// --- BEGIN COPYRIGHT BLOCK --- // This program is free software; you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation; version 2 of the License. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License along // with this program; if not, write to the Free Software Foundation, Inc., // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. // // (C) 2007 Red Hat, Inc. // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; import java.io.IOException; import java.io.PushbackReader; import java.io.StringReader; import java.util.Vector; import netscape.security.x509.CertificateExtensions; import netscape.security.x509.X500Name; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.request.IRequest; /** * class for parsing a DN pattern used to construct a ldap dn from * request attributes and cert subject name. *
* * dnpattern is a string representing a ldap dn pattern to formulate from the certificate subject name attributes and * request attributes . If empty or not set, the certificate subject name will be used as the ldap dn. *
* * The syntax is * *
* dnPattern := rdnPattern *[ "," rdnPattern ] * rdnPattern := avaPattern *[ "+" avaPattern ] * avaPattern := name "=" value | * name "=" "$subj" "." attrName [ "." attrNumber ] | * name "=" "$req" "." attrName [ "." attrNumber ] | * "$rdn" "." number ** *
* Example1: cn=Certificate Manager,ou=people,o=mcom.com * cert subject name: dn: CN=Certificate Manager, OU=people, O=mcom.com * request attributes: uid: cmanager ** * If an request attribute or subject DN component does not exist, the attribute is skipped. There is potential risk * that a wrong dn will be mapped into. * * @version $Revision$, $Date$ */ public class MapDNPattern { /* the list of request attriubutes to retrieve*/ protected String[] mReqAttrs = null; /* the list of cert attriubutes to retrieve*/ protected String[] mCertAttrs = null; /* rdn patterns */ protected MapRDNPattern[] mRDNPatterns = null; /* original pattern string */ protected String mPatternString = null; protected String mTestDN = null; /** * Construct a DN pattern by parsing a pattern string. * * @param pattern the DN pattern * @exception EBaseException If parsing error occurs. */ public MapDNPattern(String pattern) throws ELdapException { if (pattern == null || pattern.equals("")) { CMS.debug( "MapDNPattern: null pattern"); } else { mPatternString = pattern; PushbackReader in = new PushbackReader(new StringReader(pattern)); parse(in); } } public MapDNPattern(PushbackReader in) throws ELdapException { parse(in); } private void parse(PushbackReader in) throws ELdapException { Vector* The dn formulated will be :
* CN=Certificate Manager, OU=people, O=mcom.com ** note: Subordinate ca enrollment will use ca mapper. Use predicate * to distinguish the ca itself and the subordinates. * * Example2: UID=$req.HTTP_PARAMS.uid, OU=$subj.ou, O=people, , O=mcom.com * cert subject name: dn: UID=jjames, OU=IS, O=people, , O=mcom.com * request attributes: uid: cmanager *
* The dn formulated will be :
* UID=jjames, OU=IS, OU=people, O=mcom.com ** UID = the 'uid' attribute value in the request.
* OU = the 'ou' value in the cert subject name.
* O = the string people, mcom.com.
**