summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java167
1 files changed, 76 insertions, 91 deletions
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java
index d61f5bf6..e4a7e0b7 100644
--- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java
+++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.publish.publishers;
+
import java.util.Locale;
import java.util.Vector;
@@ -38,14 +39,15 @@ import com.netscape.certsrv.ldap.ELdapServerDownException;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.publish.ILdapPublisher;
-/**
- * module for publishing a cross certificate pair to ldap crossCertificatePair
- * attribute
- *
+
+/**
+ * module for publishing a cross certificate pair to ldap
+ * crossCertificatePair attribute
+ *
* @version $Revision$, $Date$
*/
-public class LdapCertificatePairPublisher implements ILdapPublisher,
- IExtendedPluginInfo {
+public class LdapCertificatePairPublisher
+ implements ILdapPublisher, IExtendedPluginInfo {
public static final String LDAP_CROSS_CERT_PAIR_ATTR = "crossCertificatePair;binary";
public static final String LDAP_CA_OBJECTCLASS = "pkiCA";
public static final String LDAP_ARL_ATTR = "authorityRevocationList;binary";
@@ -70,14 +72,15 @@ public class LdapCertificatePairPublisher implements ILdapPublisher,
public String[] getExtendedPluginInfo(Locale locale) {
String s[] = {
"crossCertPairAttr;string;Name of Ldap attribute in which to store cross certificates",
- "caObjectClass;string;The name of the objectclasses which should be "
- + "added to this entry, if they do not already exist. This can be "
- + "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)",
- IExtendedPluginInfo.HELP_TOKEN
- + ";configuration-ldappublish-publisher-crosscertpairpublisher",
- IExtendedPluginInfo.HELP_TEXT
- + ";This plugin knows how to publish the CA cert to "
- + "'certificateAuthority' and 'pkiCA' -type entries" };
+ "caObjectClass;string;The name of the objectclasses which should be " +
+ "added to this entry, if they do not already exist. This can be " +
+ "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)",
+ IExtendedPluginInfo.HELP_TOKEN +
+ ";configuration-ldappublish-publisher-crosscertpairpublisher",
+ IExtendedPluginInfo.HELP_TEXT +
+ ";This plugin knows how to publish the CA cert to " +
+ "'certificateAuthority' and 'pkiCA' -type entries"
+ };
return s;
}
@@ -114,14 +117,14 @@ public class LdapCertificatePairPublisher implements ILdapPublisher,
return mConfig;
}
- public void init(IConfigStore config) throws EBaseException {
- if (mInited)
+ public void init(IConfigStore config)
+ throws EBaseException {
+ if (mInited)
return;
mConfig = config;
- mCrossCertPairAttr = mConfig.getString("crossCertPairAttr",
- LDAP_CROSS_CERT_PAIR_ATTR);
- mCaObjectclass = mConfig
- .getString("caObjectClass", LDAP_CA_OBJECTCLASS);
+ mCrossCertPairAttr = mConfig.getString("crossCertPairAttr", LDAP_CROSS_CERT_PAIR_ATTR);
+ mCaObjectclass = mConfig.getString("caObjectClass",
+ LDAP_CA_OBJECTCLASS);
mObjAdded = mConfig.getString("caObjectClassAdded", "");
mObjDeleted = mConfig.getString("caObjectClassDeleted", "");
@@ -129,8 +132,7 @@ public class LdapCertificatePairPublisher implements ILdapPublisher,
}
// don't think anyone would ever use this but just in case.
- public LdapCertificatePairPublisher(String crossCertPairAttr,
- String caObjectclass) {
+ public LdapCertificatePairPublisher(String crossCertPairAttr, String caObjectclass) {
mCrossCertPairAttr = crossCertPairAttr;
mCaObjectclass = caObjectclass;
mInited = true;
@@ -151,126 +153,116 @@ public class LdapCertificatePairPublisher implements ILdapPublisher,
}
/**
- * publish a certificatePair -should not be called from listeners.
- *
+ * publish a certificatePair
+ * -should not be called from listeners.
* @param conn the LDAP connection
* @param dn dn of the entry to publish the XcertificatePair
- * @param pair the Xcertificate bytes object.
+ * @param pair the Xcertificate bytes object.
*/
public synchronized void publish(LDAPConnection conn, String dn, Object pair)
- throws ELdapException {
+ throws ELdapException {
publish(conn, dn, (byte[]) pair);
}
/**
- * publish a certificatePair -should not be called from listeners.
- *
+ * publish a certificatePair
+ * -should not be called from listeners.
* @param conn the LDAP connection
* @param dn dn of the entry to publish the XcertificatePair
* @param pair the cross cert bytes
*/
- public synchronized void publish(LDAPConnection conn, String dn, byte[] pair)
- throws ELdapException {
+ public synchronized void publish(LDAPConnection conn, String dn,
+ byte[] pair)
+ throws ELdapException {
if (conn == null) {
- log(ILogger.LL_INFO,
- "LdapCertificatePairPublisher: no LDAP connection");
+ log(ILogger.LL_INFO, "LdapCertificatePairPublisher: no LDAP connection");
return;
}
try {
- mCrossCertPairAttr = mConfig.getString("crossCertPairAttr",
- LDAP_CROSS_CERT_PAIR_ATTR);
- mCaObjectclass = mConfig.getString("caObjectClass",
- LDAP_CA_OBJECTCLASS);
+ mCrossCertPairAttr = mConfig.getString("crossCertPairAttr", LDAP_CROSS_CERT_PAIR_ATTR);
+ mCaObjectclass = mConfig.getString("caObjectClass", LDAP_CA_OBJECTCLASS);
} catch (EBaseException e) {
}
try {
// search for attributes to determine if they exist
- LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
- "(objectclass=*)", new String[] { LDAP_CACERT_ATTR,
- LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true);
+ LDAPSearchResults res =
+ conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
+ new String[] { LDAP_CACERT_ATTR, LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true);
LDAPEntry entry = res.next();
LDAPAttribute certs = entry.getAttribute(LDAP_CACERT_ATTR);
LDAPAttribute arls = entry.getAttribute(LDAP_ARL_ATTR);
LDAPAttribute crls = entry.getAttribute(LDAP_CRL_ATTR);
// search for objectclass and crosscertpair attributes and values
- LDAPSearchResults res1 = conn.search(dn, LDAPv2.SCOPE_BASE,
- "(objectclass=*)", new String[] { "objectclass",
- mCrossCertPairAttr }, false);
+ LDAPSearchResults res1 =
+ conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
+ new String[] { "objectclass", mCrossCertPairAttr }, false);
LDAPEntry entry1 = res1.next();
LDAPAttribute ocs = entry1.getAttribute("objectclass");
- LDAPAttribute certPairs = entry1
- .getAttribute("crosscertificatepair;binary");
+ LDAPAttribute certPairs = entry1.getAttribute("crosscertificatepair;binary");
LDAPModificationSet modSet = new LDAPModificationSet();
- boolean hasCert = LdapUserCertPublisher.ByteValueExists(certPairs,
- pair);
- if (LdapUserCertPublisher.ByteValueExists(certPairs, pair)) {
+ boolean hasCert = LdapUserCertPublisher.ByteValueExists(certPairs, pair);
+ if (LdapUserCertPublisher.ByteValueExists(certPairs, pair)) {
CMS.debug("LdapCertificatePairPublisher: cross cert pair bytes exist in publishing directory, do not publish again.");
return;
}
if (hasCert) {
- log(ILogger.LL_INFO, "publish: CA " + dn
- + " already has cross cert pair bytes");
+ log(ILogger.LL_INFO, "publish: CA " + dn + " already has cross cert pair bytes");
} else {
- modSet.add(LDAPModification.ADD, new LDAPAttribute(
- mCrossCertPairAttr, pair));
+ modSet.add(LDAPModification.ADD,
+ new LDAPAttribute(mCrossCertPairAttr, pair));
log(ILogger.LL_INFO, "cross cert pair published with dn=" + dn);
}
String[] oclist = mCaObjectclass.split(",");
boolean attrsAdded = false;
- for (int i = 0; i < oclist.length; i++) {
+ for (int i=0; i < oclist.length; i++) {
String oc = oclist[i].trim();
- boolean hasoc = LdapUserCertPublisher
- .StringValueExists(ocs, oc);
+ boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, oc);
if (!hasoc) {
- log(ILogger.LL_INFO, "adding CA objectclass " + oc + " to "
- + dn);
- modSet.add(LDAPModification.ADD, new LDAPAttribute(
- "objectclass", oc));
+ log(ILogger.LL_INFO, "adding CA objectclass " + oc + " to " + dn);
+ modSet.add(LDAPModification.ADD,
+ new LDAPAttribute("objectclass", oc));
- if ((!attrsAdded)
- && oc.equalsIgnoreCase("certificationAuthority")) {
+ if ((!attrsAdded) && oc.equalsIgnoreCase("certificationAuthority")) {
// add MUST attributes
- if (arls == null)
- modSet.add(LDAPModification.ADD, new LDAPAttribute(
- LDAP_ARL_ATTR, ""));
+ if (arls == null)
+ modSet.add(LDAPModification.ADD,
+ new LDAPAttribute(LDAP_ARL_ATTR, ""));
if (crls == null)
- modSet.add(LDAPModification.ADD, new LDAPAttribute(
- LDAP_CRL_ATTR, ""));
+ modSet.add(LDAPModification.ADD,
+ new LDAPAttribute(LDAP_CRL_ATTR, ""));
if (certs == null)
- modSet.add(LDAPModification.ADD, new LDAPAttribute(
- LDAP_CACERT_ATTR, ""));
+ modSet.add(LDAPModification.ADD,
+ new LDAPAttribute(LDAP_CACERT_ATTR, ""));
attrsAdded = true;
}
}
- }
+ }
// delete objectclasses that have been deleted from config
String[] delList = mObjDeleted.split(",");
if (delList.length > 0) {
- for (int i = 0; i < delList.length; i++) {
+ for (int i=0; i< delList.length; i++) {
String deloc = delList[i].trim();
- boolean hasoc = LdapUserCertPublisher.StringValueExists(
- ocs, deloc);
+ boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, deloc);
boolean match = false;
- for (int j = 0; j < oclist.length; j++) {
+ for (int j=0; j< oclist.length; j++) {
if ((oclist[j].trim()).equals(deloc)) {
match = true;
break;
}
}
if (!match && hasoc) {
- log(ILogger.LL_INFO, "deleting CRL objectclass "
- + deloc + " from " + dn);
- modSet.add(LDAPModification.DELETE, new LDAPAttribute(
- "objectclass", deloc));
+ log(ILogger.LL_INFO, "deleting CRL objectclass " + deloc + " from " + dn);
+ modSet.add(LDAPModification.DELETE,
+ new LDAPAttribute("objectclass", deloc));
}
}
}
@@ -284,29 +276,22 @@ public class LdapCertificatePairPublisher implements ILdapPublisher,
try {
mConfig.commit(false);
} catch (Exception e) {
- log(ILogger.LL_INFO,
- "Failure in updating mObjAdded and mObjDeleted");
+ log(ILogger.LL_INFO, "Failure in updating mObjAdded and mObjDeleted");
}
}
- if (modSet.size() > 0)
- conn.modify(dn, modSet);
+ if (modSet.size() > 0) conn.modify(dn, modSet);
CMS.debug("LdapCertificatePairPublisher: in publish() just published");
} catch (LDAPException e) {
if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
// need to intercept this because message from LDAP is
// "DSA is unavailable" which confuses with DSA PKI.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
- throw new ELdapServerDownException(CMS.getUserMessage(
- "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
- + conn.getPort()));
+ CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+ throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "",
- e.toString()));
- throw new ELdapException("error publishing cross cert pair:"
- + e.toString());
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString()));
+ throw new ELdapException("error publishing cross cert pair:" + e.toString());
}
}
return;
@@ -316,7 +301,7 @@ public class LdapCertificatePairPublisher implements ILdapPublisher,
* unsupported
*/
public void unpublish(LDAPConnection conn, String dn, Object certObj)
- throws ELdapException {
+ throws ELdapException {
CMS.debug("LdapCertificatePairPublisher: unpublish() is unsupported in this revision");
}
@@ -325,7 +310,7 @@ public class LdapCertificatePairPublisher implements ILdapPublisher,
*/
private void log(int level, String msg) {
mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
- "LdapCertificatePairPublisher: " + msg);
+ "LdapCertificatePairPublisher: " + msg);
}
}
generated by cgit (git 2.34.1) at 2024-06-27 02:18:02 +0000