From a4682ceae6774956461edd03b2485bbacea445f4 Mon Sep 17 00:00:00 2001 From: mharmsen Date: Tue, 4 Oct 2011 01:17:41 +0000 Subject: Bugzilla Bug #688225 - (dogtagIPAv2.1) TRACKER: of the Dogtag fixes for freeIPA 2.1 git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/tags/IPA_v2_RHEL_6_2_20111003@2252 c9f7a03b-bd48-0410-a16d-cbbf54688b0b --- .../com/netscape/certsrv/ldap/ELdapException.java | 86 +++++++++++++++++ .../certsrv/ldap/ELdapServerDownException.java | 35 +++++++ .../com/netscape/certsrv/ldap/ILdapAuthInfo.java | 103 +++++++++++++++++++++ .../certsrv/ldap/ILdapBoundConnFactory.java | 43 +++++++++ .../netscape/certsrv/ldap/ILdapConnFactory.java | 90 ++++++++++++++++++ .../com/netscape/certsrv/ldap/ILdapConnInfo.java | 84 +++++++++++++++++ .../com/netscape/certsrv/ldap/ILdapConnModule.java | 60 ++++++++++++ .../com/netscape/certsrv/ldap/LdapResources.java | 44 +++++++++ 8 files changed, 545 insertions(+) create mode 100644 pki/base/common/src/com/netscape/certsrv/ldap/ELdapException.java create mode 100644 pki/base/common/src/com/netscape/certsrv/ldap/ELdapServerDownException.java create mode 100644 pki/base/common/src/com/netscape/certsrv/ldap/ILdapAuthInfo.java create mode 100644 pki/base/common/src/com/netscape/certsrv/ldap/ILdapBoundConnFactory.java create mode 100644 pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnFactory.java create mode 100644 pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnInfo.java create mode 100644 pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnModule.java create mode 100644 pki/base/common/src/com/netscape/certsrv/ldap/LdapResources.java (limited to 'pki/base/common/src/com/netscape/certsrv/ldap') diff --git a/pki/base/common/src/com/netscape/certsrv/ldap/ELdapException.java b/pki/base/common/src/com/netscape/certsrv/ldap/ELdapException.java new file mode 100644 index 000000000..3f829aa31 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/ldap/ELdapException.java @@ -0,0 +1,86 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.ldap; + + +import com.netscape.certsrv.base.*; + + +/** + * A class that represents a Ldap exception. Various + * errors can occur when interacting with a Ldap directory server. + *

+ * + * @version $Revision$, $Date$ + */ +public class ELdapException extends EBaseException { + + /** + * Ldap resource class name. + */ + private static final String LDAP_RESOURCES = LdapResources.class.getName(); + + /** + * Constructs a Ldap exception. + * @param msgFormat Resource Key, if key not present, serves as the message. + *

+ */ + public ELdapException(String msgFormat) { + super(msgFormat); + } + + /** + * Constructs a Ldap exception. + * @param msgFormat Resource Key, if key not present, serves as the message. + * Include a message string parameter for variable content. + * @param param Message string parameter. + *

+ */ + public ELdapException(String msgFormat, String param) { + super(msgFormat, param); + } + + /** + * Constructs a Ldap exception. + * @param msgFormat Resource Key, if key not present, serves as the message. + * @param e Common exception. + *

+ */ + public ELdapException(String msgFormat, Exception e) { + super(msgFormat, e); + } + + /** + * Constructs a Ldap exception. + * @param msgFormat Resource Key, if key not present, serves as the message. + * @param params Array of Message string parameters. + *

+ */ + public ELdapException(String msgFormat, Object params[]) { + super(msgFormat, params); + } + + /** + * Gets the resource bundle name + * @return Name of the Ldap Exception resource bundle name. + *

+ */ + protected String getBundleName() { + return LDAP_RESOURCES; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/ldap/ELdapServerDownException.java b/pki/base/common/src/com/netscape/certsrv/ldap/ELdapServerDownException.java new file mode 100644 index 000000000..b6b04a760 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/ldap/ELdapServerDownException.java @@ -0,0 +1,35 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.ldap; + + +/** + * This represents exception which indicates Ldap server is down. + * + * @version $Revision$, $Date$ + */ +public class ELdapServerDownException extends ELdapException { + + /** + * Constructs a ldap server down exception with host & port info. + * @param errorString Detailed error message. + */ + public ELdapServerDownException(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/ldap/ILdapAuthInfo.java b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapAuthInfo.java new file mode 100644 index 000000000..13cadf2ab --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapAuthInfo.java @@ -0,0 +1,103 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.ldap; + + +import java.util.Hashtable; +import netscape.ldap.LDAPConnection; +import netscape.ldap.LDAPException; +import org.mozilla.jss.util.Password; +import org.mozilla.jss.util.PasswordCallback; +import org.mozilla.jss.util.PasswordCallbackInfo; +import org.mozilla.jss.util.ConsolePasswordCallback; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.ldap.*; + + +/** + * Class for obtaining ldap authentication info from the configuration store. + * Two types of authentication is basic and SSL client authentication. + * + * @version $Revision$, $Date$ + */ +public interface ILdapAuthInfo { + static public final String PROP_LDAPAUTHTYPE = "authtype"; + static public final String PROP_CLIENTCERTNICKNAME = "clientCertNickname"; + static public final String PROP_BINDDN = "bindDN"; + static public final String PROP_BINDPW = "bindPassword"; + static public final String PROP_BINDPW_PROMPT = "bindPWPrompt"; + static public final String PROP_BINDDN_DEFAULT = "cn=Directory Manager"; + + static public final String LDAP_BASICAUTH_STR = "BasicAuth"; + static public final String LDAP_SSLCLIENTAUTH_STR = "SslClientAuth"; + + static public final int LDAP_AUTHTYPE_NONE = 0; // illegal + static public final int LDAP_AUTHTYPE_BASICAUTH = 1; + static public final int LDAP_AUTHTYPE_SSLCLIENTAUTH = 2; + + /** + * Initialize this class from the config store. + * @param config The config store from which to initialize. + * @exception EBaseException Due to failure of the initialization process. + * + */ + public void init(IConfigStore config) throws EBaseException; + + /** + * Initialize this class from the config store. + * Based on host, port, and secure boolean info. + * which allows an actual attempt on the server to verify credentials. + * @param config The config store from which to initialize. + * @exception EBaseException Due to failure of the initialization process. + * + */ + public void init(IConfigStore config, String host, int port, boolean secure) + throws EBaseException; + + /** + * Reset the connection to the host + */ + public void reset(); + + /** + * Get authentication type. + * @return one of:
+ * LdapAuthInfo.LDAP_AUTHTYPE_BASICAUTH or + * LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH + */ + public int getAuthType(); + + /** + * Get params for authentication. + * @return array of parameters for this authentication as an array of Strings. + */ + public String[] getParms(); + + /** + * Add password to private password data structure. + * @param prompt Password prompt. + * @param pw Password itself. + */ + public void addPassword(String prompt, String pw); + + /** + * Remove password from private password data structure. + * @param prompt Identify password to remove with prompt. + */ + public void removePassword(String prompt); +} diff --git a/pki/base/common/src/com/netscape/certsrv/ldap/ILdapBoundConnFactory.java b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapBoundConnFactory.java new file mode 100644 index 000000000..71b810709 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapBoundConnFactory.java @@ -0,0 +1,43 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.ldap; + + +import netscape.ldap.*; +import com.netscape.certsrv.base.*; + + +/** + * Maintains a pool of connections to the LDAP server. + * CMS requests are processed on a multi threaded basis. + * A pool of connections then must be be maintained so this + * access to the Ldap server can be easily managed. The min and + * max size of this connection pool should be configurable. Once + * the maximum limit of connections is exceeded, the factory + * should provide proper synchronization to resolve contention issues. + * + * @version $Revision$, $Date$ + */ +public interface ILdapBoundConnFactory extends ILdapConnFactory { + + public static final String PROP_MINCONNS = "minConns"; + public static final String PROP_MAXCONNS = "maxConns"; + public static final String PROP_LDAPCONNINFO = "ldapconn"; + public static final String PROP_LDAPAUTHINFO = "ldapauth"; + +} diff --git a/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnFactory.java b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnFactory.java new file mode 100644 index 000000000..8ac2cd505 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnFactory.java @@ -0,0 +1,90 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.ldap; + + +import netscape.ldap.*; +import com.netscape.certsrv.base.*; + + +/** + * Maintains a pool of connections to the LDAP server. + * Multiple threads use this interface to utilize and release + * the Ldap connection resources. + * + * @version $Revision$, $Date$ + */ +public interface ILdapConnFactory { + + /** + * Initialize the poll from the config store. + * @param config The configuration substore. + * @exception EBaseException On configuration error. + * @exception ELdapException On all other errors. + */ + public void init(IConfigStore config) + throws EBaseException, ELdapException; + + /** + * + * Used for disconnecting all connections. + * Used just before a subsystem + * shutdown or process exit. + * @exception EldapException on Ldap failure when closing connections. + */ + public void reset() + throws ELdapException; + + /** + * Returns the number of free connections available from this pool. + * @return Integer number of free connections. + */ + + public int freeConn(); + + /** + * Returns the number of total connections available from this pool. + * Includes sum of free and in use connections. + * @return Integer number of total connections. + */ + public int totalConn(); + + /** + * Returns the maximum number of connections available from this pool. + * @return Integer maximum number of connections. + */ + public int maxConn(); + + /** + * Request access to a Ldap connection from the pool. + * @exception ELdapException if any error occurs, such as a + * @return Ldap connection object. + * connection is not available + */ + public LDAPConnection getConn() + throws ELdapException; + + /** + * Return connection to the factory. mandatory after a getConn(). + * @param conn Ldap connection object to be returned to the free list of the pool. + * @exception ELdapException On any failure to return the connection. + */ + public void returnConn(LDAPConnection conn) + throws ELdapException; + +} diff --git a/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnInfo.java b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnInfo.java new file mode 100644 index 000000000..f56bf4d3e --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnInfo.java @@ -0,0 +1,84 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.ldap; + + +import netscape.ldap.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.base.EPropertyNotFound; +import com.netscape.certsrv.ldap.*; + + +/** + * Class for reading ldap connection information from the config store. + * Ldap connection info: host name, port number,whether of not it is a secure connection. + * + * @version $Revision$, $Date$ + */ +public interface ILdapConnInfo { + public static final String PROP_HOST = "host"; + public static final String PROP_PORT = "port"; + public static final String PROP_SECURE = "secureConn"; + public static final String PROP_PROTOCOL = "version"; + public static final String PROP_FOLLOW_REFERRALS = "followReferrals"; + public static final String PROP_HOST_DEFAULT = "localhost"; + public static final String PROP_PORT_DEFAULT = "389"; + + public static final int LDAP_VERSION_2 = 2; + public static final int LDAP_VERSION_3 = 3; + + /** + * Initializes an instance from a config store. + * @param config Configuration store. + * @exception ELdapException Ldap related error found. + * @exception EBaseException Other errors and errors with params included in the config store. + */ + public void init(IConfigStore config) throws EBaseException, ELdapException; + + /** + * Return the name of the Host. + * + */ + + + public String getHost(); + + /** + * Return the port number of the host. + * + */ + public int getPort(); + + /** + * Return the Ldap version number of the Ldap server. + */ + + public int getVersion(); + + /** + * Return whether or not the connection is secure. + */ + public boolean getSecure(); + + /** + * Return whether or not the server is to follow referrals + * to other servers when servicing a query. + */ + public boolean getFollowReferrals(); + +} diff --git a/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnModule.java b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnModule.java new file mode 100644 index 000000000..3cf762663 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnModule.java @@ -0,0 +1,60 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.ldap; + + +import com.netscape.certsrv.base.*; +import java.security.cert.*; + + +/** + * Class on behalf of the Publishing system that controls an instance of an ILdapConnFactory. + * Allows a factory to be intialized and grants access + * to the factory to other interested parties. + * + * @version $Revision$, $Date$ + */ + +public interface ILdapConnModule { + + /** + * Initialize ldap publishing module with config store. + * @param owner Entity that is interested in this instance of Publishing. + * @param config Config store containing the info needed to set up Publishing. + * @exception ELdapException Due to Ldap error. + * @exception EBaseException Due to config value errors and all other errors. + */ + public void init(ISubsystem owner, IConfigStore config) + throws EBaseException, ELdapException; + + /** + * Returns the internal ldap connection factory. + * This can be useful to get a ldap connection to the + * ldap publishing directory without having to get it again from the + * config file. Note that this means sharing a ldap connection pool + * with the ldap publishing module so be sure to return connections to pool. + * Use ILdapConnFactory.getConn() to get a Ldap connection to the ldap + * publishing directory. + * Use ILdapConnFactory.returnConn() to return the connection. + * + * @return Instance of ILdapConnFactory. + */ + + public ILdapConnFactory getLdapConnFactory(); +} + diff --git a/pki/base/common/src/com/netscape/certsrv/ldap/LdapResources.java b/pki/base/common/src/com/netscape/certsrv/ldap/LdapResources.java new file mode 100644 index 000000000..79a8aecb4 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/ldap/LdapResources.java @@ -0,0 +1,44 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.ldap; + + +import java.util.*; + + +/** + * A resource bundle for ldap subsystem. + * + * @version $Revision$, $Date$ + */ +public class LdapResources extends ListResourceBundle { + + /** + * Returns the content of this resource. + */ + public Object[][] getContents() { + return contents; + } + + /** + * Constants. The suffix represents the number of + * possible parameters. + */ + + static final Object[][] contents = {}; +} -- cgit