KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > ejbca > core > model > ca > publisher > ActiveDirectoryPublisher


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/

13  
14 package org.ejbca.core.model.ca.publisher;
15
16 import java.io.IOException JavaDoc;
17 import java.io.UnsupportedEncodingException JavaDoc;
18 import java.security.cert.Certificate JavaDoc;
19 import java.security.cert.CertificateParsingException JavaDoc;
20 import java.security.cert.X509Certificate JavaDoc;
21 import java.util.ArrayList JavaDoc;
22 import java.util.HashMap JavaDoc;
23 import java.util.Iterator JavaDoc;
24
25 import org.apache.log4j.Logger;
26 import org.ejbca.core.model.ra.ExtendedInformation;
27 import org.ejbca.util.CertTools;
28 import org.ejbca.util.dn.DNFieldExtractor;
29
30
31 import com.novell.ldap.LDAPAttribute;
32 import com.novell.ldap.LDAPAttributeSet;
33 import com.novell.ldap.LDAPEntry;
34
35 /**
36  * ActiveDirectoryPublisher is a class handling a publishing to Active Directory catalouges.
37  *
38  * @version $Id: ActiveDirectoryPublisher.java,v 1.3 2006/12/02 11:17:33 anatom Exp $
39  */

40 public class ActiveDirectoryPublisher extends LdapPublisher{
41     
42     private static final Logger log = Logger.getLogger(ActiveDirectoryPublisher.class);
43         
44     public static final float LATEST_VERSION = 1;
45
46     public static final int TYPE_ADPUBLISHER = 3;
47     
48     // Constants indicating characteristics of created user accounts
49
public static final int UAC_DISABLE = 2;
50     public static final int UAC_NORMAL = 512;
51     public static final int UAC_NEVEREXPIRE = 66048;
52     public static final int UAC_SMARTCARDREQUIRED = 0x40000;
53     
54     // Default Values
55
public static final int DEFAULT_UAC = UAC_NEVEREXPIRE;
56     
57     protected static final String JavaDoc USEPASSWORD = "usepassword";
58     protected static final String JavaDoc USERACCOUNTCONTROL = "useraccountcontrol";
59     protected static final String JavaDoc SAMACCOUNTNAME = "samaccountname";
60     protected static final String JavaDoc USERDESCRIPTION = "userdescription";
61
62     public static final String JavaDoc DEFAULT_USEROBJECTCLASS = "top;person;organizationalPerson;user";
63     public static final String JavaDoc DEFAULT_CAOBJECTCLASS = "top;certificationAuthority";
64     
65
66     
67     public ActiveDirectoryPublisher(){
68         super();
69         data.put(TYPE, new Integer JavaDoc(TYPE_ADPUBLISHER));
70                 
71         setUserObjectClass(DEFAULT_USEROBJECTCLASS);
72         setCAObjectClass(DEFAULT_CAOBJECTCLASS);
73         setUseUserPassword(true);
74         setUserAccountControl(DEFAULT_UAC);
75         setSAMAccountName(DNFieldExtractor.UPN);
76         setUserDescription("");
77     }
78     
79     
80     
81     /**
82      * Returns true if user password should be set when creating users.
83      */

84     public boolean getUseUserPassword (){
85         return ((Boolean JavaDoc) data.get(USEPASSWORD)).booleanValue();
86     }
87
88     /**
89      * Sets if user password should be set when creating users.
90      */

91     public void setUseUserPassword (boolean useuserpassword){
92         data.put(USEPASSWORD, new Boolean JavaDoc(useuserpassword));
93     }
94
95     /**
96      * Returns the value of the user account control
97      */

98     public int getUserAccountControl (){
99         return ((Integer JavaDoc) data.get(USERACCOUNTCONTROL)).intValue();
100     }
101
102     /**
103      * Sets the value of the user account control, (mask)
104      */

105     public void setUserAccountControl(int useraccountcontrol){
106         data.put(USERACCOUNTCONTROL, new Integer JavaDoc(useraccountcontrol));
107     }
108
109     /**
110      * Returns a DNFieldExtractor constant indicating which DN field to
111      * use as SAM Account Name.
112      */

113     public int getSAMAccountName (){
114         return ((Integer JavaDoc) data.get(SAMACCOUNTNAME)).intValue();
115     }
116
117     /**
118      * Sets the SAM account name.
119      *
120      * @param samaccountname is one a DNFieldExtractor constant indicating
121      * which field to use as SAM Account Name.
122      */

123     public void setSAMAccountName(int samaccountname){
124         data.put(SAMACCOUNTNAME, new Integer JavaDoc(samaccountname));
125     }
126
127     /**
128      * Returns the description used for created users
129      */

130     public String JavaDoc getUserDescription (){
131         return (String JavaDoc) data.get(USERDESCRIPTION);
132     }
133
134     /**
135      * Sets the value of the user account control, (mask)
136      */

137     public void setUserDescription(String JavaDoc userdescription){
138         data.put(USERDESCRIPTION, userdescription);
139     }
140     
141     /** Overrides getAttributeSet
142      * Creates an LDAPAttributeSet.
143      *
144      * @param cert is the certificate about to be published
145      * @param objectclass the objectclass the attribute set should be of.
146      * @param dn dn of the LDAP entry.
147      * @param extra if we should add extra attributes except the objectclass to the attributeset.
148      * @param pserson true if this is a person-entry, false if it is a CA.
149      * @param password to set for the user, if null no password is set.
150      * @param extendedinformation, for future use...
151      *
152      * @return LDAPAtributeSet created...
153      */

154     protected LDAPAttributeSet getAttributeSet(Certificate JavaDoc cert, String JavaDoc objectclass, String JavaDoc dn, boolean extra, boolean person,
155                                                String JavaDoc password, ExtendedInformation extendedinformation) {
156         log.debug("ADPublisher : getAttributeSet");
157         
158         LDAPAttributeSet attributeSet = super.getAttributeSet(cert, objectclass, dn, extra, person, password, extendedinformation);
159         
160         String JavaDoc cn = CertTools.getPartFromDN(dn, "CN");
161         // Add AD specific attributes
162
//attributeSet.add(new LDAPAttribute("userAccountControl", Integer.toString(getUserAccountControl())));
163

164         if(cert!= null && cert instanceof X509Certificate JavaDoc){
165           String JavaDoc upn = null;
166         try {
167             upn = CertTools.getUPNAltName((X509Certificate JavaDoc) cert);
168         } catch (CertificateParsingException JavaDoc e) {}
169           catch (IOException JavaDoc e) {}
170         String JavaDoc samaccountname = upn;
171         if(upn != null && upn.indexOf('@') != -1){
172           // only use name part of UPN.
173
samaccountname = samaccountname.substring(0, upn.indexOf('@'));
174         }
175         
176         
177           switch(getSAMAccountName()){
178             case DNFieldExtractor.CN:
179               samaccountname = cn;
180               break;
181             case DNFieldExtractor.UID:
182               samaccountname = CertTools.getPartFromDN(dn, "UID");
183               break;
184           }
185           if(samaccountname !=null){
186             attributeSet.add(new LDAPAttribute("samaccountname", samaccountname));
187           }
188           
189           if(upn != null)
190             attributeSet.add(new LDAPAttribute("userPrincipalName", upn));
191           else
192             attributeSet.add(new LDAPAttribute("userPrincipalName", cn));
193             
194         }
195         attributeSet.add(new LDAPAttribute("displayName", cn));
196         if(getUserDescription() != null && !getUserDescription().trim().equals("")){
197           attributeSet.add(new LDAPAttribute("description", getUserDescription()));
198         }
199
200         if(getUseSSL() && password != null){
201           //Can only set password through SSL connection
202

203             //attributeSet.add(new LDAPAttribute("userPassword", password));
204

205
206           //Start out by taking the password and enclosing it in quotes, as in
207
String JavaDoc newVal = new String JavaDoc("\"" + password + "\"");
208
209           //Then, you need to get the octet string of the Unicode representation of
210
//that. You need to leave off the extra two bytes Java uses as length:
211

212             byte _bytes[] = null;
213             try {
214                 _bytes = newVal.getBytes("Unicode");
215             } catch (UnsupportedEncodingException JavaDoc e) {}
216             byte bytes[] = new byte[_bytes.length - 2];
217             System.arraycopy(_bytes, 2, bytes, 0, _bytes.length - 2);
218
219           //Take that value and stuff it into the unicodePwd attribute:
220
attributeSet.add(new LDAPAttribute("unicodePwd", bytes));
221           
222         }
223         
224         
225         return attributeSet;
226     } // getAttributeSet
227

228     
229     /** Overrides LdapPublisher.getModificationSet
230      *
231      * Creates an LDAPModificationSet.
232      *
233      * @param oldEntry the objectclass the attribute set should be of.
234      * @param dn dn of the LDAP entry.
235      * @param extra if we should add extra attributes except the objectclass to the
236      * modificationset.
237      * @param pserson true if this is a person-entry, false if it is a CA.
238      *
239      * @return LDAPModificationSet created...
240      */

241     protected ArrayList JavaDoc getModificationSet(LDAPEntry oldEntry, String JavaDoc dn, boolean extra, boolean person) {
242         ArrayList JavaDoc modSet = super.getModificationSet(oldEntry, dn, false, person);
243
244         // Modify AD specific attributes
245

246         return modSet;
247     } // getModificationSet
248

249         
250     
251     
252     // Private methods
253

254     /**
255      * @see org.ejbca.core.model.ca.publisher.BasePublisher#clone()
256      */

257     public Object JavaDoc clone() throws CloneNotSupportedException JavaDoc {
258         ActiveDirectoryPublisher clone = new ActiveDirectoryPublisher();
259         HashMap JavaDoc clonedata = (HashMap JavaDoc) clone.saveData();
260
261         Iterator JavaDoc i = (data.keySet()).iterator();
262         while(i.hasNext()){
263             Object JavaDoc key = i.next();
264             clonedata.put(key, data.get(key));
265         }
266
267         clone.loadData(clonedata);
268         return clone;
269         }
270
271     /* *
272      * @see org.ejbca.core.model.ca.publisher.BasePublisher#getLatestVersion()
273      */

274     public float getLatestVersion() {
275         return LATEST_VERSION;
276     }
277     
278
279 }
280
Popular Tags