summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java190
1 files changed, 95 insertions, 95 deletions
diff --git a/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java b/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java
index 4cfe9a45..e9b1fb3d 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.authentication;
-
import java.io.IOException;
import java.io.PushbackReader;
import java.io.StringReader;
@@ -36,24 +35,25 @@ import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.authentication.EAuthException;
import com.netscape.certsrv.authentication.ECompSyntaxErr;
-
/**
- * class for parsing a DN pattern used to construct a certificate
- * subject name from ldap attributes and dn.<p>
+ * class for parsing a DN pattern used to construct a certificate
+ * subject name from ldap attributes and dn.
+ * <p>
+ *
+ * dnpattern is a string representing a subject name pattern to formulate from the directory attributes and entry dn. If empty or not set, the ldap entry DN will be used as the certificate subject name.
+ * <p>
*
- * dnpattern is a string representing a subject name pattern to formulate from
- * the directory attributes and entry dn. If empty or not set, the
- * ldap entry DN will be used as the certificate subject name. <p>
+ * The syntax is
*
- * The syntax is
* <pre>
- * dnPattern := rdnPattern *[ "," rdnPattern ]
- * rdnPattern := avaPattern *[ "+" avaPattern ]
+ * dnPattern := rdnPattern *[ "," rdnPattern ]
+ * rdnPattern := avaPattern *[ "+" avaPattern ]
* avaPattern := name "=" value |
- * name "=" "$attr" "." attrName [ "." attrNumber ] |
- * name "=" "$dn" "." attrName [ "." attrNumber ] |
- * "$dn" "." "$rdn" "." number
+ * name "=" "$attr" "." attrName [ "." attrNumber ] |
+ * name "=" "$dn" "." attrName [ "." attrNumber ] |
+ * "$dn" "." "$rdn" "." number
* </pre>
+ *
* <pre>
* Example1: <i>E=$attr.mail.1, CN=$attr.cn, OU=$dn.ou.2, O=$dn.o, C=US </i>
* Ldap entry: dn: UID=jjames, OU=IS, OU=people, O=acme.org
@@ -80,11 +80,12 @@ import com.netscape.certsrv.authentication.ECompSyntaxErr;
* E = the first 'mail' ldap attribute value in user's entry. <br>
* CN = the (first) 'cn' ldap attribute value in the user's entry. <br>
* OU = the second 'ou' value in the user's entry DN. note multiple AVAs
- * in a RDN in this example. <br>
+ * in a RDN in this example. <br>
* O = the (first) 'o' value in the user's entry DN. <br>
* C = the string "US"
* <p>
* </pre>
+ *
* <pre>
* Example3: <i>CN=$attr.cn, $rdn.2, O=$dn.o, C=US</i>
* Ldap entry: dn: UID=jjames, OU=IS+OU=people, O=acme.org
@@ -109,15 +110,15 @@ import com.netscape.certsrv.authentication.ECompSyntaxErr;
* <p>
* CN = the (first) 'cn' ldap attribute value in the user's entry. <br>
* OU = the second 'ou' value in the user's entry DN followed by the
- * first 'ou' value in the user's entry. note multiple AVAs
- * in a RDN in this example. <br>
+ * first 'ou' value in the user's entry. note multiple AVAs
+ * in a RDN in this example. <br>
* O = the (first) 'o' value in the user's entry DN. <br>
* C = the string "US"
* <p>
* </pre>
- * If an attribute or subject DN component does not exist the attribute
- * is skipped.
- *
+ *
+ * If an attribute or subject DN component does not exist the attribute is skipped.
+ *
* @version $Revision$, $Date$
*/
class AVAPattern {
@@ -130,8 +131,8 @@ class AVAPattern {
private static final char[] endChars = new char[] { '+', ',' };
- private static final LdapV3DNStrConverter mLdapDNStrConverter =
- new LdapV3DNStrConverter();
+ private static final LdapV3DNStrConverter mLdapDNStrConverter =
+ new LdapV3DNStrConverter();
/* ldap attributes needed by this AVA (to retrieve from ldap) */
protected String[] mLdapAttrs = null;
@@ -140,7 +141,7 @@ class AVAPattern {
protected String mType = null;
/* the attribute in the AVA pair */
- protected String mAttr = null;
+ protected String mAttr = null;
/* value - could be name of an ldap attribute or entry dn attribute. */
protected String mValue = null;
@@ -151,19 +152,19 @@ class AVAPattern {
protected String mTestDN = null;
public AVAPattern(String component)
- throws EAuthException {
- if (component == null || component.length() == 0)
+ throws EAuthException {
+ if (component == null || component.length() == 0)
throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", component));
parse(new PushbackReader(new StringReader(component)));
}
- public AVAPattern(PushbackReader in)
- throws EAuthException {
+ public AVAPattern(PushbackReader in)
+ throws EAuthException {
parse(in);
}
private void parse(PushbackReader in)
- throws EAuthException {
+ throws EAuthException {
int c;
// mark ava beginning.
@@ -179,19 +180,19 @@ class AVAPattern {
} catch (IOException e) {
throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank"));
}
- if (c == -1)
+ if (c == -1)
throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank"));
- // $rdn "." number syntax.
+ // $rdn "." number syntax.
if (c == '$') {
//System.out.println("$rdn syntax");
mType = TYPE_RDN;
try {
- if (in.read() != 'r' ||
- in.read() != 'd' ||
- in.read() != 'n' ||
- in.read() != '.')
+ if (in.read() != 'r' ||
+ in.read() != 'd' ||
+ in.read() != 'n' ||
+ in.read() != '.')
throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn"));
} catch (IOException e) {
throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn"));
@@ -212,7 +213,7 @@ class AVAPattern {
String rdnNumber = rdnNumberBuf.toString().trim();
- if (rdnNumber.length() == 0)
+ if (rdnNumber.length() == 0)
throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "$rdn number not set in ava pattern"));
try {
mElement = Integer.parseInt(rdnNumber) - 1;
@@ -227,15 +228,15 @@ class AVAPattern {
// read name
//System.out.println("reading name");
- StringBuffer attrBuf = new StringBuffer();
+ StringBuffer attrBuf = new StringBuffer();
try {
while (c != '=' && c != -1 && c != ',' && c != '+') {
attrBuf.append((char) c);
c = in.read();
//System.out.println("name read "+(char)c);
- }
- if (c == ',' || c == '+')
+ }
+ if (c == ',' || c == '+')
in.unread(c);
} catch (IOException e) {
throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
@@ -243,11 +244,11 @@ class AVAPattern {
if (c != '=')
throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Missing \"=\" in ava pattern"));
- // read value
- //System.out.println("reading value");
+ // read value
+ //System.out.println("reading value");
- // skip spaces
- //System.out.println("skip spaces for value");
+ // skip spaces
+ //System.out.println("skip spaces for value");
try {
while ((c = in.read()) == ' ' || c == '\t') {//System.out.println("spaces2 read "+(char)c);
;
@@ -255,7 +256,7 @@ class AVAPattern {
} catch (IOException e) {
throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
}
- if (c == -1)
+ if (c == -1)
throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "no value after = in ava pattern"));
if (c == '$') {
@@ -266,16 +267,16 @@ class AVAPattern {
} catch (IOException e) {
throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
}
- if (c == -1)
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ if (c == -1)
+ throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
"expecting $dn or $attr in ava pattern"));
if (c == 'a') {
try {
- if (in.read() != 't' ||
- in.read() != 't' ||
- in.read() != 'r' ||
- in.read() != '.')
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ if (in.read() != 't' ||
+ in.read() != 't' ||
+ in.read() != 'r' ||
+ in.read() != '.')
+ throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
"expecting $attr in ava pattern"));
} catch (IOException e) {
throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
@@ -284,8 +285,8 @@ class AVAPattern {
//System.out.println("---- mtype $attr");
} else if (c == 'd') {
try {
- if (in.read() != 'n' ||
- in.read() != '.')
+ if (in.read() != 'n' ||
+ in.read() != '.')
throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
"expecting $dn in ava pattern"));
} catch (IOException e) {
@@ -294,21 +295,21 @@ class AVAPattern {
mType = TYPE_DN;
//System.out.println("----- mtype $dn");
} else {
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
- "unknown keyword. expecting $dn or $attr."));
+ throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "unknown keyword. expecting $dn or $attr."));
}
// get attr name of dn pattern from above.
String attrName = attrBuf.toString().trim();
//System.out.println("----- attrName "+attrName);
- if (attrName.length() == 0)
+ if (attrName.length() == 0)
throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "attribute name expected"));
- try {
- ObjectIdentifier attrOid =
- mLdapDNStrConverter.parseAVAKeyword(attrName);
+ try {
+ ObjectIdentifier attrOid =
+ mLdapDNStrConverter.parseAVAKeyword(attrName);
- mAttr = mLdapDNStrConverter.encodeOID(attrOid);
+ mAttr = mLdapDNStrConverter.encodeOID(attrOid);
//System.out.println("----- mAttr "+mAttr);
} catch (IOException e) {
throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.getMessage()));
@@ -318,8 +319,8 @@ class AVAPattern {
StringBuffer valueBuf = new StringBuffer();
try {
- while ((c = in.read()) != ',' &&
- c != -1 && c != '.' && c != '+') {
+ while ((c = in.read()) != ',' &&
+ c != -1 && c != '.' && c != '+') {
//System.out.println("mValue read "+(char)c);
valueBuf.append((char) c);
}
@@ -330,12 +331,12 @@ class AVAPattern {
}
mValue = valueBuf.toString().trim();
- if (mValue.length() == 0)
+ if (mValue.length() == 0)
throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
"$dn or $attr attribute name expected"));
- //System.out.println("----- mValue "+mValue);
+ //System.out.println("----- mValue "+mValue);
- // get nth dn or attribute from ldap search.
+ // get nth dn or attribute from ldap search.
if (c == '.') {
StringBuffer attrNumberBuf = new StringBuffer();
@@ -345,13 +346,13 @@ class AVAPattern {
attrNumberBuf.append((char) c);
}
if (c != -1) // either ',' or '+'
- in.unread(c); // pushback last , or +
+ in.unread(c); // pushback last , or +
} catch (IOException e) {
throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
}
String attrNumber = attrNumberBuf.toString().trim();
- if (attrNumber.length() == 0)
+ if (attrNumber.length() == 0)
throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
"nth element $dn or $attr expected"));
try {
@@ -372,7 +373,7 @@ class AVAPattern {
valueBuf.append((char) c);
try {
while ((c = in.read()) != ',' &&
- c != -1) {
+ c != -1) {
valueBuf.append((char) c);
}
if (c == '+' || c == ',') { // either ',' or '+'
@@ -381,8 +382,8 @@ class AVAPattern {
} catch (IOException e) {
throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.getMessage()));
}
- try {
- AVA ava = mLdapDNStrConverter.parseAVA(attrBuf + "=" + valueBuf);
+ try {
+ AVA ava = mLdapDNStrConverter.parseAVA(attrBuf + "=" + valueBuf);
mValue = ava.toLdapDNString();
//System.out.println("----- mValue "+mValue);
@@ -393,19 +394,19 @@ class AVAPattern {
}
public String formAVA(LDAPEntry entry)
- throws EAuthException {
- if (mType == TYPE_CONSTANT)
+ throws EAuthException {
+ if (mType == TYPE_CONSTANT)
return mValue;
if (mType == TYPE_RDN) {
String dn = entry.getDN();
- if (mTestDN != null)
+ if (mTestDN != null)
dn = mTestDN;
- //System.out.println("AVAPattern Using dn "+mTestDN);
+ //System.out.println("AVAPattern Using dn "+mTestDN);
String[] rdns = LDAPDN.explodeDN(dn, false);
- if (mElement >= rdns.length)
+ if (mElement >= rdns.length)
return null;
return rdns[mElement];
}
@@ -413,9 +414,9 @@ class AVAPattern {
if (mType == TYPE_DN) {
String dn = entry.getDN();
- if (mTestDN != null)
+ if (mTestDN != null)
dn = mTestDN;
- //System.out.println("AVAPattern Using dn "+mTestDN);
+ //System.out.println("AVAPattern Using dn "+mTestDN);
String[] rdns = LDAPDN.explodeDN(dn, false);
String value = null;
int nFound = -1;
@@ -426,14 +427,14 @@ class AVAPattern {
for (int j = 0; j < avas.length; j++) {
String[] exploded = explodeAVA(avas[j]);
- if (exploded[0].equalsIgnoreCase(mValue) &&
- ++nFound == mElement) {
+ if (exploded[0].equalsIgnoreCase(mValue) &&
+ ++nFound == mElement) {
value = exploded[1];
break;
}
}
}
- if (value == null)
+ if (value == null)
return null;
return mAttr + "=" + value;
}
@@ -441,11 +442,11 @@ class AVAPattern {
if (mType == TYPE_ATTR) {
LDAPAttribute ldapAttr = entry.getAttribute(mValue);
- if (ldapAttr == null)
+ if (ldapAttr == null)
return null;
String value = null;
@SuppressWarnings("unchecked")
- Enumeration<String> ldapValues = ldapAttr.getStringValues();
+ Enumeration<String> ldapValues = ldapAttr.getStringValues();
for (int i = 0; ldapValues.hasMoreElements(); i++) {
String val = (String) ldapValues.nextElement();
@@ -455,7 +456,7 @@ class AVAPattern {
break;
}
}
- if (value == null)
+ if (value == null)
return null;
String v = escapeLdapString(value);
@@ -486,16 +487,16 @@ class AVAPattern {
int k = i + 1;
if (i == len - 1 ||
- (c[k] == ',' || c[k] == '=' || c[k] == '+' || c[k] == '<' ||
- c[k] == '>' || c[k] == '#' || c[k] == ';')) {
+ (c[k] == ',' || c[k] == '=' || c[k] == '+' || c[k] == '<' ||
+ c[k] == '>' || c[k] == '#' || c[k] == ';')) {
newc[j++] = '\\';
newc[j++] = c[i];
}
} // escape QUOTATION
else if (c[i] == '"') {
- if ((i == 0 && c[len - 1] != '"') ||
- (i == len - 1 && c[0] != '"') ||
- (i > 0 && i < len - 1)) {
+ if ((i == 0 && c[len - 1] != '"') ||
+ (i == len - 1 && c[0] != '"') ||
+ (i > 0 && i < len - 1)) {
newc[j++] = '\\';
newc[j++] = c[i];
}
@@ -513,20 +514,20 @@ class AVAPattern {
}
/**
- * Explode RDN into AVAs.
- * Does not handle escaped '+'
+ * Explode RDN into AVAs.
+ * Does not handle escaped '+'
* Java ldap library does not yet support multiple avas per rdn.
- * If RDN is malformed returns empty array.
+ * If RDN is malformed returns empty array.
*/
public static String[] explodeRDN(String rdn) {
int plus = rdn.indexOf('+');
- if (plus == -1)
+ if (plus == -1)
return new String[] { rdn };
Vector<String> avas = new Vector<String>();
StringTokenizer token = new StringTokenizer(rdn, "+");
- while (token.hasMoreTokens())
+ while (token.hasMoreTokens())
avas.addElement(token.nextToken());
String[] theAvas = new String[avas.size()];
@@ -535,17 +536,16 @@ class AVAPattern {
}
/**
- * Explode AVA into name and value.
+ * Explode AVA into name and value.
* Does not handle escaped '='
* If AVA is malformed empty array is returned.
*/
public static String[] explodeAVA(String ava) {
int equals = ava.indexOf('=');
- if (equals == -1)
+ if (equals == -1)
return null;
return new String[] {
- ava.substring(0, equals).trim(), ava.substring(equals + 1).trim()};
+ ava.substring(0, equals).trim(), ava.substring(equals + 1).trim() };
}
}
-
generated by cgit (git 2.34.1) at 2024-05-19 11:17:30 +0000