KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > ejbca > core > model > ca > publisher > LdapPublisher


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/

13  
14 package org.ejbca.core.model.ca.publisher;
15
16 import java.io.IOException JavaDoc;
17 import java.io.UnsupportedEncodingException JavaDoc;
18 import java.security.cert.CRLException JavaDoc;
19 import java.security.cert.Certificate JavaDoc;
20 import java.security.cert.CertificateEncodingException JavaDoc;
21 import java.security.cert.X509CRL JavaDoc;
22 import java.security.cert.X509Certificate JavaDoc;
23 import java.util.ArrayList JavaDoc;
24 import java.util.Collection JavaDoc;
25 import java.util.Collections JavaDoc;
26 import java.util.HashMap JavaDoc;
27 import java.util.Iterator JavaDoc;
28 import java.util.List JavaDoc;
29 import java.util.StringTokenizer JavaDoc;
30
31 import org.apache.commons.lang.StringUtils;
32 import org.apache.log4j.Logger;
33 import org.ejbca.core.ejb.ca.store.CertificateDataBean;
34 import org.ejbca.core.model.InternalResources;
35 import org.ejbca.core.model.log.Admin;
36 import org.ejbca.core.model.ra.ExtendedInformation;
37 import org.ejbca.util.Base64;
38 import org.ejbca.util.CertTools;
39 import org.ejbca.util.dn.DNFieldExtractor;
40
41 import com.novell.ldap.LDAPAttribute;
42 import com.novell.ldap.LDAPAttributeSet;
43 import com.novell.ldap.LDAPConnection;
44 import com.novell.ldap.LDAPEntry;
45 import com.novell.ldap.LDAPException;
46 import com.novell.ldap.LDAPJSSESecureSocketFactory;
47 import com.novell.ldap.LDAPModification;
48
49 /**
50  * LdapPublisher is a class handling a publishing to various v3 LDAP catalouges.
51  *
52  * @version $Id: LdapPublisher.java,v 1.23.2.2 2007/05/18 16:32:55 anatom Exp $
53  */

54 public class LdapPublisher extends BasePublisher {
55         
56     private static final Logger log = Logger.getLogger(LdapPublisher.class);
57     /** Internal localization of logs and errors */
58     private static final InternalResources intres = InternalResources.getInstance();
59     
60     protected static byte[] fakecrl = null;
61     
62     public static final float LATEST_VERSION = 5;
63     
64     public static final int TYPE_LDAPPUBLISHER = 2;
65         
66     public static final String JavaDoc DEFAULT_USEROBJECTCLASS = "top;person;organizationalPerson;inetOrgPerson";
67     public static final String JavaDoc DEFAULT_CAOBJECTCLASS = "top;applicationProcess;certificationAuthority";
68     public static final String JavaDoc DEFAULT_CACERTATTRIBUTE = "cACertificate;binary";
69     public static final String JavaDoc DEFAULT_USERCERTATTRIBUTE = "userCertificate;binary";
70     public static final String JavaDoc DEFAULT_CRLATTRIBUTE = "certificateRevocationList;binary";
71     public static final String JavaDoc DEFAULT_ARLATTRIBUTE = "authorityRevocationList;binary";
72     public static final String JavaDoc DEFAULT_PORT = "389";
73     public static final String JavaDoc DEFAULT_SSLPORT = "636";
74     
75     
76     // Default Values
77

78     protected static final String JavaDoc HOSTNAME = "hostname";
79     protected static final String JavaDoc USESSL = "usessl";
80     protected static final String JavaDoc PORT = "port";
81     protected static final String JavaDoc BASEDN = "baswdn";
82     protected static final String JavaDoc LOGINDN = "logindn";
83     protected static final String JavaDoc LOGINPASSWORD = "loginpassword";
84     protected static final String JavaDoc CREATENONEXISTING = "createnonexisting";
85     protected static final String JavaDoc MODIFYEXISTING = "modifyexisting";
86     protected static final String JavaDoc USEROBJECTCLASS = "userobjectclass";
87     protected static final String JavaDoc CAOBJECTCLASS = "caobjectclass";
88     protected static final String JavaDoc USERCERTATTRIBUTE = "usercertattribute";
89     protected static final String JavaDoc CACERTATTRIBUTE = "cacertattribute";
90     protected static final String JavaDoc CRLATTRIBUTE = "crlattribute";
91     protected static final String JavaDoc ARLATTRIBUTE = "arlattribute";
92     protected static final String JavaDoc USEFIELDINLDAPDN = "usefieldsinldapdn";
93     protected static final String JavaDoc ADDMULTIPLECERTIFICATES = "addmultiplecertificates";
94     protected static final String JavaDoc REMOVEREVOKED = "removerevoked";
95     protected static final String JavaDoc REMOVEUSERONCERTREVOKE = "removeusersoncertrevoke";
96     
97     public LdapPublisher(){
98         super();
99         data.put(TYPE, new Integer JavaDoc(TYPE_LDAPPUBLISHER));
100         
101         setHostname("");
102         setUseSSL(true);
103         setPort(DEFAULT_SSLPORT);
104         setBaseDN("");
105         setLoginDN("");
106         setLoginPassword("");
107         setCreateNonExisingUsers(true);
108         setModifyExistingUsers(true);
109         setUserObjectClass(DEFAULT_USEROBJECTCLASS);
110         setCAObjectClass(DEFAULT_CAOBJECTCLASS);
111         setUserCertAttribute(DEFAULT_USERCERTATTRIBUTE);
112         setCACertAttribute(DEFAULT_CACERTATTRIBUTE);
113         setCRLAttribute(DEFAULT_CRLATTRIBUTE);
114         setARLAttribute(DEFAULT_ARLATTRIBUTE);
115         setUseFieldInLdapDN(new ArrayList JavaDoc());
116         // By default use only one certificate for each user
117
setAddMultipleCertificates(false);
118         setRemoveRevokedCertificates(true);
119         setRemoveUsersWhenCertRevoked(false);
120         
121         if(fakecrl == null){
122           try {
123             X509CRL JavaDoc crl = CertTools.getCRLfromByteArray(fakecrlbytes);
124             fakecrl = crl.getEncoded();
125           } catch (CRLException JavaDoc e) {}
126             catch (IOException JavaDoc e) {}
127         }
128         
129         
130     }
131     
132     // Public Methods
133

134
135    
136     
137     /**
138      * Publishes certificate in LDAP, if the certificate is not revoked. If the certifiate is revoked, nothing is done
139      * and the publishing is counted as successful (i.e. returns true).
140      *
141      * @see org.ejbca.core.model.ca.publisher.BasePublisher
142      */

143     public boolean storeCertificate(Admin admin, Certificate JavaDoc incert, String JavaDoc username, String JavaDoc password, String JavaDoc cafp, int status, int type, long revocationDate, int revocationReason, ExtendedInformation extendedinformation) throws PublisherException{
144         log.debug(">storeCertificate(username="+username+")");
145         // Don't publish non-active certificates
146
if (status != CertificateDataBean.CERT_ACTIVE) {
147             String JavaDoc msg = intres.getLocalizedMessage("publisher.notpublrevoked", new Integer JavaDoc(status));
148             log.info(msg);
149             return true;
150         }
151         int ldapVersion = LDAPConnection.LDAP_V3;
152         LDAPConnection lc = createLdapConnection();
153
154         String JavaDoc dn = null;
155         String JavaDoc certdn = null;
156         try {
157             // Extract the users DN from the cert.
158
certdn = CertTools.getSubjectDN((X509Certificate JavaDoc) incert);
159             log.debug( "Constructing DN for: " + username);
160             dn = constructLDAPDN(certdn);
161             log.debug("LDAP DN for user " +username +" is " + dn);
162         } catch (Exception JavaDoc e) {
163             String JavaDoc msg = intres.getLocalizedMessage("publisher.errorldapdecode", "certificate");
164             log.error(msg, e);
165             throw new PublisherException(msg);
166         }
167
168         // Extract the users email from the cert.
169
String JavaDoc email = CertTools.getEMailAddress((X509Certificate JavaDoc)incert);
170
171         // Check if the entry is already present, we will update it with the new certificate.
172
LDAPEntry oldEntry = searchOldEntity(username, ldapVersion, lc, dn);
173
174         // PART 2: Create LDAP entry
175
LDAPEntry newEntry = null;
176         ArrayList JavaDoc modSet = new ArrayList JavaDoc();
177         LDAPAttributeSet attributeSet = null;
178         String JavaDoc attribute = null;
179         String JavaDoc objectclass = null;
180
181         if (type == CertificateDataBean.CERTTYPE_ENDENTITY) {
182             log.debug("Publishing end user certificate to " + getHostname());
183
184             if (oldEntry != null) {
185                 // TODO: Are we the correct type objectclass?
186
modSet = getModificationSet(oldEntry, certdn, true, true);
187             } else {
188                 objectclass = getUserObjectClass(); // just used for logging
189
attributeSet = getAttributeSet(incert, getUserObjectClass(), certdn, true, true, password, extendedinformation);
190             }
191
192             if (email != null) {
193                 //log.debug("Adding email attribute: "+email);
194
LDAPAttribute mailAttr = new LDAPAttribute("mail", email);
195                 if (oldEntry != null) {
196                     modSet.add(new LDAPModification(LDAPModification.REPLACE, mailAttr));
197                 } else {
198                     attributeSet.add(mailAttr);
199                 }
200             }
201
202             try {
203                 attribute = getUserCertAttribute();
204                 LDAPAttribute certAttr = new LDAPAttribute(getUserCertAttribute(), incert.getEncoded());
205                 if (oldEntry != null) {
206                     if (getAddMultipleCertificates()) {
207                         modSet.add(new LDAPModification(LDAPModification.ADD, certAttr));
208                         log.debug("Appended new certificate in user entry; " + username+": "+dn);
209                     } else {
210                         modSet.add(new LDAPModification(LDAPModification.REPLACE, certAttr));
211                         log.debug("Replaced certificate in user entry; " + username+": "+dn);
212                     }
213                 } else {
214                     attributeSet.add(certAttr);
215                     log.debug("Added new certificate to user entry; " + username+": "+dn);
216                 }
217             } catch (CertificateEncodingException JavaDoc e) {
218                 String JavaDoc msg = intres.getLocalizedMessage("publisher.errorldapencodestore", "certificate");
219                 log.error(msg, e);
220                 throw new PublisherException(msg);
221             }
222         } else if ((type == CertificateDataBean.CERTTYPE_SUBCA) || (type == CertificateDataBean.CERTTYPE_ROOTCA)) {
223             log.debug("Publishing CA certificate to " + getHostname());
224
225             if (oldEntry != null) {
226                 modSet = getModificationSet(oldEntry, certdn, false, false);
227             } else {
228                 objectclass = getCAObjectClass(); // just used for logging
229
attributeSet = getAttributeSet(incert, getCAObjectClass(), certdn, true, false, password, extendedinformation);
230             }
231             try {
232                 attribute = getCACertAttribute();
233                 LDAPAttribute certAttr = new LDAPAttribute(getCACertAttribute(), incert.getEncoded());
234                 if (oldEntry != null) {
235                     modSet.add(new LDAPModification(LDAPModification.REPLACE, certAttr));
236                 } else {
237                     attributeSet.add(certAttr);
238                     // Also create using the crlattribute, it may be required
239
LDAPAttribute crlAttr = new LDAPAttribute(getCRLAttribute(), fakecrl);
240                     attributeSet.add(crlAttr);
241                     // Also create using the arlattribute, it may be required
242
LDAPAttribute arlAttr = new LDAPAttribute(getARLAttribute(), fakecrl);
243                     attributeSet.add(arlAttr);
244                     log.debug("Added (fake) attribute for CRL and ARL.");
245                 }
246             } catch (CertificateEncodingException JavaDoc e) {
247                 String JavaDoc msg = intres.getLocalizedMessage("publisher.errorldapencodestore", "certificate");
248                 log.error(msg, e);
249                 throw new PublisherException(msg);
250             }
251         } else {
252             String JavaDoc msg = intres.getLocalizedMessage("publisher.notpubltype", new Integer JavaDoc(type));
253             log.info(msg);
254             throw new PublisherException(msg);
255         }
256
257         // PART 3: MODIFICATION AND ADDITION OF NEW USERS
258
try {
259             lc.connect(getHostname(), Integer.parseInt(getPort()));
260             // authenticate to the server
261
lc.bind(ldapVersion, getLoginDN(), getLoginPassword().getBytes("UTF8"));
262             // Add or modify the entry
263
if (oldEntry != null && getModifyExistingUsers()) {
264                 LDAPModification[] mods = new LDAPModification[modSet.size()];
265                 mods = (LDAPModification[])modSet.toArray(mods);
266                 String JavaDoc oldDn = oldEntry.getDN();
267                 log.debug("Writing modification to DN: "+oldDn);
268                 lc.modify(oldDn, mods);
269                 String JavaDoc msg = intres.getLocalizedMessage("publisher.ldapmodify", "CERT", oldDn);
270                 log.info(msg);
271             } else {
272                 if(this.getCreateNonExisingUsers()){
273                   if (oldEntry == null) {
274                     newEntry = new LDAPEntry(dn, attributeSet);
275                     log.debug("Adding DN: "+dn);
276                     lc.add(newEntry);
277                     String JavaDoc msg = intres.getLocalizedMessage("publisher.ldapadd", "CERT", dn);
278                     log.info(msg);
279                   }
280                 }
281             }
282         } catch (LDAPException e) {
283             String JavaDoc msg = intres.getLocalizedMessage("publisher.errorldapstore", "certificate", attribute, objectclass, dn);
284             log.error(msg, e);
285             throw new PublisherException(msg);
286         } catch (UnsupportedEncodingException JavaDoc e) {
287             String JavaDoc msg = intres.getLocalizedMessage("publisher.errorpassword", getLoginPassword());
288             log.error(msg, e);
289             throw new PublisherException(msg);
290         } finally {
291             // disconnect with the server
292
try {
293                 lc.disconnect();
294             } catch (LDAPException e) {
295                 String JavaDoc msg = intres.getLocalizedMessage("publisher.errordisconnect", getLoginPassword());
296                 log.error(msg, e);
297             }
298         }
299         log.debug("<storeCertificate()");
300         return true;
301         
302     }
303     
304     /**
305      * @see org.ejbca.core.model.ca.publisher.BasePublisher
306      */

307     public boolean storeCRL(Admin admin, byte[] incrl, String JavaDoc cafp, int number) throws PublisherException{
308         int ldapVersion = LDAPConnection.LDAP_V3;
309         LDAPConnection lc = createLdapConnection();
310
311         X509CRL JavaDoc crl = null;
312         String JavaDoc dn = null;
313         String JavaDoc crldn = null;
314         try {
315             // Extract the users DN from the crl.
316
crl = CertTools.getCRLfromByteArray(incrl);
317             crldn = CertTools.getIssuerDN(crl);
318             dn = constructLDAPDN(CertTools.getIssuerDN(crl));
319         } catch (Exception JavaDoc e) {
320             String JavaDoc msg = intres.getLocalizedMessage("publisher.errorldapdecode", "CRL");
321             log.error(msg, e);
322             throw new PublisherException(msg);
323         }
324
325         // Check if the entry is already present, we will update it with the new certificate.
326
LDAPEntry oldEntry = searchOldEntity(null, ldapVersion, lc, dn);
327
328         LDAPEntry newEntry = null;
329         ArrayList JavaDoc modSet = new ArrayList JavaDoc();
330         LDAPAttributeSet attributeSet = null;
331
332         if (oldEntry != null) {
333             modSet = getModificationSet(oldEntry, crldn, false, false);
334         } else {
335             attributeSet = getAttributeSet(null, this.getCAObjectClass(), crldn, true, false, null,null);
336         }
337
338         try {
339             LDAPAttribute crlAttr = new LDAPAttribute(getCRLAttribute(), crl.getEncoded());
340             LDAPAttribute arlAttr = new LDAPAttribute(getARLAttribute(), crl.getEncoded());
341             if (oldEntry != null) {
342                 modSet.add(new LDAPModification(LDAPModification.REPLACE, crlAttr));
343                 modSet.add(new LDAPModification(LDAPModification.REPLACE, arlAttr));
344             } else {
345                 attributeSet.add(crlAttr);
346                 attributeSet.add(arlAttr);
347             }
348         } catch (CRLException JavaDoc e) {
349             String JavaDoc msg = intres.getLocalizedMessage("publisher.errorldapencodestore", "CRL");
350             log.error(msg, e);
351             throw new PublisherException(msg);
352         }
353         if (oldEntry == null) {
354             newEntry = new LDAPEntry(dn, attributeSet);
355         }
356         try {
357             // connect to the server
358
lc.connect(getHostname(), Integer.parseInt(getPort()));
359             // authenticate to the server
360
lc.bind(ldapVersion, getLoginDN(), getLoginPassword().getBytes("UTF8"));
361             // Add or modify the entry
362
if (oldEntry != null) {
363                 LDAPModification[] mods = new LDAPModification[modSet.size()];
364                 mods = (LDAPModification[])modSet.toArray(mods);
365                 lc.modify(dn, mods);
366                 String JavaDoc msg = intres.getLocalizedMessage("publisher.ldapmodify", "CRL", dn);
367                 log.info(msg);
368             } else {
369                 lc.add(newEntry);
370                 String JavaDoc msg = intres.getLocalizedMessage("publisher.ldapadd", "CRL", dn);
371                 log.info(msg);
372             }
373         } catch (LDAPException e) {
374             String JavaDoc msg = intres.getLocalizedMessage("publisher.errorldapstore", "CRL", getCRLAttribute(), getCAObjectClass(), dn);
375             log.error(msg, e);
376             throw new PublisherException(msg);
377         } catch (UnsupportedEncodingException JavaDoc e) {
378             String JavaDoc msg = intres.getLocalizedMessage("publisher.errorpassword", getLoginPassword());
379             log.error(msg, e);
380             throw new PublisherException(msg);
381         } finally {
382             // disconnect with the server
383
try {
384                 lc.disconnect();
385             } catch (LDAPException e) {
386                 String JavaDoc msg = intres.getLocalizedMessage("publisher.errordisconnect");
387                 log.error(msg, e);
388             }
389         }
390         return true;
391     }
392     
393     /**
394      * @see org.ejbca.core.model.ca.publisher.BasePublisher
395      */

396     public void revokeCertificate(Admin admin, Certificate JavaDoc cert, int reason) throws PublisherException{
397         log.debug(">revokeCertificate()");
398         // Check first if we should do anything then revoking
399
boolean removecert = getRemoveRevokedCertificates();
400         boolean removeuser = getRemoveUsersWhenCertRevoked();
401         if ( (!removecert) && (!removeuser) ) {
402             log.debug("The configuration for the publisher '" + getDescription() + "' does not allow removing of certificates or users.");
403             return;
404         }
405         if (removecert) log.debug("Removing user certificate from ldap");
406         if (removeuser) log.debug("Removing user entry from ldap");
407
408         int ldapVersion = LDAPConnection.LDAP_V3;
409         LDAPConnection lc = createLdapConnection();
410
411         String JavaDoc dn = null;
412         String JavaDoc certdn = null;
413         try {
414             // Extract the users DN from the cert.
415
certdn = CertTools.getSubjectDN((X509Certificate JavaDoc) cert);
416             dn = constructLDAPDN(certdn);
417         } catch (Exception JavaDoc e) {
418             String JavaDoc msg = intres.getLocalizedMessage("publisher.errorldapdecode", "certificate");
419             log.error(msg, e);
420             throw new PublisherException(msg);
421         }
422
423         // Check if the entry is already present, we will update it with the new certificate.
424
LDAPEntry oldEntry = searchOldEntity(null, ldapVersion, lc, dn);
425         
426         ArrayList JavaDoc modSet = new ArrayList JavaDoc();
427                                 
428         if (((X509Certificate JavaDoc) cert).getBasicConstraints() == -1) {
429             log.debug("Removing end user certificate from " + getHostname());
430
431             if (oldEntry != null) {
432                 if (removecert) {
433                     // Don't try to remove the cert if there does not exist any
434
LDAPAttribute oldAttr = oldEntry.getAttribute(getUserCertAttribute());
435                     if (oldAttr != null) {
436                         modSet = getModificationSet(oldEntry, certdn, false, true);
437                         LDAPAttribute attr = new LDAPAttribute(getUserCertAttribute());
438                         modSet.add(new LDAPModification(LDAPModification.DELETE, attr));
439                     } else {
440                         String JavaDoc msg = intres.getLocalizedMessage("publisher.inforevokenocert");
441                         log.info(msg);
442                     }
443                 }
444             } else {
445                 String JavaDoc msg = intres.getLocalizedMessage("publisher.errorrevokenoentry");
446                 log.error(msg);
447                 throw new PublisherException(msg);
448             }
449         } else {
450             log.debug("Not removing CA certificate from " + getHostname() + "Because of object class restrictions.");
451             // Currently removal of CA certificate isn't support because of object class restictions
452
/*
453             if (oldEntry != null) {
454                 modSet = getModificationSet(oldEntry, dn, false, false);
455                 modSet.add(new LDAPModification(LDAPModification.DELETE, new LDAPAttribute(getCACertAttribute())));
456             } else {
457                 log.error("Certificate doesn't exist in database");
458                 throw new PublisherException("Certificate doesn't exist in database");
459             }*/

460         }
461
462         try {
463         
464             lc.connect(getHostname(), Integer.parseInt(getPort()));
465             // authenticate to the server
466
lc.bind(ldapVersion, getLoginDN(), getLoginPassword().getBytes("UTF8"));
467             // Add or modify the entry
468
if (oldEntry != null && modSet != null && getModifyExistingUsers()) {
469                 if (removecert) {
470                     LDAPModification[] mods = new LDAPModification[modSet.size()];
471                     mods = (LDAPModification[])modSet.toArray(mods);
472                     lc.modify(dn, mods);
473                 }
474                 if (removeuser) {
475                     lc.delete(dn);
476                 }
477                 String JavaDoc msg = intres.getLocalizedMessage("publisher.ldapremove", dn);
478                 log.info(msg);
479             }
480         } catch (LDAPException e) {
481             String JavaDoc msg = intres.getLocalizedMessage("publisher.errorldapremove", dn);
482             log.error(msg, e);
483             throw new PublisherException(msg);
484         } catch (UnsupportedEncodingException JavaDoc e) {
485             String JavaDoc msg = intres.getLocalizedMessage("publisher.errorpassword", getLoginPassword());
486             log.error(msg, e);
487             throw new PublisherException(msg);
488         } finally {
489             // disconnect with the server
490
try {
491                 lc.disconnect();
492             } catch (LDAPException e) {
493                 String JavaDoc msg = intres.getLocalizedMessage("publisher.errordisconnect");
494                 log.error(msg, e);
495             }
496         }
497         log.debug("<revokeCertificate()");
498     }
499
500     /** SearchOldEntity is the only method differing between regular ldap and ldap search publishers.
501      * Aprat from how they find existing users, the publishing works the same.
502      */

503     protected LDAPEntry searchOldEntity(String JavaDoc username, int ldapVersion, LDAPConnection lc, String JavaDoc dn) throws PublisherException {
504         LDAPEntry oldEntry = null; // return value
505
try {
506             // connect to the server
507
lc.connect(getHostname(), Integer.parseInt(getPort()));
508             // authenticate to the server
509
lc.bind(ldapVersion, getLoginDN(), getLoginPassword().getBytes("UTF8"));
510             // try to read the old object
511
oldEntry = lc.read(dn);
512         } catch (LDAPException e) {
513             if (e.getResultCode() == LDAPException.NO_SUCH_OBJECT) {
514                 log.debug("No old entry exist for '" + dn + "'.");
515             } else {
516                 String JavaDoc msg = intres.getLocalizedMessage("publisher.errorldapbind", e.getMessage());
517                 log.error(msg, e);
518                 throw new PublisherException(msg);
519             }
520         } catch (UnsupportedEncodingException JavaDoc e) {
521             String JavaDoc msg = intres.getLocalizedMessage("publisher.errorpassword", getLoginPassword());
522             throw new PublisherException(msg);
523         } finally {
524             // disconnect with the server
525
try {
526                 lc.disconnect();
527             } catch (LDAPException e) {
528                 String JavaDoc msg = intres.getLocalizedMessage("publisher.errordisconnect");
529                 log.error(msg, e);
530             }
531         }
532         return oldEntry;
533     }
534     
535     /**
536      * @see org.ejbca.core.model.ca.publisher.BasePublisher
537      */

538     public void testConnection(Admin admin) throws PublisherConnectionException {
539         int ldapVersion = LDAPConnection.LDAP_V3;
540         LDAPConnection lc = null;
541         if(getUseSSL()){
542             lc = new LDAPConnection(new LDAPJSSESecureSocketFactory());
543         }else{
544             lc = new LDAPConnection();
545         }
546         
547         LDAPEntry entry = null;
548         try {
549             // connect to the server
550
lc.connect(getHostname(), Integer.parseInt(getPort()));
551             // authenticate to the server
552
lc.bind(ldapVersion, getLoginDN(), getLoginPassword().getBytes("UTF8"));
553             // try to read the old object
554
entry = lc.read(getBaseDN());
555             log.debug("Entry" + entry.toString());
556             if(entry == null) {
557                 String JavaDoc msg = intres.getLocalizedMessage("publisher.errornobinddn");
558                 throw new PublisherConnectionException(msg);
559             }
560         } catch (LDAPException e) {
561             String JavaDoc msg = intres.getLocalizedMessage("publisher.errorldapbind", e.getMessage());
562             log.error(msg, e);
563             throw new PublisherConnectionException(msg);
564         } catch (UnsupportedEncodingException JavaDoc e) {
565             String JavaDoc msg = intres.getLocalizedMessage("publisher.errorpassword", getLoginPassword());
566             log.error(msg, e);
567             throw new PublisherConnectionException(msg);
568         } finally {
569             // disconnect with the server
570
try {
571                 lc.disconnect();
572             } catch (LDAPException e) {
573                 String JavaDoc msg = intres.getLocalizedMessage("publisher.errordisconnect");
574                 log.error(msg, e);
575             }
576         }
577     }
578
579     protected LDAPConnection createLdapConnection() {
580         LDAPConnection lc;
581         if (getUseSSL()) {
582             lc = new LDAPConnection(new LDAPJSSESecureSocketFactory());
583         } else {
584             lc = new LDAPConnection();
585         }
586         return lc;
587     }
588
589     /**
590      * Returns the hostname of ldap server.
591      */

592     public String JavaDoc getHostname (){
593         return (String JavaDoc) data.get(HOSTNAME);
594     }
595
596     /**
597      * Sets the hostname of ldap server.
598      */

599     public void setHostname (String JavaDoc hostname){
600         data.put(HOSTNAME, hostname);
601     }
602     
603     /**
604      * Returns true if SSL connetion should be used.
605      */

606     public boolean getUseSSL (){
607         return ((Boolean JavaDoc) data.get(USESSL)).booleanValue();
608     }
609
610     /**
611      * Sets if SSL connetion should be used.
612      */

613     public void setUseSSL (boolean usessl){
614         data.put(USESSL, Boolean.valueOf(usessl));
615     }
616     
617     /**
618      * Returns the port of ldap server.
619      */

620     public String JavaDoc getPort (){
621         return (String JavaDoc) data.get(PORT);
622     }
623
624     /**
625      * Sets the port of ldap server.
626      */

627     public void setPort(String JavaDoc port){
628         data.put(PORT, port);
629     }
630     
631     /**
632      * Returns the basedn of ldap server.
633      */

634     public String JavaDoc getBaseDN(){
635         return (String JavaDoc) data.get(BASEDN);
636     }
637
638     /**
639      * Sets the basedn of ldap server.
640      */

641     public void setBaseDN(String JavaDoc basedn){
642         data.put(BASEDN, basedn);
643     }
644
645     /**
646      * Returns the logindn to the ldap server.
647      */

648     public String JavaDoc getLoginDN(){
649         return (String JavaDoc) data.get(LOGINDN);
650     }
651
652     /**
653      * Sets the logindn to the ldap server.
654      */

655     public void setLoginDN(String JavaDoc logindn){
656         data.put(LOGINDN, logindn);
657     }
658
659     /**
660      * Returns the loginpwd to the ldap server.
661      */

662     public String JavaDoc getLoginPassword(){
663         return (String JavaDoc) data.get(LOGINPASSWORD);
664     }
665
666     /**
667      * Sets the loginpwd to the ldap server.
668      */

669     public void setLoginPassword(String JavaDoc loginpwd){
670         data.put(LOGINPASSWORD, loginpwd);
671     }
672
673     /**
674      * Returns true if nonexisting users should be created
675      */

676     public boolean getCreateNonExisingUsers (){
677         return ((Boolean JavaDoc) data.get(CREATENONEXISTING)).booleanValue();
678     }
679
680     /**
681      * Sets if nonexisting users should be created.
682      */

683     public void setCreateNonExisingUsers (boolean createnonexistingusers){
684         data.put(CREATENONEXISTING, Boolean.valueOf(createnonexistingusers));
685     }
686     
687     /**
688      * Returns true if existing users should be modified.
689      */

690     public boolean getModifyExistingUsers (){
691         return ((Boolean JavaDoc) data.get(MODIFYEXISTING)).booleanValue();
692     }
693
694     /**
695      * Sets if existing users should be modified.
696      */

697     public void setModifyExistingUsers (boolean modifyexistingusers){
698         data.put(MODIFYEXISTING, Boolean.valueOf(modifyexistingusers));
699     }
700
701     /**
702      * Returns the user object class in the ldap instance
703      */

704     public String JavaDoc getUserObjectClass(){
705         return (String JavaDoc) data.get(USEROBJECTCLASS);
706     }
707
708     /**
709      * Sets the user object class in the ldap instance
710      */

711     public void setUserObjectClass(String JavaDoc userobjectclass){
712         data.put(USEROBJECTCLASS, userobjectclass);
713     }
714
715     /**
716      * Returns the CA object class in the ldap instance
717      */

718     public String JavaDoc getCAObjectClass(){
719         return (String JavaDoc) data.get(CAOBJECTCLASS);
720     }
721
722     /**
723      * Sets the CA object class in the ldap instance
724      */

725     public void setCAObjectClass(String JavaDoc caobjectclass){
726         data.put(CAOBJECTCLASS, caobjectclass);
727     }
728
729     /**
730      * Returns the user cert attribute in the ldap instance
731      */

732     public String JavaDoc getUserCertAttribute(){
733         return (String JavaDoc) data.get(USERCERTATTRIBUTE);
734     }
735
736     /**
737      * Sets the user cert attribute in the ldap instance
738      */

739     public void setUserCertAttribute(String JavaDoc usercertattribute){
740         data.put(USERCERTATTRIBUTE, usercertattribute);
741     }
742
743     /**
744      * Returns the ca cert attribute in the ldap instance
745      */

746     public String JavaDoc getCACertAttribute(){
747         return (String JavaDoc) data.get(CACERTATTRIBUTE);
748     }
749
750     /**
751      * Sets the ca cert attribute in the ldap instance
752      */

753     public void setCACertAttribute(String JavaDoc cacertattribute){
754         data.put(CACERTATTRIBUTE, cacertattribute);
755     }
756
757     /**
758      * Returns the CRL attribute in the ldap instance
759      */

760     public String JavaDoc getCRLAttribute(){
761         return (String JavaDoc) data.get(CRLATTRIBUTE);
762     }
763
764     /**
765      * Sets the CRL attribute in the ldap instance
766      */

767     public void setCRLAttribute(String JavaDoc crlattribute){
768         data.put(CRLATTRIBUTE, crlattribute);
769     }
770
771     /**
772      * Returns the ARL attribute in the ldap instance
773      */

774     public String JavaDoc getARLAttribute(){
775         return (String JavaDoc) data.get(ARLATTRIBUTE);
776     }
777
778     /**
779      * Sets the ARL attribute in the ldap instance
780      */

781     public void setARLAttribute(String JavaDoc arlattribute){
782         data.put(ARLATTRIBUTE, arlattribute);
783     }
784     
785     /**
786      * Method getting a collection of DNFieldExtractor constants indicating which
787      * fields of the x509 certificate DN that should be used in the LDAP DN.
788      *
789      * Valid values are DNFieldExtractor.E, .UID, .CN, .SN, .GIVENNAME, .SURNAME, .T, .OU, .L
790      * Other values should be defined in baseDN instead.
791      * If there exists multiple fields of the same type, then will all fields be mappen to LDAP dn.
792      *
793      * @return Collection of (Integer) containing DNFieldExtractor constants.
794      */

795     public Collection JavaDoc getUseFieldInLdapDN(){
796         return (Collection JavaDoc) data.get(USEFIELDINLDAPDN);
797     }
798
799     /**
800      * Method setting a collection of DNFieldExtractor constants indicating which
801      * fields of the x509 certificate DN that should be used in the LDAP DN.
802      *
803      * Valid values are DNFieldExtractor.E, .UID, .CN, .SN, .GIVENNAME, .SURNAME, .T, .OU, .L
804      * Other values should be defined in baseDN instead.
805      * If there exists multiple fields of the same type, then will all fields be mappen to LDAP dn.
806      *
807      * @return Collection of (Integer) containing DNFieldExtractor constants.
808      */

809     
810     public void setUseFieldInLdapDN(Collection JavaDoc usefieldinldapdn){
811         data.put(USEFIELDINLDAPDN, usefieldinldapdn);
812     }
813
814     /**
815      * Returns true if multiple certificates should be appended to existing user entries, instead of replacing.
816      */

817     public boolean getAddMultipleCertificates (){
818         return ((Boolean JavaDoc) data.get(ADDMULTIPLECERTIFICATES)).booleanValue();
819     }
820     /**
821      * Sets if multiple certificates should be appended to existing user entries, instead of replacing.
822      */

823     public void setAddMultipleCertificates (boolean appendcerts){
824         data.put(ADDMULTIPLECERTIFICATES, Boolean.valueOf(appendcerts));
825     }
826
827     public void setRemoveRevokedCertificates( boolean removerevoked ){
828         data.put(REMOVEREVOKED, Boolean.valueOf(removerevoked));
829     }
830     
831     public boolean getRemoveRevokedCertificates(){
832         boolean removerevoked = true; //-- default value
833
if ( data.get(REMOVEREVOKED) != null ) {
834             removerevoked = ((Boolean JavaDoc)data.get(REMOVEREVOKED)).booleanValue();
835         }
836         return removerevoked;
837     }
838     
839     public void setRemoveUsersWhenCertRevoked( boolean removeuser ){
840         data.put(REMOVEUSERONCERTREVOKE, Boolean.valueOf(removeuser));
841     }
842     
843     public boolean getRemoveUsersWhenCertRevoked(){
844         boolean removeuser = false; //-- default value
845
if ( data.get(REMOVEUSERONCERTREVOKE) != null ) {
846             removeuser = ((Boolean JavaDoc)data.get(REMOVEUSERONCERTREVOKE)).booleanValue();
847         }
848         return removeuser;
849     }
850
851     
852     // Private methods
853
/**
854      * Creates an LDAPAttributeSet.
855      *
856      * @param cert the certificate to use or null if no cert involved.
857      * @param objectclass the objectclass the attribute set should be of.
858      * @param dn dn of the LDAP entry.
859      * @param extra if we should add extra attributes except the objectclass to the attributeset.
860      * @param person true if this is a person-entry, false if it is a CA.
861      * @param password, currently only used for the AD publisher
862      * @param extendedinformation, for future use...
863      *
864      * @return LDAPAtributeSet created...
865      */

866     protected LDAPAttributeSet getAttributeSet(Certificate JavaDoc cert, String JavaDoc objectclass, String JavaDoc dn, boolean extra, boolean person,
867                                                String JavaDoc password, ExtendedInformation extendedinformation) {
868         log.debug(">getAttributeSet()");
869         LDAPAttributeSet attributeSet = new LDAPAttributeSet();
870         LDAPAttribute attr = new LDAPAttribute("objectclass");
871         // The full LDAP object tree is divided with ; in the objectclass
872
StringTokenizer JavaDoc token = new StringTokenizer JavaDoc(objectclass,";");
873         while (token.hasMoreTokens()) {
874             String JavaDoc value = token.nextToken();
875             log.debug("Adding objectclass value: "+value);
876             attr.addValue(value);
877         }
878         attributeSet.add(attr);
879
880         /* To Add an entry to the directory,
881          * -- Create the attributes of the entry and add them to an attribute set
882          * -- Specify the DN of the entry to be created
883          * -- Create an LDAPEntry object with the DN and the attribute set
884          * -- Call the LDAPConnection add method to add it to the directory
885          */

886         if (extra) {
887             String JavaDoc cn = CertTools.getPartFromDN(dn, "CN");
888             if (cn != null) {
889                 attributeSet.add(new LDAPAttribute("cn", cn));
890             }
891             String JavaDoc l = CertTools.getPartFromDN(dn, "L");
892             if (l != null) {
893                 attributeSet.add(new LDAPAttribute("l", l));
894             }
895             String JavaDoc ou = CertTools.getPartFromDN(dn, "OU");
896             if (ou != null) {
897                 attributeSet.add(new LDAPAttribute("ou", ou));
898             }
899             // Only persons have (normally) all these extra attributes.
900
// A CA might have them if you don't use the default objectClass, but we don't
901
// handle that case.
902
if (person) {
903                 // sn means surname in LDAP, and is required for persons
904
String JavaDoc sn = CertTools.getPartFromDN(dn, "SURNAME");
905                 if ( (sn == null) && (cn != null) ) {
906                     // Only construct this if we are the standard object class
907
if (getUserObjectClass().endsWith("inetOrgPerson")) {
908                         // Take surname to be the last part of the cn
909
int index = cn.lastIndexOf(' ');
910                         if (index <=0) {
911                             // If there is no natural sn, use cn since sn is required
912
sn = cn;
913                         } else {
914                             if (index < cn.length()) sn = cn.substring(index+1);
915                         }
916                     }
917                 }
918                 if (sn != null) {
919                     attributeSet.add(new LDAPAttribute("sn", sn));
920                 }
921                 // gn means givenname in LDAP, and is required for persons
922
String JavaDoc gn = CertTools.getPartFromDN(dn, "GIVENNAME");
923                 if ( (gn == null) && (cn != null) ) {
924                     // Only construct this if we are the standard object class
925
if (getUserObjectClass().endsWith("inetOrgPerson")) {
926                         // Take givenname to be the first part of the cn
927
int index = cn.indexOf(' ');
928                         if (index <=0) {
929                             // If there is no natural gn/sn, ignore gn if we are using sn
930
if (sn == null) gn = cn;
931                         } else {
932                             gn = cn.substring(0, index);
933                         }
934                     }
935                 }
936                 if (gn != null) {
937                     attributeSet.add(new LDAPAttribute("givenName", gn));
938                 }
939                 String JavaDoc st = CertTools.getPartFromDN(dn, "ST");
940                 if (st != null) {
941                     attributeSet.add(new LDAPAttribute("st", st));
942                 }
943                 String JavaDoc o = CertTools.getPartFromDN(dn, "O");
944                 if (o != null) {
945                     attributeSet.add(new LDAPAttribute("o", o));
946                 }
947                 String JavaDoc uid = CertTools.getPartFromDN(dn, "uid");
948                 if (uid != null) {
949                     attributeSet.add(new LDAPAttribute("uid", uid));
950                 }
951                 String JavaDoc initials = CertTools.getPartFromDN(dn, "initials");
952                 if (initials != null) {
953                     attributeSet.add(new LDAPAttribute("initials", initials));
954                 }
955                 String JavaDoc title = CertTools.getPartFromDN(dn, "T");
956                 if (title != null) {
957                     attributeSet.add(new LDAPAttribute("title", title));
958                 }
959                 // If we have selected to use the SN (serialNUmber DN field, we will also add it as an attribute
960
// This is not present in the normal objectClass (inetOrgPerson)
961
// Modifying the schema is as simple as adding serialNumber as MAY in the inetOrgPerson object class in inetorgperson.schema.
962
Collection JavaDoc usefields = getUseFieldInLdapDN();
963                 if (usefields.contains(new Integer JavaDoc(DNFieldExtractor.SN))) {
964                     String JavaDoc serno = CertTools.getPartFromDN(dn, "SN");
965                     if (serno != null) {
966                         attributeSet.add(new LDAPAttribute("serialNumber", serno));
967                     }
968                 }
969             }
970         }
971         log.debug("<getAttributeSet()");
972         return attributeSet;
973     } // getAttributeSet
974

975     
976     /**
977      * Creates an LDAPModificationSet.
978      *
979      * @param oldEntry the objectclass the attribute set should be of.
980      * @param dn dn of the LDAP entry.
981      * @param extra if we should add extra attributes except the objectclass to the
982      * modificationset.
983      * @param pserson true if this is a person-entry, false if it is a CA.
984      *
985      * @return LDAPModificationSet created...
986      */

987     protected ArrayList JavaDoc getModificationSet(LDAPEntry oldEntry, String JavaDoc dn, boolean extra, boolean person) {
988         log.debug(">getModificationSet()");
989         ArrayList JavaDoc modSet = new ArrayList JavaDoc();
990
991         // We get this, because we can not modify attributes that are present in the original DN
992
// i.e. if the ldap entry have a DN, we are not allowed to modify that
993
String JavaDoc oldDn = oldEntry.getDN();
994         
995         if (extra) {
996             String JavaDoc cn = CertTools.getPartFromDN(dn, "CN");
997             String JavaDoc oldcn = CertTools.getPartFromDN(oldDn, "CN");
998             if ( (cn != null) && (oldcn == null) ) {
999                 LDAPAttribute attr = new LDAPAttribute("cn", cn);
1000                modSet.add(new LDAPModification(LDAPModification.REPLACE, attr));
1001            }
1002            String JavaDoc l = CertTools.getPartFromDN(dn, "L");
1003            String JavaDoc oldl = CertTools.getPartFromDN(oldDn, "L");
1004            if ( (l != null) && (oldl == null) ) {
1005                LDAPAttribute attr = new LDAPAttribute("l", l);
1006                modSet.add(new LDAPModification(LDAPModification.REPLACE, attr));
1007            }
1008            String JavaDoc ou = CertTools.getPartFromDN(dn, "OU");
1009            String JavaDoc oldou = CertTools.getPartFromDN(oldDn, "OU");
1010            if ( (ou != null) && (oldou == null) ) {
1011                LDAPAttribute attr = new LDAPAttribute("ou", ou);
1012                modSet.add(new LDAPModification(LDAPModification.REPLACE, attr));
1013            }
1014            // Only persons have (normally) all these extra attributes.
1015
// A CA might have them if you don't use the default objectClass, but we don't
1016
// handle that case.
1017
if (person) {
1018                // sn means surname in LDAP, and is required for inetOrgPerson
1019
String JavaDoc sn = CertTools.getPartFromDN(dn, "SURNAME");
1020                if ( (sn == null) && (cn != null) ) {
1021                    // Only construct this if we are the standard object class
1022
if (getUserObjectClass().endsWith("inetOrgPerson")) {
1023                        // Take surname to be the last part of the cn
1024
int index = cn.lastIndexOf(' ');
1025                        if (index <=0) {
1026                            // If there is no natural sn, use cn since sn is required
1027
sn = cn;
1028                        } else {
1029                            if (index < cn.length()) sn = cn.substring(index+1);
1030                        }
1031                    }
1032                }
1033                if (sn != null) {
1034                    LDAPAttribute attr = new LDAPAttribute("sn", sn);
1035                    modSet.add(new LDAPModification(LDAPModification.REPLACE, attr));
1036                }
1037                // gn means givenname in LDAP, and is required for inetOrgPerson
1038
String JavaDoc gn = CertTools.getPartFromDN(dn, "GIVENNAME");
1039                if ( (gn == null) && (cn != null) ) {
1040                    // Only construct this if we are the standard object class
1041
if (getUserObjectClass().endsWith("inetOrgPerson")) {
1042                        // Take givenname to be the first part of the cn
1043
int index = cn.indexOf(' ');
1044                        if (index <=0) {
1045                            // If there is no natural gn/sn, ignore gn if we are using sn
1046
if (sn == null) gn = cn;
1047                        } else {
1048                            gn = cn.substring(0, index);
1049                        }
1050                    }
1051                }
1052                if (gn != null) {
1053                    LDAPAttribute attr = new LDAPAttribute("givenName", gn);
1054                    modSet.add(new LDAPModification(LDAPModification.REPLACE, attr));
1055                }
1056                String JavaDoc st = CertTools.getPartFromDN(dn, "ST");
1057                String JavaDoc oldst = CertTools.getPartFromDN(oldDn, "ST");
1058                if ( (st != null) && (oldst == null) ){
1059                    LDAPAttribute attr = new LDAPAttribute("st", st);
1060                    modSet.add(new LDAPModification(LDAPModification.REPLACE, attr));
1061                }
1062                String JavaDoc o = CertTools.getPartFromDN(dn, "O");
1063                String JavaDoc oldo = CertTools.getPartFromDN(oldDn, "O");
1064                if ( (o != null) && (oldo == null) ) {
1065                    LDAPAttribute attr = new LDAPAttribute("o", o);
1066                    modSet.add(new LDAPModification(LDAPModification.REPLACE, attr));
1067                }
1068                String JavaDoc uid = CertTools.getPartFromDN(dn, "uid");
1069                String JavaDoc olduid = CertTools.getPartFromDN(oldDn, "uid");
1070                if ( (uid != null) && (olduid == null) ) {
1071                    LDAPAttribute attr = new LDAPAttribute("uid", uid);
1072                    modSet.add(new LDAPModification(LDAPModification.REPLACE, attr));
1073                }
1074                String JavaDoc initials = CertTools.getPartFromDN(dn, "initials");
1075                if (initials != null) {
1076                    LDAPAttribute attr = new LDAPAttribute("initials", initials);
1077                    modSet.add(new LDAPModification(LDAPModification.REPLACE, attr));
1078                }
1079                String JavaDoc title = CertTools.getPartFromDN(dn, "T");
1080                if (title != null) {
1081                    LDAPAttribute attr = new LDAPAttribute("title", title);
1082                    modSet.add(new LDAPModification(LDAPModification.REPLACE, attr));
1083                }
1084                // If we have selected to use the SN (serialNUmber DN field, we will also add it as an attribute
1085
// This is not present in the normal objectClass (inetOrgPerson)
1086
Collection JavaDoc usefields = getUseFieldInLdapDN();
1087                if (usefields.contains(new Integer JavaDoc(DNFieldExtractor.SN))) {
1088                    String JavaDoc serno = CertTools.getPartFromDN(dn, "SN");
1089                    String JavaDoc oldserno = CertTools.getPartFromDN(oldDn, "SN");
1090                    if ( (serno != null) && (oldserno == null) ) {
1091                        LDAPAttribute attr = new LDAPAttribute("serialNumber", serno);
1092                        modSet.add(new LDAPModification(LDAPModification.REPLACE, attr));
1093                    }
1094                }
1095            }
1096        }
1097        log.debug("<getModificationSet()");
1098        return modSet;
1099    } // getModificationSet
1100

1101    protected String JavaDoc constructLDAPDN(String JavaDoc dn){
1102        String JavaDoc retval = "";
1103        DNFieldExtractor extractor = new DNFieldExtractor(dn,DNFieldExtractor.TYPE_SUBJECTDN);
1104        
1105        Collection JavaDoc usefields = getUseFieldInLdapDN();
1106        if(usefields instanceof List JavaDoc){
1107            Collections.sort((List JavaDoc) usefields);
1108        }
1109        Iterator JavaDoc iter = usefields.iterator();
1110        String JavaDoc dnField = null;
1111        while(iter.hasNext()){
1112            Integer JavaDoc next = (Integer JavaDoc) iter.next();
1113            dnField = extractor.getFieldString(next.intValue());
1114            if (StringUtils.isNotEmpty(dnField)) {
1115                if (dnField.startsWith("SN")) {
1116                    // This is SN in Bouncycastle, but it should be serialNumber in LDAP
1117
dnField = "serialNumber"+dnField.substring(2);
1118                }
1119                if (dnField.startsWith("E")) {
1120                    // This is E in Bouncycastle, but it should be mail in LDAP
1121
dnField = "mail"+dnField.substring(1);
1122                }
1123                if(retval.length() == 0) {
1124                    retval += dnField; // first item, don't start with a comma
1125
} else {
1126                    retval += "," + dnField;
1127                }
1128            }
1129        }
1130        retval = retval + "," + this.getBaseDN();
1131        log.debug("LdapPublisher: constructed DN: " + retval );
1132        return retval;
1133    }
1134    
1135    protected static byte[] fakecrlbytes = Base64.decode(
1136    ("MIIBKDCBkgIBATANBgkqhkiG9w0BAQUFADAvMQ8wDQYDVQQDEwZUZXN0Q0ExDzAN"+
1137    "BgNVBAoTBkFuYVRvbTELMAkGA1UEBhMCU0UXDTA0MDExMjE0MTQyMloXDTA0MDEx"+
1138    "MzE0MTQyMlqgLzAtMB8GA1UdIwQYMBaAFK1tyidIzx1qpuj5OjHl/0Ro8xTDMAoG"+
1139    "A1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBABBSCWRAX8xyWQSuZYqR9MC8t4/V"+
1140    "Tp4xTGJeT1OPlCfuyeHyjUdvdjB/TjTgc4EOJ7eIF7aQU8Mp6AcUAKil/qBlrTYa"+
1141    "EFVr0WDeh2Aglgm4klAFnoJjDWfjTP1NVFdN4GMizqAz/vdXOY3DaDmkwx24eaRw"+
1142    "7SzqXca4gE7f1GTO").getBytes());
1143    
1144    
1145        
1146    /**
1147     * @see org.ejbca.core.model.ca.publisher.BasePublisher#clone()
1148     */

1149    public Object JavaDoc clone() throws CloneNotSupportedException JavaDoc {
1150        LdapPublisher clone = new LdapPublisher();
1151        HashMap JavaDoc clonedata = (HashMap JavaDoc) clone.saveData();
1152
1153        Iterator JavaDoc i = (data.keySet()).iterator();
1154        while(i.hasNext()){
1155            Object JavaDoc key = i.next();
1156            clonedata.put(key, data.get(key));
1157        }
1158
1159        clone.loadData(clonedata);
1160        return clone;
1161        }
1162
1163    /* *
1164     * @see org.ejbca.core.model.ca.publisher.BasePublisher#getLatestVersion()
1165     */

1166    public float getLatestVersion() {
1167        return LATEST_VERSION;
1168    }
1169    
1170    /**
1171     * Implemtation of UpgradableDataHashMap function upgrade.
1172     */

1173    public void upgrade() {
1174        log.debug(">upgrade");
1175        if(Float.compare(LATEST_VERSION, getVersion()) != 0) {
1176            // New version of the class, upgrade
1177
String JavaDoc msg = intres.getLocalizedMessage("publisher.upgrade", new Float JavaDoc(getVersion()));
1178            log.info(msg);
1179            if(data.get(ADDMULTIPLECERTIFICATES) == null) {
1180                setAddMultipleCertificates(false);
1181            }
1182            if(data.get(REMOVEREVOKED) == null) {
1183                setRemoveRevokedCertificates(true);
1184            }
1185            if(data.get(REMOVEUSERONCERTREVOKE) == null) {
1186                setRemoveUsersWhenCertRevoked(false);
1187            }
1188            data.put(VERSION, new Float JavaDoc(LATEST_VERSION));
1189        }
1190        log.debug("<upgrade");
1191    }
1192
1193}
1194
Popular Tags