try { - * c = factory.getConn(); - * myclass.do_something_with_c(c); - * } catch (ELdapException e) { - * handle_error_here(); - * } finally { - * factory.returnConn(c); - * } - * </pre> - */ - public LDAPConnection getConn() - throws ELdapException { - return getConn(true); - } - - /** - * Returns a LDAP connection - a clone of the master connection. - * All connections should be returned to the factory using returnConn() - * to recycle connection objects. - * If not returned the limited max number is affected but if that - * number is large not much harm is done. - * Returns null if maximum number of connections reached. - * <p> - * The best thing to put returnConn in a finally clause so it always gets called. For example, - * - * <pre> - * LDAPConnection c = null; - * try { - * c = factory.getConn(); - * myclass.do_something_with_c(c); - * } catch (ELdapException e) { - * handle_error_here(); - * } finally { - * factory.returnConn(c); - * } - * </pre> - */ - public synchronized LDAPConnection getConn(boolean waitForConn) - throws ELdapException { - boolean waited = false; - - CMS.debug("LdapAnonConnFactory::getConn"); - if (mNumConns == 0) - makeMinimum(true); - if (mNumConns == 0) { - if (!waitForConn) - return null; - try { - CMS.debug("getConn(): out of ldap connections"); - log(ILogger.LL_WARN, - "Ran out of ldap connections available " + - "in ldap connection pool to " + - mConnInfo.getHost() + ":" + mConnInfo.getPort() + ". " + - "This could be a temporary condition or an indication of " + - "something more serious that can cause the server to " + - "hang."); - waited = true; - while (mNumConns == 0) { - wait(); - } - } catch (InterruptedException e) { - } - } - - mNumConns--; - AnonConnection conn = mConns[mNumConns]; - - mConns[mNumConns] = null; - if (waited) { - log(ILogger.LL_WARN, - "Ldap connections are available again in ldap connection pool " + - "to " + mConnInfo.getHost() + ":" + mConnInfo.getPort()); - } - CMS.debug("LdapAnonConnFactory.getConn(): num avail conns now " + mNumConns); - //Beginning of fix for Bugzilla #630176 - boolean isConnected = false; - if (conn != null) { - isConnected = conn.isConnected(); - } - - if (!isConnected) { - CMS.debug("LdapAnonConnFactory.getConn(): selected conn is down, try to reconnect..."); - conn = null; - try { - conn = new AnonConnection(mConnInfo); - } catch (LDAPException e) { - CMS.debug("LdapAnonConnFactory.getConn(): error when trying to bring back a down connection."); - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_CONNECT_TO_LDAP_SERVER_FAILED", - mConnInfo.getHost(), "" + (Integer.valueOf(mConnInfo.getPort())), e.toString())); - } - } - //This is the end of the fix for Bugzilla #630176 - - return conn; - } - - /** - * Returns a connection to the factory for recycling. - * All connections gotten from this factory must be returned. - * If not the max number of connections may be reached prematurely. - * <p> - * The best thing to put returnConn in a finally clause so it always gets called. For example, - * - * <pre> - * LDAPConnection c = null; - * try { - * c = factory.getConn(); - * myclass.do_something_with_c(c); - * } catch (ELdapException e) { - * handle_error_here(); - * } finally { - * factory.returnConn(c); - * } - * </pre> - */ - public synchronized void returnConn(LDAPConnection conn) { - if (conn == null) { - return; - } - // check if conn is valid and from this factory. - AnonConnection anon = (AnonConnection) conn; - - if (anon.getFacId() != mConns) { - // returning a connection not from this factory. - log(ILogger.LL_WARN, "returnConn: unknown connection."); - } - // check if conn has already been returned. - for (int i = 0; i < mNumConns; i++) { - // returning connection already returned. - if (mConns[i] == anon) { - - /* swallow this error but see who's doing it. */ - log(ILogger.LL_WARN, - "returnConn: previously returned connection."); - } - } - - // this returned connection might authenticate as someone other than - // anonymonus. Reset it to anonymous first before it returns - // to the pool. - try { - anon.authenticate(null, null); - - // return conn. - CMS.debug("returnConn: mNumConns now " + mNumConns); - } catch (LDAPException e) { - log(ILogger.LL_WARN, - "Could not re-authenticate ldap connection to anonymous." + - " Error " + e); - } - // return the connection even if can't reauthentication anon. - // most likely server was down. - mConns[mNumConns++] = anon; - - notify(); - } - - protected void finalize() - throws Exception { - reset(); - } - - /** - * returns connection info. - */ - public LdapConnInfo getConnInfo() { - return mConnInfo; - } - - /** - * resets this factory - if no connections outstanding, - * disconnections all connections and resets everything to 0 as if - * no connections were ever made. intended to be called just before - * shutdown or exit to disconnection & cleanup connections. - */ - // ok only if no connections outstanding. - public synchronized void reset() - throws ELdapException { - if (mNumConns == mTotal) { - for (int i = 0; i < mNumConns; i++) { - try { - CMS.debug("disconnecting connection " + i); - mConns[i].disconnect(); - } catch (LDAPException e) { - log(ILogger.LL_INFO, - "exception during disconnect: " + e.toString()); - } - mConns[i] = null; - } - mTotal = 0; - mNumConns = 0; - } else { - log(ILogger.LL_INFO, - "Cannot reset() while connections not all returned"); - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_CANNOT_RESET_CONNFAC")); - } - } - - /** - * handy routine for logging in this class. - */ - private void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "In Ldap (anonymous) connection pool to" + - " host " + mConnInfo.getHost() + - " port " + mConnInfo.getPort() + ", " + msg); - } - - /** - * used to keep track of connections from this factory. - */ - public class AnonConnection extends LdapAnonConnection { - /** - * - */ - private static final long serialVersionUID = 4813780131074412404L; - - public AnonConnection(LdapConnInfo connInfo) - throws LDAPException { - super(connInfo); - } - - public AnonConnection(String host, int port, int version, - LDAPSocketFactory fac) - throws LDAPException { - super(host, port, version, fac); - } - - /** - * instantiates a non-secure connection to a ldap server - */ - public AnonConnection(String host, int port, int version) - throws LDAPException { - super(host, port, version); - } - - /** - * used only to identify the factory from which this came. - * mConns to identify factory. - */ - public AnonConnection[] getFacId() { - return mConns; - } - } -} diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java deleted file mode 100644 index 1dc9723a8..000000000 --- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java +++ /dev/null @@ -1,92 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cmscore.ldapconn; - -import netscape.ldap.LDAPConnection; -import netscape.ldap.LDAPException; -import netscape.ldap.LDAPSocketFactory; -import netscape.ldap.LDAPv2; - -/** - * A LDAP connection that is bound to a server host, port and secure type. - * Makes a LDAP connection when instantiated. - * Cannot establish another LDAP connection after construction. - * LDAPConnection connect methods are overridden to prevent this. - */ -public class LdapAnonConnection extends LDAPConnection { - - /** - * - */ - private static final long serialVersionUID = 6671180208419384682L; - - /** - * instantiates a connection to a ldap server - */ - public LdapAnonConnection(LdapConnInfo connInfo) - throws LDAPException { - super(connInfo.getSecure() ? new LdapJssSSLSocketFactory() : null); - - // Set option to automatically follow referrals. - // rebind info is also anonymous. - boolean followReferrals = connInfo.getFollowReferrals(); - - setOption(LDAPv2.REFERRALS, new Boolean(followReferrals)); - - super.connect(connInfo.getVersion(), - connInfo.getHost(), connInfo.getPort(), null, null); - } - - /** - * instantiates a connection to a ldap server - */ - public LdapAnonConnection(String host, int port, int version, - LDAPSocketFactory fac) - throws LDAPException { - super(fac); - super.connect(version, host, port, null, null); - } - - /** - * instantiates a non-secure connection to a ldap server - */ - public LdapAnonConnection(String host, int port, int version) - throws LDAPException { - super(); - super.connect(version, host, port, null, null); - } - - /** - * overrides superclass connect. - * does not allow reconnect. - */ - public void connect(String host, int port) throws LDAPException { - throw new RuntimeException( - "this LdapAnonConnection already connected: connect(h,p)"); - } - - /** - * overrides superclass connect. - * does not allow reconnect. - */ - public void connect(int version, String host, int port, - String dn, String pw) throws LDAPException { - throw new RuntimeException( - "this LdapAnonConnection already connected: connect(v,h,p)"); - } -} diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAuthInfo.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAuthInfo.java deleted file mode 100644 index b1af367b9..000000000 --- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAuthInfo.java +++ /dev/null @@ -1,298 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cmscore.ldapconn; - -import java.util.Hashtable; - -import netscape.ldap.LDAPConnection; -import netscape.ldap.LDAPException; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.ldap.ILdapAuthInfo; -import com.netscape.cmsutil.password.IPasswordStore; - -/** - * class for reading ldap authentication info from config store - */ -public class LdapAuthInfo implements ILdapAuthInfo { - - protected int mType = -1; - protected String[] mParms = null; - - private boolean mInited = false; - - private static Hashtable<String, String> passwords = new Hashtable<String, String>(); - - /** - * must call init(config) after this constructor. - */ - public LdapAuthInfo() { - } - - /** - * constructs ldap auth info directly from config store. - */ - public LdapAuthInfo(IConfigStore config) throws EBaseException { - init(config); - } - - /** - * constructs ldap auth info directly from config store, and verifies - * the password by attempting to connect to the server. - */ - public LdapAuthInfo(IConfigStore config, String host, int port, boolean secure) - throws EBaseException { - init(config, host, port, secure); - } - - public String getPasswordFromStore(String prompt) { - String pwd = null; - CMS.debug("LdapAuthInfo: getPasswordFromStore: try to get it from password store"); - - // hey - should use password store interface to allow different implementations - // but the problem is, other parts of the system just go directly to the file - // so calling CMS.getPasswordStore() will give you an outdated one - /* - IConfigStore mainConfig = CMS.getConfigStore(); - String pwdFile = mainConfig.getString("passwordFile"); - FileConfigStore pstore = new FileConfigStore(pwdFile); - */ - IPasswordStore pwdStore = CMS.getPasswordStore(); - CMS.debug("LdapAuthInfo: getPasswordFromStore: about to get from passwored store: " + prompt); - - // support publishing dirsrv with different pwd than internaldb - - // Finally, interactively obtain the password from the user - if (pwdStore != null) { - CMS.debug("LdapAuthInfo: getPasswordFromStore: password store available"); - pwd = pwdStore.getPassword(prompt); - // pwd = pstore.getString(prompt); - if (pwd == null) { - CMS.debug("LdapAuthInfo: getPasswordFromStore: password for " + prompt + - " not found, trying internaldb"); - - // pwd = pstore.getString("internaldb"); - - pwd = pwdStore.getPassword("internaldb"); // last resort - } else - CMS.debug("LdapAuthInfo: getPasswordFromStore: password found for prompt in password store"); - } else - CMS.debug("LdapAuthInfo: getPasswordFromStore: password store not available: pwdStore is null"); - - return pwd; - } - - /** - * initialize this class from the config store. - */ - public void init(IConfigStore config) throws EBaseException { - init(config, null, 0, true); - } - - /** - * initialize this class from the config store, and verify the password. - * - * @param host The host that the directory server is running on. - * This will be used to verify the password by attempting to connect. - * If it is <code>null</code>, the password will not be verified. - * @param port The port that the directory server is running on. - */ - public void init(IConfigStore config, String host, int port, boolean secure) - throws EBaseException { - - CMS.debug("LdapAuthInfo: init()"); - if (mInited) { - CMS.debug("LdapAuthInfo: already initialized"); - return; // XXX throw exception here ? - } - CMS.debug("LdapAuthInfo: init begins"); - - String authTypeStr = config.getString(PROP_LDAPAUTHTYPE); - - if (authTypeStr.equals(LDAP_BASICAUTH_STR)) { - // is the password found in memory? - boolean inMem = false; - mType = LDAP_AUTHTYPE_BASICAUTH; - mParms = new String[2]; - mParms[0] = config.getString(PROP_BINDDN); - - // Passwords should only be written to the file for testing, - // never in production - mParms[1] = config.getString(PROP_BINDPW, null); - - // Next, see if this password has been requested before - String prompt = config.getString(PROP_BINDPW_PROMPT, null); - - if (prompt == null) { - prompt = "LDAP Authentication"; - CMS.debug("LdapAuthInfo: init: prompt is null, change to " + prompt); - } else - CMS.debug("LdapAuthInfo: init: prompt is " + prompt); - - if (mParms[1] == null) { - CMS.debug("LdapAuthInfo: init: try getting from memory cache"); - mParms[1] = passwords.get(prompt); - if (mParms[1] != null) { - inMem = true; - CMS.debug("LdapAuthInfo: init: got password from memory"); - } else - CMS.debug("LdapAuthInfo: init: password not in memory"); - } else - CMS.debug("LdapAuthInfo: init: found password from config"); - - if (mParms[1] == null) { - mParms[1] = getPasswordFromStore(prompt); - } else { - CMS.debug("LdapAuthInfo: init: password found for prompt."); - } - - // verify the password - if ((mParms[1] != null) && (!mParms[1].equals("")) && (host == null || - authInfoOK(host, port, secure, mParms[0], mParms[1]))) { - // The password is OK or uncheckable - CMS.debug("LdapAuthInfo: password ok: store in memory cache"); - passwords.put(prompt, mParms[1]); - } else { - if (mParms[1] == null) - CMS.debug("LdapAuthInfo: password not found"); - else { - CMS.debug("LdapAuthInfo: password does not work"); - /* what do you know? Our IPasswordStore does not have a remove function. - pstore.remove("internaldb"); - */ - if (inMem) { - // this is for the case when admin changes pwd - // from console - mParms[1] = getPasswordFromStore(prompt); - if (authInfoOK(host, port, secure, mParms[0], mParms[1])) { - CMS.debug("LdapAuthInfo: password ok: store in memory cache"); - passwords.put(prompt, mParms[1]); - } - } - } - } - - } else if (authTypeStr.equals(LDAP_SSLCLIENTAUTH_STR)) { - mType = LDAP_AUTHTYPE_SSLCLIENTAUTH; - mParms = new String[1]; - mParms[0] = config.getString(PROP_CLIENTCERTNICKNAME, null); - } else { - throw new IllegalArgumentException( - "Unknown Ldap authentication type " + authTypeStr); - } - mInited = true; - CMS.debug("LdapAuthInfo: init ends"); - } - - public void reset() { - try { - conn.disconnect(); - } catch (LDAPException e) { - } - } - - /** - * Verifies the distinguished name and password by attempting to - * authenticate to the server. If we connect to the server but cannot - * authenticate, we conclude that the DN or password is invalid. If - * we cannot connect at all, we don't know, so we return true - * (there's no sense asking for the password again since we can't verify - * it anyway). If we connect and authenticate successfully, we know - * the DN and password are correct, so we return true. - */ - private static LDAPConnection conn = new LDAPConnection(); - - private static boolean - authInfoOK(String host, int port, boolean secure, String dn, String pw) { - - // We dont perform auth checking if we are in SSL mode. - if (secure) - return true; - - boolean connected = false, authenticated = false; - - try { - conn.connect(host, port); - connected = true; - conn.authenticate(dn, pw); - authenticated = true; - } catch (LDAPException e) { - } - - /** - * There is a bug in LDAP SDK. VM will crash on NT if - * we connect and disconnect too many times. - **/ - - /** - * if( connected ) { - * try { - * conn.disconnect(); - * } catch( LDAPException e ) { } - * } - **/ - - if (connected && !authenticated) { - return false; - } else { - return true; - } - } - - /** - * get authentication type. - * - * @return one of: <br> - * LdapAuthInfo.LDAP_AUTHTYPE_BASICAUTH or - * LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH - */ - public int getAuthType() { - return mType; - } - - /** - * get params for authentication - * - * @return array of parameters for this authentication. - */ - public String[] getParms() { - return (String[]) mParms.clone(); - } - - /** - * add password - */ - public void addPassword(String prompt, String pw) { - try { - passwords.put(prompt, pw); - } catch (Exception e) { - } - } - - /** - * remove password - */ - public void removePassword(String prompt) { - try { - passwords.remove(prompt); - } catch (Exception e) { - } - } -} diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnFactory.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnFactory.java deleted file mode 100644 index b4839f7d5..000000000 --- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnFactory.java +++ /dev/null @@ -1,529 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cmscore.ldapconn; - -import netscape.ldap.LDAPConnection; -import netscape.ldap.LDAPException; -import netscape.ldap.LDAPSocketFactory; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.ldap.ELdapException; -import com.netscape.certsrv.ldap.ELdapServerDownException; -import com.netscape.certsrv.ldap.ILdapBoundConnFactory; -import com.netscape.certsrv.logging.ILogger; - -/** - * Factory for getting LDAP Connections to a LDAP server with the same - * LDAP authentication. - * XXX not sure how useful this is given that LDAPConnection itself can - * be shared by multiple threads and cloned. - */ -public class LdapBoundConnFactory implements ILdapBoundConnFactory { - protected int mMinConns = 5; - protected int mMaxConns = 1000; - protected LdapConnInfo mConnInfo = null; - protected LdapAuthInfo mAuthInfo = null; - - private ILogger mLogger = CMS.getLogger(); - - public static final String PROP_MINCONNS = "minConns"; - public static final String PROP_MAXCONNS = "maxConns"; - public static final String PROP_LDAPCONNINFO = "ldapconn"; - public static final String PROP_LDAPAUTHINFO = "ldapauth"; - - public static final String PROP_ERROR_IF_DOWN = "errorIfDown"; - - private int mNumConns = 0; // number of available conns in array - private int mTotal = 0; // total num conns - - private boolean doCloning = true; - private LdapBoundConnection mMasterConn = null; // master connection object. - private BoundConnection mConns[]; - - /** - * return error if server is down at creation time. - */ - private boolean mErrorIfDown; - - /** - * default value for the above at init time. - */ - private boolean mDefErrorIfDown = false; - - /** - * Constructor for initializing from the config store. - * must be followed by init(IConfigStore) - */ - public LdapBoundConnFactory() { - } - - public LdapBoundConnFactory(boolean defErrorIfDown) { - mDefErrorIfDown = defErrorIfDown; - } - - public int totalConn() { - return mTotal; - } - - public int freeConn() { - return mNumConns; - } - - public int maxConn() { - return mMaxConns; - } - - /** - * Constructor for LdapBoundConnFactory - * - * @param minConns minimum number of connections to have available - * @param maxConns max number of connections to have available. This is - * the maximum number of clones of this connection or separate connections one wants to allow. - * @param serverInfo server connection info - host, port, etc. - */ - public LdapBoundConnFactory(int minConns, int maxConns, - LdapConnInfo connInfo, LdapAuthInfo authInfo) throws ELdapException { - init(minConns, maxConns, connInfo, authInfo); - } - - /** - * Constructor for initialize - */ - public void init(IConfigStore config) - throws ELdapException, EBaseException { - - CMS.debug("LdapBoundConnFactory: init "); - LdapConnInfo connInfo = - new LdapConnInfo(config.getSubStore(PROP_LDAPCONNINFO)); - - mErrorIfDown = config.getBoolean(PROP_ERROR_IF_DOWN, mDefErrorIfDown); - - doCloning = config.getBoolean("doCloning", true); - - CMS.debug("LdapBoundConnFactory:doCloning " + doCloning); - init(config.getInteger(PROP_MINCONNS, mMinConns), - config.getInteger(PROP_MAXCONNS, mMaxConns), - connInfo, - new LdapAuthInfo(config.getSubStore(PROP_LDAPAUTHINFO), - connInfo.getHost(), connInfo.getPort(), connInfo.getSecure())); - } - - /** - * initialize parameters obtained from either constructor or - * config store - * - * @param minConns minimum number of connection handls to have available. - * @param maxConns maximum total number of connections to ever have. - * @param connInfo ldap connection info. - * @param authInfo ldap authentication info. - * @exception ELdapException if any error occurs. - */ - private void init(int minConns, int maxConns, - LdapConnInfo connInfo, LdapAuthInfo authInfo) - throws ELdapException { - if (minConns <= 0 || maxConns <= 0 || minConns > maxConns) - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_INVALID_NUMCONN_PARAMETERS")); - if (connInfo == null || authInfo == null) - throw new IllegalArgumentException("connInfo or authInfo is null!"); - - mMinConns = minConns; - mMaxConns = maxConns; - mConnInfo = connInfo; - mAuthInfo = authInfo; - - mConns = new BoundConnection[mMaxConns]; - - // Create connection handle and make initial connection - CMS.debug( - "init: before makeConnection errorIfDown is " + mErrorIfDown); - makeConnection(mErrorIfDown); - - CMS.debug( - "initializing with mininum " + mMinConns + " and maximum " + mMaxConns + - " connections to " + - "host " + mConnInfo.getHost() + " port " + mConnInfo.getPort() + - ", secure connection, " + mConnInfo.getSecure() + - ", authentication type " + mAuthInfo.getAuthType()); - - // initalize minimum number of connection handles available. - makeMinimum(); - } - - /** - * makes the initial master connection used to clone others.. - * - * @exception ELdapException if any error occurs. - */ - protected void makeConnection(boolean errorIfDown) throws ELdapException { - CMS.debug("makeConnection: errorIfDown " + errorIfDown); - try { - mMasterConn = new BoundConnection(mConnInfo, mAuthInfo); - } catch (LDAPException e) { - if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { - // need to intercept this because message from LDAP is - // "DSA is unavailable" which confuses with DSA PKI. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAPCONN_CONNECT_SERVER", - mConnInfo.getHost(), - Integer.toString(mConnInfo.getPort()))); - if (errorIfDown) { - throw new ELdapServerDownException( - CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", - mConnInfo.getHost(), "" + mConnInfo.getPort())); - } - } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAPCONN_FAILED_SERVER", e.toString())); - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_CONNECT_TO_LDAP_SERVER_FAILED", - mConnInfo.getHost(), "" + (Integer.valueOf(mConnInfo.getPort())), e.toString())); - } - } - } - - /** - * makes subsequent connections if cloning is not used . - * - * @exception ELdapException if any error occurs. - */ - private LdapBoundConnection makeNewConnection(boolean errorIfDown) throws ELdapException { - CMS.debug("LdapBoundConnFactory:In makeNewConnection: errorIfDown " + errorIfDown); - LdapBoundConnection conn = null; - try { - conn = new BoundConnection(mConnInfo, mAuthInfo); - } catch (LDAPException e) { - if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { - // need to intercept this because message from LDAP is - // "DSA is unavailable" which confuses with DSA PKI. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAPCONN_CONNECT_SERVER", - mConnInfo.getHost(), - Integer.toString(mConnInfo.getPort()))); - if (errorIfDown) { - throw new ELdapServerDownException( - CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", - mConnInfo.getHost(), "" + mConnInfo.getPort())); - } - } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAPCONN_FAILED_SERVER", e.toString())); - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_CONNECT_TO_LDAP_SERVER_FAILED", - mConnInfo.getHost(), "" + (Integer.valueOf(mConnInfo.getPort())), e.toString())); - } - } - - return conn; - } - - /** - * makes the minumum number of connections - */ - private void makeMinimum() throws ELdapException { - if (mMasterConn == null || mMasterConn.isConnected() == false) - return; - int increment; - - if (mNumConns < mMinConns && mTotal <= mMaxConns) { - increment = Math.min(mMinConns - mNumConns, mMaxConns - mTotal); - CMS.debug( - "increasing minimum connections by " + increment); - for (int i = increment - 1; i >= 0; i--) { - - if (doCloning == true) { - mConns[i] = (BoundConnection) mMasterConn.clone(); - } else { - mConns[i] = (BoundConnection) makeNewConnection(true); - } - - } - mTotal += increment; - mNumConns += increment; - CMS.debug("new total available connections " + mTotal); - CMS.debug("new number of connections " + mNumConns); - } - } - - /** - * gets a conenction from this factory. - * All connections obtained from the factory must be returned by - * returnConn() method. - * The best thing to do is to put returnConn in a finally clause so it - * always gets called. For example, - * - * <pre> - * LDAPConnection c = null; - * try { - * c = factory.getConn(); - * myclass.do_something_with_c(c); - * } catch (ELdapException e) { - * handle_error_here(); - * } finally { - * factory.returnConn(c); - * } - * </pre> - */ - public LDAPConnection getConn() - throws ELdapException { - return getConn(true); - } - - /** - * Returns a LDAP connection - a clone of the master connection. - * All connections should be returned to the factory using returnConn() - * to recycle connection objects. - * If not returned the limited max number is affected but if that - * number is large not much harm is done. - * Returns null if maximum number of connections reached. - * The best thing to do is to put returnConn in a finally clause so it - * always gets called. For example, - * - * <pre> - * LDAPConnection c = null; - * try { - * c = factory.getConn(); - * myclass.do_something_with_c(c); - * } catch (ELdapException e) { - * handle_error_here(); - * } finally { - * factory.returnConn(c); - * } - * </pre> - */ - public synchronized LDAPConnection getConn(boolean waitForConn) - throws ELdapException { - boolean waited = false; - - CMS.debug("In LdapBoundConnFactory::getConn()"); - if (mMasterConn != null) - CMS.debug("masterConn is connected: " + mMasterConn.isConnected()); - else - CMS.debug("masterConn is null."); - - if (mMasterConn == null || !mMasterConn.isConnected()) { - try { - makeConnection(true); - } catch (ELdapException e) { - mMasterConn = null; - CMS.debug("Can't create master connection in LdapBoundConnFactory::getConn! " + e.toString()); - throw e; - } - } - - if (mNumConns == 0) - makeMinimum(); - if (mNumConns == 0) { - if (!waitForConn) - return null; - try { - CMS.debug("getConn: out of ldap connections"); - log(ILogger.LL_WARN, - "Ran out of ldap connections available " + - "in ldap connection pool to " + - mConnInfo.getHost() + ":" + mConnInfo.getPort() + ". " + - "This could be a temporary condition or an indication of " + - "something more serious that can cause the server to " + - "hang."); - waited = true; - while (mNumConns == 0) - wait(); - } catch (InterruptedException e) { - } - } - mNumConns--; - LDAPConnection conn = mConns[mNumConns]; - - boolean isConnected = false; - if (conn != null) { - isConnected = conn.isConnected(); - } - - CMS.debug("getConn: conn is connected " + isConnected); - - //If masterConn is still alive, lets try to bring this one - //back to life - - if ((isConnected == false) && (mMasterConn != null) - && (mMasterConn.isConnected() == true)) { - CMS.debug("Attempt to bring back down connection."); - - if (doCloning == true) { - mConns[mNumConns] = (BoundConnection) mMasterConn.clone(); - } else { - try { - mConns[mNumConns] = (BoundConnection) makeNewConnection(true); - } catch (ELdapException e) { - mConns[mNumConns] = null; - } - } - conn = mConns[mNumConns]; - - CMS.debug("Re-animated connection: " + conn); - } - - mConns[mNumConns] = null; - - if (waited) { - log(ILogger.LL_WARN, - "Ldap connections are available again in ldap connection pool " + - "to " + mConnInfo.getHost() + ":" + mConnInfo.getPort()); - } - CMS.debug("getConn: mNumConns now " + mNumConns); - - return conn; - } - - /** - * Teturn connection to the factory. - * This is mandatory after a getConn(). - * The best thing to do is to put returnConn in a finally clause so it - * always gets called. For example, - * - * <pre> - * LDAPConnection c = null; - * try { - * c = factory.getConn(); - * myclass.do_something_with_c(c); - * } catch (ELdapException e) { - * handle_error_here(); - * } finally { - * factory.returnConn(c); - * } - * </pre> - */ - public synchronized void returnConn(LDAPConnection conn) { - if (conn == null) { - return; - } - BoundConnection boundconn = (BoundConnection) conn; - - if (boundconn.getFacId() != mConns) { - log(ILogger.LL_WARN, "returnConn: unknown connection."); - } - for (int i = 0; i < mNumConns; i++) { - if (mConns[i] == conn) { - CMS.debug( - "returnConn: previously returned connection."); - } - } - mConns[mNumConns++] = boundconn; - CMS.debug("returnConn: mNumConns now " + mNumConns); - notify(); - } - - /** - * handy routine for logging in this class. - */ - private void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "In Ldap (bound) connection pool to" + - " host " + mConnInfo.getHost() + - " port " + mConnInfo.getPort() + ", " + msg); - } - - protected void finalize() - throws Exception { - reset(); - } - - /** - * used for disconnecting all connections and reset everything to 0 - * as if connections were never made. used just before a subsystem - * shutdown or process exit. - * useful only if no connections are outstanding. - */ - public synchronized void reset() - throws ELdapException { - if (mNumConns == mTotal) { - for (int i = 0; i < mNumConns; i++) { - try { - mConns[i].disconnect(); - } catch (LDAPException e) { - } - mConns[i] = null; - } - if (mMasterConn != null) { - try { - log(ILogger.LL_INFO, "disconnecting masterConn"); - mMasterConn.disconnect(); - } catch (LDAPException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAPCONN_CANNOT_RESET", - e.toString())); - } - } - mMasterConn = null; - mTotal = 0; - mNumConns = 0; - } else { - CMS.debug( - "Cannot reset factory: connections not all returned"); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_CANNOT_RESET_CONNFAC")); - } - - if (mAuthInfo != null) { - mAuthInfo.reset(); - } - } - - /** - * return ldap connection info - */ - public LdapConnInfo getConnInfo() { - return mConnInfo; - } - - /** - * return ldap authentication info - */ - public LdapAuthInfo getAuthInfo() { - return mAuthInfo; - } - - /** - * used to keep track of connections from this factory. - */ - public class BoundConnection extends LdapBoundConnection { - /** - * - */ - private static final long serialVersionUID = 1353616391879078337L; - - public BoundConnection(LdapConnInfo connInfo, LdapAuthInfo authInfo) - throws LDAPException { - super(connInfo, authInfo); - } - - public BoundConnection(String host, int port, int version, - LDAPSocketFactory fac, - String bindDN, String bindPW) - throws LDAPException { - super(host, port, version, fac, bindDN, bindPW); - } - - /** - * used only to identify the factory from which this came. - */ - public BoundConnection[] getFacId() { - return mConns; - } - } -} diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnection.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnection.java deleted file mode 100644 index fc97ab48c..000000000 --- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnection.java +++ /dev/null @@ -1,220 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cmscore.ldapconn; - -import java.util.Properties; - -import netscape.ldap.LDAPConnection; -import netscape.ldap.LDAPException; -import netscape.ldap.LDAPRebind; -import netscape.ldap.LDAPRebindAuth; -import netscape.ldap.LDAPSocketFactory; -import netscape.ldap.LDAPv2; - -import com.netscape.certsrv.apps.CMS; - -/** - * A LDAP connection that is bound to a server host, port, secure type. - * and authentication. - * Makes a LDAP connection and authentication when instantiated. - * Cannot establish another LDAP connection or authentication after - * construction. LDAPConnection connect and authentication methods are - * overridden to prevent this. - */ -public class LdapBoundConnection extends LDAPConnection { - /** - * - */ - private static final long serialVersionUID = -2242077674357271559L; - // LDAPConnection calls authenticate so must set this for first - // authenticate call. - private boolean mAuthenticated = false; - - /** - * Instantiates a connection to a ldap server, secure or non-secure - * connection with Ldap basic bind dn & pw authentication. - */ - public LdapBoundConnection( - LdapConnInfo connInfo, LdapAuthInfo authInfo) - throws LDAPException { - // this LONG line to satisfy super being the first call. (yuk) - super( - authInfo.getAuthType() == LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH ? - new LdapJssSSLSocketFactory(authInfo.getParms()[0]) : - (connInfo.getSecure() ? new LdapJssSSLSocketFactory() : null)); - - // Set option to automatically follow referrals. - // Use the same credentials to follow referrals; this is the easiest - // thing to do without any complicated configuration using - // different hosts. - // If client auth is used don't have dn and pw to follow referrals. - - boolean followReferrals = connInfo.getFollowReferrals(); - - setOption(LDAPv2.REFERRALS, new Boolean(followReferrals)); - if (followReferrals && - authInfo.getAuthType() != LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH) { - LDAPRebind rebindInfo = - new ARebindInfo(authInfo.getParms()[0], - authInfo.getParms()[1]); - - setOption(LDAPv2.REFERRALS_REBIND_PROC, rebindInfo); - } - - if (authInfo.getAuthType() == LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH) { - // will be bound to client auth cert mapped entry. - super.connect(connInfo.getHost(), connInfo.getPort()); - CMS.debug( - "Established LDAP connection with SSL client auth to " + - connInfo.getHost() + ":" + connInfo.getPort()); - } else { // basic auth - String binddn = authInfo.getParms()[0]; - String bindpw = authInfo.getParms()[1]; - - super.connect(connInfo.getVersion(), - connInfo.getHost(), connInfo.getPort(), binddn, bindpw); - CMS.debug( - "Established LDAP connection using basic authentication to" + - " host " + connInfo.getHost() + - " port " + connInfo.getPort() + - " as " + binddn); - } - } - - /** - * Instantiates a connection to a ldap server, secure or non-secure - * connection with Ldap basic bind dn & pw authentication. - */ - public LdapBoundConnection(String host, int port, int version, - LDAPSocketFactory fac, - String bindDN, String bindPW) - throws LDAPException { - super(fac); - if (bindDN != null) { - super.connect(version, host, port, bindDN, bindPW); - CMS.debug( - "Established LDAP connection using basic authentication " + - " as " + bindDN + " to " + host + ":" + port); - } else { - if (fac == null && bindDN == null) { - throw new IllegalArgumentException( - "Ldap bound connection must have authentication info."); - } - // automatically authenticated if it's ssl client auth. - super.connect(version, host, port, null, null); - CMS.debug( - "Established LDAP connection using SSL client authentication " + - "to " + host + ":" + port); - } - } - - /** - * Overrides same method in LDAPConnection to do prevent re-authentication. - */ - public void authenticate(int version, String dn, String pw) - throws LDAPException { - - /** - * if (mAuthenticated) { - * throw new RuntimeException( - * "this LdapBoundConnection already authenticated: auth(v,dn,pw)"); - * } - **/ - super.authenticate(version, dn, pw); - mAuthenticated = true; - } - - /** - * Overrides same method in LDAPConnection to do prevent re-authentication. - */ - public void authenticate(String dn, String pw) - throws LDAPException { - - /** - * if (mAuthenticated) { - * throw new RuntimeException( - * "this LdapBoundConnection already authenticated: auth(dn,pw)"); - * } - **/ - super.authenticate(3, dn, pw); - mAuthenticated = true; - } - - /** - * Overrides same method in LDAPConnection to do prevent re-authentication. - */ - public void authenticate(String dn, String mech, String packageName, - Properties props, Object getter) - throws LDAPException { - - /** - * if (mAuthenticated) { - * throw new RuntimeException( - * "this LdapBoundConnection already authenticated: auth(mech)"); - * } - **/ - super.authenticate(dn, mech, packageName, props, getter); - mAuthenticated = true; - } - - /** - * Overrides same method in LDAPConnection to do prevent re-authentication. - */ - public void authenticate(String dn, String mechs[], String packageName, - Properties props, Object getter) - throws LDAPException { - - /** - * if (mAuthenticated) { - * throw new RuntimeException( - * "this LdapBoundConnection is already authenticated: auth(mechs)"); - * } - **/ - super.authenticate(dn, mechs, packageName, props, getter); - mAuthenticated = true; - } - - /** - * overrides parent's connect to prevent re-connect. - */ - public void connect(String host, int port) throws LDAPException { - throw new RuntimeException( - "this LdapBoundConnection is already connected: conn(host,port)"); - } - - /** - * overrides parent's connect to prevent re-connect. - */ - public void connect(int version, String host, int port, - String dn, String pw) throws LDAPException { - throw new RuntimeException( - "this LdapBoundConnection is already connected: conn(version,h,p)"); - } -} - -class ARebindInfo implements LDAPRebind { - private LDAPRebindAuth mRebindAuthInfo = null; - - public ARebindInfo(String binddn, String pw) { - mRebindAuthInfo = new LDAPRebindAuth(binddn, pw); - } - - public LDAPRebindAuth getRebindAuthentication(String host, int port) { - return mRebindAuthInfo; - } -} diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapConnInfo.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapConnInfo.java deleted file mode 100644 index 4ef7d804c..000000000 --- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapConnInfo.java +++ /dev/null @@ -1,119 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cmscore.ldapconn; - -import netscape.ldap.LDAPv2; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.EPropertyNotFound; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.ldap.ELdapException; -import com.netscape.certsrv.ldap.ILdapConnInfo; - -/** - * class for reading ldap connection from the config store. - * ldap connection info: host, port, secure connection - */ -public class LdapConnInfo implements ILdapConnInfo { - - private String mHost = null; - private int mPort = -1; - private boolean mSecure = false; - private int mVersion = LDAPv2.PROTOCOL_VERSION; - private boolean mFollowReferrals = true; - - /** - * default constructor. must be followed by init(IConfigStore) - */ - public LdapConnInfo(IConfigStore config) throws EBaseException, ELdapException { - init(config); - } - - /** - * initializes an instance from a config store. - * required parms: host, port - * optional parms: secure connection, authentication method & info. - */ - public void init(IConfigStore config) throws EBaseException, ELdapException { - mHost = config.getString(PROP_HOST); - mPort = config.getInteger(PROP_PORT); - String version = (String) config.get(PROP_PROTOCOL); - - if (version != null && version.equals("")) { - // provide a default when this field is blank from the - // configuration. - mVersion = LDAP_VERSION_3; - } else { - mVersion = config.getInteger(PROP_PROTOCOL, LDAP_VERSION_3); - if (mVersion != LDAP_VERSION_2 && mVersion != LDAP_VERSION_3) { - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY", PROP_PROTOCOL)); - } - } - if (mHost == null || (mHost.length() == 0) || (mHost.trim().equals(""))) { - throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", PROP_HOST)); - } - if (mPort <= 0) { - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY", PROP_PORT)); - } - mSecure = config.getBoolean(PROP_SECURE, false); - mFollowReferrals = config.getBoolean(PROP_FOLLOW_REFERRALS, true); - } - - public LdapConnInfo(String host, int port, boolean secure) { - mHost = host; - mPort = port; - mSecure = secure; - if (mHost == null || mPort <= 0) { - // XXX log something here - throw new IllegalArgumentException("LDAP host or port is null"); - } - } - - public LdapConnInfo(String host, int port) { - mHost = host; - mPort = port; - if (mHost == null || mPort <= 0) { - // XXX log something here - throw new IllegalArgumentException("LDAP host or port is null"); - } - } - - public String getHost() { - return mHost; - } - - public int getPort() { - return mPort; - } - - public int getVersion() { - return mVersion; - } - - public boolean getSecure() { - return mSecure; - } - - public boolean getFollowReferrals() { - return mFollowReferrals; - } - -} diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapJssSSLSocketFactory.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapJssSSLSocketFactory.java deleted file mode 100644 index 4df2fe357..000000000 --- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapJssSSLSocketFactory.java +++ /dev/null @@ -1,109 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cmscore.ldapconn; - -import java.io.IOException; -import java.net.Socket; -import java.net.UnknownHostException; - -import netscape.ldap.LDAPException; -import netscape.ldap.LDAPSSLSocketFactoryExt; - -import org.mozilla.jss.ssl.SSLHandshakeCompletedEvent; -import org.mozilla.jss.ssl.SSLHandshakeCompletedListener; -import org.mozilla.jss.ssl.SSLSocket; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.logging.ILogger; - -/** - * Uses HCL ssl socket. - * - * @author Lily Hsiao lhsiao@netscape.com - */ -public class LdapJssSSLSocketFactory implements LDAPSSLSocketFactoryExt { - private String mClientAuthCertNickname = null; - private boolean mClientAuth = false; - - public LdapJssSSLSocketFactory() { - } - - public LdapJssSSLSocketFactory(String certNickname) { - mClientAuthCertNickname = certNickname; - } - - public Socket makeSocket(String host, int port) throws LDAPException { - SSLSocket s = null; - - try { - SSLSocket.enableSSL2Default(false); - s = new SSLSocket(host, port); - s.setUseClientMode(true); - s.enableSSL2(false); - //TODO Do we really want to set the default each time? - SSLSocket.enableSSL2Default(false); - s.enableV2CompatibleHello(false); - - SSLHandshakeCompletedListener listener = null; - - listener = new ClientHandshakeCB(this); - s.addHandshakeCompletedListener(listener); - - if (mClientAuthCertNickname != null) { - mClientAuth = true; - CMS.debug( - "LdapJssSSLSocket set client auth cert nickname" + - mClientAuthCertNickname); - s.setClientCertNickname(mClientAuthCertNickname); - } - s.forceHandshake(); - } catch (UnknownHostException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAPCONN_UNKNOWN_HOST")); - throw new LDAPException( - "Cannot Create JSS SSL Socket - Unknown host"); - } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAPCONN_IO_ERROR", e.toString())); - throw new LDAPException("IO Error creating JSS SSL Socket"); - } - return s; - } - - public boolean isClientAuth() { - return mClientAuth; - } - - public Object getCipherSuites() { - return null; - } - - public void log(int level, String msg) { - } - - class ClientHandshakeCB implements SSLHandshakeCompletedListener { - Object sc; - - public ClientHandshakeCB(Object sc) { - this.sc = sc; - } - - public void handshakeCompleted(SSLHandshakeCompletedEvent event) { - CMS.debug("SSL handshake happened"); - } - } -} |