From 9defd2349274d077ad120d780a6fac5f6d594c7f Mon Sep 17 00:00:00 2001
From: Nicolas Capponi <nicolas.capponi@forgerock.com>
Date: Fri, 22 May 2015 15:58:46 +0000
Subject: [PATCH] OPENDJ-1631 CR-6864 Migrate server to SDK syntaxes
---
opendj-server-legacy/src/main/java/org/opends/server/schema/CertificateSyntax.java | 393 ++++++--------------------------------------------------
1 files changed, 43 insertions(+), 350 deletions(-)
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/schema/CertificateSyntax.java b/opendj-server-legacy/src/main/java/org/opends/server/schema/CertificateSyntax.java
index fcd6c25..11a17ae 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/schema/CertificateSyntax.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/schema/CertificateSyntax.java
@@ -27,27 +27,21 @@
*/
package org.opends.server.schema;
-import java.io.IOException;
+import static org.opends.server.schema.SchemaConstants.*;
+
import java.util.List;
-import org.forgerock.i18n.slf4j.LocalizedLogger;
-
-import org.opends.server.admin.server.ConfigurationChangeListener;
-import org.opends.server.admin.std.server.CertificateAttributeSyntaxCfg;
-import org.forgerock.opendj.ldap.schema.MatchingRule;
-import org.opends.server.api.AttributeSyntax;
-import org.forgerock.opendj.config.server.ConfigException;
-import org.opends.server.core.DirectoryServer;
-import org.forgerock.opendj.ldap.ByteSequence;
-import org.forgerock.opendj.config.server.ConfigChangeResult;
-import org.forgerock.opendj.io.ASN1;
-import org.forgerock.opendj.ldap.DecodeException;
-import org.forgerock.opendj.io.ASN1Reader;
-
-import static org.opends.messages.SchemaMessages.*;
import org.forgerock.i18n.LocalizableMessage;
-import org.forgerock.i18n.LocalizableMessageBuilder;
-import static org.opends.server.schema.SchemaConstants.*;
+import org.forgerock.opendj.config.server.ConfigChangeResult;
+import org.forgerock.opendj.config.server.ConfigException;
+import org.forgerock.opendj.ldap.Option;
+import org.forgerock.opendj.ldap.schema.Schema;
+import org.forgerock.opendj.ldap.schema.SchemaOptions;
+import org.forgerock.opendj.ldap.schema.Syntax;
+import org.opends.server.admin.server.ConfigurationChangeListener;
+import org.opends.server.admin.std.server.CertificateAttributeSyntaxCfg;
+import org.opends.server.api.AttributeSyntax;
+import org.opends.server.core.ServerContext;
/**
@@ -59,20 +53,11 @@
implements ConfigurationChangeListener<CertificateAttributeSyntaxCfg>
{
- private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
-
- /** The default equality matching rule for this syntax. */
- private MatchingRule defaultEqualityMatchingRule;
-
- /** The default ordering matching rule for this syntax. */
- private MatchingRule defaultOrderingMatchingRule;
-
- /** The default substring matching rule for this syntax. */
- private MatchingRule defaultSubstringMatchingRule;
-
/** The current configuration. */
private volatile CertificateAttributeSyntaxCfg config;
+ private ServerContext serverContext;
+
/**
* Creates a new instance of this syntax. Note that the only thing that
* should be done here is to invoke the default constructor for the
@@ -85,38 +70,37 @@
}
/** {@inheritDoc} */
- public void initializeSyntax(CertificateAttributeSyntaxCfg configuration)
+ @Override
+ public void initializeSyntax(CertificateAttributeSyntaxCfg configuration, ServerContext serverContext)
throws ConfigException
{
- defaultEqualityMatchingRule =
- DirectoryServer.getMatchingRule(EMR_CERTIFICATE_EXACT_OID);
- if (defaultEqualityMatchingRule == null)
- {
- logger.error(ERR_ATTR_SYNTAX_UNKNOWN_EQUALITY_MATCHING_RULE,
- EMR_CERTIFICATE_EXACT_OID, SYNTAX_CERTIFICATE_NAME);
- }
-
- defaultOrderingMatchingRule =
- DirectoryServer.getMatchingRule(OMR_OCTET_STRING_OID);
- if (defaultOrderingMatchingRule == null)
- {
- logger.error(ERR_ATTR_SYNTAX_UNKNOWN_ORDERING_MATCHING_RULE,
- OMR_OCTET_STRING_OID, SYNTAX_CERTIFICATE_NAME);
- }
-
- defaultSubstringMatchingRule =
- DirectoryServer.getMatchingRule(SMR_OCTET_STRING_OID);
- if (defaultSubstringMatchingRule == null)
- {
- logger.error(ERR_ATTR_SYNTAX_UNKNOWN_SUBSTRING_MATCHING_RULE,
- SMR_OCTET_STRING_OID, SYNTAX_CERTIFICATE_NAME);
- }
-
this.config = configuration;
+ this.serverContext = serverContext;
+ updateNewSchema();
config.addCertificateChangeListener(this);
}
+ /** Update the option in new schema if it changes from current value. */
+ private void updateNewSchema()
+ {
+ Option<Boolean> option = SchemaOptions.ALLOW_MALFORMED_CERTIFICATES;
+ if (config.isStrictFormat() == serverContext.getSchemaNG().getOption(option))
+ {
+ SchemaUpdater schemaUpdater = serverContext.getSchemaUpdater();
+ schemaUpdater.updateSchema(
+ schemaUpdater.getSchemaBuilder().setOption(option, !config.isStrictFormat()).toSchema());
+ }
+ }
+
/** {@inheritDoc} */
+ @Override
+ public Syntax getSDKSyntax(Schema schema)
+ {
+ return schema.getSyntax(SchemaConstants.SYNTAX_CERTIFICATE_OID);
+ }
+
+ /** {@inheritDoc} */
+ @Override
public boolean isConfigurationChangeAcceptable(
CertificateAttributeSyntaxCfg configuration,
List<LocalizableMessage> unacceptableReasons)
@@ -126,10 +110,12 @@
}
/** {@inheritDoc} */
+ @Override
public ConfigChangeResult applyConfigurationChange(
CertificateAttributeSyntaxCfg configuration)
{
this.config = configuration;
+ updateNewSchema();
return new ConfigChangeResult();
}
@@ -138,6 +124,7 @@
*
* @return The common name for this attribute syntax.
*/
+ @Override
public String getName()
{
return SYNTAX_CERTIFICATE_NAME;
@@ -148,6 +135,7 @@
*
* @return The OID for this attribute syntax.
*/
+ @Override
public String getOID()
{
return SYNTAX_CERTIFICATE_OID;
@@ -158,305 +146,10 @@
*
* @return A description for this attribute syntax.
*/
+ @Override
public String getDescription()
{
return SYNTAX_CERTIFICATE_DESCRIPTION;
}
-
- /**
- * Retrieves the default equality matching rule that will be used for
- * attributes with this syntax.
- *
- * @return The default equality matching rule that will be used for
- * attributes with this syntax, or <CODE>null</CODE> if equality
- * matches will not be allowed for this type by default.
- */
- public MatchingRule getEqualityMatchingRule()
- {
- return defaultEqualityMatchingRule;
- }
-
- /**
- * Retrieves the default ordering matching rule that will be used for
- * attributes with this syntax.
- *
- * @return The default ordering matching rule that will be used for
- * attributes with this syntax, or <CODE>null</CODE> if ordering
- * matches will not be allowed for this type by default.
- */
- public MatchingRule getOrderingMatchingRule()
- {
- return defaultOrderingMatchingRule;
- }
-
- /**
- * Retrieves the default substring matching rule that will be used for
- * attributes with this syntax.
- *
- * @return The default substring matching rule that will be used for
- * attributes with this syntax, or <CODE>null</CODE> if substring
- * matches will not be allowed for this type by default.
- */
- public MatchingRule getSubstringMatchingRule()
- {
- return defaultSubstringMatchingRule;
- }
-
- /**
- * Retrieves the default approximate matching rule that will be used for
- * attributes with this syntax.
- *
- * @return The default approximate matching rule that will be used for
- * attributes with this syntax, or <CODE>null</CODE> if approximate
- * matches will not be allowed for this type by default.
- */
- public MatchingRule getApproximateMatchingRule()
- {
- // There is no approximate matching rule by default.
- return null;
- }
-
- /**
- * Indicates whether the provided value is acceptable for use in an attribute
- * with this syntax. If it is not, then the reason may be appended to the
- * provided buffer.
- *
- * @param value The value for which to make the determination.
- * @param invalidReason The buffer to which the invalid reason should be
- * appended.
- *
- * @return <CODE>true</CODE> if the provided value is acceptable for use with
- * this syntax, or <CODE>false</CODE> if not.
- */
- public boolean valueIsAcceptable(ByteSequence value,
- LocalizableMessageBuilder invalidReason)
- {
- // Skip validation if strict validation is disabled.
- if (!config.isStrictFormat())
- {
- return true;
- }
-
- // Validate the ByteSequence against the definitions of X.509, clause 7
- long x509Version=0;
- ASN1Reader reader = ASN1.getReader(value);
- try
- {
- // Certificate SIGNED SEQUENCE
- if (!reader.hasNextElement() ||
- reader.peekType() != ASN1.UNIVERSAL_SEQUENCE_TYPE)
- {
- invalidReason.append(ERR_SYNTAX_CERTIFICATE_NOTVALID.get());
- return false;
- }
- reader.readStartSequence();
-
- // CertificateContent SEQUENCE
- if (!reader.hasNextElement() ||
- reader.peekType() != ASN1.UNIVERSAL_SEQUENCE_TYPE)
- {
- invalidReason.append(ERR_SYNTAX_CERTIFICATE_NOTVALID.get());
- return false;
- }
- reader.readStartSequence();
-
- // Optional Version
- if (reader.hasNextElement() &&
- reader.peekType() == (ASN1.TYPE_MASK_CONTEXT | ASN1.TYPE_MASK_CONSTRUCTED))
- {
- reader.readStartExplicitTag();
- if (!reader.hasNextElement() ||
- reader.peekType() != ASN1.UNIVERSAL_INTEGER_TYPE)
- {
- invalidReason.append(ERR_SYNTAX_CERTIFICATE_NOTVALID.get());
- return false;
- }
- x509Version=reader.readInteger();
- if (x509Version < 0 || x509Version >2)
- {
- // invalid Version specified
- invalidReason.append(ERR_SYNTAX_CERTIFICATE_INVALID_VERSION
- .get(x509Version));
- return false;
- }
- if (x509Version == 0)
- {
- // DEFAULT values shall not be included in DER encoded SEQUENCE
- // (X.690, 11.5)
- invalidReason.append(ERR_SYNTAX_CERTIFICATE_INVALID_DER.get());
- return false;
- }
- reader.readEndExplicitTag();
- }
-
- // serialNumber
- if (!reader.hasNextElement() ||
- reader.peekType() != ASN1.UNIVERSAL_INTEGER_TYPE)
- {
- invalidReason.append(ERR_SYNTAX_CERTIFICATE_NOTVALID.get());
- return false;
- }
- reader.skipElement();
-
- // signature AlgorithmIdentifier
- if (!reader.hasNextElement() ||
- reader.peekType() != ASN1.UNIVERSAL_SEQUENCE_TYPE)
- {
- invalidReason.append(ERR_SYNTAX_CERTIFICATE_NOTVALID.get());
- return false;
- }
- reader.skipElement();
-
- // issuer name (SEQUENCE as of X.501, 9.2)
- if (!reader.hasNextElement() ||
- reader.peekType() != ASN1.UNIVERSAL_SEQUENCE_TYPE)
- {
- invalidReason.append(ERR_SYNTAX_CERTIFICATE_NOTVALID.get());
- return false;
- }
- reader.skipElement();
-
- // validity (SEQUENCE)
- if (!reader.hasNextElement() ||
- reader.peekType() != ASN1.UNIVERSAL_SEQUENCE_TYPE)
- {
- invalidReason.append(ERR_SYNTAX_CERTIFICATE_NOTVALID.get());
- return false;
- }
- reader.skipElement();
-
- // subject name (SEQUENCE as of X.501, 9.2)
- if (!reader.hasNextElement() ||
- reader.peekType() != ASN1.UNIVERSAL_SEQUENCE_TYPE)
- {
- invalidReason.append(ERR_SYNTAX_CERTIFICATE_NOTVALID.get());
- return false;
- }
- reader.skipElement();
-
- // SubjectPublicKeyInfo (SEQUENCE)
- if (!reader.hasNextElement() ||
- reader.peekType() != ASN1.UNIVERSAL_SEQUENCE_TYPE)
- {
- invalidReason.append(ERR_SYNTAX_CERTIFICATE_NOTVALID.get());
- return false;
- }
- reader.skipElement();
-
- // OPTIONAL issuerUniqueIdentifier
- if (reader.hasNextElement() &&
- reader.peekType() == (ASN1.TYPE_MASK_CONTEXT + 1))
- {
- if (x509Version < 1)
- {
- // only valid in v2 and v3
- invalidReason.append(ERR_SYNTAX_CERTIFICATE_NOTVALID.get());
- return false;
- }
- reader.skipElement();
- }
-
- // OPTIONAL subjectUniqueIdentifier
- if (reader.hasNextElement() &&
- reader.peekType() == (ASN1.TYPE_MASK_CONTEXT + 2))
- {
- if (x509Version < 1)
- {
- // only valid in v2 and v3
- invalidReason.append(ERR_SYNTAX_CERTIFICATE_NOTVALID.get());
- return false;
- }
- reader.skipElement();
- }
-
- // OPTIONAL extensions
- if (reader.hasNextElement() &&
- reader.peekType() == ((ASN1.TYPE_MASK_CONTEXT|ASN1.TYPE_MASK_CONSTRUCTED) + 3))
- {
- if (x509Version < 2)
- {
- // only valid in v3
- invalidReason.append(ERR_SYNTAX_CERTIFICATE_NOTVALID.get());
- return false;
- }
- reader.readStartExplicitTag(); // read Tag
- if (!reader.hasNextElement() ||
- reader.peekType() != ASN1.UNIVERSAL_SEQUENCE_TYPE)
- {
- // only valid in v3
- invalidReason.append(ERR_SYNTAX_CERTIFICATE_NOTVALID.get());
- return false;
- }
- reader.readEndExplicitTag(); // read end Tag
- }
-
- // There should not be any further ASN.1 elements within this SEQUENCE
- if (reader.hasNextElement())
- {
- invalidReason.append(ERR_SYNTAX_CERTIFICATE_NOTVALID.get());
- return false;
- }
- reader.readEndSequence(); // End CertificateContent SEQUENCE
-
- // AlgorithmIdentifier SEQUENCE
- if (!reader.hasNextElement() ||
- reader.peekType() != ASN1.UNIVERSAL_SEQUENCE_TYPE)
- {
- invalidReason.append(ERR_SYNTAX_CERTIFICATE_NOTVALID.get());
- return false;
- }
- reader.skipElement();
-
- // ENCRYPTED HASH BIT STRING
- if (!reader.hasNextElement() ||
- reader.peekType() != ASN1.UNIVERSAL_BIT_STRING_TYPE)
- {
- invalidReason.append(ERR_SYNTAX_CERTIFICATE_NOTVALID.get());
- return false;
- }
- reader.skipElement();
-
- // There should not be any further ASN.1 elements within this SEQUENCE
- if (reader.hasNextElement())
- {
- invalidReason.append(ERR_SYNTAX_CERTIFICATE_NOTVALID.get());
- return false;
- }
- reader.readEndSequence(); // End Certificate SEQUENCE
-
- // There should not be any further ASN.1 elements
- if (reader.hasNextElement())
- {
- invalidReason.append(ERR_SYNTAX_CERTIFICATE_NOTVALID.get());
- return false;
- }
- // End of the certificate
- }
- catch (DecodeException e)
- {
- invalidReason.append(e.getMessageObject());
- return false;
- }
- catch (IOException e)
- {
- invalidReason.append(e.getMessage());
- return false;
- }
-
- // The basic structure of the value is an X.509 certificate
- return true;
- }
-
- /** {@inheritDoc} */
- public boolean isBEREncodingRequired()
- {
- return true;
- }
-
- /** {@inheritDoc} */
- public boolean isHumanReadable()
- {
- return false;
- }
}
--
Gitblit v1.10.0