📄 ldappublisher.java
字号:
} // Only persons have (normally) all these extra attributes. // A CA might have them if you don't use the default objectClass, but we don't // handle that case. if (person) { // sn means surname in LDAP, and is required for persons String sn = CertTools.getPartFromDN(dn, "SURNAME"); if ( (sn == null) && (cn != null) ) { // Only construct this if we are the standard object class if (getUserObjectClass().endsWith("inetOrgPerson")) { // Take surname to be the last part of the cn int index = cn.lastIndexOf(' '); if (index <=0) { // If there is no natural sn, use cn since sn is required sn = cn; } else { if (index < cn.length()) sn = cn.substring(index+1); } } } if (sn != null) { attributeSet.add(new LDAPAttribute("sn", sn)); } // gn means givenname in LDAP, and is required for persons String gn = CertTools.getPartFromDN(dn, "GIVENNAME"); if ( (gn == null) && (cn != null) ) { // Only construct this if we are the standard object class if (getUserObjectClass().endsWith("inetOrgPerson")) { // Take givenname to be the first part of the cn int index = cn.indexOf(' '); if (index <=0) { // If there is no natural gn/sn, ignore gn if we are using sn if (sn == null) gn = cn; } else { gn = cn.substring(0, index); } } } if (gn != null) { attributeSet.add(new LDAPAttribute("givenName", gn)); } String st = CertTools.getPartFromDN(dn, "ST"); if (st != null) { attributeSet.add(new LDAPAttribute("st", st)); } String o = CertTools.getPartFromDN(dn, "O"); if (o != null) { attributeSet.add(new LDAPAttribute("o", o)); } String uid = CertTools.getPartFromDN(dn, "uid"); if (uid != null) { attributeSet.add(new LDAPAttribute("uid", uid)); } String initials = CertTools.getPartFromDN(dn, "initials"); if (initials != null) { attributeSet.add(new LDAPAttribute("initials", initials)); } String title = CertTools.getPartFromDN(dn, "T"); if (title != null) { attributeSet.add(new LDAPAttribute("title", title)); } // If we have selected to use the SN (serialNUmber DN field, we will also add it as an attribute // This is not present in the normal objectClass (inetOrgPerson) // Modifying the schema is as simple as adding serialNumber as MAY in the inetOrgPerson object class in inetorgperson.schema. Collection usefields = getUseFieldInLdapDN(); if (usefields.contains(new Integer(DNFieldExtractor.SN))) { String serno = CertTools.getPartFromDN(dn, "SN"); if (serno != null) { attributeSet.add(new LDAPAttribute("serialNumber", serno)); } } } } log.debug("<getAttributeSet()"); return attributeSet; } // getAttributeSet /** * Creates an LDAPModificationSet. * * @param oldEntry the objectclass the attribute set should be of. * @param dn dn of the LDAP entry. * @param extra if we should add extra attributes except the objectclass to the * modificationset. * @param pserson true if this is a person-entry, false if it is a CA. * * @return LDAPModificationSet created... */ protected ArrayList getModificationSet(LDAPEntry oldEntry, String dn, boolean extra, boolean person) { log.debug(">getModificationSet()"); ArrayList modSet = new ArrayList(); // We get this, because we can not modify attributes that are present in the original DN // i.e. if the ldap entry have a DN, we are not allowed to modify that String oldDn = oldEntry.getDN(); if (extra) { String cn = CertTools.getPartFromDN(dn, "CN"); String oldcn = CertTools.getPartFromDN(oldDn, "CN"); if ( (cn != null) && (oldcn == null) ) { LDAPAttribute attr = new LDAPAttribute("cn", cn); modSet.add(new LDAPModification(LDAPModification.REPLACE, attr)); } String l = CertTools.getPartFromDN(dn, "L"); String oldl = CertTools.getPartFromDN(oldDn, "L"); if ( (l != null) && (oldl == null) ) { LDAPAttribute attr = new LDAPAttribute("l", l); modSet.add(new LDAPModification(LDAPModification.REPLACE, attr)); } String ou = CertTools.getPartFromDN(dn, "OU"); String oldou = CertTools.getPartFromDN(oldDn, "OU"); if ( (ou != null) && (oldou == null) ) { LDAPAttribute attr = new LDAPAttribute("ou", ou); modSet.add(new LDAPModification(LDAPModification.REPLACE, attr)); } // Only persons have (normally) all these extra attributes. // A CA might have them if you don't use the default objectClass, but we don't // handle that case. if (person) { // sn means surname in LDAP, and is required for inetOrgPerson String sn = CertTools.getPartFromDN(dn, "SURNAME"); if ( (sn == null) && (cn != null) ) { // Only construct this if we are the standard object class if (getUserObjectClass().endsWith("inetOrgPerson")) { // Take surname to be the last part of the cn int index = cn.lastIndexOf(' '); if (index <=0) { // If there is no natural sn, use cn since sn is required sn = cn; } else { if (index < cn.length()) sn = cn.substring(index+1); } } } if (sn != null) { LDAPAttribute attr = new LDAPAttribute("sn", sn); modSet.add(new LDAPModification(LDAPModification.REPLACE, attr)); } // gn means givenname in LDAP, and is required for inetOrgPerson String gn = CertTools.getPartFromDN(dn, "GIVENNAME"); if ( (gn == null) && (cn != null) ) { // Only construct this if we are the standard object class if (getUserObjectClass().endsWith("inetOrgPerson")) { // Take givenname to be the first part of the cn int index = cn.indexOf(' '); if (index <=0) { // If there is no natural gn/sn, ignore gn if we are using sn if (sn == null) gn = cn; } else { gn = cn.substring(0, index); } } } if (gn != null) { LDAPAttribute attr = new LDAPAttribute("givenName", gn); modSet.add(new LDAPModification(LDAPModification.REPLACE, attr)); } String st = CertTools.getPartFromDN(dn, "ST"); String oldst = CertTools.getPartFromDN(oldDn, "ST"); if ( (st != null) && (oldst == null) ){ LDAPAttribute attr = new LDAPAttribute("st", st); modSet.add(new LDAPModification(LDAPModification.REPLACE, attr)); } String o = CertTools.getPartFromDN(dn, "O"); String oldo = CertTools.getPartFromDN(oldDn, "O"); if ( (o != null) && (oldo == null) ) { LDAPAttribute attr = new LDAPAttribute("o", o); modSet.add(new LDAPModification(LDAPModification.REPLACE, attr)); } String uid = CertTools.getPartFromDN(dn, "uid"); String olduid = CertTools.getPartFromDN(oldDn, "uid"); if ( (uid != null) && (olduid == null) ) { LDAPAttribute attr = new LDAPAttribute("uid", uid); modSet.add(new LDAPModification(LDAPModification.REPLACE, attr)); } String initials = CertTools.getPartFromDN(dn, "initials"); if (initials != null) { LDAPAttribute attr = new LDAPAttribute("initials", initials); modSet.add(new LDAPModification(LDAPModification.REPLACE, attr)); } String title = CertTools.getPartFromDN(dn, "T"); if (title != null) { LDAPAttribute attr = new LDAPAttribute("title", title); modSet.add(new LDAPModification(LDAPModification.REPLACE, attr)); } // If we have selected to use the SN (serialNUmber DN field, we will also add it as an attribute // This is not present in the normal objectClass (inetOrgPerson) Collection usefields = getUseFieldInLdapDN(); if (usefields.contains(new Integer(DNFieldExtractor.SN))) { String serno = CertTools.getPartFromDN(dn, "SN"); String oldserno = CertTools.getPartFromDN(oldDn, "SN"); if ( (serno != null) && (oldserno == null) ) { LDAPAttribute attr = new LDAPAttribute("serialNumber", serno); modSet.add(new LDAPModification(LDAPModification.REPLACE, attr)); } } } } log.debug("<getModificationSet()"); return modSet; } // getModificationSet protected String constructLDAPDN(String dn){ String retval = ""; DNFieldExtractor extractor = new DNFieldExtractor(dn,DNFieldExtractor.TYPE_SUBJECTDN); Collection usefields = getUseFieldInLdapDN(); if(usefields instanceof List){ Collections.sort((List) usefields); } Iterator iter = usefields.iterator(); String dnField = null; while(iter.hasNext()){ Integer next = (Integer) iter.next(); dnField = extractor.getFieldString(next.intValue()); if (StringUtils.isNotEmpty(dnField)) { if (dnField.startsWith("SN")) { // This is SN in Bouncycastle, but it should be serialNumber in LDAP dnField = "serialNumber"+dnField.substring(2); } if (dnField.startsWith("E")) { // This is E in Bouncycastle, but it should be mail in LDAP dnField = "mail"+dnField.substring(1); } if(retval.length() == 0) { retval += dnField; // first item, don't start with a comma } else { retval += "," + dnField; } } } retval = retval + "," + this.getBaseDN(); log.debug("LdapPublisher: constructed DN: " + retval ); return retval; } protected static byte[] fakecrlbytes = Base64.decode( ("MIIBKDCBkgIBATANBgkqhkiG9w0BAQUFADAvMQ8wDQYDVQQDEwZUZXN0Q0ExDzAN"+ "BgNVBAoTBkFuYVRvbTELMAkGA1UEBhMCU0UXDTA0MDExMjE0MTQyMloXDTA0MDEx"+ "MzE0MTQyMlqgLzAtMB8GA1UdIwQYMBaAFK1tyidIzx1qpuj5OjHl/0Ro8xTDMAoG"+ "A1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBABBSCWRAX8xyWQSuZYqR9MC8t4/V"+ "Tp4xTGJeT1OPlCfuyeHyjUdvdjB/TjTgc4EOJ7eIF7aQU8Mp6AcUAKil/qBlrTYa"+ "EFVr0WDeh2Aglgm4klAFnoJjDWfjTP1NVFdN4GMizqAz/vdXOY3DaDmkwx24eaRw"+ "7SzqXca4gE7f1GTO").getBytes()); /** * @see org.ejbca.core.model.ca.publisher.BasePublisher#clone() */ public Object clone() throws CloneNotSupportedException { LdapPublisher clone = new LdapPublisher(); HashMap clonedata = (HashMap) clone.saveData(); Iterator i = (data.keySet()).iterator(); while(i.hasNext()){ Object key = i.next(); clonedata.put(key, data.get(key)); } clone.loadData(clonedata); return clone; } /* * * @see org.ejbca.core.model.ca.publisher.BasePublisher#getLatestVersion() */ public float getLatestVersion() { return LATEST_VERSION; } /** * Implemtation of UpgradableDataHashMap function upgrade. */ public void upgrade() { log.debug(">upgrade"); if(Float.compare(LATEST_VERSION, getVersion()) != 0) { // New version of the class, upgrade String msg = intres.getLocalizedMessage("publisher.upgrade", new Float(getVersion())); log.info(msg); if(data.get(ADDMULTIPLECERTIFICATES) == null) { setAddMultipleCertificates(false); } if(data.get(REMOVEREVOKED) == null) { setRemoveRevokedCertificates(true); } if(data.get(REMOVEUSERONCERTREVOKE) == null) { setRemoveUsersWhenCertRevoked(false); } data.put(VERSION, new Float(LATEST_VERSION)); } log.debug("<upgrade"); }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -