diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/dbs/KeyRepository.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cmscore/dbs/KeyRepository.java | 255 |
1 files changed, 130 insertions, 125 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/KeyRepository.java b/pki/base/common/src/com/netscape/cmscore/dbs/KeyRepository.java index f684718c..fc2d2c10 100644 --- a/pki/base/common/src/com/netscape/cmscore/dbs/KeyRepository.java +++ b/pki/base/common/src/com/netscape/cmscore/dbs/KeyRepository.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.dbs; - import java.math.BigInteger; import java.security.PublicKey; import java.util.Date; @@ -39,12 +38,11 @@ import com.netscape.certsrv.dbs.keydb.IKeyRecordList; import com.netscape.certsrv.dbs.keydb.IKeyRepository; import com.netscape.certsrv.dbs.repository.IRepository; - /** * A class represents a Key repository. This is the container of * archived keys. * <P> - * + * * @author thomask * @version $Revision$, $Date$ */ @@ -62,12 +60,12 @@ public class KeyRepository extends Repository implements IKeyRepository { * Constructs a key repository. It checks if the key repository * does exist. If not, it creates the repository. * <P> - * + * * @param service db service * @exception EBaseException failed to setup key repository */ public KeyRepository(IDBSubsystem service, int increment, String baseDN) - throws EDBException { + throws EDBException { super(service, increment, baseDN); mBaseDN = baseDN; mDBService = service; @@ -81,55 +79,55 @@ public class KeyRepository extends Repository implements IKeyRepository { if (!reg.isObjectClassRegistered(KeyRecord.class.getName())) { reg.registerObjectClass(KeyRecord.class.getName(), - keyRecordOC); + keyRecordOC); } if (!reg.isAttributeRegistered(KeyRecord.ATTR_ID)) { reg.registerAttribute(KeyRecord.ATTR_ID, new - BigIntegerMapper(KeyDBSchema.LDAP_ATTR_SERIALNO)); + BigIntegerMapper(KeyDBSchema.LDAP_ATTR_SERIALNO)); } if (!reg.isAttributeRegistered(KeyRecord.ATTR_ALGORITHM)) { reg.registerAttribute(KeyRecord.ATTR_ALGORITHM, new - StringMapper(KeyDBSchema.LDAP_ATTR_ALGORITHM)); + StringMapper(KeyDBSchema.LDAP_ATTR_ALGORITHM)); } if (!reg.isAttributeRegistered(KeyRecord.ATTR_STATE)) { reg.registerAttribute(KeyRecord.ATTR_STATE, new - KeyStateMapper(KeyDBSchema.LDAP_ATTR_STATE)); + KeyStateMapper(KeyDBSchema.LDAP_ATTR_STATE)); } if (!reg.isAttributeRegistered(KeyRecord.ATTR_KEY_SIZE)) { reg.registerAttribute(KeyRecord.ATTR_KEY_SIZE, new - IntegerMapper(KeyDBSchema.LDAP_ATTR_KEY_SIZE)); + IntegerMapper(KeyDBSchema.LDAP_ATTR_KEY_SIZE)); } if (!reg.isAttributeRegistered(KeyRecord.ATTR_OWNER_NAME)) { reg.registerAttribute(KeyRecord.ATTR_OWNER_NAME, new - StringMapper(KeyDBSchema.LDAP_ATTR_OWNER_NAME)); + StringMapper(KeyDBSchema.LDAP_ATTR_OWNER_NAME)); } if (!reg.isAttributeRegistered(KeyRecord.ATTR_PRIVATE_KEY_DATA)) { reg.registerAttribute(KeyRecord.ATTR_PRIVATE_KEY_DATA, new - ByteArrayMapper(KeyDBSchema.LDAP_ATTR_PRIVATE_KEY_DATA)); + ByteArrayMapper(KeyDBSchema.LDAP_ATTR_PRIVATE_KEY_DATA)); } if (!reg.isAttributeRegistered(KeyRecord.ATTR_PUBLIC_KEY_DATA)) { reg.registerAttribute(KeyRecord.ATTR_PUBLIC_KEY_DATA, new - PublicKeyMapper(KeyDBSchema.LDAP_ATTR_PUBLIC_KEY_DATA)); + PublicKeyMapper(KeyDBSchema.LDAP_ATTR_PUBLIC_KEY_DATA)); } if (!reg.isAttributeRegistered(KeyRecord.ATTR_DATE_OF_RECOVERY)) { reg.registerAttribute(KeyRecord.ATTR_DATE_OF_RECOVERY, new - DateArrayMapper(KeyDBSchema.LDAP_ATTR_DATE_OF_RECOVERY)); + DateArrayMapper(KeyDBSchema.LDAP_ATTR_DATE_OF_RECOVERY)); } if (!reg.isAttributeRegistered(KeyRecord.ATTR_CREATE_TIME)) { reg.registerAttribute(KeyRecord.ATTR_CREATE_TIME, new - DateMapper(KeyDBSchema.LDAP_ATTR_CREATE_TIME)); + DateMapper(KeyDBSchema.LDAP_ATTR_CREATE_TIME)); } if (!reg.isAttributeRegistered(KeyRecord.ATTR_MODIFY_TIME)) { reg.registerAttribute(KeyRecord.ATTR_MODIFY_TIME, new - DateMapper(KeyDBSchema.LDAP_ATTR_MODIFY_TIME)); + DateMapper(KeyDBSchema.LDAP_ATTR_MODIFY_TIME)); } if (!reg.isAttributeRegistered(KeyRecord.ATTR_META_INFO)) { reg.registerAttribute(KeyRecord.ATTR_META_INFO, new - MetaInfoMapper(KeyDBSchema.LDAP_ATTR_META_INFO)); + MetaInfoMapper(KeyDBSchema.LDAP_ATTR_META_INFO)); } if (!reg.isAttributeRegistered(KeyRecord.ATTR_ARCHIVED_BY)) { reg.registerAttribute(KeyRecord.ATTR_ARCHIVED_BY, new - StringMapper(KeyDBSchema.LDAP_ATTR_ARCHIVED_BY)); + StringMapper(KeyDBSchema.LDAP_ATTR_ARCHIVED_BY)); } } @@ -147,7 +145,7 @@ public class KeyRepository extends Repository implements IKeyRepository { CMS.debug("In setKeyStatusUpdateInterval mKeyStatusUpdateThread " + mKeyStatusUpdateThread); if (mKeyStatusUpdateThread == null) { CMS.debug("In setKeyStatusUpdateInterval about to create KeyStatusUpdateThread "); - mKeyStatusUpdateThread = new KeyStatusUpdateThread(this, requestRepo, "KeyStatusUpdateThread"); + mKeyStatusUpdateThread = new KeyStatusUpdateThread(this, requestRepo, "KeyStatusUpdateThread"); mKeyStatusUpdateThread.setInterval(interval); mKeyStatusUpdateThread.start(); } else { @@ -171,15 +169,14 @@ public class KeyRepository extends Repository implements IKeyRepository { /** * Removes all objects with this repository. */ - public void removeAllObjects() throws EBaseException - { + public void removeAllObjects() throws EBaseException { String filter = "(" + KeyRecord.ATTR_OWNER_NAME + "=*" + ")"; IKeyRecordList list = findKeyRecordsInList(filter, null, "serialno", 10); int size = list.getSize(); Enumeration<IKeyRecord> e = list.getKeyRecords(0, size - 1); while (e.hasMoreElements()) { - IKeyRecord rec = e.nextElement(); + IKeyRecord rec = e.nextElement(); deleteKeyRecord(rec.getSerialNumber()); } } @@ -187,7 +184,7 @@ public class KeyRepository extends Repository implements IKeyRepository { /** * Archives a key to the repository. * <P> - * + * * @param record key record * @exception EBaseException failed to archive key */ @@ -196,34 +193,38 @@ public class KeyRepository extends Repository implements IKeyRepository { try { String name = "cn" + "=" + - ((KeyRecord) record).getSerialNumber().toString() + "," + getDN(); + ((KeyRecord) record).getSerialNumber().toString() + "," + getDN(); - if (s != null) s.add(name, (KeyRecord) record); - } finally { - if (s != null) s.close(); + if (s != null) + s.add(name, (KeyRecord) record); + } finally { + if (s != null) + s.close(); } } /** * Recovers an archived key by serial number. * <P> - * + * * @param serialNo serial number * @return key record * @exception EBaseException failed to recover key */ public IKeyRecord readKeyRecord(BigInteger serialNo) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); KeyRecord rec = null; try { String name = "cn" + "=" + - serialNo.toString() + "," + getDN(); + serialNo.toString() + "," + getDN(); - if (s != null) rec = (KeyRecord) s.read(name); - } finally { - if (s != null) s.close(); + if (s != null) + rec = (KeyRecord) s.read(name); + } finally { + if (s != null) + s.close(); } return rec; } @@ -231,26 +232,27 @@ public class KeyRepository extends Repository implements IKeyRepository { /** * Recovers an archived key by owner name. * <P> - * + * * @param ownerName owner name * @return key record * @exception EBaseException failed to recover key */ public IKeyRecord readKeyRecord(X500Name ownerName) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); KeyRecord keyRec = null; try { if (ownerName != null) { String filter = "(" + KeyRecord.ATTR_OWNER_NAME + "=" + - ownerName.toString() + ")"; + ownerName.toString() + ")"; IDBSearchResults res = s.search(getDN(), filter); keyRec = (KeyRecord) res.nextElement(); - } - } finally { - if (s != null) s.close(); + } + } finally { + if (s != null) + s.close(); } return keyRec; } @@ -259,7 +261,7 @@ public class KeyRepository extends Repository implements IKeyRepository { * Recovers archived key using public key. */ public IKeyRecord readKeyRecord(PublicKey publicKey) - throws EBaseException { + throws EBaseException { // XXX - setup binary search attributes byte data[] = publicKey.getEncoded(); @@ -270,39 +272,40 @@ public class KeyRepository extends Repository implements IKeyRepository { try { String filter = "(" + KeyRecord.ATTR_PUBLIC_KEY_DATA + "=" + - escapeBinaryData(data) + ")"; - if( s != null ) { + escapeBinaryData(data) + ")"; + if (s != null) { IDBSearchResults res = s.search(getDN(), filter); rec = (KeyRecord) res.nextElement(); } - } finally { - if (s != null) s.close(); + } finally { + if (s != null) + s.close(); } return rec; } - /** * Recovers archived key using b64 encoded cert */ public IKeyRecord readKeyRecord(String cert) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); KeyRecord rec = null; try { - String filter = "(publicKey=x509cert#\"" +cert+"\")"; -CMS.debug("filter= " + filter); + String filter = "(publicKey=x509cert#\"" + cert + "\")"; + CMS.debug("filter= " + filter); - if( s != null ) { + if (s != null) { IDBSearchResults res = s.search(getDN(), filter); rec = (KeyRecord) res.nextElement(); } - } finally { - if (s != null) s.close(); + } finally { + if (s != null) + s.close(); } return rec; } @@ -311,32 +314,36 @@ CMS.debug("filter= " + filter); * Modifies key record. */ public void modifyKeyRecord(BigInteger serialNo, ModificationSet mods) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); try { String name = "cn" + "=" + - serialNo.toString() + "," + getDN(); + serialNo.toString() + "," + getDN(); mods.add(KeyRecord.ATTR_MODIFY_TIME, Modification.MOD_REPLACE, - new Date()); - if (s != null) s.modify(name, mods); - } finally { - if (s != null) s.close(); + new Date()); + if (s != null) + s.modify(name, mods); + } finally { + if (s != null) + s.close(); } } public void deleteKeyRecord(BigInteger serialNo) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); try { String name = "cn" + "=" + - serialNo.toString() + "," + getDN(); + serialNo.toString() + "," + getDN(); - if (s != null) s.delete(name); - } finally { - if (s != null) s.close(); + if (s != null) + s.delete(name); + } finally { + if (s != null) + s.close(); } } @@ -353,7 +360,7 @@ CMS.debug("filter= " + filter); } public Enumeration<Object> searchKeys(String filter, int maxSize) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration<Object> e = null; @@ -367,7 +374,7 @@ CMS.debug("filter= " + filter); } public Enumeration<Object> searchKeys(String filter, int maxSize, int timeLimit) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration<Object> e = null; @@ -384,14 +391,14 @@ CMS.debug("filter= " + filter); * Retrieves key record list. */ public IKeyRecordList findKeyRecordsInList(String filter, - String attrs[], int pageSize) throws EBaseException { + String attrs[], int pageSize) throws EBaseException { return findKeyRecordsInList(filter, attrs, IKeyRecord.ATTR_ID, - pageSize); + pageSize); } public IKeyRecordList findKeyRecordsInList(String filter, - String attrs[], String sortKey, int pageSize) - throws EBaseException { + String attrs[], String sortKey, int pageSize) + throws EBaseException { IDBSSession s = mDBService.createSession(); IKeyRecordList list = null; @@ -399,18 +406,19 @@ CMS.debug("filter= " + filter); if (s != null) { list = new KeyRecordList( s.createVirtualList(getDN(), "(&(objectclass=" + - KeyRecord.class.getName() + ")" + filter + ")", - attrs, sortKey, pageSize)); + KeyRecord.class.getName() + ")" + filter + ")", + attrs, sortKey, pageSize)); } - } finally { - if (s != null) s.close(); + } finally { + if (s != null) + s.close(); } return list; } public IKeyRecordList findKeyRecordsInList(String filter, - String attrs[],String jumpTo, String sortKey, int pageSize) - throws EBaseException { + String attrs[], String jumpTo, String sortKey, int pageSize) + throws EBaseException { IDBSSession s = mDBService.createSession(); IKeyRecordList list = null; @@ -419,86 +427,85 @@ CMS.debug("filter= " + filter); String jumpToVal = null; if (len > 9) { - jumpToVal = Integer.toString(len) + jumpTo; - } else { - jumpToVal = "0" + Integer.toString(len) + jumpTo; + jumpToVal = Integer.toString(len) + jumpTo; + } else { + jumpToVal = "0" + Integer.toString(len) + jumpTo; } try { if (s != null) { list = new KeyRecordList( s.createVirtualList(getDN(), "(&(objectclass=" + - KeyRecord.class.getName() + ")" + filter + ")", - attrs,jumpToVal, sortKey, pageSize)); + KeyRecord.class.getName() + ")" + filter + ")", + attrs, jumpToVal, sortKey, pageSize)); } } finally { - if (s != null) s.close(); + if (s != null) + s.close(); } return list; } - public BigInteger getLastSerialNumberInRange(BigInteger serial_low_bound, BigInteger serial_upper_bound) throws - EBaseException { + public BigInteger getLastSerialNumberInRange(BigInteger serial_low_bound, BigInteger serial_upper_bound) throws + EBaseException { - CMS.debug("KeyRepository: in getLastSerialNumberInRange: low " + serial_low_bound + " high " + serial_upper_bound); + CMS.debug("KeyRepository: in getLastSerialNumberInRange: low " + serial_low_bound + " high " + serial_upper_bound); - if(serial_low_bound == null || serial_upper_bound == null || serial_low_bound.compareTo(serial_upper_bound) >= 0) - { - return null; - } + if (serial_low_bound == null || serial_upper_bound == null || serial_low_bound.compareTo(serial_upper_bound) >= 0) { + return null; + } - String ldapfilter = "(" + "serialno" + "=*" + ")"; - String[] attrs = null; + String ldapfilter = "(" + "serialno" + "=*" + ")"; + String[] attrs = null; - KeyRecordList recList = (KeyRecordList) findKeyRecordsInList(ldapfilter,attrs,serial_upper_bound.toString(10),"serialno", 5 * -1); + KeyRecordList recList = (KeyRecordList) findKeyRecordsInList(ldapfilter, attrs, serial_upper_bound.toString(10), "serialno", 5 * -1); - int size = recList.getSize(); + int size = recList.getSize(); - CMS.debug("KeyRepository: getLastSerialNumberInRange: recList size " + size); + CMS.debug("KeyRepository: getLastSerialNumberInRange: recList size " + size); - if (size <= 0) { - CMS.debug("KeyRepository: getLastSerialNumberInRange: index may be empty"); + if (size <= 0) { + CMS.debug("KeyRepository: getLastSerialNumberInRange: index may be empty"); - BigInteger ret = new BigInteger(serial_low_bound.toString(10)); + BigInteger ret = new BigInteger(serial_low_bound.toString(10)); - ret = ret.add(new BigInteger("-1")); + ret = ret.add(new BigInteger("-1")); - CMS.debug("KeyRepository: getLastSerialNumberInRange returning: " + ret ); - return ret; - } - int ltSize = recList.getSizeBeforeJumpTo(); + CMS.debug("KeyRepository: getLastSerialNumberInRange returning: " + ret); + return ret; + } + int ltSize = recList.getSizeBeforeJumpTo(); - CMS.debug("KeyRepository:getLastSerialNumberInRange: ltSize " + ltSize); + CMS.debug("KeyRepository:getLastSerialNumberInRange: ltSize " + ltSize); - int i; - KeyRecord curRec = null; + int i; + KeyRecord curRec = null; - for (i = 0; i < 5; i++) { - curRec = (KeyRecord) recList.getKeyRecord(i); + for (i = 0; i < 5; i++) { + curRec = (KeyRecord) recList.getKeyRecord(i); - if (curRec != null) { + if (curRec != null) { - BigInteger serial = curRec.getSerialNumber(); + BigInteger serial = curRec.getSerialNumber(); - CMS.debug("KeyRepository: getLastCertRecordSerialNo: serialno " + serial); + CMS.debug("KeyRepository: getLastCertRecordSerialNo: serialno " + serial); - if( ((serial.compareTo(serial_low_bound) == 0) || (serial.compareTo(serial_low_bound) == 1) ) && - ((serial.compareTo(serial_upper_bound) == 0) || (serial.compareTo(serial_upper_bound) == -1) )) - { - CMS.debug("KeyRepository: getLastSerialNumberInRange returning: " + serial); - return serial; - } - } else { - CMS.debug("KeyRepository: getLastSerialNumberInRange:found null from getCertRecord"); - } - } + if (((serial.compareTo(serial_low_bound) == 0) || (serial.compareTo(serial_low_bound) == 1)) && + ((serial.compareTo(serial_upper_bound) == 0) || (serial.compareTo(serial_upper_bound) == -1))) { + CMS.debug("KeyRepository: getLastSerialNumberInRange returning: " + serial); + return serial; + } + } else { + CMS.debug("KeyRepository: getLastSerialNumberInRange:found null from getCertRecord"); + } + } - BigInteger ret = new BigInteger(serial_low_bound.toString(10)); + BigInteger ret = new BigInteger(serial_low_bound.toString(10)); - ret = ret.add(new BigInteger("-1")); + ret = ret.add(new BigInteger("-1")); - CMS.debug("KeyRepository: getLastSerialNumberInRange returning: " + ret ); - return ret ; + CMS.debug("KeyRepository: getLastSerialNumberInRange returning: " + ret); + return ret; } @@ -538,7 +545,7 @@ class KeyStatusUpdateThread extends Thread { CMS.debug("Starting key checkRanges"); _kr.checkRanges(); CMS.debug("key checkRanges done"); - + CMS.debug("Starting request checkRanges"); _rr.checkRanges(); CMS.debug("request checkRanges done"); @@ -553,5 +560,3 @@ class KeyStatusUpdateThread extends Thread { } } } - - |