📄 ldappublisher.java
字号:
} /** * Returns the CA object class in the ldap instance */ public String getCAObjectClass(){ return (String) data.get(CAOBJECTCLASS); } /** * Sets the CA object class in the ldap instance */ public void setCAObjectClass(String caobjectclass){ data.put(CAOBJECTCLASS, caobjectclass); } /** * Returns the user cert attribute in the ldap instance */ public String getUserCertAttribute(){ return (String) data.get(USERCERTATTRIBUTE); } /** * Sets the user cert attribute in the ldap instance */ public void setUserCertAttribute(String usercertattribute){ data.put(USERCERTATTRIBUTE, usercertattribute); } /** * Returns the ca cert attribute in the ldap instance */ public String getCACertAttribute(){ return (String) data.get(CACERTATTRIBUTE); } /** * Sets the ca cert attribute in the ldap instance */ public void setCACertAttribute(String cacertattribute){ data.put(CACERTATTRIBUTE, cacertattribute); } /** * Returns the CRL attribute in the ldap instance */ public String getCRLAttribute(){ return (String) data.get(CRLATTRIBUTE); } /** * Sets the CRL attribute in the ldap instance */ public void setCRLAttribute(String crlattribute){ data.put(CRLATTRIBUTE, crlattribute); } /** * Returns the ARL attribute in the ldap instance */ public String getARLAttribute(){ return (String) data.get(ARLATTRIBUTE); } /** * Sets the ARL attribute in the ldap instance */ public void setARLAttribute(String arlattribute){ data.put(ARLATTRIBUTE, arlattribute); } /** * Method getting a collection of DNFieldExtractor constants indicating which * fields of the x509 certificate DN that should be used in the LDAP DN. * * Valid values are DNFieldExtractor.E, .UID, .CN, .SN, .GIVENNAME, .SURNAME, .T, .OU, .L * Other values should be defined in baseDN instead. * If there exists multiple fields of the same type, then will all fields be mappen to LDAP dn. * * @return Collection of (Integer) containing DNFieldExtractor constants. */ public Collection getUseFieldInLdapDN(){ return (Collection) data.get(USEFIELDINLDAPDN); } /** * Method setting a collection of DNFieldExtractor constants indicating which * fields of the x509 certificate DN that should be used in the LDAP DN. * * Valid values are DNFieldExtractor.E, .UID, .CN, .SN, .GIVENNAME, .SURNAME, .T, .OU, .L * Other values should be defined in baseDN instead. * If there exists multiple fields of the same type, then will all fields be mappen to LDAP dn. * * @return Collection of (Integer) containing DNFieldExtractor constants. */ public void setUseFieldInLdapDN(Collection usefieldinldapdn){ data.put(USEFIELDINLDAPDN, usefieldinldapdn); } // Private methods /** * Creates an LDAPAttributeSet. * * @param cert the certificate to use or null if no cert involved. * @param objectclass the objectclass the attribute set should be of. * @param dn dn of the LDAP entry. * @param extra if we should add extra attributes except the objectclass to the attributeset. * @param pserson true if this is a person-entry, false if it is a CA. * * @return LDAPAtributeSet created... */ protected LDAPAttributeSet getAttributeSet(X509Certificate cert, String objectclass, String dn, boolean extra, boolean person) { LDAPAttributeSet attributeSet = new LDAPAttributeSet(); LDAPAttribute attr = new LDAPAttribute("objectclass"); // The full LDAP object tree is divided with ; in the objectclass StringTokenizer token = new StringTokenizer(objectclass,";"); while (token.hasMoreTokens()) { String value = token.nextToken(); log.debug("Adding objectclass value: "+value); attr.addValue(value); } attributeSet.add(attr); /* To Add an entry to the directory, * -- Create the attributes of the entry and add them to an attribute set * -- Specify the DN of the entry to be created * -- Create an LDAPEntry object with the DN and the attribute set * -- Call the LDAPConnection add method to add it to the directory */ if (extra) { String cn = CertTools.getPartFromDN(dn, "CN"); if (cn != null) { attributeSet.add(new LDAPAttribute("cn", cn)); } // sn means surname in LDAP, and is required for persons String sn = CertTools.getPartFromDN(dn, "SURNAME"); if (person) { if ( (sn == null) && (cn != null) ) { // Take surname to be the last part of the cn int index = cn.lastIndexOf(' '); if (index <=0) { // If there is no natural sn, use cn since sn is required sn = cn; } else { if (index < cn.length()) sn = cn.substring(index+1); } } } if (sn != null) { attributeSet.add(new LDAPAttribute("sn", sn)); } // gn means givenname in LDAP, and is required for persons String gn = CertTools.getPartFromDN(dn, "GIVENNAME"); if (person) { if ( (gn == null) && (cn != null) ) { // Take givenname to be the first part of the cn int index = cn.indexOf(' '); if (index <=0) { // If there is no natural gn/sn, ignore gn if we are using sn if (sn == null) gn = cn; } else { gn = cn.substring(0, index); } } } if (gn != null) { attributeSet.add(new LDAPAttribute("givenName", gn)); } String l = CertTools.getPartFromDN(dn, "L"); if (l != null) { attributeSet.add(new LDAPAttribute("l", l)); } String st = CertTools.getPartFromDN(dn, "ST"); if (st != null) { attributeSet.add(new LDAPAttribute("st", st)); } String ou = CertTools.getPartFromDN(dn, "OU"); if (ou != null) { attributeSet.add(new LDAPAttribute("ou", ou)); } } return attributeSet; } // getAttributeSet /** * Creates an LDAPModificationSet. * * @param oldEntry the objectclass the attribute set should be of. * @param dn dn of the LDAP entry. * @param extra if we should add extra attributes except the objectclass to the * modificationset. * @param pserson true if this is a person-entry, false if it is a CA. * * @return LDAPModificationSet created... */ protected LDAPModificationSet getModificationSet(LDAPEntry oldEntry, String dn, boolean extra, boolean person) { LDAPModificationSet modSet = new LDAPModificationSet(); if (extra) { String cn = CertTools.getPartFromDN(dn, "CN"); if (cn != null) { modSet.add(LDAPModification.REPLACE, new LDAPAttribute("cn", cn)); } // sn means surname in LDAP, and is required for persons String sn = CertTools.getPartFromDN(dn, "SURNAME"); if (person) { if ( (sn == null) && (cn != null) ) { // Take surname to be the last part of the cn int index = cn.lastIndexOf(' '); if (index <=0) { // If there is no natural sn, use cn since sn is required sn = cn; } else { if (index < cn.length()) sn = cn.substring(index+1); } } } if (sn != null) { modSet.add(LDAPModification.REPLACE, new LDAPAttribute("sn", sn)); } // gn means givenname in LDAP, and is required for persons String gn = CertTools.getPartFromDN(dn, "GIVENNAME"); if (person) { if ( (gn == null) && (cn != null) ) { // Take givenname to be the first part of the cn int index = cn.indexOf(' '); if (index <=0) { // If there is no natural gn/sn, ignore gn if we are using sn if (sn == null) gn = cn; } else { gn = cn.substring(0, index); } } } if (gn != null) { modSet.add(LDAPModification.REPLACE, new LDAPAttribute("gn", gn)); } String l = CertTools.getPartFromDN(dn, "L"); if (l != null) { modSet.add(LDAPModification.REPLACE, new LDAPAttribute("l", l)); } String st = CertTools.getPartFromDN(dn, "ST"); if (st != null) { modSet.add(LDAPModification.REPLACE, new LDAPAttribute("st", st)); } String ou = CertTools.getPartFromDN(dn, "OU"); if (ou != null) { modSet.add(LDAPModification.REPLACE, new LDAPAttribute("ou", ou)); } } return modSet; } // getModificationSet protected String constructLDAPDN(String dn){ String retval = ""; DNFieldExtractor extractor = new DNFieldExtractor(dn,DNFieldExtractor.TYPE_SUBJECTDN); Collection usefields = getUseFieldInLdapDN(); if(usefields instanceof List){ Collections.sort((List) usefields); } Iterator iter = usefields.iterator(); while(iter.hasNext()){ Integer next = (Integer) iter.next(); if(retval.length() == 0) retval += getDNField(extractor, next.intValue()); else retval += "," + getDNField(extractor, next.intValue()); } retval = retval + "," + this.getBaseDN(); log.debug("LdapPublisher: constructed DN: " + retval ); return retval; } protected String getDNField(DNFieldExtractor extractor, int field){ String retval = ""; int num = extractor.getNumberOfFields(field); for(int i=0;i<num;i++){ if(retval.length() == 0) retval += DNFieldExtractor.SUBJECTDNFIELDS[field] + extractor.getField(field,i); else retval += "," + DNFieldExtractor.SUBJECTDNFIELDS[field] + extractor.getField(field,i); } return retval; } protected static byte[] fakecrlbytes = Base64.decode( ("MIIBKDCBkgIBATANBgkqhkiG9w0BAQUFADAvMQ8wDQYDVQQDEwZUZXN0Q0ExDzAN"+ "BgNVBAoTBkFuYVRvbTELMAkGA1UEBhMCU0UXDTA0MDExMjE0MTQyMloXDTA0MDEx"+ "MzE0MTQyMlqgLzAtMB8GA1UdIwQYMBaAFK1tyidIzx1qpuj5OjHl/0Ro8xTDMAoG"+ "A1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBABBSCWRAX8xyWQSuZYqR9MC8t4/V"+ "Tp4xTGJeT1OPlCfuyeHyjUdvdjB/TjTgc4EOJ7eIF7aQU8Mp6AcUAKil/qBlrTYa"+ "EFVr0WDeh2Aglgm4klAFnoJjDWfjTP1NVFdN4GMizqAz/vdXOY3DaDmkwx24eaRw"+ "7SzqXca4gE7f1GTO").getBytes()); /** * @see se.anatom.ejbca.ca.publisher.BasePublisher#clone() */ public Object clone() throws CloneNotSupportedException { LdapPublisher clone = new LdapPublisher(); HashMap clonedata = (HashMap) clone.saveData(); Iterator i = (data.keySet()).iterator(); while(i.hasNext()){ Object key = i.next(); clonedata.put(key, data.get(key)); } clone.loadData(clonedata); return clone; } /* * * @see se.anatom.ejbca.ca.publisher.BasePublisher#getLatestVersion() */ public float getLatestVersion() { return LATEST_VERSION; } }⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -