📄 ldappublisher.java
字号:
return true; } /** * @see org.ejbca.core.model.ca.publisher.BasePublisher */ public boolean storeCRL(Admin admin, byte[] incrl, String cafp, int number) throws PublisherException{ int ldapVersion = LDAPConnection.LDAP_V3; LDAPConnection lc = createLdapConnection(); X509CRL crl = null; String dn = null; String crldn = null; try { // Extract the users DN from the crl. crl = CertTools.getCRLfromByteArray(incrl); crldn = CertTools.getIssuerDN(crl); dn = constructLDAPDN(CertTools.getIssuerDN(crl)); } catch (Exception e) { String msg = intres.getLocalizedMessage("publisher.errorldapdecode", "CRL"); log.error(msg, e); throw new PublisherException(msg); } // Check if the entry is already present, we will update it with the new certificate. LDAPEntry oldEntry = searchOldEntity(null, ldapVersion, lc, dn); LDAPEntry newEntry = null; ArrayList modSet = new ArrayList(); LDAPAttributeSet attributeSet = null; if (oldEntry != null) { modSet = getModificationSet(oldEntry, crldn, false, false); } else { attributeSet = getAttributeSet(null, this.getCAObjectClass(), crldn, true, false, null,null); } try { LDAPAttribute crlAttr = new LDAPAttribute(getCRLAttribute(), crl.getEncoded()); LDAPAttribute arlAttr = new LDAPAttribute(getARLAttribute(), crl.getEncoded()); if (oldEntry != null) { modSet.add(new LDAPModification(LDAPModification.REPLACE, crlAttr)); modSet.add(new LDAPModification(LDAPModification.REPLACE, arlAttr)); } else { attributeSet.add(crlAttr); attributeSet.add(arlAttr); } } catch (CRLException e) { String msg = intres.getLocalizedMessage("publisher.errorldapencodestore", "CRL"); log.error(msg, e); throw new PublisherException(msg); } if (oldEntry == null) { newEntry = new LDAPEntry(dn, attributeSet); } try { // connect to the server lc.connect(getHostname(), Integer.parseInt(getPort())); // authenticate to the server lc.bind(ldapVersion, getLoginDN(), getLoginPassword().getBytes("UTF8")); // Add or modify the entry if (oldEntry != null) { LDAPModification[] mods = new LDAPModification[modSet.size()]; mods = (LDAPModification[])modSet.toArray(mods); lc.modify(dn, mods); String msg = intres.getLocalizedMessage("publisher.ldapmodify", "CRL", dn); log.info(msg); } else { lc.add(newEntry); String msg = intres.getLocalizedMessage("publisher.ldapadd", "CRL", dn); log.info(msg); } } catch (LDAPException e) { String msg = intres.getLocalizedMessage("publisher.errorldapstore", "CRL", getCRLAttribute(), getCAObjectClass(), dn); log.error(msg, e); throw new PublisherException(msg); } catch (UnsupportedEncodingException e) { String msg = intres.getLocalizedMessage("publisher.errorpassword", getLoginPassword()); log.error(msg, e); throw new PublisherException(msg); } finally { // disconnect with the server try { lc.disconnect(); } catch (LDAPException e) { String msg = intres.getLocalizedMessage("publisher.errordisconnect"); log.error(msg, e); } } return true; } /** * @see org.ejbca.core.model.ca.publisher.BasePublisher */ public void revokeCertificate(Admin admin, Certificate cert, int reason) throws PublisherException{ log.debug(">revokeCertificate()"); // Check first if we should do anything then revoking boolean removecert = getRemoveRevokedCertificates(); boolean removeuser = getRemoveUsersWhenCertRevoked(); if ( (!removecert) && (!removeuser) ) { log.debug("The configuration for the publisher '" + getDescription() + "' does not allow removing of certificates or users."); return; } if (removecert) log.debug("Removing user certificate from ldap"); if (removeuser) log.debug("Removing user entry from ldap"); int ldapVersion = LDAPConnection.LDAP_V3; LDAPConnection lc = createLdapConnection(); String dn = null; String certdn = null; try { // Extract the users DN from the cert. certdn = CertTools.getSubjectDN((X509Certificate) cert); dn = constructLDAPDN(certdn); } catch (Exception e) { String msg = intres.getLocalizedMessage("publisher.errorldapdecode", "certificate"); log.error(msg, e); throw new PublisherException(msg); } // Check if the entry is already present, we will update it with the new certificate. LDAPEntry oldEntry = searchOldEntity(null, ldapVersion, lc, dn); ArrayList modSet = new ArrayList(); if (((X509Certificate) cert).getBasicConstraints() == -1) { log.debug("Removing end user certificate from " + getHostname()); if (oldEntry != null) { if (removecert) { // Don't try to remove the cert if there does not exist any LDAPAttribute oldAttr = oldEntry.getAttribute(getUserCertAttribute()); if (oldAttr != null) { modSet = getModificationSet(oldEntry, certdn, false, true); LDAPAttribute attr = new LDAPAttribute(getUserCertAttribute()); modSet.add(new LDAPModification(LDAPModification.DELETE, attr)); } else { String msg = intres.getLocalizedMessage("publisher.inforevokenocert"); log.info(msg); } } } else { String msg = intres.getLocalizedMessage("publisher.errorrevokenoentry"); log.error(msg); throw new PublisherException(msg); } } else { log.debug("Not removing CA certificate from " + getHostname() + "Because of object class restrictions."); // Currently removal of CA certificate isn't support because of object class restictions /* if (oldEntry != null) { modSet = getModificationSet(oldEntry, dn, false, false); modSet.add(new LDAPModification(LDAPModification.DELETE, new LDAPAttribute(getCACertAttribute()))); } else { log.error("Certificate doesn't exist in database"); throw new PublisherException("Certificate doesn't exist in database"); }*/ } try { lc.connect(getHostname(), Integer.parseInt(getPort())); // authenticate to the server lc.bind(ldapVersion, getLoginDN(), getLoginPassword().getBytes("UTF8")); // Add or modify the entry if (oldEntry != null && modSet != null && getModifyExistingUsers()) { if (removecert) { LDAPModification[] mods = new LDAPModification[modSet.size()]; mods = (LDAPModification[])modSet.toArray(mods); lc.modify(dn, mods); } if (removeuser) { lc.delete(dn); } String msg = intres.getLocalizedMessage("publisher.ldapremove", dn); log.info(msg); } } catch (LDAPException e) { String msg = intres.getLocalizedMessage("publisher.errorldapremove", dn); log.error(msg, e); throw new PublisherException(msg); } catch (UnsupportedEncodingException e) { String msg = intres.getLocalizedMessage("publisher.errorpassword", getLoginPassword()); log.error(msg, e); throw new PublisherException(msg); } finally { // disconnect with the server try { lc.disconnect(); } catch (LDAPException e) { String msg = intres.getLocalizedMessage("publisher.errordisconnect"); log.error(msg, e); } } log.debug("<revokeCertificate()"); } /** SearchOldEntity is the only method differing between regular ldap and ldap search publishers. * Aprat from how they find existing users, the publishing works the same. */ protected LDAPEntry searchOldEntity(String username, int ldapVersion, LDAPConnection lc, String dn) throws PublisherException { LDAPEntry oldEntry = null; // return value try { // connect to the server lc.connect(getHostname(), Integer.parseInt(getPort())); // authenticate to the server lc.bind(ldapVersion, getLoginDN(), getLoginPassword().getBytes("UTF8")); // try to read the old object oldEntry = lc.read(dn); } catch (LDAPException e) { if (e.getResultCode() == LDAPException.NO_SUCH_OBJECT) { log.debug("No old entry exist for '" + dn + "'."); } else { String msg = intres.getLocalizedMessage("publisher.errorldapbind", e.getMessage()); log.error(msg, e); throw new PublisherException(msg); } } catch (UnsupportedEncodingException e) { String msg = intres.getLocalizedMessage("publisher.errorpassword", getLoginPassword()); throw new PublisherException(msg); } finally { // disconnect with the server try { lc.disconnect(); } catch (LDAPException e) { String msg = intres.getLocalizedMessage("publisher.errordisconnect"); log.error(msg, e); } } return oldEntry; } /** * @see org.ejbca.core.model.ca.publisher.BasePublisher */ public void testConnection(Admin admin) throws PublisherConnectionException { int ldapVersion = LDAPConnection.LDAP_V3; LDAPConnection lc = null; if(getUseSSL()){ lc = new LDAPConnection(new LDAPJSSESecureSocketFactory()); }else{ lc = new LDAPConnection(); } LDAPEntry entry = null; try { // connect to the server lc.connect(getHostname(), Integer.parseInt(getPort())); // authenticate to the server lc.bind(ldapVersion, getLoginDN(), getLoginPassword().getBytes("UTF8")); // try to read the old object entry = lc.read(getBaseDN()); log.debug("Entry" + entry.toString()); if(entry == null) { String msg = intres.getLocalizedMessage("publisher.errornobinddn"); throw new PublisherConnectionException(msg); } } catch (LDAPException e) { String msg = intres.getLocalizedMessage("publisher.errorldapbind", e.getMessage()); log.error(msg, e); throw new PublisherConnectionException(msg); } catch (UnsupportedEncodingException e) { String msg = intres.getLocalizedMessage("publisher.errorpassword", getLoginPassword()); log.error(msg, e); throw new PublisherConnectionException(msg); } finally { // disconnect with the server try { lc.disconnect(); } catch (LDAPException e) { String msg = intres.getLocalizedMessage("publisher.errordisconnect"); log.error(msg, e); } } } protected LDAPConnection createLdapConnection() { LDAPConnection lc; if (getUseSSL()) { lc = new LDAPConnection(new LDAPJSSESecureSocketFactory()); } else { lc = new LDAPConnection(); } return lc; } /** * Returns the hostname of ldap server. */ public String getHostname (){ return (String) data.get(HOSTNAME); } /** * Sets the hostname of ldap server. */ ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -