summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java167
1 files changed, 91 insertions, 76 deletions
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java
index e4a7e0b7..d61f5bf6 100644
--- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java
+++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.publish.publishers;
-
import java.util.Locale;
import java.util.Vector;
@@ -39,15 +38,14 @@ import com.netscape.certsrv.ldap.ELdapServerDownException;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.publish.ILdapPublisher;
-
-/**
- * module for publishing a cross certificate pair to ldap
- * crossCertificatePair attribute
- *
+/**
+ * module for publishing a cross certificate pair to ldap crossCertificatePair
+ * attribute
+ *
* @version $Revision$, $Date$
*/
-public class LdapCertificatePairPublisher
- implements ILdapPublisher, IExtendedPluginInfo {
+public class LdapCertificatePairPublisher implements ILdapPublisher,
+ IExtendedPluginInfo {
public static final String LDAP_CROSS_CERT_PAIR_ATTR = "crossCertificatePair;binary";
public static final String LDAP_CA_OBJECTCLASS = "pkiCA";
public static final String LDAP_ARL_ATTR = "authorityRevocationList;binary";
@@ -72,15 +70,14 @@ public class LdapCertificatePairPublisher
public String[] getExtendedPluginInfo(Locale locale) {
String s[] = {
"crossCertPairAttr;string;Name of Ldap attribute in which to store cross certificates",
- "caObjectClass;string;The name of the objectclasses which should be " +
- "added to this entry, if they do not already exist. This can be " +
- "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-ldappublish-publisher-crosscertpairpublisher",
- IExtendedPluginInfo.HELP_TEXT +
- ";This plugin knows how to publish the CA cert to " +
- "'certificateAuthority' and 'pkiCA' -type entries"
- };
+ "caObjectClass;string;The name of the objectclasses which should be "
+ + "added to this entry, if they do not already exist. This can be "
+ + "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ldappublish-publisher-crosscertpairpublisher",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";This plugin knows how to publish the CA cert to "
+ + "'certificateAuthority' and 'pkiCA' -type entries" };
return s;
}
@@ -117,14 +114,14 @@ public class LdapCertificatePairPublisher
return mConfig;
}
- public void init(IConfigStore config)
- throws EBaseException {
- if (mInited)
+ public void init(IConfigStore config) throws EBaseException {
+ if (mInited)
return;
mConfig = config;
- mCrossCertPairAttr = mConfig.getString("crossCertPairAttr", LDAP_CROSS_CERT_PAIR_ATTR);
- mCaObjectclass = mConfig.getString("caObjectClass",
- LDAP_CA_OBJECTCLASS);
+ mCrossCertPairAttr = mConfig.getString("crossCertPairAttr",
+ LDAP_CROSS_CERT_PAIR_ATTR);
+ mCaObjectclass = mConfig
+ .getString("caObjectClass", LDAP_CA_OBJECTCLASS);
mObjAdded = mConfig.getString("caObjectClassAdded", "");
mObjDeleted = mConfig.getString("caObjectClassDeleted", "");
@@ -132,7 +129,8 @@ public class LdapCertificatePairPublisher
}
// don't think anyone would ever use this but just in case.
- public LdapCertificatePairPublisher(String crossCertPairAttr, String caObjectclass) {
+ public LdapCertificatePairPublisher(String crossCertPairAttr,
+ String caObjectclass) {
mCrossCertPairAttr = crossCertPairAttr;
mCaObjectclass = caObjectclass;
mInited = true;
@@ -153,116 +151,126 @@ public class LdapCertificatePairPublisher
}
/**
- * publish a certificatePair
- * -should not be called from listeners.
+ * publish a certificatePair -should not be called from listeners.
+ *
* @param conn the LDAP connection
* @param dn dn of the entry to publish the XcertificatePair
- * @param pair the Xcertificate bytes object.
+ * @param pair the Xcertificate bytes object.
*/
public synchronized void publish(LDAPConnection conn, String dn, Object pair)
- throws ELdapException {
+ throws ELdapException {
publish(conn, dn, (byte[]) pair);
}
/**
- * publish a certificatePair
- * -should not be called from listeners.
+ * publish a certificatePair -should not be called from listeners.
+ *
* @param conn the LDAP connection
* @param dn dn of the entry to publish the XcertificatePair
* @param pair the cross cert bytes
*/
- public synchronized void publish(LDAPConnection conn, String dn,
- byte[] pair)
- throws ELdapException {
+ public synchronized void publish(LDAPConnection conn, String dn, byte[] pair)
+ throws ELdapException {
if (conn == null) {
- log(ILogger.LL_INFO, "LdapCertificatePairPublisher: no LDAP connection");
+ log(ILogger.LL_INFO,
+ "LdapCertificatePairPublisher: no LDAP connection");
return;
}
try {
- mCrossCertPairAttr = mConfig.getString("crossCertPairAttr", LDAP_CROSS_CERT_PAIR_ATTR);
- mCaObjectclass = mConfig.getString("caObjectClass", LDAP_CA_OBJECTCLASS);
+ mCrossCertPairAttr = mConfig.getString("crossCertPairAttr",
+ LDAP_CROSS_CERT_PAIR_ATTR);
+ mCaObjectclass = mConfig.getString("caObjectClass",
+ LDAP_CA_OBJECTCLASS);
} catch (EBaseException e) {
}
try {
// search for attributes to determine if they exist
- LDAPSearchResults res =
- conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
- new String[] { LDAP_CACERT_ATTR, LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true);
+ LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
+ "(objectclass=*)", new String[] { LDAP_CACERT_ATTR,
+ LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true);
LDAPEntry entry = res.next();
LDAPAttribute certs = entry.getAttribute(LDAP_CACERT_ATTR);
LDAPAttribute arls = entry.getAttribute(LDAP_ARL_ATTR);
LDAPAttribute crls = entry.getAttribute(LDAP_CRL_ATTR);
// search for objectclass and crosscertpair attributes and values
- LDAPSearchResults res1 =
- conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
- new String[] { "objectclass", mCrossCertPairAttr }, false);
+ LDAPSearchResults res1 = conn.search(dn, LDAPv2.SCOPE_BASE,
+ "(objectclass=*)", new String[] { "objectclass",
+ mCrossCertPairAttr }, false);
LDAPEntry entry1 = res1.next();
LDAPAttribute ocs = entry1.getAttribute("objectclass");
- LDAPAttribute certPairs = entry1.getAttribute("crosscertificatepair;binary");
+ LDAPAttribute certPairs = entry1
+ .getAttribute("crosscertificatepair;binary");
LDAPModificationSet modSet = new LDAPModificationSet();
- boolean hasCert = LdapUserCertPublisher.ByteValueExists(certPairs, pair);
- if (LdapUserCertPublisher.ByteValueExists(certPairs, pair)) {
+ boolean hasCert = LdapUserCertPublisher.ByteValueExists(certPairs,
+ pair);
+ if (LdapUserCertPublisher.ByteValueExists(certPairs, pair)) {
CMS.debug("LdapCertificatePairPublisher: cross cert pair bytes exist in publishing directory, do not publish again.");
return;
}
if (hasCert) {
- log(ILogger.LL_INFO, "publish: CA " + dn + " already has cross cert pair bytes");
+ log(ILogger.LL_INFO, "publish: CA " + dn
+ + " already has cross cert pair bytes");
} else {
- modSet.add(LDAPModification.ADD,
- new LDAPAttribute(mCrossCertPairAttr, pair));
+ modSet.add(LDAPModification.ADD, new LDAPAttribute(
+ mCrossCertPairAttr, pair));
log(ILogger.LL_INFO, "cross cert pair published with dn=" + dn);
}
String[] oclist = mCaObjectclass.split(",");
boolean attrsAdded = false;
- for (int i=0; i < oclist.length; i++) {
+ for (int i = 0; i < oclist.length; i++) {
String oc = oclist[i].trim();
- boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, oc);
+ boolean hasoc = LdapUserCertPublisher
+ .StringValueExists(ocs, oc);
if (!hasoc) {
- log(ILogger.LL_INFO, "adding CA objectclass " + oc + " to " + dn);
- modSet.add(LDAPModification.ADD,
- new LDAPAttribute("objectclass", oc));
+ log(ILogger.LL_INFO, "adding CA objectclass " + oc + " to "
+ + dn);
+ modSet.add(LDAPModification.ADD, new LDAPAttribute(
+ "objectclass", oc));
- if ((!attrsAdded) && oc.equalsIgnoreCase("certificationAuthority")) {
+ if ((!attrsAdded)
+ && oc.equalsIgnoreCase("certificationAuthority")) {
// add MUST attributes
- if (arls == null)
- modSet.add(LDAPModification.ADD,
- new LDAPAttribute(LDAP_ARL_ATTR, ""));
+ if (arls == null)
+ modSet.add(LDAPModification.ADD, new LDAPAttribute(
+ LDAP_ARL_ATTR, ""));
if (crls == null)
- modSet.add(LDAPModification.ADD,
- new LDAPAttribute(LDAP_CRL_ATTR, ""));
+ modSet.add(LDAPModification.ADD, new LDAPAttribute(
+ LDAP_CRL_ATTR, ""));
if (certs == null)
- modSet.add(LDAPModification.ADD,
- new LDAPAttribute(LDAP_CACERT_ATTR, ""));
+ modSet.add(LDAPModification.ADD, new LDAPAttribute(
+ LDAP_CACERT_ATTR, ""));
attrsAdded = true;
}
}
- }
+ }
// delete objectclasses that have been deleted from config
String[] delList = mObjDeleted.split(",");
if (delList.length > 0) {
- for (int i=0; i< delList.length; i++) {
+ for (int i = 0; i < delList.length; i++) {
String deloc = delList[i].trim();
- boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, deloc);
+ boolean hasoc = LdapUserCertPublisher.StringValueExists(
+ ocs, deloc);
boolean match = false;
- for (int j=0; j< oclist.length; j++) {
+ for (int j = 0; j < oclist.length; j++) {
if ((oclist[j].trim()).equals(deloc)) {
match = true;
break;
}
}
if (!match && hasoc) {
- log(ILogger.LL_INFO, "deleting CRL objectclass " + deloc + " from " + dn);
- modSet.add(LDAPModification.DELETE,
- new LDAPAttribute("objectclass", deloc));
+ log(ILogger.LL_INFO, "deleting CRL objectclass "
+ + deloc + " from " + dn);
+ modSet.add(LDAPModification.DELETE, new LDAPAttribute(
+ "objectclass", deloc));
}
}
}
@@ -276,22 +284,29 @@ public class LdapCertificatePairPublisher
try {
mConfig.commit(false);
} catch (Exception e) {
- log(ILogger.LL_INFO, "Failure in updating mObjAdded and mObjDeleted");
+ log(ILogger.LL_INFO,
+ "Failure in updating mObjAdded and mObjDeleted");
}
}
- if (modSet.size() > 0) conn.modify(dn, modSet);
+ if (modSet.size() > 0)
+ conn.modify(dn, modSet);
CMS.debug("LdapCertificatePairPublisher: in publish() just published");
} catch (LDAPException e) {
if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
// need to intercept this because message from LDAP is
// "DSA is unavailable" which confuses with DSA PKI.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
- throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
+ CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+ throw new ELdapServerDownException(CMS.getUserMessage(
+ "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
+ + conn.getPort()));
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString()));
- throw new ELdapException("error publishing cross cert pair:" + e.toString());
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "",
+ e.toString()));
+ throw new ELdapException("error publishing cross cert pair:"
+ + e.toString());
}
}
return;
@@ -301,7 +316,7 @@ public class LdapCertificatePairPublisher
* unsupported
*/
public void unpublish(LDAPConnection conn, String dn, Object certObj)
- throws ELdapException {
+ throws ELdapException {
CMS.debug("LdapCertificatePairPublisher: unpublish() is unsupported in this revision");
}
@@ -310,7 +325,7 @@ public class LdapCertificatePairPublisher
*/
private void log(int level, String msg) {
mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
- "LdapCertificatePairPublisher: " + msg);
+ "LdapCertificatePairPublisher: " + msg);
}
}
generated by cgit (git 2.34.1) at 2024-05-05 10:19:03 +0000