diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/ldap')
10 files changed, 1125 insertions, 1112 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/LdapAndExpression.java b/pki/base/common/src/com/netscape/cmscore/ldap/LdapAndExpression.java index cce85156..c41f361e 100644 --- a/pki/base/common/src/com/netscape/cmscore/ldap/LdapAndExpression.java +++ b/pki/base/common/src/com/netscape/cmscore/ldap/LdapAndExpression.java @@ -17,30 +17,32 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.ldap; + import com.netscape.certsrv.base.SessionContext; import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.publish.ILdapExpression; import com.netscape.certsrv.request.IRequest; + /** - * This class represents an expression of the form <var1 op val1 AND var2 op - * va2>. - * + * This class represents an expression of the form + * <var1 op val1 AND var2 op va2>. + * * Expressions are used as predicates for publishing rule selection. - * + * * @author mzhao * @version $Revision$, $Date$ */ public class LdapAndExpression implements ILdapExpression { private ILdapExpression mExp1; private ILdapExpression mExp2; - public LdapAndExpression(ILdapExpression exp1, ILdapExpression exp2) { mExp1 = exp1; mExp2 = exp2; } - public boolean evaluate(SessionContext sc) throws ELdapException { + public boolean evaluate(SessionContext sc) + throws ELdapException { // If an expression is missing we assume applicability. if (mExp1 == null && mExp2 == null) return true; @@ -48,12 +50,12 @@ public class LdapAndExpression implements ILdapExpression { return mExp1.evaluate(sc) && mExp2.evaluate(sc); else if (mExp1 == null) return mExp2.evaluate(sc); - else - // (if mExp2 == null) + else // (if mExp2 == null) return mExp1.evaluate(sc); } - public boolean evaluate(IRequest req) throws ELdapException { + public boolean evaluate(IRequest req) + throws ELdapException { // If an expression is missing we assume applicability. if (mExp1 == null && mExp2 == null) return true; @@ -61,8 +63,7 @@ public class LdapAndExpression implements ILdapExpression { return mExp1.evaluate(req) && mExp2.evaluate(req); else if (mExp1 == null) return mExp2.evaluate(req); - else - // (if mExp2 == null) + else // (if mExp2 == null) return mExp1.evaluate(req); } @@ -70,3 +71,4 @@ public class LdapAndExpression implements ILdapExpression { return mExp1.toString() + " AND " + mExp2.toString(); } } + diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/LdapConnModule.java b/pki/base/common/src/com/netscape/cmscore/ldap/LdapConnModule.java index 0fa2f019..7574bf1b 100644 --- a/pki/base/common/src/com/netscape/cmscore/ldap/LdapConnModule.java +++ b/pki/base/common/src/com/netscape/cmscore/ldap/LdapConnModule.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.ldap; + import netscape.ldap.LDAPConnection; import com.netscape.certsrv.apps.CMS; @@ -33,6 +34,7 @@ import com.netscape.cmscore.ldapconn.LdapAuthInfo; import com.netscape.cmscore.ldapconn.LdapBoundConnFactory; import com.netscape.cmscore.ldapconn.LdapConnInfo; + public class LdapConnModule implements ILdapConnModule { protected IConfigStore mConfig = null; protected LdapBoundConnFactory mLdapConnFactory = null; @@ -40,7 +42,7 @@ public class LdapConnModule implements ILdapConnModule { private boolean mInited = false; /** - * instantiate connection factory. + * instantiate connection factory. */ public static final String PROP_LDAP = "ldap"; @@ -55,43 +57,44 @@ public class LdapConnModule implements ILdapConnModule { protected ISubsystem mPubProcessor; - public void init(ISubsystem p, IConfigStore config) throws EBaseException { + public void init(ISubsystem p, + IConfigStore config) + throws EBaseException { CMS.debug("LdapConnModule: init called"); if (mInited) { CMS.debug("LdapConnModule: already initialized. return."); - return; + return; } CMS.debug("LdapConnModule: init begins"); mPubProcessor = p; mConfig = config; /* - * mLdapConnFactory = new LdapBoundConnFactory(); - * mLdapConnFactory.init(mConfig.getSubStore("ldap")); - */ + mLdapConnFactory = new LdapBoundConnFactory(); + mLdapConnFactory.init(mConfig.getSubStore("ldap")); + */ // support publishing dirsrv with different pwd than internaldb IConfigStore ldap = mConfig.getSubStore("ldap"); - IConfigStore ldapconn = ldap - .getSubStore(ILdapBoundConnFactory.PROP_LDAPCONNINFO); - IConfigStore authinfo = ldap - .getSubStore(ILdapBoundConnFactory.PROP_LDAPAUTHINFO); - ILdapConnInfo connInfo = CMS.getLdapConnInfo(ldapconn); - LdapAuthInfo authInfo = new LdapAuthInfo(authinfo, - ldapconn.getString("host"), ldapconn.getInteger("port"), - connInfo.getSecure()); - - int minConns = mConfig.getInteger(ILdapBoundConnFactory.PROP_MINCONNS, - 3); - int maxConns = mConfig.getInteger(ILdapBoundConnFactory.PROP_MAXCONNS, - 15); + IConfigStore ldapconn = ldap.getSubStore( + ILdapBoundConnFactory.PROP_LDAPCONNINFO); + IConfigStore authinfo = ldap.getSubStore( + ILdapBoundConnFactory.PROP_LDAPAUTHINFO); + ILdapConnInfo connInfo = + CMS.getLdapConnInfo(ldapconn); + LdapAuthInfo authInfo = + new LdapAuthInfo(authinfo, ldapconn.getString("host"), + ldapconn.getInteger("port"), connInfo.getSecure()); + + int minConns = mConfig.getInteger(ILdapBoundConnFactory.PROP_MINCONNS, 3); + int maxConns = mConfig.getInteger(ILdapBoundConnFactory.PROP_MAXCONNS, 15); // must get authInfo from the config, don't default to internaldb!!! - CMS.debug("Creating LdapBoundConnFactory for LdapConnModule."); - mLdapConnFactory = new LdapBoundConnFactory(minConns, maxConns, - (LdapConnInfo) connInfo, authInfo); + CMS.debug("Creating LdapBoundConnFactory for LdapConnModule."); + mLdapConnFactory = + new LdapBoundConnFactory(minConns, maxConns, (LdapConnInfo)connInfo, authInfo); mInited = true; @@ -99,14 +102,15 @@ public class LdapConnModule implements ILdapConnModule { } /** - * Returns the internal ldap connection factory. This can be useful to get a - * ldap connection to the ldap publishing directory without having to get it - * again from the config file. Note that this means sharing a ldap - * connection pool with the ldap publishing module so be sure to return - * connections to pool. Use ILdapConnFactory.getConn() to get a Ldap - * connection to the ldap publishing directory. Use - * ILdapConnFactory.returnConn() to return the connection. - * + * Returns the internal ldap connection factory. + * This can be useful to get a ldap connection to the + * ldap publishing directory without having to get it again from the + * config file. Note that this means sharing a ldap connection pool + * with the ldap publishing module so be sure to return connections to pool. + * Use ILdapConnFactory.getConn() to get a Ldap connection to the ldap + * publishing directory. + * Use ILdapConnFactory.returnConn() to return the connection. + * * @see com.netscape.certsrv.ldap.ILdapBoundConnFactory * @see com.netscape.certsrv.ldap.ILdapConnFactory */ @@ -123,8 +127,9 @@ public class LdapConnModule implements ILdapConnModule { } public void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_LDAP, level, - "LdapPublishModule: " + msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_LDAP, level, + "LdapPublishModule: " + msg); } - + } + diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/LdapOrExpression.java b/pki/base/common/src/com/netscape/cmscore/ldap/LdapOrExpression.java index 0a34304d..aaf9f35d 100644 --- a/pki/base/common/src/com/netscape/cmscore/ldap/LdapOrExpression.java +++ b/pki/base/common/src/com/netscape/cmscore/ldap/LdapOrExpression.java @@ -17,50 +17,51 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.ldap; + import com.netscape.certsrv.base.SessionContext; import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.publish.ILdapExpression; import com.netscape.certsrv.request.IRequest; + /** - * This class represents an Or expression of the form (var1 op val1 OR var2 op - * val2). - * + * This class represents an Or expression of the form + * (var1 op val1 OR var2 op val2). + * * Expressions are used as predicates for publishing rule selection. - * + * * @author mzhao * @version $Revision$, $Date$ */ public class LdapOrExpression implements ILdapExpression { private ILdapExpression mExp1; private ILdapExpression mExp2; - public LdapOrExpression(ILdapExpression exp1, ILdapExpression exp2) { mExp1 = exp1; mExp2 = exp2; } - public boolean evaluate(SessionContext sc) throws ELdapException { + public boolean evaluate(SessionContext sc) + throws ELdapException { if (mExp1 == null && mExp2 == null) return true; else if (mExp1 != null && mExp2 != null) return mExp1.evaluate(sc) || mExp2.evaluate(sc); else if (mExp1 != null && mExp2 == null) return mExp1.evaluate(sc); - else - // (mExp1 == null && mExp2 != null) + else // (mExp1 == null && mExp2 != null) return mExp2.evaluate(sc); } - public boolean evaluate(IRequest req) throws ELdapException { + public boolean evaluate(IRequest req) + throws ELdapException { if (mExp1 == null && mExp2 == null) return true; else if (mExp1 != null && mExp2 != null) return mExp1.evaluate(req) || mExp2.evaluate(req); else if (mExp1 != null && mExp2 == null) return mExp1.evaluate(req); - else - // (mExp1 == null && mExp2 != null) + else // (mExp1 == null && mExp2 != null) return mExp2.evaluate(req); } @@ -71,8 +72,8 @@ public class LdapOrExpression implements ILdapExpression { return mExp1.toString() + " OR " + mExp2.toString(); else if (mExp1 != null && mExp2 == null) return mExp1.toString(); - else - // (mExp1 == null && mExp2 != null) + else // (mExp1 == null && mExp2 != null) return mExp2.toString(); } } + diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/LdapPredicateParser.java b/pki/base/common/src/com/netscape/cmscore/ldap/LdapPredicateParser.java index ac91af82..3ac8f750 100644 --- a/pki/base/common/src/com/netscape/cmscore/ldap/LdapPredicateParser.java +++ b/pki/base/common/src/com/netscape/cmscore/ldap/LdapPredicateParser.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.ldap; + import java.util.Enumeration; import java.util.Hashtable; import java.util.Vector; @@ -28,16 +29,19 @@ import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.publish.ILdapExpression; import com.netscape.cmscore.util.Debug; + /** * Default implementation of predicate parser. - * + * * Limitations: - * - * 1. Currently parentheses are not suported. 2. Only ==, != <, >, <= and >= - * operators are supported. 3. The only boolean operators supported are AND and - * OR. AND takes precedence over OR. Example: a AND b OR e OR c AND d is treated - * as (a AND b) OR e OR (c AND d) 4. If this is n't adequate, roll your own. - * + * + * 1. Currently parentheses are not suported. + * 2. Only ==, != <, >, <= and >= operators are supported. + * 3. The only boolean operators supported are AND and OR. AND takes precedence + * over OR. Example: a AND b OR e OR c AND d + * is treated as (a AND b) OR e OR (c AND d) + * 4. If this is n't adequate, roll your own. + * * @author mzhao * @version $Revision$, $Date$ */ @@ -53,22 +57,22 @@ public class LdapPredicateParser { /** * Parse the predicate expression and return a vector of expressions. - * - * @param predicateExp The predicate expression as read from the config - * file. - * @return expVector The vector of expressions. + * + * @param predicateExp The predicate expression as read from the config file. + * @return expVector The vector of expressions. */ public static ILdapExpression parse(String predicateExpression) - throws ELdapException { - if (predicateExpression == null || predicateExpression.length() == 0) + throws ELdapException { + if (predicateExpression == null || + predicateExpression.length() == 0) return null; PredicateTokenizer pt = new PredicateTokenizer(predicateExpression); if (pt == null || !pt.hasMoreTokens()) return null; - // The first token cannot be an operator. We are not dealing with - // reverse-polish notation. + // The first token cannot be an operator. We are not dealing with + // reverse-polish notation. String token = pt.nextToken(); boolean opANDSeen; boolean opORSeen; @@ -76,8 +80,7 @@ public class LdapPredicateParser { if (getOP(token) != EXPRESSION) { if (Debug.ON) Debug.trace("Malformed expression: " + predicateExpression); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_BAD_LDAP_EXPRESSION", predicateExpression)); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_BAD_LDAP_EXPRESSION", predicateExpression)); } ILdapExpression current = parseExpression(token); boolean malformed = false; @@ -88,8 +91,8 @@ public class LdapPredicateParser { token = pt.nextToken(); int curType = getOP(token); - if ((prevType != EXPRESSION && curType != EXPRESSION) - || (prevType == EXPRESSION && curType == EXPRESSION)) { + if ((prevType != EXPRESSION && curType != EXPRESSION) || + (prevType == EXPRESSION && curType == EXPRESSION)) { malformed = true; break; } @@ -100,8 +103,7 @@ public class LdapPredicateParser { continue; } - // If the previous type was an OR token, add the current expression - // to + // If the previous type was an OR token, add the current expression to // the expression set; if (prevType == OP_OR) { expSet.addElement(current); @@ -119,8 +121,9 @@ public class LdapPredicateParser { if (malformed) { if (Debug.ON) Debug.trace("Malformed expression: " + predicateExpression); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_BAD_LDAP_EXPRESSION", predicateExpression)); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_BAD_LDAP_EXPRESSION", + predicateExpression)); } // Form an LdapOrExpression @@ -131,12 +134,12 @@ public class LdapPredicateParser { if (size == 0) return null; - LdapOrExpression orExp = new LdapOrExpression( - (ILdapExpression) expSet.elementAt(0), null); + LdapOrExpression orExp = new + LdapOrExpression((ILdapExpression) expSet.elementAt(0), null); for (int i = 1; i < size; i++) orExp = new LdapOrExpression(orExp, - (ILdapExpression) expSet.elementAt(i)); + (ILdapExpression) expSet.elementAt(i)); return orExp; } @@ -150,7 +153,7 @@ public class LdapPredicateParser { } private static ILdapExpression parseExpression(String input) - throws ELdapException { + throws ELdapException { // If the expression has multiple parts separated by commas // we need to construct an AND expression. Else we will return a // simple expression. @@ -162,30 +165,28 @@ public class LdapPredicateParser { Vector expVector = new Vector(); while (commaIndex > 0) { - LdapSimpleExpression exp = (LdapSimpleExpression) LdapSimpleExpression - .parse(input.substring(currentIndex, commaIndex)); + LdapSimpleExpression exp = (LdapSimpleExpression) + LdapSimpleExpression.parse(input.substring(currentIndex, + commaIndex)); expVector.addElement(exp); currentIndex = commaIndex + 1; commaIndex = input.indexOf(COMMA, currentIndex); } if (currentIndex < (input.length() - 1)) { - LdapSimpleExpression exp = (LdapSimpleExpression) LdapSimpleExpression - .parse(input.substring(currentIndex)); + LdapSimpleExpression exp = (LdapSimpleExpression) + LdapSimpleExpression.parse(input.substring(currentIndex)); expVector.addElement(exp); } int size = expVector.size(); - LdapSimpleExpression exp1 = (LdapSimpleExpression) expVector - .elementAt(0); - LdapSimpleExpression exp2 = (LdapSimpleExpression) expVector - .elementAt(1); + LdapSimpleExpression exp1 = (LdapSimpleExpression) expVector.elementAt(0); + LdapSimpleExpression exp2 = (LdapSimpleExpression) expVector.elementAt(1); LdapAndExpression andExp = new LdapAndExpression(exp1, exp2); for (int i = 2; i < size; i++) { - andExp = new LdapAndExpression(andExp, - (LdapSimpleExpression) expVector.elementAt(i)); + andExp = new LdapAndExpression(andExp, (LdapSimpleExpression) expVector.elementAt(i)); } return andExp; } @@ -193,40 +194,79 @@ public class LdapPredicateParser { public static void main(String[] args) { /** - * AttributeSet req = new AttributeSet(); try { req.set("ou", "people"); - * req.set("cn", "John Doe"); req.set("uid", "jdoes"); req.set("o", - * "airius.com"); req.set("certtype", "client"); req.set("request", - * "issuance"); req.set("id", new Integer(10)); req.set("dualcerts", new - * Boolean(true)); - * - * Vector v = new Vector(); v.addElement("one"); v.addElement("two"); - * v.addElement("three"); req.set("count", v); } catch (Exception - * e){e.printStackTrace();} String[] array = { - * "ou == people AND certtype == client", - * "ou == servergroup AND certtype == server", - * "uid == jdoes, ou==people, o==airius.com OR ou == people AND certType == client OR certType == server AND cn == needles.mcom.com" - * , }; for (int i = 0; i < array.length; i++) { System.out.println(); - * System.out.println("String: " + array[i]); ILdapExpression exp = - * null; try { exp = parse(array[i]); if (exp != null) { - * System.out.println("Parsed Expression: " + exp); boolean result = - * exp.evaluate(req); System.out.println("Result: " + result); } } catch - * (Exception e) {e.printStackTrace(); } } - * - * - * try { BufferedReader rdr = new BufferedReader( new - * FileReader(args[0])); String line; while((line=rdr.readLine()) != - * null) { System.out.println(); System.out.println("Line Read: " + - * line); ILdapExpression exp = null; try { exp = parse(line); if (exp - * != null) { System.out.println(exp); boolean result = - * exp.evaluate(req); System.out.println("Result: " + result); } - * - * }catch (Exception e){e.printStackTrace();} } } catch (Exception - * e){e.printStackTrace(); } + AttributeSet req = new AttributeSet(); + try + { + req.set("ou", "people"); + req.set("cn", "John Doe"); + req.set("uid", "jdoes"); + req.set("o", "airius.com"); + req.set("certtype", "client"); + req.set("request", "issuance"); + req.set("id", new Integer(10)); + req.set("dualcerts", new Boolean(true)); + + Vector v = new Vector(); + v.addElement("one"); + v.addElement("two"); + v.addElement("three"); + req.set("count", v); + } + catch (Exception e){e.printStackTrace();} + String[] array = { "ou == people AND certtype == client", + "ou == servergroup AND certtype == server", + "uid == jdoes, ou==people, o==airius.com OR ou == people AND certType == client OR certType == server AND cn == needles.mcom.com", + }; + for (int i = 0; i < array.length; i++) + { + System.out.println(); + System.out.println("String: " + array[i]); + ILdapExpression exp = null; + try + { + exp = parse(array[i]); + if (exp != null) + { + System.out.println("Parsed Expression: " + exp); + boolean result = exp.evaluate(req); + System.out.println("Result: " + result); + } + } + catch (Exception e) {e.printStackTrace(); } + } + + + try + { + BufferedReader rdr = new BufferedReader( + new FileReader(args[0])); + String line; + while((line=rdr.readLine()) != null) + { + System.out.println(); + System.out.println("Line Read: " + line); + ILdapExpression exp = null; + try + { + exp = parse(line); + if (exp != null) + { + System.out.println(exp); + boolean result = exp.evaluate(req); + System.out.println("Result: " + result); + } + + }catch (Exception e){e.printStackTrace();} + } + } + catch (Exception e){e.printStackTrace(); } + **/ } } + class PredicateTokenizer { String input; int currentIndex; @@ -308,27 +348,30 @@ class PredicateTokenizer { } } + class AttributeSet implements IAttrSet { /** * */ private static final long serialVersionUID = -3155846653754028803L; Hashtable ht = new Hashtable(); - public AttributeSet() { } - public void delete(String name) throws EBaseException { + public void delete(String name) + throws EBaseException { Object ob = ht.get(name); ht.remove(ob); } - public Object get(String name) throws EBaseException { + public Object get(String name) + throws EBaseException { return ht.get(name); } - public void set(String name, Object ob) throws EBaseException { + public void set(String name, Object ob) + throws EBaseException { ht.put(name, ob); } diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/LdapPublishModule.java b/pki/base/common/src/com/netscape/cmscore/ldap/LdapPublishModule.java index e064f7f2..8e890f06 100644 --- a/pki/base/common/src/com/netscape/cmscore/ldap/LdapPublishModule.java +++ b/pki/base/common/src/com/netscape/cmscore/ldap/LdapPublishModule.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.ldap; + import java.io.IOException; import java.math.BigInteger; import java.security.cert.X509CRL; @@ -55,6 +56,7 @@ import com.netscape.cmscore.dbs.CertRecord; import com.netscape.cmscore.ldapconn.LdapBoundConnFactory; import com.netscape.cmscore.util.Debug; + public class LdapPublishModule implements ILdapPublishModule { protected IConfigStore mConfig = null; protected LdapBoundConnFactory mLdapConnFactory = null; @@ -62,24 +64,28 @@ public class LdapPublishModule implements ILdapPublishModule { private boolean mInited = false; protected ICertAuthority mAuthority = null; - /** - * hashtable of cert types to cert mappers and publishers. cert types are - * client, server, ca, subca, ra, crl, etc. XXX the cert types need to be - * consistently used. for each, the mapper may be null, in which case the - * full subject name is used to map the cert. for crl, if the mapper is null - * the ca mapper is used. if that is null, the full issuer name is used. XXX - * if we support crl issuing points the issuing point should be used to - * publish the crl. When publishers are null, the certs are not published. + /** + * hashtable of cert types to cert mappers and publishers. + * cert types are client, server, ca, subca, ra, crl, etc. + * XXX the cert types need to be consistently used. + * for each, the mapper may be null, in which case the full subject + * name is used to map the cert. + * for crl, if the mapper is null the ca mapper is used. if that + * is null, the full issuer name is used. + * XXX if we support crl issuing points the issuing point should be used + * to publish the crl. + * When publishers are null, the certs are not published. */ - protected Hashtable mMappers = new Hashtable(); + protected Hashtable mMappers = new Hashtable(); /** - * handlers for request types (events) values implement IRequestListener + * handlers for request types (events) + * values implement IRequestListener */ protected Hashtable mEventHandlers = new Hashtable(); /** - * instantiate connection factory. + * instantiate connection factory. */ public static final String ATTR_LDAPPUBLISH_STATUS = "LdapPublishStatus"; public static final String PROP_LDAP = "ldap"; @@ -94,10 +100,12 @@ public class LdapPublishModule implements ILdapPublishModule { public LdapPublishModule() { } - public void init(ISubsystem sub, IConfigStore config) throws EBaseException { - } + public void init(ISubsystem sub, IConfigStore config) throws EBaseException + { + } - public void set(String name, String val) { + public void set(String name, String val) + { } public LdapPublishModule(LdapBoundConnFactory factory) { @@ -108,7 +116,8 @@ public class LdapPublishModule implements ILdapPublishModule { protected IPublisherProcessor mPubProcessor; public void init(ICertAuthority authority, IPublisherProcessor p, - IConfigStore config) throws EBaseException { + IConfigStore config) + throws EBaseException { if (mInited) return; @@ -124,9 +133,9 @@ public class LdapPublishModule implements ILdapPublishModule { mAuthority.registerRequestListener(this); } - public void init(ICertAuthority authority, IConfigStore config) - throws EBaseException { - if (mInited) + public void init(ICertAuthority authority, IConfigStore config) + throws EBaseException { + if (mInited) return; mAuthority = authority; @@ -141,14 +150,15 @@ public class LdapPublishModule implements ILdapPublishModule { } /** - * Returns the internal ldap connection factory. This can be useful to get a - * ldap connection to the ldap publishing directory without having to get it - * again from the config file. Note that this means sharing a ldap - * connection pool with the ldap publishing module so be sure to return - * connections to pool. Use ILdapConnFactory.getConn() to get a Ldap - * connection to the ldap publishing directory. Use - * ILdapConnFactory.returnConn() to return the connection. - * + * Returns the internal ldap connection factory. + * This can be useful to get a ldap connection to the + * ldap publishing directory without having to get it again from the + * config file. Note that this means sharing a ldap connection pool + * with the ldap publishing module so be sure to return connections to pool. + * Use ILdapConnFactory.getConn() to get a Ldap connection to the ldap + * publishing directory. + * Use ILdapConnFactory.returnConn() to return the connection. + * * @see com.netscape.certsrv.ldap.ILdapBoundConnFactory * @see com.netscape.certsrv.ldap.ILdapConnFactory */ @@ -157,8 +167,8 @@ public class LdapPublishModule implements ILdapPublishModule { } /** - * Returns the connection factory to the publishing directory. Must return - * the connection once you return + * Returns the connection factory to the publishing directory. + * Must return the connection once you return */ protected LdapMappers getMappers(String certType) { @@ -169,15 +179,16 @@ public class LdapPublishModule implements ILdapPublishModule { } else { mappers = (LdapMappers) mMappers.get(certType); } - return mappers; + return mappers; } - protected void initMappers(IConfigStore config) throws EBaseException { + protected void initMappers(IConfigStore config) + throws EBaseException { IConfigStore types = mConfig.getSubStore(PROP_TYPE); if (types == null || types.size() <= 0) { // nothing configured. - if (Debug.ON) + if (Debug.ON) System.out.println("No ldap publishing configurations."); return; } @@ -187,9 +198,9 @@ public class LdapPublishModule implements ILdapPublishModule { String certType = (String) substores.nextElement(); IConfigStore current = types.getSubStore(certType); - if (current == null || current.size() <= 0) { - CMS.debug("No ldap publish configuration for " + certType - + " found."); + if (current == null || current.size() <= 0) { + CMS.debug( + "No ldap publish configuration for " + certType + " found."); continue; } ILdapPlugin mapper = null, publisher = null; @@ -200,53 +211,54 @@ public class LdapPublishModule implements ILdapPublishModule { mapperConf = current.getSubStore(PROP_MAPPER); mapperClassName = mapperConf.getString(PROP_CLASS, null); if (mapperClassName != null && mapperClassName.length() > 0) { - CMS.debug("mapper " + mapperClassName + " for " + certType); - mapper = (ILdapPlugin) Class.forName(mapperClassName) - .newInstance(); + CMS.debug( + "mapper " + mapperClassName + " for " + certType); + mapper = (ILdapPlugin) + Class.forName(mapperClassName).newInstance(); mapper.init(mapperConf); } publisherConf = current.getSubStore(PROP_PUBLISHER); publisherClassName = publisherConf.getString(PROP_CLASS, null); - if (publisherClassName != null - && publisherClassName.length() > 0) { - CMS.debug("publisher " + publisherClassName + " for " - + certType); - publisher = (ILdapPlugin) Class.forName(publisherClassName) - .newInstance(); + if (publisherClassName != null && + publisherClassName.length() > 0) { + CMS.debug( + "publisher " + publisherClassName + " for " + certType); + publisher = (ILdapPlugin) + Class.forName(publisherClassName).newInstance(); publisher.init(publisherConf); } mMappers.put(certType, new LdapMappers(mapper, publisher)); } catch (ClassNotFoundException e) { - String missingClass = mapperClassName - + ((publisherClassName == null) ? "" - : (" or " + publisherClassName)); - - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_FIND_CLASS", missingClass)); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_CLASS_NOT_FOUND", missingClass)); + String missingClass = mapperClassName + + ((publisherClassName == null) ? "" : + (" or " + publisherClassName)); + + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_FIND_CLASS", missingClass)); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_CLASS_NOT_FOUND", missingClass)); } catch (InstantiationException e) { - String badInstance = mapperClassName - + ((publisherClassName == null) ? "" - : (" or " + publisherClassName)); - - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_INST_CLASS", badInstance, certType)); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_INSTANTIATING_CLASS_FAILED", badInstance)); + String badInstance = mapperClassName + + ((publisherClassName == null) ? "" : + (" or " + publisherClassName)); + + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_INST_CLASS", + badInstance ,certType)); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_INSTANTIATING_CLASS_FAILED", badInstance)); } catch (IllegalAccessException e) { - String badInstance = mapperClassName - + ((publisherClassName == null) ? "" - : (" or " + publisherClassName)); - - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_INSUFFICIENT_CREDENTIALS", badInstance, - certType)); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_INSUFFICIENT_CREDENTIALS", certType)); + String badInstance = mapperClassName + + ((publisherClassName == null) ? "" : + (" or " + publisherClassName)); + + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_INSUFFICIENT_CREDENTIALS", badInstance, certType)); + throw new ELdapException( + CMS.getUserMessage("CMS_LDAP_INSUFFICIENT_CREDENTIALS", certType)); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_INIT_ERROR", certType, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_INIT_ERROR", certType, e.toString())); throw e; } } @@ -254,13 +266,14 @@ public class LdapPublishModule implements ILdapPublishModule { } protected void initHandlers() { - mEventHandlers.put(IRequest.ENROLLMENT_REQUEST, new HandleEnrollment( - this)); - mEventHandlers.put(IRequest.RENEWAL_REQUEST, new HandleRenewal(this)); - mEventHandlers.put(IRequest.REVOCATION_REQUEST, new HandleRevocation( - this)); - mEventHandlers.put(IRequest.UNREVOCATION_REQUEST, - new HandleUnrevocation(this)); + mEventHandlers.put(IRequest.ENROLLMENT_REQUEST, + new HandleEnrollment(this)); + mEventHandlers.put(IRequest.RENEWAL_REQUEST, + new HandleRenewal(this)); + mEventHandlers.put(IRequest.REVOCATION_REQUEST, + new HandleRevocation(this)); + mEventHandlers.put(IRequest.UNREVOCATION_REQUEST, + new HandleUnrevocation(this)); } public void accept(IRequest r) { @@ -270,14 +283,15 @@ public class LdapPublishModule implements ILdapPublishModule { IRequestListener handler = (IRequestListener) mEventHandlers.get(type); if (handler == null) { - CMS.debug("Nothing to publish for request type " + type); + CMS.debug( + "Nothing to publish for request type " + type); return; } handler.accept(r); } public void publish(String certType, X509Certificate cert) - throws ELdapException { + throws ELdapException { // get mapper and publisher for cert type. LdapMappers mappers = getMappers(certType); @@ -285,15 +299,15 @@ public class LdapPublishModule implements ILdapPublishModule { CMS.debug("publisher for " + certType + " is null"); return; } - publish((ILdapMapper) mappers.mapper, - (ILdapPublisher) mappers.publisher, cert); + publish((ILdapMapper) mappers.mapper, + (ILdapPublisher) mappers.publisher, cert); // set the ldap published flag. setPublishedFlag(cert.getSerialNumber(), true); } public void unpublish(String certType, X509Certificate cert) - throws ELdapException { + throws ELdapException { // get mapper and publisher for cert type. LdapMappers mappers = getMappers(certType); @@ -301,44 +315,43 @@ public class LdapPublishModule implements ILdapPublishModule { CMS.debug("publisher for " + certType + " is null"); return; } - unpublish((ILdapMapper) mappers.mapper, - (ILdapPublisher) mappers.publisher, cert); + unpublish((ILdapMapper) mappers.mapper, + (ILdapPublisher) mappers.publisher, cert); // set the ldap published flag. setPublishedFlag(cert.getSerialNumber(), false); } /** - * set published flag - true when published, false when unpublished. not - * exist means not published. + * set published flag - true when published, false when unpublished. + * not exist means not published. */ public void setPublishedFlag(BigInteger serialNo, boolean published) { - if (!(mAuthority instanceof ICertificateAuthority)) + if (!(mAuthority instanceof ICertificateAuthority)) return; ICertificateAuthority ca = (ICertificateAuthority) mAuthority; try { - ICertificateRepository certdb = (ICertificateRepository) ca - .getCertificateRepository(); - ICertRecord certRec = (ICertRecord) certdb - .readCertificateRecord(serialNo); + ICertificateRepository certdb = (ICertificateRepository) ca.getCertificateRepository(); + ICertRecord certRec = (ICertRecord) certdb.readCertificateRecord(serialNo); MetaInfo metaInfo = certRec.getMetaInfo(); if (metaInfo == null) { metaInfo = new MetaInfo(); } - metaInfo.set(CertRecord.META_LDAPPUBLISH, String.valueOf(published)); + metaInfo.set( + CertRecord.META_LDAPPUBLISH, String.valueOf(published)); ModificationSet modSet = new ModificationSet(); - modSet.add(ICertRecord.ATTR_META_INFO, Modification.MOD_REPLACE, - metaInfo); + modSet.add(ICertRecord.ATTR_META_INFO, + Modification.MOD_REPLACE, metaInfo); certdb.modifyCertificateRecord(serialNo, modSet); } catch (EBaseException e) { // not fatal. just log warning. - log(ILogger.LL_WARN, "Cannot mark cert 0x" + serialNo.toString(16) - + " published as " + published - + " in the ldap directory. Cert Record not found. Error: " - + e.getMessage()); + log(ILogger.LL_WARN, + "Cannot mark cert 0x" + serialNo.toString(16) + " published as " + published + + " in the ldap directory. Cert Record not found. Error: " + + e.getMessage()); } } @@ -351,7 +364,8 @@ public class LdapPublishModule implements ILdapPublishModule { } public void publish(ILdapMapper mapper, ILdapPublisher publisher, - X509Certificate cert) throws ELdapException { + X509Certificate cert) + throws ELdapException { LDAPConnection conn = null; try { @@ -361,19 +375,19 @@ public class LdapPublishModule implements ILdapPublishModule { conn = mLdapConnFactory.getConn(); if (mapper == null) { // use the cert's subject name exactly dirdn = cert.getSubjectDN().toString(); - CMS.debug("no mapper found. Using subject name exactly." - + cert.getSubjectDN()); + CMS.debug( + "no mapper found. Using subject name exactly." + + cert.getSubjectDN()); } else { result = mapper.map(conn, cert); dirdn = result; - if (dirdn == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_PUBLISH_NOT_MATCH", cert - .getSerialNumber().toString(16), cert - .getSubjectDN().toString())); - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_NO_MATCH", cert - .getSubjectDN().toString())); + if (dirdn == null) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_PUBLISH_NOT_MATCH", + cert.getSerialNumber().toString(16), + cert.getSubjectDN().toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH", + cert.getSubjectDN().toString())); } } publisher.publish(conn, dirdn, cert); @@ -385,7 +399,8 @@ public class LdapPublishModule implements ILdapPublishModule { } public void unpublish(ILdapMapper mapper, ILdapPublisher publisher, - X509Certificate cert) throws ELdapException { + X509Certificate cert) + throws ELdapException { LDAPConnection conn = null; try { @@ -398,14 +413,13 @@ public class LdapPublishModule implements ILdapPublishModule { } else { result = mapper.map(conn, cert); dirdn = result; - if (dirdn == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_PUBLISH_NOT_MATCH", cert - .getSerialNumber().toString(16), cert - .getSubjectDN().toString())); - throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_NO_MATCH", cert - .getSubjectDN().toString())); + if (dirdn == null) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_PUBLISH_NOT_MATCH", + cert.getSerialNumber().toString(16), + cert.getSubjectDN().toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH", + cert.getSubjectDN().toString())); } } publisher.unpublish(conn, dirdn, cert); @@ -417,10 +431,11 @@ public class LdapPublishModule implements ILdapPublishModule { } /** - * publishes a crl by mapping the issuer name in the crl to an entry and - * publishing it there. entry must be a certificate authority. + * publishes a crl by mapping the issuer name in the crl to an entry + * and publishing it there. entry must be a certificate authority. */ - public void publish(X509CRLImpl crl) throws ELdapException { + public void publish(X509CRLImpl crl) + throws ELdapException { ILdapCrlMapper mapper = null; ILdapPublisher publisher = null; @@ -443,22 +458,21 @@ public class LdapPublishModule implements ILdapPublishModule { } else { result = ((ILdapMapper) mappers.mapper).map(conn, crl); dn = result; - if (dn == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAP_CRL_NOT_MATCH")); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_NO_MATCH", crl.getIssuerDN().toString())); + if (dn == null) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_CRL_NOT_MATCH")); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH", + crl.getIssuerDN().toString())); } } ((ILdapPublisher) mappers.publisher).publish(conn, dn, crl); } catch (ELdapException e) { - // e.printStackTrace(); - CMS.debug("Error publishing CRL to " + dn + ": " + e); + //e.printStackTrace(); + CMS.debug( + "Error publishing CRL to " + dn + ": " + e); throw e; } catch (IOException e) { CMS.debug("Error publishing CRL to " + dn + ": " + e); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_GET_ISSUER_FROM_CRL_FAILED", (String) "")); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_ISSUER_FROM_CRL_FAILED", (String) "")); } finally { if (conn != null) { mLdapConnFactory.returnConn(conn); @@ -467,10 +481,11 @@ public class LdapPublishModule implements ILdapPublishModule { } /** - * publishes a crl by mapping the issuer name in the crl to an entry and - * publishing it there. entry must be a certificate authority. + * publishes a crl by mapping the issuer name in the crl to an entry + * and publishing it there. entry must be a certificate authority. */ - public void publish(String dn, X509CRL crl) throws ELdapException { + public void publish(String dn, X509CRL crl) + throws ELdapException { LdapMappers mappers = getMappers(PROP_TYPE_CRL); if (mappers == null || mappers.publisher == null) { @@ -484,7 +499,8 @@ public class LdapPublishModule implements ILdapPublishModule { conn = mLdapConnFactory.getConn(); ((ILdapPublisher) mappers.publisher).publish(conn, dn, crl); } catch (ELdapException e) { - CMS.debug("Error publishing CRL to " + dn + ": " + e.toString()); + CMS.debug( + "Error publishing CRL to " + dn + ": " + e.toString()); throw e; } finally { if (conn != null) { @@ -494,22 +510,23 @@ public class LdapPublishModule implements ILdapPublishModule { } public void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_LDAP, level, - "LdapPublishModule: " + msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_LDAP, level, + "LdapPublishModule: " + msg); } - + } + class LdapMappers { public LdapMappers(ILdapPlugin aMapper, ILdapPlugin aPublisher) { mapper = aMapper; publisher = aPublisher; } - public ILdapPlugin mapper = null; public ILdapPlugin publisher = null; } + class HandleEnrollment implements IRequestListener { LdapPublishModule mModule = null; @@ -517,43 +534,49 @@ class HandleEnrollment implements IRequestListener { mModule = module; } - public void set(String name, String val) { + public void set(String name, String val) + { } - public void init(ISubsystem sub, IConfigStore config) throws EBaseException { + public void init(ISubsystem sub, IConfigStore config) throws EBaseException + { } public void accept(IRequest r) { - CMS.debug("handling publishing for enrollment request id " - + r.getRequestId()); + CMS.debug( + "handling publishing for enrollment request id " + + r.getRequestId()); // in case it's not meant for us if (r.getExtDataInInteger(IRequest.RESULT) == null) return; - // check if request failed. + // check if request failed. if ((r.getExtDataInInteger(IRequest.RESULT)).equals(IRequest.RES_ERROR)) { - CMS.debug("Request errored. " - + "Nothing to publish for enrollment request id " - + r.getRequestId()); + CMS.debug("Request errored. " + + "Nothing to publish for enrollment request id " + + r.getRequestId()); return; } - CMS.debug("Checking publishing for request " + r.getRequestId()); + CMS.debug("Checking publishing for request " + + r.getRequestId()); // check if issued certs is set. X509CertImpl[] certs = r.getExtDataInCertArray(IRequest.ISSUED_CERTS); if (certs == null || certs.length == 0 || certs[0] == null) { - CMS.debug("No certs to publish for request id " + r.getRequestId()); + CMS.debug( + "No certs to publish for request id " + r.getRequestId()); return; } // get mapper and publisher for client certs. - LdapMappers mappers = mModule - .getMappers(LdapPublishModule.PROP_TYPE_CLIENT); + LdapMappers mappers = + mModule.getMappers(LdapPublishModule.PROP_TYPE_CLIENT); if (mappers == null || mappers.publisher == null) { - CMS.debug("In publishing: No publisher for type " - + LdapPublishModule.PROP_TYPE_CLIENT); + CMS.debug( + "In publishing: No publisher for type " + + LdapPublishModule.PROP_TYPE_CLIENT); return; } @@ -563,18 +586,18 @@ class HandleEnrollment implements IRequestListener { for (int i = 0; i < certs.length; i++) { try { - if (certs[i] == null) + if (certs[i] == null) continue; - mModule.publish((ILdapMapper) mappers.mapper, - (ILdapPublisher) mappers.publisher, certs[i]); + mModule.publish((ILdapMapper) mappers.mapper, + (ILdapPublisher) mappers.publisher, certs[i]); results[i] = IRequest.RES_SUCCESS; - CMS.debug("Published cert serial no 0x" - + certs[i].getSerialNumber().toString(16)); + CMS.debug( + "Published cert serial no 0x" + certs[i].getSerialNumber().toString(16)); mModule.setPublishedFlag(certs[i].getSerialNumber(), true); } catch (ELdapException e) { - mModule.log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_CERT_NOT_PUBLISH", certs[i] - .getSerialNumber().toString(16), e.toString())); + mModule.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_PUBLISH", + certs[i].getSerialNumber().toString(16),e.toString())); results[i] = IRequest.RES_ERROR; } r.setExtData("ldapPublishStatus", results); @@ -582,38 +605,40 @@ class HandleEnrollment implements IRequestListener { } } + class HandleRenewal implements IRequestListener { private LdapPublishModule mModule = null; - public HandleRenewal(LdapPublishModule module) { mModule = module; } - public void init(ISubsystem sub, IConfigStore config) throws EBaseException { - } + public void init(ISubsystem sub, IConfigStore config) throws EBaseException + { + } - public void set(String name, String val) { + public void set(String name, String val) + { } public void accept(IRequest r) { - // Note we do not remove old certs from directory during renewal + // Note we do not remove old certs from directory during renewal X509CertImpl[] certs = r.getExtDataInCertArray(IRequest.ISSUED_CERTS); if (certs == null || certs.length == 0) { - CMS.debug("no certs to publish for renewal " + "request " - + r.getRequestId()); + CMS.debug("no certs to publish for renewal " + + "request " + r.getRequestId()); return; } Integer results[] = new Integer[certs.length]; X509CertImpl cert = null; // get mapper and publisher for cert type. - LdapMappers mappers = mModule - .getMappers(LdapPublishModule.PROP_TYPE_CLIENT); + LdapMappers mappers = + mModule.getMappers(LdapPublishModule.PROP_TYPE_CLIENT); if (mappers == null || mappers.publisher == null) { - CMS.debug("publisher for " + LdapPublishModule.PROP_TYPE_CLIENT - + " is null"); + CMS.debug( + "publisher for " + LdapPublishModule.PROP_TYPE_CLIENT + " is null"); return; } @@ -621,61 +646,65 @@ class HandleRenewal implements IRequestListener { for (int i = 0; i < certs.length; i++) { cert = (X509CertImpl) certs[i]; - if (cert == null) + if (cert == null) continue; // there was an error issuing this cert. try { - mModule.publish((ILdapMapper) mappers.mapper, - (ILdapPublisher) mappers.publisher, cert); + mModule.publish((ILdapMapper) mappers.mapper, + (ILdapPublisher) mappers.publisher, cert); results[i] = IRequest.RES_SUCCESS; - mModule.log(ILogger.LL_INFO, "Published cert serial no 0x" - + cert.getSerialNumber().toString(16)); + mModule.log(ILogger.LL_INFO, + "Published cert serial no 0x" + cert.getSerialNumber().toString(16)); } catch (ELdapException e) { error = true; - mModule.log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_CERT_NOT_PUBLISH", cert.getSerialNumber() - .toString(16), e.getMessage())); + mModule.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_PUBLISH", + cert.getSerialNumber().toString(16), e.getMessage())); results[i] = IRequest.RES_ERROR; } } r.setExtData("ldapPublishStatus", results); r.setExtData("ldapPublishOverAllStatus", - (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS)); + (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS)); } } + class HandleRevocation implements IRequestListener { private LdapPublishModule mModule = null; - public HandleRevocation(LdapPublishModule module) { mModule = module; } - public void init(ISubsystem sub, IConfigStore config) throws EBaseException { - } + public void init(ISubsystem sub, IConfigStore config) throws EBaseException + { + } - public void set(String name, String val) { + public void set(String name, String val) + { } public void accept(IRequest r) { - CMS.debug("Handle publishing for revoke request id " + r.getRequestId()); + CMS.debug( + "Handle publishing for revoke request id " + r.getRequestId()); // get fields in request. X509CertImpl[] revcerts = r.getExtDataInCertArray(IRequest.OLD_CERTS); if (revcerts == null || revcerts.length == 0 || revcerts[0] == null) { // no certs in revoke. - CMS.debug("Nothing to unpublish for revocation " + "request " - + r.getRequestId()); + CMS.debug( + "Nothing to unpublish for revocation " + + "request " + r.getRequestId()); return; } // get mapper and publisher for cert type. - LdapMappers mappers = mModule - .getMappers(LdapPublishModule.PROP_TYPE_CLIENT); + LdapMappers mappers = + mModule.getMappers(LdapPublishModule.PROP_TYPE_CLIENT); if (mappers == null || mappers.publisher == null) { - CMS.debug("publisher for " + LdapPublishModule.PROP_TYPE_CLIENT - + " is null"); + CMS.debug( + "publisher for " + LdapPublishModule.PROP_TYPE_CLIENT + " is null"); return; } @@ -687,64 +716,65 @@ class HandleRevocation implements IRequestListener { results[i] = IRequest.RES_ERROR; try { - mModule.unpublish((ILdapMapper) mappers.mapper, - (ILdapPublisher) mappers.publisher, cert); + mModule.unpublish((ILdapMapper) mappers.mapper, + (ILdapPublisher) mappers.publisher, cert); results[i] = IRequest.RES_SUCCESS; - CMS.debug("Unpublished cert serial no 0x" - + cert.getSerialNumber().toString(16)); + CMS.debug( + "Unpublished cert serial no 0x" + cert.getSerialNumber().toString(16)); } catch (ELdapException e) { error = true; - mModule.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_UNPUBLISH", - cert.getSerialNumber().toString(16), - e.getMessage())); + mModule.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_UNPUBLISH", + cert.getSerialNumber().toString(16), e.getMessage())); } catch (EBaseException e) { error = true; - mModule.log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_CERT_NOT_FIND", cert.getSerialNumber() - .toString(16), e.getMessage())); + mModule.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_FIND", + cert.getSerialNumber().toString(16), e.getMessage())); } } r.setExtData("ldapPublishStatus", results); r.setExtData("ldapPublishOverAllStatus", - (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS)); + (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS)); } } + class HandleUnrevocation implements IRequestListener { private LdapPublishModule mModule = null; - public HandleUnrevocation(LdapPublishModule module) { mModule = module; } - public void set(String name, String val) { - } - - public void init(ISubsystem sub, IConfigStore config) throws EBaseException { + public void set(String name, String val) + { } + public void init(ISubsystem sub, IConfigStore config) throws EBaseException + { + } public void accept(IRequest r) { - CMS.debug("Handle publishing for unrevoke request id " - + r.getRequestId()); + CMS.debug( + "Handle publishing for unrevoke request id " + r.getRequestId()); // get fields in request. X509CertImpl[] certs = r.getExtDataInCertArray(IRequest.OLD_CERTS); if (certs == null || certs.length == 0 || certs[0] == null) { // no certs in unrevoke. - CMS.debug("Nothing to publish for unrevocation " + "request " - + r.getRequestId()); + CMS.debug( + "Nothing to publish for unrevocation " + + "request " + r.getRequestId()); return; } // get mapper and publisher for cert type. - LdapMappers mappers = mModule - .getMappers(LdapPublishModule.PROP_TYPE_CLIENT); + LdapMappers mappers = + mModule.getMappers(LdapPublishModule.PROP_TYPE_CLIENT); if (mappers == null || mappers.publisher == null) { - CMS.debug("publisher for " + LdapPublishModule.PROP_TYPE_CLIENT - + " is null"); + CMS.debug( + "publisher for " + LdapPublishModule.PROP_TYPE_CLIENT + " is null"); return; } @@ -754,28 +784,27 @@ class HandleUnrevocation implements IRequestListener { for (int i = 0; i < certs.length; i++) { results[i] = IRequest.RES_ERROR; try { - mModule.publish((ILdapMapper) mappers.mapper, - (ILdapPublisher) mappers.publisher, certs[i]); + mModule.publish((ILdapMapper) mappers.mapper, + (ILdapPublisher) mappers.publisher, certs[i]); results[i] = IRequest.RES_SUCCESS; - CMS.debug("Unpublished cert serial no 0x" - + certs[i].getSerialNumber().toString(16)); + CMS.debug( + "Unpublished cert serial no 0x" + certs[i].getSerialNumber().toString(16)); } catch (ELdapException e) { error = true; - mModule.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_UNPUBLISH", - certs[i].getSerialNumber().toString(16), - e.getMessage())); + mModule.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_UNPUBLISH", + certs[i].getSerialNumber().toString(16), e.getMessage())); } catch (EBaseException e) { error = true; - mModule.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_FIND", - certs[i].getSerialNumber().toString(16), - e.getMessage())); + mModule.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_FIND", + certs[i].getSerialNumber().toString(16), e.getMessage())); } } r.setExtData("ldapPublishStatus", results); r.setExtData("ldapPublishOverAllStatus", - (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS)); + (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS)); } } + diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/LdapRequestListener.java b/pki/base/common/src/com/netscape/cmscore/ldap/LdapRequestListener.java index ad30be00..6c1e1e8a 100644 --- a/pki/base/common/src/com/netscape/cmscore/ldap/LdapRequestListener.java +++ b/pki/base/common/src/com/netscape/cmscore/ldap/LdapRequestListener.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.ldap; + import java.math.BigInteger; import java.security.cert.Certificate; import java.util.Hashtable; @@ -41,12 +42,13 @@ import com.netscape.certsrv.request.IRequestListener; import com.netscape.certsrv.request.RequestId; import com.netscape.cmscore.dbs.CertRecord; + public class LdapRequestListener implements IRequestListener { private boolean mInited = false; /** - * handlers for request types (events) each handler implement - * IRequestListener + * handlers for request types (events) + * each handler implement IRequestListener */ private Hashtable mRequestListeners = new Hashtable(); @@ -55,23 +57,23 @@ public class LdapRequestListener implements IRequestListener { public LdapRequestListener() { } - public void set(String name, String val) { - } + public void set(String name, String val) + { + } public void init(ISubsystem sys, IConfigStore config) throws EBaseException { - if (mInited) - return; + if (mInited) return; - mPublisherProcessor = (IPublisherProcessor) sys; + mPublisherProcessor = (IPublisherProcessor)sys; mRequestListeners.put(IRequest.ENROLLMENT_REQUEST, - new LdapEnrollmentListener(mPublisherProcessor)); + new LdapEnrollmentListener(mPublisherProcessor)); mRequestListeners.put(IRequest.RENEWAL_REQUEST, - new LdapRenewalListener(mPublisherProcessor)); + new LdapRenewalListener(mPublisherProcessor)); mRequestListeners.put(IRequest.REVOCATION_REQUEST, - new LdapRevocationListener(mPublisherProcessor)); + new LdapRevocationListener(mPublisherProcessor)); mRequestListeners.put(IRequest.UNREVOCATION_REQUEST, - new LdapUnrevocationListener(mPublisherProcessor)); + new LdapUnrevocationListener(mPublisherProcessor)); mInited = true; } @@ -84,46 +86,45 @@ public class LdapRequestListener implements IRequestListener { if (r.getExtDataInInteger(IRequest.RESULT) == null) return null; - // check if request failed. - if ((r.getExtDataInInteger(IRequest.RESULT)) - .equals(IRequest.RES_ERROR)) { - CMS.debug("Request errored. " - + "Nothing to publish for enrollment request id " - + r.getRequestId()); + // check if request failed. + if ((r.getExtDataInInteger(IRequest.RESULT)).equals(IRequest.RES_ERROR)) { + CMS.debug("Request errored. " + + "Nothing to publish for enrollment request id " + + r.getRequestId()); return null; } - CMS.debug("Checking publishing for request " + r.getRequestId()); + CMS.debug("Checking publishing for request " + + r.getRequestId()); // check if issued certs is set. - X509CertImpl[] certs = r - .getExtDataInCertArray(IRequest.ISSUED_CERTS); + X509CertImpl[] certs = r.getExtDataInCertArray(IRequest.ISSUED_CERTS); if (certs == null || certs.length == 0 || certs[0] == null) { - CMS.debug("No certs to publish for request id " - + r.getRequestId()); + CMS.debug( + "No certs to publish for request id " + + r.getRequestId()); return null; } obj.setCerts(certs); return obj; } else if (type.equals(IRequest.RENEWAL_REQUEST)) { - // Note we do not remove old certs from directory during renewal - X509CertImpl[] certs = r - .getExtDataInCertArray(IRequest.ISSUED_CERTS); + // Note we do not remove old certs from directory during renewal + X509CertImpl[] certs = r.getExtDataInCertArray(IRequest.ISSUED_CERTS); if (certs == null || certs.length == 0) { - CMS.debug("no certs to publish for renewal " + "request " - + r.getRequestId()); + CMS.debug("no certs to publish for renewal " + + "request " + r.getRequestId()); return null; } obj.setCerts(certs); return obj; } else if (type.equals(IRequest.REVOCATION_REQUEST)) { - X509CertImpl[] revcerts = r - .getExtDataInCertArray(IRequest.OLD_CERTS); + X509CertImpl[] revcerts = r.getExtDataInCertArray(IRequest.OLD_CERTS); if (revcerts == null || revcerts.length == 0 || revcerts[0] == null) { // no certs in revoke. - CMS.debug("Nothing to unpublish for revocation " + "request " - + r.getRequestId()); + CMS.debug( + "Nothing to unpublish for revocation " + + "request " + r.getRequestId()); return null; } obj.setCerts(revcerts); @@ -133,15 +134,17 @@ public class LdapRequestListener implements IRequestListener { if (certs == null || certs.length == 0 || certs[0] == null) { // no certs in unrevoke. - CMS.debug("Nothing to publish for unrevocation " + "request " - + r.getRequestId()); + CMS.debug( + "Nothing to publish for unrevocation " + + "request " + r.getRequestId()); return null; } obj.setCerts(certs); return obj; } else { - CMS.debug("Request errored. " - + "Nothing to publish for request id " + r.getRequestId()); + CMS.debug("Request errored. " + + "Nothing to publish for request id " + + r.getRequestId()); return null; } @@ -150,11 +153,11 @@ public class LdapRequestListener implements IRequestListener { public void accept(IRequest r) { String type = r.getRequestType(); - IRequestListener handler = (IRequestListener) mRequestListeners - .get(type); + IRequestListener handler = (IRequestListener) mRequestListeners.get(type); if (handler == null) { - CMS.debug("Nothing to publish for request type " + type); + CMS.debug( + "Nothing to publish for request type " + type); return; } handler.accept(r); @@ -162,6 +165,7 @@ public class LdapRequestListener implements IRequestListener { } + class LdapEnrollmentListener implements IRequestListener { IPublisherProcessor mProcessor = null; @@ -172,48 +176,51 @@ class LdapEnrollmentListener implements IRequestListener { public void init(ISubsystem sys, IConfigStore config) throws EBaseException { } - public void set(String name, String val) { + public void set(String name, String val) + { } public void accept(IRequest r) { - CMS.debug("LdapRequestListener handling publishing for enrollment request id " - + r.getRequestId()); + CMS.debug( + "LdapRequestListener handling publishing for enrollment request id " + + r.getRequestId()); String profileId = r.getExtDataInString("profileId"); if (profileId == null) { - // in case it's not meant for us - if (r.getExtDataInInteger(IRequest.RESULT) == null) - return; + // in case it's not meant for us + if (r.getExtDataInInteger(IRequest.RESULT) == null) + return; // check if request failed. - if ((r.getExtDataInInteger(IRequest.RESULT)) - .equals(IRequest.RES_ERROR)) { - CMS.debug("Request errored. " - + "Nothing to publish for enrollment request id " - + r.getRequestId()); - return; - } - } - CMS.debug("Checking publishing for request " + r.getRequestId()); + if ((r.getExtDataInInteger(IRequest.RESULT)).equals(IRequest.RES_ERROR)) { + CMS.debug("Request errored. " + + "Nothing to publish for enrollment request id " + + r.getRequestId()); + return; + } + } + CMS.debug("Checking publishing for request " + + r.getRequestId()); // check if issued certs is set. Certificate[] certs = null; if (profileId == null) { - certs = r.getExtDataInCertArray(IRequest.ISSUED_CERTS); - } else { - certs = new Certificate[1]; - certs[0] = r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); - } + certs = r.getExtDataInCertArray(IRequest.ISSUED_CERTS); + } else { + certs = new Certificate[1]; + certs[0] = r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); + } if (certs == null || certs.length == 0 || certs[0] == null) { - CMS.debug("No certs to publish for request id " + r.getRequestId()); + CMS.debug( + "No certs to publish for request id " + r.getRequestId()); return; } - + if (certs[0] instanceof X509CertImpl) acceptX509(r, certs); } - + public void acceptX509(IRequest r, Certificate[] certs) { Integer results[] = new Integer[certs.length]; boolean error = false; @@ -221,56 +228,58 @@ class LdapEnrollmentListener implements IRequestListener { for (int i = 0; i < certs.length; i++) { X509CertImpl xcert = (X509CertImpl) certs[i]; - if (xcert == null) + if (xcert == null) continue; try { mProcessor.publishCert(xcert, r); - + results[i] = IRequest.RES_SUCCESS; - CMS.debug("acceptX509: Published cert serial no 0x" - + xcert.getSerialNumber().toString(16)); - // mProcessor.setPublishedFlag(xcert.getSerialNumber(), true); + CMS.debug( + "acceptX509: Published cert serial no 0x" + + xcert.getSerialNumber().toString(16)); + //mProcessor.setPublishedFlag(xcert.getSerialNumber(), true); } catch (ELdapException e) { - mProcessor.log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_CERT_NOT_PUBLISH", xcert - .getSerialNumber().toString(16), e.toString())); + mProcessor.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_PUBLISH", + xcert.getSerialNumber().toString(16), e.toString())); results[i] = IRequest.RES_ERROR; error = true; } } r.setExtData("ldapPublishStatus", results); r.setExtData("ldapPublishOverAllStatus", - (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS)); + (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS)); } } + class LdapRenewalListener implements IRequestListener { private IPublisherProcessor mProcessor = null; public LdapRenewalListener(IPublisherProcessor processor) { mProcessor = processor; } - public void init(ISubsystem sys, IConfigStore config) throws EBaseException { } - public void set(String name, String val) { + public void set(String name, String val) + { } public void accept(IRequest r) { - // Note we do not remove old certs from directory during renewal + // Note we do not remove old certs from directory during renewal Certificate[] certs = r.getExtDataInCertArray(IRequest.ISSUED_CERTS); if (certs == null || certs.length == 0) { - CMS.debug("no certs to publish for renewal " + "request " - + r.getRequestId()); + CMS.debug("no certs to publish for renewal " + + "request " + r.getRequestId()); return; } - + if (certs[0] instanceof X509CertImpl) acceptX509(r, certs); } - + public void acceptX509(IRequest r, Certificate[] certs) { X509CertImpl cert = null; @@ -279,57 +288,61 @@ class LdapRenewalListener implements IRequestListener { for (int i = 0; i < certs.length; i++) { cert = (X509CertImpl) certs[i]; - if (cert == null) + if (cert == null) continue; // there was an error issuing this cert. try { mProcessor.publishCert(cert, r); results[i] = IRequest.RES_SUCCESS; - mProcessor.log(ILogger.LL_INFO, "Published cert serial no 0x" - + cert.getSerialNumber().toString(16)); + mProcessor.log(ILogger.LL_INFO, + "Published cert serial no 0x" + + cert.getSerialNumber().toString(16)); } catch (ELdapException e) { error = true; - mProcessor.log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_CERT_NOT_PUBLISH", cert.getSerialNumber() - .toString(16), e.toString())); + mProcessor.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_PUBLISH", + cert.getSerialNumber().toString(16), e.toString())); results[i] = IRequest.RES_ERROR; } } r.setExtData("ldapPublishStatus", results); r.setExtData("ldapPublishOverAllStatus", - (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS)); + (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS)); } } + class LdapRevocationListener implements IRequestListener { private IPublisherProcessor mProcessor = null; public LdapRevocationListener(IPublisherProcessor processor) { mProcessor = processor; } - public void init(ISubsystem sys, IConfigStore config) throws EBaseException { } - public void set(String name, String val) { + public void set(String name, String val) + { } public void accept(IRequest r) { - CMS.debug("Handle publishing for revoke request id " + r.getRequestId()); + CMS.debug( + "Handle publishing for revoke request id " + r.getRequestId()); // get fields in request. Certificate[] certs = r.getExtDataInCertArray(IRequest.OLD_CERTS); if (certs == null || certs.length == 0 || certs[0] == null) { // no certs in revoke. - CMS.debug("Nothing to unpublish for revocation " + "request " - + r.getRequestId()); + CMS.debug( + "Nothing to unpublish for revocation " + + "request " + r.getRequestId()); return; } - + if (certs[0] instanceof X509CertImpl) acceptX509(r, certs); } - + public void acceptX509(IRequest r, Certificate[] revcerts) { boolean error = false; Integer results[] = new Integer[revcerts.length]; @@ -343,107 +356,105 @@ class LdapRevocationListener implements IRequestListener { // We need the enrollment request to sort out predicate BigInteger serial = cert.getSerialNumber(); ICertRecord certRecord = null; - IAuthority auth = (IAuthority) mProcessor.getAuthority(); + IAuthority auth = (IAuthority)mProcessor.getAuthority(); - if (auth == null || !(auth instanceof ICertificateAuthority)) { - mProcessor - .log(ILogger.LL_WARN, - "Trying to get a certificate from non certificate authority."); + if (auth == null || + !(auth instanceof ICertificateAuthority)) { + mProcessor.log(ILogger.LL_WARN, + "Trying to get a certificate from non certificate authority."); } else { - ICertificateRepository certdb = (ICertificateRepository) ((ICertificateAuthority) auth) - .getCertificateRepository(); + ICertificateRepository certdb = + (ICertificateRepository) ((ICertificateAuthority) auth).getCertificateRepository(); if (certdb == null) { - mProcessor.log(ILogger.LL_WARN, "Cert DB is null for " - + auth); + mProcessor.log(ILogger.LL_WARN, "Cert DB is null for " + auth); } else { try { - certRecord = (ICertRecord) certdb - .readCertificateRecord(serial); + certRecord = (ICertRecord) certdb.readCertificateRecord(serial); } catch (EBaseException e) { - mProcessor.log(ILogger.LL_FAILURE, CMS - .getLogMessage( - "CMSCORE_LDAP_GET_CERT_RECORD", - serial.toString(16), e.toString())); + mProcessor.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_GET_CERT_RECORD", + serial.toString(16), e.toString())); } } } MetaInfo metaInfo = null; String ridString = null; - + if (certRecord != null) - metaInfo = (MetaInfo) certRecord - .get(ICertRecord.ATTR_META_INFO); + metaInfo = + (MetaInfo) certRecord.get(ICertRecord.ATTR_META_INFO); if (metaInfo == null) { - mProcessor.log(ILogger.LL_FAILURE, - "failed getting CertRecord.ATTR_META_INFO for cert serial number 0x" - + serial.toString(16)); + mProcessor.log(ILogger.LL_FAILURE, + "failed getting CertRecord.ATTR_META_INFO for cert serial number 0x" + + serial.toString(16)); } else { - ridString = (String) metaInfo - .get(ICertRecord.META_REQUEST_ID); + ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID); } - + IRequest req = null; if (ridString != null) { RequestId rid = new RequestId(ridString); - + req = auth.getRequestQueue().findRequest(rid); - } + } mProcessor.unpublishCert(cert, req); results[i] = IRequest.RES_SUCCESS; - CMS.debug("Unpublished cert serial no 0x" - + cert.getSerialNumber().toString(16)); + CMS.debug( + "Unpublished cert serial no 0x" + + cert.getSerialNumber().toString(16)); } catch (ELdapException e) { error = true; - mProcessor.log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_CERT_NOT_UNPUBLISH", cert - .getSerialNumber().toString(16), e.toString())); + mProcessor.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_UNPUBLISH", + cert.getSerialNumber().toString(16), e.toString())); } catch (EBaseException e) { error = true; - mProcessor.log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_CERT_NOT_FIND", cert.getSerialNumber() - .toString(16), e.toString())); + mProcessor.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_FIND", + cert.getSerialNumber().toString(16), e.toString())); } } r.setExtData("ldapPublishStatus", results); r.setExtData("ldapPublishOverAllStatus", - (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS)); + (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS)); } } + class LdapUnrevocationListener implements IRequestListener { private IPublisherProcessor mProcessor = null; public LdapUnrevocationListener(IPublisherProcessor processor) { mProcessor = processor; } - public void init(ISubsystem sys, IConfigStore config) throws EBaseException { } - - public void set(String name, String val) { + public void set(String name, String val) + { } public void accept(IRequest r) { - CMS.debug("Handle publishing for unrevoke request id " - + r.getRequestId()); + CMS.debug( + "Handle publishing for unrevoke request id " + r.getRequestId()); // get fields in request. Certificate[] certs = r.getExtDataInCertArray(IRequest.OLD_CERTS); if (certs == null || certs.length == 0 || certs[0] == null) { // no certs in unrevoke. - CMS.debug("Nothing to publish for unrevocation " + "request " - + r.getRequestId()); + CMS.debug( + "Nothing to publish for unrevocation " + + "request " + r.getRequestId()); return; } - + if (certs[0] instanceof X509CertImpl) acceptX509(r, certs); } - + public void acceptX509(IRequest r, Certificate[] certs) { boolean error = false; Integer results[] = new Integer[certs.length]; @@ -456,72 +467,69 @@ class LdapUnrevocationListener implements IRequestListener { // We need the enrollment request to sort out predicate BigInteger serial = xcert.getSerialNumber(); ICertRecord certRecord = null; - IAuthority auth = (IAuthority) mProcessor.getAuthority(); + IAuthority auth = (IAuthority)mProcessor.getAuthority(); - if (auth == null || !(auth instanceof ICertificateAuthority)) { - mProcessor - .log(ILogger.LL_WARN, - "Trying to get a certificate from non certificate authority."); + if (auth == null || + !(auth instanceof ICertificateAuthority)) { + mProcessor.log(ILogger.LL_WARN, + "Trying to get a certificate from non certificate authority."); } else { - ICertificateRepository certdb = (ICertificateRepository) ((ICertificateAuthority) auth) - .getCertificateRepository(); + ICertificateRepository certdb = (ICertificateRepository) + ((ICertificateAuthority) auth).getCertificateRepository(); if (certdb == null) { - mProcessor.log(ILogger.LL_WARN, "Cert DB is null for " - + auth); + mProcessor.log(ILogger.LL_WARN, "Cert DB is null for " + auth); } else { try { - certRecord = (ICertRecord) certdb - .readCertificateRecord(serial); + certRecord = (ICertRecord) certdb.readCertificateRecord(serial); } catch (EBaseException e) { - mProcessor.log(ILogger.LL_FAILURE, CMS - .getLogMessage( - "CMSCORE_LDAP_GET_CERT_RECORD", - serial.toString(16), e.toString())); + mProcessor.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_GET_CERT_RECORD", serial.toString(16), e.toString())); } } } MetaInfo metaInfo = null; String ridString = null; - + if (certRecord != null) - metaInfo = (MetaInfo) certRecord - .get(CertRecord.ATTR_META_INFO); + metaInfo = + (MetaInfo) certRecord.get(CertRecord.ATTR_META_INFO); if (metaInfo == null) { - mProcessor.log(ILogger.LL_FAILURE, - "Failed getting CertRecord.ATTR_META_INFO for cert serial number 0x" - + serial.toString(16)); + mProcessor.log(ILogger.LL_FAILURE, + "Failed getting CertRecord.ATTR_META_INFO for cert serial number 0x" + + serial.toString(16)); } else { - ridString = (String) metaInfo - .get(CertRecord.META_REQUEST_ID); + ridString = (String) metaInfo.get(CertRecord.META_REQUEST_ID); } - + IRequest req = null; if (ridString != null) { RequestId rid = new RequestId(ridString); - + req = auth.getRequestQueue().findRequest(rid); - } + } mProcessor.publishCert(xcert, req); results[i] = IRequest.RES_SUCCESS; - CMS.debug("Published cert serial no 0x" - + xcert.getSerialNumber().toString(16)); + CMS.debug( + "Published cert serial no 0x" + + xcert.getSerialNumber().toString(16)); } catch (ELdapException e) { error = true; - mProcessor.log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_CERT_NOT_PUBLISH", xcert - .getSerialNumber().toString(16), e.toString())); + mProcessor.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_PUBLISH", + xcert.getSerialNumber().toString(16), e.toString())); } catch (EBaseException e) { error = true; - mProcessor.log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_CERT_NOT_FIND", xcert.getSerialNumber() - .toString(16), e.toString())); - } + mProcessor.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_FIND", + xcert.getSerialNumber().toString(16), e.toString())); + } } r.setExtData("ldapPublishStatus", results); r.setExtData("ldapPublishOverAllStatus", - (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS)); + (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS)); } } + diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/LdapRule.java b/pki/base/common/src/com/netscape/cmscore/ldap/LdapRule.java index 4d183894..233cbf87 100644 --- a/pki/base/common/src/com/netscape/cmscore/ldap/LdapRule.java +++ b/pki/base/common/src/com/netscape/cmscore/ldap/LdapRule.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.ldap; + import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -29,7 +30,8 @@ import com.netscape.certsrv.publish.ILdapRule; import com.netscape.certsrv.publish.IPublisherProcessor; import com.netscape.cmscore.util.Debug; -/** + +/** * The publishing rule that links mapper and publisher together. */ public class LdapRule implements ILdapRule, IExtendedPluginInfo { @@ -41,15 +43,15 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo { private IPublisherProcessor mProcessor = null; - private static String[] epi_params = null; // extendedpluginInfo + private static String[] epi_params = null; // extendedpluginInfo public IConfigStore getConfigStore() { return mConfig; } public String[] getExtendedPluginInfo(Locale locale) { - // dont know why it's null here. - // if (mProcessor == null) System.out.println("p null"); + //dont know why it's null here. + //if (mProcessor == null) System.out.println("p null"); if (Debug.ON) { Debug.trace("LdapRule: getExtendedPluginInfo() - returning epi_params:"); @@ -59,9 +61,8 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo { } return epi_params; } - - public void init(IPublisherProcessor processor, IConfigStore config) - throws EBaseException { + + public void init(IPublisherProcessor processor, IConfigStore config) throws EBaseException { mConfig = config; mProcessor = processor; @@ -71,32 +72,29 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo { String map = NOMAPPER; for (; mappers.hasMoreElements();) { - String name = mappers.nextElement(); + String name = mappers.nextElement(); map = map + "," + name; } String publish = ""; for (; publishers.hasMoreElements();) { - String name = publishers.nextElement(); + String name = publishers.nextElement(); publish = publish + "," + name; } epi_params = new String[] { - "type;choice(cacert,crl, certs);The publishing object type", - "mapper;choice(" - + map - + ");Use the mapper to find the ldap dn \nto publish the certificate or crl", - "publisher;choice(" - + publish - + ");Use the publisher to publish the certificate or crl a directory etc", - "enable;boolean;Enable this publishing rule", - "predicate;string;Filter describing when this publishing rule shoule be used" }; + "type;choice(cacert,crl, certs);The publishing object type", + "mapper;choice(" + map + ");Use the mapper to find the ldap dn \nto publish the certificate or crl", + "publisher;choice(" + publish + ");Use the publisher to publish the certificate or crl a directory etc", + "enable;boolean;Enable this publishing rule", + "predicate;string;Filter describing when this publishing rule shoule be used" + }; // Read the predicate expression if any associated // with the rule - String exp = config.getString(IPublisherProcessor.PROP_PREDICATE, null); + String exp = config.getString(IPublisherProcessor.PROP_PREDICATE, null); if (exp != null) exp = exp.trim(); @@ -105,26 +103,29 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo { setPredicate(filterExp); } - // if (mProcessor == null) System.out.println("null"); + //if (mProcessor == null) System.out.println("null"); } /** - * The init method in ILdapPlugin It can not set set mapper,publisher choice - * for console dynamicly Should not use this method to init. + * The init method in ILdapPlugin + * It can not set set mapper,publisher choice for console dynamicly + * Should not use this method to init. */ public void init(IConfigStore config) throws EBaseException { mConfig = config; epi_params = new String[] { - "type;choice(cacert, crl, certs);The publishing object type", - "mapper;choice(null,LdapUserCertMap,LdapServerCertMap,LdapCrlMap,LdapCaCertMap);Use the mapper to find the ldap dn to publish the certificate or crl", - "publisher;choice(LdapUserCertPublisher,LdapServerCertPublisher,LdapCrlPublisher,LdapCaCertPublisher);Use the publisher to publish the certificate or crl a directory etc", - "enable;boolean;", "predicate;string;" }; + "type;choice(cacert, crl, certs);The publishing object type", + "mapper;choice(null,LdapUserCertMap,LdapServerCertMap,LdapCrlMap,LdapCaCertMap);Use the mapper to find the ldap dn to publish the certificate or crl", + "publisher;choice(LdapUserCertPublisher,LdapServerCertPublisher,LdapCrlPublisher,LdapCaCertPublisher);Use the publisher to publish the certificate or crl a directory etc", + "enable;boolean;", + "predicate;string;" + }; // Read the predicate expression if any associated // with the rule - String exp = config.getString(IPublisherProcessor.PROP_PREDICATE, null); + String exp = config.getString(IPublisherProcessor.PROP_PREDICATE, null); if (exp != null) exp = exp.trim(); @@ -168,8 +169,8 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo { * Returns the current instance parameters. */ public Vector<String> getInstanceParams() { - // if (mProcessor == null) System.out.println("xxxxnull"); - // dont know why the processor was null in getExtendedPluginInfo() + //if (mProcessor == null) System.out.println("xxxxnull"); + //dont know why the processor was null in getExtendedPluginInfo() Enumeration<String> mappers = mProcessor.getMapperInsts().keys(); Enumeration<String> publishers = mProcessor.getPublisherInsts().keys(); String map = NOMAPPER; @@ -188,30 +189,31 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo { } /* - * mExtendedPluginInfo = new NameValuePairs(); - * mExtendedPluginInfo.add("type", - * "choice(client,server,objSignClient,smime,ca,crl);The publishing object type" - * ); mExtendedPluginInfo.add("mapper","choice("+map+ - * ");Use the mapper to find the ldap dn \nto publish the certificate or crl" - * ); mExtendedPluginInfo.add("publisher","choice("+publish+ - * ");Use the publisher to publish the certificate or crl a directory etc" - * ); mExtendedPluginInfo.add("enable","boolean;"); - * mExtendedPluginInfo.add("predicate","string;"); + mExtendedPluginInfo = new NameValuePairs(); + mExtendedPluginInfo.add("type","choice(client,server,objSignClient,smime,ca,crl);The publishing object type"); + mExtendedPluginInfo.add("mapper","choice("+map+");Use the mapper to find the ldap dn \nto publish the certificate or crl"); + mExtendedPluginInfo.add("publisher","choice("+publish+");Use the publisher to publish the certificate or crl a directory etc"); + mExtendedPluginInfo.add("enable","boolean;"); + mExtendedPluginInfo.add("predicate","string;"); */ Vector<String> v = new Vector<String>(); try { - v.addElement(IPublisherProcessor.PROP_TYPE + "=" - + mConfig.getString(IPublisherProcessor.PROP_TYPE, "")); - v.addElement(IPublisherProcessor.PROP_PREDICATE + "=" - + mConfig.getString(IPublisherProcessor.PROP_PREDICATE, "")); - v.addElement(IPublisherProcessor.PROP_ENABLE + "=" - + mConfig.getString(IPublisherProcessor.PROP_ENABLE, "")); - v.addElement(IPublisherProcessor.PROP_MAPPER + "=" - + mConfig.getString(IPublisherProcessor.PROP_MAPPER, "")); - v.addElement(IPublisherProcessor.PROP_PUBLISHER + "=" - + mConfig.getString(IPublisherProcessor.PROP_PUBLISHER, "")); + v.addElement(IPublisherProcessor.PROP_TYPE + "=" + + mConfig.getString(IPublisherProcessor.PROP_TYPE, "")); + v.addElement(IPublisherProcessor.PROP_PREDICATE + "=" + + mConfig.getString(IPublisherProcessor.PROP_PREDICATE, + "")); + v.addElement(IPublisherProcessor.PROP_ENABLE + "=" + + mConfig.getString(IPublisherProcessor.PROP_ENABLE, + "")); + v.addElement(IPublisherProcessor.PROP_MAPPER + "=" + + mConfig.getString(IPublisherProcessor.PROP_MAPPER, + "")); + v.addElement(IPublisherProcessor.PROP_PUBLISHER + "=" + + mConfig.getString(IPublisherProcessor.PROP_PUBLISHER, + "")); } catch (EBaseException e) { } return v; @@ -220,8 +222,8 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo { /** * Sets a predicate expression for rule matching. * <P> - * - * @param exp The predicate expression for the rule. + * + * @param exp The predicate expression for the rule. */ public void setPredicate(ILdapExpression exp) { mFilterExp = exp; @@ -230,7 +232,7 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo { /** * Returns the predicate expression for the rule. * <P> - * + * * @return The predicate expression for the rule. */ public ILdapExpression getPredicate() { @@ -239,7 +241,8 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo { public String getMapper() { try { - String map = mConfig.getString(IPublisherProcessor.PROP_MAPPER, ""); + String map = + mConfig.getString(IPublisherProcessor.PROP_MAPPER, ""); if (map != null) map = map.trim(); @@ -272,10 +275,10 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo { public boolean enabled() { try { - boolean enable = mConfig.getBoolean( - IPublisherProcessor.PROP_ENABLE, false); + boolean enable = + mConfig.getBoolean(IPublisherProcessor.PROP_ENABLE, false); - // System.out.println(enable); + //System.out.println(enable); return enable; } catch (EBaseException e) { } diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/LdapSimpleExpression.java b/pki/base/common/src/com/netscape/cmscore/ldap/LdapSimpleExpression.java index 4b5bd6e9..a2a7e558 100644 --- a/pki/base/common/src/com/netscape/cmscore/ldap/LdapSimpleExpression.java +++ b/pki/base/common/src/com/netscape/cmscore/ldap/LdapSimpleExpression.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.ldap; + import java.util.Enumeration; import java.util.Vector; @@ -27,12 +28,13 @@ import com.netscape.certsrv.publish.ILdapExpression; import com.netscape.certsrv.request.IRequest; import com.netscape.cmscore.util.AssertionException; + /** - * This class represents an expression of the form var = val, var != val, var < - * val, var > val, var <= val, var >= val. - * + * This class represents an expression of the form var = val, + * var != val, var < val, var > val, var <= val, var >= val. + * * Expressions are used as predicates for publishing rule selection. - * + * * @author mzhao * @version $Revision$, $Date$ */ @@ -45,11 +47,11 @@ public class LdapSimpleExpression implements ILdapExpression { private boolean hasWildCard; public static final char WILDCARD_CHAR = '*'; - // This is just for indicating a null expression. - public static LdapSimpleExpression NULL_EXPRESSION = new LdapSimpleExpression( - "null", OP_EQUAL, "null"); + // This is just for indicating a null expression. + public static LdapSimpleExpression NULL_EXPRESSION = new LdapSimpleExpression("null", OP_EQUAL, "null"); - public static ILdapExpression parse(String input) throws ELdapException { + public static ILdapExpression parse(String input) + throws ELdapException { // Get the index of operator // Debug.trace("LdapSimpleExpression::input: " + input); String var = null; @@ -70,9 +72,8 @@ public class LdapSimpleExpression implements ILdapExpression { if (comps == null) comps = parseForLT(input); if (comps == null) - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_BAD_LDAP_EXPRESSION", input)); - + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_BAD_LDAP_EXPRESSION", input)); + String pfx = null; String rawVar = comps.getAttr(); int dotIdx = rawVar.indexOf('.'); @@ -117,23 +118,24 @@ public class LdapSimpleExpression implements ILdapExpression { hasWildCard = false; } - public boolean evaluate(SessionContext sc) throws ELdapException { + public boolean evaluate(SessionContext sc) + throws ELdapException { Object givenVal; try { // Try exact case first. givenVal = (String) sc.get(mVar); - } catch (Exception e) { + }catch (Exception e) { givenVal = (String) null; } // It is kind of a problem here if all letters are in - // lowercase or in upperCase - for example in the case + // lowercase or in upperCase - for example in the case // of directory attributes. if (givenVal == null) { try { givenVal = (String) sc.get(mVar.toLowerCase()); - } catch (Exception e) { + }catch (Exception e) { givenVal = (String) null; } } @@ -141,13 +143,12 @@ public class LdapSimpleExpression implements ILdapExpression { if (givenVal == null) { try { givenVal = (String) sc.get(mVar.toUpperCase()); - } catch (Exception e) { + }catch (Exception e) { givenVal = (String) null; } } - // Debug.trace("mVar: " + mVar + ",Given Value: " + givenVal + - // ", Value to compare with: " + mVal); + // Debug.trace("mVar: " + mVar + ",Given Value: " + givenVal + ", Value to compare with: " + mVal); boolean result = false; result = matchValue(givenVal); @@ -156,7 +157,8 @@ public class LdapSimpleExpression implements ILdapExpression { } - public boolean evaluate(IRequest req) throws ELdapException { + public boolean evaluate(IRequest req) + throws ELdapException { boolean result = false; // mPfx and mVar are looked up case-indendently if (mPfx != null) { @@ -167,7 +169,8 @@ public class LdapSimpleExpression implements ILdapExpression { return result; } - private boolean matchVector(Vector value) throws ELdapException { + private boolean matchVector(Vector value) + throws ELdapException { boolean result = false; Enumeration e = (Enumeration) value.elements(); @@ -179,7 +182,8 @@ public class LdapSimpleExpression implements ILdapExpression { return result; } - private boolean matchStringArray(String[] value) throws ELdapException { + private boolean matchStringArray(String[] value) + throws ELdapException { boolean result = false; for (int i = 0; i < value.length; i++) { @@ -190,7 +194,8 @@ public class LdapSimpleExpression implements ILdapExpression { return result; } - private boolean matchValue(Object value) throws ELdapException { + private boolean matchValue(Object value) + throws ELdapException { boolean result; // There is nothing to compare with! @@ -208,12 +213,13 @@ public class LdapSimpleExpression implements ILdapExpression { else if (value instanceof String[]) result = matchStringArray((String[]) value); else - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_INVALID_ATTR_VALUE", value.getClass().getName())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_INVALID_ATTR_VALUE", + value.getClass().getName())); return result; } - private boolean matchStringValue(String givenVal) throws ELdapException { + private boolean matchStringValue(String givenVal) + throws ELdapException { boolean result; switch (mOp) { @@ -253,7 +259,8 @@ public class LdapSimpleExpression implements ILdapExpression { return result; } - private boolean matchIntegerValue(Integer intVal) throws ELdapException { + private boolean matchIntegerValue(Integer intVal) + throws ELdapException { boolean result; int storedVal; int givenVal = intVal.intValue(); @@ -261,8 +268,7 @@ public class LdapSimpleExpression implements ILdapExpression { try { storedVal = new Integer(mVal).intValue(); } catch (Exception e) { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_INVALID_ATTR_VALUE", mVal)); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_INVALID_ATTR_VALUE", mVal)); } switch (mOp) { @@ -296,13 +302,15 @@ public class LdapSimpleExpression implements ILdapExpression { return result; } - private boolean matchBooleanValue(Boolean givenVal) throws ELdapException { + private boolean matchBooleanValue(Boolean givenVal) + throws ELdapException { boolean result; Boolean storedVal; - if (!(mVal.equalsIgnoreCase("true") || mVal.equalsIgnoreCase("false"))) - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_INVALID_ATTR_VALUE", mVal)); + if (!(mVal.equalsIgnoreCase("true") || + mVal.equalsIgnoreCase("false"))) + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_INVALID_ATTR_VALUE", + mVal)); storedVal = new Boolean(mVal); switch (mOp) { case OP_EQUAL: @@ -351,7 +359,7 @@ public class LdapSimpleExpression implements ILdapExpression { op = ILdapExpression.LE_STR; break; } - if (mPfx != null && mPfx.length() > 0) + if (mPfx != null && mPfx.length() > 0) return mPfx + "." + mVar + " " + op + " " + mVal; else return mVar + " " + op + " " + mVal; @@ -442,6 +450,7 @@ public class LdapSimpleExpression implements ILdapExpression { } } + class ExpressionComps { String attr; int op; @@ -465,3 +474,4 @@ class ExpressionComps { return val; } } + diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/PublishObject.java b/pki/base/common/src/com/netscape/cmscore/ldap/PublishObject.java index 940330d6..fc2ace23 100644 --- a/pki/base/common/src/com/netscape/cmscore/ldap/PublishObject.java +++ b/pki/base/common/src/com/netscape/cmscore/ldap/PublishObject.java @@ -17,9 +17,11 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.ldap; + import netscape.security.x509.X509CRLImpl; import netscape.security.x509.X509CertImpl; + /** * The object to publish or unpublish: a certificate or a CRL */ @@ -30,7 +32,7 @@ public class PublishObject { private String mObjectType = null; private X509CertImpl mCert = null; private X509CertImpl[] mCerts = null; - private X509CRLImpl mCRL = null; + private X509CRLImpl mCRL = null; private int mIndex = 0; public PublishObject() { diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/PublisherProcessor.java b/pki/base/common/src/com/netscape/cmscore/ldap/PublisherProcessor.java index 3953c377..1477e57b 100644 --- a/pki/base/common/src/com/netscape/cmscore/ldap/PublisherProcessor.java +++ b/pki/base/common/src/com/netscape/cmscore/ldap/PublisherProcessor.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.ldap; + import java.math.BigInteger; import java.security.cert.X509CRL; import java.security.cert.X509Certificate; @@ -60,8 +61,9 @@ import com.netscape.certsrv.request.IRequestNotifier; import com.netscape.cmscore.dbs.CertRecord; import com.netscape.cmscore.util.Debug; -public class PublisherProcessor implements IPublisherProcessor, - IXcertPublisherProcessor { + +public class PublisherProcessor implements + IPublisherProcessor, IXcertPublisherProcessor { public Hashtable<String, PublisherPlugin> mPublisherPlugins = new Hashtable<String, PublisherPlugin>(); public Hashtable<String, PublisherProxy> mPublisherInsts = new Hashtable<String, PublisherProxy>(); @@ -71,7 +73,7 @@ public class PublisherProcessor implements IPublisherProcessor, public Hashtable<String, ILdapRule> mRuleInsts = new Hashtable<String, ILdapRule>(); /** - * protected PublishRuleSet mRuleSet = null; + protected PublishRuleSet mRuleSet = null; **/ protected LdapConnModule mLdapConnModule = null; @@ -92,7 +94,7 @@ public class PublisherProcessor implements IPublisherProcessor, public String getId() { return mId; } - + public void setId(String id) { mId = id; } @@ -102,7 +104,7 @@ public class PublisherProcessor implements IPublisherProcessor, } public void init(ISubsystem authority, IConfigStore config) - throws EBaseException { + throws EBaseException { mConfig = config; mAuthority = (ICertAuthority) authority; @@ -122,19 +124,20 @@ public class PublisherProcessor implements IPublisherProcessor, if (Debug.ON) Debug.trace("loaded publisher plugins"); - // load publisher instances + // load publisher instances c = publisherConfig.getSubStore(PROP_INSTANCE); Enumeration<String> instances = c.getSubStoreNames(); while (instances.hasMoreElements()) { String insName = (String) instances.nextElement(); - String implName = c.getString(insName + "." + PROP_PLUGIN); - PublisherPlugin plugin = (PublisherPlugin) mPublisherPlugins - .get(implName); - - if (plugin == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_PLUGIN_NOT_FIND", implName)); + String implName = c.getString(insName + "." + + PROP_PLUGIN); + PublisherPlugin plugin = + (PublisherPlugin) mPublisherPlugins.get(implName); + + if (plugin == null) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_PLUGIN_NOT_FIND", implName)); throw new ELdapException(implName); } String className = plugin.getClassPath(); @@ -144,9 +147,10 @@ public class PublisherProcessor implements IPublisherProcessor, ILdapPublisher publisherInst = null; try { - publisherInst = (ILdapPublisher) Class.forName(className) - .newInstance(); - IConfigStore pConfig = c.getSubStore(insName); + publisherInst = (ILdapPublisher) + Class.forName(className).newInstance(); + IConfigStore pConfig = + c.getSubStore(insName); publisherInst.init(pConfig); isEnable = true; @@ -154,27 +158,20 @@ public class PublisherProcessor implements IPublisherProcessor, } catch (ClassNotFoundException e) { String errMsg = "PublisherProcessor:: init()-" + e.toString(); - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_PUBLISHER_INIT_FAILED", e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_FAIL_LOAD_CLASS", className)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_PUBLISHER_INIT_FAILED", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className)); } catch (IllegalAccessException e) { String errMsg = "PublisherProcessor:: init()-" + e.toString(); - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_PUBLISHER_INIT_FAILED", e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_FAIL_LOAD_CLASS", className)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_PUBLISHER_INIT_FAILED", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className)); } catch (InstantiationException e) { String errMsg = "PublisherProcessor: init()-" + e.toString(); - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_PUBLISHER_INIT_FAILED", e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_FAIL_LOAD_CLASS", className)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_PUBLISHER_INIT_FAILED", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className)); } catch (Throwable e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_SKIP_PUBLISHER", insName, e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_SKIP_PUBLISHER", insName, e.toString())); // Let the server continue if it is a // mis-configuration. But the instance // will be skipped. This give another @@ -183,22 +180,19 @@ public class PublisherProcessor implements IPublisherProcessor, } if (publisherInst == null) { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_FAIL_LOAD_CLASS", className)); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className)); } if (insName == null) { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_FAIL_LOAD_CLASS", insName)); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", insName)); } // add publisher instance to list. - mPublisherInsts.put(insName, new PublisherProxy(isEnable, - publisherInst)); + mPublisherInsts.put(insName, new + PublisherProxy(isEnable, publisherInst)); log(ILogger.LL_INFO, "publisher instance " + insName + " added"); if (Debug.ON) - Debug.trace("loaded publisher instance " + insName + " impl " - + implName); + Debug.trace("loaded publisher instance " + insName + " impl " + implName); } // load mapper implementation @@ -216,17 +210,19 @@ public class PublisherProcessor implements IPublisherProcessor, if (Debug.ON) Debug.trace("loaded mapper plugins"); - // load mapper instances + // load mapper instances c = mapperConfig.getSubStore(PROP_INSTANCE); instances = c.getSubStoreNames(); while (instances.hasMoreElements()) { String insName = (String) instances.nextElement(); - String implName = c.getString(insName + "." + PROP_PLUGIN); - MapperPlugin plugin = (MapperPlugin) mMapperPlugins.get(implName); - - if (plugin == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_MAPPER_NOT_FIND", implName)); + String implName = c.getString(insName + "." + + PROP_PLUGIN); + MapperPlugin plugin = + (MapperPlugin) mMapperPlugins.get(implName); + + if (plugin == null) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_MAPPER_NOT_FIND", implName)); throw new ELdapException(implName); } String className = plugin.getClassPath(); @@ -234,41 +230,35 @@ public class PublisherProcessor implements IPublisherProcessor, if (Debug.ON) Debug.trace("loaded mapper className=" + className); - // Instantiate and init the mapper + // Instantiate and init the mapper boolean isEnable = false; ILdapMapper mapperInst = null; try { - mapperInst = (ILdapMapper) Class.forName(className) - .newInstance(); - IConfigStore mConfig = c.getSubStore(insName); + mapperInst = (ILdapMapper) + Class.forName(className).newInstance(); + IConfigStore mConfig = + c.getSubStore(insName); mapperInst.init(mConfig); isEnable = true; } catch (ClassNotFoundException e) { String errMsg = "PublisherProcessor:: init()-" + e.toString(); - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_PUBLISHER_INIT_FAILED", e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_FAIL_LOAD_CLASS", className)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_PUBLISHER_INIT_FAILED", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className)); } catch (IllegalAccessException e) { String errMsg = "PublisherProcessor:: init()-" + e.toString(); - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_PUBLISHER_INIT_FAILED", e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_FAIL_LOAD_CLASS", className)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_PUBLISHER_INIT_FAILED", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className)); } catch (InstantiationException e) { String errMsg = "PublisherProcessor: init()-" + e.toString(); - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_PUBLISHER_INIT_FAILED", e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_FAIL_LOAD_CLASS", className)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_PUBLISHER_INIT_FAILED", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className)); } catch (Throwable e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_SKIP_MAPPER", insName, e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_SKIP_MAPPER", insName, e.toString())); // Let the server continue if it is a // mis-configuration. But the instance // will be skipped. This give another @@ -277,17 +267,16 @@ public class PublisherProcessor implements IPublisherProcessor, } if (mapperInst == null) { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_FAIL_LOAD_CLASS", className)); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className)); } // add manager instance to list. - mMapperInsts.put(insName, new MapperProxy(isEnable, mapperInst)); + mMapperInsts.put(insName, new MapperProxy( + isEnable, mapperInst)); log(ILogger.LL_INFO, "mapper instance " + insName + " added"); if (Debug.ON) - Debug.trace("loaded mapper instance " + insName + " impl " - + implName); + Debug.trace("loaded mapper instance " + insName + " impl " + implName); } // load rule implementation @@ -305,17 +294,19 @@ public class PublisherProcessor implements IPublisherProcessor, if (Debug.ON) Debug.trace("loaded rule plugins"); - // load rule instances + // load rule instances c = ruleConfig.getSubStore(PROP_INSTANCE); instances = c.getSubStoreNames(); while (instances.hasMoreElements()) { String insName = (String) instances.nextElement(); - String implName = c.getString(insName + "." + PROP_PLUGIN); - RulePlugin plugin = (RulePlugin) mRulePlugins.get(implName); - - if (plugin == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_RULE_NOT_FIND", implName)); + String implName = c.getString(insName + "." + + PROP_PLUGIN); + RulePlugin plugin = + (RulePlugin) mRulePlugins.get(implName); + + if (plugin == null) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_LDAP_RULE_NOT_FIND", implName)); throw new ELdapException(implName); } String className = plugin.getClassPath(); @@ -323,13 +314,14 @@ public class PublisherProcessor implements IPublisherProcessor, if (Debug.ON) Debug.trace("loaded rule className=" + className); - // Instantiate and init the rule + // Instantiate and init the rule IConfigStore mConfig = null; try { ILdapRule ruleInst = null; - ruleInst = (ILdapRule) Class.forName(className).newInstance(); + ruleInst = (ILdapRule) + Class.forName(className).newInstance(); mConfig = c.getSubStore(insName); ruleInst.init(this, mConfig); ruleInst.setInstanceName(insName); @@ -338,37 +330,30 @@ public class PublisherProcessor implements IPublisherProcessor, if (Debug.ON) Debug.trace("ADDING RULE " + insName + " " + ruleInst); mRuleInsts.put(insName, ruleInst); - log(ILogger.LL_INFO, "rule instance " + insName + " added"); + log(ILogger.LL_INFO, "rule instance " + + insName + " added"); } catch (ClassNotFoundException e) { String errMsg = "PublisherProcessor:: init()-" + e.toString(); - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_PUBLISHER_INIT_FAILED", e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_FAIL_LOAD_CLASS", className)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_PUBLISHER_INIT_FAILED", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className)); } catch (IllegalAccessException e) { String errMsg = "PublisherProcessor:: init()-" + e.toString(); - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_PUBLISHER_INIT_FAILED", e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_FAIL_LOAD_CLASS", className)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_PUBLISHER_INIT_FAILED", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className)); } catch (InstantiationException e) { String errMsg = "PublisherProcessor: init()-" + e.toString(); - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_PUBLISHER_INIT_FAILED", e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_FAIL_LOAD_CLASS", className)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_PUBLISHER_INIT_FAILED", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className)); } catch (Throwable e) { if (mConfig == null) { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_FAIL_LOAD_CLASS", className)); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className)); } - mConfig.putString(ILdapRule.PROP_ENABLE, "false"); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAP_SKIP_RULE", insName, - e.toString())); + mConfig.putString(ILdapRule.PROP_ENABLE, + "false"); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_SKIP_RULE", insName, e.toString())); // Let the server continue if it is a // mis-configuration. But the instance // will be skipped. This give another @@ -376,8 +361,7 @@ public class PublisherProcessor implements IPublisherProcessor, // the server via console. } if (Debug.ON) - Debug.trace("loaded rule instance " + insName + " impl " - + implName); + Debug.trace("loaded rule instance " + insName + " impl " + implName); } startup(); @@ -388,39 +372,41 @@ public class PublisherProcessor implements IPublisherProcessor, /** * Retrieves LDAP connection module. * <P> - * + * * @return LDAP connection instance */ public ILdapConnModule getLdapConnModule() { return mLdapConnModule; } - + public void setLdapConnModule(ILdapConnModule m) { - mLdapConnModule = (LdapConnModule) m; + mLdapConnModule = (LdapConnModule)m; } - + /** * init ldap connection */ - private void initLdapConn(IConfigStore ldapConfig) throws EBaseException { + private void initLdapConn(IConfigStore ldapConfig) + throws EBaseException { IConfigStore c = ldapConfig; try { - // c = authConfig.getSubStore(PROP_LDAP_PUBLISH_SUBSTORE); + //c = authConfig.getSubStore(PROP_LDAP_PUBLISH_SUBSTORE); if (c != null && c.size() > 0) { mLdapConnModule = new LdapConnModule(); mLdapConnModule.init(this, c); CMS.debug("LdapPublishing connection inited"); } else { - log(ILogger.LL_FAILURE, "No Ldap Module configuration found"); + log(ILogger.LL_FAILURE, + "No Ldap Module configuration found"); throw new ELdapException( - CMS.getUserMessage("CMS_LDAP_NO_LDAP_PUBLISH_CONFIG_FOUND")); + CMS.getUserMessage("CMS_LDAP_NO_LDAP_PUBLISH_CONFIG_FOUND")); } } catch (ELdapException e) { - log(ILogger.LL_FAILURE, "Ldap Publishing Module failed with " + e); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_INIT_LDAP_PUBLISH_MODULE_FAILED", e.toString())); + log(ILogger.LL_FAILURE, + "Ldap Publishing Module failed with " + e); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_INIT_LDAP_PUBLISH_MODULE_FAILED", e.toString())); } } @@ -438,33 +424,23 @@ public class PublisherProcessor implements IPublisherProcessor, mLdapRequestListener = new LdapRequestListener(); mLdapRequestListener.init(this, mLdapConfig); mAuthority.registerRequestListener(mLdapRequestListener); - IConfigStore queueConfig = mConfig - .getSubStore(PROP_QUEUE_PUBLISH_SUBSTORE); + IConfigStore queueConfig = mConfig.getSubStore(PROP_QUEUE_PUBLISH_SUBSTORE); if (queueConfig != null) { - boolean isPublishingQueueEnabled = queueConfig.getBoolean( - "enable", false); - int publishingQueuePriorityLevel = queueConfig.getInteger( - "priorityLevel", 0); - int maxNumberOfPublishingThreads = queueConfig.getInteger( - "maxNumberOfThreads", 1); - int publishingQueuePageSize = queueConfig.getInteger( - "pageSize", 100); - int savePublishingStatus = queueConfig.getInteger("saveStatus", - 0); - CMS.debug("PublisherProcessor: startup: Publishing Queue Enabled: " - + isPublishingQueueEnabled - + " Priority Level: " - + publishingQueuePriorityLevel - + " Maximum Number of Threads: " - + maxNumberOfPublishingThreads - + " Page Size: " - + publishingQueuePageSize); - IRequestNotifier reqNotifier = ((ICertificateAuthority) mAuthority) - .getRequestNotifier(); - reqNotifier.setPublishingQueue(isPublishingQueueEnabled, - publishingQueuePriorityLevel, - maxNumberOfPublishingThreads, publishingQueuePageSize, - savePublishingStatus); + boolean isPublishingQueueEnabled = queueConfig.getBoolean("enable", false); + int publishingQueuePriorityLevel = queueConfig.getInteger("priorityLevel", 0); + int maxNumberOfPublishingThreads = queueConfig.getInteger("maxNumberOfThreads", 1); + int publishingQueuePageSize = queueConfig.getInteger("pageSize", 100); + int savePublishingStatus = queueConfig.getInteger("saveStatus", 0); + CMS.debug("PublisherProcessor: startup: Publishing Queue Enabled: " + isPublishingQueueEnabled + + " Priority Level: " + publishingQueuePriorityLevel + + " Maximum Number of Threads: " + maxNumberOfPublishingThreads + + " Page Size: "+ publishingQueuePageSize); + IRequestNotifier reqNotifier = ((ICertificateAuthority)mAuthority).getRequestNotifier(); + reqNotifier.setPublishingQueue (isPublishingQueueEnabled, + publishingQueuePriorityLevel, + maxNumberOfPublishingThreads, + publishingQueuePageSize, + savePublishingStatus); } } } @@ -476,11 +452,11 @@ public class PublisherProcessor implements IPublisherProcessor, mLdapConnModule.getLdapConnFactory().reset(); } if (mLdapRequestListener != null) { - // mLdapRequestListener.shutdown(); + //mLdapRequestListener.shutdown(); mAuthority.removeRequestListener(mLdapRequestListener); } - } catch (Exception e) { - // ignore + } catch (Exception e) { + // ignore } } @@ -508,12 +484,12 @@ public class PublisherProcessor implements IPublisherProcessor, return mPublisherInsts; } - // certType can be client,server,ca,crl,smime - // XXXshould make it static to make it faster + //certType can be client,server,ca,crl,smime + //XXXshould make it static to make it faster public Enumeration<ILdapRule> getRules(String publishingType) { Vector<ILdapRule> rules = new Vector<ILdapRule>(); Enumeration<String> e = mRuleInsts.keys(); - + while (e.hasMoreElements()) { String name = (String) e.nextElement(); @@ -526,7 +502,7 @@ public class PublisherProcessor implements IPublisherProcessor, Debug.trace("rule name is " + name); } - // this is the only rule we support now + //this is the only rule we support now LdapRule rule = (LdapRule) (mRuleInsts.get(name)); if (rule.enabled() && rule.getType().equals(publishingType)) { @@ -556,7 +532,7 @@ public class PublisherProcessor implements IPublisherProcessor, Vector<ILdapRule> rules = new Vector<ILdapRule>(); Enumeration<String> e = mRuleInsts.keys(); - + while (e.hasMoreElements()) { String name = (String) e.nextElement(); @@ -569,7 +545,7 @@ public class PublisherProcessor implements IPublisherProcessor, Debug.trace("rule name is " + name); } - // this is the only rule we support now + //this is the only rule we support now LdapRule rule = (LdapRule) (mRuleInsts.get(name)); if (rule.enabled() && rule.getType().equals(publishingType)) { @@ -585,63 +561,58 @@ public class PublisherProcessor implements IPublisherProcessor, rules.addElement(rule); if (Debug.ON) - Debug.trace("added rule " + name + " for " + publishingType - + " request: " + req.getRequestId()); + Debug.trace("added rule " + name + " for " + publishingType + + " request: " + req.getRequestId()); } } return rules.elements(); } /** - * public PublishRuleSet getPublishRuleSet() { return mRuleSet; } + public PublishRuleSet getPublishRuleSet() + { + return mRuleSet; + } **/ - public Vector<String> getMapperDefaultParams(String implName) - throws ELdapException { + public Vector<String> getMapperDefaultParams(String implName) throws + ELdapException { // is this a registered implname? MapperPlugin plugin = mMapperPlugins.get(implName); if (plugin == null) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAP_MAPPER_NOT_FIND", implName)); + CMS.getLogMessage("CMSCORE_LDAP_MAPPER_NOT_FIND", implName)); throw new ELdapException(implName); } - + // XXX can find an instance of this plugin in existing // mapper instances to avoid instantiation just for this. - + // a temporary instance ILdapMapper mapperInst = null; String className = plugin.getClassPath(); try { - mapperInst = (ILdapMapper) Class.forName(className).newInstance(); + mapperInst = (ILdapMapper) + Class.forName(className).newInstance(); Vector<String> v = mapperInst.getDefaultParams(); return v; } catch (InstantiationException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAP_NO_NEW_MAPPER", - e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_FAIL_LOAD_CLASS", className)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_NO_NEW_MAPPER", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className)); } catch (ClassNotFoundException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAP_NO_NEW_MAPPER", - e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_FAIL_LOAD_CLASS", className)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_NO_NEW_MAPPER", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className)); } catch (IllegalAccessException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAP_NO_NEW_MAPPER", - e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_FAIL_LOAD_CLASS", className)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_NO_NEW_MAPPER", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className)); } } - public Vector<String> getMapperInstanceParams(String insName) - throws ELdapException { + public Vector<String> getMapperInstanceParams(String insName) throws + ELdapException { ILdapMapper mapperInst = null; MapperProxy proxy = (MapperProxy) mMapperInsts.get(insName); @@ -657,54 +628,46 @@ public class PublisherProcessor implements IPublisherProcessor, return v; } - public Vector<String> getPublisherDefaultParams(String implName) - throws ELdapException { + public Vector<String> getPublisherDefaultParams(String implName) throws + ELdapException { // is this a registered implname? - PublisherPlugin plugin = (PublisherPlugin) mPublisherPlugins - .get(implName); + PublisherPlugin plugin = (PublisherPlugin) + mPublisherPlugins.get(implName); if (plugin == null) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAP_PLUGIN_NOT_FIND", implName)); + CMS.getLogMessage("CMSCORE_LDAP_PLUGIN_NOT_FIND", implName)); throw new ELdapException(implName); } - + // XXX can find an instance of this plugin in existing // publisher instantces to avoid instantiation just for this. - + // a temporary instance ILdapPublisher publisherInst = null; String className = plugin.getClassPath(); try { - publisherInst = (ILdapPublisher) Class.forName(className) - .newInstance(); + publisherInst = (ILdapPublisher) + Class.forName(className).newInstance(); Vector<String> v = publisherInst.getDefaultParams(); return v; } catch (InstantiationException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAP_NO_NEW_PUBLISHER", - e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_FAIL_LOAD_CLASS", className)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_NO_NEW_PUBLISHER", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className)); } catch (ClassNotFoundException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAP_NO_NEW_PUBLISHER", - e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_FAIL_LOAD_CLASS", className)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_NO_NEW_PUBLISHER", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className)); } catch (IllegalAccessException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAP_NO_NEW_PUBLISHER", - e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_FAIL_LOAD_CLASS", className)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_NO_NEW_PUBLISHER", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className)); } } public boolean isMapperInstanceEnable(String insName) { - MapperProxy proxy = (MapperProxy) mMapperInsts.get(insName); + MapperProxy proxy = (MapperProxy) + mMapperInsts.get(insName); if (proxy == null) { return false; @@ -732,7 +695,8 @@ public class PublisherProcessor implements IPublisherProcessor, } public boolean isPublisherInstanceEnable(String insName) { - PublisherProxy proxy = (PublisherProxy) mPublisherInsts.get(insName); + PublisherProxy proxy = (PublisherProxy) + mPublisherInsts.get(insName); if (proxy == null) { return false; @@ -741,19 +705,21 @@ public class PublisherProcessor implements IPublisherProcessor, } public ILdapPublisher getActivePublisherInstance(String insName) { - PublisherProxy proxy = (PublisherProxy) mPublisherInsts.get(insName); + PublisherProxy proxy = (PublisherProxy) + mPublisherInsts.get(insName); if (proxy == null) { return null; } if (proxy.isEnable()) return proxy.getPublisher(); - else + else return null; } public ILdapPublisher getPublisherInstance(String insName) { - PublisherProxy proxy = (PublisherProxy) mPublisherInsts.get(insName); + PublisherProxy proxy = (PublisherProxy) + mPublisherInsts.get(insName); if (proxy == null) { return null; @@ -761,8 +727,8 @@ public class PublisherProcessor implements IPublisherProcessor, return proxy.getPublisher(); } - public Vector<String> getPublisherInstanceParams(String insName) - throws ELdapException { + public Vector<String> getPublisherInstanceParams(String insName) throws + ELdapException { ILdapPublisher publisherInst = getPublisherInstance(insName); if (publisherInst == null) { @@ -773,132 +739,119 @@ public class PublisherProcessor implements IPublisherProcessor, return v; } - public Vector<String> getRuleDefaultParams(String implName) - throws ELdapException { + public Vector<String> getRuleDefaultParams(String implName) throws + ELdapException { // is this a registered implname? RulePlugin plugin = mRulePlugins.get(implName); if (plugin == null) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAP_RULE_NOT_FIND", implName)); + CMS.getLogMessage("CMSCORE_LDAP_RULE_NOT_FIND", implName)); throw new ELdapException(implName); } - + // XXX can find an instance of this plugin in existing // rule instantces to avoid instantiation just for this. - + // a temporary instance ILdapRule ruleInst = null; String className = plugin.getClassPath(); try { - ruleInst = (ILdapRule) Class.forName(className).newInstance(); - + ruleInst = (ILdapRule) + Class.forName(className).newInstance(); + Vector<String> v = ruleInst.getDefaultParams(); return v; } catch (InstantiationException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAP_NO_NEW_RULE", e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_FAIL_LOAD_CLASS", className)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_NO_NEW_RULE", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className)); } catch (ClassNotFoundException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAP_NO_NEW_RULE", e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_FAIL_LOAD_CLASS", className)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_NO_NEW_RULE", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className)); } catch (IllegalAccessException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAP_NO_NEW_RULE", e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_FAIL_LOAD_CLASS", className)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_NO_NEW_RULE", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className)); } } - public Vector<String> getRuleInstanceParams(String implName) - throws ELdapException { + public Vector<String> getRuleInstanceParams(String implName) throws + ELdapException { // is this a registered implname? RulePlugin plugin = mRulePlugins.get(implName); if (plugin == null) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAP_RULE_NOT_FIND", implName)); + CMS.getLogMessage("CMSCORE_LDAP_RULE_NOT_FIND", implName)); throw new ELdapException(implName); } - + // XXX can find an instance of this plugin in existing // rule instantces to avoid instantiation just for this. - + // a temporary instance ILdapRule ruleInst = null; String className = plugin.getClassPath(); try { - ruleInst = (ILdapRule) Class.forName(className).newInstance(); + ruleInst = (ILdapRule) + Class.forName(className).newInstance(); Vector<String> v = ruleInst.getInstanceParams(); IConfigStore rc = ruleInst.getConfigStore(); return v; } catch (InstantiationException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAP_NO_NEW_RULE", e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_FAIL_LOAD_CLASS", className)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_NO_NEW_RULE", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className)); } catch (ClassNotFoundException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAP_NO_NEW_RULE", e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_FAIL_LOAD_CLASS", className)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_NO_NEW_RULE", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className)); } catch (IllegalAccessException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAP_NO_NEW_RULE", e.toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_FAIL_LOAD_CLASS", className)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_NO_NEW_RULE", e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className)); } } /** - * set published flag - true when published, false when unpublished. not - * exist means not published. + * set published flag - true when published, false when unpublished. + * not exist means not published. */ public void setPublishedFlag(BigInteger serialNo, boolean published) { - if (!(mAuthority instanceof ICertificateAuthority)) + if (!(mAuthority instanceof ICertificateAuthority)) return; ICertificateAuthority ca = (ICertificateAuthority) mAuthority; try { - ICertificateRepository certdb = (ICertificateRepository) ca - .getCertificateRepository(); - ICertRecord certRec = (ICertRecord) certdb - .readCertificateRecord(serialNo); + ICertificateRepository certdb = (ICertificateRepository) ca.getCertificateRepository(); + ICertRecord certRec = (ICertRecord) certdb.readCertificateRecord(serialNo); MetaInfo metaInfo = certRec.getMetaInfo(); if (metaInfo == null) { metaInfo = new MetaInfo(); } - metaInfo.set(CertRecord.META_LDAPPUBLISH, String.valueOf(published)); + metaInfo.set( + CertRecord.META_LDAPPUBLISH, String.valueOf(published)); ModificationSet modSet = new ModificationSet(); - modSet.add(ICertRecord.ATTR_META_INFO, Modification.MOD_REPLACE, - metaInfo); + modSet.add(ICertRecord.ATTR_META_INFO, + Modification.MOD_REPLACE, metaInfo); certdb.modifyCertificateRecord(serialNo, modSet); } catch (EBaseException e) { // not fatal. just log warning. - log(ILogger.LL_WARN, - "Cannot mark cert 0x" - + serialNo.toString(16) - + " published as " - + published - + " in the ldap directory. Cert Record not found. Error: " - + e.toString() - + " Don't be alarmed if it's a subordinate ca or clone's ca siging cert. Otherwise your internal db may be corrupted."); + log(ILogger.LL_WARN, + "Cannot mark cert 0x" + serialNo.toString(16) + " published as " + published + + " in the ldap directory. Cert Record not found. Error: " + + e.toString() + + " Don't be alarmed if it's a subordinate ca or clone's ca siging cert. Otherwise your internal db may be corrupted."); } } /** * Publish ca cert, UpdateDir.java, jobs, request listeners */ - public void publishCACert(X509Certificate cert) throws ELdapException { + public void publishCACert(X509Certificate cert) + throws ELdapException { boolean error = false; String errorRule = ""; @@ -907,131 +860,118 @@ public class PublisherProcessor implements IPublisherProcessor, CMS.debug("PublishProcessor::publishCACert"); - // get mapper and publisher for cert type. + // get mapper and publisher for cert type. Enumeration<ILdapRule> rules = getRules(PROP_LOCAL_CA); if (rules == null || !rules.hasMoreElements()) { if (isClone()) { - log(ILogger.LL_WARN, "No rule is found for publishing: " - + PROP_LOCAL_CA + " in this clone."); + log(ILogger.LL_WARN, "No rule is found for publishing: " + PROP_LOCAL_CA + " in this clone."); return; } else { - Debug.trace(CMS.getLogMessage("CMSCORE_LDAP_NO_RULE_FOUND", - PROP_LOCAL_CA)); - // log(ILogger.LL_FAILURE, - // CMS.getLogMessage("CMSCORE_LDAP_NO_RULE_FOUND", - // PROP_LOCAL_CA)); - // throw new - // ELdapException(CMS.getUserMessage("CMS_LDAP_NO_RULE_MATCHED", - // PROP_LOCAL_CA)); + Debug.trace(CMS.getLogMessage("CMSCORE_LDAP_NO_RULE_FOUND", PROP_LOCAL_CA)); + //log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_NO_RULE_FOUND", PROP_LOCAL_CA)); + //throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_RULE_MATCHED", PROP_LOCAL_CA)); return; } } while (rules.hasMoreElements()) { LdapRule rule = (LdapRule) rules.nextElement(); - if (rule == null) { - CMS.debug("PublisherProcessor::publishCACert() - " - + "rule is null!"); - throw new ELdapException("rule is null"); + if( rule == null ) { + CMS.debug( "PublisherProcessor::publishCACert() - " + + "rule is null!" ); + throw new ELdapException( "rule is null" ); } - log(ILogger.LL_INFO, - "publish certificate type=" + PROP_LOCAL_CA + " rule=" - + rule.getInstanceName() + " publisher=" - + rule.getPublisher()); + log(ILogger.LL_INFO, "publish certificate type=" + PROP_LOCAL_CA + + " rule=" + rule.getInstanceName() + " publisher=" + + rule.getPublisher()); try { ILdapMapper mapper = null; String mapperName = rule.getMapper(); - if (mapperName != null && !mapperName.trim().equals("")) { + if (mapperName != null && + !mapperName.trim().equals("")) { mapper = getActiveMapperInstance(mapperName); } - publishNow(mapper, - getActivePublisherInstance(rule.getPublisher()), - null/* NO REQUEsT */, cert); - log(ILogger.LL_INFO, - "published certificate using rule=" - + rule.getInstanceName()); + publishNow(mapper, getActivePublisherInstance(rule.getPublisher()), null/* NO REQUEsT */, cert); + log(ILogger.LL_INFO, "published certificate using rule=" + + rule.getInstanceName()); } catch (Exception e) { // continue publishing even publisher has errors - // log(ILogger.LL_WARN, e.toString()); - CMS.debug("PublisherProcessor::publishCACert returned error: " - + e.toString()); + //log(ILogger.LL_WARN, e.toString()); + CMS.debug("PublisherProcessor::publishCACert returned error: " + e.toString()); error = true; - errorRule = errorRule + " " + rule.getInstanceName() - + " error:" + e.toString(); + errorRule = errorRule + " " + rule.getInstanceName() + + " error:" + e.toString(); } } // set the ldap published flag. if (!error) { setPublishedFlag(cert.getSerialNumber(), true); } else { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_PUBLISH_FAILED", errorRule)); + throw new + ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_FAILED", errorRule)); } } /** - * This function is never called. CMS does not unpublish CA certificate. + * This function is never called. CMS does not unpublish + * CA certificate. */ - public void unpublishCACert(X509Certificate cert) throws ELdapException { + public void unpublishCACert(X509Certificate cert) + throws ELdapException { boolean error = false; String errorRule = ""; if (!enabled()) return; - // get mapper and publisher for cert type. + // get mapper and publisher for cert type. Enumeration<ILdapRule> rules = getRules(PROP_LOCAL_CA); if (rules == null || !rules.hasMoreElements()) { if (isClone()) { - log(ILogger.LL_WARN, "No rule is found for unpublishing: " - + PROP_LOCAL_CA + " in this clone."); + log(ILogger.LL_WARN, "No rule is found for unpublishing: " + PROP_LOCAL_CA + " in this clone."); return; } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_NO_UNPUBLISHING_RULE_FOUND", - PROP_LOCAL_CA)); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_NO_RULE_MATCHED", PROP_LOCAL_CA)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_NO_UNPUBLISHING_RULE_FOUND", PROP_LOCAL_CA)); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_RULE_MATCHED", PROP_LOCAL_CA)); } } while (rules.hasMoreElements()) { LdapRule rule = (LdapRule) rules.nextElement(); - if (rule == null) { - CMS.debug("PublisherProcessor::unpublishCACert() - " - + "rule is null!"); - throw new ELdapException("rule is null"); + if( rule == null ) { + CMS.debug( "PublisherProcessor::unpublishCACert() - " + + "rule is null!" ); + throw new ELdapException( "rule is null" ); } try { - log(ILogger.LL_INFO, "unpublish certificate type=" - + PROP_LOCAL_CA + " rule=" + rule.getInstanceName() - + " publisher=" + rule.getPublisher()); + log(ILogger.LL_INFO, "unpublish certificate type=" + + PROP_LOCAL_CA + " rule=" + rule.getInstanceName() + + " publisher=" + rule.getPublisher()); ILdapMapper mapper = null; String mapperName = rule.getMapper(); - if (mapperName != null && !mapperName.trim().equals("")) { + if (mapperName != null && + !mapperName.trim().equals("")) { mapper = getActiveMapperInstance(mapperName); } - unpublishNow(mapper, - getActivePublisherInstance(rule.getPublisher()), - null/* NO REQUEST */, cert); - log(ILogger.LL_INFO, "unpublished certificate using rule=" - + rule.getInstanceName()); + unpublishNow(mapper, getActivePublisherInstance(rule.getPublisher()), null/* NO REQUEST */, cert); + log(ILogger.LL_INFO, "unpublished certificate using rule=" + + rule.getInstanceName()); } catch (Exception e) { // continue publishing even publisher has errors - // log(ILogger.LL_WARN, e.toString()); + //log(ILogger.LL_WARN, e.toString()); error = true; errorRule = errorRule + " " + rule.getInstanceName(); } @@ -1041,83 +981,77 @@ public class PublisherProcessor implements IPublisherProcessor, if (!error) { setPublishedFlag(cert.getSerialNumber(), false); } else { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_UNPUBLISH_FAILED", errorRule)); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_FAILED", errorRule)); } } /** * Publish crossCertificatePair */ - public void publishXCertPair(byte[] pair) throws ELdapException { + public void publishXCertPair(byte[] pair) + throws ELdapException { boolean error = false; String errorRule = ""; if (!enabled()) return; - CMS.debug("PublisherProcessor: in publishXCertPair()"); + CMS.debug("PublisherProcessor: in publishXCertPair()"); - // get mapper and publisher for cert type. + // get mapper and publisher for cert type. Enumeration<ILdapRule> rules = getRules(PROP_XCERT); if (rules == null || !rules.hasMoreElements()) { if (isClone()) { - log(ILogger.LL_WARN, "No rule is found for publishing: " - + PROP_LOCAL_CA + " in this clone."); + log(ILogger.LL_WARN, "No rule is found for publishing: " + PROP_LOCAL_CA + " in this clone."); return; } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_NO_RULE_FOUND", PROP_XCERT)); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_NO_RULE_MATCHED", PROP_XCERT)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_NO_RULE_FOUND", PROP_XCERT)); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_RULE_MATCHED", PROP_XCERT)); } } while (rules.hasMoreElements()) { LdapRule rule = (LdapRule) rules.nextElement(); - if (rule == null) { - CMS.debug("PublisherProcessor::publishXCertPair() - " - + "rule is null!"); - throw new ELdapException("rule is null"); + if( rule == null ) { + CMS.debug( "PublisherProcessor::publishXCertPair() - " + + "rule is null!" ); + throw new ELdapException( "rule is null" ); } - log(ILogger.LL_INFO, - "publish certificate type=" + PROP_XCERT + " rule=" - + rule.getInstanceName() + " publisher=" - + rule.getPublisher()); + log(ILogger.LL_INFO, "publish certificate type=" + PROP_XCERT + + " rule=" + rule.getInstanceName() + " publisher=" + + rule.getPublisher()); try { ILdapMapper mapper = null; String mapperName = rule.getMapper(); - if (mapperName != null && !mapperName.trim().equals("")) { + if (mapperName != null && + !mapperName.trim().equals("")) { mapper = getActiveMapperInstance(mapperName); } - publishNow(mapper, - getActivePublisherInstance(rule.getPublisher()), - null/* NO REQUEsT */, pair); - log(ILogger.LL_INFO, "published Xcertificates using rule=" - + rule.getInstanceName()); + publishNow(mapper, getActivePublisherInstance(rule.getPublisher()), null/* NO REQUEsT */, pair); + log(ILogger.LL_INFO, "published Xcertificates using rule=" + + rule.getInstanceName()); } catch (Exception e) { // continue publishing even publisher has errors - // log(ILogger.LL_WARN, e.toString()); + //log(ILogger.LL_WARN, e.toString()); error = true; - errorRule = errorRule + " " + rule.getInstanceName() - + " error:" + e.toString(); + errorRule = errorRule + " " + rule.getInstanceName() + + " error:" + e.toString(); - CMS.debug("PublisherProcessor::publishXCertPair: error: " - + e.toString()); + CMS.debug("PublisherProcessor::publishXCertPair: error: " + e.toString()); } } } /** - * Publishs regular user certificate based on the criteria set in the - * request. + * Publishs regular user certificate based on the criteria + * set in the request. */ public void publishCert(X509Certificate cert, IRequest req) - throws ELdapException { + throws ELdapException { boolean error = false; String errorRule = ""; @@ -1125,10 +1059,10 @@ public class PublisherProcessor implements IPublisherProcessor, if (!enabled()) return; - // get mapper and publisher for cert type. + // get mapper and publisher for cert type. Enumeration<ILdapRule> rules = getRules("certs", req); - // Bugscape #52306 - Remove superfluous log messages on failure + // Bugscape #52306 - Remove superfluous log messages on failure if (rules == null || !rules.hasMoreElements()) { CMS.debug("Publishing: can't find publishing rule,exiting routine."); @@ -1140,11 +1074,11 @@ public class PublisherProcessor implements IPublisherProcessor, LdapRule rule = (LdapRule) rules.nextElement(); try { - log(ILogger.LL_INFO, "publish certificate (with request) type=" - + "certs" + " rule=" + rule.getInstanceName() - + " publisher=" + rule.getPublisher()); - ILdapPublisher p = getActivePublisherInstance(rule - .getPublisher()); + log(ILogger.LL_INFO, + "publish certificate (with request) type=" + + "certs" + " rule=" + rule.getInstanceName() + + " publisher=" + rule.getPublisher()); + ILdapPublisher p = getActivePublisherInstance(rule.getPublisher()); ILdapMapper m = null; String mapperName = rule.getMapper(); @@ -1152,12 +1086,11 @@ public class PublisherProcessor implements IPublisherProcessor, m = getActiveMapperInstance(mapperName); } publishNow(m, p, req, cert); - log(ILogger.LL_INFO, - "published certificate using rule=" - + rule.getInstanceName()); + log(ILogger.LL_INFO, "published certificate using rule=" + + rule.getInstanceName()); } catch (Exception e) { // continue publishing even publisher has errors - // log(ILogger.LL_WARN, e.toString()); + //log(ILogger.LL_WARN, e.toString()); error = true; errorRule = errorRule + " " + rule.getInstanceName(); } @@ -1166,66 +1099,63 @@ public class PublisherProcessor implements IPublisherProcessor, if (!error) { setPublishedFlag(cert.getSerialNumber(), true); } else { - CMS.debug("PublishProcessor::publishCert : " - + CMS.getUserMessage("CMS_LDAP_PUBLISH_FAILED", errorRule)); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_PUBLISH_FAILED", errorRule)); + CMS.debug("PublishProcessor::publishCert : " + CMS.getUserMessage("CMS_LDAP_PUBLISH_FAILED",errorRule)); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_FAILED", errorRule)); } } /** - * Unpublish user certificate. This is used by UnpublishExpiredJob. + * Unpublish user certificate. This is used by + * UnpublishExpiredJob. */ public void unpublishCert(X509Certificate cert, IRequest req) - throws ELdapException { + throws ELdapException { boolean error = false; String errorRule = ""; if (!enabled()) return; - // get mapper and publisher for cert type. + // get mapper and publisher for cert type. Enumeration<ILdapRule> rules = getRules("certs", req); if (rules == null || !rules.hasMoreElements()) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_NO_UNPUBLISHING_RULE_FOUND_FOR_REQUEST", - "certs", req.getRequestId().toString())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_NO_RULE_MATCHED", req.getRequestId().toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_NO_UNPUBLISHING_RULE_FOUND_FOR_REQUEST", "certs", req.getRequestId().toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_RULE_MATCHED", + req.getRequestId().toString())); } while (rules.hasMoreElements()) { LdapRule rule = (LdapRule) rules.nextElement(); - if (rule == null) { - CMS.debug("PublisherProcessor::unpublishCert() - " - + "rule is null!"); - throw new ELdapException("rule is null"); + if( rule == null ) { + CMS.debug( "PublisherProcessor::unpublishCert() - " + + "rule is null!" ); + throw new ELdapException( "rule is null" ); } try { - log(ILogger.LL_INFO, - "unpublish certificate (with request) type=" + "certs" - + " rule=" + rule.getInstanceName() - + " publisher=" + rule.getPublisher()); + log(ILogger.LL_INFO, + "unpublish certificate (with request) type=" + + "certs" + " rule=" + rule.getInstanceName() + + " publisher=" + rule.getPublisher()); ILdapMapper mapper = null; String mapperName = rule.getMapper(); - if (mapperName != null && !mapperName.trim().equals("")) { + if (mapperName != null && + !mapperName.trim().equals("")) { mapper = getActiveMapperInstance(mapperName); } - unpublishNow(mapper, - getActivePublisherInstance(rule.getPublisher()), req, - cert); - log(ILogger.LL_INFO, "unpublished certificate using rule=" - + rule.getInstanceName()); + unpublishNow(mapper, getActivePublisherInstance(rule.getPublisher()), + req, cert); + log(ILogger.LL_INFO, "unpublished certificate using rule=" + + rule.getInstanceName()); } catch (Exception e) { // continue publishing even publisher has errors - // log(ILogger.LL_WARN, e.toString()); + //log(ILogger.LL_WARN, e.toString()); error = true; errorRule = errorRule + " " + rule.getInstanceName(); } @@ -1235,21 +1165,21 @@ public class PublisherProcessor implements IPublisherProcessor, if (!error) { setPublishedFlag(cert.getSerialNumber(), false); } else { - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_UNPUBLISH_FAILED", errorRule)); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_FAILED", errorRule)); } } /** - * publishes a crl by mapping the issuer name in the crl to an entry and - * publishing it there. entry must be a certificate authority. Note that - * this is used by cmsgateway/cert/UpdateDir.java + * publishes a crl by mapping the issuer name in the crl to an entry + * and publishing it there. entry must be a certificate authority. + * Note that this is used by cmsgateway/cert/UpdateDir.java */ - public void publishCRL(X509CRLImpl crl, String crlIssuingPointId) - throws ELdapException { + public void publishCRL(X509CRLImpl crl, String crlIssuingPointId) + throws ELdapException { boolean error = false; String errorRule = ""; + if (!enabled()) return; ILdapMapper mapper = null; @@ -1259,10 +1189,9 @@ public class PublisherProcessor implements IPublisherProcessor, Enumeration<ILdapRule> rules = getRules(PROP_LOCAL_CRL); if (rules == null || !rules.hasMoreElements()) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAP_NO_RULE_FOR_CRL")); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_NO_RULE_MATCHED", PROP_LOCAL_CRL)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_NO_RULE_FOR_CRL")); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_RULE_MATCHED", + PROP_LOCAL_CRL)); } LDAPConnection conn = null; @@ -1278,57 +1207,53 @@ public class PublisherProcessor implements IPublisherProcessor, String result = null; LdapRule rule = (LdapRule) rules.nextElement(); - log(ILogger.LL_INFO, - "publish crl rule=" + rule.getInstanceName() - + " publisher=" + rule.getPublisher()); + log(ILogger.LL_INFO, "publish crl rule=" + + rule.getInstanceName() + " publisher=" + + rule.getPublisher()); try { String mapperName = rule.getMapper(); - if (mapperName != null && !mapperName.trim().equals("")) { + if (mapperName != null && + !mapperName.trim().equals("")) { mapper = getActiveMapperInstance(mapperName); } if (mapper == null || mapper.getImplName().equals("NoMap")) { dn = ((X500Name) crl.getIssuerDN()).toLdapDNString(); - } else { - + }else { + result = ((ILdapMapper) mapper).map(conn, crl); dn = result; if (!mCreateOwnDNEntry) { - if (dn == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_LDAP_MAPPER_NOT_MAP", - rule.getMapper())); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_NO_MATCH", crl.getIssuerDN() - .toString())); - + if (dn == null) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_MAPPER_NOT_MAP", rule.getMapper())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH", + crl.getIssuerDN().toString())); + } } } publisher = getActivePublisherInstance(rule.getPublisher()); if (publisher != null) { - if (publisher instanceof com.netscape.cms.publish.publishers.FileBasedPublisher) - ((com.netscape.cms.publish.publishers.FileBasedPublisher) publisher) - .setIssuingPointId(crlIssuingPointId); + if(publisher instanceof com.netscape.cms.publish.publishers.FileBasedPublisher) + ((com.netscape.cms.publish.publishers.FileBasedPublisher)publisher).setIssuingPointId(crlIssuingPointId); publisher.publish(conn, dn, crl); - log(ILogger.LL_INFO, - "published crl using rule=" - + rule.getInstanceName()); + log(ILogger.LL_INFO, "published crl using rule=" + rule.getInstanceName()); } // continue publishing even publisher has errors - } catch (Exception e) { - // e.printStackTrace(); - CMS.debug("Error publishing CRL to " + dn + ": " + e); + }catch (Exception e) { + //e.printStackTrace(); + CMS.debug( + "Error publishing CRL to " + dn + ": " + e); error = true; errorRule = errorRule + " " + rule.getInstanceName(); - CMS.debug("PublisherProcessor::publishCRL: error: " - + e.toString()); + CMS.debug("PublisherProcessor::publishCRL: error: " + e.toString()); } } - } catch (ELdapException e) { - // e.printStackTrace(); - CMS.debug("Error publishing CRL to " + dn + ": " + e); + }catch (ELdapException e) { + //e.printStackTrace(); + CMS.debug( + "Error publishing CRL to " + dn + ": " + e); throw e; } finally { if (conn != null) { @@ -1336,28 +1261,27 @@ public class PublisherProcessor implements IPublisherProcessor, } } if (error) - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_PUBLISH_FAILED", errorRule)); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_FAILED", errorRule)); } /** - * publishes a crl by mapping the issuer name in the crl to an entry and - * publishing it there. entry must be a certificate authority. + * publishes a crl by mapping the issuer name in the crl to an entry + * and publishing it there. entry must be a certificate authority. */ - public void publishCRL(String dn, X509CRL crl) throws ELdapException { + public void publishCRL(String dn, X509CRL crl) + throws ELdapException { boolean error = false; String errorRule = ""; if (!enabled()) return; - // get mapper and publisher for cert type. + // get mapper and publisher for cert type. Enumeration<ILdapRule> rules = getRules(PROP_LOCAL_CRL); if (rules == null || !rules.hasMoreElements()) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_LDAP_NO_RULE_FOR_CRL")); - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_NO_RULE_MATCHED", PROP_LOCAL_CRL)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_NO_RULE_FOR_CRL")); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_RULE_MATCHED", + PROP_LOCAL_CRL)); } LDAPConnection conn = null; @@ -1370,29 +1294,26 @@ public class PublisherProcessor implements IPublisherProcessor, while (rules.hasMoreElements()) { LdapRule rule = (LdapRule) rules.nextElement(); - log(ILogger.LL_INFO, - "publish crl dn=" + dn + " rule=" - + rule.getInstanceName() + " publisher=" - + rule.getPublisher()); + log(ILogger.LL_INFO, "publish crl dn=" + dn + " rule=" + + rule.getInstanceName() + " publisher=" + + rule.getPublisher()); try { publisher = getActivePublisherInstance(rule.getPublisher()); if (publisher != null) { publisher.publish(conn, dn, crl); - log(ILogger.LL_INFO, - "published crl using rule=" - + rule.getInstanceName()); + log(ILogger.LL_INFO, "published crl using rule=" + rule.getInstanceName()); } - } catch (Exception e) { - CMS.debug("Error publishing CRL to " + dn + ": " - + e.toString()); + }catch (Exception e) { + CMS.debug( + "Error publishing CRL to " + dn + ": " + e.toString()); error = true; errorRule = errorRule + " " + rule.getInstanceName(); - CMS.debug("PublisherProcessor::publishCRL: error: " - + e.toString()); - } + CMS.debug("PublisherProcessor::publishCRL: error: " + e.toString()); + } } } catch (ELdapException e) { - CMS.debug("Error publishing CRL to " + dn + ": " + e.toString()); + CMS.debug( + "Error publishing CRL to " + dn + ": " + e.toString()); throw e; } finally { if (conn != null) { @@ -1400,12 +1321,11 @@ public class PublisherProcessor implements IPublisherProcessor, } } if (error) - throw new ELdapException(CMS.getUserMessage( - "CMS_LDAP_PUBLISH_FAILED", errorRule)); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_FAILED", errorRule)); } private void publishNow(ILdapMapper mapper, ILdapPublisher publisher, - IRequest r, Object obj) throws ELdapException { + IRequest r, Object obj) throws ELdapException { if (!enabled()) return; CMS.debug("PublisherProcessor: in publishNow()"); @@ -1420,22 +1340,19 @@ public class PublisherProcessor implements IPublisherProcessor, if (mLdapConnModule != null) { try { conn = mLdapConnModule.getConn(); - } catch (ELdapException e) { + } catch(ELdapException e) { throw e; - } + } } try { - if ((mapper instanceof com.netscape.cms.publish.mappers.LdapCertSubjMap) - && ((com.netscape.cms.publish.mappers.LdapCertSubjMap) mapper) - .useAllEntries()) { - dirdn = ((com.netscape.cms.publish.mappers.LdapCertSubjMap) mapper) - .mapAll(conn, r, obj); + if ((mapper instanceof com.netscape.cms.publish.mappers.LdapCertSubjMap) && + ((com.netscape.cms.publish.mappers.LdapCertSubjMap)mapper).useAllEntries()) { + dirdn = ((com.netscape.cms.publish.mappers.LdapCertSubjMap)mapper).mapAll(conn, r, obj); } else { - dirdn = mapper.map(conn, r, obj); + dirdn = mapper.map(conn, r, obj); } } catch (Throwable e1) { - CMS.debug("Error mapping: mapper=" + mapper + " error=" - + e1.toString()); + CMS.debug("Error mapping: mapper=" + mapper + " error=" + e1.toString()); throw e1; } } @@ -1444,28 +1361,25 @@ public class PublisherProcessor implements IPublisherProcessor, try { if (dirdn instanceof Vector) { - Vector<?> dirdnVector = (Vector<?>) dirdn; + Vector<?> dirdnVector = (Vector<?>)dirdn; int n = dirdnVector.size(); for (int i = 0; i < n; i++) { - publisher.publish(conn, - (String) dirdnVector.elementAt(i), cert); + publisher.publish(conn, (String)dirdnVector.elementAt(i), cert); } - } else if (dirdn instanceof String - || publisher instanceof com.netscape.cms.publish.publishers.FileBasedPublisher) { - publisher.publish(conn, (String) dirdn, cert); + } else if (dirdn instanceof String || + publisher instanceof com.netscape.cms.publish.publishers.FileBasedPublisher) { + publisher.publish(conn, (String)dirdn, cert); } } catch (Throwable e1) { - CMS.debug("PublisherProcessor::publishNow : publisher=" - + publisher + " error=" + e1.toString()); + CMS.debug("PublisherProcessor::publishNow : publisher=" + publisher + " error=" + e1.toString()); throw e1; } - log(ILogger.LL_INFO, "published certificate serial number: 0x" - + cert.getSerialNumber().toString(16)); + log(ILogger.LL_INFO, "published certificate serial number: 0x" + + cert.getSerialNumber().toString(16)); } catch (ELdapException e) { throw e; } catch (Throwable e) { - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH", - e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH", e.toString())); } finally { if (conn != null) { mLdapConnModule.returnConn(conn); @@ -1473,16 +1387,16 @@ public class PublisherProcessor implements IPublisherProcessor, } } - // for crosscerts + // for crosscerts private void publishNow(ILdapMapper mapper, ILdapPublisher publisher, - IRequest r, byte[] bytes) throws ELdapException { + IRequest r, byte[] bytes) throws ELdapException { if (!enabled()) return; - CMS.debug("PublisherProcessor: in publishNow() for xcerts"); + CMS.debug("PublisherProcessor: in publishNow() for xcerts"); - // use ca cert publishing map and rule + // use ca cert publishing map and rule ICertificateAuthority ca = (ICertificateAuthority) mAuthority; - X509Certificate caCert = (X509Certificate) ca.getCACert(); + X509Certificate caCert = (X509Certificate) ca.getCACert(); LDAPConnection conn = null; @@ -1496,32 +1410,28 @@ public class PublisherProcessor implements IPublisherProcessor, conn = mLdapConnModule.getConn(); } try { - dirdn = mapper.map(conn, r, (Object) caCert); - CMS.debug("PublisherProcessor: dirdn=" + dirdn); + dirdn = mapper.map(conn, r, (Object) caCert); + CMS.debug("PublisherProcessor: dirdn="+dirdn); } catch (Throwable e1) { - CMS.debug("Error mapping: mapper=" + mapper + " error=" - + e1.toString()); + CMS.debug("Error mapping: mapper=" + mapper + " error=" + e1.toString()); throw e1; } } try { - CMS.debug("PublisherProcessor: publisher impl name=" - + publisher.getImplName()); + CMS.debug("PublisherProcessor: publisher impl name="+publisher.getImplName()); publisher.publish(conn, dirdn, bytes); } catch (Throwable e1) { - CMS.debug("Error publishing: publisher=" + publisher - + " error=" + e1.toString()); + CMS.debug("Error publishing: publisher=" + publisher + " error=" + e1.toString()); throw e1; } log(ILogger.LL_INFO, "published crossCertPair"); } catch (ELdapException e) { throw e; } catch (Throwable e) { - throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH", - e.toString())); + throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH", e.toString())); } finally { if (conn != null) { mLdapConnModule.returnConn(conn); @@ -1530,7 +1440,7 @@ public class PublisherProcessor implements IPublisherProcessor, } private void unpublishNow(ILdapMapper mapper, ILdapPublisher publisher, - IRequest r, Object obj) throws ELdapException { + IRequest r, Object obj) throws ELdapException { if (!enabled()) return; LDAPConnection conn = null; @@ -1544,13 +1454,13 @@ public class PublisherProcessor implements IPublisherProcessor, if (mLdapConnModule != null) { conn = mLdapConnModule.getConn(); } - dirdn = mapper.map(conn, r, obj); + dirdn = mapper.map(conn, r, obj); } X509Certificate cert = (X509Certificate) obj; publisher.unpublish(conn, dirdn, cert); - log(ILogger.LL_INFO, "unpublished certificate serial number: 0x" - + cert.getSerialNumber().toString(16)); + log(ILogger.LL_INFO, "unpublished certificate serial number: 0x" + + cert.getSerialNumber().toString(16)); } catch (ELdapException e) { throw e; } finally { @@ -1587,8 +1497,8 @@ public class PublisherProcessor implements IPublisherProcessor, } public boolean isClone() { - if ((mAuthority instanceof ICertificateAuthority) - && ((ICertificateAuthority) mAuthority).isClone()) + if ((mAuthority instanceof ICertificateAuthority) && + ((ICertificateAuthority) mAuthority).isClone()) return true; else return false; @@ -1600,7 +1510,7 @@ public class PublisherProcessor implements IPublisherProcessor, public void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, "Publishing: " - + msg); + mLogger.log(ILogger.EV_SYSTEM, + ILogger.S_LDAP, level, "Publishing: " + msg); } } |