From 32150d3ee32f8ac27118af7c792794b538c78a2f Mon Sep 17 00:00:00 2001 From: Ade Lee Date: Wed, 7 Dec 2011 16:58:12 -0500 Subject: Formatting Formatted project according to eclipse project settings --- .../publish/publishers/LdapUserCertPublisher.java | 173 +++++++++++---------- 1 file changed, 92 insertions(+), 81 deletions(-) (limited to 'pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java') diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java index f612d005b..3867a3b8c 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; - import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.Enumeration; @@ -43,13 +42,13 @@ import com.netscape.certsrv.logging.AuditFormat; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPublisher; - -/** - * Interface for mapping a X509 certificate to a LDAP entry - * +/** + * Interface for mapping a X509 certificate to a LDAP entry + * * @version $Revision$, $Date$ */ -public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInfo { +public class LdapUserCertPublisher implements ILdapPublisher, + IExtendedPluginInfo { public static final String LDAP_USERCERT_ATTR = "userCertificate;binary"; protected String mCertAttr = LDAP_USERCERT_ATTR; @@ -71,11 +70,10 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf public String[] getExtendedPluginInfo(Locale locale) { String[] params = { "certAttr;string;LDAP attribute in which to store the certificate", - IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-publisher-usercertpublisher", - IExtendedPluginInfo.HELP_TEXT + - ";This plugin knows how to publish user certificates" - }; + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ldappublish-publisher-usercertpublisher", + IExtendedPluginInfo.HELP_TEXT + + ";This plugin knows how to publish user certificates" }; return params; @@ -99,8 +97,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf return mConfig; } - public void init(IConfigStore config) - throws EBaseException { + public void init(IConfigStore config) throws EBaseException { if (mInited) return; mConfig = config; @@ -113,16 +110,16 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf } /** - * publish a user certificate - * Adds the cert to the multi-valued certificate attribute as a - * DER encoded binary blob. Does not check if cert already exists. + * publish a user certificate Adds the cert to the multi-valued certificate + * attribute as a DER encoded binary blob. Does not check if cert already + * exists. * * @param conn the LDAP connection * @param dn dn of the entry to publish the certificate - * @param certObj the certificate object. + * @param certObj the certificate object. */ public void publish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { if (conn == null) return; @@ -130,28 +127,29 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf // see if we should create local connection LDAPConnection altConn = null; try { - String host = mConfig.getString("host", null); - String port = mConfig.getString("port", null); - if (host != null && port != null) { - int portVal = Integer.parseInt(port); - int version = Integer.parseInt(mConfig.getString("version", "2")); - String cert_nick = mConfig.getString("clientCertNickname", null); - LDAPSSLSocketFactoryExt sslSocket = null; - if (cert_nick != null) { - sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick); + String host = mConfig.getString("host", null); + String port = mConfig.getString("port", null); + if (host != null && port != null) { + int portVal = Integer.parseInt(port); + int version = Integer.parseInt(mConfig + .getString("version", "2")); + String cert_nick = mConfig + .getString("clientCertNickname", null); + LDAPSSLSocketFactoryExt sslSocket = null; + if (cert_nick != null) { + sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick); + } + String mgr_dn = mConfig.getString("bindDN", null); + String mgr_pwd = mConfig.getString("bindPWD", null); + + altConn = CMS.getBoundConnection(host, portVal, version, + sslSocket, mgr_dn, mgr_pwd); + conn = altConn; } - String mgr_dn = mConfig.getString("bindDN", null); - String mgr_pwd = mConfig.getString("bindPWD", null); - - altConn = CMS.getBoundConnection(host, portVal, - version, - sslSocket, mgr_dn, mgr_pwd); - conn = altConn; - } } catch (LDAPException e) { - CMS.debug("Failed to create alt connection " + e); + CMS.debug("Failed to create alt connection " + e); } catch (EBaseException e) { - CMS.debug("Failed to create alt connection " + e); + CMS.debug("Failed to create alt connection " + e); } if (!(certObj instanceof X509Certificate)) @@ -169,7 +167,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf byte[] certEnc = cert.getEncoded(); // check if cert already exists. - LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, + LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", new String[] { mCertAttr }, false); LDAPEntry entry = res.next(); @@ -178,59 +176,65 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf return; } - // publish + // publish LDAPModification mod = null; if (deleteCert) { - mod = new LDAPModification(LDAPModification.REPLACE, - new LDAPAttribute(mCertAttr, certEnc)); + mod = new LDAPModification(LDAPModification.REPLACE, + new LDAPAttribute(mCertAttr, certEnc)); } else { - mod = new LDAPModification(LDAPModification.ADD, - new LDAPAttribute(mCertAttr, certEnc)); + mod = new LDAPModification(LDAPModification.ADD, + new LDAPAttribute(mCertAttr, certEnc)); } - conn.modify(dn, mod); + conn.modify(dn, mod); // log a successful message to the "transactions" log - mLogger.log( ILogger.EV_AUDIT, - ILogger.S_LDAP, - ILogger.LL_INFO, - AuditFormat.LDAP_PUBLISHED_FORMAT, - new Object[] { "LdapUserCertPublisher", - cert.getSerialNumber().toString(16), - cert.getSubjectDN() } ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_LDAP, + ILogger.LL_INFO, + AuditFormat.LDAP_PUBLISHED_FORMAT, + new Object[] { "LdapUserCertPublisher", + cert.getSerialNumber().toString(16), + cert.getSubjectDN() }); } catch (CertificateEncodingException e) { - CMS.debug("LdapUserCertPublisher: error in publish: " + e.toString()); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); + CMS.debug("LdapUserCertPublisher: error in publish: " + + e.toString()); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage( + "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "PUBLISH_PUBLISH_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString())); } } finally { - if (altConn != null) { - try { - altConn.disconnect(); - } catch (LDAPException e) { - // safely ignored - } - } + if (altConn != null) { + try { + altConn.disconnect(); + } catch (LDAPException e) { + // safely ignored + } + } } return; } /** - * unpublish a user certificate - * deletes the certificate from the list of certificates. - * does not check if certificate is already there. + * unpublish a user certificate deletes the certificate from the list of + * certificates. does not check if certificate is already there. */ public void unpublish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { boolean disableUnpublish = false; try { @@ -239,8 +243,8 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf } if (disableUnpublish) { - CMS.debug("UserCertPublisher: disable unpublish"); - return; + CMS.debug("UserCertPublisher: disable unpublish"); + return; } if (!(certObj instanceof X509Certificate)) @@ -252,7 +256,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf byte[] certEnc = cert.getEncoded(); // check if cert already deleted. - LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, + LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", new String[] { mCertAttr }, false); LDAPEntry entry = res.next(); @@ -261,23 +265,30 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf return; } - LDAPModification mod = new LDAPModification(LDAPModification.DELETE, - new LDAPAttribute(mCertAttr, certEnc)); + LDAPModification mod = new LDAPModification( + LDAPModification.DELETE, new LDAPAttribute(mCertAttr, + certEnc)); - conn.modify(dn, mod); + conn.modify(dn, mod); } catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage( + "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR")); - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_USERCERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR")); + throw new ELdapException(CMS.getUserMessage( + "CMS_LDAP_UNPUBLISH_USERCERT_ERROR", e.toString())); } } return; @@ -285,7 +296,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapUserCertPublisher: " + msg); + "LdapUserCertPublisher: " + msg); } /** -- cgit