1 files changed, 56 insertions, 74 deletions

diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java b/pki/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java
index 95ddada8..88dc7296 100644
--- a/pki/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java
+++ b/pki/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java
@@ -17,6 +17,7 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.authentication;
 
+
 import netscape.ldap.LDAPConnection;
 import netscape.ldap.LDAPEntry;
 import netscape.ldap.LDAPException;
@@ -42,12 +43,13 @@ import com.netscape.cmscore.ldapconn.LdapConnInfo;
 import com.netscape.cmscore.usrgrp.UGSubsystem;
 import com.netscape.cmscore.util.Debug;
 
+
 /**
- * Certificate Server admin authentication. Used to authenticate administrators
- * in the Certificate Server Console. Authentications by checking the uid and
- * password against the database.
+ * Certificate Server admin authentication. 
+ * Used to authenticate administrators in the Certificate Server Console.
+ * Authentications by checking the uid and password against the 
+ * database.
  * <P>
- * 
  * @author lhsiao, cfu
  * @version $Revision$, $Date$
  */
@@ -79,16 +81,15 @@ public class PasswdUserDBAuthentication implements IAuthManager {
     /**
      * initializes the PasswdUserDBAuthentication auth manager
      * <p>
-     * called by AuthSubsystem init() method, when initializing all available
-     * authentication managers.
-     * 
+     * called by AuthSubsystem init() method, when initializing
+     * all available authentication managers.
      * @param name - Name assigned to this authentication manager instance.
      * @param implName - Name of the authentication plugin.
-     * @param config - The configuration store used by the authentication
-     *            subsystem.
+     * @param config - The configuration store used by the
+     *	 authentication subsystem.
      */
     public void init(String name, String implName, IConfigStore config)
-            throws EBaseException {
+        throws EBaseException {
         mName = name;
         mImplName = implName;
         mConfig = config;
@@ -100,8 +101,7 @@ public class PasswdUserDBAuthentication implements IAuthManager {
             return;
 
         mBaseDN = dbs.getBaseDN();
-        mConnFactory = new LdapBoundConnFactory(3, 20, ldapinfo,
-                dbs.getLdapAuthInfo());
+        mConnFactory = new LdapBoundConnFactory(3, 20, ldapinfo, dbs.getLdapAuthInfo());
         mAnonConnFactory = new LdapAnonConnFactory(3, 20, ldapinfo);
 
         log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_AUTH_INIT_AUTH", mName));
@@ -110,47 +110,40 @@ public class PasswdUserDBAuthentication implements IAuthManager {
     /**
      * authenticates administratrators by LDAP uid/pwd
      * <p>
-     * called by other subsystems or their servlets to authenticate
-     * administrators
-     * 
-     * @param authCred Authentication credentials. "uid" and "pwd" are required.
+     * called by other subsystems or their servlets to authenticate administrators
+     * @param authCred Authentication credentials. 
+     *          "uid" and "pwd" are required.
      * @return the authentication token (authToken) that contains the following
-     *         userdn = [userdn, in case of success]<br>
-     *         authMgrName = [authMgrName]<br>
-     * @exception com.netscape.certsrv.base.MissingCredential If either "uid" or
-     *                "pwd" is missing from the given credentials.
-     * @exception com.netscape.certsrv.base.InvalidCredentials If the the
-     *                credentials failed to authenticate.
-     * @exception com.netscape.certsrv.base.EBaseException If an internal error
-     *                occurred.
+     *        userdn = [userdn, in case of success]<br>
+     *        authMgrName = [authMgrName]<br>
+     * @exception com.netscape.certsrv.base.MissingCredential If either 
+     *          "uid" or "pwd" is missing from the given credentials.
+     * @exception com.netscape.certsrv.base.InvalidCredentials If the 
+     *          the credentials failed to authenticate.
+     * @exception com.netscape.certsrv.base.EBaseException If an internal 
+     *          error occurred.
      */
     public IAuthToken authenticate(IAuthCredentials authCred)
-            throws EMissingCredential, EInvalidCredentials, EBaseException {
+        throws EMissingCredential, EInvalidCredentials, EBaseException {
         AuthToken authToken = new AuthToken(this);
 
-        // make sure the required credentials are provided
+        // make sure the required credentials are provided 
         String uid = (String) authCred.get(CRED_UID);
         CMS.debug("Authentication: UID=" + uid);
         if (uid == null) {
-            log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSCORE_AUTH_MISSING_UID"));
-            throw new EMissingCredential(CMS.getUserMessage(
-                    "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID));
+            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_MISSING_UID"));
+            throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID));
         }
         String pwd = (String) authCred.get(CRED_PWD);
 
         if (pwd == null) {
-            log(ILogger.LL_SECURITY,
-                    CMS.getLogMessage("CMSCORE_AUTH_ADMIN_NULL_PW", uid));
-            throw new EMissingCredential(CMS.getUserMessage(
-                    "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_PWD));
+            log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSCORE_AUTH_ADMIN_NULL_PW", uid));
+            throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_PWD));
         }
         // don't allow anonymous binding
         if (pwd == "") {
-            log(ILogger.LL_SECURITY,
-                    CMS.getLogMessage("CMSCORE_AUTH_ADMIN_EMPTY_PW", uid));
-            throw new EInvalidCredentials(
-                    CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+            log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSCORE_AUTH_ADMIN_EMPTY_PW", uid));
+            throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
         }
 
         String userdn = null;
@@ -160,8 +153,8 @@ public class PasswdUserDBAuthentication implements IAuthManager {
         try {
             conn = mConnFactory.getConn();
             // do anonymous search for the user's dn.
-            LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB,
-                    "(uid=" + uid + ")", null, false);
+            LDAPSearchResults res = conn.search(mBaseDN,
+                    LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", null, false);
 
             if (res.hasMoreElements()) {
                 LDAPEntry entry = (LDAPEntry) res.nextElement();
@@ -169,49 +162,41 @@ public class PasswdUserDBAuthentication implements IAuthManager {
                 userdn = entry.getDN();
             }
             if (userdn == null) {
-                log(ILogger.LL_SECURITY,
-                        CMS.getLogMessage("CMSCORE_AUTH_ADMIN_NOT_FOUND", uid));
-                throw new EInvalidCredentials(
-                        CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+                log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSCORE_AUTH_ADMIN_NOT_FOUND", uid));
+                throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
             }
             anonConn = mAnonConnFactory.getConn();
             anonConn.authenticate(userdn, pwd);
         } catch (LDAPException e) {
-            log(ILogger.LL_SECURITY,
-                    CMS.getLogMessage("CMSCORE_AUTH_AUTH_FAILED", uid,
-                            e.toString()));
-            throw new EInvalidCredentials(
-                    CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+            log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSCORE_AUTH_AUTH_FAILED", uid, e.toString()));
+            throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
         } finally {
-            if (conn != null)
+            if (conn != null) 
                 mConnFactory.returnConn(conn);
-            if (anonConn != null)
+            if (anonConn != null) 
                 mAnonConnFactory.returnConn(anonConn);
         }
 
         UGSubsystem ug = UGSubsystem.getInstance();
 
         authToken.set(TOKEN_USERDN, userdn);
-        authToken.set(CRED_UID, uid); // return original uid for info
+        authToken.set(CRED_UID, uid);  // return original uid for info
 
         IUser user = null;
 
         try {
             user = ug.getUser(uid);
         } catch (EBaseException e) {
-            if (Debug.ON)
+            if (Debug.ON) 
                 e.printStackTrace();
-            // not a user in our user/group database.
-            log(ILogger.LL_SECURITY,
-                    CMS.getLogMessage("CMSCORE_AUTH_UID_NOT_FOUND", uid,
-                            e.toString()));
-            throw new EInvalidCredentials(
-                    CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+                // not a user in our user/group database.
+            log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSCORE_AUTH_UID_NOT_FOUND", uid, e.toString()));
+            throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
         }
         authToken.set(TOKEN_USERDN, user.getUserDN());
         authToken.set(TOKEN_USERID, user.getUserID());
         log(ILogger.LL_INFO, CMS.getLogMessage("CMS_AUTH_AUTHENTICATED", uid));
-
+		
         return authToken;
     }
 
@@ -230,11 +215,10 @@ public class PasswdUserDBAuthentication implements IAuthManager {
     }
 
     /**
-     * get the list of authentication credential attribute names required by
-     * this authentication manager. Generally used by servlets that use this
-     * authentication manager, to retrieve required credentials from the user
-     * (e.g. Javascript form data)
-     * 
+     * get the list of authentication credential attribute names
+     *	 required by this authentication manager.  Generally used by
+     *	 servlets that use this authentication manager, to retrieve
+     *	 required credentials from the user (e.g. Javascript form data)
      * @return attribute names in Vector
      */
     public String[] getRequiredCreds() {
@@ -242,10 +226,9 @@ public class PasswdUserDBAuthentication implements IAuthManager {
     }
 
     /**
-     * Get the list of configuration parameter names required by this
-     * authentication manager. In this case, an empty list.
-     * 
-     * @return String array of configuration parameters.
+     * Get the list of configuration parameter names
+     * required by this authentication manager.  In this case, an empty list.
+     * @return String array of configuration parameters. 
      */
     public String[] getConfigParams() {
         return (mConfigParams);
@@ -265,8 +248,8 @@ public class PasswdUserDBAuthentication implements IAuthManager {
     }
 
     /**
-     * gets the configuretion substore used by this authentication manager
-     * 
+     * gets the configuretion substore used by this authentication
+     *  manager
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
@@ -275,14 +258,13 @@ public class PasswdUserDBAuthentication implements IAuthManager {
 
     /**
      * Log a message.
-     * 
      * @param level The logging level.
      * @param msg The message to log.
      */
     private void log(int level, String msg) {
         if (mLogger == null)
             return;
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, level,
-                msg);
+        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
+            level, msg);
     }
 }