From 621d9e5c413e561293d7484b93882d985b3fe15f Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Sat, 24 Mar 2012 02:27:47 -0500 Subject: Removed unnecessary pki folder. Previously the source code was located inside a pki folder. This folder was created during svn migration and is no longer needed. This folder has now been removed and the contents have been moved up one level. Ticket #131 --- .../netscape/certsrv/publish/ECompSyntaxErr.java | 46 +++ .../netscape/certsrv/publish/EMapperNotFound.java | 42 +++ .../certsrv/publish/EMapperPluginNotFound.java | 42 +++ .../certsrv/publish/EPublisherNotFound.java | 42 +++ .../certsrv/publish/EPublisherPluginNotFound.java | 42 +++ .../netscape/certsrv/publish/ERuleNotFound.java | 42 +++ .../certsrv/publish/ERulePluginNotFound.java | 42 +++ .../netscape/certsrv/publish/ICRLPublisher.java | 107 ++++++ .../netscape/certsrv/publish/ILdapCertMapper.java | 70 ++++ .../netscape/certsrv/publish/ILdapCrlMapper.java | 60 ++++ .../netscape/certsrv/publish/ILdapExpression.java | 69 ++++ .../com/netscape/certsrv/publish/ILdapMapper.java | 80 +++++ .../com/netscape/certsrv/publish/ILdapPlugin.java | 45 +++ .../netscape/certsrv/publish/ILdapPluginImpl.java | 53 +++ .../certsrv/publish/ILdapPublishModule.java | 43 +++ .../netscape/certsrv/publish/ILdapPublisher.java | 84 +++++ .../com/netscape/certsrv/publish/ILdapRule.java | 77 +++++ .../netscape/certsrv/publish/IPublishRuleSet.java | 122 +++++++ .../certsrv/publish/IPublisherProcessor.java | 360 +++++++++++++++++++++ .../certsrv/publish/IXcertPublisherProcessor.java | 38 +++ .../certsrv/publish/LdapCertMapResult.java | 56 ++++ .../com/netscape/certsrv/publish/MapperPlugin.java | 39 +++ .../com/netscape/certsrv/publish/MapperProxy.java | 62 ++++ .../netscape/certsrv/publish/PublisherPlugin.java | 40 +++ .../netscape/certsrv/publish/PublisherProxy.java | 60 ++++ .../com/netscape/certsrv/publish/RulePlugin.java | 40 +++ 26 files changed, 1803 insertions(+) create mode 100644 base/common/src/com/netscape/certsrv/publish/ECompSyntaxErr.java create mode 100644 base/common/src/com/netscape/certsrv/publish/EMapperNotFound.java create mode 100644 base/common/src/com/netscape/certsrv/publish/EMapperPluginNotFound.java create mode 100644 base/common/src/com/netscape/certsrv/publish/EPublisherNotFound.java create mode 100644 base/common/src/com/netscape/certsrv/publish/EPublisherPluginNotFound.java create mode 100644 base/common/src/com/netscape/certsrv/publish/ERuleNotFound.java create mode 100644 base/common/src/com/netscape/certsrv/publish/ERulePluginNotFound.java create mode 100644 base/common/src/com/netscape/certsrv/publish/ICRLPublisher.java create mode 100644 base/common/src/com/netscape/certsrv/publish/ILdapCertMapper.java create mode 100644 base/common/src/com/netscape/certsrv/publish/ILdapCrlMapper.java create mode 100644 base/common/src/com/netscape/certsrv/publish/ILdapExpression.java create mode 100644 base/common/src/com/netscape/certsrv/publish/ILdapMapper.java create mode 100644 base/common/src/com/netscape/certsrv/publish/ILdapPlugin.java create mode 100644 base/common/src/com/netscape/certsrv/publish/ILdapPluginImpl.java create mode 100644 base/common/src/com/netscape/certsrv/publish/ILdapPublishModule.java create mode 100644 base/common/src/com/netscape/certsrv/publish/ILdapPublisher.java create mode 100644 base/common/src/com/netscape/certsrv/publish/ILdapRule.java create mode 100644 base/common/src/com/netscape/certsrv/publish/IPublishRuleSet.java create mode 100644 base/common/src/com/netscape/certsrv/publish/IPublisherProcessor.java create mode 100644 base/common/src/com/netscape/certsrv/publish/IXcertPublisherProcessor.java create mode 100644 base/common/src/com/netscape/certsrv/publish/LdapCertMapResult.java create mode 100644 base/common/src/com/netscape/certsrv/publish/MapperPlugin.java create mode 100644 base/common/src/com/netscape/certsrv/publish/MapperProxy.java create mode 100644 base/common/src/com/netscape/certsrv/publish/PublisherPlugin.java create mode 100644 base/common/src/com/netscape/certsrv/publish/PublisherProxy.java create mode 100644 base/common/src/com/netscape/certsrv/publish/RulePlugin.java (limited to 'base/common/src/com/netscape/certsrv/publish') diff --git a/base/common/src/com/netscape/certsrv/publish/ECompSyntaxErr.java b/base/common/src/com/netscape/certsrv/publish/ECompSyntaxErr.java new file mode 100644 index 000000000..a3a109900 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/publish/ECompSyntaxErr.java @@ -0,0 +1,46 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + +import com.netscape.certsrv.ldap.ELdapException; + +/** + * This type of exception is thrown in cases where an parsing + * error is found while evaluating a PKI component. An example + * would be in trying to evaluate a PKI authentication message and + * the parsing operation fails due to a missing token. + * + * @version $Revision$ $Date$ + */ +public class ECompSyntaxErr extends ELdapException { + + /** + * + */ + private static final long serialVersionUID = -2224290038321971845L; + + /** + * Construct a ECompSyntaxErr + * + * @param errorString The descriptive error condition. + */ + + public ECompSyntaxErr(String errorString) { + super(errorString); + } +} diff --git a/base/common/src/com/netscape/certsrv/publish/EMapperNotFound.java b/base/common/src/com/netscape/certsrv/publish/EMapperNotFound.java new file mode 100644 index 000000000..fdf4a1b9f --- /dev/null +++ b/base/common/src/com/netscape/certsrv/publish/EMapperNotFound.java @@ -0,0 +1,42 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + +import com.netscape.certsrv.ldap.ELdapException; + +/** + * Exception for Publish Mapper not found. + * + * @version $Revision$ $Date$ + */ +public class EMapperNotFound extends ELdapException { + + /** + * + */ + private static final long serialVersionUID = -2222814261042222152L; + + /** + * Constructs a exception for a missing required mapper + * + * @param errorString Detailed error message. + */ + public EMapperNotFound(String errorString) { + super(errorString); + } +} diff --git a/base/common/src/com/netscape/certsrv/publish/EMapperPluginNotFound.java b/base/common/src/com/netscape/certsrv/publish/EMapperPluginNotFound.java new file mode 100644 index 000000000..f8f18c5ff --- /dev/null +++ b/base/common/src/com/netscape/certsrv/publish/EMapperPluginNotFound.java @@ -0,0 +1,42 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + +import com.netscape.certsrv.ldap.ELdapException; + +/** + * Exception for Mapper Plugin not found. + * + * @version $Revision$ $Date$ + */ +public class EMapperPluginNotFound extends ELdapException { + + /** + * + */ + private static final long serialVersionUID = 3564854656103487939L; + + /** + * Constructs a exception for a missing mapper plugin + * + * @param errorString Detailed error message. + */ + public EMapperPluginNotFound(String errorString) { + super(errorString); + } +} diff --git a/base/common/src/com/netscape/certsrv/publish/EPublisherNotFound.java b/base/common/src/com/netscape/certsrv/publish/EPublisherNotFound.java new file mode 100644 index 000000000..176001e99 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/publish/EPublisherNotFound.java @@ -0,0 +1,42 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + +import com.netscape.certsrv.ldap.ELdapException; + +/** + * Exception for Publisher not found. Required for successful publishing. + * + * @version $Revision$ $Date$ + */ +public class EPublisherNotFound extends ELdapException { + + /** + * + */ + private static final long serialVersionUID = 6159885167931517580L; + + /** + * Constructs a exception for a missing required publisher. + * + * @param errorString Detailed error message. + */ + public EPublisherNotFound(String errorString) { + super(errorString); + } +} diff --git a/base/common/src/com/netscape/certsrv/publish/EPublisherPluginNotFound.java b/base/common/src/com/netscape/certsrv/publish/EPublisherPluginNotFound.java new file mode 100644 index 000000000..56076863a --- /dev/null +++ b/base/common/src/com/netscape/certsrv/publish/EPublisherPluginNotFound.java @@ -0,0 +1,42 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + +import com.netscape.certsrv.ldap.ELdapException; + +/** + * Exception for Publisher Plugin not found. Plugin implementation is required to actually publish. + * + * @version $Revision$ $Date$ + */ +public class EPublisherPluginNotFound extends ELdapException { + + /** + * + */ + private static final long serialVersionUID = -8626436244270286308L; + + /** + * Constructs a exception for a missing publisher plugin. + * + * @param errorString Detailed error message. + */ + public EPublisherPluginNotFound(String errorString) { + super(errorString); + } +} diff --git a/base/common/src/com/netscape/certsrv/publish/ERuleNotFound.java b/base/common/src/com/netscape/certsrv/publish/ERuleNotFound.java new file mode 100644 index 000000000..01c9897eb --- /dev/null +++ b/base/common/src/com/netscape/certsrv/publish/ERuleNotFound.java @@ -0,0 +1,42 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + +import com.netscape.certsrv.ldap.ELdapException; + +/** + * Exception for Ldap Publishing Rule not found. + * + * @version $Revision$ $Date$ + */ +public class ERuleNotFound extends ELdapException { + + /** + * + */ + private static final long serialVersionUID = 8442034769483263745L; + + /** + * Constructs a exception for a missing required rule, which links a publisher and mapper. + * + * @param errorString Detailed error message. + */ + public ERuleNotFound(String errorString) { + super(errorString); + } +} diff --git a/base/common/src/com/netscape/certsrv/publish/ERulePluginNotFound.java b/base/common/src/com/netscape/certsrv/publish/ERulePluginNotFound.java new file mode 100644 index 000000000..f619e7f4a --- /dev/null +++ b/base/common/src/com/netscape/certsrv/publish/ERulePluginNotFound.java @@ -0,0 +1,42 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + +import com.netscape.certsrv.ldap.ELdapException; + +/** + * Exception for Publisher Rule plugin not found. Plugin required to implement Ldap Rule. + * + * @version $Revision$ $Date$ + */ +public class ERulePluginNotFound extends ELdapException { + + /** + * + */ + private static final long serialVersionUID = 4056965992924762809L; + + /** + * Constructs a exception for a missing rule plugin. + * + * @param errorString Detailed error message. + */ + public ERulePluginNotFound(String errorString) { + super(errorString); + } +} diff --git a/base/common/src/com/netscape/certsrv/publish/ICRLPublisher.java b/base/common/src/com/netscape/certsrv/publish/ICRLPublisher.java new file mode 100644 index 000000000..cd5763cdb --- /dev/null +++ b/base/common/src/com/netscape/certsrv/publish/ICRLPublisher.java @@ -0,0 +1,107 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + +import netscape.security.x509.X509CRLImpl; + +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.base.ISubsystem; + +/** + * This interface represents a CRL publisher that is + * invoked when CRL publishing is requested by CMS. + * Note that CMS, by default, shipped with a LDAP-based + * CRL publisher that can be configured via + * Certificiate Manager/LDAP Publishing panel. This + * interface provides administrator additional capability + * of publishing CRL to different destinations. + * + * The CRL publishing frequency is configured via + * Netscape Certificate Server Console's + * Certificate Manager/Revocation List panel. + * The CRL publishing may occur either everytime a + * certificate is revoked or at a pre-defined interval. + * + * To try out this new CRL publisher mechanism, do + * the following: + * (1) Write a sample CRL publisher class that implements + * ICRLPublisher interface. For example, + * + * + * public class CRLPublisher implements ICRLPublisher + * { + * public void init(ISubsystem owner, IConfigStore config) + * throws EBaseException + * { + * log(ILogger.LL_DEBUG, "CRLPublisher: Initialized"); + * } + * + * public void publish(String issuingPointId, X509CRLImpl crl) + * throws EBaseException + * { + * log(ILogger.LL_DEBUG, "CRLPublisher: " + issuingPointId + + * " crl=" + crl); + * } + * + * public void log(int level, String msg) + * { + * Logger.getLogger().log(ILogger.EV_SYSTEM, + * null, ILogger.S_OTHER, level, + * msg); + * } + * } + * + * + * (2) Compile the class and place the class into + * \bin\cert\classes directory. + * (3) Add the following parameter to CMS.cfg + * ca.crlPublisher.class= + * For example, + * ca.crlPublisher.class=myCRLPublisher + * + * @version $Revision$, $Date$ + */ +public interface ICRLPublisher { + + /** + * Initializes this CRL publisher. + * + * @param owner parent of the publisher. An object of type + * CertificateAuthority. + * @param config config store for this publisher. If this + * publisher requires configuration parameters for + * initialization, the parameters should be placed + * in CMS.cfg as ca.crlPublisher.= + * @exception EBaseException failed to initialize this publisher + */ + public void init(ISubsystem owner, IConfigStore config) + throws EBaseException; + + /** + * Publishes CRL. This method is invoked by CMS based + * on the configured CRL publishing frequency. + * + * @param issuingPointId CRL issuing point identifier + * (i.e. MasterCRL) + * @param crl CRL that is publishing + * @exception EBaseException failed to publish + */ + public void publish(String issuingPointId, X509CRLImpl crl) + throws EBaseException; +} diff --git a/base/common/src/com/netscape/certsrv/publish/ILdapCertMapper.java b/base/common/src/com/netscape/certsrv/publish/ILdapCertMapper.java new file mode 100644 index 000000000..3acaeb580 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/publish/ILdapCertMapper.java @@ -0,0 +1,70 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + +import java.security.cert.X509Certificate; +import java.util.Vector; + +import netscape.ldap.LDAPConnection; + +import com.netscape.certsrv.ldap.ELdapException; + +/** + * Interface for mapping a X509 certificate to a LDAP entry. + * + * @version $Revision$ $Date$ + */ +public interface ILdapCertMapper extends ILdapPlugin { + + /** + * Returns implementation name. + */ + public String getImplName(); + + /** + * Returns the description of this mapper. + */ + public String getDescription(); + + /** + * Returns the default parameters. + */ + public Vector getDefaultParams(); + + /** + * Returns the instance parameters. + */ + public Vector getInstanceParams(); + + /** + * maps a certificate to a LDAP entry. + * returns dn of the mapped LDAP entry. + * + * @param conn the LDAP connection + * @param cert the certificate to map + * @param checkForCert whether to check for the presence of the cert + * @exception ELdapException Failed to map. + * @return LdapCertMapResult indicates whether a mapping was successful + * and whether a certificate was found if checkForCert was true. + * If checkForCert was not set the hasCert method in LdapCertMapResult + * should be ignored. + */ + public LdapCertMapResult map(LDAPConnection conn, + X509Certificate cert, boolean checkForCert) + throws ELdapException; +} diff --git a/base/common/src/com/netscape/certsrv/publish/ILdapCrlMapper.java b/base/common/src/com/netscape/certsrv/publish/ILdapCrlMapper.java new file mode 100644 index 000000000..252a09ec3 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/publish/ILdapCrlMapper.java @@ -0,0 +1,60 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + +import netscape.ldap.LDAPConnection; +import netscape.security.x509.X509CRLImpl; + +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.ldap.ELdapException; + +/** + * Interface for mapping a CRL to a LDAP entry. + * + * @version $Revision$ $Date$ + */ +public interface ILdapCrlMapper { + + /** + * maps a crl to a LDAP entry. + * returns dn of the mapped LDAP entry. + * + * @param conn the LDAP connection + * @param crl the CRL to map + * @param checkForCrl whether to check for the presence of the CRL + * @exception ELdapException Failed to map CRL to entry. + * @return LdapCertMapResult indicates whether a mapping was successful + * and whether a certificate was found if checkForCert was true. + * If checkForCert was not set the hasCert method in LdapCertMapResult + * should be ignored. + */ + public LdapCertMapResult + map(LDAPConnection conn, X509CRLImpl crl, boolean checkForCrl) + throws ELdapException; + + /** + * initialize from config store. + * + * @param config the configuration store to initialize from. + * @exception ELdapException Initialization failed due to Ldap error. + * @exception EBaseException Initialization failed. + */ + public void init(IConfigStore config) + throws ELdapException, EBaseException; +} diff --git a/base/common/src/com/netscape/certsrv/publish/ILdapExpression.java b/base/common/src/com/netscape/certsrv/publish/ILdapExpression.java new file mode 100644 index 000000000..4537636c1 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/publish/ILdapExpression.java @@ -0,0 +1,69 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + +import com.netscape.certsrv.base.SessionContext; +import com.netscape.certsrv.ldap.ELdapException; +import com.netscape.certsrv.request.IRequest; + +/** + * Interface for a Ldap predicate expression. + * + * @version $Revision$, $Date$ + */ +public interface ILdapExpression { + public static final int OP_EQUAL = 1; + public static final int OP_NEQUAL = 2; + public static final int OP_GT = 3; + public static final int OP_LT = 4; + public static final int OP_GE = 5; + public static final int OP_LE = 6; + public static final String EQUAL_STR = "=="; + public static final String NEQUAL_STR = "!="; + public static final String GT_STR = ">"; + public static final String GE_STR = ">="; + public static final String LT_STR = "<"; + public static final String LE_STR = "<="; + + /** + * Evaluate the Expression. + * + * @param sc The SessionContext on which we are applying the condition. + * @return The return value. + * @exception ELdapExeption Failed to evaluate expression. + */ + boolean evaluate(SessionContext sc) + throws ELdapException; + + /** + * Evaluate the Expression. + * + * @param req The PKIRequest on which we are applying the condition. + * @return The return value. + * @exception ELdapExeption Failed to evaluate expression. + */ + boolean evaluate(IRequest req) + throws ELdapException; + + /** + * Convert to a string. + * + * @return String representation of expression. + */ + public String toString(); +} diff --git a/base/common/src/com/netscape/certsrv/publish/ILdapMapper.java b/base/common/src/com/netscape/certsrv/publish/ILdapMapper.java new file mode 100644 index 000000000..09238421f --- /dev/null +++ b/base/common/src/com/netscape/certsrv/publish/ILdapMapper.java @@ -0,0 +1,80 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + +import java.util.Vector; + +import netscape.ldap.LDAPConnection; + +import com.netscape.certsrv.ldap.ELdapException; +import com.netscape.certsrv.request.IRequest; + +/** + * Interface for mapping a X509 certificate to a LDAP entry. + * + * @version $Revision$ $Date$ + */ +public interface ILdapMapper extends ILdapPlugin { + + /** + * Returns implementation name. + */ + public String getImplName(); + + /** + * Returns the description of this mapper. + */ + public String getDescription(); + + /** + * Returns the initial default parameters. + */ + public Vector getDefaultParams(); + + /** + * Returns the current instance parameters. + */ + public Vector getInstanceParams(); + + /** + * maps a certificate to a LDAP entry. + * returns dn of the mapped LDAP entry. + * + * @param conn the LDAP connection + * @param obj the object to map + * @return dn indicates whether a mapping was successful + * @exception ELdapException Map operation failed. + */ + public String + map(LDAPConnection conn, Object obj) + throws ELdapException; + + /** + * maps a certificate to a LDAP entry. + * returns dn of the mapped LDAP entry. + * + * @param conn the LDAP connection + * @param r the request to map + * @param obj the object to map + * @return dn indicates whether a mapping was successful + * @exception ELdapException Map operation failed. + */ + public String + map(LDAPConnection conn, IRequest r, Object obj) + throws ELdapException; +} diff --git a/base/common/src/com/netscape/certsrv/publish/ILdapPlugin.java b/base/common/src/com/netscape/certsrv/publish/ILdapPlugin.java new file mode 100644 index 000000000..b0a9fe73b --- /dev/null +++ b/base/common/src/com/netscape/certsrv/publish/ILdapPlugin.java @@ -0,0 +1,45 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.ldap.ELdapException; + +/** + * Interface for any Ldap plugin. + * + * @version $Revision$ $Date$ + */ +public interface ILdapPlugin { + + /** + * Initialize from config store. + * + * @param config the configuration store to initialize from. + * @exception ELdapException initialization failed due to Ldap error. + * @exception EBaseException initialization failed. + */ + public void init(IConfigStore config) + throws EBaseException, ELdapException; + + /** + * Return config store. + */ + public IConfigStore getConfigStore(); +} diff --git a/base/common/src/com/netscape/certsrv/publish/ILdapPluginImpl.java b/base/common/src/com/netscape/certsrv/publish/ILdapPluginImpl.java new file mode 100644 index 000000000..db52a9106 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/publish/ILdapPluginImpl.java @@ -0,0 +1,53 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.base.IPluginImpl; +import com.netscape.certsrv.base.ISubsystem; +import com.netscape.certsrv.ldap.ELdapException; + +/** + * Interface for any ldap plugin. Plugin implementation is defined here. + * + * @version $Revision$ $Date$ + */ +public interface ILdapPluginImpl extends IPluginImpl { + + /** + * initialize from config store. + * + * @param config the configuration store to initialize from. + * @exception ELdapException initializtion failed due to Ldap error. + * @exception EBaseException initialization failed. + */ + public void init(ISubsystem sys, IConfigStore config) + throws EBaseException, ELdapException; + + /** + * initialize from config store and Isubsystem. + * + * @param config the configuration store to initialize from. + * @exception ELdapException initializtion failed due to Ldap error. + * @exception EBaseException initialization failed. + */ + public void init(IConfigStore config) + throws EBaseException, ELdapException; + +} diff --git a/base/common/src/com/netscape/certsrv/publish/ILdapPublishModule.java b/base/common/src/com/netscape/certsrv/publish/ILdapPublishModule.java new file mode 100644 index 000000000..81e5be952 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/publish/ILdapPublishModule.java @@ -0,0 +1,43 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + +import com.netscape.certsrv.request.IRequest; +import com.netscape.certsrv.request.IRequestListener; + +/** + * Handles requests to perform Ldap publishing. + * + * @version $Revision$ $Date$ + */ +public interface ILdapPublishModule extends IRequestListener { + + /** + * initialize ldap publishing module with config store + */ + // public void init(ICertAuthority owner, IConfigStore config) + // throws EBaseException, ELdapException; + + /** + * Accepts completed requests from an authority and + * performs ldap publishing. + * + * @param request The publishing request. + */ + public void accept(IRequest request); +} diff --git a/base/common/src/com/netscape/certsrv/publish/ILdapPublisher.java b/base/common/src/com/netscape/certsrv/publish/ILdapPublisher.java new file mode 100644 index 000000000..398d86453 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/publish/ILdapPublisher.java @@ -0,0 +1,84 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + +import java.util.Vector; + +import netscape.ldap.LDAPConnection; + +import com.netscape.certsrv.ldap.ELdapException; + +/** + * Interface for publishing certificate or crl to database store. + * + * @version $Revision$ $Date$ + */ +public interface ILdapPublisher extends ILdapPlugin { + public static final String PROP_PREDICATE = "predicate"; + public static final String PROP_ENABLE = "enable"; + public static final String PROP_IMPLNAME = "implName"; + + /** + * Returns the implementation name. + */ + public String getImplName(); + + /** + * Returns the description of the publisher. + */ + public String getDescription(); + + /** + * Returns the current instance parameters. + */ + public Vector getInstanceParams(); + + /** + * Returns the initial default parameters. + */ + public Vector getDefaultParams(); + + /** + * Publish an object. + * + * @param conn a Ldap connection + * (null for non-LDAP publishing) + * @param dn dn of the ldap entry to publish cert + * (null for non-LDAP publishing) + * @param object object to publish + * (java.security.cert.X509Certificate or, + * java.security.cert.X509CRL) + * @exception ELdapException publish failed. + */ + public void publish(LDAPConnection conn, String dn, Object object) + throws ELdapException; + + /** + * Unpublish an object. + * + * @param conn the Ldap connection + * (null for non-LDAP publishing) + * @param dn dn of the ldap entry to unpublish cert + * (null for non-LDAP publishing) + * @param object object to unpublish + * (java.security.cert.X509Certificate) + * @exception ELdapException unpublish failed. + */ + public void unpublish(LDAPConnection conn, String dn, Object object) + throws ELdapException; +} diff --git a/base/common/src/com/netscape/certsrv/publish/ILdapRule.java b/base/common/src/com/netscape/certsrv/publish/ILdapRule.java new file mode 100644 index 000000000..7bf19b070 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/publish/ILdapRule.java @@ -0,0 +1,77 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + +import java.util.Vector; + +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.IConfigStore; + +/** + * Interface for publishing rule which associates a Publisher with a Mapper. + * + * @version $Revision$ $Date$ + */ +public interface ILdapRule extends ILdapPlugin { + public static final String PROP_PREDICATE = "predicate"; + public static final String PROP_ENABLE = "enable"; + public static final String PROP_IMPLNAME = "implName"; + + /** + * Initialize the plugin. + * + * @exception EBaseException Initialization failed. + */ + public void init(IPublisherProcessor processor, IConfigStore + config) throws EBaseException; + + /** + * Returns the implementation name. + */ + public String getImplName(); + + /** + * Returns the description of the ldap publisher. + */ + public String getDescription(); + + /** + * Sets the instance name. + */ + public void setInstanceName(String name); + + /** + * Returns the instance name. + */ + public String getInstanceName(); + + /** + * Returns the current instance parameters. + */ + public Vector getInstanceParams(); + + /** + * Returns the initial default parameters. + */ + public Vector getDefaultParams(); + + /** + * Returns true if the rule is enabled, false if it's disabled. + */ + public boolean enabled(); +} diff --git a/base/common/src/com/netscape/certsrv/publish/IPublishRuleSet.java b/base/common/src/com/netscape/certsrv/publish/IPublishRuleSet.java new file mode 100644 index 000000000..911d4e132 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/publish/IPublishRuleSet.java @@ -0,0 +1,122 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + +import java.util.Enumeration; + +import netscape.ldap.LDAPConnection; + +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.base.ISubsystem; +import com.netscape.certsrv.ldap.ELdapException; +import com.netscape.certsrv.request.IRequest; + +/** + * Represents a set of publishing rules. Publishing rules are ordered from + * lowest priority to highest priority. The priority assignment for publishing + * rules is not enforced by this interface. Various implementation may + * use different mechanisms such as a linear ordering of publishing rules + * in a configuration file or explicit assignment of priority levels ..etc. + * The publishing rule initialization needs to deal with reading the + * publishing rules, sorting them in increasing order of priority and + * presenting an ordered vector of publishing rules via the IPublishRuleSet + * interface. + * When a request comes, the predicates of the publishing rules will be + * checked in the order to find the first matched publishing rule as the + * mapping rule to (un)publish the object. + *

+ * + * @version $Revision$, $Date$ + */ +public interface IPublishRuleSet { + void init(ISubsystem sys, IConfigStore conf) throws EBaseException; + + /** + * Returns the name of the publishing rule set. + *

+ * + * @return The name of the publishing rule set. + */ + String getName(); + + /** + * Returns the no of publishing rules in a set. + *

+ * + * @return the no of publishing rules. + */ + int count(); + + /** + * Add a publishing rule + *

+ * + * @param aliasName The name of the publishing rule to be added. + * @param rule rule The publishing rule to be added. + */ + void addRule(String aliasName, ILdapRule rule); + + /** + * Removes a publishing rule identified by the given name. + * + * @param ruleName The name of the publishing rule to be removed. + */ + void removeRule(String ruleName); + + /** + * Get the publishing rule identified by a given name. + *

+ * + * @param ruleName The name of the publishing rule to be return. + * @return The publishing rule identified by the given name or null if none exists. + */ + ILdapRule getRule(String ruleName); + + /** + * Get the publishing rule identified by a corresponding request. + *

+ * + * @param req The request from which rule will be identified. + * @return The publishing rule or null if none exists. + */ + ILdapRule getRule(IRequest req); + + /** + * Get an enumeration of publishing rules. + *

+ * + * @return An enumeration of publishing rules. + */ + Enumeration getRules(); + + /** + * Apply publishing rules on a request. + * The predicates of the publishing rules will be checked in the order + * to find the first matched publishing rule. + * Use the mapper to find the dn of the LDAP entry and use the publisher + * to publish the object in the request. + *

+ * + * @param conn The Ldap connection + * @param req The request to apply policies on. + * @exception ELdapException publish failed due to Ldap error. + */ + public void publish(LDAPConnection conn, IRequest req) + throws ELdapException; +} diff --git a/base/common/src/com/netscape/certsrv/publish/IPublisherProcessor.java b/base/common/src/com/netscape/certsrv/publish/IPublisherProcessor.java new file mode 100644 index 000000000..3ed985403 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/publish/IPublisherProcessor.java @@ -0,0 +1,360 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + +import java.math.BigInteger; +import java.security.cert.X509CRL; +import java.security.cert.X509Certificate; +import java.util.Enumeration; +import java.util.Hashtable; +import java.util.Vector; + +import netscape.security.x509.X509CRLImpl; + +import com.netscape.certsrv.base.ISubsystem; +import com.netscape.certsrv.ldap.ELdapException; +import com.netscape.certsrv.ldap.ILdapConnModule; +import com.netscape.certsrv.request.IRequest; + +/** + * Controls the publishing process from the top level. Maintains + * a collection of Publishers , Mappers, and Publish Rules. + * + * @version $Revision$ $Date$ + */ + +public interface IPublisherProcessor extends ISubsystem { + + public final static String PROP_PUBLISH_SUBSTORE = "publish"; + public final static String PROP_LDAP_PUBLISH_SUBSTORE = "ldappublish"; + public final static String PROP_QUEUE_PUBLISH_SUBSTORE = "queue"; + + public static final String PROP_LOCAL_CA = "cacert"; + public static final String PROP_LOCAL_CRL = "crl"; + public static final String PROP_CERTS = "certs"; + public static final String PROP_XCERT = "xcert"; + + public static final String PROP_CLASS = "class"; + public static final String PROP_IMPL = "impl"; + public static final String PROP_PLUGIN = "pluginName"; + public static final String PROP_INSTANCE = "instance"; + + public static final String PROP_PREDICATE = "predicate"; + public static final String PROP_ENABLE = "enable"; + public static final String PROP_LDAP = "ldap"; + public static final String PROP_MAPPER = "mapper"; + public static final String PROP_PUBLISHER = "publisher"; + public static final String PROP_TYPE = "type"; + + /** + * + * Returns Hashtable of rule plugins. + */ + + public Hashtable getRulePlugins(); + + /** + * + * Returns Hashtable of rule instances. + */ + + public Hashtable getRuleInsts(); + + /** + * + * Returns Hashtable of mapper plugins. + */ + + public Hashtable getMapperPlugins(); + + /** + * + * Returns Hashtable of publisher plugins. + */ + public Hashtable getPublisherPlugins(); + + /** + * + * Returns Hashtable of rule mapper instances. + */ + public Hashtable getMapperInsts(); + + /** + * + * Returns Hashtable of rule publisher instances. + */ + public Hashtable getPublisherInsts(); + + /** + * + * Returns list of rules based on publishing type. + * + * @param publishingType Type for which to retrieve rule list. + */ + + public Enumeration getRules(String publishingType); + + /** + * + * Returns list of rules based on publishing type and publishing request. + * + * @param publishingType Type for which to retrieve rule list. + * @param req Corresponding publish request. + */ + public Enumeration getRules(String publishingType, IRequest req); + + /** + * + * Returns mapper initial default parameters. + * + * @param implName name of MapperPlugin. + */ + + public Vector getMapperDefaultParams(String implName) throws + ELdapException; + + /** + * + * Returns mapper current instance parameters. + * + * @param insName name of MapperProxy. + * @exception ELdapException failed due to Ldap error. + */ + + public Vector getMapperInstanceParams(String insName) throws + ELdapException; + + /** + * + * Returns publisher initial default parameters. + * + * @param implName name of PublisherPlugin. + * @exception ELdapException failed due to Ldap error. + */ + public Vector getPublisherDefaultParams(String implName) throws + ELdapException; + + /** + * + * Returns true if MapperInstance is enabled. + * + * @param insName name of MapperProxy. + * @return true if enabled. false if disabled. + */ + + public boolean isMapperInstanceEnable(String insName); + + /** + * + * Returns ILdapMapper instance that is currently active. + * + * @param insName name of MapperProxy. + * @return instance of ILdapMapper. + */ + public ILdapMapper getActiveMapperInstance(String insName); + + /** + * + * Returns ILdapMapper instance based on name of MapperProxy. + * + * @param insName name of MapperProxy. + * @return instance of ILdapMapper. + */ + public ILdapMapper getMapperInstance(String insName); + + /** + * + * Returns true publisher instance is currently enabled. + * + * @param insName name of PublisherProxy. + * @return true if enabled. + */ + public boolean isPublisherInstanceEnable(String insName); + + /** + * + * Returns ILdapPublisher instance that is currently active. + * + * @param insName name of PublisherProxy. + * @return instance of ILdapPublisher. + */ + public ILdapPublisher getActivePublisherInstance(String insName); + + /** + * + * Returns ILdapPublisher instance. + * + * @param insName name of PublisherProxy. + * @return instance of ILdapPublisher. + */ + public ILdapPublisher getPublisherInstance(String insName); + + /** + * + * Returns Vector of PublisherIntance's current instance parameters. + * + * @param insName name of PublisherProxy. + * @return Vector of current instance parameters. + */ + public Vector getPublisherInstanceParams(String insName) throws + ELdapException; + + /** + * + * Returns Vector of RulePlugin's initial default parameters. + * + * @param implName name of RulePlugin. + * @return Vector of initial default parameters. + * @exception ELdapException failed due to Ldap error. + */ + public Vector getRuleDefaultParams(String implName) throws + ELdapException; + + /** + * + * Returns Vector of RulePlugin's current instance parameters. + * + * @param implName name of RulePlugin. + * @return Vector of current instance parameters. + * @exception ELdapException failed due to Ldap error. + */ + public Vector getRuleInstanceParams(String implName) throws + ELdapException; + + /** + * Set published flag - true when published, false when unpublished. + * Not exist means not published. + * + * @param serialNo serial number of publishable object. + * @param published true for published, false for not. + */ + public void setPublishedFlag(BigInteger serialNo, boolean published); + + /** + * Publish ca cert, UpdateDir.java, jobs, request listeners + * + * @param cert X509 certificate to be published. + * @exception ELdapException publish failed due to Ldap error. + */ + public void publishCACert(X509Certificate cert) + throws ELdapException; + + /** + * This function is never called. CMS does not unpublish + * CA certificate. + */ + public void unpublishCACert(X509Certificate cert) + throws ELdapException; + + /** + * Publishs regular user certificate based on the criteria + * set in the request. + * + * @param cert X509 certificate to be published. + * @param req request which provides the criteria + * @exception ELdapException publish failed due to Ldap error. + */ + public void publishCert(X509Certificate cert, IRequest req) + throws ELdapException; + + /** + * Unpublish user certificate. This is used by + * UnpublishExpiredJob. + * + * @param cert X509 certificate to be unpublished. + * @param req request which provides the criteria + * @exception ELdapException unpublish failed due to Ldap error. + */ + public void unpublishCert(X509Certificate cert, IRequest req) + throws ELdapException; + + /** + * publishes a crl by mapping the issuer name in the crl to an entry + * and publishing it there. entry must be a certificate authority. + * Note that this is used by cmsgateway/cert/UpdateDir.java + * + * @param crl Certificate Revocation List + * @param crlIssuingPointId name of the issuing point. + * @exception ELdapException publish failed due to Ldap error. + */ + public void publishCRL(X509CRLImpl crl, String crlIssuingPointId) + throws ELdapException; + + /** + * publishes a crl by mapping the issuer name in the crl to an entry + * and publishing it there. entry must be a certificate authority. + * + * @param dn Distinguished name to publish. + * @param crl Certificate Revocation List + * @exception ELdapException publish failed due to Ldap error. + */ + public void publishCRL(String dn, X509CRL crl) + throws ELdapException; + + /** + * + * Return true if Ldap is enabled. + * + * @return true if Ldap is enabled,otherwise false. + */ + + public boolean ldapEnabled(); + + /** + * + * Return true of PublisherProcessor is enabled. + * + * @return true if is enabled, otherwise false. + * + */ + public boolean enabled(); + + /** + * + * Return Authority for which this Processor operates. + * + * @return Authority. + */ + + public ISubsystem getAuthority(); + + /** + * + * Perform logging function for this Processor. + * + * @param level Log level to be used for this message + * @param msg Message to be logged. + */ + + public void log(int level, String msg); + + /** + * + * Returns LdapConnModule belonging to this Processor. + * + * @return LdapConnModule. + */ + public ILdapConnModule getLdapConnModule(); + + /** + * Sets the LdapConnModule belonging to this Processor. + * + * @param m ILdapConnModule. + */ + public void setLdapConnModule(ILdapConnModule m); +} diff --git a/base/common/src/com/netscape/certsrv/publish/IXcertPublisherProcessor.java b/base/common/src/com/netscape/certsrv/publish/IXcertPublisherProcessor.java new file mode 100644 index 000000000..b70a0626d --- /dev/null +++ b/base/common/src/com/netscape/certsrv/publish/IXcertPublisherProcessor.java @@ -0,0 +1,38 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + +import com.netscape.certsrv.ldap.ELdapException; + +/** + * Interface for a publisher that has the capability of publishing + * cross certs + * + * @version $Revision$, $Date$ + */ +public interface IXcertPublisherProcessor extends IPublisherProcessor { + + /** + * Publish crossCertificatePair. + * + * @param pair Byte array representing cert pair. + * @exception EldapException publish failed due to Ldap error. + */ + public void publishXCertPair(byte[] pair) + throws ELdapException; +} diff --git a/base/common/src/com/netscape/certsrv/publish/LdapCertMapResult.java b/base/common/src/com/netscape/certsrv/publish/LdapCertMapResult.java new file mode 100644 index 000000000..84a866095 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/publish/LdapCertMapResult.java @@ -0,0 +1,56 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + +/** + * Class that represents the result of a Ldap Mapping operation. + * certificate map result: + * Represented by a mapped entry as a DN and whether entry has the certificate. + * + * @version $Revision$ $Date$ + */ +public class LdapCertMapResult { + private String mDn; + private boolean mHasCert; + + /** + * Constructs ldap cert map result with a dn and hasCert boolean. + */ + public LdapCertMapResult(String dn, boolean hasCert) { + mDn = dn; + mHasCert = hasCert; + } + + /** + * Gets DN from the result. + * + * @return Distinguished Name. + */ + public String getDn() { + return mDn; + } + + /** + * Gets whether the ldap entry had a certificate from result. + * + * @return true if cert is present, false otherwise. + */ + public boolean hasCert() { + return mHasCert; + } +} diff --git a/base/common/src/com/netscape/certsrv/publish/MapperPlugin.java b/base/common/src/com/netscape/certsrv/publish/MapperPlugin.java new file mode 100644 index 000000000..b193e1b5f --- /dev/null +++ b/base/common/src/com/netscape/certsrv/publish/MapperPlugin.java @@ -0,0 +1,39 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + +import com.netscape.certsrv.base.Plugin; + +/** + * This class represents a registered mapper plugin. + *

+ * + * @version $Revision$, $Date$ + */ +public class MapperPlugin extends Plugin { + + /** + * Constructs a MapperPlugin based on a name and a path. + * + * @param id Name of plugin. + * @param path Classpath of plugin. + */ + public MapperPlugin(String id, String path) { + super(id, path); + } +} diff --git a/base/common/src/com/netscape/certsrv/publish/MapperProxy.java b/base/common/src/com/netscape/certsrv/publish/MapperProxy.java new file mode 100644 index 000000000..95dc98d9c --- /dev/null +++ b/base/common/src/com/netscape/certsrv/publish/MapperProxy.java @@ -0,0 +1,62 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + +/** + * + * Class representing a LdapMapper. + * + * @version $Revision$ $Date$ + */ + +public class MapperProxy { + private boolean mEnable; + private ILdapMapper mMapper; + + /** + * + * Contructs MapperProxy . + * + * @param enable Enabled or not. + * @param mapper Corresponding ILdapMapper object. + */ + public MapperProxy(boolean enable, ILdapMapper mapper) { + mEnable = enable; + mMapper = mapper; + } + + /** + * + * Returns if enabled. + * + * @return true if enabled, otherwise false. + */ + public boolean isEnable() { + return mEnable; + } + + /** + * + * Returns ILdapMapper object. + * + * @return Intance of ILdapMapper object. + */ + public ILdapMapper getMapper() { + return mMapper; + } +} diff --git a/base/common/src/com/netscape/certsrv/publish/PublisherPlugin.java b/base/common/src/com/netscape/certsrv/publish/PublisherPlugin.java new file mode 100644 index 000000000..5a163b80c --- /dev/null +++ b/base/common/src/com/netscape/certsrv/publish/PublisherPlugin.java @@ -0,0 +1,40 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + +import com.netscape.certsrv.base.Plugin; + +/** + * This class represents a registered publisher plugin. + *

+ * + * @version $Revision$, $Date$ + */ +public class PublisherPlugin extends Plugin { + + /** + * + * Constructs a PublisherPlugin based on name and classpath. + * + * @param id name of plugin. + * @param path Classpath of plugin. + */ + public PublisherPlugin(String id, String path) { + super(id, path); + } +} diff --git a/base/common/src/com/netscape/certsrv/publish/PublisherProxy.java b/base/common/src/com/netscape/certsrv/publish/PublisherProxy.java new file mode 100644 index 000000000..eb71f3e56 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/publish/PublisherProxy.java @@ -0,0 +1,60 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + +/** + * + * Class representing a proxy for a ILdapPublisher. + * + * @version $Revision$ $Date$ + */ + +public class PublisherProxy { + private boolean mEnable; + private ILdapPublisher mPublisher; + + /** + * + * Constructs a PublisherProxy based on a ILdapPublisher object and enabled boolean. + * + * @param enable Proxy is enabled or not. + * @param publisher Corresponding ILdapPublisher object. + */ + public PublisherProxy(boolean enable, ILdapPublisher publisher) { + mEnable = enable; + mPublisher = publisher; + } + + /** + * Return if enabled or not. + * + * @return true if enabled, otherwise false. + */ + public boolean isEnable() { + return mEnable; + } + + /** + * Return ILdapPublisher object. + * + * @return Instance of ILdapPublisher. + */ + public ILdapPublisher getPublisher() { + return mPublisher; + } +} diff --git a/base/common/src/com/netscape/certsrv/publish/RulePlugin.java b/base/common/src/com/netscape/certsrv/publish/RulePlugin.java new file mode 100644 index 000000000..b37a24d51 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/publish/RulePlugin.java @@ -0,0 +1,40 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.publish; + +import com.netscape.certsrv.base.Plugin; + +/** + * This class represents a registered Publishing Rule plugin. + *

+ * + * @version $Revision$, $Date$ + */ +public class RulePlugin extends Plugin { + + /** + * + * Constructs a RulePlugin based on name and classpath. + * + * @param id name of RulePlugin. + * @param path Classpath of RulePlugin. + */ + public RulePlugin(String id, String path) { + super(id, path); + } +} -- cgit