From e8eb092def2d2608ec793da5547b692acac2ccd8 Mon Sep 17 00:00:00 2001
From: jvergara <jvergara@localhost>
Date: Tue, 09 Oct 2007 16:26:19 +0000
Subject: [PATCH] Remove references to the classes ConfigConstants and CryptoManager in ADSContext. The use of these classes in the code can lead to a blocking in the Java Web Start installer. They have been moved to ADSContextHelper, which assumes that all the jars have been downloaded.
---
opends/src/ads/org/opends/admin/ads/ADSContextHelper.java | 238 ++++++++++++++++++++++++++++++++++++++++++++++-------------
1 files changed, 186 insertions(+), 52 deletions(-)
diff --git a/opends/src/ads/org/opends/admin/ads/ADSContextHelper.java b/opends/src/ads/org/opends/admin/ads/ADSContextHelper.java
index 953f4b2..b643ba6 100644
--- a/opends/src/ads/org/opends/admin/ads/ADSContextHelper.java
+++ b/opends/src/ads/org/opends/admin/ads/ADSContextHelper.java
@@ -27,15 +27,30 @@
package org.opends.admin.ads;
+import java.util.Map;
import java.util.SortedSet;
+import java.util.TreeSet;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.BasicAttribute;
+import javax.naming.directory.BasicAttributes;
+import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
+import javax.naming.ldap.LdapName;
+import javax.naming.ldap.Rdn;
+import org.opends.admin.ads.ADSContext.ServerProperty;
import org.opends.server.admin.ManagedObjectNotFoundException;
import org.opends.server.admin.client.ManagementContext;
import org.opends.server.admin.client.ldap.JNDIDirContextAdaptor;
import org.opends.server.admin.client.ldap.LDAPManagementContext;
import org.opends.server.admin.std.client.*;
+import org.opends.server.admin.std.meta.BackendCfgDefn;
+import org.opends.server.admin.std.meta.LDIFBackendCfgDefn;
+import org.opends.server.config.ConfigConstants;
+import org.opends.server.types.CryptoManager;
import org.opends.server.types.DN;
/**
@@ -113,59 +128,178 @@
* @param ctx the DirContext to be used.
* @param backendName the name of the backend where the administration
* suffix is stored.
- * @param dbDirectory the path of the backend where the administration
- * suffix is stored (will be used if the backend must be created).
- * @param importTempDirectory the path of the backend where the temporary
- * files of import are stored (will be used if the backend must be created).
* @throws ADSContextException if the administration suffix could not be
* created.
*/
-// public void createAdministrationSuffix(InitialLdapContext ctx,
-// String backendName, String dbDirectory, String importTempDirectory)
-// throws ADSContextException
-// {
-// try
-// {
-// ManagementContext mCtx = LDAPManagementContext.createFromContext(
-// JNDIDirContextAdaptor.adapt(ctx));
-// RootCfgClient root = mCtx.getRootConfiguration();
-// JEBackendCfgClient backend = null;
-// try
-// {
-// backend = (JEBackendCfgClient)root.getBackend(backendName);
-// }
-// catch (ManagedObjectNotFoundException e)
-// {
-// }
-// catch (ClassCastException cce)
-// {
-// throw new ADSContextException(
-// ADSContextException.ErrorType.UNEXPECTED_ADS_BACKEND_TYPE, cce);
-// }
-// if (backend == null)
-// {
-// JEBackendCfgDefn provider = JEBackendCfgDefn.getInstance();
-// backend = root.createBackend(provider, backendName, null);
-// backend.setBackendEnabled(true);
-// backend.setBackendId(backendName);
-// backend.setBackendDirectory(dbDirectory);
-// backend.setBackendImportTempDirectory(importTempDirectory);
-// backend.setBackendWritabilityMode(
-// BackendCfgDefn.BackendWritabilityMode.ENABLED);
-// }
-// SortedSet<DN> suffixes = backend.getBackendBaseDN();
-// if (suffixes == null)
-// {
-// suffixes = new TreeSet<DN>();
-// }
-// suffixes.add(DN.decode(ADSContext.getAdministrationSuffixDN()));
-// backend.setBackendBaseDN(suffixes);
-// backend.commit();
-// }
-// catch (Throwable t)
-// {
-// throw new ADSContextException(
-// ADSContextException.ErrorType.ERROR_UNEXPECTED, t);
-// }
-// }
+ public void createAdministrationSuffix(InitialLdapContext ctx,
+ String backendName)
+ throws ADSContextException
+ {
+ try
+ {
+ ManagementContext mCtx = LDAPManagementContext.createFromContext(
+ JNDIDirContextAdaptor.adapt(ctx));
+ RootCfgClient root = mCtx.getRootConfiguration();
+ LDIFBackendCfgClient backend = null;
+ try
+ {
+ backend = (LDIFBackendCfgClient)root.getBackend(backendName);
+ }
+ catch (ManagedObjectNotFoundException e)
+ {
+ }
+ catch (ClassCastException cce)
+ {
+ throw new ADSContextException(
+ ADSContextException.ErrorType.UNEXPECTED_ADS_BACKEND_TYPE, cce);
+ }
+ if (backend == null)
+ {
+ LDIFBackendCfgDefn provider = LDIFBackendCfgDefn.getInstance();
+ backend = root.createBackend(provider, backendName, null);
+ backend.setEnabled(true);
+ backend.setBackendId(backendName);
+ backend.setWritabilityMode(BackendCfgDefn.WritabilityMode.ENABLED);
+ }
+ SortedSet<DN> suffixes = backend.getBaseDN();
+ if (suffixes == null)
+ {
+ suffixes = new TreeSet<DN>();
+ }
+ DN newDN = DN.decode(ADSContext.getAdministrationSuffixDN());
+ if (suffixes.contains(newDN))
+ {
+ suffixes.add(newDN);
+ backend.setBaseDN(suffixes);
+ backend.commit();
+ }
+ }
+ catch (Throwable t)
+ {
+ throw new ADSContextException(
+ ADSContextException.ErrorType.ERROR_UNEXPECTED, t);
+ }
+ }
+
+ /**
+ Register instance key-pair public-key certificate provided in
+ serverProperties: generate a key-id attribute if one is not provided (as
+ expected); add an instance key public-key certificate entry for the key
+ certificate; and associate the certificate entry with the server entry via
+ the key ID attribute.
+ @param ctx the InitialLdapContext on the server we want to update.
+ @param serverProperties Properties of the server being registered to which
+ the instance key entry belongs.
+ @param serverEntryDn The server's ADS entry DN.
+ @throws ADSContextException In case some JNDI operation fails or there is a
+ problem getting the instance public key certificate ID.
+ */
+ public void registerInstanceKeyCertificate(
+ InitialLdapContext ctx, Map<ServerProperty, Object> serverProperties,
+ LdapName serverEntryDn)
+ throws ADSContextException {
+ assert serverProperties.containsKey(
+ ServerProperty.INSTANCE_PUBLIC_KEY_CERTIFICATE);
+ if (! serverProperties.containsKey(
+ ServerProperty.INSTANCE_PUBLIC_KEY_CERTIFICATE)) {
+ return;
+ }
+
+ /* the key ID might be supplied in serverProperties (although, I am unaware
+ of any such case). */
+ String keyID = (String)serverProperties.get(ServerProperty.INSTANCE_KEY_ID);
+
+ /* these attributes are used both to search for an existing certificate
+ entry and, if one does not exist, add a new certificate entry */
+ final BasicAttributes keyAttrs = new BasicAttributes();
+ final Attribute oc = new BasicAttribute("objectclass");
+ oc.add("top"); oc.add("ds-cfg-instance-key");
+ keyAttrs.put(oc);
+ if (null != keyID) {
+ keyAttrs.put(new BasicAttribute(
+ ServerProperty.INSTANCE_KEY_ID.getAttributeName(), keyID));
+ }
+ keyAttrs.put(new BasicAttribute(
+ ServerProperty.INSTANCE_PUBLIC_KEY_CERTIFICATE.getAttributeName()
+ + ";binary",
+ serverProperties.get(
+ ServerProperty.INSTANCE_PUBLIC_KEY_CERTIFICATE)));
+
+ /* search for public-key certificate entry in ADS DIT */
+ final String attrIDs[] = { "ds-cfg-key-id" };
+ try
+ {
+ final NamingEnumeration<SearchResult> results = ctx.search(
+ ADSContext.getInstanceKeysContainerDN(), keyAttrs, attrIDs);
+ if (results.hasMore()) {
+ final Attribute keyIdAttr =
+ results.next().getAttributes().get(attrIDs[0]);
+ if (null != keyIdAttr) {
+ /* attribute ds-cfg-key-id is the entry is a MUST in the schema */
+ keyID = (String)keyIdAttr.get();
+ }
+ }
+ /* TODO: It is possible (but unexpected) that the caller specifies a
+ ds-cfg-key-id value for which there is a certificate entry in ADS, but
+ the certificate value does not match that supplied by the caller. The
+ above search would not return the entry, but the below attempt to add
+ an new entry with the supplied ds-cfg-key-id will fail (throw a
+ NameAlreadyBoundException) */
+ else {
+ /* create key ID, if it was not supplied in serverProperties */
+ if (null == keyID) {
+ keyID = CryptoManager.getInstanceKeyID(
+ (byte[])serverProperties.get(
+ ServerProperty.INSTANCE_PUBLIC_KEY_CERTIFICATE));
+ keyAttrs.put(new BasicAttribute(
+ ServerProperty.INSTANCE_KEY_ID.getAttributeName(), keyID));
+ }
+
+ /* add public-key certificate entry */
+ final LdapName keyDn = new LdapName((new StringBuilder())
+ .append(ServerProperty.INSTANCE_KEY_ID.getAttributeName())
+ .append("=").append(Rdn.escapeValue(keyID)).append(",")
+ .append(ADSContext.getInstanceKeysContainerDN()).toString());
+ ctx.createSubcontext(keyDn, keyAttrs).close();
+ }
+
+ /* associate server entry with certificate entry via key ID attribute */
+ ctx.modifyAttributes(serverEntryDn,
+ InitialLdapContext.REPLACE_ATTRIBUTE,
+ (new BasicAttributes(
+ ServerProperty.INSTANCE_KEY_ID.getAttributeName(), keyID)));
+ }
+ catch (NamingException ne)
+ {
+ throw new ADSContextException(
+ ADSContextException.ErrorType.ERROR_UNEXPECTED, ne);
+ }
+ catch (CryptoManager.CryptoManagerException cme)
+ {
+ throw new ADSContextException(
+ ADSContextException.ErrorType.ERROR_UNEXPECTED, cme);
+ }
+ }
+
+ /**
+ * Returns the crypto instance key objectclass name as defined in
+ * ConfigConstants.
+ * @return the crypto instance key objectclass name as defined in
+ * ConfigConstants.
+ */
+ public String getOcCryptoInstanceKey()
+ {
+ return ConfigConstants.OC_CRYPTO_INSTANCE_KEY;
+ }
+
+ /**
+ * Returns the crypto key compromised time attribute name as defined in
+ * ConfigConstants.
+ * @return the crypto key compromised time attribute name as defined in
+ * ConfigConstants.
+ */
+ public String getAttrCryptoKeyCompromisedTime()
+ {
+ return ConfigConstants.ATTR_CRYPTO_KEY_COMPROMISED_TIME;
+ }
}
--
Gitblit v1.10.0