diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/ldapconn')
7 files changed, 563 insertions, 535 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java index 7c1d844d7..fa400341a 100644 --- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java +++ b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.ldapconn; + import netscape.ldap.LDAPConnection; import netscape.ldap.LDAPException; import netscape.ldap.LDAPSocketFactory; @@ -29,10 +30,11 @@ import com.netscape.certsrv.ldap.ELdapServerDownException; import com.netscape.certsrv.ldap.ILdapConnFactory; import com.netscape.certsrv.logging.ILogger; + /** - * Factory for getting LDAP Connections to a LDAP server each connection is a - * seperate thread that can be bound to a different authentication dn and - * password. + * Factory for getting LDAP Connections to a LDAP server + * each connection is a seperate thread that can be bound to a different + * authentication dn and password. */ public class LdapAnonConnFactory implements ILdapConnFactory { protected int mMinConns = 5; @@ -47,8 +49,8 @@ public class LdapAnonConnFactory implements ILdapConnFactory { public static final String PROP_ERROR_IF_DOWN = "errorIfDown"; - private int mNumConns = 0; // number of available conns in array - private int mTotal = 0; // total num conns + private int mNumConns = 0; // number of available conns in array + private int mTotal = 0; // total num conns private AnonConnection mConns[] = null; private boolean mInited = false; @@ -57,8 +59,8 @@ public class LdapAnonConnFactory implements ILdapConnFactory { private boolean mDefErrorIfDown = false; /** - * Constructor for initializing from the config store. must be followed by - * init(IConfigStore) + * Constructor for initializing from the config store. + * must be followed by init(IConfigStore) */ public LdapAnonConnFactory() { } @@ -69,15 +71,13 @@ public class LdapAnonConnFactory implements ILdapConnFactory { /** * Constructor for LdapAnonConnFactory - * * @param minConns minimum number of connections to have available - * @param maxConns max number of connections to have available. This is the - * maximum number of clones of this connection one wants to - * allow. + * @param maxConns max number of connections to have available. This is + * the maximum number of clones of this connection one wants to allow. * @param serverInfo server connection info - host, port, etc. */ - public LdapAnonConnFactory(int minConns, int maxConns, LdapConnInfo connInfo) - throws ELdapException { + public LdapAnonConnFactory(int minConns, int maxConns, + LdapConnInfo connInfo) throws ELdapException { init(minConns, maxConns, connInfo); } @@ -107,10 +107,9 @@ public class LdapAnonConnFactory implements ILdapConnFactory { try { minConns = Integer.parseInt(minStr); } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAPCONN_MIN_CONN")); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_INVALID_NUMBER_FORMAT_1", PROP_MINCONNS)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAPCONN_MIN_CONN")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_NUMBER_FORMAT_1", PROP_MINCONNS)); } } @@ -119,31 +118,30 @@ public class LdapAnonConnFactory implements ILdapConnFactory { try { maxConns = Integer.parseInt(maxStr); } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAPCONN_MAX_CONN")); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_INVALID_NUMBER_FORMAT_1", PROP_MAXCONNS)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAPCONN_MAX_CONN")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_NUMBER_FORMAT_1", PROP_MAXCONNS)); } } mErrorIfDown = config.getBoolean(PROP_ERROR_IF_DOWN, mDefErrorIfDown); - init(minConns, maxConns, - new LdapConnInfo(config.getSubStore(PROP_LDAPCONNINFO))); + init(minConns, maxConns, + new LdapConnInfo(config.getSubStore(PROP_LDAPCONNINFO))); } /** * initialize routine from parameters. */ protected void init(int minConns, int maxConns, LdapConnInfo connInfo) - throws ELdapException { - if (mInited) - return; // XXX should throw exception here ? + throws ELdapException { + if (mInited) + return; // XXX should throw exception here ? - if (minConns <= 0 || maxConns <= 0 || minConns > maxConns) + if (minConns <= 0 || maxConns <= 0 || minConns > maxConns) throw new ELdapException( CMS.getUserMessage("CMS_LDAP_INVALID_NUMCONN_PARAMETERS")); - if (connInfo == null) + if (connInfo == null) throw new IllegalArgumentException("connInfo is Null!"); mMinConns = minConns; @@ -152,9 +150,10 @@ public class LdapAnonConnFactory implements ILdapConnFactory { mConns = new AnonConnection[mMaxConns]; - log(ILogger.LL_INFO, "Created: min " + minConns + " max " + maxConns - + " host " + connInfo.getHost() + " port " + connInfo.getPort() - + " secure " + connInfo.getSecure()); + log(ILogger.LL_INFO, + "Created: min " + minConns + " max " + maxConns + + " host " + connInfo.getHost() + " port " + connInfo.getPort() + + " secure " + connInfo.getSecure()); // initalize minimum number of connection handles available. makeMinimum(mErrorIfDown); @@ -162,122 +161,123 @@ public class LdapAnonConnFactory implements ILdapConnFactory { } /** - * make the mininum configured connections + * make the mininum configured connections */ protected void makeMinimum(boolean errorIfDown) throws ELdapException { try { if (mNumConns < mMinConns && mTotal < mMaxConns) { - int increment = Math.min(mMinConns - mNumConns, mMaxConns - - mTotal); + int increment = Math.min(mMinConns - mNumConns, mMaxConns - mTotal); - CMS.debug("increasing minimum number of connections by " - + increment); + CMS.debug( + "increasing minimum number of connections by " + increment); for (int i = increment - 1; i >= 0; i--) { mConns[i] = new AnonConnection(mConnInfo); } mTotal += increment; mNumConns += increment; - CMS.debug("new total number of connections " + mTotal); - CMS.debug("new total available connections " + mNumConns); + CMS.debug( + "new total number of connections " + mTotal); + CMS.debug( + "new total available connections " + mNumConns); } } catch (LDAPException e) { // XXX errorCodeToString() used here so users won't see message. - // though why are messages from exceptions being displayed to + // though why are messages from exceptions being displayed to // users ? if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { - // need to intercept this because message from LDAP is + // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - "Cannot connect to Ldap server. Error: " - + "Ldap Server host " + mConnInfo.getHost() - + " int " + mConnInfo.getPort() - + " is unavailable."); + "Cannot connect to Ldap server. Error: " + + "Ldap Server host " + mConnInfo.getHost() + + " int " + mConnInfo.getPort() + " is unavailable."); if (errorIfDown) { - throw new ELdapServerDownException(CMS.getUserMessage( - "CMS_LDAP_SERVER_UNAVAILABLE", mConnInfo.getHost(), - "" + mConnInfo.getPort())); + throw new ELdapServerDownException( + CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", + mConnInfo.getHost(), "" + mConnInfo.getPort())); } } else { - log(ILogger.LL_FAILURE, - "Cannot connect to ldap server. error: " + e.toString()); + log(ILogger.LL_FAILURE, + "Cannot connect to ldap server. error: " + e.toString()); String errmsg = e.errorCodeToString(); if (errmsg == null) errmsg = e.toString(); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_CONNECT_TO_LDAP_SERVER_FAILED", - mConnInfo.getHost(), - "" + (Integer.valueOf(mConnInfo.getPort())), errmsg)); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_CONNECT_TO_LDAP_SERVER_FAILED", + mConnInfo.getHost(), "" + (Integer.valueOf(mConnInfo.getPort())), errmsg)); } } } /** - * Gets connection from this factory. All connections gotten from this - * factory must be returned. If not the max number of connections may be - * reached prematurely. The best thing to put returnConn in a finally clause - * so it always gets called. For example, - * + * Gets connection from this factory. + * All connections gotten from this factory must be returned. + * If not the max number of connections may be reached prematurely. + * The best thing to put returnConn in a finally clause so it + * always gets called. For example, * <pre> - * LDAPConnection c = null; - * try { - * c = factory.getConn(); - * myclass.do_something_with_c(c); - * } catch (ELdapException e) { - * handle_error_here(); - * } finally { - * factory.returnConn(c); - * } + * LDAPConnection c = null; + * try { + * c = factory.getConn(); + * myclass.do_something_with_c(c); + * } + * catch (ELdapException e) { + * handle_error_here(); + * } + * finally { + * factory.returnConn(c); + * } * </pre> */ - public LDAPConnection getConn() throws ELdapException { + public LDAPConnection getConn() + throws ELdapException { return getConn(true); } /** - * Returns a LDAP connection - a clone of the master connection. All - * connections should be returned to the factory using returnConn() to - * recycle connection objects. If not returned the limited max number is - * affected but if that number is large not much harm is done. Returns null - * if maximum number of connections reached. - * <p> - * The best thing to put returnConn in a finally clause so it always gets - * called. For example, - * + * Returns a LDAP connection - a clone of the master connection. + * All connections should be returned to the factory using returnConn() + * to recycle connection objects. + * If not returned the limited max number is affected but if that + * number is large not much harm is done. + * Returns null if maximum number of connections reached. + * <p> + * The best thing to put returnConn in a finally clause so it + * always gets called. For example, * <pre> - * LDAPConnection c = null; - * try { - * c = factory.getConn(); - * myclass.do_something_with_c(c); - * } catch (ELdapException e) { - * handle_error_here(); - * } finally { - * factory.returnConn(c); - * } + * LDAPConnection c = null; + * try { + * c = factory.getConn(); + * myclass.do_something_with_c(c); + * } + * catch (ELdapException e) { + * handle_error_here(); + * } + * finally { + * factory.returnConn(c); + * } * </pre> - */ - public synchronized LDAPConnection getConn(boolean waitForConn) - throws ELdapException { + */ + public synchronized LDAPConnection getConn(boolean waitForConn) + throws ELdapException { boolean waited = false; CMS.debug("LdapAnonConnFactory::getConn"); - if (mNumConns == 0) + if (mNumConns == 0) makeMinimum(true); if (mNumConns == 0) { if (!waitForConn) return null; try { CMS.debug("getConn(): out of ldap connections"); - log(ILogger.LL_WARN, - "Ran out of ldap connections available " - + "in ldap connection pool to " - + mConnInfo.getHost() - + ":" - + mConnInfo.getPort() - + ". " - + "This could be a temporary condition or an indication of " - + "something more serious that can cause the server to " - + "hang."); + log(ILogger.LL_WARN, + "Ran out of ldap connections available " + + "in ldap connection pool to " + + mConnInfo.getHost() + ":" + mConnInfo.getPort() + ". " + + "This could be a temporary condition or an indication of " + + "something more serious that can cause the server to " + + "hang."); waited = true; while (mNumConns == 0) { wait(); @@ -291,56 +291,53 @@ public class LdapAnonConnFactory implements ILdapConnFactory { mConns[mNumConns] = null; if (waited) { - log(ILogger.LL_WARN, - "Ldap connections are available again in ldap connection pool " - + "to " + mConnInfo.getHost() + ":" - + mConnInfo.getPort()); + log(ILogger.LL_WARN, + "Ldap connections are available again in ldap connection pool " + + "to " + mConnInfo.getHost() + ":" + mConnInfo.getPort()); } - CMS.debug("LdapAnonConnFactory.getConn(): num avail conns now " - + mNumConns); - // Beginning of fix for Bugzilla #630176 + CMS.debug("LdapAnonConnFactory.getConn(): num avail conns now " + mNumConns); + //Beginning of fix for Bugzilla #630176 boolean isConnected = false; - if (conn != null) { + if(conn != null) { isConnected = conn.isConnected(); } - if (!isConnected) { + if(!isConnected) { CMS.debug("LdapAnonConnFactory.getConn(): selected conn is down, try to reconnect..."); conn = null; try { - conn = new AnonConnection(mConnInfo); + conn = new AnonConnection(mConnInfo); } catch (LDAPException e) { - CMS.debug("LdapAnonConnFactory.getConn(): error when trying to bring back a down connection."); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_CONNECT_TO_LDAP_SERVER_FAILED", - mConnInfo.getHost(), - "" + (Integer.valueOf(mConnInfo.getPort())), - e.toString())); + CMS.debug("LdapAnonConnFactory.getConn(): error when trying to bring back a down connection."); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_CONNECT_TO_LDAP_SERVER_FAILED", + mConnInfo.getHost(), "" + (Integer.valueOf(mConnInfo.getPort())), e.toString())); } } - // This is the end of the fix for Bugzilla #630176 + //This is the end of the fix for Bugzilla #630176 return conn; } - /** - * Returns a connection to the factory for recycling. All connections gotten - * from this factory must be returned. If not the max number of connections - * may be reached prematurely. + /** + * Returns a connection to the factory for recycling. + * All connections gotten from this factory must be returned. + * If not the max number of connections may be reached prematurely. * <p> - * The best thing to put returnConn in a finally clause so it always gets - * called. For example, - * + * The best thing to put returnConn in a finally clause so it + * always gets called. For example, * <pre> - * LDAPConnection c = null; - * try { - * c = factory.getConn(); - * myclass.do_something_with_c(c); - * } catch (ELdapException e) { - * handle_error_here(); - * } finally { - * factory.returnConn(c); - * } + * LDAPConnection c = null; + * try { + * c = factory.getConn(); + * myclass.do_something_with_c(c); + * } + * catch (ELdapException e) { + * handle_error_here(); + * } + * finally { + * factory.returnConn(c); + * } * </pre> */ public synchronized void returnConn(LDAPConnection conn) { @@ -351,12 +348,12 @@ public class LdapAnonConnFactory implements ILdapConnFactory { AnonConnection anon = (AnonConnection) conn; if (anon.getFacId() != mConns) { - // returning a connection not from this factory. + // returning a connection not from this factory. log(ILogger.LL_WARN, "returnConn: unknown connection."); /* swallow this error but see who's doing it. */ - ELdapException e = new ELdapException( - CMS.getUserMessage("CMS_LDAP_UNKNOWN_RETURNED_CONN")); + ELdapException e = + new ELdapException(CMS.getUserMessage("CMS_LDAP_UNKNOWN_RETURNED_CONN")); } // check if conn has already been returned. for (int i = 0; i < mNumConns; i++) { @@ -364,10 +361,10 @@ public class LdapAnonConnFactory implements ILdapConnFactory { if (mConns[i] == anon) { /* swallow this error but see who's doing it. */ - log(ILogger.LL_WARN, - "returnConn: previously returned connection."); - ELdapException e = new ELdapException( - CMS.getUserMessage("CMS_LDAP_BAD_RETURNED_CONN")); + log(ILogger.LL_WARN, + "returnConn: previously returned connection."); + ELdapException e = + new ELdapException(CMS.getUserMessage("CMS_LDAP_BAD_RETURNED_CONN")); } } @@ -380,9 +377,9 @@ public class LdapAnonConnFactory implements ILdapConnFactory { // return conn. CMS.debug("returnConn: mNumConns now " + mNumConns); } catch (LDAPException e) { - log(ILogger.LL_WARN, - "Could not re-authenticate ldap connection to anonymous." - + " Error " + e); + log(ILogger.LL_WARN, + "Could not re-authenticate ldap connection to anonymous." + + " Error " + e); } // return the connection even if can't reauthentication anon. // most likely server was down. @@ -391,7 +388,8 @@ public class LdapAnonConnFactory implements ILdapConnFactory { notify(); } - protected void finalize() throws Exception { + protected void finalize() + throws Exception { reset(); } @@ -403,29 +401,30 @@ public class LdapAnonConnFactory implements ILdapConnFactory { } /** - * resets this factory - if no connections outstanding, disconnections all - * connections and resets everything to 0 as if no connections were ever - * made. intended to be called just before shutdown or exit to disconnection - * & cleanup connections. + * resets this factory - if no connections outstanding, + * disconnections all connections and resets everything to 0 as if + * no connections were ever made. intended to be called just before + * shutdown or exit to disconnection & cleanup connections. */ // ok only if no connections outstanding. - public synchronized void reset() throws ELdapException { + public synchronized void reset() + throws ELdapException { if (mNumConns == mTotal) { for (int i = 0; i < mNumConns; i++) { try { CMS.debug("disconnecting connection " + i); mConns[i].disconnect(); } catch (LDAPException e) { - log(ILogger.LL_INFO, - "exception during disconnect: " + e.toString()); + log(ILogger.LL_INFO, + "exception during disconnect: " + e.toString()); } mConns[i] = null; } mTotal = 0; mNumConns = 0; } else { - log(ILogger.LL_INFO, - "Cannot reset() while connections not all returned"); + log(ILogger.LL_INFO, + "Cannot reset() while connections not all returned"); throw new ELdapException( CMS.getUserMessage("CMS_LDAP_CANNOT_RESET_CONNFAC")); } @@ -435,13 +434,10 @@ public class LdapAnonConnFactory implements ILdapConnFactory { * handy routine for logging in this class. */ private void log(int level, String msg) { - mLogger.log( - ILogger.EV_SYSTEM, - ILogger.S_LDAP, - level, - "In Ldap (anonymous) connection pool to" + " host " - + mConnInfo.getHost() + " port " + mConnInfo.getPort() - + ", " + msg); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, + "In Ldap (anonymous) connection pool to" + + " host " + mConnInfo.getHost() + + " port " + mConnInfo.getPort() + ", " + msg); } /** @@ -453,26 +449,28 @@ public class LdapAnonConnFactory implements ILdapConnFactory { */ private static final long serialVersionUID = 4813780131074412404L; - public AnonConnection(LdapConnInfo connInfo) throws LDAPException { + public AnonConnection(LdapConnInfo connInfo) + throws LDAPException { super(connInfo); } - - public AnonConnection(String host, int port, int version, - LDAPSocketFactory fac) throws LDAPException { + + public AnonConnection(String host, int port, int version, + LDAPSocketFactory fac) + throws LDAPException { super(host, port, version, fac); } - + /** * instantiates a non-secure connection to a ldap server */ public AnonConnection(String host, int port, int version) - throws LDAPException { + throws LDAPException { super(host, port, version); } /** - * used only to identify the factory from which this came. mConns to - * identify factory. + * used only to identify the factory from which this came. + * mConns to identify factory. */ public AnonConnection[] getFacId() { return mConns; diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java index 09c77048e..1d3996dd7 100644 --- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java +++ b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java @@ -17,16 +17,18 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.ldapconn; + import netscape.ldap.LDAPConnection; import netscape.ldap.LDAPException; import netscape.ldap.LDAPSocketFactory; import netscape.ldap.LDAPv2; + /** - * A LDAP connection that is bound to a server host, port and secure type. Makes - * a LDAP connection when instantiated. Cannot establish another LDAP connection - * after construction. LDAPConnection connect methods are overridden to prevent - * this. + * A LDAP connection that is bound to a server host, port and secure type. + * Makes a LDAP connection when instantiated. + * Cannot establish another LDAP connection after construction. + * LDAPConnection connect methods are overridden to prevent this. */ public class LdapAnonConnection extends LDAPConnection { @@ -38,24 +40,26 @@ public class LdapAnonConnection extends LDAPConnection { /** * instantiates a connection to a ldap server */ - public LdapAnonConnection(LdapConnInfo connInfo) throws LDAPException { + public LdapAnonConnection(LdapConnInfo connInfo) + throws LDAPException { super(connInfo.getSecure() ? new LdapJssSSLSocketFactory() : null); - // Set option to automatically follow referrals. + // Set option to automatically follow referrals. // rebind info is also anonymous. boolean followReferrals = connInfo.getFollowReferrals(); setOption(LDAPv2.REFERRALS, new Boolean(followReferrals)); - super.connect(connInfo.getVersion(), connInfo.getHost(), - connInfo.getPort(), null, null); + super.connect(connInfo.getVersion(), + connInfo.getHost(), connInfo.getPort(), null, null); } /** * instantiates a connection to a ldap server */ - public LdapAnonConnection(String host, int port, int version, - LDAPSocketFactory fac) throws LDAPException { + public LdapAnonConnection(String host, int port, int version, + LDAPSocketFactory fac) + throws LDAPException { super(fac); super.connect(version, host, port, null, null); } @@ -64,13 +68,14 @@ public class LdapAnonConnection extends LDAPConnection { * instantiates a non-secure connection to a ldap server */ public LdapAnonConnection(String host, int port, int version) - throws LDAPException { + throws LDAPException { super(); super.connect(version, host, port, null, null); } /** - * overrides superclass connect. does not allow reconnect. + * overrides superclass connect. + * does not allow reconnect. */ public void connect(String host, int port) throws LDAPException { throw new RuntimeException( @@ -78,10 +83,11 @@ public class LdapAnonConnection extends LDAPConnection { } /** - * overrides superclass connect. does not allow reconnect. + * overrides superclass connect. + * does not allow reconnect. */ - public void connect(int version, String host, int port, String dn, String pw) - throws LDAPException { + public void connect(int version, String host, int port, + String dn, String pw) throws LDAPException { throw new RuntimeException( "this LdapAnonConnection already connected: connect(v,h,p)"); } diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAuthInfo.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAuthInfo.java index 450e070a4..b499dd07e 100644 --- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAuthInfo.java +++ b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAuthInfo.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.ldapconn; + import java.util.Hashtable; import netscape.ldap.LDAPConnection; @@ -28,6 +29,7 @@ import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.ldap.ILdapAuthInfo; import com.netscape.cmsutil.password.IPasswordStore; + /** * class for reading ldap authentication info from config store */ @@ -54,31 +56,28 @@ public class LdapAuthInfo implements ILdapAuthInfo { } /** - * constructs ldap auth info directly from config store, and verifies the - * password by attempting to connect to the server. + * constructs ldap auth info directly from config store, and verifies + * the password by attempting to connect to the server. */ - public LdapAuthInfo(IConfigStore config, String host, int port, - boolean secure) throws EBaseException { + public LdapAuthInfo(IConfigStore config, String host, int port, boolean secure) + throws EBaseException { init(config, host, port, secure); } - public String getPasswordFromStore(String prompt) { + public String getPasswordFromStore (String prompt) { String pwd = null; CMS.debug("LdapAuthInfo: getPasswordFromStore: try to get it from password store"); - // hey - should use password store interface to allow different - // implementations - // but the problem is, other parts of the system just go directly to the - // file - // so calling CMS.getPasswordStore() will give you an outdated one - /* - * IConfigStore mainConfig = CMS.getConfigStore(); String pwdFile = - * mainConfig.getString("passwordFile"); FileConfigStore pstore = new - * FileConfigStore(pwdFile); - */ +// hey - should use password store interface to allow different implementations +// but the problem is, other parts of the system just go directly to the file +// so calling CMS.getPasswordStore() will give you an outdated one +/* + IConfigStore mainConfig = CMS.getConfigStore(); + String pwdFile = mainConfig.getString("passwordFile"); + FileConfigStore pstore = new FileConfigStore(pwdFile); +*/ IPasswordStore pwdStore = CMS.getPasswordStore(); - CMS.debug("LdapAuthInfo: getPasswordFromStore: about to get from passwored store: " - + prompt); + CMS.debug("LdapAuthInfo: getPasswordFromStore: about to get from passwored store: "+prompt); // support publishing dirsrv with different pwd than internaldb @@ -86,18 +85,18 @@ public class LdapAuthInfo implements ILdapAuthInfo { if (pwdStore != null) { CMS.debug("LdapAuthInfo: getPasswordFromStore: password store available"); pwd = pwdStore.getPassword(prompt); - // pwd = pstore.getString(prompt); - if (pwd == null) { - CMS.debug("LdapAuthInfo: getPasswordFromStore: password for " - + prompt + " not found, trying internaldb"); +// pwd = pstore.getString(prompt); + if ( pwd == null) { + CMS.debug("LdapAuthInfo: getPasswordFromStore: password for "+prompt+ + " not found, trying internaldb"); - // pwd = pstore.getString("internaldb"); +// pwd = pstore.getString("internaldb"); - pwd = pwdStore.getPassword("internaldb"); // last resort + pwd = pwdStore.getPassword("internaldb"); // last resort } else - CMS.debug("LdapAuthInfo: getPasswordFromStore: password found for prompt in password store"); + CMS.debug("LdapAuthInfo: getPasswordFromStore: password found for prompt in password store"); } else - CMS.debug("LdapAuthInfo: getPasswordFromStore: password store not available: pwdStore is null"); + CMS.debug("LdapAuthInfo: getPasswordFromStore: password store not available: pwdStore is null"); return pwd; } @@ -111,19 +110,19 @@ public class LdapAuthInfo implements ILdapAuthInfo { /** * initialize this class from the config store, and verify the password. - * - * @param host The host that the directory server is running on. This will - * be used to verify the password by attempting to connect. If it - * is <code>null</code>, the password will not be verified. + * + * @param host The host that the directory server is running on. + * This will be used to verify the password by attempting to connect. + * If it is <code>null</code>, the password will not be verified. * @param port The port that the directory server is running on. */ public void init(IConfigStore config, String host, int port, boolean secure) - throws EBaseException { + throws EBaseException { CMS.debug("LdapAuthInfo: init()"); - if (mInited) { + if (mInited) { CMS.debug("LdapAuthInfo: already initialized"); - return; // XXX throw exception here ? + return; // XXX throw exception here ? } CMS.debug("LdapAuthInfo: init begins"); @@ -145,33 +144,30 @@ public class LdapAuthInfo implements ILdapAuthInfo { if (prompt == null) { prompt = "LDAP Authentication"; - CMS.debug("LdapAuthInfo: init: prompt is null, change to " - + prompt); + CMS.debug("LdapAuthInfo: init: prompt is null, change to "+prompt); } else - CMS.debug("LdapAuthInfo: init: prompt is " + prompt); + CMS.debug("LdapAuthInfo: init: prompt is "+prompt); if (mParms[1] == null) { CMS.debug("LdapAuthInfo: init: try getting from memory cache"); mParms[1] = (String) passwords.get(prompt); - if (mParms[1] != null) { - inMem = true; - CMS.debug("LdapAuthInfo: init: got password from memory"); - } else - CMS.debug("LdapAuthInfo: init: password not in memory"); +if (mParms[1] != null) { + inMem = true; +CMS.debug("LdapAuthInfo: init: got password from memory"); +} else +CMS.debug("LdapAuthInfo: init: password not in memory"); } else - CMS.debug("LdapAuthInfo: init: found password from config"); +CMS.debug("LdapAuthInfo: init: found password from config"); if (mParms[1] == null) { mParms[1] = getPasswordFromStore(prompt); - } else { + } else { CMS.debug("LdapAuthInfo: init: password found for prompt."); - } + } // verify the password - if ((mParms[1] != null) - && (!mParms[1].equals("")) - && (host == null || authInfoOK(host, port, secure, - mParms[0], mParms[1]))) { + if ((mParms[1]!= null) && (!mParms[1].equals("")) && (host == null || + authInfoOK(host, port, secure, mParms[0], mParms[1]))) { // The password is OK or uncheckable CMS.debug("LdapAuthInfo: password ok: store in memory cache"); passwords.put(prompt, mParms[1]); @@ -180,17 +176,16 @@ public class LdapAuthInfo implements ILdapAuthInfo { CMS.debug("LdapAuthInfo: password not found"); else { CMS.debug("LdapAuthInfo: password does not work"); - /* - * what do you know? Our IPasswordStore does not have a - * remove function. pstore.remove("internaldb"); - */ +/* what do you know? Our IPasswordStore does not have a remove function. + pstore.remove("internaldb"); +*/ if (inMem) { // this is for the case when admin changes pwd // from console mParms[1] = getPasswordFromStore(prompt); - if (authInfoOK(host, port, secure, mParms[0], mParms[1])) { - CMS.debug("LdapAuthInfo: password ok: store in memory cache"); - passwords.put(prompt, mParms[1]); + if(authInfoOK(host, port, secure, mParms[0], mParms[1])) { + CMS.debug("LdapAuthInfo: password ok: store in memory cache"); + passwords.put(prompt, mParms[1]); } } } @@ -217,17 +212,16 @@ public class LdapAuthInfo implements ILdapAuthInfo { /** * Verifies the distinguished name and password by attempting to - * authenticate to the server. If we connect to the server but cannot - * authenticate, we conclude that the DN or password is invalid. If we - * cannot connect at all, we don't know, so we return true (there's no sense - * asking for the password again since we can't verify it anyway). If we - * connect and authenticate successfully, we know the DN and password are - * correct, so we return true. + * authenticate to the server. If we connect to the server but cannot + * authenticate, we conclude that the DN or password is invalid. If + * we cannot connect at all, we don't know, so we return true + * (there's no sense asking for the password again since we can't verify + * it anyway). If we connect and authenticate successfully, we know + * the DN and password are correct, so we return true. */ private static LDAPConnection conn = new LDAPConnection(); - - private static boolean authInfoOK(String host, int port, boolean secure, - String dn, String pw) { + private static boolean + authInfoOK(String host, int port, boolean secure, String dn, String pw) { // We dont perform auth checking if we are in SSL mode. if (secure) @@ -244,13 +238,16 @@ public class LdapAuthInfo implements ILdapAuthInfo { } /** - * There is a bug in LDAP SDK. VM will crash on NT if we connect and - * disconnect too many times. + * There is a bug in LDAP SDK. VM will crash on NT if + * we connect and disconnect too many times. **/ - + /** - * if( connected ) { try { conn.disconnect(); } catch( LDAPException e ) - * { } } + if( connected ) { + try { + conn.disconnect(); + } catch( LDAPException e ) { } + } **/ if (connected && !authenticated) { @@ -261,11 +258,10 @@ public class LdapAuthInfo implements ILdapAuthInfo { } /** - * get authentication type. - * + * get authentication type. * @return one of: <br> - * LdapAuthInfo.LDAP_AUTHTYPE_BASICAUTH or - * LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH + * LdapAuthInfo.LDAP_AUTHTYPE_BASICAUTH or + * LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH */ public int getAuthType() { return mType; @@ -273,7 +269,6 @@ public class LdapAuthInfo implements ILdapAuthInfo { /** * get params for authentication - * * @return array of parameters for this authentication. */ public String[] getParms() { @@ -286,7 +281,7 @@ public class LdapAuthInfo implements ILdapAuthInfo { public void addPassword(String prompt, String pw) { try { passwords.put(prompt, pw); - } catch (Exception e) { + }catch (Exception e) { } } @@ -296,7 +291,7 @@ public class LdapAuthInfo implements ILdapAuthInfo { public void removePassword(String prompt) { try { passwords.remove(prompt); - } catch (Exception e) { + }catch (Exception e) { } } } diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnFactory.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnFactory.java index 08932ef54..a8a107acb 100644 --- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnFactory.java +++ b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnFactory.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.ldapconn; + import netscape.ldap.LDAPConnection; import netscape.ldap.LDAPException; import netscape.ldap.LDAPSocketFactory; @@ -29,10 +30,12 @@ import com.netscape.certsrv.ldap.ELdapServerDownException; import com.netscape.certsrv.ldap.ILdapBoundConnFactory; import com.netscape.certsrv.logging.ILogger; + /** - * Factory for getting LDAP Connections to a LDAP server with the same LDAP - * authentication. XXX not sure how useful this is given that LDAPConnection - * itself can be shared by multiple threads and cloned. + * Factory for getting LDAP Connections to a LDAP server with the same + * LDAP authentication. + * XXX not sure how useful this is given that LDAPConnection itself can + * be shared by multiple threads and cloned. */ public class LdapBoundConnFactory implements ILdapBoundConnFactory { protected int mMinConns = 5; @@ -49,10 +52,10 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory { public static final String PROP_ERROR_IF_DOWN = "errorIfDown"; - private int mNumConns = 0; // number of available conns in array - private int mTotal = 0; // total num conns + private int mNumConns = 0; // number of available conns in array + private int mTotal = 0; // total num conns - private boolean doCloning = true; + private boolean doCloning=true; private LdapBoundConnection mMasterConn = null; // master connection object. private BoundConnection mConns[]; @@ -67,8 +70,8 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory { private boolean mDefErrorIfDown = false; /** - * Constructor for initializing from the config store. must be followed by - * init(IConfigStore) + * Constructor for initializing from the config store. + * must be followed by init(IConfigStore) */ public LdapBoundConnFactory() { } @@ -91,52 +94,51 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory { /** * Constructor for LdapBoundConnFactory - * * @param minConns minimum number of connections to have available - * @param maxConns max number of connections to have available. This is the - * maximum number of clones of this connection or separate - * connections one wants to allow. + * @param maxConns max number of connections to have available. This is + * the maximum number of clones of this connection or separate connections one wants to allow. * @param serverInfo server connection info - host, port, etc. */ - public LdapBoundConnFactory(int minConns, int maxConns, - LdapConnInfo connInfo, LdapAuthInfo authInfo) throws ELdapException { + public LdapBoundConnFactory(int minConns, int maxConns, + LdapConnInfo connInfo, LdapAuthInfo authInfo) throws ELdapException { init(minConns, maxConns, connInfo, authInfo); } /** * Constructor for initialize */ - public void init(IConfigStore config) throws ELdapException, EBaseException { + public void init(IConfigStore config) + throws ELdapException, EBaseException { CMS.debug("LdapBoundConnFactory: init "); - LdapConnInfo connInfo = new LdapConnInfo( - config.getSubStore(PROP_LDAPCONNINFO)); + LdapConnInfo connInfo = + new LdapConnInfo(config.getSubStore(PROP_LDAPCONNINFO)); mErrorIfDown = config.getBoolean(PROP_ERROR_IF_DOWN, mDefErrorIfDown); - doCloning = config.getBoolean("doCloning", true); + doCloning = config.getBoolean("doCloning",true); CMS.debug("LdapBoundConnFactory:doCloning " + doCloning); init(config.getInteger(PROP_MINCONNS, mMinConns), - config.getInteger(PROP_MAXCONNS, mMaxConns), - connInfo, - new LdapAuthInfo(config.getSubStore(PROP_LDAPAUTHINFO), - connInfo.getHost(), connInfo.getPort(), connInfo - .getSecure())); + config.getInteger(PROP_MAXCONNS, mMaxConns), + connInfo, + new LdapAuthInfo(config.getSubStore(PROP_LDAPAUTHINFO), + connInfo.getHost(), connInfo.getPort(), connInfo.getSecure())); } /** - * initialize parameters obtained from either constructor or config store - * + * initialize parameters obtained from either constructor or + * config store * @param minConns minimum number of connection handls to have available. * @param maxConns maximum total number of connections to ever have. * @param connInfo ldap connection info. * @param authInfo ldap authentication info. - * @exception ELdapException if any error occurs. + * @exception ELdapException if any error occurs. */ - private void init(int minConns, int maxConns, LdapConnInfo connInfo, - LdapAuthInfo authInfo) throws ELdapException { - if (minConns <= 0 || maxConns <= 0 || minConns > maxConns) + private void init(int minConns, int maxConns, + LdapConnInfo connInfo, LdapAuthInfo authInfo) + throws ELdapException { + if (minConns <= 0 || maxConns <= 0 || minConns > maxConns) throw new ELdapException( CMS.getUserMessage("CMS_LDAP_INVALID_NUMCONN_PARAMETERS")); if (connInfo == null || authInfo == null) @@ -150,14 +152,16 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory { mConns = new BoundConnection[mMaxConns]; // Create connection handle and make initial connection - CMS.debug("init: before makeConnection errorIfDown is " + mErrorIfDown); + CMS.debug( + "init: before makeConnection errorIfDown is " + mErrorIfDown); makeConnection(mErrorIfDown); - CMS.debug("initializing with mininum " + mMinConns + " and maximum " - + mMaxConns + " connections to " + "host " - + mConnInfo.getHost() + " port " + mConnInfo.getPort() - + ", secure connection, " + mConnInfo.getSecure() - + ", authentication type " + mAuthInfo.getAuthType()); + CMS.debug( + "initializing with mininum " + mMinConns + " and maximum " + mMaxConns + + " connections to " + + "host " + mConnInfo.getHost() + " port " + mConnInfo.getPort() + + ", secure connection, " + mConnInfo.getSecure() + + ", authentication type " + mAuthInfo.getAuthType()); // initalize minimum number of connection handles available. makeMinimum(); @@ -165,7 +169,6 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory { /** * makes the initial master connection used to clone others.. - * * @exception ELdapException if any error occurs. */ protected void makeConnection(boolean errorIfDown) throws ELdapException { @@ -176,36 +179,32 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAPCONN_CONNECT_SERVER", mConnInfo.getHost(), + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAPCONN_CONNECT_SERVER", + mConnInfo.getHost(), Integer.toString(mConnInfo.getPort()))); if (errorIfDown) { - throw new ELdapServerDownException(CMS.getUserMessage( - "CMS_LDAP_SERVER_UNAVAILABLE", mConnInfo.getHost(), - "" + mConnInfo.getPort())); + throw new ELdapServerDownException( + CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", + mConnInfo.getHost(), "" + mConnInfo.getPort())); } } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAPCONN_FAILED_SERVER", - e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_CONNECT_TO_LDAP_SERVER_FAILED", - mConnInfo.getHost(), - "" + (Integer.valueOf(mConnInfo.getPort())), - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAPCONN_FAILED_SERVER", e.toString())); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_CONNECT_TO_LDAP_SERVER_FAILED", + mConnInfo.getHost(), "" + (Integer.valueOf(mConnInfo.getPort())), e.toString())); } } } + /** * makes subsequent connections if cloning is not used . - * * @exception ELdapException if any error occurs. */ - private LdapBoundConnection makeNewConnection(boolean errorIfDown) - throws ELdapException { - CMS.debug("LdapBoundConnFactory:In makeNewConnection: errorIfDown " - + errorIfDown); + private LdapBoundConnection makeNewConnection(boolean errorIfDown) throws ELdapException { + CMS.debug("LdapBoundConnFactory:In makeNewConnection: errorIfDown " + errorIfDown); LdapBoundConnection conn = null; try { conn = new BoundConnection(mConnInfo, mAuthInfo); @@ -213,48 +212,47 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAPCONN_CONNECT_SERVER", mConnInfo.getHost(), + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAPCONN_CONNECT_SERVER", + mConnInfo.getHost(), Integer.toString(mConnInfo.getPort()))); if (errorIfDown) { - throw new ELdapServerDownException(CMS.getUserMessage( - "CMS_LDAP_SERVER_UNAVAILABLE", mConnInfo.getHost(), - "" + mConnInfo.getPort())); + throw new ELdapServerDownException( + CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", + mConnInfo.getHost(), "" + mConnInfo.getPort())); } } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAPCONN_FAILED_SERVER", - e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_CONNECT_TO_LDAP_SERVER_FAILED", - mConnInfo.getHost(), - "" + (Integer.valueOf(mConnInfo.getPort())), - e.toString())); + CMS.getLogMessage("CMSCORE_LDAPCONN_FAILED_SERVER", e.toString())); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_CONNECT_TO_LDAP_SERVER_FAILED", + mConnInfo.getHost(), "" + (Integer.valueOf(mConnInfo.getPort())), e.toString())); } } return conn; } - /** * makes the minumum number of connections */ private void makeMinimum() throws ELdapException { - if (mMasterConn == null || mMasterConn.isConnected() == false) + if (mMasterConn == null || mMasterConn.isConnected() == false) return; int increment; if (mNumConns < mMinConns && mTotal <= mMaxConns) { increment = Math.min(mMinConns - mNumConns, mMaxConns - mTotal); - CMS.debug("increasing minimum connections by " + increment); + CMS.debug( + "increasing minimum connections by " + increment); for (int i = increment - 1; i >= 0; i--) { - if (doCloning == true) { + if(doCloning == true) { mConns[i] = (BoundConnection) mMasterConn.clone(); - } else { + } + else { mConns[i] = (BoundConnection) makeNewConnection(true); } - + } mTotal += increment; mNumConns += increment; @@ -264,129 +262,132 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory { } /** - * gets a conenction from this factory. All connections obtained from the - * factory must be returned by returnConn() method. The best thing to do is - * to put returnConn in a finally clause so it always gets called. For - * example, - * + * gets a conenction from this factory. + * All connections obtained from the factory must be returned by + * returnConn() method. + * The best thing to do is to put returnConn in a finally clause so it + * always gets called. For example, * <pre> - * LDAPConnection c = null; - * try { - * c = factory.getConn(); - * myclass.do_something_with_c(c); - * } catch (ELdapException e) { - * handle_error_here(); - * } finally { - * factory.returnConn(c); - * } + * LDAPConnection c = null; + * try { + * c = factory.getConn(); + * myclass.do_something_with_c(c); + * } + * catch (ELdapException e) { + * handle_error_here(); + * } + * finally { + * factory.returnConn(c); + * } * </pre> */ - public LDAPConnection getConn() throws ELdapException { + public LDAPConnection getConn() + throws ELdapException { return getConn(true); } /** - * Returns a LDAP connection - a clone of the master connection. All - * connections should be returned to the factory using returnConn() to - * recycle connection objects. If not returned the limited max number is - * affected but if that number is large not much harm is done. Returns null - * if maximum number of connections reached. The best thing to do is to put - * returnConn in a finally clause so it always gets called. For example, - * + * Returns a LDAP connection - a clone of the master connection. + * All connections should be returned to the factory using returnConn() + * to recycle connection objects. + * If not returned the limited max number is affected but if that + * number is large not much harm is done. + * Returns null if maximum number of connections reached. + * The best thing to do is to put returnConn in a finally clause so it + * always gets called. For example, * <pre> - * LDAPConnection c = null; - * try { - * c = factory.getConn(); - * myclass.do_something_with_c(c); - * } catch (ELdapException e) { - * handle_error_here(); - * } finally { - * factory.returnConn(c); - * } + * LDAPConnection c = null; + * try { + * c = factory.getConn(); + * myclass.do_something_with_c(c); + * } + * catch (ELdapException e) { + * handle_error_here(); + * } + * finally { + * factory.returnConn(c); + * } * </pre> - */ - public synchronized LDAPConnection getConn(boolean waitForConn) - throws ELdapException { + */ + public synchronized LDAPConnection getConn(boolean waitForConn) + throws ELdapException { boolean waited = false; - CMS.debug("In LdapBoundConnFactory::getConn()"); - if (mMasterConn != null) + CMS.debug("In LdapBoundConnFactory::getConn()"); + if(mMasterConn != null) CMS.debug("masterConn is connected: " + mMasterConn.isConnected()); else CMS.debug("masterConn is null."); if (mMasterConn == null || !mMasterConn.isConnected()) { try { - makeConnection(true); - } catch (ELdapException e) { + makeConnection(true); + } catch (ELdapException e) { mMasterConn = null; - CMS.debug("Can't create master connection in LdapBoundConnFactory::getConn! " - + e.toString()); + CMS.debug("Can't create master connection in LdapBoundConnFactory::getConn! " + e.toString()); throw e; } } - if (mNumConns == 0) + if (mNumConns == 0) makeMinimum(); if (mNumConns == 0) { if (!waitForConn) return null; try { CMS.debug("getConn: out of ldap connections"); - log(ILogger.LL_WARN, - "Ran out of ldap connections available " - + "in ldap connection pool to " - + mConnInfo.getHost() - + ":" - + mConnInfo.getPort() - + ". " - + "This could be a temporary condition or an indication of " - + "something more serious that can cause the server to " - + "hang."); + log(ILogger.LL_WARN, + "Ran out of ldap connections available " + + "in ldap connection pool to " + + mConnInfo.getHost() + ":" + mConnInfo.getPort() + ". " + + "This could be a temporary condition or an indication of " + + "something more serious that can cause the server to " + + "hang."); waited = true; - while (mNumConns == 0) + while (mNumConns == 0) wait(); } catch (InterruptedException e) { } - } + } mNumConns--; LDAPConnection conn = mConns[mNumConns]; boolean isConnected = false; - if (conn != null) { + if(conn != null) { isConnected = conn.isConnected(); } CMS.debug("getConn: conn is connected " + isConnected); - // If masterConn is still alive, lets try to bring this one - // back to life + //If masterConn is still alive, lets try to bring this one + //back to life - if ((isConnected == false) && (mMasterConn != null) - && (mMasterConn.isConnected() == true)) { + if((isConnected == false) && (mMasterConn != null) + && (mMasterConn.isConnected() == true)) { CMS.debug("Attempt to bring back down connection."); - if (doCloning == true) { + if(doCloning == true) { mConns[mNumConns] = (BoundConnection) mMasterConn.clone(); - } else { + } + else { try { - mConns[mNumConns] = (BoundConnection) makeNewConnection(true); - } catch (ELdapException e) { - mConns[mNumConns] = null; + mConns[mNumConns] = (BoundConnection) makeNewConnection(true); } - } - conn = mConns[mNumConns]; + catch (ELdapException e) { + mConns[mNumConns] = null; + } + } + conn = mConns[mNumConns]; - CMS.debug("Re-animated connection: " + conn); - } + CMS.debug("Re-animated connection: " + conn); + } - mConns[mNumConns] = null; + mConns[mNumConns] = null; if (waited) { - log(ILogger.LL_WARN, - "Ldap connections are available again in ldap connection pool " - + "to " + mConnInfo.getHost() + ":" - + mConnInfo.getPort()); + log(ILogger.LL_WARN, + "Ldap connections are available again in ldap connection pool " + + "to " + mConnInfo.getHost() + ":" + mConnInfo.getPort()); } CMS.debug("getConn: mNumConns now " + mNumConns); @@ -394,20 +395,22 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory { } /** - * Teturn connection to the factory. This is mandatory after a getConn(). + * Teturn connection to the factory. + * This is mandatory after a getConn(). * The best thing to do is to put returnConn in a finally clause so it - * always gets called. For example, - * + * always gets called. For example, * <pre> - * LDAPConnection c = null; - * try { - * c = factory.getConn(); - * myclass.do_something_with_c(c); - * } catch (ELdapException e) { - * handle_error_here(); - * } finally { - * factory.returnConn(c); - * } + * LDAPConnection c = null; + * try { + * c = factory.getConn(); + * myclass.do_something_with_c(c); + * } + * catch (ELdapException e) { + * handle_error_here(); + * } + * finally { + * factory.returnConn(c); + * } * </pre> */ public synchronized void returnConn(LDAPConnection conn) { @@ -420,16 +423,17 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory { log(ILogger.LL_WARN, "returnConn: unknown connection."); /* swallow this exception but see who's doing it. */ - ELdapException e = new ELdapException( - CMS.getUserMessage("CMS_LDAP_UNKNOWN_RETURNED_CONN")); + ELdapException e = + new ELdapException(CMS.getUserMessage("CMS_LDAP_UNKNOWN_RETURNED_CONN")); } for (int i = 0; i < mNumConns; i++) { if (mConns[i] == conn) { - CMS.debug("returnConn: previously returned connection."); + CMS.debug( + "returnConn: previously returned connection."); - /* swallow this exception but see who's doing it */ - ELdapException e = new ELdapException( - CMS.getUserMessage("CMS_LDAP_BAD_RETURNED_CONN")); + /* swallow this exception but see who's doing it */ + ELdapException e = + new ELdapException(CMS.getUserMessage("CMS_LDAP_BAD_RETURNED_CONN")); } } mConns[mNumConns++] = boundconn; @@ -441,25 +445,25 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory { * handy routine for logging in this class. */ private void log(int level, String msg) { - mLogger.log( - ILogger.EV_SYSTEM, - ILogger.S_LDAP, - level, - "In Ldap (bound) connection pool to" + " host " - + mConnInfo.getHost() + " port " + mConnInfo.getPort() - + ", " + msg); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, + "In Ldap (bound) connection pool to" + + " host " + mConnInfo.getHost() + + " port " + mConnInfo.getPort() + ", " + msg); } - protected void finalize() throws Exception { + protected void finalize() + throws Exception { reset(); } /** - * used for disconnecting all connections and reset everything to 0 as if - * connections were never made. used just before a subsystem shutdown or - * process exit. useful only if no connections are outstanding. + * used for disconnecting all connections and reset everything to 0 + * as if connections were never made. used just before a subsystem + * shutdown or process exit. + * useful only if no connections are outstanding. */ - public synchronized void reset() throws ELdapException { + public synchronized void reset() + throws ELdapException { if (mNumConns == mTotal) { for (int i = 0; i < mNumConns; i++) { try { @@ -473,17 +477,18 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory { log(ILogger.LL_INFO, "disconnecting masterConn"); mMasterConn.disconnect(); } catch (LDAPException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAPCONN_CANNOT_RESET", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAPCONN_CANNOT_RESET", + e.toString())); } } mMasterConn = null; mTotal = 0; mNumConns = 0; } else { - CMS.debug("Cannot reset factory: connections not all returned"); - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_CANNOT_RESET_CONNFAC")); + CMS.debug( + "Cannot reset factory: connections not all returned"); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_CANNOT_RESET_CONNFAC")); } if (mAuthInfo != null) { @@ -492,7 +497,7 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory { } /** - * return ldap connection info + * return ldap connection info */ public LdapConnInfo getConnInfo() { return mConnInfo; @@ -515,16 +520,17 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory { private static final long serialVersionUID = 1353616391879078337L; public BoundConnection(LdapConnInfo connInfo, LdapAuthInfo authInfo) - throws LDAPException { + throws LDAPException { super(connInfo, authInfo); } - - public BoundConnection(String host, int port, int version, - LDAPSocketFactory fac, String bindDN, String bindPW) - throws LDAPException { + + public BoundConnection(String host, int port, int version, + LDAPSocketFactory fac, + String bindDN, String bindPW) + throws LDAPException { super(host, port, version, fac, bindDN, bindPW); } - + /** * used only to identify the factory from which this came. */ diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnection.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnection.java index bfc71f78f..82e0b3159 100644 --- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnection.java +++ b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnection.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.ldapconn; + import java.util.Properties; import netscape.ldap.LDAPConnection; @@ -28,11 +29,13 @@ import netscape.ldap.LDAPv2; import com.netscape.certsrv.apps.CMS; + /** - * A LDAP connection that is bound to a server host, port, secure type. and - * authentication. Makes a LDAP connection and authentication when instantiated. - * Cannot establish another LDAP connection or authentication after - * construction. LDAPConnection connect and authentication methods are + * A LDAP connection that is bound to a server host, port, secure type. + * and authentication. + * Makes a LDAP connection and authentication when instantiated. + * Cannot establish another LDAP connection or authentication after + * construction. LDAPConnection connect and authentication methods are * overridden to prevent this. */ public class LdapBoundConnection extends LDAPConnection { @@ -40,7 +43,7 @@ public class LdapBoundConnection extends LDAPConnection { * */ private static final long serialVersionUID = -2242077674357271559L; - // LDAPConnection calls authenticate so must set this for first + // LDAPConnection calls authenticate so must set this for first // authenticate call. private boolean mAuthenticated = false; @@ -48,27 +51,28 @@ public class LdapBoundConnection extends LDAPConnection { * Instantiates a connection to a ldap server, secure or non-secure * connection with Ldap basic bind dn & pw authentication. */ - public LdapBoundConnection(LdapConnInfo connInfo, LdapAuthInfo authInfo) - throws LDAPException { + public LdapBoundConnection( + LdapConnInfo connInfo, LdapAuthInfo authInfo) + throws LDAPException { // this LONG line to satisfy super being the first call. (yuk) super( - authInfo.getAuthType() == LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH ? new LdapJssSSLSocketFactory( - authInfo.getParms()[0]) - : (connInfo.getSecure() ? new LdapJssSSLSocketFactory() - : null)); - - // Set option to automatically follow referrals. - // Use the same credentials to follow referrals; this is the easiest - // thing to do without any complicated configuration using + authInfo.getAuthType() == LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH ? + new LdapJssSSLSocketFactory(authInfo.getParms()[0]) : + (connInfo.getSecure() ? new LdapJssSSLSocketFactory() : null)); + + // Set option to automatically follow referrals. + // Use the same credentials to follow referrals; this is the easiest + // thing to do without any complicated configuration using // different hosts. // If client auth is used don't have dn and pw to follow referrals. boolean followReferrals = connInfo.getFollowReferrals(); setOption(LDAPv2.REFERRALS, new Boolean(followReferrals)); - if (followReferrals - && authInfo.getAuthType() != LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH) { - LDAPRebind rebindInfo = new ARebindInfo(authInfo.getParms()[0], + if (followReferrals && + authInfo.getAuthType() != LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH) { + LDAPRebind rebindInfo = + new ARebindInfo(authInfo.getParms()[0], authInfo.getParms()[1]); setOption(LDAPv2.REFERRALS_REBIND_PROC, rebindInfo); @@ -77,19 +81,20 @@ public class LdapBoundConnection extends LDAPConnection { if (authInfo.getAuthType() == LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH) { // will be bound to client auth cert mapped entry. super.connect(connInfo.getHost(), connInfo.getPort()); - CMS.debug("Established LDAP connection with SSL client auth to " - + connInfo.getHost() + ":" + connInfo.getPort()); - } else { // basic auth + CMS.debug( + "Established LDAP connection with SSL client auth to " + + connInfo.getHost() + ":" + connInfo.getPort()); + } else { // basic auth String binddn = authInfo.getParms()[0]; String bindpw = authInfo.getParms()[1]; - super.connect(connInfo.getVersion(), connInfo.getHost(), - connInfo.getPort(), binddn, bindpw); - CMS.debug("Established LDAP connection using basic authentication to" - + " host " - + connInfo.getHost() - + " port " - + connInfo.getPort() + " as " + binddn); + super.connect(connInfo.getVersion(), + connInfo.getHost(), connInfo.getPort(), binddn, bindpw); + CMS.debug( + "Established LDAP connection using basic authentication to" + + " host " + connInfo.getHost() + + " port " + connInfo.getPort() + + " as " + binddn); } } @@ -97,23 +102,26 @@ public class LdapBoundConnection extends LDAPConnection { * Instantiates a connection to a ldap server, secure or non-secure * connection with Ldap basic bind dn & pw authentication. */ - public LdapBoundConnection(String host, int port, int version, - LDAPSocketFactory fac, String bindDN, String bindPW) - throws LDAPException { + public LdapBoundConnection(String host, int port, int version, + LDAPSocketFactory fac, + String bindDN, String bindPW) + throws LDAPException { super(fac); if (bindDN != null) { - super.connect(version, host, port, bindDN, bindPW); - CMS.debug("Established LDAP connection using basic authentication " - + " as " + bindDN + " to " + host + ":" + port); + super.connect(version, host, port, bindDN, bindPW); + CMS.debug( + "Established LDAP connection using basic authentication " + + " as " + bindDN + " to " + host + ":" + port); } else { if (fac == null && bindDN == null) { throw new IllegalArgumentException( "Ldap bound connection must have authentication info."); } // automatically authenticated if it's ssl client auth. - super.connect(version, host, port, null, null); - CMS.debug("Established LDAP connection using SSL client authentication " - + "to " + host + ":" + port); + super.connect(version, host, port, null, null); + CMS.debug( + "Established LDAP connection using SSL client authentication " + + "to " + host + ":" + port); } } @@ -121,11 +129,13 @@ public class LdapBoundConnection extends LDAPConnection { * Overrides same method in LDAPConnection to do prevent re-authentication. */ public void authenticate(int version, String dn, String pw) - throws LDAPException { + throws LDAPException { /** - * if (mAuthenticated) { throw new RuntimeException( - * "this LdapBoundConnection already authenticated: auth(v,dn,pw)"); } + if (mAuthenticated) { + throw new RuntimeException( + "this LdapBoundConnection already authenticated: auth(v,dn,pw)"); + } **/ super.authenticate(version, dn, pw); mAuthenticated = true; @@ -134,11 +144,14 @@ public class LdapBoundConnection extends LDAPConnection { /** * Overrides same method in LDAPConnection to do prevent re-authentication. */ - public void authenticate(String dn, String pw) throws LDAPException { + public void authenticate(String dn, String pw) + throws LDAPException { /** - * if (mAuthenticated) { throw new RuntimeException( - * "this LdapBoundConnection already authenticated: auth(dn,pw)"); } + if (mAuthenticated) { + throw new RuntimeException( + "this LdapBoundConnection already authenticated: auth(dn,pw)"); + } **/ super.authenticate(3, dn, pw); mAuthenticated = true; @@ -147,12 +160,15 @@ public class LdapBoundConnection extends LDAPConnection { /** * Overrides same method in LDAPConnection to do prevent re-authentication. */ - public void authenticate(String dn, String mech, String packageName, - Properties props, Object getter) throws LDAPException { + public void authenticate(String dn, String mech, String packageName, + Properties props, Object getter) + throws LDAPException { /** - * if (mAuthenticated) { throw new RuntimeException( - * "this LdapBoundConnection already authenticated: auth(mech)"); } + if (mAuthenticated) { + throw new RuntimeException( + "this LdapBoundConnection already authenticated: auth(mech)"); + } **/ super.authenticate(dn, mech, packageName, props, getter); mAuthenticated = true; @@ -161,12 +177,15 @@ public class LdapBoundConnection extends LDAPConnection { /** * Overrides same method in LDAPConnection to do prevent re-authentication. */ - public void authenticate(String dn, String mechs[], String packageName, - Properties props, Object getter) throws LDAPException { + public void authenticate(String dn, String mechs[], String packageName, + Properties props, Object getter) + throws LDAPException { /** - * if (mAuthenticated) { throw new RuntimeException( - * "this LdapBoundConnection is already authenticated: auth(mechs)"); } + if (mAuthenticated) { + throw new RuntimeException( + "this LdapBoundConnection is already authenticated: auth(mechs)"); + } **/ super.authenticate(dn, mechs, packageName, props, getter); mAuthenticated = true; @@ -183,13 +202,14 @@ public class LdapBoundConnection extends LDAPConnection { /** * overrides parent's connect to prevent re-connect. */ - public void connect(int version, String host, int port, String dn, String pw) - throws LDAPException { + public void connect(int version, String host, int port, + String dn, String pw) throws LDAPException { throw new RuntimeException( "this LdapBoundConnection is already connected: conn(version,h,p)"); } } + class ARebindInfo implements LDAPRebind { private LDAPRebindAuth mRebindAuthInfo = null; diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapConnInfo.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapConnInfo.java index 7486241ca..70361f87f 100644 --- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapConnInfo.java +++ b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapConnInfo.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.ldapconn; + import netscape.ldap.LDAPv2; import com.netscape.certsrv.apps.CMS; @@ -26,9 +27,10 @@ import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.ldap.ILdapConnInfo; + /** - * class for reading ldap connection from the config store. ldap connection - * info: host, port, secure connection + * class for reading ldap connection from the config store. + * ldap connection info: host, port, secure connection */ public class LdapConnInfo implements ILdapConnInfo { @@ -41,13 +43,13 @@ public class LdapConnInfo implements ILdapConnInfo { /** * default constructor. must be followed by init(IConfigStore) */ - public LdapConnInfo(IConfigStore config) throws EBaseException, - ELdapException { + public LdapConnInfo(IConfigStore config) throws EBaseException, ELdapException { init(config); } /** - * initializes an instance from a config store. required parms: host, port + * initializes an instance from a config store. + * required parms: host, port * optional parms: secure connection, authentication method & info. */ public void init(IConfigStore config) throws EBaseException, ELdapException { @@ -56,61 +58,60 @@ public class LdapConnInfo implements ILdapConnInfo { String version = (String) config.get(PROP_PROTOCOL); if (version != null && version.equals("")) { - // provide a default when this field is blank from the - // configuration. + // provide a default when this field is blank from the + // configuration. mVersion = LDAP_VERSION_3; } else { mVersion = config.getInteger(PROP_PROTOCOL, LDAP_VERSION_3); if (mVersion != LDAP_VERSION_2 && mVersion != LDAP_VERSION_3) { - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_INVALID_PROPERTY", PROP_PROTOCOL)); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY", PROP_PROTOCOL)); } } if (mHost == null || (mHost.length() == 0) || (mHost.trim().equals(""))) { - throw new EPropertyNotFound(CMS.getUserMessage( - "CMS_BASE_GET_PROPERTY_FAILED", PROP_HOST)); + throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", PROP_HOST)); } if (mPort <= 0) { - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_INVALID_PROPERTY", PROP_PORT)); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY", PROP_PORT)); } - mSecure = config.getBoolean(PROP_SECURE, false); - mFollowReferrals = config.getBoolean(PROP_FOLLOW_REFERRALS, true); + mSecure = config.getBoolean(PROP_SECURE, false); + mFollowReferrals = config.getBoolean(PROP_FOLLOW_REFERRALS, true); } public LdapConnInfo(String host, int port, boolean secure) { - mHost = host; - mPort = port; + mHost = host; + mPort = port; mSecure = secure; if (mHost == null || mPort <= 0) { - // XXX log something here + // XXX log something here throw new IllegalArgumentException("LDAP host or port is null"); } } public LdapConnInfo(String host, int port) { - mHost = host; - mPort = port; + mHost = host; + mPort = port; if (mHost == null || mPort <= 0) { - // XXX log something here + // XXX log something here throw new IllegalArgumentException("LDAP host or port is null"); } } - public String getHost() { - return mHost; + public String getHost() { + return mHost; } - public int getPort() { - return mPort; + public int getPort() { + return mPort; } - public int getVersion() { - return mVersion; + public int getVersion() { + return mVersion; } - public boolean getSecure() { - return mSecure; + public boolean getSecure() { + return mSecure; } public boolean getFollowReferrals() { diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapJssSSLSocketFactory.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapJssSSLSocketFactory.java index 6236f5b90..8aa59e304 100644 --- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapJssSSLSocketFactory.java +++ b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapJssSSLSocketFactory.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.ldapconn; + import java.io.IOException; import java.net.Socket; import java.net.UnknownHostException; @@ -31,9 +32,9 @@ import org.mozilla.jss.ssl.SSLSocket; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.logging.ILogger; + /** * Uses HCL ssl socket. - * * @author Lily Hsiao lhsiao@netscape.com */ public class LdapJssSSLSocketFactory implements LDAPSSLSocketFactoryExt { @@ -55,7 +56,7 @@ public class LdapJssSSLSocketFactory implements LDAPSSLSocketFactoryExt { s = new SSLSocket(host, port); s.setUseClientMode(true); s.enableSSL2(false); - // TODO Do we really want to set the default each time? + //TODO Do we really want to set the default each time? SSLSocket.enableSSL2Default(false); s.enableV2CompatibleHello(false); @@ -66,19 +67,19 @@ public class LdapJssSSLSocketFactory implements LDAPSSLSocketFactoryExt { if (mClientAuthCertNickname != null) { mClientAuth = true; - CMS.debug("LdapJssSSLSocket set client auth cert nickname" - + mClientAuthCertNickname); + CMS.debug( + "LdapJssSSLSocket set client auth cert nickname" + + mClientAuthCertNickname); s.setClientCertNickname(mClientAuthCertNickname); } s.forceHandshake(); } catch (UnknownHostException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAPCONN_UNKNOWN_HOST")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAPCONN_UNKNOWN_HOST")); throw new LDAPException( "Cannot Create JSS SSL Socket - Unknown host"); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAPCONN_IO_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAPCONN_IO_ERROR", e.toString())); throw new LDAPException("IO Error creating JSS SSL Socket"); } return s; @@ -101,9 +102,10 @@ public class LdapJssSSLSocketFactory implements LDAPSSLSocketFactoryExt { public ClientHandshakeCB(Object sc) { this.sc = sc; } - + public void handshakeCompleted(SSLHandshakeCompletedEvent event) { CMS.debug("SSL handshake happened"); } } } + |