diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/dbs/KeyRepository.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cmscore/dbs/KeyRepository.java | 335 |
1 files changed, 169 insertions, 166 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/KeyRepository.java b/pki/base/common/src/com/netscape/cmscore/dbs/KeyRepository.java index 6d4e4688..244824ca 100644 --- a/pki/base/common/src/com/netscape/cmscore/dbs/KeyRepository.java +++ b/pki/base/common/src/com/netscape/cmscore/dbs/KeyRepository.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.dbs; - import java.math.BigInteger; import java.security.PublicKey; import java.util.Date; @@ -40,12 +39,10 @@ import com.netscape.certsrv.dbs.keydb.IKeyRecordList; import com.netscape.certsrv.dbs.keydb.IKeyRepository; import com.netscape.certsrv.dbs.repository.IRepository; - /** - * A class represents a Key repository. This is the container of - * archived keys. + * A class represents a Key repository. This is the container of archived keys. * <P> - * + * * @author thomask * @version $Revision$, $Date$ */ @@ -60,15 +57,15 @@ public class KeyRepository extends Repository implements IKeyRepository { private String mBaseDN = null; /** - * Constructs a key repository. It checks if the key repository - * does exist. If not, it creates the repository. + * Constructs a key repository. It checks if the key repository does exist. + * If not, it creates the repository. * <P> - * + * * @param service db service * @exception EBaseException failed to setup key repository */ public KeyRepository(IDBSubsystem service, int increment, String baseDN) - throws EDBException { + throws EDBException { super(service, increment, baseDN); mBaseDN = baseDN; mDBService = service; @@ -81,56 +78,55 @@ public class KeyRepository extends Repository implements IKeyRepository { keyRecordOC[1] = KeyDBSchema.LDAP_OC_KEYRECORD; if (!reg.isObjectClassRegistered(KeyRecord.class.getName())) { - reg.registerObjectClass(KeyRecord.class.getName(), - keyRecordOC); + reg.registerObjectClass(KeyRecord.class.getName(), keyRecordOC); } if (!reg.isAttributeRegistered(KeyRecord.ATTR_ID)) { - reg.registerAttribute(KeyRecord.ATTR_ID, new - BigIntegerMapper(KeyDBSchema.LDAP_ATTR_SERIALNO)); + reg.registerAttribute(KeyRecord.ATTR_ID, new BigIntegerMapper( + KeyDBSchema.LDAP_ATTR_SERIALNO)); } if (!reg.isAttributeRegistered(KeyRecord.ATTR_ALGORITHM)) { - reg.registerAttribute(KeyRecord.ATTR_ALGORITHM, new - StringMapper(KeyDBSchema.LDAP_ATTR_ALGORITHM)); + reg.registerAttribute(KeyRecord.ATTR_ALGORITHM, new StringMapper( + KeyDBSchema.LDAP_ATTR_ALGORITHM)); } if (!reg.isAttributeRegistered(KeyRecord.ATTR_STATE)) { - reg.registerAttribute(KeyRecord.ATTR_STATE, new - KeyStateMapper(KeyDBSchema.LDAP_ATTR_STATE)); + reg.registerAttribute(KeyRecord.ATTR_STATE, new KeyStateMapper( + KeyDBSchema.LDAP_ATTR_STATE)); } if (!reg.isAttributeRegistered(KeyRecord.ATTR_KEY_SIZE)) { - reg.registerAttribute(KeyRecord.ATTR_KEY_SIZE, new - IntegerMapper(KeyDBSchema.LDAP_ATTR_KEY_SIZE)); + reg.registerAttribute(KeyRecord.ATTR_KEY_SIZE, new IntegerMapper( + KeyDBSchema.LDAP_ATTR_KEY_SIZE)); } if (!reg.isAttributeRegistered(KeyRecord.ATTR_OWNER_NAME)) { - reg.registerAttribute(KeyRecord.ATTR_OWNER_NAME, new - StringMapper(KeyDBSchema.LDAP_ATTR_OWNER_NAME)); + reg.registerAttribute(KeyRecord.ATTR_OWNER_NAME, new StringMapper( + KeyDBSchema.LDAP_ATTR_OWNER_NAME)); } if (!reg.isAttributeRegistered(KeyRecord.ATTR_PRIVATE_KEY_DATA)) { - reg.registerAttribute(KeyRecord.ATTR_PRIVATE_KEY_DATA, new - ByteArrayMapper(KeyDBSchema.LDAP_ATTR_PRIVATE_KEY_DATA)); + reg.registerAttribute(KeyRecord.ATTR_PRIVATE_KEY_DATA, + new ByteArrayMapper(KeyDBSchema.LDAP_ATTR_PRIVATE_KEY_DATA)); } if (!reg.isAttributeRegistered(KeyRecord.ATTR_PUBLIC_KEY_DATA)) { - reg.registerAttribute(KeyRecord.ATTR_PUBLIC_KEY_DATA, new - PublicKeyMapper(KeyDBSchema.LDAP_ATTR_PUBLIC_KEY_DATA)); + reg.registerAttribute(KeyRecord.ATTR_PUBLIC_KEY_DATA, + new PublicKeyMapper(KeyDBSchema.LDAP_ATTR_PUBLIC_KEY_DATA)); } if (!reg.isAttributeRegistered(KeyRecord.ATTR_DATE_OF_RECOVERY)) { - reg.registerAttribute(KeyRecord.ATTR_DATE_OF_RECOVERY, new - DateArrayMapper(KeyDBSchema.LDAP_ATTR_DATE_OF_RECOVERY)); + reg.registerAttribute(KeyRecord.ATTR_DATE_OF_RECOVERY, + new DateArrayMapper(KeyDBSchema.LDAP_ATTR_DATE_OF_RECOVERY)); } if (!reg.isAttributeRegistered(KeyRecord.ATTR_CREATE_TIME)) { - reg.registerAttribute(KeyRecord.ATTR_CREATE_TIME, new - DateMapper(KeyDBSchema.LDAP_ATTR_CREATE_TIME)); + reg.registerAttribute(KeyRecord.ATTR_CREATE_TIME, new DateMapper( + KeyDBSchema.LDAP_ATTR_CREATE_TIME)); } if (!reg.isAttributeRegistered(KeyRecord.ATTR_MODIFY_TIME)) { - reg.registerAttribute(KeyRecord.ATTR_MODIFY_TIME, new - DateMapper(KeyDBSchema.LDAP_ATTR_MODIFY_TIME)); + reg.registerAttribute(KeyRecord.ATTR_MODIFY_TIME, new DateMapper( + KeyDBSchema.LDAP_ATTR_MODIFY_TIME)); } if (!reg.isAttributeRegistered(KeyRecord.ATTR_META_INFO)) { - reg.registerAttribute(KeyRecord.ATTR_META_INFO, new - MetaInfoMapper(KeyDBSchema.LDAP_ATTR_META_INFO)); + reg.registerAttribute(KeyRecord.ATTR_META_INFO, new MetaInfoMapper( + KeyDBSchema.LDAP_ATTR_META_INFO)); } if (!reg.isAttributeRegistered(KeyRecord.ATTR_ARCHIVED_BY)) { - reg.registerAttribute(KeyRecord.ATTR_ARCHIVED_BY, new - StringMapper(KeyDBSchema.LDAP_ATTR_ARCHIVED_BY)); + reg.registerAttribute(KeyRecord.ATTR_ARCHIVED_BY, new StringMapper( + KeyDBSchema.LDAP_ATTR_ARCHIVED_BY)); } } @@ -145,10 +141,12 @@ public class KeyRepository extends Repository implements IKeyRepository { return; } - CMS.debug("In setKeyStatusUpdateInterval mKeyStatusUpdateThread " + mKeyStatusUpdateThread); + CMS.debug("In setKeyStatusUpdateInterval mKeyStatusUpdateThread " + + mKeyStatusUpdateThread); if (mKeyStatusUpdateThread == null) { CMS.debug("In setKeyStatusUpdateInterval about to create KeyStatusUpdateThread "); - mKeyStatusUpdateThread = new KeyStatusUpdateThread(this, requestRepo, "KeyStatusUpdateThread"); + mKeyStatusUpdateThread = new KeyStatusUpdateThread(this, + requestRepo, "KeyStatusUpdateThread"); mKeyStatusUpdateThread.setInterval(interval); mKeyStatusUpdateThread.start(); } else { @@ -172,11 +170,9 @@ public class KeyRepository extends Repository implements IKeyRepository { /** * Removes all objects with this repository. */ - public void removeAllObjects() throws EBaseException - { + public void removeAllObjects() throws EBaseException { String filter = "(" + KeyRecord.ATTR_OWNER_NAME + "=*" + ")"; - IKeyRecordList list = findKeyRecordsInList(filter, - null, "serialno", 10); + IKeyRecordList list = findKeyRecordsInList(filter, null, "serialno", 10); int size = list.getSize(); Enumeration e = list.getKeyRecords(0, size - 1); while (e.hasMoreElements()) { @@ -188,7 +184,7 @@ public class KeyRepository extends Repository implements IKeyRepository { /** * Archives a key to the repository. * <P> - * + * * @param record key record * @exception EBaseException failed to archive key */ @@ -196,35 +192,38 @@ public class KeyRepository extends Repository implements IKeyRepository { IDBSSession s = mDBService.createSession(); try { - String name = "cn" + "=" + - ((KeyRecord) record).getSerialNumber().toString() + "," + getDN(); + String name = "cn" + "=" + + ((KeyRecord) record).getSerialNumber().toString() + "," + + getDN(); - if (s != null) s.add(name, (KeyRecord) record); - } finally { - if (s != null) s.close(); + if (s != null) + s.add(name, (KeyRecord) record); + } finally { + if (s != null) + s.close(); } } /** * Recovers an archived key by serial number. * <P> - * + * * @param serialNo serial number * @return key record * @exception EBaseException failed to recover key */ - public IKeyRecord readKeyRecord(BigInteger serialNo) - throws EBaseException { + public IKeyRecord readKeyRecord(BigInteger serialNo) throws EBaseException { IDBSSession s = mDBService.createSession(); KeyRecord rec = null; try { - String name = "cn" + "=" + - serialNo.toString() + "," + getDN(); + String name = "cn" + "=" + serialNo.toString() + "," + getDN(); - if (s != null) rec = (KeyRecord) s.read(name); - } finally { - if (s != null) s.close(); + if (s != null) + rec = (KeyRecord) s.read(name); + } finally { + if (s != null) + s.close(); } return rec; } @@ -232,26 +231,26 @@ public class KeyRepository extends Repository implements IKeyRepository { /** * Recovers an archived key by owner name. * <P> - * + * * @param ownerName owner name * @return key record * @exception EBaseException failed to recover key */ - public IKeyRecord readKeyRecord(X500Name ownerName) - throws EBaseException { + public IKeyRecord readKeyRecord(X500Name ownerName) throws EBaseException { IDBSSession s = mDBService.createSession(); KeyRecord keyRec = null; try { if (ownerName != null) { - String filter = "(" + KeyRecord.ATTR_OWNER_NAME + "=" + - ownerName.toString() + ")"; + String filter = "(" + KeyRecord.ATTR_OWNER_NAME + "=" + + ownerName.toString() + ")"; IDBSearchResults res = s.search(getDN(), filter); keyRec = (KeyRecord) res.nextElement(); - } - } finally { - if (s != null) s.close(); + } + } finally { + if (s != null) + s.close(); } return keyRec; } @@ -259,8 +258,7 @@ public class KeyRepository extends Repository implements IKeyRepository { /** * Recovers archived key using public key. */ - public IKeyRecord readKeyRecord(PublicKey publicKey) - throws EBaseException { + public IKeyRecord readKeyRecord(PublicKey publicKey) throws EBaseException { // XXX - setup binary search attributes byte data[] = publicKey.getEncoded(); @@ -270,40 +268,40 @@ public class KeyRepository extends Repository implements IKeyRepository { KeyRecord rec = null; try { - String filter = "(" + KeyRecord.ATTR_PUBLIC_KEY_DATA + "=" + - escapeBinaryData(data) + ")"; - if( s != null ) { + String filter = "(" + KeyRecord.ATTR_PUBLIC_KEY_DATA + "=" + + escapeBinaryData(data) + ")"; + if (s != null) { IDBSearchResults res = s.search(getDN(), filter); rec = (KeyRecord) res.nextElement(); } - } finally { - if (s != null) s.close(); + } finally { + if (s != null) + s.close(); } return rec; } - /** * Recovers archived key using b64 encoded cert */ - public IKeyRecord readKeyRecord(String cert) - throws EBaseException { + public IKeyRecord readKeyRecord(String cert) throws EBaseException { IDBSSession s = mDBService.createSession(); KeyRecord rec = null; try { - String filter = "(publicKey=x509cert#\"" +cert+"\")"; -CMS.debug("filter= " + filter); + String filter = "(publicKey=x509cert#\"" + cert + "\")"; + CMS.debug("filter= " + filter); - if( s != null ) { + if (s != null) { IDBSearchResults res = s.search(getDN(), filter); rec = (KeyRecord) res.nextElement(); } - } finally { - if (s != null) s.close(); + } finally { + if (s != null) + s.close(); } return rec; } @@ -312,32 +310,33 @@ CMS.debug("filter= " + filter); * Modifies key record. */ public void modifyKeyRecord(BigInteger serialNo, ModificationSet mods) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); try { - String name = "cn" + "=" + - serialNo.toString() + "," + getDN(); + String name = "cn" + "=" + serialNo.toString() + "," + getDN(); mods.add(KeyRecord.ATTR_MODIFY_TIME, Modification.MOD_REPLACE, - new Date()); - if (s != null) s.modify(name, mods); - } finally { - if (s != null) s.close(); + new Date()); + if (s != null) + s.modify(name, mods); + } finally { + if (s != null) + s.close(); } } - public void deleteKeyRecord(BigInteger serialNo) - throws EBaseException { + public void deleteKeyRecord(BigInteger serialNo) throws EBaseException { IDBSSession s = mDBService.createSession(); try { - String name = "cn" + "=" + - serialNo.toString() + "," + getDN(); + String name = "cn" + "=" + serialNo.toString() + "," + getDN(); - if (s != null) s.delete(name); - } finally { - if (s != null) s.close(); + if (s != null) + s.delete(name); + } finally { + if (s != null) + s.close(); } } @@ -354,7 +353,7 @@ CMS.debug("filter= " + filter); } public Enumeration searchKeys(String filter, int maxSize) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; @@ -368,7 +367,7 @@ CMS.debug("filter= " + filter); } public Enumeration searchKeys(String filter, int maxSize, int timeLimit) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; @@ -384,34 +383,31 @@ CMS.debug("filter= " + filter); /** * Retrieves key record list. */ - public IKeyRecordList findKeyRecordsInList(String filter, - String attrs[], int pageSize) throws EBaseException { - return findKeyRecordsInList(filter, attrs, IKeyRecord.ATTR_ID, - pageSize); + public IKeyRecordList findKeyRecordsInList(String filter, String attrs[], + int pageSize) throws EBaseException { + return findKeyRecordsInList(filter, attrs, IKeyRecord.ATTR_ID, pageSize); } - public IKeyRecordList findKeyRecordsInList(String filter, - String attrs[], String sortKey, int pageSize) - throws EBaseException { + public IKeyRecordList findKeyRecordsInList(String filter, String attrs[], + String sortKey, int pageSize) throws EBaseException { IDBSSession s = mDBService.createSession(); IKeyRecordList list = null; try { if (s != null) { - list = new KeyRecordList( - s.createVirtualList(getDN(), "(&(objectclass=" + - KeyRecord.class.getName() + ")" + filter + ")", - attrs, sortKey, pageSize)); + list = new KeyRecordList(s.createVirtualList(getDN(), + "(&(objectclass=" + KeyRecord.class.getName() + ")" + + filter + ")", attrs, sortKey, pageSize)); } - } finally { - if (s != null) s.close(); + } finally { + if (s != null) + s.close(); } return list; } - public IKeyRecordList findKeyRecordsInList(String filter, - String attrs[],String jumpTo, String sortKey, int pageSize) - throws EBaseException { + public IKeyRecordList findKeyRecordsInList(String filter, String attrs[], + String jumpTo, String sortKey, int pageSize) throws EBaseException { IDBSSession s = mDBService.createSession(); IKeyRecordList list = null; @@ -420,94 +416,103 @@ CMS.debug("filter= " + filter); String jumpToVal = null; if (len > 9) { - jumpToVal = Integer.toString(len) + jumpTo; - } else { - jumpToVal = "0" + Integer.toString(len) + jumpTo; + jumpToVal = Integer.toString(len) + jumpTo; + } else { + jumpToVal = "0" + Integer.toString(len) + jumpTo; } try { if (s != null) { - list = new KeyRecordList( - s.createVirtualList(getDN(), "(&(objectclass=" + - KeyRecord.class.getName() + ")" + filter + ")", - attrs,jumpToVal, sortKey, pageSize)); + list = new KeyRecordList(s.createVirtualList(getDN(), + "(&(objectclass=" + KeyRecord.class.getName() + ")" + + filter + ")", attrs, jumpToVal, sortKey, + pageSize)); } } finally { - if (s != null) s.close(); + if (s != null) + s.close(); } return list; } - public BigInteger getLastSerialNumberInRange(BigInteger serial_low_bound, BigInteger serial_upper_bound) throws - EBaseException { + public BigInteger getLastSerialNumberInRange(BigInteger serial_low_bound, + BigInteger serial_upper_bound) throws EBaseException { - CMS.debug("KeyRepository: in getLastSerialNumberInRange: low " + serial_low_bound + " high " + serial_upper_bound); + CMS.debug("KeyRepository: in getLastSerialNumberInRange: low " + + serial_low_bound + " high " + serial_upper_bound); - if(serial_low_bound == null || serial_upper_bound == null || serial_low_bound.compareTo(serial_upper_bound) >= 0) - { - return null; - } + if (serial_low_bound == null || serial_upper_bound == null + || serial_low_bound.compareTo(serial_upper_bound) >= 0) { + return null; + } - String ldapfilter = "(" + "serialno" + "=*" + ")"; - String[] attrs = null; + String ldapfilter = "(" + "serialno" + "=*" + ")"; + String[] attrs = null; - KeyRecordList recList = (KeyRecordList) findKeyRecordsInList(ldapfilter,attrs,serial_upper_bound.toString(10),"serialno", 5 * -1); + KeyRecordList recList = (KeyRecordList) findKeyRecordsInList( + ldapfilter, attrs, serial_upper_bound.toString(10), "serialno", + 5 * -1); - int size = recList.getSize(); + int size = recList.getSize(); - CMS.debug("KeyRepository: getLastSerialNumberInRange: recList size " + size); + CMS.debug("KeyRepository: getLastSerialNumberInRange: recList size " + + size); - if (size <= 0) { - CMS.debug("KeyRepository: getLastSerialNumberInRange: index may be empty"); + if (size <= 0) { + CMS.debug("KeyRepository: getLastSerialNumberInRange: index may be empty"); - BigInteger ret = new BigInteger(serial_low_bound.toString(10)); + BigInteger ret = new BigInteger(serial_low_bound.toString(10)); - ret = ret.add(new BigInteger("-1")); + ret = ret.add(new BigInteger("-1")); - CMS.debug("KeyRepository: getLastSerialNumberInRange returning: " + ret ); - return ret; - } - int ltSize = recList.getSizeBeforeJumpTo(); + CMS.debug("KeyRepository: getLastSerialNumberInRange returning: " + + ret); + return ret; + } + int ltSize = recList.getSizeBeforeJumpTo(); - Vector cList = new Vector(ltSize); + Vector cList = new Vector(ltSize); - CMS.debug("KeyRepository:getLastSerialNumberInRange: ltSize " + ltSize); + CMS.debug("KeyRepository:getLastSerialNumberInRange: ltSize " + ltSize); - int i; - KeyRecord curRec = null; + int i; + KeyRecord curRec = null; - for (i = 0; i < 5; i++) { - curRec = (KeyRecord) recList.getKeyRecord(i); + for (i = 0; i < 5; i++) { + curRec = (KeyRecord) recList.getKeyRecord(i); - if (curRec != null) { + if (curRec != null) { - BigInteger serial = curRec.getSerialNumber(); + BigInteger serial = curRec.getSerialNumber(); - CMS.debug("KeyRepository: getLastCertRecordSerialNo: serialno " + serial); + CMS.debug("KeyRepository: getLastCertRecordSerialNo: serialno " + + serial); - if( ((serial.compareTo(serial_low_bound) == 0) || (serial.compareTo(serial_low_bound) == 1) ) && - ((serial.compareTo(serial_upper_bound) == 0) || (serial.compareTo(serial_upper_bound) == -1) )) - { - CMS.debug("KeyRepository: getLastSerialNumberInRange returning: " + serial); - return serial; - } - } else { - CMS.debug("KeyRepository: getLastSerialNumberInRange:found null from getCertRecord"); - } - } + if (((serial.compareTo(serial_low_bound) == 0) || (serial + .compareTo(serial_low_bound) == 1)) + && ((serial.compareTo(serial_upper_bound) == 0) || (serial + .compareTo(serial_upper_bound) == -1))) { + CMS.debug("KeyRepository: getLastSerialNumberInRange returning: " + + serial); + return serial; + } + } else { + CMS.debug("KeyRepository: getLastSerialNumberInRange:found null from getCertRecord"); + } + } - BigInteger ret = new BigInteger(serial_low_bound.toString(10)); + BigInteger ret = new BigInteger(serial_low_bound.toString(10)); - ret = ret.add(new BigInteger("-1")); + ret = ret.add(new BigInteger("-1")); - CMS.debug("KeyRepository: getLastSerialNumberInRange returning: " + ret ); - return ret ; + CMS.debug("KeyRepository: getLastSerialNumberInRange returning: " + ret); + return ret; } public void shutdown() { - //if (mKeyStatusUpdateThread != null) - // mKeyStatusUpdateThread.destroy(); + // if (mKeyStatusUpdateThread != null) + // mKeyStatusUpdateThread.destroy(); } } @@ -541,7 +546,7 @@ class KeyStatusUpdateThread extends Thread { CMS.debug("Starting key checkRanges"); _kr.checkRanges(); CMS.debug("key checkRanges done"); - + CMS.debug("Starting request checkRanges"); _rr.checkRanges(); CMS.debug("request checkRanges done"); @@ -556,5 +561,3 @@ class KeyStatusUpdateThread extends Thread { } } } - - |