diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java | 167 |
1 files changed, 76 insertions, 91 deletions
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java index d61f5bf6..e4a7e0b7 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; + import java.util.Locale; import java.util.Vector; @@ -38,14 +39,15 @@ import com.netscape.certsrv.ldap.ELdapServerDownException; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPublisher; -/** - * module for publishing a cross certificate pair to ldap crossCertificatePair - * attribute - * + +/** + * module for publishing a cross certificate pair to ldap + * crossCertificatePair attribute + * * @version $Revision$, $Date$ */ -public class LdapCertificatePairPublisher implements ILdapPublisher, - IExtendedPluginInfo { +public class LdapCertificatePairPublisher + implements ILdapPublisher, IExtendedPluginInfo { public static final String LDAP_CROSS_CERT_PAIR_ATTR = "crossCertificatePair;binary"; public static final String LDAP_CA_OBJECTCLASS = "pkiCA"; public static final String LDAP_ARL_ATTR = "authorityRevocationList;binary"; @@ -70,14 +72,15 @@ public class LdapCertificatePairPublisher implements ILdapPublisher, public String[] getExtendedPluginInfo(Locale locale) { String s[] = { "crossCertPairAttr;string;Name of Ldap attribute in which to store cross certificates", - "caObjectClass;string;The name of the objectclasses which should be " - + "added to this entry, if they do not already exist. This can be " - + "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)", - IExtendedPluginInfo.HELP_TOKEN - + ";configuration-ldappublish-publisher-crosscertpairpublisher", - IExtendedPluginInfo.HELP_TEXT - + ";This plugin knows how to publish the CA cert to " - + "'certificateAuthority' and 'pkiCA' -type entries" }; + "caObjectClass;string;The name of the objectclasses which should be " + + "added to this entry, if they do not already exist. This can be " + + "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ldappublish-publisher-crosscertpairpublisher", + IExtendedPluginInfo.HELP_TEXT + + ";This plugin knows how to publish the CA cert to " + + "'certificateAuthority' and 'pkiCA' -type entries" + }; return s; } @@ -114,14 +117,14 @@ public class LdapCertificatePairPublisher implements ILdapPublisher, return mConfig; } - public void init(IConfigStore config) throws EBaseException { - if (mInited) + public void init(IConfigStore config) + throws EBaseException { + if (mInited) return; mConfig = config; - mCrossCertPairAttr = mConfig.getString("crossCertPairAttr", - LDAP_CROSS_CERT_PAIR_ATTR); - mCaObjectclass = mConfig - .getString("caObjectClass", LDAP_CA_OBJECTCLASS); + mCrossCertPairAttr = mConfig.getString("crossCertPairAttr", LDAP_CROSS_CERT_PAIR_ATTR); + mCaObjectclass = mConfig.getString("caObjectClass", + LDAP_CA_OBJECTCLASS); mObjAdded = mConfig.getString("caObjectClassAdded", ""); mObjDeleted = mConfig.getString("caObjectClassDeleted", ""); @@ -129,8 +132,7 @@ public class LdapCertificatePairPublisher implements ILdapPublisher, } // don't think anyone would ever use this but just in case. - public LdapCertificatePairPublisher(String crossCertPairAttr, - String caObjectclass) { + public LdapCertificatePairPublisher(String crossCertPairAttr, String caObjectclass) { mCrossCertPairAttr = crossCertPairAttr; mCaObjectclass = caObjectclass; mInited = true; @@ -151,126 +153,116 @@ public class LdapCertificatePairPublisher implements ILdapPublisher, } /** - * publish a certificatePair -should not be called from listeners. - * + * publish a certificatePair + * -should not be called from listeners. * @param conn the LDAP connection * @param dn dn of the entry to publish the XcertificatePair - * @param pair the Xcertificate bytes object. + * @param pair the Xcertificate bytes object. */ public synchronized void publish(LDAPConnection conn, String dn, Object pair) - throws ELdapException { + throws ELdapException { publish(conn, dn, (byte[]) pair); } /** - * publish a certificatePair -should not be called from listeners. - * + * publish a certificatePair + * -should not be called from listeners. * @param conn the LDAP connection * @param dn dn of the entry to publish the XcertificatePair * @param pair the cross cert bytes */ - public synchronized void publish(LDAPConnection conn, String dn, byte[] pair) - throws ELdapException { + public synchronized void publish(LDAPConnection conn, String dn, + byte[] pair) + throws ELdapException { if (conn == null) { - log(ILogger.LL_INFO, - "LdapCertificatePairPublisher: no LDAP connection"); + log(ILogger.LL_INFO, "LdapCertificatePairPublisher: no LDAP connection"); return; } try { - mCrossCertPairAttr = mConfig.getString("crossCertPairAttr", - LDAP_CROSS_CERT_PAIR_ATTR); - mCaObjectclass = mConfig.getString("caObjectClass", - LDAP_CA_OBJECTCLASS); + mCrossCertPairAttr = mConfig.getString("crossCertPairAttr", LDAP_CROSS_CERT_PAIR_ATTR); + mCaObjectclass = mConfig.getString("caObjectClass", LDAP_CA_OBJECTCLASS); } catch (EBaseException e) { } try { // search for attributes to determine if they exist - LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, - "(objectclass=*)", new String[] { LDAP_CACERT_ATTR, - LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true); + LDAPSearchResults res = + conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", + new String[] { LDAP_CACERT_ATTR, LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true); LDAPEntry entry = res.next(); LDAPAttribute certs = entry.getAttribute(LDAP_CACERT_ATTR); LDAPAttribute arls = entry.getAttribute(LDAP_ARL_ATTR); LDAPAttribute crls = entry.getAttribute(LDAP_CRL_ATTR); // search for objectclass and crosscertpair attributes and values - LDAPSearchResults res1 = conn.search(dn, LDAPv2.SCOPE_BASE, - "(objectclass=*)", new String[] { "objectclass", - mCrossCertPairAttr }, false); + LDAPSearchResults res1 = + conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", + new String[] { "objectclass", mCrossCertPairAttr }, false); LDAPEntry entry1 = res1.next(); LDAPAttribute ocs = entry1.getAttribute("objectclass"); - LDAPAttribute certPairs = entry1 - .getAttribute("crosscertificatepair;binary"); + LDAPAttribute certPairs = entry1.getAttribute("crosscertificatepair;binary"); LDAPModificationSet modSet = new LDAPModificationSet(); - boolean hasCert = LdapUserCertPublisher.ByteValueExists(certPairs, - pair); - if (LdapUserCertPublisher.ByteValueExists(certPairs, pair)) { + boolean hasCert = LdapUserCertPublisher.ByteValueExists(certPairs, pair); + if (LdapUserCertPublisher.ByteValueExists(certPairs, pair)) { CMS.debug("LdapCertificatePairPublisher: cross cert pair bytes exist in publishing directory, do not publish again."); return; } if (hasCert) { - log(ILogger.LL_INFO, "publish: CA " + dn - + " already has cross cert pair bytes"); + log(ILogger.LL_INFO, "publish: CA " + dn + " already has cross cert pair bytes"); } else { - modSet.add(LDAPModification.ADD, new LDAPAttribute( - mCrossCertPairAttr, pair)); + modSet.add(LDAPModification.ADD, + new LDAPAttribute(mCrossCertPairAttr, pair)); log(ILogger.LL_INFO, "cross cert pair published with dn=" + dn); } String[] oclist = mCaObjectclass.split(","); boolean attrsAdded = false; - for (int i = 0; i < oclist.length; i++) { + for (int i=0; i < oclist.length; i++) { String oc = oclist[i].trim(); - boolean hasoc = LdapUserCertPublisher - .StringValueExists(ocs, oc); + boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, oc); if (!hasoc) { - log(ILogger.LL_INFO, "adding CA objectclass " + oc + " to " - + dn); - modSet.add(LDAPModification.ADD, new LDAPAttribute( - "objectclass", oc)); + log(ILogger.LL_INFO, "adding CA objectclass " + oc + " to " + dn); + modSet.add(LDAPModification.ADD, + new LDAPAttribute("objectclass", oc)); - if ((!attrsAdded) - && oc.equalsIgnoreCase("certificationAuthority")) { + if ((!attrsAdded) && oc.equalsIgnoreCase("certificationAuthority")) { // add MUST attributes - if (arls == null) - modSet.add(LDAPModification.ADD, new LDAPAttribute( - LDAP_ARL_ATTR, "")); + if (arls == null) + modSet.add(LDAPModification.ADD, + new LDAPAttribute(LDAP_ARL_ATTR, "")); if (crls == null) - modSet.add(LDAPModification.ADD, new LDAPAttribute( - LDAP_CRL_ATTR, "")); + modSet.add(LDAPModification.ADD, + new LDAPAttribute(LDAP_CRL_ATTR, "")); if (certs == null) - modSet.add(LDAPModification.ADD, new LDAPAttribute( - LDAP_CACERT_ATTR, "")); + modSet.add(LDAPModification.ADD, + new LDAPAttribute(LDAP_CACERT_ATTR, "")); attrsAdded = true; } } - } + } // delete objectclasses that have been deleted from config String[] delList = mObjDeleted.split(","); if (delList.length > 0) { - for (int i = 0; i < delList.length; i++) { + for (int i=0; i< delList.length; i++) { String deloc = delList[i].trim(); - boolean hasoc = LdapUserCertPublisher.StringValueExists( - ocs, deloc); + boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, deloc); boolean match = false; - for (int j = 0; j < oclist.length; j++) { + for (int j=0; j< oclist.length; j++) { if ((oclist[j].trim()).equals(deloc)) { match = true; break; } } if (!match && hasoc) { - log(ILogger.LL_INFO, "deleting CRL objectclass " - + deloc + " from " + dn); - modSet.add(LDAPModification.DELETE, new LDAPAttribute( - "objectclass", deloc)); + log(ILogger.LL_INFO, "deleting CRL objectclass " + deloc + " from " + dn); + modSet.add(LDAPModification.DELETE, + new LDAPAttribute("objectclass", deloc)); } } } @@ -284,29 +276,22 @@ public class LdapCertificatePairPublisher implements ILdapPublisher, try { mConfig.commit(false); } catch (Exception e) { - log(ILogger.LL_INFO, - "Failure in updating mObjAdded and mObjDeleted"); + log(ILogger.LL_INFO, "Failure in updating mObjAdded and mObjDeleted"); } } - if (modSet.size() > 0) - conn.modify(dn, modSet); + if (modSet.size() > 0) conn.modify(dn, modSet); CMS.debug("LdapCertificatePairPublisher: in publish() just published"); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage( - "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" - + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", - e.toString())); - throw new ELdapException("error publishing cross cert pair:" - + e.toString()); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString())); + throw new ELdapException("error publishing cross cert pair:" + e.toString()); } } return; @@ -316,7 +301,7 @@ public class LdapCertificatePairPublisher implements ILdapPublisher, * unsupported */ public void unpublish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { CMS.debug("LdapCertificatePairPublisher: unpublish() is unsupported in this revision"); } @@ -325,7 +310,7 @@ public class LdapCertificatePairPublisher implements ILdapPublisher, */ private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCertificatePairPublisher: " + msg); + "LdapCertificatePairPublisher: " + msg); } } |