pki/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159

// --- BEGIN COPYRIGHT BLOCK ---
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; version 2 of the License.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License along
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
// (C) 2007 Red Hat, Inc.
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.publish.mappers;


import netscape.ldap.*;
import java.io.*;
import java.util.*;
import java.security.*;
import java.security.cert.*;
import netscape.security.x509.*;
import netscape.security.util.*;
import com.netscape.certsrv.logging.*;
import com.netscape.certsrv.base.*;
import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.apps.*;
import com.netscape.certsrv.ldap.*;
import com.netscape.certsrv.publish.*;


/** 
 * Default crl mapper. 
 * maps the crl to a ldap entry by using components in the issuer name
 * to find the CA's entry.
 *
 * @version $Revision$, $Date$
 */
public class LdapCrlIssuerCompsMap 
    extends LdapDNCompsMap implements ILdapMapper {
    ILogger mLogger = CMS.getLogger();

    public LdapCrlIssuerCompsMap() {
        // need to support baseDN, dnComps, and filterComps
        // via configuration
    }

    /** 
     * Constructor.
     *
     * The DN comps are used to form a LDAP entry to begin a subtree search.
     * The filter comps are used to form a search filter for the subtree.
     * If none of the DN comps matched, baseDN is used for the subtree.
     * If the baseDN is null and none of the DN comps matched, it is an error.
     * If none of the DN comps and filter comps matched, it is an error.
     * If just the filter comps is null, a base search is performed.
     * 
     * @param baseDN The base DN. 
     * @param dnComps Components to form the LDAP base dn for search.
     * @param filterComps Components to form the LDAP search filter.
     */
    public LdapCrlIssuerCompsMap(String baseDN, ObjectIdentifier[] dnComps,
        ObjectIdentifier[] filterComps) {
        init(baseDN, dnComps, filterComps);
    }

    /**
     * constructor using non-standard certificate attribute.
     */
    public LdapCrlIssuerCompsMap(String crlAttr, String baseDN, 
        ObjectIdentifier[] dnComps,
        ObjectIdentifier[] filterComps) {
        super(crlAttr, baseDN, dnComps, filterComps);
    }

    public String getImplName() {
        return "LdapCrlIssuerCompsMap";
    }

    public String getDescription() {
        return "LdapCrlIssuerCompsMap";
    }

    public Vector getDefaultParams() {
        Vector v = super.getDefaultParams();

        //v.addElement("crlAttr=" + LdapCrlPublisher.LDAP_CRL_ATTR);
        return v;
    }

    public Vector getInstanceParams() {
        Vector v = super.getInstanceParams();

        return v;
    }

    protected void init(String baseDN, ObjectIdentifier[] dnComps,
        ObjectIdentifier[] filterComps) {
        //mLdapAttr = LdapCrlPublisher.LDAP_CRL_ATTR;
        super.init(baseDN, dnComps, filterComps);
    }

    /**
     * Maps a crl to LDAP entry.
     * Uses issuer DN components and filter components to form a DN and 
     * filter for a LDAP search.
     * If the formed DN is null the baseDN will be used.
     * If the formed DN is null and baseDN is null an error is thrown.
     * If the filter is null a base search is performed.
     * If both are null an error is thrown.
     * 
     * @param conn - the LDAP connection.
     * @param obj - the X509Certificate.
     * @return the result. LdapCertMapResult is also used for CRL.
     */ 
    public String
    map(LDAPConnection conn, Object obj)
        throws ELdapException {
        if (conn == null)
            return null;
        X509CRLImpl crl = (X509CRLImpl) obj;

        try {
            String result = null;
            X500Name issuerDN = 
                (X500Name) ((X509CRLImpl) crl).getIssuerDN();

            CMS.debug("LdapCrlIssuerCompsMap: " + issuerDN.toString());

            byte[] crlbytes = crl.getEncoded();

            result = super.map(conn, issuerDN, crlbytes);
            return result;
        } catch (CRLException e) {
            log(ILogger.LL_FAILURE, 
                CMS.getLogMessage("PUBLISH_CANT_DECODE_CRL", e.toString()));
            throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CRL_FAILED", e.toString()));
        }
    }

    public String map(LDAPConnection conn, IRequest req, Object obj)
        throws ELdapException {
        return map(conn, obj);
    }

    /**
     * overrides super's log().
     */
    private void log(int level, String msg) {
        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
            "LdapCrlCompsMap: " + msg);
    }

}