diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/publish')
22 files changed, 2149 insertions, 2165 deletions
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java index b3305d4d..9f337cbb 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java @@ -20,6 +20,7 @@ package com.netscape.cms.publish.mappers; + /////////////////////// // import statements // /////////////////////// @@ -47,24 +48,24 @@ import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.publish.ECompSyntaxErr; import com.netscape.certsrv.request.IRequest; + ////////////////////// // class definition // ////////////////////// /** - * avaPattern is a string representing an ldap attribute formulated from the - * certificate subject name, extension or request attributes. + * avaPattern is a string representing an ldap + * attribute formulated from the certificate + * subject name, extension or request attributes. * <p> * - * The syntax is - * + * The syntax is * <pre> * avaPattern := constant-value | * "$subj" "." attrName [ "." attrNumber ] | * "$req" "." [ prefix .] attrName [ "." attrNumber ] | - * "$ext" "." extName [ "." nameType ] [ "." attrNumber ] + * "$ext" "." extName [ "." nameType ] [ "." attrNumber ] * </pre> - * * <pre> * Example: <i>$ext.SubjectAlternativeName.RFC822Name.1</i> * cert subjectAltName is rfc822Name: jjames@mcom.com @@ -75,16 +76,15 @@ import com.netscape.certsrv.request.IRequest; * The first rfc822name value in the subjAltName extension. <br> * <p> * </pre> - * - * If a request attribute or subject DN component does not exist, the attribute - * is skipped. - * + * If a request attribute or subject DN component does not exist, + * the attribute is skipped. + * * @version $Revision$, $Date$ */ class AVAPattern { - // ////////////// + //////////////// // parameters // - // ////////////// + //////////////// /* the value type of the dn component */ public static final String TYPE_REQ = "$req"; @@ -92,31 +92,37 @@ class AVAPattern { public static final String TYPE_EXT = "$ext"; public static final String TYPE_CONSTANT = "constant"; - public static final String[] GENERAL_NAME_TYPE = { "ANY", "RFC822Name", - "DNSName", "X400Name", "DIRECTORYName", "EDIName", "URIName", - "IPAddress", "OIDName" }; + public static final String[] GENERAL_NAME_TYPE = { "ANY", + "RFC822Name", + "DNSName", + "X400Name", + "DIRECTORYName", + "EDIName", + "URIName", + "IPAddress", + "OIDName"}; private static final char[] endChars = new char[] { '+', ',' }; - private static final LdapV3DNStrConverter mLdapDNStrConverter = new LdapV3DNStrConverter(); + private static final LdapV3DNStrConverter mLdapDNStrConverter = + new LdapV3DNStrConverter(); - /* the list of request attributes needed by this AVA */ + /* the list of request attributes needed by this AVA */ protected String[] mReqAttrs = null; - /* the list of cert attributes needed by this AVA */ + /* the list of cert attributes needed by this AVA*/ protected String[] mCertAttrs = null; /* value type */ protected String mType = null; - /* - * value - could be name of a request attribute or cert subject attribute or - * extension name. + /* value - could be name of a request attribute or + * cert subject attribute or extension name. */ protected String mValue = null; - /* - * value type - general name type of an extension attribute if any. + /* value type - general name type of an + * extension attribute if any. */ protected String mGNType = null; @@ -128,108 +134,107 @@ class AVAPattern { protected String mTestDN = null; - // /////////// + ///////////// // methods // - // /////////// + ///////////// - public AVAPattern(String component) throws ELdapException { + public AVAPattern(String component) + throws ELdapException { if (component == null || component.length() == 0) { - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", component)); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", component)); } parse(new PushbackReader(new StringReader(component))); } - public AVAPattern(PushbackReader in) throws ELdapException { + public AVAPattern(PushbackReader in) + throws ELdapException { parse(in); } - private void parse(PushbackReader in) throws ELdapException { + private void parse(PushbackReader in) + throws ELdapException { int c; // skip spaces - // System.out.println("============ AVAPattern Begin ==========="); - // System.out.println("skip spaces"); + //System.out.println("============ AVAPattern Begin ==========="); + //System.out.println("skip spaces"); try { - while ((c = in.read()) == ' ' || c == '\t') {// System.out.println("spaces read "+(char)c); + while ((c = in.read()) == ' ' || c == '\t') {//System.out.println("spaces read "+(char)c); ; } } catch (IOException e) { - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank")); } - if (c == -1) { - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank")); + if (c == -1) { + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank")); } if (c == '$') { - // check for $subj $ext or $req + // check for $subj $ext or $req try { c = in.read(); } catch (IOException e) { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } if (c == -1) { - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "expecting $subj $ext or $req in ava pattern")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "expecting $subj $ext or $req in ava pattern")); } if (c == 'r') { try { - if (in.read() != 'e' || in.read() != 'q' - || in.read() != '.') { - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "expecting $req in ava pattern")); + if (in.read() != 'e' || + in.read() != 'q' || + in.read() != '.') { + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "expecting $req in ava pattern")); } } catch (IOException e) { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } mType = TYPE_REQ; - // System.out.println("---- mtype $req"); + //System.out.println("---- mtype $req"); } else if (c == 's') { try { - if (in.read() != 'u' || in.read() != 'b' - || in.read() != 'j' || in.read() != '.') { - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "expecting $subj in ava pattern")); + if (in.read() != 'u' || + in.read() != 'b' || + in.read() != 'j' || + in.read() != '.') { + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "expecting $subj in ava pattern")); } } catch (IOException e) { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } mType = TYPE_SUBJ; - // System.out.println("----- mtype $subj"); + //System.out.println("----- mtype $subj"); } else if (c == 'e') { try { - if (in.read() != 'x' || in.read() != 't' - || in.read() != '.') { - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "expecting $ext in ava pattern")); + if (in.read() != 'x' || + in.read() != 't' || + in.read() != '.') { + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "expecting $ext in ava pattern")); } } catch (IOException e) { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } mType = TYPE_EXT; - // System.out.println("----- mtype $ext"); + //System.out.println("----- mtype $ext"); } else { - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "unknown keyword. expecting $subj $ext or $req.")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "unknown keyword. expecting $subj $ext or $req.")); } // get request attribute or @@ -239,27 +244,26 @@ class AVAPattern { StringBuffer valueBuf = new StringBuffer(); try { - while ((c = in.read()) != ',' && c != -1 && c != '.' - && c != '+') { - // System.out.println("mValue read "+(char)c); + while ((c = in.read()) != ',' && + c != -1 && c != '.' && c != '+') { + //System.out.println("mValue read "+(char)c); valueBuf.append((char) c); } if (c == '+' || c == ',') { // either ',' or '+' - in.unread(c); // pushback last , or + + in.unread(c); // pushback last , or + } } catch (IOException e) { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } mValue = valueBuf.toString().trim(); - if (mValue.length() == 0) { - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "$subj $ext or $req attribute name expected")); + if (mValue.length() == 0) { + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "$subj $ext or $req attribute name expected")); } - // System.out.println("----- mValue "+mValue); + //System.out.println("----- mValue "+mValue); // get nth dn xxx not nth request attribute . if (c == '.') { @@ -267,25 +271,24 @@ class AVAPattern { try { while ((c = in.read()) != ',' && c != -1 && c != '.' - && c != '+') { - // System.out.println("mElement read "+(char)c); + && c != '+') { + //System.out.println("mElement read "+(char)c); attrNumberBuf.append((char) c); } - if (c == ',' || c == '+') { // either ',' or '+' - in.unread(c); // pushback last , or + + if (c == ',' || c == '+') { // either ',' or '+' + in.unread(c); // pushback last , or + } } catch (IOException e) { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } String attrNumber = attrNumberBuf.toString().trim(); if (attrNumber.length() == 0) { - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "nth element $req $ext or $subj expected")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "nth element $req $ext or $subj expected")); } try { @@ -298,10 +301,9 @@ class AVAPattern { } else if (TYPE_EXT.equals(mType)) { mGNType = attrNumber; } else { - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "Invalid format in nth element " - + "$req $ext or $subj")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "Invalid format in nth element " + + "$req $ext or $subj")); } // get nth request attribute . @@ -309,46 +311,44 @@ class AVAPattern { StringBuffer attrNumberBuf1 = new StringBuffer(); try { - while ((c = in.read()) != ',' && c != -1 - && c != '+') { - // System.out.println("mElement read "+ - // (char)c); + while ((c = in.read()) != ',' && + c != -1 && c != '+') { + //System.out.println("mElement read "+ + // (char)c); attrNumberBuf1.append((char) c); } - if (c != -1) { // either ',' or '+' - in.unread(c); // pushback last , or + + if (c != -1) { // either ',' or '+' + in.unread(c); // pushback last , or + } } catch (IOException ex) { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_INTERNAL_ERROR", ex.toString())); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", ex.toString())); } - String attrNumber1 = attrNumberBuf1.toString().trim(); + String attrNumber1 = + attrNumberBuf1.toString().trim(); if (attrNumber1.length() == 0) { - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "nth element $req or $ext expected")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "nth element $req or $ext expected")); } - try { - mElement = Integer.parseInt(attrNumber1) - 1; + try { + mElement = Integer.parseInt(attrNumber1) - 1; } catch (NumberFormatException ex) { - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "Invalid format in nth element " - + "$req or $ext.")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "Invalid format in nth element " + + "$req or $ext.")); } } } } - // System.out.println("----- mElement "+mElement); + //System.out.println("----- mElement "+mElement); } else { // value is constant. treat as regular ava. mType = TYPE_CONSTANT; - // parse ava value. + // parse ava value. StringBuffer valueBuf = new StringBuffer(); valueBuf.append((char) c); @@ -360,26 +360,31 @@ class AVAPattern { } if (c == '+' || c == ',') { // either ',' or '+' - in.unread(c); // pushback last , or + + in.unread(c); // pushback last , or + } } catch (IOException e) { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } mValue = valueBuf.toString().trim(); - /* - * try { AVA ava = mLdapDNStrConverter.parseAVA( - * valueBuf.toString()); mValue = ava.toLdapDNString(); - * //System.out.println("----- mValue "+mValue); } catch - * (IOException e) { throw new ECompSyntaxErr(e.toString()); } + /* try { + * AVA ava = mLdapDNStrConverter.parseAVA( + * valueBuf.toString()); + * mValue = ava.toLdapDNString(); + * //System.out.println("----- mValue "+mValue); + * } catch (IOException e) { + * throw new ECompSyntaxErr(e.toString()); + * } */ } } - public String formAVA(IRequest req, X500Name subject, - CertificateExtensions extensions) throws ELdapException { + public String formAVA(IRequest req, + X500Name subject, + CertificateExtensions extensions) + throws ELdapException { if (TYPE_CONSTANT.equals(mType)) { return mValue; } @@ -387,11 +392,11 @@ class AVAPattern { if (TYPE_SUBJ.equals(mType)) { String dn = subject.toString(); - if (mTestDN != null) { + if (mTestDN != null) { dn = mTestDN; } - // System.out.println("AVAPattern Using dn "+mTestDN); + //System.out.println("AVAPattern Using dn "+mTestDN); String[] rdns = LDAPDN.explodeDN(dn, false); String value = null; @@ -404,8 +409,8 @@ class AVAPattern { for (int j = 0; j < avas.length; j++) { String[] exploded = explodeAVA(avas[j]); - if (exploded[0].equalsIgnoreCase(mValue) - && ++nFound == mElement) { + if (exploded[0].equalsIgnoreCase(mValue) && + ++nFound == mElement) { value = exploded[1]; break; } @@ -424,9 +429,11 @@ class AVAPattern { if (extensions != null) { for (int i = 0; i < extensions.size(); i++) { - Extension ext = (Extension) extensions.elementAt(i); + Extension ext = (Extension) + extensions.elementAt(i); - String extName = OIDMap.getName(ext.getExtensionId()); + String extName = + OIDMap.getName(ext.getExtensionId()); int index = extName.lastIndexOf("."); @@ -438,11 +445,13 @@ class AVAPattern { // Check the extensions one by one. // For now, just give subjectAltName // as an example. - if (mValue - .equalsIgnoreCase(SubjectAlternativeNameExtension.NAME)) { + if (mValue.equalsIgnoreCase( + SubjectAlternativeNameExtension.NAME)) { try { - GeneralNames subjectNames = (GeneralNames) ((SubjectAlternativeNameExtension) ext) - .get(SubjectAlternativeNameExtension.SUBJECT_NAME); + GeneralNames subjectNames = (GeneralNames) + ((SubjectAlternativeNameExtension) + ext).get( + SubjectAlternativeNameExtension.SUBJECT_NAME); if (subjectNames.size() == 0) { break; @@ -450,11 +459,12 @@ class AVAPattern { int j = 0; - for (Enumeration n = subjectNames.elements(); n - .hasMoreElements();) { + for (Enumeration n = + subjectNames.elements(); + n.hasMoreElements();) { - GeneralName gn = (GeneralName) n - .nextElement(); + GeneralName gn = (GeneralName) + n.nextElement(); String gname = gn.toString(); @@ -464,13 +474,14 @@ class AVAPattern { break; } - String gType = gname.substring(0, index); + String gType = + gname.substring(0, index); if (mGNType != null) { if (mGNType.equalsIgnoreCase(gType)) { if (mElement == j) { - gname = gname - .substring(index + 2); + gname = + gname.substring(index + 2); return gname; } else { j++; @@ -478,25 +489,30 @@ class AVAPattern { } } else { if (mElement == j) { - gname = gname.substring(index + 2); + gname = + gname.substring(index + 2); return gname; } j++; } } - } catch (IOException e) { - CMS.debug("AVAPattern: Publishing attr not formed " - + "from extension " - + "-- no attr : " - + mValue); + } catch (IOException e) { + CMS.debug( + "AVAPattern: Publishing attr not formed " + + "from extension " + + "-- no attr : " + + mValue); } } } } } - CMS.debug("AVAPattern: Publishing:attr not formed " - + "from extension " + "-- no attr : " + mValue); + CMS.debug( + "AVAPattern: Publishing:attr not formed " + + "from extension " + + "-- no attr : " + + mValue); return null; } @@ -505,8 +521,9 @@ class AVAPattern { // mPrefix and mValue are looked up case-insensitive String reqAttr = req.getExtDataInString(mPrefix, mValue); if (reqAttr == null) { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_NO_REQUEST", mValue, "")); + throw new + ELdapException( + CMS.getUserMessage("CMS_LDAP_NO_REQUEST", mValue, "")); } return reqAttr; @@ -532,9 +549,10 @@ class AVAPattern { } /** - * Explode RDN into AVAs. Does not handle escaped '+' Java ldap library does - * not yet support multiple avas per rdn. If RDN is malformed returns empty - * array. + * Explode RDN into AVAs. + * Does not handle escaped '+' + * Java ldap library does not yet support multiple avas per rdn. + * If RDN is malformed returns empty array. */ public static String[] explodeRDN(String rdn) { int plus = rdn.indexOf('+'); @@ -559,8 +577,9 @@ class AVAPattern { } /** - * Explode AVA into name and value. Does not handle escaped '=' If AVA is - * malformed empty array is returned. + * Explode AVA into name and value. + * Does not handle escaped '=' + * If AVA is malformed empty array is returned. */ public static String[] explodeAVA(String ava) { int equals = ava.indexOf('='); @@ -573,3 +592,4 @@ class AVAPattern { ava.substring(equals + 1).trim() }; } } + diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java index 282e5411..9f605678 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; + import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Locale; @@ -47,18 +48,20 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; -/** - * Maps a request to an entry in the LDAP server. Takes a dnPattern to form the - * baseDN from the request attributes and certificate subject name.Do a base - * search for the entry in the directory to publish the cert or crl. The - * restriction of this mapper is that the ldap dn components must be part of - * certificate subject name or request attributes or constant. - * + +/** + * Maps a request to an entry in the LDAP server. + * Takes a dnPattern to form the baseDN from the request attributes + * and certificate subject name.Do a base search for the entry + * in the directory to publish the cert or crl. + * The restriction of this mapper is that the ldap dn components must + * be part of certificate subject name or request attributes or constant. + * * @version $Revision$, $Date$ */ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { - protected static final String PROP_DNPATTERN = "dnPattern"; - protected static final String PROP_CREATECA = "createCAEntry"; + protected static final String PROP_DNPATTERN = "dnPattern"; + protected static final String PROP_CREATECA = "createCAEntry"; protected String mDnPattern = null; protected boolean mCreateCAEntry = true; @@ -69,28 +72,28 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { /* the subject DN pattern */ protected MapDNPattern mPattern = null; - /* the list of request attriubutes to retrieve */ + /* the list of request attriubutes to retrieve*/ protected String[] mReqAttrs = null; - /* the list of cert attriubutes to retrieve */ + /* the list of cert attriubutes to retrieve*/ protected String[] mCertAttrs = null; /* default dn pattern if left blank or not set in the config */ - public static final String DEFAULT_DNPATTERN = "UID=$req.HTTP_PARAMS.UID, OU=people, O=$subj.o, C=$subj.c"; + public static final String DEFAULT_DNPATTERN = + "UID=$req.HTTP_PARAMS.UID, OU=people, O=$subj.o, C=$subj.c"; - /** + /** * Constructor. - * - * @param dnPattern The base DN. + * + * @param dnPattern The base DN. */ public LdapCaSimpleMap(String dnPattern) { try { init(dnPattern); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("OPERATION_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); } - + } /** @@ -101,17 +104,16 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { public String[] getExtendedPluginInfo(Locale locale) { String params[] = { - "dnPattern;string;Describes how to form the Ldap Subject name in" - + " the directory. Example 1: 'uid=CertMgr, o=Fedora'. Example 2:" - + " 'uid=$req.HTTP_PARAMS.uid, E=$ext.SubjectAlternativeName.RFC822Name, ou=$subj.ou'. " - + "$req means: take the attribute from the request. " - + "$subj means: take the attribute from the certificate subject name. " - + "$ext means: take the attribute from the certificate extension", + "dnPattern;string;Describes how to form the Ldap Subject name in" + + " the directory. Example 1: 'uid=CertMgr, o=Fedora'. Example 2:" + + " 'uid=$req.HTTP_PARAMS.uid, E=$ext.SubjectAlternativeName.RFC822Name, ou=$subj.ou'. " + + "$req means: take the attribute from the request. " + + "$subj means: take the attribute from the certificate subject name. " + + "$ext means: take the attribute from the certificate extension", "createCAEntry;boolean;If checked, CA entry will be created automatically", - IExtendedPluginInfo.HELP_TOKEN - + ";configuration-ldappublish-mapper-casimplemapper", - IExtendedPluginInfo.HELP_TEXT - + ";Describes how to form the LDAP DN of the entry to publish to" }; + IExtendedPluginInfo.HELP_TOKEN + ";configuration-ldappublish-mapper-casimplemapper", + IExtendedPluginInfo.HELP_TEXT + ";Describes how to form the LDAP DN of the entry to publish to" + }; return params; } @@ -120,10 +122,11 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { return mConfig; } - /** + /** * for initializing from config store. */ - public void init(IConfigStore config) throws EBaseException { + public void init(IConfigStore config) + throws EBaseException { mConfig = config; String dnPattern = mConfig.getString(PROP_DNPATTERN); @@ -134,51 +137,51 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { /** * common initialization routine. */ - protected void init(String dnPattern) throws EBaseException { - if (mInited) + protected void init(String dnPattern) + throws EBaseException { + if (mInited) return; mDnPattern = dnPattern; - if (mDnPattern == null || mDnPattern.length() == 0) + if (mDnPattern == null || mDnPattern.length() == 0) mDnPattern = DEFAULT_DNPATTERN; try { mPattern = new MapDNPattern(mDnPattern); String[] mReqAttrs = mPattern.getReqAttrs(); String[] mCertAttrs = mPattern.getCertAttrs(); } catch (ELdapException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT", dnPattern, - e.toString())); - throw new EBaseException("falied to init with pattern " + dnPattern - + " " + e); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT", dnPattern, e.toString())); + throw new EBaseException("falied to init with pattern " + + dnPattern + " " + e); } mInited = true; } /** - * Maps a X500 subject name to LDAP entry. Uses DN pattern to form a DN for - * a LDAP base search. + * Maps a X500 subject name to LDAP entry. + * Uses DN pattern to form a DN for a LDAP base search. * - * @param conn the LDAP connection. - * @param obj the object to map. + * @param conn the LDAP connection. + * @param obj the object to map. * @exception ELdapException if any LDAP exceptions occured. - */ - public String map(LDAPConnection conn, Object obj) throws ELdapException { + */ + public String map(LDAPConnection conn, Object obj) + throws ELdapException { return map(conn, null, obj); } /** - * Maps a X500 subject name to LDAP entry. Uses DN pattern to form a DN for - * a LDAP base search. + * Maps a X500 subject name to LDAP entry. + * Uses DN pattern to form a DN for a LDAP base search. * - * @param conn the LDAP connection. - * @param req the request to map. - * @param obj the object to map. + * @param conn the LDAP connection. + * @param req the request to map. + * @param obj the object to map. * @exception ELdapException if any LDAP exceptions occured. - */ + */ public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { if (conn == null) return null; String dn = null; @@ -186,14 +189,13 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { try { dn = formDN(req, obj); if (dn == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_DN_NOT_FORMED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_NOT_FORMED")); String s1 = ""; if (req != null) s1 = req.getRequestId().toString(); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_NO_DN_MATCH", s1)); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_NO_DN_MATCH", s1)); } int scope = LDAPv2.SCOPE_BASE; String filter = "(objectclass=*)"; @@ -202,82 +204,75 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { String[] attrs = new String[] { LDAPv3.NO_ATTRS }; log(ILogger.LL_INFO, "searching for dn: " + dn + " filter:" - + filter + " scope: base"); + + filter + " scope: base"); - LDAPSearchResults results = conn.search(dn, scope, filter, attrs, - false); + LDAPSearchResults results = + conn.search(dn, scope, filter, attrs, false); LDAPEntry entry = results.next(); if (results.hasMoreElements()) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "PUBLISH_MORE_THAN_ONE_ENTRY", dn, ((req == null) ? "" - : req.getRequestId().toString()))); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_MORE_THAN_ONE_ENTRY", ((req == null) ? "" - : req.getRequestId().toString()))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", dn, + ((req == null) ? "" : req.getRequestId().toString()))); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", + ((req == null) ? "" : req.getRequestId().toString()))); } if (entry != null) return entry.getDN(); else { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "PUBLISH_ENTRY_NOT_FOUND", dn, ((req == null) ? "" - : req.getRequestId().toString()))); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_NO_MATCH_FOUND", "null entry")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", dn, + ((req == null) ? "" : req.getRequestId().toString()))); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", + "null entry")); } } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage( - "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" - + conn.getPort())); - } else if (e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT - && mCreateCAEntry) { + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + } else if (e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT && mCreateCAEntry) { try { createCAEntry(conn, dn); log(ILogger.LL_INFO, "CA Entry " + dn + " Created"); return dn; } catch (LDAPException e1) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "PUBLISH_DN_MAP_EXCEPTION", dn, e1.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", dn, e1.toString())); if (e1.getLDAPResultCode() == LDAPException.CONSTRAINT_VIOLATION) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CA_ENTRY_NOT_CREATED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CA_ENTRY_NOT_CREATED")); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CA_ENTRY_NOT_CREATED1")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CA_ENTRY_NOT_CREATED1")); } - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_CREATE_CA_FAILED", dn)); + throw new + ELdapException(CMS.getUserMessage("CMS_LDAP_CREATE_CA_FAILED", dn)); } } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", dn, - e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_NO_MATCH_FOUND", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", dn, e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); } } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_EXCEPTION_CAUGHT", e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_NO_MATCH_FOUND", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_EXCEPTION_CAUGHT", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); } } private void createCAEntry(LDAPConnection conn, String dn) - throws LDAPException { + throws LDAPException { LDAPAttributeSet attrs = new LDAPAttributeSet(); // OID 2.5.6.16 - String caOc[] = new String[] { "top", "person", "organizationalPerson", - "inetOrgPerson" }; - - String oOc[] = { "top", "organization" }; - String oiOc[] = { "top", "organizationalunit" }; - + String caOc[] = new String[] {"top", + "person", + "organizationalPerson", + "inetOrgPerson"}; + + String oOc[] = {"top", + "organization"}; + String oiOc[] = {"top", + "organizationalunit"}; + DN dnobj = new DN(dn); String attrval[] = dnobj.explodeDN(true); @@ -291,7 +286,6 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { /** * form a dn from component in the request and cert subject name - * * @param req The request * @param obj The certificate or crl */ @@ -302,35 +296,33 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { try { X509Certificate cert = (X509Certificate) obj; - subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN(); + subjectDN = + (X500Name) ((X509Certificate) cert).getSubjectDN(); - CMS.debug("LdapCaSimpleMap: cert subject dn:" - + subjectDN.toString()); - X509CertInfo info = (X509CertInfo) ((X509CertImpl) cert) - .get(X509CertImpl.NAME + "." + X509CertImpl.INFO); + CMS.debug("LdapCaSimpleMap: cert subject dn:" + subjectDN.toString()); + X509CertInfo info = (X509CertInfo) + ((X509CertImpl) cert).get( + X509CertImpl.NAME + "." + X509CertImpl.INFO); - certExt = (CertificateExtensions) info - .get(CertificateExtensions.NAME); + certExt = (CertificateExtensions) info.get( + CertificateExtensions.NAME); } catch (java.security.cert.CertificateParsingException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); } catch (java.security.cert.CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); } catch (ClassCastException e) { try { X509CRLImpl crl = (X509CRLImpl) obj; - subjectDN = (X500Name) ((X509CRLImpl) crl).getIssuerDN(); + subjectDN = + (X500Name) ((X509CRLImpl) crl).getIssuerDN(); - CMS.debug("LdapCaSimpleMap: crl issuer dn: " - + subjectDN.toString()); - } catch (ClassCastException ex) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED", + CMS.debug("LdapCaSimpleMap: crl issuer dn: " + + subjectDN.toString()); + }catch (ClassCastException ex) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED", ((req == null) ? "" : req.getRequestId().toString()))); return null; } @@ -340,12 +332,11 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { return dn; } catch (ELdapException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_FORM_DN", - ((req == null) ? "" : req.getRequestId().toString()), - e.toString())); - throw new EBaseException("falied to form dn for request: " - + ((req == null) ? "" : req.getRequestId().toString()) - + " " + e); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_CANT_FORM_DN", + ((req == null) ? "" : req.getRequestId().toString()), e.toString())); + throw new EBaseException("falied to form dn for request: " + + ((req == null) ? "" : req.getRequestId().toString()) + " " + e); } } @@ -371,12 +362,11 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { try { if (mDnPattern == null) { v.addElement(PROP_DNPATTERN + "="); - } else { - v.addElement(PROP_DNPATTERN + "=" - + mConfig.getString(PROP_DNPATTERN)); + }else { + v.addElement(PROP_DNPATTERN + "=" + + mConfig.getString(PROP_DNPATTERN)); } - v.addElement(PROP_CREATECA + "=" - + mConfig.getBoolean(PROP_CREATECA, true)); + v.addElement(PROP_CREATECA + "=" + mConfig.getBoolean(PROP_CREATECA, true)); } catch (Exception e) { } return v; @@ -384,7 +374,8 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCaSimpleMapper: " + msg); + "LdapCaSimpleMapper: " + msg); } } + diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertCompsMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertCompsMap.java index 8b7a1dbe..b8cc06f7 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertCompsMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertCompsMap.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; + import java.security.cert.CRLException; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; @@ -33,19 +34,22 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; -/** - * Maps a X509 certificate to a LDAP entry using AVAs in the certificate's - * subject name to form the ldap search dn and filter. Takes a optional root - * search dn. The DN comps are used to form a LDAP entry to begin a subtree - * search. The filter comps are used to form a search filter for the subtree. If - * none of the DN comps matched, baseDN is used for the subtree. If the baseDN - * is null and none of the DN comps matched, it is an error. If none of the DN - * comps and filter comps matched, it is an error. If just the filter comps is - * null, a base search is performed. - * + +/** + * Maps a X509 certificate to a LDAP entry using AVAs in the certificate's + * subject name to form the ldap search dn and filter. + * Takes a optional root search dn. + * The DN comps are used to form a LDAP entry to begin a subtree search. + * The filter comps are used to form a search filter for the subtree. + * If none of the DN comps matched, baseDN is used for the subtree. + * If the baseDN is null and none of the DN comps matched, it is an error. + * If none of the DN comps and filter comps matched, it is an error. + * If just the filter comps is null, a base search is performed. + * * @version $Revision$, $Date$ */ -public class LdapCertCompsMap extends LdapDNCompsMap implements ILdapMapper { +public class LdapCertCompsMap + extends LdapDNCompsMap implements ILdapMapper { ILogger mLogger = CMS.getLogger(); public LdapCertCompsMap() { @@ -53,22 +57,22 @@ public class LdapCertCompsMap extends LdapDNCompsMap implements ILdapMapper { // via configuration } - /** + /** * Constructor. + * + * The DN comps are used to form a LDAP entry to begin a subtree search. + * The filter comps are used to form a search filter for the subtree. + * If none of the DN comps matched, baseDN is used for the subtree. + * If the baseDN is null and none of the DN comps matched, it is an error. + * If none of the DN comps and filter comps matched, it is an error. + * If just the filter comps is null, a base search is performed. * - * The DN comps are used to form a LDAP entry to begin a subtree search. The - * filter comps are used to form a search filter for the subtree. If none of - * the DN comps matched, baseDN is used for the subtree. If the baseDN is - * null and none of the DN comps matched, it is an error. If none of the DN - * comps and filter comps matched, it is an error. If just the filter comps - * is null, a base search is performed. - * - * @param baseDN The base DN. + * @param baseDN The base DN. * @param dnComps Components to form the LDAP base dn for search. * @param filterComps Components to form the LDAP search filter. */ public LdapCertCompsMap(String baseDN, ObjectIdentifier[] dnComps, - ObjectIdentifier[] filterComps) { + ObjectIdentifier[] filterComps) { init(baseDN, dnComps, filterComps); } @@ -95,35 +99,40 @@ public class LdapCertCompsMap extends LdapDNCompsMap implements ILdapMapper { /** * constructor using non-standard certificate attribute. */ - public LdapCertCompsMap(String certAttr, String baseDN, - ObjectIdentifier[] dnComps, ObjectIdentifier[] filterComps) { + public LdapCertCompsMap(String certAttr, String baseDN, + ObjectIdentifier[] dnComps, + ObjectIdentifier[] filterComps) { super(certAttr, baseDN, dnComps, filterComps); } protected void init(String baseDN, ObjectIdentifier[] dnComps, - ObjectIdentifier[] filterComps) { + ObjectIdentifier[] filterComps) { super.init(baseDN, dnComps, filterComps); } /** - * Maps a certificate to LDAP entry. Uses DN components and filter - * components to form a DN and filter for a LDAP search. If the formed DN is - * null the baseDN will be used. If the formed DN is null and baseDN is null - * an error is thrown. If the filter is null a base search is performed. If - * both are null an error is thrown. + * Maps a certificate to LDAP entry. + * Uses DN components and filter components to form a DN and + * filter for a LDAP search. + * If the formed DN is null the baseDN will be used. + * If the formed DN is null and baseDN is null an error is thrown. + * If the filter is null a base search is performed. + * If both are null an error is thrown. * * @param conn - the LDAP connection. * @param obj - the X509Certificate. */ - public String map(LDAPConnection conn, Object obj) throws ELdapException { + public String + map(LDAPConnection conn, Object obj) + throws ELdapException { if (conn == null) return null; try { X509Certificate cert = (X509Certificate) obj; String result = null; // form dn and filter for search. - X500Name subjectDN = (X500Name) ((X509Certificate) cert) - .getSubjectDN(); + X500Name subjectDN = + (X500Name) ((X509Certificate) cert).getSubjectDN(); CMS.debug("LdapCertCompsMap: " + subjectDN.toString()); @@ -132,16 +141,15 @@ public class LdapCertCompsMap extends LdapDNCompsMap implements ILdapMapper { result = super.map(conn, subjectDN, certbytes); return result; } catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString())); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); } catch (ClassCastException e) { try { X509CRLImpl crl = (X509CRLImpl) obj; String result = null; - X500Name issuerDN = (X500Name) ((X509CRLImpl) crl) - .getIssuerDN(); + X500Name issuerDN = + (X500Name) ((X509CRLImpl) crl).getIssuerDN(); CMS.debug("LdapCertCompsMap: " + issuerDN.toString()); @@ -150,27 +158,24 @@ public class LdapCertCompsMap extends LdapDNCompsMap implements ILdapMapper { result = super.map(conn, issuerDN, crlbytes); return result; } catch (CRLException ex) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_DECODE_CRL", - ex.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_GET_DER_ENCODED_CRL_FAILED", ex.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_DECODE_CRL", ex.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CRL_FAILED", ex.toString())); } catch (ClassCastException ex) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT")); return null; } } } public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { return map(conn, obj); } private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCertCompsMap: " + msg); + "LdapCertCompsMap: " + msg); } } + diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java index 93fd58ee..7ce49748 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; + import java.security.cert.X509Certificate; import java.util.Locale; import java.util.Vector; @@ -40,10 +41,11 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; -/** - * Maps a X509 certificate to a LDAP entry by using the subject name of the - * certificate as the LDAP entry DN. - * + +/** + * Maps a X509 certificate to a LDAP entry by using the subject name + * of the certificate as the LDAP entry DN. + * * @version $Revision$, $Date$ */ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { @@ -61,7 +63,8 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { return mConfig; } - public void init(IConfigStore config) throws EBaseException { + public void init(IConfigStore config) + throws EBaseException { if (mInited == true) return; mConfig = config; @@ -70,10 +73,11 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { public String[] getExtendedPluginInfo(Locale locale) { String[] params = { - IExtendedPluginInfo.HELP_TOKEN - + ";configuration-ldappublish-mapper-certexactmapper", - IExtendedPluginInfo.HELP_TEXT - + ";Literally uses the subject name of the certificate as the DN to publish to" }; + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ldappublish-mapper-certexactmapper", + IExtendedPluginInfo.HELP_TEXT + + ";Literally uses the subject name of the certificate as the DN to publish to" + }; return params; } @@ -91,7 +95,7 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { return v; } - + public Vector getInstanceParams() { Vector v = new Vector(); @@ -99,13 +103,15 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { } /** - * Finds the entry for the certificate by looking for the cert subject name - * in the subject name attribute. + * Finds the entry for the certificate by looking for the cert + * subject name in the subject name attribute. * * @param conn - the LDAP connection. * @param obj - the X509Certificate. - */ - public String map(LDAPConnection conn, Object obj) throws ELdapException { + */ + public String + map(LDAPConnection conn, Object obj) + throws ELdapException { if (conn == null) return null; @@ -114,40 +120,40 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { try { X509Certificate cert = (X509Certificate) obj; - subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN(); + subjectDN = + (X500Name) ((X509Certificate) cert).getSubjectDN(); - CMS.debug("LdapCertExactMap: cert subject dn:" - + subjectDN.toString()); + CMS.debug("LdapCertExactMap: cert subject dn:" + subjectDN.toString()); } catch (ClassCastException e) { try { X509CRLImpl crl = (X509CRLImpl) obj; - subjectDN = (X500Name) ((X509CRLImpl) crl).getIssuerDN(); + subjectDN = + (X500Name) ((X509CRLImpl) crl).getIssuerDN(); - CMS.debug("LdapCertExactMap: crl issuer dn: " - + subjectDN.toString()); - } catch (ClassCastException ex) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT")); + CMS.debug("LdapCertExactMap: crl issuer dn: " + + subjectDN.toString()); + }catch (ClassCastException ex) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT")); return null; } } try { boolean hasCert = false; boolean hasSubjectName = false; - String[] attrs = new String[] { LDAPv3.NO_ATTRS }; + String[] attrs = new String[] { LDAPv3.NO_ATTRS }; log(ILogger.LL_INFO, "Searching for " + subjectDN.toString()); - LDAPSearchResults results = conn.search(subjectDN.toString(), - LDAPv2.SCOPE_BASE, "(objectclass=*)", attrs, false); - + LDAPSearchResults results = + conn.search(subjectDN.toString(), LDAPv2.SCOPE_BASE, + "(objectclass=*)", attrs, false); + LDAPEntry entry = results.next(); if (results.hasMoreElements()) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", - subjectDN.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", subjectDN.toString())); } if (entry != null) { log(ILogger.LL_INFO, "entry found"); @@ -159,37 +165,39 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage( - "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" - + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", - e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_NO_MATCH_FOUND", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); } } /* - * catch (IOException e) { log(ILogger.LL_FAILURE, - * CMS.getLogMessage("PUBLISH_CANT_GET_SUBJECT", e.toString())); throw - * new ELdapException( LdapResources.GET_CERT_SUBJECT_DN_FAILED, e); } - * catch (CertificateEncodingException e) { log(ILogger.LL_FAILURE, - * CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString())); throw - * new ELdapException( LdapResources.GET_DER_ENCODED_CERT_FAILED, e); } + catch (IOException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_CANT_GET_SUBJECT", e.toString())); + throw new ELdapException( + LdapResources.GET_CERT_SUBJECT_DN_FAILED, e); + } + catch (CertificateEncodingException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString())); + throw new ELdapException( + LdapResources.GET_DER_ENCODED_CERT_FAILED, e); + } */ } public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { return map(conn, obj); } private void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCertExactMap: " + msg); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, + "LdapCertExactMap: " + msg); } } + diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java index b4ce10bc..017441df 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; + import java.security.cert.X509Certificate; import java.util.Locale; import java.util.Vector; @@ -40,10 +41,11 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; -/** - * Maps a X509 certificate to a LDAP entry by finding an LDAP entry which has an - * attribute whose contents are equal to the cert subject name. - * + +/** + * Maps a X509 certificate to a LDAP entry by finding an LDAP entry + * which has an attribute whose contents are equal to the cert subject name. + * * @version $Revision$, $Date$ */ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { @@ -62,15 +64,13 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { /** * constructs a certificate subject name mapper with search base. - * - * @param searchBase the dn to start searching for the certificate subject - * name. + * @param searchBase the dn to start searching for the certificate + * subject name. */ public LdapCertSubjMap(String searchBase) { if (searchBase == null) throw new IllegalArgumentException( - "a null argument to constructor " - + this.getClass().getName()); + "a null argument to constructor " + this.getClass().getName()); mSearchBase = searchBase; mInited = true; } @@ -82,23 +82,23 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { * @param certSubjNameAttr attribute for certificate subject names. * @param certAttr attribute to find certificate. */ - public LdapCertSubjMap(String searchBase, String certSubjNameAttr, - String certAttr) { - if (searchBase == null || certSubjNameAttr == null || certAttr == null) + public LdapCertSubjMap(String searchBase, + String certSubjNameAttr, String certAttr) { + if (searchBase == null || + certSubjNameAttr == null || certAttr == null) throw new IllegalArgumentException( - "a null argument to constructor " - + this.getClass().getName()); + "a null argument to constructor " + this.getClass().getName()); mCertSubjNameAttr = certSubjNameAttr; mSearchBase = searchBase; mInited = true; } - public LdapCertSubjMap(String searchBase, String certSubjNameAttr, - String certAttr, boolean useAllEntries) { - if (searchBase == null || certSubjNameAttr == null || certAttr == null) + public LdapCertSubjMap(String searchBase, + String certSubjNameAttr, String certAttr, boolean useAllEntries) { + if (searchBase == null || + certSubjNameAttr == null || certAttr == null) throw new IllegalArgumentException( - "a null argument to constructor " - + this.getClass().getName()); + "a null argument to constructor " + this.getClass().getName()); mCertSubjNameAttr = certSubjNameAttr; mSearchBase = searchBase; mUseAllEntries = useAllEntries; @@ -127,15 +127,16 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { "certSubjNameAttr;string;Name of Ldap attribute containing cert subject name", "searchBase;string;Base DN to search from", "useAllEntries;boolean;Use all entries for publishing", - IExtendedPluginInfo.HELP_TOKEN - + ";configuration-ldappublish-mapper-certsubjmapper", - IExtendedPluginInfo.HELP_TEXT - + ";This plugin assumes you want to publish to an LDAP entry which has " - + "an attribute whose contents are equal to the cert subject name" }; + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ldappublish-mapper-certsubjmapper", + IExtendedPluginInfo.HELP_TEXT + + ";This plugin assumes you want to publish to an LDAP entry which has " + + "an attribute whose contents are equal to the cert subject name" + }; return params; } - + public Vector getInstanceParams() { Vector v = new Vector(); @@ -157,25 +158,28 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { return mConfig; } - public void init(IConfigStore config) throws EBaseException { + public void init(IConfigStore config) + throws EBaseException { if (mInited == true) return; mConfig = config; mCertSubjNameAttr = config.getString("certSubjNameAttr", - LDAP_CERTSUBJNAME_ATTR); + LDAP_CERTSUBJNAME_ATTR); mSearchBase = config.getString("searchBase"); mUseAllEntries = config.getBoolean("useAllEntries", false); mInited = true; } /** - * Finds the entry for the certificate by looking for the cert subject name - * in the subject name attribute. + * Finds the entry for the certificate by looking for the cert + * subject name in the subject name attribute. * * @param conn - the LDAP connection. * @param obj - the X509Certificate. - */ - public String map(LDAPConnection conn, Object obj) throws ELdapException { + */ + public String + map(LDAPConnection conn, Object obj) + throws ELdapException { if (conn == null) return null; X500Name subjectDN = null; @@ -183,43 +187,41 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { try { X509Certificate cert = (X509Certificate) obj; - subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN(); + subjectDN = + (X500Name) ((X509Certificate) cert).getSubjectDN(); - CMS.debug("LdapCertSubjMap: cert subject dn:" - + subjectDN.toString()); + CMS.debug("LdapCertSubjMap: cert subject dn:" + subjectDN.toString()); } catch (ClassCastException e) { try { X509CRLImpl crl = (X509CRLImpl) obj; - subjectDN = (X500Name) ((X509CRLImpl) crl).getIssuerDN(); + subjectDN = + (X500Name) ((X509CRLImpl) crl).getIssuerDN(); - CMS.debug("LdapCertSubjMap: crl issuer dn: " - + subjectDN.toString()); - } catch (ClassCastException ex) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT")); + CMS.debug("LdapCertSubjMap: crl issuer dn: " + + subjectDN.toString()); + }catch (ClassCastException ex) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT")); return null; } } try { boolean hasCert = false; boolean hasSubjectName = false; - String[] attrs = new String[] { LDAPv3.NO_ATTRS }; - - log(ILogger.LL_INFO, "search " + mSearchBase + " (" - + mCertSubjNameAttr + "=" + subjectDN + ") " - + mCertSubjNameAttr); + String[] attrs = new String[] { LDAPv3.NO_ATTRS }; - LDAPSearchResults results = conn.search(mSearchBase, - LDAPv2.SCOPE_SUB, "(" + mCertSubjNameAttr + "=" + subjectDN - + ")", attrs, false); + log(ILogger.LL_INFO, "search " + mSearchBase + + " (" + mCertSubjNameAttr + "=" + subjectDN + ") " + mCertSubjNameAttr); + LDAPSearchResults results = + conn.search(mSearchBase, LDAPv2.SCOPE_SUB, + "(" + mCertSubjNameAttr + "=" + subjectDN + ")", attrs, false); + LDAPEntry entry = results.next(); if (results.hasMoreElements()) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", - subjectDN.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", subjectDN.toString())); } if (entry != null) { log(ILogger.LL_INFO, "entry found"); @@ -231,35 +233,38 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage( - "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" - + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "PUBLISH_DN_MAP_EXCEPTION", "LDAPException", - e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_NO_MATCH_FOUND", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); } } /* - * catch (IOException e) { log(ILogger.LL_FAILURE, - * CMS.getLogMessage("PUBLISH_CANT_GET_SUBJECT", e.toString())); throw - * new ELdapException( LdapResources.GET_CERT_SUBJECT_DN_FAILED, e); } - * catch (CertificateEncodingException e) { log(ILogger.LL_FAILURE, - * CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString())); throw - * new ELdapException( LdapResources.GET_DER_ENCODED_CERT_FAILED, e); } + catch (IOException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_CANT_GET_SUBJECT", e.toString())); + throw new ELdapException( + LdapResources.GET_CERT_SUBJECT_DN_FAILED, e); + } + catch (CertificateEncodingException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString())); + throw new ELdapException( + LdapResources.GET_DER_ENCODED_CERT_FAILED, e); + } */ } public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { return map(conn, obj); } - public Vector mapAll(LDAPConnection conn, Object obj) throws ELdapException { + public Vector mapAll(LDAPConnection conn, Object obj) + throws ELdapException { Vector v = new Vector(); if (conn == null) @@ -269,31 +274,28 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { try { X509Certificate cert = (X509Certificate) obj; subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN(); - CMS.debug("LdapCertSubjMap: cert subject dn:" - + subjectDN.toString()); + CMS.debug("LdapCertSubjMap: cert subject dn:" + subjectDN.toString()); } catch (ClassCastException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT")); return v; } try { boolean hasCert = false; boolean hasSubjectName = false; - String[] attrs = new String[] { LDAPv3.NO_ATTRS }; + String[] attrs = new String[] { LDAPv3.NO_ATTRS }; - log(ILogger.LL_INFO, "search " + mSearchBase + " (" - + mCertSubjNameAttr + "=" + subjectDN + ") " - + mCertSubjNameAttr); - - LDAPSearchResults results = conn.search(mSearchBase, - LDAPv2.SCOPE_SUB, "(" + mCertSubjNameAttr + "=" + subjectDN - + ")", attrs, false); + log(ILogger.LL_INFO, "search " + mSearchBase + + " (" + mCertSubjNameAttr + "=" + subjectDN + ") " + mCertSubjNameAttr); + LDAPSearchResults results = + conn.search(mSearchBase, LDAPv2.SCOPE_SUB, + "(" + mCertSubjNameAttr + "=" + subjectDN + ")", attrs, false); + while (results.hasMoreElements()) { LDAPEntry entry = results.next(); String dn = entry.getDN(); v.addElement(dn); - CMS.debug("LdapCertSubjMap: dn=" + dn); + CMS.debug("LdapCertSubjMap: dn="+dn); } CMS.debug("LdapCertSubjMap: Number of entries: " + v.size()); } catch (LDAPException e) { @@ -301,16 +303,12 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage( - "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" - + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "PUBLISH_DN_MAP_EXCEPTION", "LDAPException", - e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_NO_MATCH_FOUND", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); } } @@ -318,13 +316,13 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { } public Vector mapAll(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { return mapAll(conn, obj); } private void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCertSubjMap: " + msg); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, + "LdapCertSubjMap: " + msg); } /** @@ -346,3 +344,4 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { } } + diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java index 05d25e5f..40283e98 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; + import java.security.cert.CRLException; import java.util.Vector; @@ -31,14 +32,16 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; -/** - * Default crl mapper. maps the crl to a ldap entry by using components in the - * issuer name to find the CA's entry. - * + +/** + * Default crl mapper. + * maps the crl to a ldap entry by using components in the issuer name + * to find the CA's entry. + * * @version $Revision$, $Date$ */ -public class LdapCrlIssuerCompsMap extends LdapDNCompsMap implements - ILdapMapper { +public class LdapCrlIssuerCompsMap + extends LdapDNCompsMap implements ILdapMapper { ILogger mLogger = CMS.getLogger(); public LdapCrlIssuerCompsMap() { @@ -46,30 +49,31 @@ public class LdapCrlIssuerCompsMap extends LdapDNCompsMap implements // via configuration } - /** + /** * Constructor. + * + * The DN comps are used to form a LDAP entry to begin a subtree search. + * The filter comps are used to form a search filter for the subtree. + * If none of the DN comps matched, baseDN is used for the subtree. + * If the baseDN is null and none of the DN comps matched, it is an error. + * If none of the DN comps and filter comps matched, it is an error. + * If just the filter comps is null, a base search is performed. * - * The DN comps are used to form a LDAP entry to begin a subtree search. The - * filter comps are used to form a search filter for the subtree. If none of - * the DN comps matched, baseDN is used for the subtree. If the baseDN is - * null and none of the DN comps matched, it is an error. If none of the DN - * comps and filter comps matched, it is an error. If just the filter comps - * is null, a base search is performed. - * - * @param baseDN The base DN. + * @param baseDN The base DN. * @param dnComps Components to form the LDAP base dn for search. * @param filterComps Components to form the LDAP search filter. */ public LdapCrlIssuerCompsMap(String baseDN, ObjectIdentifier[] dnComps, - ObjectIdentifier[] filterComps) { + ObjectIdentifier[] filterComps) { init(baseDN, dnComps, filterComps); } /** * constructor using non-standard certificate attribute. */ - public LdapCrlIssuerCompsMap(String crlAttr, String baseDN, - ObjectIdentifier[] dnComps, ObjectIdentifier[] filterComps) { + public LdapCrlIssuerCompsMap(String crlAttr, String baseDN, + ObjectIdentifier[] dnComps, + ObjectIdentifier[] filterComps) { super(crlAttr, baseDN, dnComps, filterComps); } @@ -84,7 +88,7 @@ public class LdapCrlIssuerCompsMap extends LdapDNCompsMap implements public Vector getDefaultParams() { Vector v = super.getDefaultParams(); - // v.addElement("crlAttr=" + LdapCrlPublisher.LDAP_CRL_ATTR); + //v.addElement("crlAttr=" + LdapCrlPublisher.LDAP_CRL_ATTR); return v; } @@ -95,30 +99,35 @@ public class LdapCrlIssuerCompsMap extends LdapDNCompsMap implements } protected void init(String baseDN, ObjectIdentifier[] dnComps, - ObjectIdentifier[] filterComps) { - // mLdapAttr = LdapCrlPublisher.LDAP_CRL_ATTR; + ObjectIdentifier[] filterComps) { + //mLdapAttr = LdapCrlPublisher.LDAP_CRL_ATTR; super.init(baseDN, dnComps, filterComps); } /** - * Maps a crl to LDAP entry. Uses issuer DN components and filter components - * to form a DN and filter for a LDAP search. If the formed DN is null the - * baseDN will be used. If the formed DN is null and baseDN is null an error - * is thrown. If the filter is null a base search is performed. If both are - * null an error is thrown. + * Maps a crl to LDAP entry. + * Uses issuer DN components and filter components to form a DN and + * filter for a LDAP search. + * If the formed DN is null the baseDN will be used. + * If the formed DN is null and baseDN is null an error is thrown. + * If the filter is null a base search is performed. + * If both are null an error is thrown. * * @param conn - the LDAP connection. * @param obj - the X509Certificate. * @return the result. LdapCertMapResult is also used for CRL. - */ - public String map(LDAPConnection conn, Object obj) throws ELdapException { + */ + public String + map(LDAPConnection conn, Object obj) + throws ELdapException { if (conn == null) return null; X509CRLImpl crl = (X509CRLImpl) obj; try { String result = null; - X500Name issuerDN = (X500Name) ((X509CRLImpl) crl).getIssuerDN(); + X500Name issuerDN = + (X500Name) ((X509CRLImpl) crl).getIssuerDN(); CMS.debug("LdapCrlIssuerCompsMap: " + issuerDN.toString()); @@ -127,15 +136,14 @@ public class LdapCrlIssuerCompsMap extends LdapDNCompsMap implements result = super.map(conn, issuerDN, crlbytes); return result; } catch (CRLException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_DECODE_CRL", e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_GET_DER_ENCODED_CRL_FAILED", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_CANT_DECODE_CRL", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CRL_FAILED", e.toString())); } } public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { return map(conn, obj); } @@ -144,7 +152,8 @@ public class LdapCrlIssuerCompsMap extends LdapDNCompsMap implements */ private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCrlCompsMap: " + msg); + "LdapCrlCompsMap: " + msg); } } + diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java index 36374ddb..1662283f 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; + import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -45,20 +46,23 @@ import com.netscape.certsrv.ldap.ELdapServerDownException; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPlugin; -/** - * Maps a Subject name to an entry in the LDAP server. subject name to form the - * ldap search dn and filter. Takes a optional root search dn. The DN comps are - * used to form a LDAP entry to begin a subtree search. The filter comps are - * used to form a search filter for the subtree. If none of the DN comps - * matched, baseDN is used for the subtree. If the baseDN is null and none of - * the DN comps matched, it is an error. If none of the DN comps and filter - * comps matched, it is an error. If just the filter comps is null, a base - * search is performed. - * + +/** + * Maps a Subject name to an entry in the LDAP server. + * subject name to form the ldap search dn and filter. + * Takes a optional root search dn. + * The DN comps are used to form a LDAP entry to begin a subtree search. + * The filter comps are used to form a search filter for the subtree. + * If none of the DN comps matched, baseDN is used for the subtree. + * If the baseDN is null and none of the DN comps matched, it is an error. + * If none of the DN comps and filter comps matched, it is an error. + * If just the filter comps is null, a base search is performed. + * * @version $Revision$, $Date$ */ -public class LdapDNCompsMap implements ILdapPlugin, IExtendedPluginInfo { - // protected String mLdapAttr = null; +public class LdapDNCompsMap + implements ILdapPlugin, IExtendedPluginInfo { + //protected String mLdapAttr = null; protected String mBaseDN = null; protected ObjectIdentifier[] mDnComps = null; protected ObjectIdentifier[] mFilterComps = null; @@ -67,23 +71,24 @@ public class LdapDNCompsMap implements ILdapPlugin, IExtendedPluginInfo { private boolean mInited = false; protected IConfigStore mConfig = null; - /** + /** * Constructor. + * + * The DN comps are used to form a LDAP entry to begin a subtree search. + * The filter comps are used to form a search filter for the subtree. + * If none of the DN comps matched, baseDN is used for the subtree. + * If the baseDN is null and none of the DN comps matched, it is an error. + * If none of the DN comps and filter comps matched, it is an error. + * If just the filter comps is null, a base search is performed. * - * The DN comps are used to form a LDAP entry to begin a subtree search. The - * filter comps are used to form a search filter for the subtree. If none of - * the DN comps matched, baseDN is used for the subtree. If the baseDN is - * null and none of the DN comps matched, it is an error. If none of the DN - * comps and filter comps matched, it is an error. If just the filter comps - * is null, a base search is performed. - * - * @param baseDN The base DN. + * @param baseDN The base DN. * @param dnComps Components to form the LDAP base dn for search. * @param filterComps Components to form the LDAP search filter. */ - public LdapDNCompsMap(String ldapAttr, String baseDN, - ObjectIdentifier[] dnComps, ObjectIdentifier[] filterComps) { - // mLdapAttr = ldapAttr; + public LdapDNCompsMap(String ldapAttr, String baseDN, + ObjectIdentifier[] dnComps, + ObjectIdentifier[] filterComps) { + //mLdapAttr = ldapAttr; init(baseDN, dnComps, filterComps); } @@ -97,16 +102,17 @@ public class LdapDNCompsMap implements ILdapPlugin, IExtendedPluginInfo { return mConfig; } - /** + /** * for initializing from config store. */ - public void init(IConfigStore config) throws EBaseException { + public void init(IConfigStore config) + throws EBaseException { mConfig = config; String baseDN = mConfig.getString("baseDN"); - ObjectIdentifier[] dnComps = getCompsFromString(mConfig - .getString("dnComps")); - ObjectIdentifier[] filterComps = getCompsFromString(mConfig - .getString("filterComps")); + ObjectIdentifier[] dnComps = + getCompsFromString(mConfig.getString("dnComps")); + ObjectIdentifier[] filterComps = + getCompsFromString(mConfig.getString("filterComps")); init(baseDN, dnComps, filterComps); } @@ -124,13 +130,14 @@ public class LdapDNCompsMap implements ILdapPlugin, IExtendedPluginInfo { "baseDN;string;Base to search from. E.g ou=Engineering,o=Fedora", "dnComps;string;Comma-separated list of attributes to put in the DN", "filterComps;string;Comma-separated list of attributes to form the filter", - IExtendedPluginInfo.HELP_TOKEN - + ";configuration-ldappublish-mapper-dncompsmapper", - IExtendedPluginInfo.HELP_TEXT - + ";More complex mapper. Used when there is not enough information " - + "in the cert request to form the complete LDAP DN. Using this " - + "plugin, you can specify additional LDAP filters to narrow down the " - + "search" }; + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ldappublish-mapper-dncompsmapper", + IExtendedPluginInfo.HELP_TEXT + + ";More complex mapper. Used when there is not enough information " + + "in the cert request to form the complete LDAP DN. Using this " + + "plugin, you can specify additional LDAP filters to narrow down the " + + "search" + }; return s; } @@ -156,12 +163,14 @@ public class LdapDNCompsMap implements ILdapPlugin, IExtendedPluginInfo { if (mDnComps == null) { v.addElement("dnComps="); } else { - v.addElement("dnComps=" + mConfig.getString("dnComps")); + v.addElement("dnComps=" + + mConfig.getString("dnComps")); } if (mFilterComps == null) { v.addElement("filterComps="); } else { - v.addElement("filterComps=" + mConfig.getString("filterComps")); + v.addElement("filterComps=" + + mConfig.getString("filterComps")); } } catch (Exception e) { } @@ -172,8 +181,8 @@ public class LdapDNCompsMap implements ILdapPlugin, IExtendedPluginInfo { * common initialization routine. */ protected void init(String baseDN, ObjectIdentifier[] dnComps, - ObjectIdentifier[] filterComps) { - if (mInited) + ObjectIdentifier[] filterComps) { + if (mInited) return; mBaseDN = baseDN; @@ -182,33 +191,36 @@ public class LdapDNCompsMap implements ILdapPlugin, IExtendedPluginInfo { if (filterComps != null) mFilterComps = (ObjectIdentifier[]) filterComps.clone(); - // log debug info. + // log debug info. for (int i = 0; i < mDnComps.length; i++) { - CMS.debug("LdapDNCompsMap: dnComp " - + X500NameAttrMap.getDefault().getName(mDnComps[i])); + CMS.debug( + "LdapDNCompsMap: dnComp " + X500NameAttrMap.getDefault().getName(mDnComps[i])); } for (int i = 0; i < mFilterComps.length; i++) { - CMS.debug("LdapDNCompsMap: filterComp " - + X500NameAttrMap.getDefault().getName(mFilterComps[i])); + CMS.debug("LdapDNCompsMap: filterComp " + + X500NameAttrMap.getDefault().getName(mFilterComps[i])); } mInited = true; } /** - * Maps a X500 subject name to LDAP entry. Uses DN components and filter - * components to form a DN and filter for a LDAP search. If the formed DN is - * null the baseDN will be used. If the formed DN is null and baseDN is null - * an error is thrown. If the filter is null a base search is performed. If - * both are null an error is thrown. + * Maps a X500 subject name to LDAP entry. + * Uses DN components and filter components to form a DN and + * filter for a LDAP search. + * If the formed DN is null the baseDN will be used. + * If the formed DN is null and baseDN is null an error is thrown. + * If the filter is null a base search is performed. + * If both are null an error is thrown. * - * @param conn the LDAP connection. - * @param x500name the dn to map. - * @param obj the object + * @param conn the LDAP connection. + * @param x500name the dn to map. + * @param obj the object * @exception ELdapException if any LDAP exceptions occured. * @return the DN of the entry. - */ - public String map(LDAPConnection conn, X500Name x500name, byte[] obj) - throws ELdapException { + */ + public String map(LDAPConnection conn, X500Name x500name, + byte[] obj) + throws ELdapException { try { if (conn == null) return null; @@ -222,17 +234,17 @@ public class LdapDNCompsMap implements ILdapPlugin, IExtendedPluginInfo { if (dn == null) { // #362332 // if (filter == null) { - // log(ILogger.LL_FAILURE, "No dn and filter formed"); - // throw new ELdapException( - // LdapResources.NO_DN_AND_FILTER_COMPS, - // x500name.toString()); + // log(ILogger.LL_FAILURE, "No dn and filter formed"); + // throw new ELdapException( + // LdapResources.NO_DN_AND_FILTER_COMPS, + // x500name.toString()); // } if (mBaseDN == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_BASE")); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_NO_DN_COMPS_AND_BASEDN", - x500name.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_NO_BASE")); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_NO_DN_COMPS_AND_BASEDN", + x500name.toString())); } dn = mBaseDN; } @@ -248,57 +260,53 @@ public class LdapDNCompsMap implements ILdapPlugin, IExtendedPluginInfo { attrs = new String[] { LDAPv3.NO_ATTRS }; - log(ILogger.LL_INFO, "searching for " + dn + " " + filter + " " - + ((scope == LDAPv2.SCOPE_SUB) ? "sub" : "base")); + log(ILogger.LL_INFO, "searching for " + dn + " " + filter + " " + + ((scope == LDAPv2.SCOPE_SUB) ? "sub" : "base")); - LDAPSearchResults results = conn.search(dn, scope, filter, attrs, - false); + LDAPSearchResults results = + conn.search(dn, scope, filter, attrs, false); LDAPEntry entry = results.next(); if (results.hasMoreElements()) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "PUBLISH_MORE_THAN_ONE_ENTRY", "", x500name.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_MORE_THAN_ONE_ENTRY", x500name.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", x500name.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", + x500name.toString())); } if (entry != null) { return entry.getDN(); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "PUBLISH_ENTRY_NOT_FOUND", "", x500name.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_NO_MATCH_FOUND", "null entry")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", "", x500name.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", + "null entry")); } } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage( - "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" - + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "PUBLISH_DN_MAP_EXCEPTION", "LDAPException", - e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_NO_MATCH_FOUND", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); } } } private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapDNCompsMap: " + msg); + "LdapDNCompsMap: " + msg); } /** * form a dn and filter from component in the cert subject name - * * @param subjName subject name */ - public String[] formDNandFilter(X500Name subjName) throws ELdapException { + public String[] formDNandFilter(X500Name subjName) + throws ELdapException { Vector dnRdns = new Vector(); SearchFilter filter = new SearchFilter(); X500NameAttrMap attrMap = X500NameAttrMap.getDefault(); @@ -319,16 +327,17 @@ public class LdapDNCompsMap implements ILdapPlugin, IExtendedPluginInfo { if (oid == EOid) { DerValue val = ava.getValue(); AVA newAVA = new AVA(mailOid, val); - RDN newRDN = new RDN(new AVA[] { newAVA }); + RDN newRDN = new RDN(new AVA[] { newAVA } + ); - CMS.debug("LdapDNCompsMap: Converted " - + rdn.toLdapDNString() + " to " - + newRDN.toLdapDNString() + " in DN"); + CMS.debug( + "LdapDNCompsMap: Converted " + rdn.toLdapDNString() + " to " + + newRDN.toLdapDNString() + " in DN"); rdn = newRDN; } dnRdns.addElement(rdn); - CMS.debug("LdapDNCompsMap: adding dn comp " - + rdn.toLdapDNString()); + CMS.debug( + "LdapDNCompsMap: adding dn comp " + rdn.toLdapDNString()); break; } } @@ -338,32 +347,31 @@ public class LdapDNCompsMap implements ILdapPlugin, IExtendedPluginInfo { DerValue val = ava.getValue(); AVA newAVA = new AVA(mailOid, val); - CMS.debug("LdapDNCompsMap: Converted " - + ava.toLdapDNString() + " to " - + newAVA.toLdapDNString() + " in filter"); + CMS.debug( + "LdapDNCompsMap: Converted " + ava.toLdapDNString() + " to " + + newAVA.toLdapDNString() + " in filter"); ava = newAVA; } filter.addElement(ava.toLdapDNString()); - CMS.debug("LdapDNCompsMap: adding filter comp " - + ava.toLdapDNString()); + CMS.debug( + "LdapDNCompsMap: adding filter comp " + ava.toLdapDNString()); break; } } - // XXX should be an error when string is null? + // XXX should be an error when string is null? // return to caller to decide. if (dnRdns.size() != 0) { dnStr = new X500Name(dnRdns).toLdapDNString(); - } + } if (filter.size() != 0) { filterStr = filter.toFilterString(); } } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_FROM_SUBJ_TO_DN", e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_FORM_DN_COMPS_FAILED", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_FROM_SUBJ_TO_DN", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FORM_DN_COMPS_FAILED", e.toString())); } return new String[] { dnStr, filterStr }; @@ -378,8 +386,8 @@ public class LdapDNCompsMap implements ILdapPlugin, IExtendedPluginInfo { } /** - * class for forming search filters for ldap searching from name=value - * components. components are anded. + * class for forming search filters for ldap searching from + * name=value components. components are anded. */ public static class SearchFilter extends Vector { /** @@ -407,22 +415,21 @@ public class LdapDNCompsMap implements ILdapPlugin, IExtendedPluginInfo { } /** - * useful routine for parsing components given as string to arrays of - * objectidentifiers. The string is expected to be comma separated AVA - * attribute names. For example, "uid,cn,o,ou". Attribute names are case - * insensitive. - * + * useful routine for parsing components given as string to + * arrays of objectidentifiers. + * The string is expected to be comma separated AVA attribute names. + * For example, "uid,cn,o,ou". Attribute names are case insensitive. * @param val the string specifying the comps * @exception ELdapException if any error occurs. */ public static ObjectIdentifier[] getCompsFromString(String val) - throws ELdapException { + throws ELdapException { StringTokenizer tokens; ObjectIdentifier[] comps; String attr; ObjectIdentifier oid; - if (val == null || val.length() == 0) + if (val == null || val.length() == 0) return new ObjectIdentifier[0]; tokens = new StringTokenizer(val, ", \t\n\r"); @@ -435,17 +442,18 @@ public class LdapDNCompsMap implements ILdapPlugin, IExtendedPluginInfo { while (tokens.hasMoreTokens()) { attr = tokens.nextToken().trim(); // mail -> E hack to look for E in subject names. - if (attr.equalsIgnoreCase("mail")) + if (attr.equalsIgnoreCase("mail")) attr = "E"; oid = X500NameAttrMap.getDefault().getOid(attr); if (oid != null) { comps[i++] = oid; } else { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_UNKNOWN_ATTR_IN_DN_FILTER_COMPS", attr)); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_UNKNOWN_ATTR_IN_DN_FILTER_COMPS", attr)); } } return comps; } } + diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java index a19e3c21..c3c26951 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java @@ -20,6 +20,7 @@ package com.netscape.cms.publish.mappers; + /////////////////////// // import statements // /////////////////////// @@ -55,29 +56,38 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; + ////////////////////// // class definition // ////////////////////// -/** - * Maps a request to an entry in the LDAP server. Takes a dnPattern to form the - * baseDN from the request attributes and certificate subject name. Does a base - * search for the entry in the directory to publish the cert or crl. The - * restriction of this mapper is that the ldap dn components must be part of - * certificate subject name or request attributes or constant. The difference of - * this mapper and LdapSimpleMap is that if the ldap entry is not found, it has - * the option to create the ldap entry given the dn and attributes formulated. - * +/** + * Maps a request to an entry in the LDAP server. + * Takes a dnPattern to form the baseDN from the + * request attributes and certificate subject name. + * Does a base search for the entry in the directory + * to publish the cert or crl. The restriction of + * this mapper is that the ldap dn components must + * be part of certificate subject name or request + * attributes or constant. The difference of this + * mapper and LdapSimpleMap is that if the ldap + * entry is not found, it has the option to create + * the ldap entry given the dn and attributes + * formulated. + * * @version $Revision$, $Date$ */ -public class LdapEnhancedMap implements ILdapMapper, IExtendedPluginInfo { - // ////////////////////// +public class LdapEnhancedMap + implements ILdapMapper, IExtendedPluginInfo { + //////////////////////// // default parameters // - // ////////////////////// + //////////////////////// + + - // //////////////////////////////////// + ////////////////////////////////////// // local LdapEnhancedMap parameters // - // //////////////////////////////////// + ////////////////////////////////////// private boolean mInited = false; @@ -92,14 +102,14 @@ public class LdapEnhancedMap implements ILdapMapper, IExtendedPluginInfo { protected String[] mLdapValues = null; - // ////////////////////////// + //////////////////////////// // ILdapMapper parameters // - // ////////////////////////// + //////////////////////////// /* mapper plug-in fields */ - protected static final String PROP_DNPATTERN = "dnPattern"; + protected static final String PROP_DNPATTERN = "dnPattern"; protected static final String PROP_CREATE = "createEntry"; - // the object class of the entry to be created. xxxx not done yet + // the object class of the entry to be created. xxxx not done yet protected static final String PROP_OBJCLASS = "objectClass"; // req/cert/ext attribute --> directory attribute table protected static final String PROP_ATTRNUM = "attrNum"; @@ -109,10 +119,10 @@ public class LdapEnhancedMap implements ILdapMapper, IExtendedPluginInfo { /* mapper plug-in fields initialization values */ private static final int DEFAULT_NUM_ATTRS = 1; - /* - * Holds mapper plug-in fields accepted by this implementation. This list is - * passed to the configuration console so configuration for instances of - * this implementation can be configured through the console. + /* Holds mapper plug-in fields accepted by this implementation. + * This list is passed to the configuration console so configuration + * for instances of this implementation can be configured through the + * console. */ private static Vector defaultParams = new Vector(); @@ -135,8 +145,9 @@ public class LdapEnhancedMap implements ILdapMapper, IExtendedPluginInfo { /* miscellaneous constants local to this mapper plug-in */ // default dn pattern if left blank or not set in the config - public static final String DEFAULT_DNPATTERN = "UID=$req.HTTP_PARAMS.UID, " - + "OU=people, O=$subj.o, C=$subj.c"; + public static final String DEFAULT_DNPATTERN = + "UID=$req.HTTP_PARAMS.UID, " + + "OU=people, O=$subj.o, C=$subj.c"; private static final int MAX_ATTRS = 10; protected static final int DEFAULT_ATTRNUM = 1; @@ -144,19 +155,21 @@ public class LdapEnhancedMap implements ILdapMapper, IExtendedPluginInfo { protected IConfigStore mConfig = null; protected AVAPattern[] mPatterns = null; - // ////////////////////////////////// + //////////////////////////////////// // IExtendedPluginInfo parameters // - // ////////////////////////////////// + //////////////////////////////////// - // ///////////////////// + + + /////////////////////// // Logger parameters // - // ///////////////////// + /////////////////////// private ILogger mLogger = CMS.getLogger(); - // /////////////////// + ///////////////////// // default methods // - // /////////////////// + ///////////////////// /** * Default constructor, initialization must follow. @@ -164,20 +177,22 @@ public class LdapEnhancedMap implements ILdapMapper, IExtendedPluginInfo { public LdapEnhancedMap() { } - // ///////////////////////////////// + /////////////////////////////////// // local LdapEnhancedMap methods // - // ///////////////////////////////// + /////////////////////////////////// /** * common initialization routine. */ - protected void init(String dnPattern) throws EBaseException { + protected void init(String dnPattern) + throws EBaseException { if (mInited) { return; } mDnPattern = dnPattern; - if (mDnPattern == null || mDnPattern.length() == 0) { + if (mDnPattern == null || + mDnPattern.length() == 0) { mDnPattern = DEFAULT_DNPATTERN; } @@ -187,10 +202,11 @@ public class LdapEnhancedMap implements ILdapMapper, IExtendedPluginInfo { String[] mCertAttrs = mPattern.getCertAttrs(); } catch (ELdapException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT", dnPattern, - e.toString())); - throw new EBaseException("falied to init with pattern " + dnPattern - + " " + e); + CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT", + dnPattern, e.toString())); + throw new EBaseException( + "falied to init with pattern " + + dnPattern + " " + e); } mInited = true; @@ -198,52 +214,60 @@ public class LdapEnhancedMap implements ILdapMapper, IExtendedPluginInfo { /** * form a dn from component in the request and cert subject name - * * @param req The request * @param obj The certificate or crl */ - private String formDN(IRequest req, Object obj) throws EBaseException { + private String formDN(IRequest req, Object obj) + throws EBaseException { CertificateExtensions certExt = null; X500Name subjectDN = null; try { X509Certificate cert = (X509Certificate) obj; - subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN(); - CMS.debug("LdapEnhancedMap: cert subject dn:" - + subjectDN.toString()); - - // certExt = (CertificateExtensions) - // ((X509CertImpl)cert).get( - // X509CertInfo.EXTENSIONS); - X509CertInfo info = (X509CertInfo) ((X509CertImpl) cert) - .get(X509CertImpl.NAME + "." + X509CertImpl.INFO); + subjectDN = + (X500Name) ((X509Certificate) cert).getSubjectDN(); + CMS.debug( + "LdapEnhancedMap: cert subject dn:" + + subjectDN.toString()); - certExt = (CertificateExtensions) info - .get(CertificateExtensions.NAME); + //certExt = (CertificateExtensions) + // ((X509CertImpl)cert).get( + // X509CertInfo.EXTENSIONS); + X509CertInfo info = (X509CertInfo) + ((X509CertImpl) cert).get( + X509CertImpl.NAME + + "." + + X509CertImpl.INFO); + + certExt = (CertificateExtensions) + info.get(CertificateExtensions.NAME); } catch (java.security.cert.CertificateParsingException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); + CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); + CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); } catch (java.security.cert.CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); + CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); } catch (ClassCastException e) { try { X509CRLImpl crl = (X509CRLImpl) obj; - subjectDN = (X500Name) ((X509CRLImpl) crl).getIssuerDN(); + subjectDN = (X500Name) + ((X509CRLImpl) crl).getIssuerDN(); - CMS.debug("LdapEnhancedMap: crl issuer dn: " + + CMS.debug( + "LdapEnhancedMap: crl issuer dn: " + - subjectDN.toString()); + subjectDN.toString()); } catch (ClassCastException ex) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED", - ((req == null) ? "" : req.getRequestId().toString()))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED", + ((req == null) ? "" + : req.getRequestId().toString()))); return null; } } @@ -253,8 +277,10 @@ public class LdapEnhancedMap implements ILdapMapper, IExtendedPluginInfo { for (int i = 0; i < mNumAttrs; i++) { if (mPatterns[i] != null) { - mLdapValues[i] = mPatterns[i].formAVA(req, subjectDN, - certExt); + mLdapValues[i] = mPatterns[i].formAVA( + req, + subjectDN, + certExt); } } @@ -262,22 +288,27 @@ public class LdapEnhancedMap implements ILdapMapper, IExtendedPluginInfo { return dn; } catch (ELdapException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_FORM_DN", - ((req == null) ? "" : req.getRequestId().toString()), - e.toString())); - - throw new EBaseException("failed to form dn for request: " - + ((req == null) ? "" : req.getRequestId().toString()) - + " " + e); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_CANT_FORM_DN", + ((req == null) ? "" + : req.getRequestId().toString()), e.toString())); + + throw new EBaseException( + "failed to form dn for request: " + + ((req == null) ? "" + : req.getRequestId().toString()) + + " " + e); } } private void createEntry(LDAPConnection conn, String dn) - throws LDAPException { + throws LDAPException { LDAPAttributeSet attrs = new LDAPAttributeSet(); // OID 2.5.6.16 - String caOc[] = { "top", "person", "organizationalPerson", + String caOc[] = { "top", + "person", + "organizationalPerson", "inetOrgPerson" }; DN dnobj = new DN(dn); @@ -288,10 +319,12 @@ public class LdapEnhancedMap implements ILdapMapper, IExtendedPluginInfo { attrs.add(new LDAPAttribute("objectclass", caOc)); for (int i = 0; i < mNumAttrs; i++) { - if (mLdapNames[i] != null && !mLdapNames[i].trim().equals("") - && mLdapValues[i] != null - && !mLdapValues[i].trim().equals("")) { - attrs.add(new LDAPAttribute(mLdapNames[i], mLdapValues[i])); + if (mLdapNames[i] != null && + !mLdapNames[i].trim().equals("") && + mLdapValues[i] != null && + !mLdapValues[i].trim().equals("")) { + attrs.add(new LDAPAttribute(mLdapNames[i], + mLdapValues[i])); } } @@ -300,23 +333,28 @@ public class LdapEnhancedMap implements ILdapMapper, IExtendedPluginInfo { conn.add(entry); } - // /////////////////////// + ///////////////////////// // ILdapMapper methods // - // /////////////////////// + ///////////////////////// - /** + /** * for initializing from config store. - * - * implementation for extended ILdapPlugin interface method + * + * implementation for extended + * ILdapPlugin interface method */ - public void init(IConfigStore config) throws EBaseException { + public void init(IConfigStore config) + throws EBaseException { mConfig = config; - mDnPattern = mConfig.getString(PROP_DNPATTERN, DEFAULT_DNPATTERN); + mDnPattern = mConfig.getString(PROP_DNPATTERN, + DEFAULT_DNPATTERN); - mCreateEntry = mConfig.getBoolean(PROP_CREATE, true); + mCreateEntry = mConfig.getBoolean(PROP_CREATE, + true); - mNumAttrs = mConfig.getInteger(PROP_ATTRNUM, 0); + mNumAttrs = mConfig.getInteger(PROP_ATTRNUM, + 0); mLdapNames = new String[mNumAttrs]; @@ -324,13 +362,18 @@ public class LdapEnhancedMap implements ILdapMapper, IExtendedPluginInfo { mPatterns = new AVAPattern[mNumAttrs]; for (int i = 0; i < mNumAttrs; i++) { - mLdapNames[i] = mConfig.getString( - PROP_ATTR_NAME + Integer.toString(i), ""); - - mLdapPatterns[i] = mConfig.getString( - PROP_ATTR_PATTERN + Integer.toString(i), ""); - - if (mLdapPatterns[i] != null && !mLdapPatterns[i].trim().equals("")) { + mLdapNames[i] = + mConfig.getString(PROP_ATTR_NAME + + Integer.toString(i), + ""); + + mLdapPatterns[i] = + mConfig.getString(PROP_ATTR_PATTERN + + Integer.toString(i), + ""); + + if (mLdapPatterns[i] != null && + !mLdapPatterns[i].trim().equals("")) { mPatterns[i] = new AVAPattern(mLdapPatterns[i]); } } @@ -338,8 +381,9 @@ public class LdapEnhancedMap implements ILdapMapper, IExtendedPluginInfo { init(mDnPattern); } - /** - * implementation for extended ILdapPlugin interface method + /** + * implementation for extended + * ILdapPlugin interface method */ public IConfigStore getConfigStore() { return mConfig; @@ -363,28 +407,34 @@ public class LdapEnhancedMap implements ILdapMapper, IExtendedPluginInfo { try { if (mDnPattern == null) { v.addElement(PROP_DNPATTERN + "="); - } else { - v.addElement(PROP_DNPATTERN + "=" - + mConfig.getString(PROP_DNPATTERN)); + }else { + v.addElement(PROP_DNPATTERN + "=" + + mConfig.getString(PROP_DNPATTERN)); } - v.addElement(PROP_CREATE + "=" - + mConfig.getBoolean(PROP_CREATE, true)); + v.addElement(PROP_CREATE + "=" + + mConfig.getBoolean(PROP_CREATE, + true)); - v.addElement(PROP_ATTRNUM + "=" - + mConfig.getInteger(PROP_ATTRNUM, DEFAULT_NUM_ATTRS)); + v.addElement(PROP_ATTRNUM + "=" + + mConfig.getInteger(PROP_ATTRNUM, + DEFAULT_NUM_ATTRS)); for (int i = 0; i < mNumAttrs; i++) { if (mLdapNames[i] != null) { - v.addElement(PROP_ATTR_NAME + i + "=" + mLdapNames[i]); + v.addElement(PROP_ATTR_NAME + i + + "=" + mLdapNames[i]); } else { - v.addElement(PROP_ATTR_NAME + i + "="); + v.addElement(PROP_ATTR_NAME + i + + "="); } if (mLdapPatterns[i] != null) { - v.addElement(PROP_ATTR_PATTERN + i + "=" + mLdapPatterns[i]); + v.addElement(PROP_ATTR_PATTERN + i + + "=" + mLdapPatterns[i]); } else { - v.addElement(PROP_ATTR_PATTERN + i + "="); + v.addElement(PROP_ATTR_PATTERN + i + + "="); } } } catch (Exception e) { @@ -394,28 +444,29 @@ public class LdapEnhancedMap implements ILdapMapper, IExtendedPluginInfo { } /** - * Maps an X500 subject name to an LDAP entry. Uses DN pattern to form a DN - * for an LDAP base search. + * Maps an X500 subject name to an LDAP entry. + * Uses DN pattern to form a DN for an LDAP base search. * - * @param conn the LDAP connection. - * @param obj the object to map. - * @exception ELdapException if any LDAP exceptions occurred. - */ - public String map(LDAPConnection conn, Object obj) throws ELdapException { + * @param conn the LDAP connection. + * @param obj the object to map. + * @exception ELdapException if any LDAP exceptions occurred. + */ + public String map(LDAPConnection conn, Object obj) + throws ELdapException { return map(conn, null, obj); } /** - * Maps an X500 subject name to an LDAP entry. Uses DN pattern to form a DN - * for an LDAP base search. + * Maps an X500 subject name to an LDAP entry. + * Uses DN pattern to form a DN for an LDAP base search. * - * @param conn the LDAP connection. - * @param req the request to map. - * @param obj the object to map. - * @exception ELdapException if any LDAP exceptions occurred. - */ + * @param conn the LDAP connection. + * @param req the request to map. + * @param obj the object to map. + * @exception ELdapException if any LDAP exceptions occurred. + */ public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { if (conn == null) { return null; } @@ -426,14 +477,14 @@ public class LdapEnhancedMap implements ILdapMapper, IExtendedPluginInfo { dn = formDN(req, obj); if (dn == null) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_DN_NOT_FORMED")); + CMS.getLogMessage("PUBLISH_DN_NOT_FORMED")); String s1 = ""; if (req != null) s1 = req.getRequestId().toString(); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_NO_DN_MATCH", s1)); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_NO_DN_MATCH", s1)); } int scope = LDAPv2.SCOPE_BASE; @@ -442,132 +493,155 @@ public class LdapEnhancedMap implements ILdapMapper, IExtendedPluginInfo { // search for entry String[] attrs = new String[] { LDAPv3.NO_ATTRS }; - log(ILogger.LL_INFO, "searching for dn: " + dn + " filter:" - + filter + " scope: base"); + log(ILogger.LL_INFO, + "searching for dn: " + + dn + " filter:" + + filter + " scope: base"); - LDAPSearchResults results = conn.search(dn, scope, filter, attrs, + LDAPSearchResults results = conn.search(dn, + scope, + filter, + attrs, false); LDAPEntry entry = results.next(); if (results.hasMoreElements()) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", dn - + ((req == null) ? "" : req.getRequestId() - .toString()))); - - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_MORE_THAN_ONE_ENTRY", ((req == null) ? "" - : req.getRequestId().toString()))); + CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", + dn + + ((req == null) ? "" + : req.getRequestId().toString()))); + + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", + ((req == null) ? "" + : req.getRequestId().toString()))); } if (entry != null) { return entry.getDN(); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", dn - + ((req == null) ? "" : req.getRequestId() - .toString()))); - - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_NO_MATCH_FOUND", "null entry")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", + dn + + ((req == null) ? "" + : req.getRequestId().toString()))); + + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", + "null entry")); } } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage( - "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" - + conn.getPort())); - } else if (e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT - && mCreateEntry) { + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + } else if (e.getLDAPResultCode() == + LDAPException.NO_SUCH_OBJECT && mCreateEntry) { try { createEntry(conn, dn); - log(ILogger.LL_INFO, "Entry " + dn + " Created"); + log(ILogger.LL_INFO, + "Entry " + + dn + + " Created"); return dn; } catch (LDAPException e1) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", dn, - e.toString())); + CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", + dn, + e.toString())); - log(ILogger.LL_FAILURE, "Entry is not created. " - + "This may because there are " - + "entries in the directory " - + "hierachy not exit."); + log(ILogger.LL_FAILURE, + "Entry is not created. " + + "This may because there are " + + "entries in the directory " + + "hierachy not exit."); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_CREATE_ENTRY", dn)); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_CREATE_ENTRY", dn)); } } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", dn, - e.toString())); + CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", + dn, + e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_NO_MATCH_FOUND", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); } } catch (EBaseException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_EXCEPTION_CAUGHT", e.toString())); + CMS.getLogMessage("PUBLISH_EXCEPTION_CAUGHT", + e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_NO_MATCH_FOUND", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); } } - // /////////////////////////////// + ///////////////////////////////// // IExtendedPluginInfo methods // - // /////////////////////////////// + ///////////////////////////////// public String[] getExtendedPluginInfo(Locale locale) { Vector v = new Vector(); - v.addElement(PROP_DNPATTERN + ";string;Describes how to form the Ldap " - + "Subject name in the directory. " - + "Example 1: 'uid=CertMgr, o=Fedora'. " - + "Example 2: 'uid=$req.HTTP_PARAMS.uid, " - + "E=$ext.SubjectAlternativeName.RFC822Name, " - + "ou=$subj.ou'. " + "$req means: take the attribute from the " - + "request. " + "$subj means: take the attribute from the " - + "certificate subject name. " - + "$ext means: take the attribute from the " - + "certificate extension"); - v.addElement(PROP_CREATE + ";boolean;If checked, An entry will be " - + "created automatically"); - v.addElement(PROP_ATTRNUM + ";string;How many attributes to add."); - v.addElement(IExtendedPluginInfo.HELP_TOKEN - + ";configuration-ldappublish-mapper-enhancedmapper"); - v.addElement(IExtendedPluginInfo.HELP_TEXT - + ";Describes how to form the LDAP DN of the " - + "entry to publish to"); + v.addElement(PROP_DNPATTERN + + ";string;Describes how to form the Ldap " + + "Subject name in the directory. " + + "Example 1: 'uid=CertMgr, o=Fedora'. " + + "Example 2: 'uid=$req.HTTP_PARAMS.uid, " + + "E=$ext.SubjectAlternativeName.RFC822Name, " + + "ou=$subj.ou'. " + + "$req means: take the attribute from the " + + "request. " + + "$subj means: take the attribute from the " + + "certificate subject name. " + + "$ext means: take the attribute from the " + + "certificate extension"); + v.addElement(PROP_CREATE + + ";boolean;If checked, An entry will be " + + "created automatically"); + v.addElement(PROP_ATTRNUM + + ";string;How many attributes to add."); + v.addElement(IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ldappublish-mapper-enhancedmapper"); + v.addElement(IExtendedPluginInfo.HELP_TEXT + + ";Describes how to form the LDAP DN of the " + + "entry to publish to"); for (int i = 0; i < MAX_ATTRS; i++) { - v.addElement(PROP_ATTR_NAME + Integer.toString(i) + ";string;" - + "The name of LDAP attribute " + "to be added. e.g. mail"); - v.addElement(PROP_ATTR_PATTERN + Integer.toString(i) + ";string;" - + "How to create the LDAP attribute value. " - + "e.g. $req.HTTP_PARAMS.csrRequestorEmail, " - + "$subj.E or " + "$ext.SubjectAlternativeName.RFC822Name"); + v.addElement(PROP_ATTR_NAME + + Integer.toString(i) + + ";string;" + + "The name of LDAP attribute " + + "to be added. e.g. mail"); + v.addElement(PROP_ATTR_PATTERN + + Integer.toString(i) + + ";string;" + + "How to create the LDAP attribute value. " + + "e.g. $req.HTTP_PARAMS.csrRequestorEmail, " + + "$subj.E or " + + "$ext.SubjectAlternativeName.RFC822Name"); } - String params[] = com.netscape.cmsutil.util.Utils - .getStringArrayFromVector(v); + String params[] = + com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); return params; } - // ////////////////// + //////////////////// // Logger methods // - // ////////////////// + //////////////////// private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapEnhancedMapper: " + msg); + "LdapEnhancedMapper: " + msg); } } + diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java index 212f7237..c08ec849 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; + import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Locale; @@ -44,17 +45,19 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; -/** - * Maps a request to an entry in the LDAP server. Takes a dnPattern to form the - * baseDN from the request attributes and certificate subject name.Do a base - * search for the entry in the directory to publish the cert or crl. The - * restriction of this mapper is that the ldap dn components must be part of - * certificate subject name or request attributes or constant. - * + +/** + * Maps a request to an entry in the LDAP server. + * Takes a dnPattern to form the baseDN from the request attributes + * and certificate subject name.Do a base search for the entry + * in the directory to publish the cert or crl. + * The restriction of this mapper is that the ldap dn components must + * be part of certificate subject name or request attributes or constant. + * * @version $Revision$, $Date$ */ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { - protected static final String PROP_DNPATTERN = "dnPattern"; + protected static final String PROP_DNPATTERN = "dnPattern"; protected String mDnPattern = null; private ILogger mLogger = CMS.getLogger(); @@ -64,28 +67,28 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { /* the subject DN pattern */ protected MapDNPattern mPattern = null; - /* the list of request attriubutes to retrieve */ + /* the list of request attriubutes to retrieve*/ protected String[] mReqAttrs = null; - /* the list of cert attriubutes to retrieve */ + /* the list of cert attriubutes to retrieve*/ protected String[] mCertAttrs = null; /* default dn pattern if left blank or not set in the config */ - public static final String DEFAULT_DNPATTERN = "UID=$req.HTTP_PARAMS.UID, OU=people, O=$subj.o, C=$subj.c"; + public static final String DEFAULT_DNPATTERN = + "UID=$req.HTTP_PARAMS.UID, OU=people, O=$subj.o, C=$subj.c"; - /** + /** * Constructor. - * - * @param dnPattern The base DN. + * + * @param dnPattern The base DN. */ public LdapSimpleMap(String dnPattern) { try { init(dnPattern); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("OPERATION_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); } - + } /** @@ -96,16 +99,15 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { public String[] getExtendedPluginInfo(Locale locale) { String params[] = { - "dnPattern;string;Describes how to form the Ldap Subject name in" - + " the directory. Example 1: 'uid=CertMgr, o=Fedora'. Example 2:" - + " 'uid=$req.HTTP_PARAMS.uid, E=$ext.SubjectAlternativeName.RFC822Name, ou=$subj.ou'. " - + "$req means: take the attribute from the request. " - + "$subj means: take the attribute from the certificate subject name. " - + "$ext means: take the attribute from the certificate extension", - IExtendedPluginInfo.HELP_TOKEN - + ";configuration-ldappublish-mapper-simplemapper", - IExtendedPluginInfo.HELP_TEXT - + ";Describes how to form the LDAP DN of the entry to publish to" }; + "dnPattern;string;Describes how to form the Ldap Subject name in" + + " the directory. Example 1: 'uid=CertMgr, o=Fedora'. Example 2:" + + " 'uid=$req.HTTP_PARAMS.uid, E=$ext.SubjectAlternativeName.RFC822Name, ou=$subj.ou'. " + + "$req means: take the attribute from the request. " + + "$subj means: take the attribute from the certificate subject name. " + + "$ext means: take the attribute from the certificate extension", + IExtendedPluginInfo.HELP_TOKEN + ";configuration-ldappublish-mapper-simplemapper", + IExtendedPluginInfo.HELP_TEXT + ";Describes how to form the LDAP DN of the entry to publish to" + }; return params; } @@ -114,10 +116,11 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { return mConfig; } - /** + /** * for initializing from config store. */ - public void init(IConfigStore config) throws EBaseException { + public void init(IConfigStore config) + throws EBaseException { mConfig = config; String dnPattern = mConfig.getString(PROP_DNPATTERN); @@ -127,51 +130,52 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { /** * common initialization routine. */ - protected void init(String dnPattern) throws EBaseException { - if (mInited) + protected void init(String dnPattern) + throws EBaseException { + if (mInited) return; mDnPattern = dnPattern; - if (mDnPattern == null || mDnPattern.length() == 0) + if (mDnPattern == null || mDnPattern.length() == 0) mDnPattern = DEFAULT_DNPATTERN; try { mPattern = new MapDNPattern(mDnPattern); String[] mReqAttrs = mPattern.getReqAttrs(); String[] mCertAttrs = mPattern.getCertAttrs(); } catch (ELdapException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT", dnPattern, - e.toString())); - throw new EBaseException("falied to init with pattern " + dnPattern - + " " + e); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT", + dnPattern, e.toString())); + throw new EBaseException("falied to init with pattern " + + dnPattern + " " + e); } mInited = true; } /** - * Maps a X500 subject name to LDAP entry. Uses DN pattern to form a DN for - * a LDAP base search. + * Maps a X500 subject name to LDAP entry. + * Uses DN pattern to form a DN for a LDAP base search. * - * @param conn the LDAP connection. - * @param obj the object to map. + * @param conn the LDAP connection. + * @param obj the object to map. * @exception ELdapException if any LDAP exceptions occured. - */ - public String map(LDAPConnection conn, Object obj) throws ELdapException { + */ + public String map(LDAPConnection conn, Object obj) + throws ELdapException { return map(conn, null, obj); } /** - * Maps a X500 subject name to LDAP entry. Uses DN pattern to form a DN for - * a LDAP base search. + * Maps a X500 subject name to LDAP entry. + * Uses DN pattern to form a DN for a LDAP base search. * - * @param conn the LDAP connection. - * @param req the request to map. - * @param obj the object to map. + * @param conn the LDAP connection. + * @param req the request to map. + * @param obj the object to map. * @exception ELdapException if any LDAP exceptions occured. - */ + */ public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { if (conn == null) return null; String dn = null; @@ -179,14 +183,13 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { try { dn = formDN(req, obj); if (dn == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_DN_NOT_FORMED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_NOT_FORMED")); String s1 = ""; if (req != null) s1 = req.getRequestId().toString(); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_NO_DN_MATCH", s1)); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_NO_DN_MATCH", s1)); } int scope = LDAPv2.SCOPE_BASE; String filter = "(objectclass=*)"; @@ -195,28 +198,24 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { String[] attrs = new String[] { LDAPv3.NO_ATTRS }; log(ILogger.LL_INFO, "searching for dn: " + dn + " filter:" - + filter + " scope: base"); + + filter + " scope: base"); - LDAPSearchResults results = conn.search(dn, scope, filter, attrs, - false); + LDAPSearchResults results = + conn.search(dn, scope, filter, attrs, false); LDAPEntry entry = results.next(); if (results.hasMoreElements()) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "PUBLISH_MORE_THAN_ONE_ENTRY", dn, ((req == null) ? "" - : req.getRequestId().toString()))); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_MORE_THAN_ONE_ENTRY", ((req == null) ? "" - : req.getRequestId().toString()))); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", dn, ((req == null) ? "" : req.getRequestId().toString()))); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", + ((req == null) ? "" : req.getRequestId().toString()))); } if (entry != null) return entry.getDN(); else { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "PUBLISH_ENTRY_NOT_FOUND", dn, ((req == null) ? "" - : req.getRequestId().toString()))); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_NO_MATCH_FOUND", "null entry")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", dn, ((req == null) ? "" : req.getRequestId().toString()))); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", + "null entry")); } } catch (ELdapException e) { throw e; @@ -225,69 +224,61 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage( - "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" - + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "", - e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_NO_MATCH_FOUND", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); } } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_EXCEPTION_CAUGHT", e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_NO_MATCH_FOUND", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_EXCEPTION_CAUGHT", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); } } /** * form a dn from component in the request and cert subject name - * * @param req The request * @param obj The certificate or crl */ - private String formDN(IRequest req, Object obj) throws EBaseException, - ELdapException { + private String formDN(IRequest req, Object obj) throws + EBaseException, ELdapException { X500Name subjectDN = null; CertificateExtensions certExt = null; try { X509Certificate cert = (X509Certificate) obj; - subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN(); + subjectDN = + (X500Name) ((X509Certificate) cert).getSubjectDN(); CMS.debug("LdapSimpleMap: cert subject dn:" + subjectDN.toString()); - // certExt = (CertificateExtensions) - // ((X509CertImpl)cert).get(X509CertInfo.EXTENSIONS); - X509CertInfo info = (X509CertInfo) ((X509CertImpl) cert) - .get(X509CertImpl.NAME + "." + X509CertImpl.INFO); - - certExt = (CertificateExtensions) info - .get(CertificateExtensions.NAME); + //certExt = (CertificateExtensions) + // ((X509CertImpl)cert).get(X509CertInfo.EXTENSIONS); + X509CertInfo info = (X509CertInfo) + ((X509CertImpl) cert).get( + X509CertImpl.NAME + "." + X509CertImpl.INFO); + + certExt = (CertificateExtensions) info.get( + CertificateExtensions.NAME); } catch (java.security.cert.CertificateParsingException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); } catch (java.security.cert.CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString())); } catch (ClassCastException e) { try { X509CRLImpl crl = (X509CRLImpl) obj; - subjectDN = (X500Name) ((X509CRLImpl) crl).getIssuerDN(); + subjectDN = + (X500Name) ((X509CRLImpl) crl).getIssuerDN(); - CMS.debug("LdapSimpleMap: crl issuer dn: " - + subjectDN.toString()); - } catch (ClassCastException ex) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED", + CMS.debug("LdapSimpleMap: crl issuer dn: " + + subjectDN.toString()); + }catch (ClassCastException ex) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED", ((req == null) ? "" : req.getRequestId().toString()))); return null; } @@ -298,8 +289,7 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { return dn; } catch (ELdapException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_FORM_DN", - ((req == null) ? "" : req.getRequestId().toString()), - e.toString())); + ((req == null) ? "" : req.getRequestId().toString()), e.toString())); throw e; } } @@ -325,9 +315,9 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { try { if (mDnPattern == null) { v.addElement(PROP_DNPATTERN + "="); - } else { - v.addElement(PROP_DNPATTERN + "=" - + mConfig.getString(PROP_DNPATTERN)); + }else { + v.addElement(PROP_DNPATTERN + "=" + + mConfig.getString(PROP_DNPATTERN)); } } catch (Exception e) { } @@ -336,7 +326,8 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapSimpleMapper: " + msg); + "LdapSimpleMapper: " + msg); } } + diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java index 41cc5308..26503040 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; + import java.io.IOException; import java.io.PushbackReader; import java.io.StringReader; @@ -40,28 +41,26 @@ import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.publish.ECompSyntaxErr; import com.netscape.certsrv.request.IRequest; + /** - * class for parsing a DN pattern used to construct a ldap dn from request - * attributes and cert subject name. - * <p> - * - * dnpattern is a string representing a ldap dn pattern to formulate from the - * certificate subject name attributes and request attributes . If empty or not - * set, the certificate subject name will be used as the ldap dn. - * <p> + * class for parsing a DN pattern used to construct a ldap dn from + * request attributes and cert subject name.<p> * - * The syntax is + * dnpattern is a string representing a ldap dn pattern to formulate from + * the certificate subject name attributes and request attributes . + * If empty or not set, the certificate subject name + * will be used as the ldap dn. <p> * + * The syntax is * <pre> - * dnPattern := rdnPattern *[ "," rdnPattern ] - * rdnPattern := avaPattern *[ "+" avaPattern ] + * dnPattern := rdnPattern *[ "," rdnPattern ] + * rdnPattern := avaPattern *[ "+" avaPattern ] * avaPattern := name "=" value | - * name "=" "$subj" "." attrName [ "." attrNumber ] | - * name "=" "$ext" "." extName [ "." nameType ] [ "." attrNumber ] - * name "=" "$req" "." attrName [ "." attrNumber ] | - * "$rdn" "." number + * name "=" "$subj" "." attrName [ "." attrNumber ] | + * name "=" "$ext" "." extName [ "." nameType ] [ "." attrNumber ] + * name "=" "$req" "." attrName [ "." attrNumber ] | + * "$rdn" "." number * </pre> - * * <pre> * Example1: <i>cn=Certificate Manager,ou=people,o=mcom.com</i> * cert subject name: dn: CN=Certificate Manager, OU=people, O=mcom.com @@ -72,7 +71,7 @@ import com.netscape.certsrv.request.IRequest; * <p> * note: Subordinate ca enrollment will use ca mapper. Use predicate * to distinguish the ca itself and the subordinates. - * + * * Example2: <i>UID=$req.HTTP_PARAMS.uid, OU=$subj.ou, OU=people, , O=mcom.com</i> * cert subject name: dn: UID=jjames, OU=IS, OU=people, , O=mcom.com * request attributes: uid: cmanager @@ -97,10 +96,10 @@ import com.netscape.certsrv.request.IRequest; * O = the string mcom.com. <br> * <p> * </pre> - * - * If an request attribute or subject DN component does not exist, the attribute - * is skipped. There is potential risk that a wrong dn will be mapped into. - * + * If an request attribute or subject DN component does not exist, + * the attribute is skipped. There is potential risk that a wrong dn + * will be mapped into. + * * @version $Revision$, $Date$ */ class MapAVAPattern { @@ -112,29 +111,34 @@ class MapAVAPattern { public static final String TYPE_RDN = "$rdn"; public static final String TYPE_CONSTANT = "constant"; - public static final String[] GENERAL_NAME_TYPE = { "ANY", "RFC822Name", - "DNSName", "X400Name", "DIRECTORYName", "EDIName", "URIName", - "IPAddress", "OIDName" }; + public static final String[] GENERAL_NAME_TYPE = { "ANY", + "RFC822Name", + "DNSName", + "X400Name", + "DIRECTORYName", + "EDIName", + "URIName", + "IPAddress", + "OIDName"}; private static final char[] endChars = new char[] { '+', ',' }; - private static final LdapV3DNStrConverter mLdapDNStrConverter = new LdapV3DNStrConverter(); + private static final LdapV3DNStrConverter mLdapDNStrConverter = + new LdapV3DNStrConverter(); - /* the list of request attributes needed by this AVA */ + /* the list of request attributes needed by this AVA */ protected String[] mReqAttrs = null; - /* the list of cert attributes needed by this AVA */ + /* the list of cert attributes needed by this AVA*/ protected String[] mCertAttrs = null; /* value type */ protected String mType = null; /* the attribute in the AVA pair */ - protected String mAttr = null; + protected String mAttr = null; - /* - * value - could be name of a request attribute or cert subject dn - * attribute. - */ + /* value - could be name of a request attribute or + * cert subject dn attribute. */ protected String mValue = null; /* value type - general name type of an extension attribute if any. */ @@ -148,202 +152,192 @@ class MapAVAPattern { protected String mTestDN = null; - public MapAVAPattern(String component) throws ELdapException { - if (component == null || component.length() == 0) - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", component)); + public MapAVAPattern(String component) + throws ELdapException { + if (component == null || component.length() == 0) + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", component)); parse(new PushbackReader(new StringReader(component))); } - public MapAVAPattern(PushbackReader in) throws ELdapException { + public MapAVAPattern(PushbackReader in) + throws ELdapException { parse(in); } - private void parse(PushbackReader in) throws ELdapException { + private void parse(PushbackReader in) + throws ELdapException { int c; // mark ava beginning. // skip spaces - // System.out.println("============ AVAPattern Begin ==========="); - // System.out.println("skip spaces"); + //System.out.println("============ AVAPattern Begin ==========="); + //System.out.println("skip spaces"); try { - while ((c = in.read()) == ' ' || c == '\t') {// System.out.println("spaces read "+(char)c); + while ((c = in.read()) == ' ' || c == '\t') {//System.out.println("spaces read "+(char)c); ; } } catch (IOException e) { - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank")); } - if (c == -1) - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank")); + if (c == -1) + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank")); - // $rdn "." number syntax. + // $rdn "." number syntax. if (c == '$') { - // System.out.println("$rdn syntax"); + //System.out.println("$rdn syntax"); mType = TYPE_RDN; try { - if (in.read() != 'r' || in.read() != 'd' || in.read() != 'n' - || in.read() != '.') - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "Invalid $ syntax, expecting $rdn")); + if (in.read() != 'r' || + in.read() != 'd' || + in.read() != 'n' || + in.read() != '.') + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn")); } catch (IOException e) { - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "Invalid $ syntax, expecting $rdn")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn")); } StringBuffer rdnNumberBuf = new StringBuffer(); try { while ((c = in.read()) != ',' && c != -1 && c != '+') { - // System.out.println("rdnNumber read "+(char)c); + //System.out.println("rdnNumber read "+(char)c); rdnNumberBuf.append((char) c); } if (c != -1) // either ',' or '+' in.unread(c); } catch (IOException e) { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } String rdnNumber = rdnNumberBuf.toString().trim(); - if (rdnNumber.length() == 0) - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "$rdn number not set in ava pattern")); + if (rdnNumber.length() == 0) + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "$rdn number not set in ava pattern")); try { mElement = Integer.parseInt(rdnNumber) - 1; } catch (NumberFormatException e) { - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "Invalid $rdn number in ava pattern")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $rdn number in ava pattern")); } return; } - // name "=" ... syntax. + // name "=" ... syntax. - // read name - // System.out.println("reading name"); + // read name + //System.out.println("reading name"); - StringBuffer attrBuf = new StringBuffer(); + StringBuffer attrBuf = new StringBuffer(); try { while (c != '=' && c != -1 && c != ',' && c != '+') { attrBuf.append((char) c); c = in.read(); - // System.out.println("name read "+(char)c); - } - if (c == ',' || c == '+') + //System.out.println("name read "+(char)c); + } + if (c == ',' || c == '+') in.unread(c); } catch (IOException e) { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } if (c != '=') - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "Missing \"=\" in ava pattern")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Missing \"=\" in ava pattern")); - // read value - // System.out.println("reading value"); + // read value + //System.out.println("reading value"); - // skip spaces - // System.out.println("skip spaces for value"); + // skip spaces + //System.out.println("skip spaces for value"); try { - while ((c = in.read()) == ' ' || c == '\t') {// System.out.println("spaces2 read "+(char)c); + while ((c = in.read()) == ' ' || c == '\t') {//System.out.println("spaces2 read "+(char)c); ; } } catch (IOException e) { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } - if (c == -1) - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "no value after = in ava pattern")); + if (c == -1) + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "no value after = in ava pattern")); if (c == '$') { - // check for $subj $ext or $req + // check for $subj $ext or $req try { c = in.read(); - // System.out.println("check $dn or $attr read "+(char)c); + //System.out.println("check $dn or $attr read "+(char)c); } catch (IOException e) { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } - if (c == -1) - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "expecting $subj or $req in ava pattern")); + if (c == -1) + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "expecting $subj or $req in ava pattern")); if (c == 'r') { try { - if (in.read() != 'e' || in.read() != 'q' - || in.read() != '.') - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "expecting $req in ava pattern")); + if (in.read() != 'e' || + in.read() != 'q' || + in.read() != '.') + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "expecting $req in ava pattern")); } catch (IOException e) { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } mType = TYPE_REQ; - // System.out.println("---- mtype $req"); + //System.out.println("---- mtype $req"); } else if (c == 's') { try { - if (in.read() != 'u' || in.read() != 'b' - || in.read() != 'j' || in.read() != '.') - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "expecting $subj in ava pattern")); + if (in.read() != 'u' || + in.read() != 'b' || + in.read() != 'j' || + in.read() != '.') + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "expecting $subj in ava pattern")); } catch (IOException e) { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } mType = TYPE_SUBJ; - // System.out.println("----- mtype $subj"); + //System.out.println("----- mtype $subj"); } else if (c == 'e') { try { - if (in.read() != 'x' || in.read() != 't' - || in.read() != '.') - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "expecting $ext in ava pattern")); + if (in.read() != 'x' || + in.read() != 't' || + in.read() != '.') + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "expecting $ext in ava pattern")); } catch (IOException e) { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } mType = TYPE_EXT; - // System.out.println("----- mtype $ext"); + //System.out.println("----- mtype $ext"); } else { - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "unknown keyword. expecting $subj $ext or $req.")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "unknown keyword. expecting $subj $ext or $req.")); } - // get request attr name of subject dn pattern from above. + // get request attr name of subject dn pattern from above. String attrName = attrBuf.toString().trim(); - // System.out.println("----- attrName "+attrName); - if (attrName.length() == 0) - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "attribute name expected")); - mAttr = attrName; + //System.out.println("----- attrName "+attrName); + if (attrName.length() == 0) + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "attribute name expected")); + mAttr = attrName; /* - * try { ObjectIdentifier attrOid = - * mLdapDNStrConverter.parseAVAKeyword(attrName); mAttr = - * mLdapDNStrConverter.encodeOID(attrOid); - * //System.out.println("----- mAttr "+mAttr); } catch (IOException - * e) { throw new ECompSyntaxErr(CMS.getUserMessage( - * "CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.toString())); } + try { + ObjectIdentifier attrOid = + mLdapDNStrConverter.parseAVAKeyword(attrName); + mAttr = mLdapDNStrConverter.encodeOID(attrOid); + //System.out.println("----- mAttr "+mAttr); + } + catch (IOException e) { + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.toString())); + } */ // get request attribute or cert subject dn attribute @@ -351,47 +345,45 @@ class MapAVAPattern { StringBuffer valueBuf = new StringBuffer(); try { - while ((c = in.read()) != ',' && c != -1 && c != '.' - && c != '+') { - // System.out.println("mValue read "+(char)c); + while ((c = in.read()) != ',' && + c != -1 && c != '.' && c != '+') { + //System.out.println("mValue read "+(char)c); valueBuf.append((char) c); } if (c == '+' || c == ',') // either ',' or '+' - in.unread(c); // pushback last , or + + in.unread(c); // pushback last , or + } catch (IOException e) { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } mValue = valueBuf.toString().trim(); - if (mValue.length() == 0) - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "$subj or $req attribute name expected")); - // System.out.println("----- mValue "+mValue); + if (mValue.length() == 0) + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "$subj or $req attribute name expected")); + //System.out.println("----- mValue "+mValue); - // get nth dn xxx not nth request attribute . + // get nth dn xxx not nth request attribute . if (c == '.') { StringBuffer attrNumberBuf = new StringBuffer(); try { while ((c = in.read()) != ',' && c != -1 && c != '.' - && c != '+') { - // System.out.println("mElement read "+(char)c); + && c != '+') { + //System.out.println("mElement read "+(char)c); attrNumberBuf.append((char) c); } - if (c == ',' || c == '+') // either ',' or '+' - in.unread(c); // pushback last , or + + if (c == ',' || c == '+') // either ',' or '+' + in.unread(c); // pushback last , or + } catch (IOException e) { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } String attrNumber = attrNumberBuf.toString().trim(); - if (attrNumber.length() == 0) - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "nth element $req $ext or $subj expected")); + if (attrNumber.length() == 0) + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "nth element $req $ext or $subj expected")); try { mElement = Integer.parseInt(attrNumber) - 1; } catch (NumberFormatException e) { @@ -400,93 +392,87 @@ class MapAVAPattern { mValue = attrNumber; } else if (TYPE_EXT.equals(mType)) { mGNType = attrNumber; - } else - throw new ECompSyntaxErr( - CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "Invalid format in nth element $req $ext or $subj")); + } else + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "Invalid format in nth element $req $ext or $subj")); - // get nth request attribute . + // get nth request attribute . if (c == '.') { StringBuffer attrNumberBuf1 = new StringBuffer(); try { - while ((c = in.read()) != ',' && c != -1 - && c != '+') { - // System.out.println("mElement read "+(char)c); + while ((c = in.read()) != ',' && c != -1 && c != '+') { + //System.out.println("mElement read "+(char)c); attrNumberBuf1.append((char) c); } if (c != -1) // either ',' or '+' - in.unread(c); // pushback last , or + + in.unread(c); // pushback last , or + } catch (IOException ex) { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_INTERNAL_ERROR", ex.toString())); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", ex.toString())); } String attrNumber1 = attrNumberBuf1.toString().trim(); - if (attrNumber1.length() == 0) - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "nth element $req expected")); - try { - mElement = Integer.parseInt(attrNumber1) - 1; + if (attrNumber1.length() == 0) + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "nth element $req expected")); + try { + mElement = Integer.parseInt(attrNumber1) - 1; } catch (NumberFormatException ex) { - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", - "Invalid format in nth element $req.")); - + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "Invalid format in nth element $req.")); + } } } } - // System.out.println("----- mElement "+mElement); + //System.out.println("----- mElement "+mElement); } else { // value is constant. treat as regular ava. mType = TYPE_CONSTANT; - // System.out.println("----- mType constant"); - // parse ava value. + //System.out.println("----- mType constant"); + // parse ava value. StringBuffer valueBuf = new StringBuffer(); valueBuf.append((char) c); // read forward to get attribute value try { - while ((c = in.read()) != ',' && c != -1) { + while ((c = in.read()) != ',' && + c != -1) { valueBuf.append((char) c); } if (c == '+' || c == ',') { // either ',' or '+' - in.unread(c); // pushback last , or + + in.unread(c); // pushback last , or + } } catch (IOException e) { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } - try { - AVA ava = mLdapDNStrConverter - .parseAVA(attrBuf + "=" + valueBuf); + try { + AVA ava = mLdapDNStrConverter.parseAVA(attrBuf + "=" + valueBuf); mValue = ava.toLdapDNString(); - // System.out.println("----- mValue "+mValue); + //System.out.println("----- mValue "+mValue); } catch (IOException e) { - throw new ECompSyntaxErr(CMS.getUserMessage( - "CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.toString())); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.toString())); } } } - public String formAVA(IRequest req, X500Name subject, - CertificateExtensions extensions) throws ELdapException { + public String formAVA(IRequest req, X500Name subject, CertificateExtensions extensions) + throws ELdapException { if (TYPE_CONSTANT.equals(mType)) return mValue; if (TYPE_RDN.equals(mType)) { String dn = subject.toString(); - if (mTestDN != null) + if (mTestDN != null) dn = mTestDN; - // System.out.println("AVAPattern Using dn "+mTestDN); + //System.out.println("AVAPattern Using dn "+mTestDN); String[] rdns = LDAPDN.explodeDN(dn, false); - if (mElement >= rdns.length) + if (mElement >= rdns.length) return null; return rdns[mElement]; } @@ -494,9 +480,9 @@ class MapAVAPattern { if (TYPE_SUBJ.equals(mType)) { String dn = subject.toString(); - if (mTestDN != null) + if (mTestDN != null) dn = mTestDN; - // System.out.println("AVAPattern Using dn "+mTestDN); + //System.out.println("AVAPattern Using dn "+mTestDN); String[] rdns = LDAPDN.explodeDN(dn, false); String value = null; int nFound = -1; @@ -507,17 +493,19 @@ class MapAVAPattern { for (int j = 0; j < avas.length; j++) { String[] exploded = explodeAVA(avas[j]); - if (exploded[0].equalsIgnoreCase(mValue) - && ++nFound == mElement) { + if (exploded[0].equalsIgnoreCase(mValue) && + ++nFound == mElement) { value = exploded[1]; break; } } } if (value == null) { - CMS.debug("MapAVAPattern: attr " + mAttr - + " not formed from: cert subject " + dn - + "-- no subject component : " + mValue); + CMS.debug( + "MapAVAPattern: attr " + mAttr + + " not formed from: cert subject " + + dn + + "-- no subject component : " + mValue); return null; } return mAttr + "=" + value; @@ -526,41 +514,40 @@ class MapAVAPattern { if (TYPE_EXT.equals(mType)) { if (extensions != null) { for (int i = 0; i < extensions.size(); i++) { - Extension ext = (Extension) extensions.elementAt(i); + Extension ext = (Extension) + extensions.elementAt(i); String extName = OIDMap.getName(ext.getExtensionId()); int index = extName.lastIndexOf("."); if (index != -1) extName = extName.substring(index + 1); - if (extName.equals(mValue)) { + if ( + extName.equals(mValue)) { // Check the extensions one by one. // For now, just give subjectAltName as an example. - if (mValue - .equalsIgnoreCase(SubjectAlternativeNameExtension.NAME)) { + if + (mValue.equalsIgnoreCase(SubjectAlternativeNameExtension.NAME)) { try { - GeneralNames subjectNames = (GeneralNames) ((SubjectAlternativeNameExtension) ext) - .get(SubjectAlternativeNameExtension.SUBJECT_NAME); + GeneralNames subjectNames = (GeneralNames) + ((SubjectAlternativeNameExtension) ext).get(SubjectAlternativeNameExtension.SUBJECT_NAME); if (subjectNames.size() == 0) break; int j = 0; - for (Enumeration n = subjectNames.elements(); n - .hasMoreElements();) { - GeneralName gn = (GeneralName) n - .nextElement(); + for (Enumeration n = subjectNames.elements(); n.hasMoreElements();) { + GeneralName gn = (GeneralName) n.nextElement(); String gname = gn.toString(); index = gname.indexOf(":"); - if (index == -1) - break; + if (index == -1) break; String gType = gname.substring(0, index); if (mGNType != null) { if (mGNType.equalsIgnoreCase(gType)) { if (mElement == j) { - gname = gname - .substring(index + 2); + gname = + gname.substring(index + 2); return mAttr + "=" + gname; } else { j++; @@ -568,22 +555,25 @@ class MapAVAPattern { } } else { if (mElement == j) { - gname = gname.substring(index + 2); + gname = + gname.substring(index + 2); return mAttr + "=" + gname; } j++; } } - } catch (IOException e) { - CMS.debug("MapAVAPattern: Publishing attr not formed from extension." - + "-- no attr : " + mValue); + } catch (IOException e) { + CMS.debug( + "MapAVAPattern: Publishing attr not formed from extension." + + "-- no attr : " + mValue); } } } } } - CMS.debug("MapAVAPattern: Publishing:attr not formed from extension " - + "-- no attr : " + mValue); + CMS.debug( + "MapAVAPattern: Publishing:attr not formed from extension " + + "-- no attr : " + mValue); return null; } @@ -592,8 +582,9 @@ class MapAVAPattern { // mPrefix and mValue are looked up case-insensitive String reqAttr = req.getExtDataInString(mPrefix, mValue); if (reqAttr == null) { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_NO_REQUEST", mValue, mAttr)); + throw new + ELdapException(CMS.getUserMessage("CMS_LDAP_NO_REQUEST", + mValue, mAttr)); } return mAttr + "=" + reqAttr; } @@ -616,19 +607,20 @@ class MapAVAPattern { } /** - * Explode RDN into AVAs. Does not handle escaped '+' Java ldap library does - * not yet support multiple avas per rdn. If RDN is malformed returns empty - * array. + * Explode RDN into AVAs. + * Does not handle escaped '+' + * Java ldap library does not yet support multiple avas per rdn. + * If RDN is malformed returns empty array. */ public static String[] explodeRDN(String rdn) { int plus = rdn.indexOf('+'); - if (plus == -1) + if (plus == -1) return new String[] { rdn }; Vector avas = new Vector(); StringTokenizer token = new StringTokenizer(rdn, "+"); - while (token.hasMoreTokens()) + while (token.hasMoreTokens()) avas.addElement(token.nextToken()); String[] theAvas = new String[avas.size()]; @@ -637,15 +629,17 @@ class MapAVAPattern { } /** - * Explode AVA into name and value. Does not handle escaped '=' If AVA is - * malformed empty array is returned. + * Explode AVA into name and value. + * Does not handle escaped '=' + * If AVA is malformed empty array is returned. */ public static String[] explodeAVA(String ava) { int equals = ava.indexOf('='); - if (equals == -1) + if (equals == -1) return null; - return new String[] { ava.substring(0, equals).trim(), - ava.substring(equals + 1).trim() }; + return new String[] { + ava.substring(0, equals).trim(), ava.substring(equals + 1).trim()}; } } + diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java index 090547bc..547e370a 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; + import java.io.IOException; import java.io.PushbackReader; import java.io.StringReader; @@ -30,27 +31,25 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.request.IRequest; + /** - * class for parsing a DN pattern used to construct a ldap dn from request - * attributes and cert subject name. - * <p> + * class for parsing a DN pattern used to construct a ldap dn from + * request attributes and cert subject name.<p> * - * dnpattern is a string representing a ldap dn pattern to formulate from the - * certificate subject name attributes and request attributes . If empty or not - * set, the certificate subject name will be used as the ldap dn. - * <p> - * - * The syntax is + * dnpattern is a string representing a ldap dn pattern to formulate from + * the certificate subject name attributes and request attributes . + * If empty or not set, the certificate subject name + * will be used as the ldap dn. <p> * + * The syntax is * <pre> - * dnPattern := rdnPattern *[ "," rdnPattern ] - * rdnPattern := avaPattern *[ "+" avaPattern ] + * dnPattern := rdnPattern *[ "," rdnPattern ] + * rdnPattern := avaPattern *[ "+" avaPattern ] * avaPattern := name "=" value | - * name "=" "$subj" "." attrName [ "." attrNumber ] | - * name "=" "$req" "." attrName [ "." attrNumber ] | - * "$rdn" "." number + * name "=" "$subj" "." attrName [ "." attrNumber ] | + * name "=" "$req" "." attrName [ "." attrNumber ] | + * "$rdn" "." number * </pre> - * * <pre> * Example1: <i>cn=Certificate Manager,ou=people,o=mcom.com</i> * cert subject name: dn: CN=Certificate Manager, OU=people, O=mcom.com @@ -61,7 +60,7 @@ import com.netscape.certsrv.request.IRequest; * <p> * note: Subordinate ca enrollment will use ca mapper. Use predicate * to distinguish the ca itself and the subordinates. - * + * * Example2: <i>UID=$req.HTTP_PARAMS.uid, OU=$subj.ou, O=people, , O=mcom.com</i> * cert subject name: dn: UID=jjames, OU=IS, O=people, , O=mcom.com * request attributes: uid: cmanager @@ -74,18 +73,18 @@ import com.netscape.certsrv.request.IRequest; * O = the string people, mcom.com. <br> * <p> * </pre> - * - * If an request attribute or subject DN component does not exist, the attribute - * is skipped. There is potential risk that a wrong dn will be mapped into. - * + * If an request attribute or subject DN component does not exist, + * the attribute is skipped. There is potential risk that a wrong dn + * will be mapped into. + * * @version $Revision$, $Date$ */ public class MapDNPattern { - /* the list of request attriubutes to retrieve */ + /* the list of request attriubutes to retrieve*/ protected String[] mReqAttrs = null; - /* the list of cert attriubutes to retrieve */ + /* the list of cert attriubutes to retrieve*/ protected String[] mCertAttrs = null; /* rdn patterns */ @@ -96,15 +95,16 @@ public class MapDNPattern { protected String mTestDN = null; - /** + /** * Construct a DN pattern by parsing a pattern string. - * * @param pattern the DN pattern - * @exception EBaseException If parsing error occurs. + * @exception EBaseException If parsing error occurs. */ - public MapDNPattern(String pattern) throws ELdapException { + public MapDNPattern(String pattern) + throws ELdapException { if (pattern == null || pattern.equals("")) { - CMS.debug("MapDNPattern: null pattern"); + CMS.debug( + "MapDNPattern: null pattern"); } else { mPatternString = pattern; PushbackReader in = new PushbackReader(new StringReader(pattern)); @@ -113,11 +113,13 @@ public class MapDNPattern { } } - public MapDNPattern(PushbackReader in) throws ELdapException { + public MapDNPattern(PushbackReader in) + throws ELdapException { parse(in); } - private void parse(PushbackReader in) throws ELdapException { + private void parse(PushbackReader in) + throws ELdapException { Vector rdnPatterns = new Vector(); MapRDNPattern rdnPattern = null; int lastChar = -1; @@ -128,10 +130,11 @@ public class MapDNPattern { try { lastChar = in.read(); } catch (IOException e) { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } - } while (lastChar == ','); + } + while (lastChar == ','); mRDNPatterns = new MapRDNPattern[rdnPatterns.size()]; rdnPatterns.copyInto(mRDNPatterns); @@ -141,8 +144,8 @@ public class MapDNPattern { for (int i = 0; i < mRDNPatterns.length; i++) { String[] rdnAttrs = mRDNPatterns[i].getReqAttrs(); - if (rdnAttrs != null && rdnAttrs.length > 0) - for (int j = 0; j < rdnAttrs.length; j++) + if (rdnAttrs != null && rdnAttrs.length > 0) + for (int j = 0; j < rdnAttrs.length; j++) reqAttrs.addElement(rdnAttrs[j]); } mReqAttrs = new String[reqAttrs.size()]; @@ -153,8 +156,8 @@ public class MapDNPattern { for (int i = 0; i < mRDNPatterns.length; i++) { String[] rdnAttrs = mRDNPatterns[i].getCertAttrs(); - if (rdnAttrs != null && rdnAttrs.length > 0) - for (int j = 0; j < rdnAttrs.length; j++) + if (rdnAttrs != null && rdnAttrs.length > 0) + for (int j = 0; j < rdnAttrs.length; j++) certAttrs.addElement(rdnAttrs[j]); } mCertAttrs = new String[certAttrs.size()]; @@ -163,13 +166,12 @@ public class MapDNPattern { /** * Form a Ldap v3 DN string from a request and a cert subject name. - * * @param req the request for (un)publish * @param subject the subjectDN of the certificate - * @return Ldap v3 DN string to use for base ldap search. + * @return Ldap v3 DN string to use for base ldap search. */ - public String formDN(IRequest req, X500Name subject, - CertificateExtensions ext) throws ELdapException { + public String formDN(IRequest req, X500Name subject, CertificateExtensions ext) + throws ELdapException { StringBuffer formedDN = new StringBuffer(); for (int i = 0; i < mRDNPatterns.length; i++) { @@ -178,11 +180,11 @@ public class MapDNPattern { String rdn = mRDNPatterns[i].formRDN(req, subject, ext); if (rdn != null && rdn.length() != 0) { - if (formedDN.length() != 0) - formedDN.append(","); - formedDN.append(rdn); + if (formedDN.length() != 0) + formedDN.append(","); + formedDN.append(rdn); } else { - throw new ELdapException("pattern not matched"); + throw new ELdapException("pattern not matched"); } } return formedDN.toString(); @@ -196,3 +198,4 @@ public class MapDNPattern { return (String[]) mCertAttrs.clone(); } } + diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java index 87ca5d2d..3720d02d 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; + import java.io.IOException; import java.io.PushbackReader; import java.io.StringReader; @@ -29,27 +30,25 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.request.IRequest; + /** - * class for parsing a DN pattern used to construct a ldap dn from request - * attributes and cert subject name. - * <p> + * class for parsing a DN pattern used to construct a ldap dn from + * request attributes and cert subject name.<p> * - * dnpattern is a string representing a ldap dn pattern to formulate from the - * certificate subject name attributes and request attributes . If empty or not - * set, the certificate subject name will be used as the ldap dn. - * <p> - * - * The syntax is + * dnpattern is a string representing a ldap dn pattern to formulate from + * the certificate subject name attributes and request attributes . + * If empty or not set, the certificate subject name + * will be used as the ldap dn. <p> * + * The syntax is * <pre> - * dnPattern := rdnPattern *[ "," rdnPattern ] - * rdnPattern := avaPattern *[ "+" avaPattern ] + * dnPattern := rdnPattern *[ "," rdnPattern ] + * rdnPattern := avaPattern *[ "+" avaPattern ] * avaPattern := name "=" value | - * name "=" "$subj" "." attrName [ "." attrNumber ] | - * name "=" "$req" "." attrName [ "." attrNumber ] | - * "$rdn" "." number + * name "=" "$subj" "." attrName [ "." attrNumber ] | + * name "=" "$req" "." attrName [ "." attrNumber ] | + * "$rdn" "." number * </pre> - * * <pre> * Example1: <i>cn=Certificate Manager,ou=people,o=mcom.com</i> * cert subject name: dn: CN=Certificate Manager, OU=people, O=mcom.com @@ -60,7 +59,7 @@ import com.netscape.certsrv.request.IRequest; * <p> * note: Subordinate ca enrollment will use ca mapper. Use predicate * to distinguish the ca itself and the subordinates. - * + * * Example2: <i>UID=$req.HTTP_PARAMS.uid, OU=$subj.ou, O=people, , O=mcom.com</i> * cert subject name: dn: UID=jjames, OU=IS, O=people, , O=mcom.com * request attributes: uid: cmanager @@ -73,18 +72,18 @@ import com.netscape.certsrv.request.IRequest; * O = the string people, mcom.com. <br> * <p> * </pre> - * - * If an request attribute or subject DN component does not exist, the attribute - * is skipped.There is potential risk that a wrong dn will be mapped into. - * + * If an request attribute or subject DN component does not exist, + * the attribute is skipped.There is potential risk that a wrong dn + * will be mapped into. + * * @version $Revision$, $Date$ */ class MapRDNPattern { - /* the list of request attributes needed by this RDN */ + /* the list of request attributes needed by this RDN */ protected String[] mReqAttrs = null; - /* the list of cert attributes needed by this RDN */ + /* the list of cert attributes needed by this RDN */ protected String[] mCertAttrs = null; /* AVA patterns */ @@ -95,15 +94,16 @@ class MapRDNPattern { protected String mTestDN = null; - /** + /** * Construct a DN pattern by parsing a pattern string. - * * @param pattenr the DN pattern - * @exception ELdapException If parsing error occurs. + * @exception ELdapException If parsing error occurs. */ - public MapRDNPattern(String pattern) throws ELdapException { + public MapRDNPattern(String pattern) + throws ELdapException { if (pattern == null || pattern.equals("")) { - CMS.debug("MapDNPattern: null pattern"); + CMS.debug( + "MapDNPattern: null pattern"); } else { mPatternString = pattern; PushbackReader in = new PushbackReader(new StringReader(pattern)); @@ -113,14 +113,16 @@ class MapRDNPattern { } /** - * Construct a DN pattern from a input stream of pattern + * Construct a DN pattern from a input stream of pattern */ - public MapRDNPattern(PushbackReader in) throws ELdapException { + public MapRDNPattern(PushbackReader in) + throws ELdapException { parse(in); } - private void parse(PushbackReader in) throws ELdapException { - // System.out.println("_________ begin rdn _________"); + private void parse(PushbackReader in) + throws ELdapException { + //System.out.println("_________ begin rdn _________"); Vector avaPatterns = new Vector(); MapAVAPattern avaPattern = null; int lastChar; @@ -128,25 +130,26 @@ class MapRDNPattern { do { avaPattern = new MapAVAPattern(in); avaPatterns.addElement(avaPattern); - // System.out.println("added AVAPattern"+ - // " mType "+avaPattern.mType+ - // " mAttr "+avaPattern.mAttr+ - // " mValue "+avaPattern.mValue+ - // " mElement "+avaPattern.mElement); - try { - lastChar = in.read(); + //System.out.println("added AVAPattern"+ + //" mType "+avaPattern.mType+ + //" mAttr "+avaPattern.mAttr+ + //" mValue "+avaPattern.mValue+ + //" mElement "+avaPattern.mElement); + try { + lastChar = in.read(); } catch (IOException e) { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } - } while (lastChar == '+'); + } + while (lastChar == '+'); if (lastChar != -1) { try { - in.unread(lastChar); // pushback last , + in.unread(lastChar); // pushback last , } catch (IOException e) { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } } @@ -158,7 +161,7 @@ class MapRDNPattern { for (int i = 0; i < mAVAPatterns.length; i++) { String avaAttr = mAVAPatterns[i].getReqAttr(); - if (avaAttr == null || avaAttr.length() == 0) + if (avaAttr == null || avaAttr.length() == 0) continue; reqAttrs.addElement(avaAttr); } @@ -170,7 +173,7 @@ class MapRDNPattern { for (int i = 0; i < mAVAPatterns.length; i++) { String avaAttr = mAVAPatterns[i].getCertAttr(); - if (avaAttr == null || avaAttr.length() == 0) + if (avaAttr == null || avaAttr.length() == 0) continue; certAttrs.addElement(avaAttr); } @@ -180,17 +183,16 @@ class MapRDNPattern { /** * Form a Ldap v3 DN string from a request and a cert subject name. - * * @param req the request for (un)publish * @param subject the subjectDN of the certificate - * @return Ldap v3 DN string to use for base ldap search. + * @return Ldap v3 DN string to use for base ldap search. */ - public String formRDN(IRequest req, X500Name subject, - CertificateExtensions ext) throws ELdapException { + public String formRDN(IRequest req, X500Name subject, CertificateExtensions ext) + throws ELdapException { StringBuffer formedRDN = new StringBuffer(); for (int i = 0; i < mAVAPatterns.length; i++) { - if (mTestDN != null) + if (mTestDN != null) mAVAPatterns[i].mTestDN = mTestDN; String ava = mAVAPatterns[i].formAVA(req, subject, ext); @@ -200,7 +202,7 @@ class MapRDNPattern { formedRDN.append(ava); } } - // System.out.println("formed RDN "+formedRDN.toString()); + //System.out.println("formed RDN "+formedRDN.toString()); return formedRDN.toString(); } diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/NoMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/NoMap.java index 4b15a5ab..b1d10902 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/NoMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/NoMap.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.mappers; + import java.util.Locale; import java.util.Vector; @@ -29,9 +30,10 @@ import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.publish.ILdapMapper; import com.netscape.certsrv.request.IRequest; -/** + +/** * No Map - * + * * @version $Revision$, $Date$ */ public class NoMap implements ILdapMapper, IExtendedPluginInfo { @@ -46,39 +48,40 @@ public class NoMap implements ILdapMapper, IExtendedPluginInfo { public String[] getExtendedPluginInfo(Locale locale) { String params[] = { - IExtendedPluginInfo.HELP_TOKEN - + ";configuration-ldappublish-mapper-simplemapper", - IExtendedPluginInfo.HELP_TEXT - + ";Describes how to form the name of the entry to publish to" }; + IExtendedPluginInfo.HELP_TOKEN + ";configuration-ldappublish-mapper-simplemapper", + IExtendedPluginInfo.HELP_TEXT + ";Describes how to form the name of the entry to publish to" + }; return params; } public IConfigStore getConfigStore() { - return mConfig; + return mConfig; } - /** + /** * for initializing from config store. */ - public void init(IConfigStore config) throws EBaseException { + public void init(IConfigStore config) + throws EBaseException { mConfig = config; } /** - * Maps a X500 subject name to LDAP entry. Uses DN pattern to form a DN for - * a LDAP base search. + * Maps a X500 subject name to LDAP entry. + * Uses DN pattern to form a DN for a LDAP base search. * - * @param conn the LDAP connection. - * @param obj the object to map. + * @param conn the LDAP connection. + * @param obj the object to map. * @exception ELdapException if any LDAP exceptions occured. - */ - public String map(LDAPConnection conn, Object obj) throws ELdapException { + */ + public String map(LDAPConnection conn, Object obj) + throws ELdapException { return null; } public String map(LDAPConnection conn, IRequest req, Object obj) - throws ELdapException { + throws ELdapException { return null; } diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java index c7ccd41e..f0154e44 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; + import java.io.ByteArrayOutputStream; import java.io.File; import java.io.FileOutputStream; @@ -46,9 +47,10 @@ import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPublisher; -/** - * This publisher writes certificate and CRL into a directory. - * +/** + * This publisher writes certificate and CRL into + * a directory. + * * @version $Revision$, $Date$ */ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { @@ -72,10 +74,10 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { protected String mLinkExt = null; protected int mZipLevel = 9; - public void setIssuingPointId(String crlIssuingPointId) { + public void setIssuingPointId(String crlIssuingPointId) + { mCrlIssuingPointId = crlIssuingPointId; } - /** * Returns the implementation name. */ @@ -93,26 +95,19 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { public String[] getExtendedPluginInfo(Locale locale) { String[] params = { - PROP_DIR - + ";string;Directory in which to put the files (absolute path or relative path to cert-* instance directory).", - PROP_DER - + ";boolean;Store certificates or CRLs into *.der files.", - PROP_B64 - + ";boolean;Store certificates or CRLs into *.b64 files.", - PROP_GMT - + ";choice(LocalTime,GMT);Use local time or GMT to time stamp CRL file name with CRL's 'thisUpdate' field.", - PROP_LNK - + ";boolean;Generate link to the latest binary CRL. It requires '" - + PROP_DER + "' to be enabled.", - PROP_EXT - + ";string;Name extension used by link to the latest CRL. Default name extension is 'der'.", + PROP_DIR + ";string;Directory in which to put the files (absolute path or relative path to cert-* instance directory).", + PROP_DER + ";boolean;Store certificates or CRLs into *.der files.", + PROP_B64 + ";boolean;Store certificates or CRLs into *.b64 files.", + PROP_GMT + ";choice(LocalTime,GMT);Use local time or GMT to time stamp CRL file name with CRL's 'thisUpdate' field.", + PROP_LNK + ";boolean;Generate link to the latest binary CRL. It requires '"+PROP_DER+"' to be enabled.", + PROP_EXT + ";string;Name extension used by link to the latest CRL. Default name extension is 'der'.", PROP_ZIP + ";boolean;Generate compressed CRLs.", - PROP_LEV - + ";choice(0,1,2,3,4,5,6,7,8,9);Set compression level from 0 to 9.", - IExtendedPluginInfo.HELP_TOKEN - + ";configuration-ldappublish-publisher-filepublisher", - IExtendedPluginInfo.HELP_TEXT - + ";Stores the certificates or CRLs into files. Certificate is named as cert-<serialno>.der or *.b64, and CRL is named as <IssuingPoint>-<thisUpdate-time>.der or *.b64." }; + PROP_LEV + ";choice(0,1,2,3,4,5,6,7,8,9);Set compression level from 0 to 9.", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ldappublish-publisher-filepublisher", + IExtendedPluginInfo.HELP_TEXT + + ";Stores the certificates or CRLs into files. Certificate is named as cert-<serialno>.der or *.b64, and CRL is named as <IssuingPoint>-<thisUpdate-time>.der or *.b64." + }; return params; } @@ -144,14 +139,14 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { try { if (mTimeStamp == null || (!mTimeStamp.equals("GMT"))) mTimeStamp = "LocalTime"; - v.addElement(PROP_DIR + "=" + dir); - v.addElement(PROP_DER + "=" + mConfig.getBoolean(PROP_DER, true)); - v.addElement(PROP_B64 + "=" + mConfig.getBoolean(PROP_B64, false)); - v.addElement(PROP_GMT + "=" + mTimeStamp); - v.addElement(PROP_LNK + "=" + mConfig.getBoolean(PROP_LNK, false)); - v.addElement(PROP_EXT + "=" + ext); - v.addElement(PROP_ZIP + "=" + mConfig.getBoolean(PROP_ZIP, false)); - v.addElement(PROP_LEV + "=" + mZipLevel); + v.addElement(PROP_DIR+"=" + dir); + v.addElement(PROP_DER+"=" + mConfig.getBoolean(PROP_DER,true)); + v.addElement(PROP_B64+"=" + mConfig.getBoolean(PROP_B64,false)); + v.addElement(PROP_GMT+"=" + mTimeStamp); + v.addElement(PROP_LNK+"=" + mConfig.getBoolean(PROP_LNK,false)); + v.addElement(PROP_EXT+"=" + ext); + v.addElement(PROP_ZIP+"=" + mConfig.getBoolean(PROP_ZIP,false)); + v.addElement(PROP_LEV+"=" + mZipLevel); } catch (Exception e) { } return v; @@ -163,14 +158,14 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { public Vector<String> getDefaultParams() { Vector<String> v = new Vector<String>(); - v.addElement(PROP_DIR + "="); - v.addElement(PROP_DER + "=true"); - v.addElement(PROP_B64 + "=false"); - v.addElement(PROP_GMT + "=LocalTime"); - v.addElement(PROP_LNK + "=false"); - v.addElement(PROP_EXT + "="); - v.addElement(PROP_ZIP + "=false"); - v.addElement(PROP_LEV + "=9"); + v.addElement(PROP_DIR+"="); + v.addElement(PROP_DER+"=true"); + v.addElement(PROP_B64+"=false"); + v.addElement(PROP_GMT+"=LocalTime"); + v.addElement(PROP_LNK+"=false"); + v.addElement(PROP_EXT+"="); + v.addElement(PROP_ZIP+"=false"); + v.addElement(PROP_LEV+"=9"); return v; } @@ -198,7 +193,7 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { } // convert to forward slash - dir = dir.replace('\\', '/'); + dir = dir.replace('\\', '/'); config.putString(PROP_DIR, dir); File dirCheck = new File(dir); @@ -214,7 +209,8 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { } catch (Exception e) { throw new RuntimeException("Invalid Instance Dir " + e); } - dirCheck = new File(mInstanceRoot + File.separator + dir); + dirCheck = new File(mInstanceRoot + + File.separator + dir); if (dirCheck.isDirectory()) { mDir = mInstanceRoot + File.separator + dir; } else { @@ -228,20 +224,18 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { } private String[] getCrlNamePrefix(X509CRL crl, boolean useGMT) { - String[] namePrefix = { "crl", "crl" }; + String[] namePrefix = {"crl", "crl"}; if (mCrlIssuingPointId != null && mCrlIssuingPointId.length() != 0) { namePrefix[0] = mCrlIssuingPointId; namePrefix[1] = mCrlIssuingPointId; } - java.text.SimpleDateFormat format = new java.text.SimpleDateFormat( - "yyyyMMdd-HHmmss"); + java.text.SimpleDateFormat format = new java.text.SimpleDateFormat("yyyyMMdd-HHmmss"); TimeZone tz = TimeZone.getTimeZone("GMT"); - if (useGMT) - format.setTimeZone(tz); + if (useGMT) format.setTimeZone(tz); String timeStamp = format.format(crl.getThisUpdate()).toString(); namePrefix[0] += "-" + timeStamp; - if (((netscape.security.x509.X509CRLImpl) crl).isDeltaCRL()) { + if (((netscape.security.x509.X509CRLImpl)crl).isDeltaCRL()) { namePrefix[0] += "-delta"; namePrefix[1] += "-delta"; } @@ -249,60 +243,65 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { return namePrefix; } - private void createLink(String linkName, String fileName) { + private void createLink(String linkName, String fileName) { String cmd = "ln -s " + fileName + " " + linkName + ".new"; if (com.netscape.cmsutil.util.Utils.exec(cmd)) { File oldLink = new File(linkName + ".old"); - if (oldLink.exists()) { // remove old link if exists + if (oldLink.exists()) { // remove old link if exists oldLink.delete(); } File link = new File(linkName); - if (link.exists()) { // current link becomes an old link + if (link.exists()) { // current link becomes an old link link.renameTo(new File(linkName + ".old")); } File newLink = new File(linkName + ".new"); - if (newLink.exists()) { // new link becomes current link + if (newLink.exists()) { // new link becomes current link newLink.renameTo(new File(linkName)); } oldLink = new File(linkName + ".old"); - if (oldLink.exists()) { // remove a new old link + if (oldLink.exists()) { // remove a new old link oldLink.delete(); } } else { - CMS.debug("FileBasedPublisher: createLink: '" + cmd - + "' --- failed"); + CMS.debug("FileBasedPublisher: createLink: '" + cmd + "' --- failed"); } } /** * Publishs a object to the ldap directory. * - * @param conn a Ldap connection (null if LDAP publishing is not enabled) - * @param dn dn of the ldap entry to publish cert (null if LDAP publishing - * is not enabled) - * @param object object to publish (java.security.cert.X509Certificate or, - * java.security.cert.X509CRL) + * @param conn a Ldap connection + * (null if LDAP publishing is not enabled) + * @param dn dn of the ldap entry to publish cert + * (null if LDAP publishing is not enabled) + * @param object object to publish + * (java.security.cert.X509Certificate or, + * java.security.cert.X509CRL) */ public void publish(LDAPConnection conn, String dn, Object object) - throws ELdapException { + throws ELdapException { CMS.debug("FileBasedPublisher: publish"); try { if (object instanceof X509Certificate) { X509Certificate cert = (X509Certificate) object; BigInteger sno = cert.getSerialNumber(); - String name = mDir + File.separator + "cert-" + sno.toString(); - if (mDerAttr) { + String name = mDir + + File.separator + "cert-" + + sno.toString(); + if (mDerAttr) + { String fileName = name + ".der"; FileOutputStream fos = new FileOutputStream(fileName); fos.write(cert.getEncoded()); fos.close(); } - if (mB64Attr) { + if (mB64Attr) + { String fileName = name + ".b64"; FileOutputStream fos = new FileOutputStream(fileName); ByteArrayOutputStream output = new ByteArrayOutputStream(); - Base64OutputStream b64 = new Base64OutputStream( - new PrintStream(new FilterOutputStream(output))); + Base64OutputStream b64 = + new Base64OutputStream(new PrintStream(new FilterOutputStream(output))); b64.write(cert.getEncoded()); b64.flush(); (new PrintStream(fos)).print(output.toString("8859_1")); @@ -310,13 +309,12 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { } } else if (object instanceof X509CRL) { X509CRL crl = (X509CRL) object; - String[] namePrefix = getCrlNamePrefix(crl, - mTimeStamp.equals("GMT")); + String[] namePrefix = getCrlNamePrefix(crl, mTimeStamp.equals("GMT")); String baseName = mDir + File.separator + namePrefix[0]; String tempFile = baseName + ".temp"; FileOutputStream fos; ZipOutputStream zos; - byte[] encodedArray = null; + byte [] encodedArray = null; File destFile = null; String destName = null; File renameFile = null; @@ -327,17 +325,16 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { fos.write(encodedArray); fos.close(); if (mZipCRL) { - zos = new ZipOutputStream(new FileOutputStream(baseName - + ".zip")); + zos = new ZipOutputStream(new FileOutputStream(baseName+".zip")); zos.setLevel(mZipLevel); - zos.putNextEntry(new ZipEntry(baseName + ".der")); + zos.putNextEntry(new ZipEntry(baseName+".der")); zos.write(encodedArray, 0, encodedArray.length); zos.closeEntry(); zos.close(); } destName = baseName + ".der"; destFile = new File(destName); - + if (destFile.exists()) destFile.delete(); renameFile = new File(tempFile); @@ -350,71 +347,59 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { } else { linkExt += "der"; } - String linkName = mDir + File.separator + namePrefix[1] - + linkExt; - createLink(linkName, destName); + String linkName = mDir + File.separator + namePrefix[1] + linkExt; + createLink(linkName, destName); if (mZipCRL) { - linkName = mDir + File.separator + namePrefix[1] - + ".zip"; - createLink(linkName, baseName + ".zip"); + linkName = mDir + File.separator + namePrefix[1] + ".zip"; + createLink(linkName, baseName+".zip"); } } } - + // output base64 file - if (mB64Attr == true) { - if (encodedArray == null) - encodedArray = crl.getEncoded(); - - ByteArrayOutputStream os = new ByteArrayOutputStream(); - - fos = new FileOutputStream(tempFile); - fos.write(com.netscape.osutil.OSUtil.BtoA(encodedArray) - .getBytes()); - fos.close(); - destName = baseName + ".b64"; - destFile = new File(destName); - - if (destFile.exists()) - destFile.delete(); - renameFile = new File(tempFile); - renameFile.renameTo(destFile); - } + if(mB64Attr==true) + { + if (encodedArray ==null) + encodedArray = crl.getEncoded(); + + ByteArrayOutputStream os = new ByteArrayOutputStream(); + + fos = new FileOutputStream(tempFile); + fos.write(com.netscape.osutil.OSUtil.BtoA(encodedArray).getBytes()); + fos.close(); + destName = baseName + ".b64"; + destFile = new File(destName); + + if(destFile.exists()) + destFile.delete(); + renameFile = new File(tempFile); + renameFile.renameTo(destFile); + } } } catch (IOException e) { - mLogger.log( - ILogger.EV_SYSTEM, - ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", - e.toString())); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString())); } catch (CertificateEncodingException e) { - mLogger.log( - ILogger.EV_SYSTEM, - ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", - e.toString())); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString())); } catch (CRLException e) { - mLogger.log( - ILogger.EV_SYSTEM, - ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", - e.toString())); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString())); } } /** * Unpublishs a object to the ldap directory. - * - * @param conn the Ldap connection (null if LDAP publishing is not enabled) - * @param dn dn of the ldap entry to unpublish cert (null if LDAP publishing - * is not enabled) - * @param object object to unpublish (java.security.cert.X509Certificate) + * + * @param conn the Ldap connection + * (null if LDAP publishing is not enabled) + * @param dn dn of the ldap entry to unpublish cert + * (null if LDAP publishing is not enabled) + * @param object object to unpublish + * (java.security.cert.X509Certificate) */ public void unpublish(LDAPConnection conn, String dn, Object object) - throws ELdapException { + throws ELdapException { CMS.debug("FileBasedPublisher: unpublish"); String name = mDir + File.separator; String fileName; @@ -425,8 +410,7 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { name += "cert-" + sno.toString(); } else if (object instanceof X509CRL) { X509CRL crl = (X509CRL) object; - String[] namePrefix = getCrlNamePrefix(crl, - mTimeStamp.equals("GMT")); + String[] namePrefix = getCrlNamePrefix(crl, mTimeStamp.equals("GMT")); name += namePrefix[0]; fileName = name + ".zip"; @@ -441,15 +425,13 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { f = new File(fileName); f.delete(); } - - /** + /** * returns the Der attribute where it'll be published. */ public boolean getDerAttr() { return mDerAttr; } - - /** + /** * returns the B64 attribute where it'll be published. */ public boolean getB64Attr() { diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java index 121636af..4727a690 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; + import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.Locale; @@ -41,12 +42,14 @@ import com.netscape.certsrv.ldap.ELdapServerDownException; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPublisher; -/** - * Interface for publishing a CA certificate to - * + +/** + * Interface for publishing a CA certificate to + * * @version $Revision$, $Date$ */ -public class LdapCaCertPublisher implements ILdapPublisher, IExtendedPluginInfo { +public class LdapCaCertPublisher + implements ILdapPublisher, IExtendedPluginInfo { public static final String LDAP_CACERT_ATTR = "caCertificate;binary"; public static final String LDAP_CA_OBJECTCLASS = "pkiCA"; public static final String LDAP_ARL_ATTR = "authorityRevocationList;binary"; @@ -61,6 +64,7 @@ public class LdapCaCertPublisher implements ILdapPublisher, IExtendedPluginInfo private boolean mInited = false; protected IConfigStore mConfig = null; private String mcrlIssuingPointId; + /** * constructor constructs default values. @@ -71,14 +75,15 @@ public class LdapCaCertPublisher implements ILdapPublisher, IExtendedPluginInfo public String[] getExtendedPluginInfo(Locale locale) { String s[] = { "caCertAttr;string;Name of Ldap attribute in which to store certificate", - "caObjectClass;string;The name of the objectclasses which should be " - + "added to this entry, if they do not already exist. This can be " - + "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)", - IExtendedPluginInfo.HELP_TOKEN - + ";configuration-ldappublish-publisher-cacertpublisher", - IExtendedPluginInfo.HELP_TEXT - + ";This plugin knows how to publish the CA cert to " - + "'certificateAuthority' and 'pkiCA' -type entries" }; + "caObjectClass;string;The name of the objectclasses which should be " + + "added to this entry, if they do not already exist. This can be " + + "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ldappublish-publisher-cacertpublisher", + IExtendedPluginInfo.HELP_TEXT + + ";This plugin knows how to publish the CA cert to " + + "'certificateAuthority' and 'pkiCA' -type entries" + }; return s; } @@ -111,13 +116,14 @@ public class LdapCaCertPublisher implements ILdapPublisher, IExtendedPluginInfo return mConfig; } - public void init(IConfigStore config) throws EBaseException { - if (mInited) + public void init(IConfigStore config) + throws EBaseException { + if (mInited) return; mConfig = config; mCaCertAttr = mConfig.getString("caCertAttr", LDAP_CACERT_ATTR); - mCaObjectclass = mConfig - .getString("caObjectClass", LDAP_CA_OBJECTCLASS); + mCaObjectclass = mConfig.getString("caObjectClass", + LDAP_CA_OBJECTCLASS); mObjAdded = mConfig.getString("caObjectClassAdded", ""); mObjDeleted = mConfig.getString("caObjectClassDeleted", ""); mInited = true; @@ -145,16 +151,16 @@ public class LdapCaCertPublisher implements ILdapPublisher, IExtendedPluginInfo } /** - * publish a CA certificate Adds the cert to the multi-valued certificate - * attribute as a DER encoded binary blob. Does not check if cert already - * exists. Converts the class to certificateAuthority. - * + * publish a CA certificate + * Adds the cert to the multi-valued certificate attribute as a + * DER encoded binary blob. Does not check if cert already exists. + * Converts the class to certificateAuthority. * @param conn the LDAP connection * @param dn dn of the entry to publish the certificate - * @param certObj the certificate object. + * @param certObj the certificate object. */ public void publish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { if (conn == null) { log(ILogger.LL_INFO, "LdapCaCertPublisher: no LDAP connection"); return; @@ -162,8 +168,7 @@ public class LdapCaCertPublisher implements ILdapPublisher, IExtendedPluginInfo try { mCaCertAttr = mConfig.getString("caCertAttr", LDAP_CACERT_ATTR); - mCaObjectclass = mConfig.getString("caObjectClass", - LDAP_CA_OBJECTCLASS); + mCaObjectclass = mConfig.getString("caObjectClass", LDAP_CA_OBJECTCLASS); } catch (EBaseException e) { } @@ -171,31 +176,31 @@ public class LdapCaCertPublisher implements ILdapPublisher, IExtendedPluginInfo // see if we should create local connection LDAPConnection altConn = null; try { - String host = mConfig.getString("host", null); - String port = mConfig.getString("port", null); - if (host != null && port != null) { - int portVal = Integer.parseInt(port); - int version = Integer.parseInt(mConfig - .getString("version", "2")); - String cert_nick = mConfig - .getString("clientCertNickname", null); - LDAPSSLSocketFactoryExt sslSocket = null; - if (cert_nick != null) { - sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick); - } - String mgr_dn = mConfig.getString("bindDN", null); - String mgr_pwd = mConfig.getString("bindPWD", null); - - altConn = CMS.getBoundConnection(host, portVal, version, - sslSocket, mgr_dn, mgr_pwd); - conn = altConn; + String host = mConfig.getString("host", null); + String port = mConfig.getString("port", null); + if (host != null && port != null) { + int portVal = Integer.parseInt(port); + int version = Integer.parseInt(mConfig.getString("version", "2")); + String cert_nick = mConfig.getString("clientCertNickname", null); + LDAPSSLSocketFactoryExt sslSocket = null; + if (cert_nick != null) { + sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick); } + String mgr_dn = mConfig.getString("bindDN", null); + String mgr_pwd = mConfig.getString("bindPWD", null); + + altConn = CMS.getBoundConnection(host, portVal, + version, + sslSocket, mgr_dn, mgr_pwd); + conn = altConn; + } } catch (LDAPException e) { - CMS.debug("Failed to create alt connection " + e); + CMS.debug("Failed to create alt connection " + e); } catch (EBaseException e) { - CMS.debug("Failed to create alt connection " + e); + CMS.debug("Failed to create alt connection " + e); } + if (!(certObj instanceof X509Certificate)) throw new IllegalArgumentException("Illegal arg to publish"); @@ -205,40 +210,40 @@ public class LdapCaCertPublisher implements ILdapPublisher, IExtendedPluginInfo byte[] certEnc = cert.getEncoded(); /* search for attribute names to determine existence of attributes */ - LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, - "(objectclass=*)", new String[] { LDAP_CRL_ATTR, - LDAP_ARL_ATTR }, true); + LDAPSearchResults res = + conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", + new String[] { LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true); LDAPEntry entry = res.next(); LDAPAttribute arls = entry.getAttribute(LDAP_ARL_ATTR); LDAPAttribute crls = entry.getAttribute(LDAP_CRL_ATTR); /* search for objectclass and caCert values */ - LDAPSearchResults res1 = conn.search(dn, LDAPv2.SCOPE_BASE, - "(objectclass=*)", new String[] { "objectclass", - mCaCertAttr }, false); + LDAPSearchResults res1 = + conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", + new String[] { "objectclass", mCaCertAttr }, false); LDAPEntry entry1 = res1.next(); LDAPAttribute ocs = entry1.getAttribute("objectclass"); LDAPAttribute certs = entry1.getAttribute(mCaCertAttr); - boolean hasCert = LdapUserCertPublisher.ByteValueExists(certs, - certEnc); + boolean hasCert = + LdapUserCertPublisher.ByteValueExists(certs, certEnc); LDAPModificationSet modSet = new LDAPModificationSet(); if (hasCert) { log(ILogger.LL_INFO, "publish: CA " + dn + " already has Cert"); - } else { + } else { /* - * fix for 360458 - if no cert, use add, if has cert but not - * equal, use replace + fix for 360458 - if no cert, use add, if has cert but + not equal, use replace */ if (certs == null) { - modSet.add(LDAPModification.ADD, new LDAPAttribute( - mCaCertAttr, certEnc)); + modSet.add(LDAPModification.ADD, + new LDAPAttribute(mCaCertAttr, certEnc)); log(ILogger.LL_INFO, "CA cert added"); } else { - modSet.add(LDAPModification.REPLACE, new LDAPAttribute( - mCaCertAttr, certEnc)); + modSet.add(LDAPModification.REPLACE, + new LDAPAttribute(mCaCertAttr, certEnc)); log(ILogger.LL_INFO, "CA cert replaced"); } } @@ -246,25 +251,22 @@ public class LdapCaCertPublisher implements ILdapPublisher, IExtendedPluginInfo String[] oclist = mCaObjectclass.split(","); boolean attrsAdded = false; - for (int i = 0; i < oclist.length; i++) { + for (int i=0; i < oclist.length; i++) { String oc = oclist[i].trim(); - boolean hasoc = LdapUserCertPublisher - .StringValueExists(ocs, oc); + boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, oc); if (!hasoc) { - log(ILogger.LL_INFO, "adding CA objectclass " + oc + " to " - + dn); - modSet.add(LDAPModification.ADD, new LDAPAttribute( - "objectclass", oc)); + log(ILogger.LL_INFO, "adding CA objectclass " + oc + " to " + dn); + modSet.add(LDAPModification.ADD, + new LDAPAttribute("objectclass", oc)); - if ((!attrsAdded) - && oc.equalsIgnoreCase("certificationAuthority")) { + if ((!attrsAdded) && oc.equalsIgnoreCase("certificationAuthority")) { // add MUST attributes - if (arls == null) - modSet.add(LDAPModification.ADD, new LDAPAttribute( - LDAP_ARL_ATTR, "")); + if (arls == null) + modSet.add(LDAPModification.ADD, + new LDAPAttribute(LDAP_ARL_ATTR, "")); if (crls == null) - modSet.add(LDAPModification.ADD, new LDAPAttribute( - LDAP_CRL_ATTR, "")); + modSet.add(LDAPModification.ADD, + new LDAPAttribute(LDAP_CRL_ATTR, "")); attrsAdded = true; } } @@ -273,28 +275,26 @@ public class LdapCaCertPublisher implements ILdapPublisher, IExtendedPluginInfo // delete objectclasses that have been deleted from config String[] delList = mObjDeleted.split(","); if (delList.length > 0) { - for (int i = 0; i < delList.length; i++) { + for (int i=0; i< delList.length; i++) { String deloc = delList[i].trim(); - boolean hasoc = LdapUserCertPublisher.StringValueExists( - ocs, deloc); + boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, deloc); boolean match = false; - for (int j = 0; j < oclist.length; j++) { + for (int j=0; j< oclist.length; j++) { if ((oclist[j].trim()).equals(deloc)) { match = true; break; - } + } } if (!match && hasoc) { - log(ILogger.LL_INFO, "deleting CA objectclass " + deloc - + " from " + dn); - modSet.add(LDAPModification.DELETE, new LDAPAttribute( - "objectclass", deloc)); + log(ILogger.LL_INFO, "deleting CA objectclass " + deloc + " from " + dn); + modSet.add(LDAPModification.DELETE, + new LDAPAttribute("objectclass", deloc)); } } } // reset mObjAdded and mObjDeleted, if needed - if ((!mObjAdded.equals("")) || (!mObjDeleted.equals(""))) { + if ((!mObjAdded.equals("")) || (!mObjDeleted.equals(""))) { mObjAdded = ""; mObjDeleted = ""; mConfig.putString("caObjectClassAdded", ""); @@ -302,53 +302,45 @@ public class LdapCaCertPublisher implements ILdapPublisher, IExtendedPluginInfo try { mConfig.commit(false); } catch (Exception e) { - log(ILogger.LL_INFO, - "Failure in updating mObjAdded and mObjDeleted"); + log(ILogger.LL_INFO, "Failure in updating mObjAdded and mObjDeleted"); } } - - if (modSet.size() > 0) - conn.modify(dn, modSet); + + if (modSet.size() > 0) conn.modify(dn, modSet); } catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", dn)); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", dn)); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage( - "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" - + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", - e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_PUBLISH_CACERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_CACERT_ERROR", e.toString())); } } finally { - if (altConn != null) { - try { - altConn.disconnect(); - } catch (LDAPException e) { - // safely ignored - } - } + if (altConn != null) { + try { + altConn.disconnect(); + } catch (LDAPException e) { + // safely ignored + } + } } return; } /** - * deletes the certificate from CA's certificate attribute. if it's the last - * cert will also remove the certificateAuthority objectclass. + * deletes the certificate from CA's certificate attribute. + * if it's the last cert will also remove the certificateAuthority + * objectclass. */ public void unpublish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { if (!(certObj instanceof X509Certificate)) throw new IllegalArgumentException("Illegal arg to publish"); @@ -356,74 +348,63 @@ public class LdapCaCertPublisher implements ILdapPublisher, IExtendedPluginInfo try { mCaCertAttr = mConfig.getString("caCertAttr", LDAP_CACERT_ATTR); - mCaObjectclass = mConfig.getString("caObjectClass", - LDAP_CA_OBJECTCLASS); + mCaObjectclass = mConfig.getString("caObjectClass", LDAP_CA_OBJECTCLASS); } catch (EBaseException e) { } try { byte[] certEnc = cert.getEncoded(); - LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, - "(objectclass=*)", new String[] { mCaCertAttr, - "objectclass" }, false); + LDAPSearchResults res = + conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", + new String[] { mCaCertAttr, "objectclass" }, false); LDAPEntry entry = res.next(); LDAPAttribute certs = entry.getAttribute(mCaCertAttr); LDAPAttribute ocs = entry.getAttribute("objectclass"); - boolean hasCert = LdapUserCertPublisher.ByteValueExists(certs, - certEnc); + boolean hasCert = + LdapUserCertPublisher.ByteValueExists(certs, certEnc); if (!hasCert) { - log(ILogger.LL_INFO, "unpublish: " + dn - + " has not cert already"); - // throw new ELdapException( - // LdapResources.ALREADY_UNPUBLISHED_1, dn); + log(ILogger.LL_INFO, "unpublish: " + dn + " has not cert already"); + //throw new ELdapException( + // LdapResources.ALREADY_UNPUBLISHED_1, dn); return; } LDAPModificationSet modSet = new LDAPModificationSet(); - modSet.add(LDAPModification.DELETE, new LDAPAttribute(mCaCertAttr, - certEnc)); + modSet.add(LDAPModification.DELETE, + new LDAPAttribute(mCaCertAttr, certEnc)); if (certs.size() == 1) { // if last ca cert, remove oc also. - String[] oclist = mCaObjectclass.split(","); - for (int i = 0; i < oclist.length; i++) { + String[] oclist = mCaObjectclass.split(","); + for (int i =0 ; i < oclist.length; i++) { String oc = oclist[i].trim(); - boolean hasOC = LdapUserCertPublisher.StringValueExists( - ocs, oc); + boolean hasOC = LdapUserCertPublisher.StringValueExists(ocs, oc); if (hasOC) { - log(ILogger.LL_INFO, "unpublish: deleting CA oc" + oc - + " from " + dn); - modSet.add(LDAPModification.DELETE, new LDAPAttribute( - "objectclass", oc)); + log(ILogger.LL_INFO, "unpublish: deleting CA oc" + oc + " from " + dn); + modSet.add(LDAPModification.DELETE, + new LDAPAttribute("objectclass", oc)); } - } + } } - conn.modify(dn, modSet); + conn.modify(dn, modSet); } catch (CertificateEncodingException e) { - CMS.debug("LdapCaCertPublisher: unpublish: Cannot decode cert for " - + dn); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); + CMS.debug("LdapCaCertPublisher: unpublish: Cannot decode cert for " + dn); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage( - "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" - + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", - e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_UNPUBLISH_CACERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_CACERT_ERROR", e.toString())); } } return; @@ -434,7 +415,7 @@ public class LdapCaCertPublisher implements ILdapPublisher, IExtendedPluginInfo */ private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCaPublisher: " + msg); + "LdapCaPublisher: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java index 3ed46b19..0c596f3b 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; + import java.io.IOException; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; @@ -43,11 +44,12 @@ import com.netscape.certsrv.ldap.ELdapServerDownException; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPublisher; -/** - * Interface for mapping a X509 certificate to a LDAP entry Publishes a - * certificate as binary and its subject name. there is one subject name value - * for each certificate. - * + +/** + * Interface for mapping a X509 certificate to a LDAP entry + * Publishes a certificate as binary and its subject name. + * there is one subject name value for each certificate. + * * @version $Revision$, $Date$ */ public class LdapCertSubjPublisher implements ILdapPublisher { @@ -94,20 +96,21 @@ public class LdapCertSubjPublisher implements ILdapPublisher { return mConfig; } - public void init(IConfigStore config) throws EBaseException { + public void init(IConfigStore config) + throws EBaseException { if (mInited) return; mConfig = config; - mCertAttr = mConfig.getString("certAttr", - LdapUserCertPublisher.LDAP_USERCERT_ATTR); - mSubjNameAttr = mConfig.getString("certSubjectName", - LDAP_CERTSUBJNAME_ATTR); + mCertAttr = mConfig.getString("certAttr", + LdapUserCertPublisher.LDAP_USERCERT_ATTR); + mSubjNameAttr = mConfig.getString("certSubjectName", + LDAP_CERTSUBJNAME_ATTR); mInited = true; } /** - * constrcutor using specified certificate attribute and certificate subject - * name attribute. + * constrcutor using specified certificate attribute and + * certificate subject name attribute. */ public LdapCertSubjPublisher(String certAttr, String subjNameAttr) { mCertAttr = certAttr; @@ -131,21 +134,19 @@ public class LdapCertSubjPublisher implements ILdapPublisher { } /** - * publish a user certificate Adds the cert to the multi-valued certificate - * attribute as a DER encoded binary blob. Does not check if cert already - * exists. Then adds the subject name of the cert to the subject name - * attribute. - * + * publish a user certificate + * Adds the cert to the multi-valued certificate attribute as a + * DER encoded binary blob. Does not check if cert already exists. + * Then adds the subject name of the cert to the subject name attribute. * @param conn the LDAP connection * @param dn dn of the entry to publish the certificate - * @param certObj the certificate object. - * @exception ELdapException if cert or subject name already exists, if cert - * encoding fails, if getting cert subject name fails. Use - * ELdapException.getException() to find underlying - * exception. + * @param certObj the certificate object. + * @exception ELdapException if cert or subject name already exists, + * if cert encoding fails, if getting cert subject name fails. + * Use ELdapException.getException() to find underlying exception. */ public void publish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { if (conn == null) { log(ILogger.LL_INFO, "LdapCertSubjPublisher: no LDAP connection"); return; @@ -161,8 +162,8 @@ public class LdapCertSubjPublisher implements ILdapPublisher { byte[] certEnc = cert.getEncoded(); String subjName = ((X500Name) cert.getSubjectDN()).toLdapDNString(); - LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, - "(objectclass=*)", + LDAPSearchResults res = + conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", new String[] { mCertAttr, mSubjNameAttr }, false); LDAPEntry entry = res.next(); @@ -176,14 +177,14 @@ public class LdapCertSubjPublisher implements ILdapPublisher { // check if has subject name already. if (subjnames != null) { - hasSubjname = LdapUserCertPublisher.StringValueExists( - subjnames, subjName); + hasSubjname = + LdapUserCertPublisher.StringValueExists(subjnames, subjName); } // if has both, done. if (hasCert && hasSubjname) { - log(ILogger.LL_INFO, "publish: " + subjName - + " already has cert & subject name"); + log(ILogger.LL_INFO, + "publish: " + subjName + " already has cert & subject name"); return; } @@ -192,53 +193,44 @@ public class LdapCertSubjPublisher implements ILdapPublisher { if (!hasCert) { log(ILogger.LL_INFO, "publish: adding cert to " + subjName); - modSet.add(LDAPModification.ADD, new LDAPAttribute(mCertAttr, - certEnc)); + modSet.add(LDAPModification.ADD, + new LDAPAttribute(mCertAttr, certEnc)); } // add subject name if not already there. if (!hasSubjname) { - log(ILogger.LL_INFO, "publish: adding " + subjName + " to " - + dn); - modSet.add(LDAPModification.ADD, new LDAPAttribute( - mSubjNameAttr, subjName)); + log(ILogger.LL_INFO, "publish: adding " + subjName + " to " + dn); + modSet.add(LDAPModification.ADD, + new LDAPAttribute(mSubjNameAttr, subjName)); } conn.modify(dn, modSet); } catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage( - "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" - + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", - e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString())); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString())); } } /** - * deletes the certificate from the list of certificates. does not check if - * certificate is already there. also takes out the subject name if no other - * certificate remain with the same subject name. + * deletes the certificate from the list of certificates. + * does not check if certificate is already there. + * also takes out the subject name if no other certificate remain + * with the same subject name. */ public void unpublish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { if (!(certObj instanceof X509Certificate)) throw new IllegalArgumentException("Illegal arg to publish"); @@ -250,8 +242,8 @@ public class LdapCertSubjPublisher implements ILdapPublisher { byte[] certEnc = cert.getEncoded(); - LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, - "(objectclass=*)", + LDAPSearchResults res = + conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", new String[] { mCertAttr, mSubjNameAttr }, false); LDAPEntry entry = res.next(); @@ -274,82 +266,74 @@ public class LdapCertSubjPublisher implements ILdapPublisher { try { X509CertImpl certval = new X509CertImpl(val); // XXX use some sort of X500name equals function here. - String subjnam = ((X500Name) certval.getSubjectDN()) - .toLdapDNString(); + String subjnam = + ((X500Name) certval.getSubjectDN()).toLdapDNString(); if (subjnam.equalsIgnoreCase(subjName)) { hasAnotherCert = true; } } catch (CertificateEncodingException e) { // ignore this certificate. - CMS.debug("LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered"); + CMS.debug( + "LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered"); } catch (CertificateException e) { // ignore this certificate. - CMS.debug("LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered"); + CMS.debug( + "LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered"); } } } // check if doesn't have subject name already. if (subjnames != null) { - hasSubjname = LdapUserCertPublisher.StringValueExists( - subjnames, subjName); + hasSubjname = + LdapUserCertPublisher.StringValueExists(subjnames, subjName); } // if doesn't have both, done. if (!hasCert && !hasSubjname) { - log(ILogger.LL_INFO, "unpublish: " + subjName - + " already has not cert & subjname"); + log(ILogger.LL_INFO, + "unpublish: " + subjName + " already has not cert & subjname"); return; } - // delete cert if there. + // delete cert if there. LDAPModificationSet modSet = new LDAPModificationSet(); if (hasCert) { - log(ILogger.LL_INFO, "unpublish: deleting cert " + subjName - + " from " + dn); - modSet.add(LDAPModification.DELETE, new LDAPAttribute( - mCertAttr, certEnc)); + log(ILogger.LL_INFO, + "unpublish: deleting cert " + subjName + " from " + dn); + modSet.add(LDAPModification.DELETE, + new LDAPAttribute(mCertAttr, certEnc)); } // delete subject name if no other cert has the same name. if (hasSubjname && !hasAnotherCert) { - log(ILogger.LL_INFO, "unpublish: deleting subject name " - + subjName + " from " + dn); - modSet.add(LDAPModification.DELETE, new LDAPAttribute( - mSubjNameAttr, subjName)); + log(ILogger.LL_INFO, + "unpublish: deleting subject name " + subjName + " from " + dn); + modSet.add(LDAPModification.DELETE, + new LDAPAttribute(mSubjNameAttr, subjName)); } - conn.modify(dn, modSet); + conn.modify(dn, modSet); } catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_DECODING_CERT_FAILED", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_DECODING_CERT_FAILED", e.toString())); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_GET_LDAP_DN_STRING_FAILED", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_LDAP_DN_STRING_FAILED", e.toString())); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage( - "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" - + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", - e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_UNPUBLISH_USERCERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_USERCERT_ERROR", e.toString())); } } return; @@ -357,7 +341,7 @@ public class LdapCertSubjPublisher implements ILdapPublisher { private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCertSubjPublisher: " + msg); + "LdapCertSubjPublisher: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java index d61f5bf6..e4a7e0b7 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; + import java.util.Locale; import java.util.Vector; @@ -38,14 +39,15 @@ import com.netscape.certsrv.ldap.ELdapServerDownException; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPublisher; -/** - * module for publishing a cross certificate pair to ldap crossCertificatePair - * attribute - * + +/** + * module for publishing a cross certificate pair to ldap + * crossCertificatePair attribute + * * @version $Revision$, $Date$ */ -public class LdapCertificatePairPublisher implements ILdapPublisher, - IExtendedPluginInfo { +public class LdapCertificatePairPublisher + implements ILdapPublisher, IExtendedPluginInfo { public static final String LDAP_CROSS_CERT_PAIR_ATTR = "crossCertificatePair;binary"; public static final String LDAP_CA_OBJECTCLASS = "pkiCA"; public static final String LDAP_ARL_ATTR = "authorityRevocationList;binary"; @@ -70,14 +72,15 @@ public class LdapCertificatePairPublisher implements ILdapPublisher, public String[] getExtendedPluginInfo(Locale locale) { String s[] = { "crossCertPairAttr;string;Name of Ldap attribute in which to store cross certificates", - "caObjectClass;string;The name of the objectclasses which should be " - + "added to this entry, if they do not already exist. This can be " - + "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)", - IExtendedPluginInfo.HELP_TOKEN - + ";configuration-ldappublish-publisher-crosscertpairpublisher", - IExtendedPluginInfo.HELP_TEXT - + ";This plugin knows how to publish the CA cert to " - + "'certificateAuthority' and 'pkiCA' -type entries" }; + "caObjectClass;string;The name of the objectclasses which should be " + + "added to this entry, if they do not already exist. This can be " + + "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ldappublish-publisher-crosscertpairpublisher", + IExtendedPluginInfo.HELP_TEXT + + ";This plugin knows how to publish the CA cert to " + + "'certificateAuthority' and 'pkiCA' -type entries" + }; return s; } @@ -114,14 +117,14 @@ public class LdapCertificatePairPublisher implements ILdapPublisher, return mConfig; } - public void init(IConfigStore config) throws EBaseException { - if (mInited) + public void init(IConfigStore config) + throws EBaseException { + if (mInited) return; mConfig = config; - mCrossCertPairAttr = mConfig.getString("crossCertPairAttr", - LDAP_CROSS_CERT_PAIR_ATTR); - mCaObjectclass = mConfig - .getString("caObjectClass", LDAP_CA_OBJECTCLASS); + mCrossCertPairAttr = mConfig.getString("crossCertPairAttr", LDAP_CROSS_CERT_PAIR_ATTR); + mCaObjectclass = mConfig.getString("caObjectClass", + LDAP_CA_OBJECTCLASS); mObjAdded = mConfig.getString("caObjectClassAdded", ""); mObjDeleted = mConfig.getString("caObjectClassDeleted", ""); @@ -129,8 +132,7 @@ public class LdapCertificatePairPublisher implements ILdapPublisher, } // don't think anyone would ever use this but just in case. - public LdapCertificatePairPublisher(String crossCertPairAttr, - String caObjectclass) { + public LdapCertificatePairPublisher(String crossCertPairAttr, String caObjectclass) { mCrossCertPairAttr = crossCertPairAttr; mCaObjectclass = caObjectclass; mInited = true; @@ -151,126 +153,116 @@ public class LdapCertificatePairPublisher implements ILdapPublisher, } /** - * publish a certificatePair -should not be called from listeners. - * + * publish a certificatePair + * -should not be called from listeners. * @param conn the LDAP connection * @param dn dn of the entry to publish the XcertificatePair - * @param pair the Xcertificate bytes object. + * @param pair the Xcertificate bytes object. */ public synchronized void publish(LDAPConnection conn, String dn, Object pair) - throws ELdapException { + throws ELdapException { publish(conn, dn, (byte[]) pair); } /** - * publish a certificatePair -should not be called from listeners. - * + * publish a certificatePair + * -should not be called from listeners. * @param conn the LDAP connection * @param dn dn of the entry to publish the XcertificatePair * @param pair the cross cert bytes */ - public synchronized void publish(LDAPConnection conn, String dn, byte[] pair) - throws ELdapException { + public synchronized void publish(LDAPConnection conn, String dn, + byte[] pair) + throws ELdapException { if (conn == null) { - log(ILogger.LL_INFO, - "LdapCertificatePairPublisher: no LDAP connection"); + log(ILogger.LL_INFO, "LdapCertificatePairPublisher: no LDAP connection"); return; } try { - mCrossCertPairAttr = mConfig.getString("crossCertPairAttr", - LDAP_CROSS_CERT_PAIR_ATTR); - mCaObjectclass = mConfig.getString("caObjectClass", - LDAP_CA_OBJECTCLASS); + mCrossCertPairAttr = mConfig.getString("crossCertPairAttr", LDAP_CROSS_CERT_PAIR_ATTR); + mCaObjectclass = mConfig.getString("caObjectClass", LDAP_CA_OBJECTCLASS); } catch (EBaseException e) { } try { // search for attributes to determine if they exist - LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, - "(objectclass=*)", new String[] { LDAP_CACERT_ATTR, - LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true); + LDAPSearchResults res = + conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", + new String[] { LDAP_CACERT_ATTR, LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true); LDAPEntry entry = res.next(); LDAPAttribute certs = entry.getAttribute(LDAP_CACERT_ATTR); LDAPAttribute arls = entry.getAttribute(LDAP_ARL_ATTR); LDAPAttribute crls = entry.getAttribute(LDAP_CRL_ATTR); // search for objectclass and crosscertpair attributes and values - LDAPSearchResults res1 = conn.search(dn, LDAPv2.SCOPE_BASE, - "(objectclass=*)", new String[] { "objectclass", - mCrossCertPairAttr }, false); + LDAPSearchResults res1 = + conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", + new String[] { "objectclass", mCrossCertPairAttr }, false); LDAPEntry entry1 = res1.next(); LDAPAttribute ocs = entry1.getAttribute("objectclass"); - LDAPAttribute certPairs = entry1 - .getAttribute("crosscertificatepair;binary"); + LDAPAttribute certPairs = entry1.getAttribute("crosscertificatepair;binary"); LDAPModificationSet modSet = new LDAPModificationSet(); - boolean hasCert = LdapUserCertPublisher.ByteValueExists(certPairs, - pair); - if (LdapUserCertPublisher.ByteValueExists(certPairs, pair)) { + boolean hasCert = LdapUserCertPublisher.ByteValueExists(certPairs, pair); + if (LdapUserCertPublisher.ByteValueExists(certPairs, pair)) { CMS.debug("LdapCertificatePairPublisher: cross cert pair bytes exist in publishing directory, do not publish again."); return; } if (hasCert) { - log(ILogger.LL_INFO, "publish: CA " + dn - + " already has cross cert pair bytes"); + log(ILogger.LL_INFO, "publish: CA " + dn + " already has cross cert pair bytes"); } else { - modSet.add(LDAPModification.ADD, new LDAPAttribute( - mCrossCertPairAttr, pair)); + modSet.add(LDAPModification.ADD, + new LDAPAttribute(mCrossCertPairAttr, pair)); log(ILogger.LL_INFO, "cross cert pair published with dn=" + dn); } String[] oclist = mCaObjectclass.split(","); boolean attrsAdded = false; - for (int i = 0; i < oclist.length; i++) { + for (int i=0; i < oclist.length; i++) { String oc = oclist[i].trim(); - boolean hasoc = LdapUserCertPublisher - .StringValueExists(ocs, oc); + boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, oc); if (!hasoc) { - log(ILogger.LL_INFO, "adding CA objectclass " + oc + " to " - + dn); - modSet.add(LDAPModification.ADD, new LDAPAttribute( - "objectclass", oc)); + log(ILogger.LL_INFO, "adding CA objectclass " + oc + " to " + dn); + modSet.add(LDAPModification.ADD, + new LDAPAttribute("objectclass", oc)); - if ((!attrsAdded) - && oc.equalsIgnoreCase("certificationAuthority")) { + if ((!attrsAdded) && oc.equalsIgnoreCase("certificationAuthority")) { // add MUST attributes - if (arls == null) - modSet.add(LDAPModification.ADD, new LDAPAttribute( - LDAP_ARL_ATTR, "")); + if (arls == null) + modSet.add(LDAPModification.ADD, + new LDAPAttribute(LDAP_ARL_ATTR, "")); if (crls == null) - modSet.add(LDAPModification.ADD, new LDAPAttribute( - LDAP_CRL_ATTR, "")); + modSet.add(LDAPModification.ADD, + new LDAPAttribute(LDAP_CRL_ATTR, "")); if (certs == null) - modSet.add(LDAPModification.ADD, new LDAPAttribute( - LDAP_CACERT_ATTR, "")); + modSet.add(LDAPModification.ADD, + new LDAPAttribute(LDAP_CACERT_ATTR, "")); attrsAdded = true; } } - } + } // delete objectclasses that have been deleted from config String[] delList = mObjDeleted.split(","); if (delList.length > 0) { - for (int i = 0; i < delList.length; i++) { + for (int i=0; i< delList.length; i++) { String deloc = delList[i].trim(); - boolean hasoc = LdapUserCertPublisher.StringValueExists( - ocs, deloc); + boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, deloc); boolean match = false; - for (int j = 0; j < oclist.length; j++) { + for (int j=0; j< oclist.length; j++) { if ((oclist[j].trim()).equals(deloc)) { match = true; break; } } if (!match && hasoc) { - log(ILogger.LL_INFO, "deleting CRL objectclass " - + deloc + " from " + dn); - modSet.add(LDAPModification.DELETE, new LDAPAttribute( - "objectclass", deloc)); + log(ILogger.LL_INFO, "deleting CRL objectclass " + deloc + " from " + dn); + modSet.add(LDAPModification.DELETE, + new LDAPAttribute("objectclass", deloc)); } } } @@ -284,29 +276,22 @@ public class LdapCertificatePairPublisher implements ILdapPublisher, try { mConfig.commit(false); } catch (Exception e) { - log(ILogger.LL_INFO, - "Failure in updating mObjAdded and mObjDeleted"); + log(ILogger.LL_INFO, "Failure in updating mObjAdded and mObjDeleted"); } } - if (modSet.size() > 0) - conn.modify(dn, modSet); + if (modSet.size() > 0) conn.modify(dn, modSet); CMS.debug("LdapCertificatePairPublisher: in publish() just published"); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage( - "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" - + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", - e.toString())); - throw new ELdapException("error publishing cross cert pair:" - + e.toString()); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString())); + throw new ELdapException("error publishing cross cert pair:" + e.toString()); } } return; @@ -316,7 +301,7 @@ public class LdapCertificatePairPublisher implements ILdapPublisher, * unsupported */ public void unpublish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { CMS.debug("LdapCertificatePairPublisher: unpublish() is unsupported in this revision"); } @@ -325,7 +310,7 @@ public class LdapCertificatePairPublisher implements ILdapPublisher, */ private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCertificatePairPublisher: " + msg); + "LdapCertificatePairPublisher: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java index e6a4e45c..22dc1294 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; + import java.security.cert.CRLException; import java.security.cert.X509CRL; import java.util.Locale; @@ -41,9 +42,10 @@ import com.netscape.certsrv.ldap.ELdapServerDownException; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPublisher; + /** - * For publishing master or global CRL. Publishes (replaces) the CRL in the CA's - * LDAP entry. + * For publishing master or global CRL. + * Publishes (replaces) the CRL in the CA's LDAP entry. * * @version $Revision$, $Date$ */ @@ -79,15 +81,16 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { public String[] getExtendedPluginInfo(Locale locale) { String[] params = { "crlAttr;string;Name of Ldap attribute in which to store the CRL", - "crlObjectClass;string;The name of the objectclasses which should be " - + "added to this entry, if they do not already exist. This can be a comma-" - + "separated list such as 'certificationAuthority,certificationAuthority-V2' " - + "(if using RFC 2256) or 'pkiCA, deltaCRL' (if using RFC 4523)", - IExtendedPluginInfo.HELP_TOKEN - + ";configuration-ldappublish-publisher-crlpublisher", - IExtendedPluginInfo.HELP_TEXT - + ";This plugin knows how to publish CRL's to " - + "'certificateAuthority' and 'pkiCA' -type entries" }; + "crlObjectClass;string;The name of the objectclasses which should be " + + "added to this entry, if they do not already exist. This can be a comma-" + + "separated list such as 'certificationAuthority,certificationAuthority-V2' " + + "(if using RFC 2256) or 'pkiCA, deltaCRL' (if using RFC 4523)", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ldappublish-publisher-crlpublisher", + IExtendedPluginInfo.HELP_TEXT + + ";This plugin knows how to publish CRL's to " + + "'certificateAuthority' and 'pkiCA' -type entries" + }; return params; } @@ -112,13 +115,14 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { return mConfig; } - public void init(IConfigStore config) throws EBaseException { + public void init(IConfigStore config) + throws EBaseException { if (mInited) return; mConfig = config; mCrlAttr = mConfig.getString("crlAttr", LDAP_CRL_ATTR); mCrlObjectClass = mConfig.getString("crlObjectClass", - LDAP_CRL_OBJECTCLASS); + LDAP_CRL_OBJECTCLASS); mObjAdded = mConfig.getString("crlObjectClassAdded", ""); mObjDeleted = mConfig.getString("crlObjectClassDeleted", ""); @@ -138,11 +142,11 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { } /** - * Replaces the CRL in the certificateRevocationList attribute. CRL's are - * published as a DER encoded blob. + * Replaces the CRL in the certificateRevocationList attribute. + * CRL's are published as a DER encoded blob. */ public void publish(LDAPConnection conn, String dn, Object crlObj) - throws ELdapException { + throws ELdapException { if (conn == null) { log(ILogger.LL_INFO, "publish CRL: no LDAP connection"); return; @@ -150,8 +154,7 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { try { mCrlAttr = mConfig.getString("crlAttr", LDAP_CRL_ATTR); - mCrlObjectClass = mConfig.getString("crlObjectClass", - LDAP_CRL_OBJECTCLASS); + mCrlObjectClass = mConfig.getString("crlObjectClass", LDAP_CRL_OBJECTCLASS); } catch (EBaseException e) { } @@ -159,29 +162,28 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { // see if we should create local connection LDAPConnection altConn = null; try { - String host = mConfig.getString("host", null); - String port = mConfig.getString("port", null); - if (host != null && port != null) { - int portVal = Integer.parseInt(port); - int version = Integer.parseInt(mConfig - .getString("version", "2")); - String cert_nick = mConfig - .getString("clientCertNickname", null); - LDAPSSLSocketFactoryExt sslSocket = null; - if (cert_nick != null) { - sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick); - } - String mgr_dn = mConfig.getString("bindDN", null); - String mgr_pwd = mConfig.getString("bindPWD", null); - - altConn = CMS.getBoundConnection(host, portVal, version, - sslSocket, mgr_dn, mgr_pwd); - conn = altConn; + String host = mConfig.getString("host", null); + String port = mConfig.getString("port", null); + if (host != null && port != null) { + int portVal = Integer.parseInt(port); + int version = Integer.parseInt(mConfig.getString("version", "2")); + String cert_nick = mConfig.getString("clientCertNickname", null); + LDAPSSLSocketFactoryExt sslSocket = null; + if (cert_nick != null) { + sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick); } + String mgr_dn = mConfig.getString("bindDN", null); + String mgr_pwd = mConfig.getString("bindPWD", null); + + altConn = CMS.getBoundConnection(host, portVal, + version, + sslSocket, mgr_dn, mgr_pwd); + conn = altConn; + } } catch (LDAPException e) { - CMS.debug("Failed to create alt connection " + e); + CMS.debug("Failed to create alt connection " + e); } catch (EBaseException e) { - CMS.debug("Failed to create alt connection " + e); + CMS.debug("Failed to create alt connection " + e); } try { @@ -192,11 +194,10 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { LDAPSearchResults res = null; if (mCrlAttr.equals(LDAP_CRL_ATTR)) { res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", - new String[] { LDAP_CACERT_ATTR, LDAP_ARL_ATTR }, true); + new String[] { LDAP_CACERT_ATTR, LDAP_ARL_ATTR }, true); } else { res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", - new String[] { LDAP_CRL_ATTR, LDAP_CACERT_ATTR, - LDAP_ARL_ATTR }, true); + new String[] { LDAP_CRL_ATTR, LDAP_CACERT_ATTR, LDAP_ARL_ATTR }, true); } LDAPEntry entry = res.next(); @@ -215,56 +216,50 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { String[] oclist = mCrlObjectClass.split(","); boolean attrsAdded = false; - for (int i = 0; i < oclist.length; i++) { + for (int i=0; i < oclist.length; i++) { String oc = oclist[i].trim(); - boolean hasoc = LdapUserCertPublisher - .StringValueExists(ocs, oc); + boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, oc); if (!hasoc) { - log(ILogger.LL_INFO, "adding CRL objectclass " + oc - + " to " + dn); - modSet.add(LDAPModification.ADD, new LDAPAttribute( - "objectclass", oc)); + log(ILogger.LL_INFO, "adding CRL objectclass " + oc + " to " + dn); + modSet.add(LDAPModification.ADD, + new LDAPAttribute("objectclass", oc)); - if ((!attrsAdded) - && oc.equalsIgnoreCase("certificationAuthority")) { + if ((!attrsAdded) && oc.equalsIgnoreCase("certificationAuthority")) { // add MUST attributes if (arls == null) - modSet.add(LDAPModification.ADD, new LDAPAttribute( - LDAP_ARL_ATTR, "")); + modSet.add(LDAPModification.ADD, + new LDAPAttribute(LDAP_ARL_ATTR, "")); if (certs == null) - modSet.add(LDAPModification.ADD, new LDAPAttribute( - LDAP_CACERT_ATTR, "")); + modSet.add(LDAPModification.ADD, + new LDAPAttribute(LDAP_CACERT_ATTR, "")); - if ((crls == null) && (!mCrlAttr.equals(LDAP_CRL_ATTR))) - modSet.add(LDAPModification.ADD, new LDAPAttribute( - LDAP_CRL_ATTR, "")); + if ((crls == null) && (!mCrlAttr.equals(LDAP_CRL_ATTR))) + modSet.add(LDAPModification.ADD, + new LDAPAttribute(LDAP_CRL_ATTR, "")); attrsAdded = true; } } } - modSet.add(LDAPModification.REPLACE, new LDAPAttribute(mCrlAttr, - crlEnc)); + modSet.add(LDAPModification.REPLACE, new LDAPAttribute(mCrlAttr, crlEnc)); // delete objectclasses that have been deleted from config String[] delList = mObjDeleted.split(","); if (delList.length > 0) { - for (int i = 0; i < delList.length; i++) { + for (int i=0; i< delList.length; i++) { String deloc = delList[i].trim(); - boolean hasoc = LdapUserCertPublisher.StringValueExists( - ocs, deloc); + boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, deloc); boolean match = false; - for (int j = 0; j < oclist.length; j++) { + for (int j=0; j< oclist.length; j++) { if ((oclist[j].trim()).equals(deloc)) { match = true; break; } } if (!match && hasoc) { - log(ILogger.LL_INFO, "deleting CRL objectclass " - + deloc + " from " + dn); - modSet.add(LDAPModification.DELETE, new LDAPAttribute( - "objectclass", deloc)); + log(ILogger.LL_INFO, "deleting CRL objectclass " + deloc + " from " + dn); + modSet.add(LDAPModification.DELETE, + new LDAPAttribute("objectclass", deloc)); } } } @@ -278,64 +273,56 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { try { mConfig.commit(false); } catch (Exception e) { - log(ILogger.LL_INFO, - "Failure in updating mObjAdded and mObjDeleted"); + log(ILogger.LL_INFO, "Failure in updating mObjAdded and mObjDeleted"); } - } + } conn.modify(dn, modSet); } catch (CRLException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_PUBLISH_CRL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_CRL_ERROR", e.toString())); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage( - "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" - + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "PUBLISH_PUBLISH_ERROR", e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_PUBLISH_CRL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_CRL_ERROR", e.toString())); } } finally { - if (altConn != null) { - try { - altConn.disconnect(); - } catch (LDAPException e) { - // safely ignored - } - } + if (altConn != null) { + try { + altConn.disconnect(); + } catch (LDAPException e) { + // safely ignored + } + } } } /** - * There shouldn't be a need to call this. CRLs are always replaced but this - * is implemented anyway in case there is ever a reason to remove a global - * CRL. + * There shouldn't be a need to call this. + * CRLs are always replaced but this is implemented anyway in case + * there is ever a reason to remove a global CRL. */ public void unpublish(LDAPConnection conn, String dn, Object crlObj) - throws ELdapException { + throws ELdapException { try { byte[] crlEnc = ((X509CRL) crlObj).getEncoded(); try { mCrlAttr = mConfig.getString("crlAttr", LDAP_CRL_ATTR); - mCrlObjectClass = mConfig.getString("crlObjectClass", - LDAP_CRL_OBJECTCLASS); + mCrlObjectClass = mConfig.getString("crlObjectClass", LDAP_CRL_OBJECTCLASS); } catch (EBaseException e) { } + LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, - "(objectclass=*)", - new String[] { mCrlAttr, "objectclass" }, false); + "(objectclass=*)", new String[] { mCrlAttr, "objectclass" }, false); LDAPEntry e = res.next(); LDAPAttribute crls = e.getAttribute(mCrlAttr); LDAPAttribute ocs = e.getAttribute("objectclass"); @@ -343,23 +330,21 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { LDAPModificationSet modSet = new LDAPModificationSet(); boolean hasOC = false; - boolean hasCRL = LdapUserCertPublisher - .ByteValueExists(crls, crlEnc); + boolean hasCRL = + LdapUserCertPublisher.ByteValueExists(crls, crlEnc); if (hasCRL) { - modSet.add(LDAPModification.DELETE, new LDAPAttribute(mCrlAttr, - crlEnc)); + modSet.add(LDAPModification.DELETE, + new LDAPAttribute(mCrlAttr, crlEnc)); } - + String[] oclist = mCrlObjectClass.split(","); - for (int i = 0; i < oclist.length; i++) { + for (int i=0; i < oclist.length; i++) { String oc = oclist[i].trim(); if (LdapUserCertPublisher.StringValueExists(ocs, oc)) { - log(ILogger.LL_INFO, - "unpublish: deleting CRL object class " + oc - + " from " + dn); - modSet.add(LDAPModification.DELETE, new LDAPAttribute( - "objectClass", oc)); + log(ILogger.LL_INFO, "unpublish: deleting CRL object class " + oc + " from " + dn); + modSet.add(LDAPModification.DELETE, + new LDAPAttribute("objectClass", oc)); hasOC = true; } } @@ -367,29 +352,22 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { if (hasCRL || hasOC) { conn.modify(dn, modSet); } else { - log(ILogger.LL_INFO, "unpublish: " + dn - + " already has not CRL"); + log(ILogger.LL_INFO, + "unpublish: " + dn + " already has not CRL"); } } catch (CRLException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_PUBLISH_CRL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_CRL_ERROR", e.toString())); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage( - "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" - + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", - e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_UNPUBLISH_CRL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_CRL_ERROR", e.toString())); } } return; @@ -397,6 +375,6 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapCrlPublisher: " + msg); + "LdapCrlPublisher: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java index 0dedf8f4..902763b4 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; + import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateEncodingException; @@ -50,13 +51,13 @@ import com.netscape.certsrv.ldap.ELdapServerDownException; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPublisher; -/** - * Interface for mapping a X509 certificate to a LDAP entry - * + +/** + * Interface for mapping a X509 certificate to a LDAP entry + * * @version $Revision$, $Date$ */ -public class LdapEncryptCertPublisher implements ILdapPublisher, - IExtendedPluginInfo { +public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPluginInfo { public static final String LDAP_USERCERT_ATTR = "userCertificate;binary"; public static final String PROP_REVOKE_CERT = "revokeCert"; @@ -80,10 +81,11 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, public String[] getExtendedPluginInfo(Locale locale) { String[] params = { "certAttr;string;LDAP attribute in which to store the certificate", - IExtendedPluginInfo.HELP_TOKEN - + ";configuration-ldappublish-publisher-usercertpublisher", - IExtendedPluginInfo.HELP_TEXT - + ";This plugin knows how to publish user certificates" }; + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ldappublish-publisher-usercertpublisher", + IExtendedPluginInfo.HELP_TEXT + + ";This plugin knows how to publish user certificates" + }; return params; @@ -107,7 +109,8 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, return mConfig; } - public void init(IConfigStore config) throws EBaseException { + public void init(IConfigStore config) + throws EBaseException { if (mInited) return; mConfig = config; @@ -121,16 +124,16 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, } /** - * publish a user certificate Adds the cert to the multi-valued certificate - * attribute as a DER encoded binary blob. Does not check if cert already - * exists. + * publish a user certificate + * Adds the cert to the multi-valued certificate attribute as a + * DER encoded binary blob. Does not check if cert already exists. * * @param conn the LDAP connection * @param dn dn of the entry to publish the certificate - * @param certObj the certificate object. + * @param certObj the certificate object. */ public void publish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { if (conn == null) return; @@ -144,52 +147,45 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, byte[] certEnc = cert.getEncoded(); // check if cert already exists. - LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, + LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", new String[] { mCertAttr }, false); LDAPEntry entry = res.next(); - LDAPAttribute attr = getModificationAttribute( - entry.getAttribute(mCertAttr), certEnc); + LDAPAttribute attr = getModificationAttribute(entry.getAttribute(mCertAttr), certEnc); if (attr == null) { log(ILogger.LL_INFO, "publish: " + dn + " already has cert."); return; } - // publish - LDAPModification mod = new LDAPModification( - LDAPModification.REPLACE, attr); + // publish + LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, attr); - conn.modify(dn, mod); + conn.modify(dn, mod); } catch (CertificateEncodingException e) { - CMS.debug("LdapEncryptCertPublisher: error in publish: " - + e.toString()); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); + CMS.debug("LdapEncryptCertPublisher: error in publish: " + e.toString()); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage( - "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" - + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "PUBLISH_PUBLISH_ERROR", e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString())); } } return; } /** - * unpublish a user certificate deletes the certificate from the list of - * certificates. does not check if certificate is already there. + * unpublish a user certificate + * deletes the certificate from the list of certificates. + * does not check if certificate is already there. */ public void unpublish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { if (!(certObj instanceof X509Certificate)) throw new IllegalArgumentException("Illegal arg to publish"); @@ -199,7 +195,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, byte[] certEnc = cert.getEncoded(); // check if cert already deleted. - LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, + LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", new String[] { mCertAttr }, false); LDAPEntry entry = res.next(); @@ -208,31 +204,23 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, return; } - LDAPModification mod = new LDAPModification( - LDAPModification.DELETE, new LDAPAttribute(mCertAttr, - certEnc)); + LDAPModification mod = new LDAPModification(LDAPModification.DELETE, + new LDAPAttribute(mCertAttr, certEnc)); - conn.modify(dn, mod); + conn.modify(dn, mod); } catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage( - "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" - + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", - e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_UNPUBLISH_USERCERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_USERCERT_ERROR", e.toString())); } } return; @@ -240,11 +228,11 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapUserCertPublisher: " + msg); + "LdapUserCertPublisher: " + msg); } - public LDAPAttribute getModificationAttribute(LDAPAttribute attr, - byte[] bval) { + public LDAPAttribute getModificationAttribute( + LDAPAttribute attr, byte[] bval) { LDAPAttribute at = new LDAPAttribute(attr.getName(), bval); // determine if the given cert is a signing or an encryption @@ -268,13 +256,13 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, X509CertImpl cert = new X509CertImpl(val); log(ILogger.LL_INFO, "Checking " + cert); - if (CMS.isEncryptionCert(thisCert) - && CMS.isEncryptionCert(cert)) { + if (CMS.isEncryptionCert(thisCert) && + CMS.isEncryptionCert(cert)) { // skip log(ILogger.LL_INFO, "SKIP ENCRYPTION " + cert); revokeCert(cert); - } else if (CMS.isSigningCert(thisCert) - && CMS.isSigningCert(cert)) { + } else if (CMS.isSigningCert(thisCert) && + CMS.isSigningCert(cert)) { // skip log(ILogger.LL_INFO, "SKIP SIGNING " + cert); revokeCert(cert); @@ -282,35 +270,33 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, at.addValue(val); } } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_CHECK_FAILED", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CHECK_FAILED", e.toString())); } } return at; } - private RevokedCertImpl formCRLEntry(BigInteger serialNo, - RevocationReason reason) throws EBaseException { + private RevokedCertImpl formCRLEntry( + BigInteger serialNo, RevocationReason reason) + throws EBaseException { CRLReasonExtension reasonExt = new CRLReasonExtension(reason); CRLExtensions crlentryexts = new CRLExtensions(); try { crlentryexts.set(CRLReasonExtension.NAME, reasonExt); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_SET_CRL_REASON", - reason.toString(), e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_SET_CRL_REASON", reason.toString(), e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_INTERNAL_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } - RevokedCertImpl crlentry = new RevokedCertImpl(serialNo, new Date(), - crlentryexts); + RevokedCertImpl crlentry = + new RevokedCertImpl(serialNo, new Date(), crlentryexts); return crlentry; } - private void revokeCert(X509CertImpl cert) throws EBaseException { + private void revokeCert(X509CertImpl cert) + throws EBaseException { try { if (mConfig.getBoolean(PROP_REVOKE_CERT, true) == false) { return; @@ -320,11 +306,11 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, } BigInteger serialNum = cert.getSerialNumber(); // need to revoke certificate also - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem("ca"); ICAService service = (ICAService) ca.getCAService(); - RevokedCertImpl crlEntry = formCRLEntry(serialNum, - RevocationReason.KEY_COMPROMISE); + RevokedCertImpl crlEntry = formCRLEntry( + serialNum, RevocationReason.KEY_COMPROMISE); service.revokeCert(crlEntry); } @@ -368,3 +354,4 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, } } + diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java index 3867a3b8..f612d005 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; + import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.Enumeration; @@ -42,13 +43,13 @@ import com.netscape.certsrv.logging.AuditFormat; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.ILdapPublisher; -/** - * Interface for mapping a X509 certificate to a LDAP entry - * + +/** + * Interface for mapping a X509 certificate to a LDAP entry + * * @version $Revision$, $Date$ */ -public class LdapUserCertPublisher implements ILdapPublisher, - IExtendedPluginInfo { +public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInfo { public static final String LDAP_USERCERT_ATTR = "userCertificate;binary"; protected String mCertAttr = LDAP_USERCERT_ATTR; @@ -70,10 +71,11 @@ public class LdapUserCertPublisher implements ILdapPublisher, public String[] getExtendedPluginInfo(Locale locale) { String[] params = { "certAttr;string;LDAP attribute in which to store the certificate", - IExtendedPluginInfo.HELP_TOKEN - + ";configuration-ldappublish-publisher-usercertpublisher", - IExtendedPluginInfo.HELP_TEXT - + ";This plugin knows how to publish user certificates" }; + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ldappublish-publisher-usercertpublisher", + IExtendedPluginInfo.HELP_TEXT + + ";This plugin knows how to publish user certificates" + }; return params; @@ -97,7 +99,8 @@ public class LdapUserCertPublisher implements ILdapPublisher, return mConfig; } - public void init(IConfigStore config) throws EBaseException { + public void init(IConfigStore config) + throws EBaseException { if (mInited) return; mConfig = config; @@ -110,16 +113,16 @@ public class LdapUserCertPublisher implements ILdapPublisher, } /** - * publish a user certificate Adds the cert to the multi-valued certificate - * attribute as a DER encoded binary blob. Does not check if cert already - * exists. + * publish a user certificate + * Adds the cert to the multi-valued certificate attribute as a + * DER encoded binary blob. Does not check if cert already exists. * * @param conn the LDAP connection * @param dn dn of the entry to publish the certificate - * @param certObj the certificate object. + * @param certObj the certificate object. */ public void publish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { if (conn == null) return; @@ -127,29 +130,28 @@ public class LdapUserCertPublisher implements ILdapPublisher, // see if we should create local connection LDAPConnection altConn = null; try { - String host = mConfig.getString("host", null); - String port = mConfig.getString("port", null); - if (host != null && port != null) { - int portVal = Integer.parseInt(port); - int version = Integer.parseInt(mConfig - .getString("version", "2")); - String cert_nick = mConfig - .getString("clientCertNickname", null); - LDAPSSLSocketFactoryExt sslSocket = null; - if (cert_nick != null) { - sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick); - } - String mgr_dn = mConfig.getString("bindDN", null); - String mgr_pwd = mConfig.getString("bindPWD", null); - - altConn = CMS.getBoundConnection(host, portVal, version, - sslSocket, mgr_dn, mgr_pwd); - conn = altConn; + String host = mConfig.getString("host", null); + String port = mConfig.getString("port", null); + if (host != null && port != null) { + int portVal = Integer.parseInt(port); + int version = Integer.parseInt(mConfig.getString("version", "2")); + String cert_nick = mConfig.getString("clientCertNickname", null); + LDAPSSLSocketFactoryExt sslSocket = null; + if (cert_nick != null) { + sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick); } + String mgr_dn = mConfig.getString("bindDN", null); + String mgr_pwd = mConfig.getString("bindPWD", null); + + altConn = CMS.getBoundConnection(host, portVal, + version, + sslSocket, mgr_dn, mgr_pwd); + conn = altConn; + } } catch (LDAPException e) { - CMS.debug("Failed to create alt connection " + e); + CMS.debug("Failed to create alt connection " + e); } catch (EBaseException e) { - CMS.debug("Failed to create alt connection " + e); + CMS.debug("Failed to create alt connection " + e); } if (!(certObj instanceof X509Certificate)) @@ -167,7 +169,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, byte[] certEnc = cert.getEncoded(); // check if cert already exists. - LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, + LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", new String[] { mCertAttr }, false); LDAPEntry entry = res.next(); @@ -176,65 +178,59 @@ public class LdapUserCertPublisher implements ILdapPublisher, return; } - // publish + // publish LDAPModification mod = null; if (deleteCert) { - mod = new LDAPModification(LDAPModification.REPLACE, - new LDAPAttribute(mCertAttr, certEnc)); + mod = new LDAPModification(LDAPModification.REPLACE, + new LDAPAttribute(mCertAttr, certEnc)); } else { - mod = new LDAPModification(LDAPModification.ADD, - new LDAPAttribute(mCertAttr, certEnc)); + mod = new LDAPModification(LDAPModification.ADD, + new LDAPAttribute(mCertAttr, certEnc)); } - conn.modify(dn, mod); + conn.modify(dn, mod); // log a successful message to the "transactions" log - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_LDAP, - ILogger.LL_INFO, - AuditFormat.LDAP_PUBLISHED_FORMAT, - new Object[] { "LdapUserCertPublisher", - cert.getSerialNumber().toString(16), - cert.getSubjectDN() }); + mLogger.log( ILogger.EV_AUDIT, + ILogger.S_LDAP, + ILogger.LL_INFO, + AuditFormat.LDAP_PUBLISHED_FORMAT, + new Object[] { "LdapUserCertPublisher", + cert.getSerialNumber().toString(16), + cert.getSubjectDN() } ); } catch (CertificateEncodingException e) { - CMS.debug("LdapUserCertPublisher: error in publish: " - + e.toString()); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); + CMS.debug("LdapUserCertPublisher: error in publish: " + e.toString()); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage( - "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" - + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "PUBLISH_PUBLISH_ERROR", e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString())); } } finally { - if (altConn != null) { - try { - altConn.disconnect(); - } catch (LDAPException e) { - // safely ignored - } - } + if (altConn != null) { + try { + altConn.disconnect(); + } catch (LDAPException e) { + // safely ignored + } + } } return; } /** - * unpublish a user certificate deletes the certificate from the list of - * certificates. does not check if certificate is already there. + * unpublish a user certificate + * deletes the certificate from the list of certificates. + * does not check if certificate is already there. */ public void unpublish(LDAPConnection conn, String dn, Object certObj) - throws ELdapException { + throws ELdapException { boolean disableUnpublish = false; try { @@ -243,8 +239,8 @@ public class LdapUserCertPublisher implements ILdapPublisher, } if (disableUnpublish) { - CMS.debug("UserCertPublisher: disable unpublish"); - return; + CMS.debug("UserCertPublisher: disable unpublish"); + return; } if (!(certObj instanceof X509Certificate)) @@ -256,7 +252,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, byte[] certEnc = cert.getEncoded(); // check if cert already deleted. - LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, + LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", new String[] { mCertAttr }, false); LDAPEntry entry = res.next(); @@ -265,30 +261,23 @@ public class LdapUserCertPublisher implements ILdapPublisher, return; } - LDAPModification mod = new LDAPModification( - LDAPModification.DELETE, new LDAPAttribute(mCertAttr, - certEnc)); + LDAPModification mod = new LDAPModification(LDAPModification.DELETE, + new LDAPAttribute(mCertAttr, certEnc)); - conn.modify(dn, mod); + conn.modify(dn, mod); } catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString())); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage( - "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" - + conn.getPort())); + CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR")); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_UNPUBLISH_USERCERT_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR")); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_USERCERT_ERROR", e.toString())); } } return; @@ -296,7 +285,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "LdapUserCertPublisher: " + msg); + "LdapUserCertPublisher: " + msg); } /** diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java index e6ebf34a..ad37a666 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; + import java.io.DataInputStream; import java.io.IOException; import java.io.OutputStream; @@ -41,9 +42,11 @@ import com.netscape.certsrv.publish.ILdapPublisher; import com.netscape.cmsutil.http.HttpRequest; import com.netscape.cmsutil.http.JssSSLSocketFactory; -/** - * This publisher writes certificate and CRL into a directory. - * + +/** + * This publisher writes certificate and CRL into + * a directory. + * * @version $Revision$, $Date$ */ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { @@ -80,14 +83,13 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { PROP_HOST + ";string;Host of CMS's OCSP Secure agent service", PROP_PORT + ";string;Port of CMS's OCSP Secure agent service", PROP_PATH + ";string;URI of CMS's OCSP Secure agent service", - PROP_NICK - + ";string;Nickname of cert used for client authentication", - PROP_CLIENT_AUTH_ENABLE - + ";boolean;Client Authentication enabled", - IExtendedPluginInfo.HELP_TOKEN - + ";configuration-ldappublish-publisher-ocsppublisher", - IExtendedPluginInfo.HELP_TEXT - + ";Publishes CRLs to a Online Certificate Status Manager, an OCSP responder provided by CMS." }; + PROP_NICK + ";string;Nickname of cert used for client authentication", + PROP_CLIENT_AUTH_ENABLE + ";boolean;Client Authentication enabled", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ldappublish-publisher-ocsppublisher", + IExtendedPluginInfo.HELP_TEXT + + ";Publishes CRLs to a Online Certificate Status Manager, an OCSP responder provided by CMS." + }; return params; } @@ -143,12 +145,12 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { try { nickname = config.getString("ca.subsystem.nickname", ""); String tokenname = config.getString("ca.subsystem.tokenname", ""); - if (!tokenname.equals("internal") - && !tokenname.equals("Internal Key Storage Token")) - nickname = tokenname + ":" + nickname; + if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) + nickname = tokenname+":"+nickname; } catch (Exception e) { } + v.addElement(PROP_HOST + "="); v.addElement(PROP_PORT + "="); v.addElement(PROP_PATH + "=/ocsp/agent/ocsp/addCRL"); @@ -167,8 +169,7 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { mPort = mConfig.getString(PROP_PORT, ""); mPath = mConfig.getString(PROP_PATH, ""); mNickname = mConfig.getString(PROP_NICK, ""); - mClientAuthEnabled = mConfig.getBoolean(PROP_CLIENT_AUTH_ENABLE, - true); + mClientAuthEnabled = mConfig.getBoolean(PROP_CLIENT_AUTH_ENABLE, true); } catch (EBaseException e) { } } @@ -177,43 +178,45 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { return mConfig; } - protected Socket Connect(String host, boolean secure, - JssSSLSocketFactory factory) { - Socket socket = null; - StringTokenizer st = new StringTokenizer(host, " "); - while (st.hasMoreTokens()) { - String hp = st.nextToken(); // host:port - StringTokenizer st1 = new StringTokenizer(hp, ":"); - String h = st1.nextToken(); - int p = Integer.parseInt(st1.nextToken()); - try { - if (secure) { - socket = factory.makeSocket(h, p); - } else { - socket = new Socket(h, p); - } - return socket; - } catch (Exception e) { - } - try { - Thread.sleep(5000); // 5 seconds delay - } catch (Exception e) { - } - } - return null; + protected Socket Connect(String host, boolean secure, JssSSLSocketFactory factory) + { + Socket socket = null; + StringTokenizer st = new StringTokenizer(host, " "); + while (st.hasMoreTokens()) { + String hp = st.nextToken(); // host:port + StringTokenizer st1 = new StringTokenizer(hp, ":"); + String h = st1.nextToken(); + int p = Integer.parseInt(st1.nextToken()); + try { + if (secure) { + socket = factory.makeSocket(h, p); + } else { + socket = new Socket(h, p); + } + return socket; + } catch (Exception e) { + } + try { + Thread.sleep(5000); // 5 seconds delay + } catch (Exception e) { + } + } + return null; } /** * Publishs a object to the ldap directory. * - * @param conn a Ldap connection (null if LDAP publishing is not enabled) - * @param dn dn of the ldap entry to publish cert (null if LDAP publishing - * is not enabled) - * @param object object to publish (java.security.cert.X509Certificate or, - * java.security.cert.X509CRL) + * @param conn a Ldap connection + * (null if LDAP publishing is not enabled) + * @param dn dn of the ldap entry to publish cert + * (null if LDAP publishing is not enabled) + * @param object object to publish + * (java.security.cert.X509Certificate or, + * java.security.cert.X509CRL) */ - public synchronized void publish(LDAPConnection conn, String dn, - Object object) throws ELdapException { + public synchronized void publish(LDAPConnection conn, String dn, Object object) + throws ELdapException { try { if (!(object instanceof X509CRL)) return; @@ -223,24 +226,24 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { // open the connection and prepare it to POST boolean secure = true; - + String host = mHost; int port = Integer.parseInt(mPort); String path = mPath; - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_INFO, - "OCSPPublisher: " + "Host='" + host + "' Port='" + port - + "' URL='" + path + "'"); - CMS.debug("OCSPPublisher: " + "Host='" + host + "' Port='" + port - + "' URL='" + path + "'"); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_INFO, "OCSPPublisher: " + + "Host='" + host + "' Port='" + port + + "' URL='" + path + "'"); + CMS.debug("OCSPPublisher: " + + "Host='" + host + "' Port='" + port + + "' URL='" + path + "'"); StringBuffer query = new StringBuffer(); query.append("crl="); - query.append(URLEncoder - .encode("-----BEGIN CERTIFICATE REVOCATION LIST-----\n")); + query.append(URLEncoder.encode("-----BEGIN CERTIFICATE REVOCATION LIST-----\n")); query.append(URLEncoder.encode(CMS.BtoA(crl.getEncoded()))); - query.append(URLEncoder - .encode("\n-----END CERTIFICATE REVOCATION LIST-----")); + query.append(URLEncoder.encode("\n-----END CERTIFICATE REVOCATION LIST-----")); query.append("&noui=true"); Socket socket = null; @@ -253,23 +256,23 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { } if (mHost != null && mHost.indexOf(' ') != -1) { - // support failover hosts configuration - // host parameter can be - // "directory.knowledge.com:1050 people.catalog.com 199.254.1.2" - do { - socket = Connect(mHost, secure, factory); - } while (socket == null); + // support failover hosts configuration + // host parameter can be + // "directory.knowledge.com:1050 people.catalog.com 199.254.1.2" + do { + socket = Connect(mHost, secure, factory); + } while (socket == null); } else { - if (secure) { - socket = factory.makeSocket(host, port); - } else { - socket = new Socket(host, port); - } + if (secure) { + socket = factory.makeSocket(host, port); + } else { + socket = new Socket(host, port); + } } - if (socket == null) { - CMS.debug("OCSPPublisher::publish() - socket is null!"); - throw new ELdapException("socket is null"); + if( socket == null ) { + CMS.debug( "OCSPPublisher::publish() - socket is null!" ); + throw new ELdapException( "socket is null" ); } // use HttpRequest and POST @@ -280,28 +283,26 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { httpReq.setHeader("Connection", "Keep-Alive"); httpReq.setHeader("Content-Type", - "application/x-www-form-urlencoded"); + "application/x-www-form-urlencoded"); httpReq.setHeader("Content-Transfer-Encoding", "7bit"); - httpReq.setHeader("Content-Length", - Integer.toString(query.length())); + httpReq.setHeader("Content-Length", + Integer.toString(query.length())); httpReq.setContent(query.toString()); OutputStream os = socket.getOutputStream(); - OutputStreamWriter outputStreamWriter = new OutputStreamWriter(os, - "UTF8"); + OutputStreamWriter outputStreamWriter = new OutputStreamWriter(os, "UTF8"); - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_INFO, - "OCSPPublisher: start sending CRL"); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_INFO, "OCSPPublisher: start sending CRL"); long startTime = CMS.getCurrentDate().getTime(); CMS.debug("OCSPPublisher: start CRL sending startTime=" + startTime); httpReq.write(outputStreamWriter); long endTime = CMS.getCurrentDate().getTime(); - CMS.debug("OCSPPublisher: done CRL sending endTime=" + endTime - + " diff=" + (endTime - startTime)); + CMS.debug("OCSPPublisher: done CRL sending endTime=" + endTime + " diff=" + (endTime - startTime)); // Read the response - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_INFO, - "OCSPPublisher: start getting response"); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_INFO, "OCSPPublisher: start getting response"); DataInputStream dis = new DataInputStream(socket.getInputStream()); String nextline; String line = ""; @@ -320,50 +321,40 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { } dis.close(); if (status) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_INFO, "OCSPPublisher: successful"); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_INFO, "OCSPPublisher: successful"); } else { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_INFO, "OCSPPublisher: failed - " + error); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_INFO, "OCSPPublisher: failed - " + error); } - + } catch (IOException e) { CMS.debug("OCSPPublisher: publish failed " + e.toString()); - mLogger.log( - ILogger.EV_SYSTEM, - ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", - e.toString())); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString())); } catch (CRLException e) { CMS.debug("OCSPPublisher: publish failed " + e.toString()); - mLogger.log( - ILogger.EV_SYSTEM, - ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", - e.toString())); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString())); } catch (Exception e) { CMS.debug("OCSPPublisher: publish failed " + e.toString()); - mLogger.log( - ILogger.EV_SYSTEM, - ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", - e.toString())); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString())); } } /** * Unpublishs a object to the ldap directory. - * - * @param conn the Ldap connection (null if LDAP publishing is not enabled) - * @param dn dn of the ldap entry to unpublish cert (null if LDAP publishing - * is not enabled) - * @param object object to unpublish (java.security.cert.X509Certificate) + * + * @param conn the Ldap connection + * (null if LDAP publishing is not enabled) + * @param dn dn of the ldap entry to unpublish cert + * (null if LDAP publishing is not enabled) + * @param object object to unpublish + * (java.security.cert.X509Certificate) */ public void unpublish(LDAPConnection conn, String dn, Object object) - throws ELdapException { + throws ELdapException { // NOT USED } } diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/Utils.java b/pki/base/common/src/com/netscape/cms/publish/publishers/Utils.java index 3abc0a44..d5717aad 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/Utils.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/Utils.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.publish.publishers; + import java.io.BufferedReader; import java.io.IOException; import java.io.InputStream; @@ -28,9 +29,10 @@ import java.text.SimpleDateFormat; import java.util.Date; import java.util.Vector; + /** * Publisher utility class. - * + * * @version $Revision$, $Date$ */ public class Utils { @@ -38,8 +40,7 @@ public class Utils { InetAddress addr = InetAddress.getByName(hostname); } - public static void copyStream(InputStream in, OutputStream out) - throws IOException { + public static void copyStream(InputStream in, OutputStream out) throws IOException { byte[] buf = new byte[4096]; int len; @@ -48,8 +49,7 @@ public class Utils { } } - public static void copyStream(BufferedReader in, OutputStreamWriter out) - throws IOException { + public static void copyStream(BufferedReader in, OutputStreamWriter out) throws IOException { char[] buf = new char[4096]; int len; @@ -58,8 +58,8 @@ public class Utils { } } - // / Sorts an array of Strings. - // Java currently has no general sort function. Sorting Strings is + /// Sorts an array of Strings. + // Java currently has no general sort function. Sorting Strings is // common enough that it's worth making a special case. public static void sortStrings(String[] strings) { // Just does a bubblesort. @@ -75,8 +75,8 @@ public class Utils { } } - // / Returns a date string formatted in Unix ls style - if it's within - // six months of now, Mmm dd hh:ss, else Mmm dd yyyy. + /// Returns a date string formatted in Unix ls style - if it's within + // six months of now, Mmm dd hh:ss, else Mmm dd yyyy. public static String lsDateStr(Date date) { long dateTime = date.getTime(); @@ -104,10 +104,9 @@ public class Utils { } return true; } - + /** * strips out double quotes around String parameter - * * @param s the string potentially bracketed with double quotes * @return string stripped of surrounding double quotes */ @@ -124,8 +123,9 @@ public class Utils { } /** - * returns an array of strings from a vector of Strings there'll be trouble - * if the Vector contains something other than just Strings + * returns an array of strings from a vector of Strings + * there'll be trouble if the Vector contains something other + * than just Strings */ public static String[] getStringArrayFromVector(Vector v) { String s[] = new String[v.size()]; |