diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java | 238 |
1 files changed, 128 insertions, 110 deletions
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java index f0154e44..c7ccd41e 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; - import java.io.ByteArrayOutputStream; import java.io.File; import java.io.FileOutputStream; @@ -47,10 +46,9 @@ import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPublisher; -/** - * This publisher writes certificate and CRL into - * a directory. - * +/** + * This publisher writes certificate and CRL into a directory. + * * @version $Revision$, $Date$ */ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { @@ -74,10 +72,10 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { protected String mLinkExt = null; protected int mZipLevel = 9; - public void setIssuingPointId(String crlIssuingPointId) - { + public void setIssuingPointId(String crlIssuingPointId) { mCrlIssuingPointId = crlIssuingPointId; } + /** * Returns the implementation name. */ @@ -95,19 +93,26 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { public String[] getExtendedPluginInfo(Locale locale) { String[] params = { - PROP_DIR + ";string;Directory in which to put the files (absolute path or relative path to cert-* instance directory).", - PROP_DER + ";boolean;Store certificates or CRLs into *.der files.", - PROP_B64 + ";boolean;Store certificates or CRLs into *.b64 files.", - PROP_GMT + ";choice(LocalTime,GMT);Use local time or GMT to time stamp CRL file name with CRL's 'thisUpdate' field.", - PROP_LNK + ";boolean;Generate link to the latest binary CRL. It requires '"+PROP_DER+"' to be enabled.", - PROP_EXT + ";string;Name extension used by link to the latest CRL. Default name extension is 'der'.", + PROP_DIR + + ";string;Directory in which to put the files (absolute path or relative path to cert-* instance directory).", + PROP_DER + + ";boolean;Store certificates or CRLs into *.der files.", + PROP_B64 + + ";boolean;Store certificates or CRLs into *.b64 files.", + PROP_GMT + + ";choice(LocalTime,GMT);Use local time or GMT to time stamp CRL file name with CRL's 'thisUpdate' field.", + PROP_LNK + + ";boolean;Generate link to the latest binary CRL. It requires '" + + PROP_DER + "' to be enabled.", + PROP_EXT + + ";string;Name extension used by link to the latest CRL. Default name extension is 'der'.", PROP_ZIP + ";boolean;Generate compressed CRLs.", - PROP_LEV + ";choice(0,1,2,3,4,5,6,7,8,9);Set compression level from 0 to 9.", - IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ldappublish-publisher-filepublisher", - IExtendedPluginInfo.HELP_TEXT + - ";Stores the certificates or CRLs into files. Certificate is named as cert-<serialno>.der or *.b64, and CRL is named as <IssuingPoint>-<thisUpdate-time>.der or *.b64." - }; + PROP_LEV + + ";choice(0,1,2,3,4,5,6,7,8,9);Set compression level from 0 to 9.", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ldappublish-publisher-filepublisher", + IExtendedPluginInfo.HELP_TEXT + + ";Stores the certificates or CRLs into files. Certificate is named as cert-<serialno>.der or *.b64, and CRL is named as <IssuingPoint>-<thisUpdate-time>.der or *.b64." }; return params; } @@ -139,14 +144,14 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { try { if (mTimeStamp == null || (!mTimeStamp.equals("GMT"))) mTimeStamp = "LocalTime"; - v.addElement(PROP_DIR+"=" + dir); - v.addElement(PROP_DER+"=" + mConfig.getBoolean(PROP_DER,true)); - v.addElement(PROP_B64+"=" + mConfig.getBoolean(PROP_B64,false)); - v.addElement(PROP_GMT+"=" + mTimeStamp); - v.addElement(PROP_LNK+"=" + mConfig.getBoolean(PROP_LNK,false)); - v.addElement(PROP_EXT+"=" + ext); - v.addElement(PROP_ZIP+"=" + mConfig.getBoolean(PROP_ZIP,false)); - v.addElement(PROP_LEV+"=" + mZipLevel); + v.addElement(PROP_DIR + "=" + dir); + v.addElement(PROP_DER + "=" + mConfig.getBoolean(PROP_DER, true)); + v.addElement(PROP_B64 + "=" + mConfig.getBoolean(PROP_B64, false)); + v.addElement(PROP_GMT + "=" + mTimeStamp); + v.addElement(PROP_LNK + "=" + mConfig.getBoolean(PROP_LNK, false)); + v.addElement(PROP_EXT + "=" + ext); + v.addElement(PROP_ZIP + "=" + mConfig.getBoolean(PROP_ZIP, false)); + v.addElement(PROP_LEV + "=" + mZipLevel); } catch (Exception e) { } return v; @@ -158,14 +163,14 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { public Vector<String> getDefaultParams() { Vector<String> v = new Vector<String>(); - v.addElement(PROP_DIR+"="); - v.addElement(PROP_DER+"=true"); - v.addElement(PROP_B64+"=false"); - v.addElement(PROP_GMT+"=LocalTime"); - v.addElement(PROP_LNK+"=false"); - v.addElement(PROP_EXT+"="); - v.addElement(PROP_ZIP+"=false"); - v.addElement(PROP_LEV+"=9"); + v.addElement(PROP_DIR + "="); + v.addElement(PROP_DER + "=true"); + v.addElement(PROP_B64 + "=false"); + v.addElement(PROP_GMT + "=LocalTime"); + v.addElement(PROP_LNK + "=false"); + v.addElement(PROP_EXT + "="); + v.addElement(PROP_ZIP + "=false"); + v.addElement(PROP_LEV + "=9"); return v; } @@ -193,7 +198,7 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { } // convert to forward slash - dir = dir.replace('\\', '/'); + dir = dir.replace('\\', '/'); config.putString(PROP_DIR, dir); File dirCheck = new File(dir); @@ -209,8 +214,7 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { } catch (Exception e) { throw new RuntimeException("Invalid Instance Dir " + e); } - dirCheck = new File(mInstanceRoot + - File.separator + dir); + dirCheck = new File(mInstanceRoot + File.separator + dir); if (dirCheck.isDirectory()) { mDir = mInstanceRoot + File.separator + dir; } else { @@ -224,18 +228,20 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { } private String[] getCrlNamePrefix(X509CRL crl, boolean useGMT) { - String[] namePrefix = {"crl", "crl"}; + String[] namePrefix = { "crl", "crl" }; if (mCrlIssuingPointId != null && mCrlIssuingPointId.length() != 0) { namePrefix[0] = mCrlIssuingPointId; namePrefix[1] = mCrlIssuingPointId; } - java.text.SimpleDateFormat format = new java.text.SimpleDateFormat("yyyyMMdd-HHmmss"); + java.text.SimpleDateFormat format = new java.text.SimpleDateFormat( + "yyyyMMdd-HHmmss"); TimeZone tz = TimeZone.getTimeZone("GMT"); - if (useGMT) format.setTimeZone(tz); + if (useGMT) + format.setTimeZone(tz); String timeStamp = format.format(crl.getThisUpdate()).toString(); namePrefix[0] += "-" + timeStamp; - if (((netscape.security.x509.X509CRLImpl)crl).isDeltaCRL()) { + if (((netscape.security.x509.X509CRLImpl) crl).isDeltaCRL()) { namePrefix[0] += "-delta"; namePrefix[1] += "-delta"; } @@ -243,65 +249,60 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { return namePrefix; } - private void createLink(String linkName, String fileName) { + private void createLink(String linkName, String fileName) { String cmd = "ln -s " + fileName + " " + linkName + ".new"; if (com.netscape.cmsutil.util.Utils.exec(cmd)) { File oldLink = new File(linkName + ".old"); - if (oldLink.exists()) { // remove old link if exists + if (oldLink.exists()) { // remove old link if exists oldLink.delete(); } File link = new File(linkName); - if (link.exists()) { // current link becomes an old link + if (link.exists()) { // current link becomes an old link link.renameTo(new File(linkName + ".old")); } File newLink = new File(linkName + ".new"); - if (newLink.exists()) { // new link becomes current link + if (newLink.exists()) { // new link becomes current link newLink.renameTo(new File(linkName)); } oldLink = new File(linkName + ".old"); - if (oldLink.exists()) { // remove a new old link + if (oldLink.exists()) { // remove a new old link oldLink.delete(); } } else { - CMS.debug("FileBasedPublisher: createLink: '" + cmd + "' --- failed"); + CMS.debug("FileBasedPublisher: createLink: '" + cmd + + "' --- failed"); } } /** * Publishs a object to the ldap directory. * - * @param conn a Ldap connection - * (null if LDAP publishing is not enabled) - * @param dn dn of the ldap entry to publish cert - * (null if LDAP publishing is not enabled) - * @param object object to publish - * (java.security.cert.X509Certificate or, - * java.security.cert.X509CRL) + * @param conn a Ldap connection (null if LDAP publishing is not enabled) + * @param dn dn of the ldap entry to publish cert (null if LDAP publishing + * is not enabled) + * @param object object to publish (java.security.cert.X509Certificate or, + * java.security.cert.X509CRL) */ public void publish(LDAPConnection conn, String dn, Object object) - throws ELdapException { + throws ELdapException { CMS.debug("FileBasedPublisher: publish"); try { if (object instanceof X509Certificate) { X509Certificate cert = (X509Certificate) object; BigInteger sno = cert.getSerialNumber(); - String name = mDir + - File.separator + "cert-" + - sno.toString(); - if (mDerAttr) - { + String name = mDir + File.separator + "cert-" + sno.toString(); + if (mDerAttr) { String fileName = name + ".der"; FileOutputStream fos = new FileOutputStream(fileName); fos.write(cert.getEncoded()); fos.close(); } - if (mB64Attr) - { + if (mB64Attr) { String fileName = name + ".b64"; FileOutputStream fos = new FileOutputStream(fileName); ByteArrayOutputStream output = new ByteArrayOutputStream(); - Base64OutputStream b64 = - new Base64OutputStream(new PrintStream(new FilterOutputStream(output))); + Base64OutputStream b64 = new Base64OutputStream( + new PrintStream(new FilterOutputStream(output))); b64.write(cert.getEncoded()); b64.flush(); (new PrintStream(fos)).print(output.toString("8859_1")); @@ -309,12 +310,13 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { } } else if (object instanceof X509CRL) { X509CRL crl = (X509CRL) object; - String[] namePrefix = getCrlNamePrefix(crl, mTimeStamp.equals("GMT")); + String[] namePrefix = getCrlNamePrefix(crl, + mTimeStamp.equals("GMT")); String baseName = mDir + File.separator + namePrefix[0]; String tempFile = baseName + ".temp"; FileOutputStream fos; ZipOutputStream zos; - byte [] encodedArray = null; + byte[] encodedArray = null; File destFile = null; String destName = null; File renameFile = null; @@ -325,16 +327,17 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { fos.write(encodedArray); fos.close(); if (mZipCRL) { - zos = new ZipOutputStream(new FileOutputStream(baseName+".zip")); + zos = new ZipOutputStream(new FileOutputStream(baseName + + ".zip")); zos.setLevel(mZipLevel); - zos.putNextEntry(new ZipEntry(baseName+".der")); + zos.putNextEntry(new ZipEntry(baseName + ".der")); zos.write(encodedArray, 0, encodedArray.length); zos.closeEntry(); zos.close(); } destName = baseName + ".der"; destFile = new File(destName); - + if (destFile.exists()) destFile.delete(); renameFile = new File(tempFile); @@ -347,59 +350,71 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { } else { linkExt += "der"; } - String linkName = mDir + File.separator + namePrefix[1] + linkExt; - createLink(linkName, destName); + String linkName = mDir + File.separator + namePrefix[1] + + linkExt; + createLink(linkName, destName); if (mZipCRL) { - linkName = mDir + File.separator + namePrefix[1] + ".zip"; - createLink(linkName, baseName+".zip"); + linkName = mDir + File.separator + namePrefix[1] + + ".zip"; + createLink(linkName, baseName + ".zip"); } } } - + // output base64 file - if(mB64Attr==true) - { - if (encodedArray ==null) - encodedArray = crl.getEncoded(); - - ByteArrayOutputStream os = new ByteArrayOutputStream(); - - fos = new FileOutputStream(tempFile); - fos.write(com.netscape.osutil.OSUtil.BtoA(encodedArray).getBytes()); - fos.close(); - destName = baseName + ".b64"; - destFile = new File(destName); - - if(destFile.exists()) - destFile.delete(); - renameFile = new File(tempFile); - renameFile.renameTo(destFile); - } + if (mB64Attr == true) { + if (encodedArray == null) + encodedArray = crl.getEncoded(); + + ByteArrayOutputStream os = new ByteArrayOutputStream(); + + fos = new FileOutputStream(tempFile); + fos.write(com.netscape.osutil.OSUtil.BtoA(encodedArray) + .getBytes()); + fos.close(); + destName = baseName + ".b64"; + destFile = new File(destName); + + if (destFile.exists()) + destFile.delete(); + renameFile = new File(tempFile); + renameFile.renameTo(destFile); + } } } catch (IOException e) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString())); + mLogger.log( + ILogger.EV_SYSTEM, + ILogger.S_OTHER, + ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", + e.toString())); } catch (CertificateEncodingException e) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString())); + mLogger.log( + ILogger.EV_SYSTEM, + ILogger.S_OTHER, + ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", + e.toString())); } catch (CRLException e) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString())); + mLogger.log( + ILogger.EV_SYSTEM, + ILogger.S_OTHER, + ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", + e.toString())); } } /** * Unpublishs a object to the ldap directory. - * - * @param conn the Ldap connection - * (null if LDAP publishing is not enabled) - * @param dn dn of the ldap entry to unpublish cert - * (null if LDAP publishing is not enabled) - * @param object object to unpublish - * (java.security.cert.X509Certificate) + * + * @param conn the Ldap connection (null if LDAP publishing is not enabled) + * @param dn dn of the ldap entry to unpublish cert (null if LDAP publishing + * is not enabled) + * @param object object to unpublish (java.security.cert.X509Certificate) */ public void unpublish(LDAPConnection conn, String dn, Object object) - throws ELdapException { + throws ELdapException { CMS.debug("FileBasedPublisher: unpublish"); String name = mDir + File.separator; String fileName; @@ -410,7 +425,8 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { name += "cert-" + sno.toString(); } else if (object instanceof X509CRL) { X509CRL crl = (X509CRL) object; - String[] namePrefix = getCrlNamePrefix(crl, mTimeStamp.equals("GMT")); + String[] namePrefix = getCrlNamePrefix(crl, + mTimeStamp.equals("GMT")); name += namePrefix[0]; fileName = name + ".zip"; @@ -425,13 +441,15 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { f = new File(fileName); f.delete(); } - /** + + /** * returns the Der attribute where it'll be published. */ public boolean getDerAttr() { return mDerAttr; } - /** + + /** * returns the B64 attribute where it'll be published. */ public boolean getB64Attr() { |