Package com.netscape.cms.ocsp
Class LDAPStore
- java.lang.Object
-
- com.netscape.cms.ocsp.LDAPStore
-
- All Implemented Interfaces:
IExtendedPluginInfo
,ISubsystem
,IDefStore
,IOCSPStore
public class LDAPStore extends java.lang.Object implements IDefStore, IExtendedPluginInfo
This is the LDAP OCSP store. It reads CA certificate and revocation list attributes from the CA entry.- Version:
- $Revision$, $Date$
-
-
Field Summary
Fields Modifier and Type Field Description protected java.util.Hashtable<java.lang.String,java.lang.Long>
mReqCounts
-
Fields inherited from interface com.netscape.certsrv.base.IExtendedPluginInfo
HELP_TEXT, HELP_TOKEN
-
-
Constructor Summary
Constructors Constructor Description LDAPStore()
Constructs the default store.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addCRLIssuingPoint(java.lang.String name, ICRLIssuingPointRecord rec)
This method adds a CRL issuing pointvoid
addRepository(java.lang.String name, java.lang.String thisUpdate, IRepositoryRecord rec)
This method adds a request to the default OCSP store repository.ICRLIssuingPointRecord
createCRLIssuingPointRecord(java.lang.String name, java.math.BigInteger crlNumber, java.lang.Long crlSize, java.util.Date thisUpdate, java.util.Date nextUpdate)
This method creates a CRL issuing point record.IRepositoryRecord
createRepositoryRecord()
This method creates a an OCSP default store repository record.void
deleteCRLIssuingPointRecord(java.lang.String id)
This method deletes a CRL issuing point recordNameValuePairs
getConfigParameters()
Provides configuration parameters.IConfigStore
getConfigStore()
Returns the root configuration storage of this system.java.lang.String[]
getExtendedPluginInfo(java.util.Locale locale)
This method returns an array of strings.java.lang.String
getId()
Retrieves the name of this subsystem.long
getReqCount(java.lang.String id)
This method retrieves the number of OCSP requests since startup.int
getStateCount()
This method retrieves the number of CRL updates since startup.boolean
includeNextUpdate()
void
incReqCount(java.lang.String id)
void
init(ISubsystem owner, IConfigStore config)
Fetch CA certificate and CRL from LDAP server.boolean
isNotFoundGood()
This method checks to see if the OCSP response should return good when the certificate is not found.boolean
isNotFoundGood1()
X509CertImpl
locateCACert(netscape.ldap.LDAPConnection conn, java.lang.String baseDN)
Locates the CA certificate.X509CRLImpl
locateCRL(netscape.ldap.LDAPConnection conn, java.lang.String baseDN)
Locates the CRL.void
log(int level, java.lang.String msg)
ICRLIssuingPointRecord
readCRLIssuingPoint(java.lang.String name)
This method attempts to read the CRL issuing point.java.util.Enumeration<ICRLIssuingPointRecord>
searchAllCRLIssuingPointRecord(int maxSize)
This method searches all CRL issuing points.java.util.Enumeration<ICRLIssuingPointRecord>
searchCRLIssuingPointRecord(java.lang.String filter, int maxSize)
This method searches all CRL issuing points constrained by the specified filtering mechanism.void
setConfigParameters(NameValuePairs pairs)
This method stores the configuration parameters specified by the passed-in Name Value pairs object.void
setId(java.lang.String id)
Sets specific to this subsystem.void
shutdown()
Stops this system.void
startup()
Notifies this subsystem if owner is in running mode.void
updateCRL(java.security.cert.X509CRL crl)
This method updates the specified CRL.void
updateCRLHash(X509CertImpl caCert, X509CRLImpl crl)
OCSPResponse
validate(OCSPRequest request)
Validate an OCSP request.boolean
waitOnCRLUpdate()
This method specifies whether or not to wait for the Certificate Revocation List (CRL) to be updated.
-
-
-
Method Detail
-
getExtendedPluginInfo
public java.lang.String[] getExtendedPluginInfo(java.util.Locale locale)
Description copied from interface:IExtendedPluginInfo
This method returns an array of strings. Each element of the array represents a configurable parameter, or some other meta-info (such as help-token) there is an entry indexed on that parameter name; [,required]; ;... Where: type_info is either 'string', 'number', 'boolean', 'password' or 'choice(ch1,ch2,ch3,...)' If the marker 'required' is included after the type_info, the parameter will has some visually distinctive marking in the UI. 'description' is a short sentence describing the parameter 'choice' is rendered as a drop-down list. The first parameter in the list will be activated by default 'boolean' is rendered as a checkbox. The resulting parameter will be either 'true' or 'false' 'string' allows any characters 'number' allows only numbers 'password' is rendered as a password field (the characters are replaced with *'s when being types. This parameter is not passed through to the plugin. It is instead inserted directly into the password cache keyed on the instance name. The value of the parameter 'bindPWPrompt' (see example below) is set to the key. In addition to the configurable parameters, the following magic parameters may be defined: HELP_TOKEN;helptoken - a pointer to the online manual section for this plugin HELP_TEXT;helptext - a general help string describing the plugin For example: "username;string;The username you wish to login as" "bindPWPrompt;password;Enter password to bind as above user with" "algorithm;choice(RSA,DSA);Which algorithm do you want to use" "enable;boolean;Do you want to run this plugin" "port;number;Which port number do you want to use" - Specified by:
getExtendedPluginInfo
in interfaceIExtendedPluginInfo
-
init
public void init(ISubsystem owner, IConfigStore config) throws EBaseException
Fetch CA certificate and CRL from LDAP server.- Specified by:
init
in interfaceISubsystem
- Parameters:
owner
- owner of this subsystemconfig
- configuration store- Throws:
EBaseException
- failed to initialize
-
locateCACert
public X509CertImpl locateCACert(netscape.ldap.LDAPConnection conn, java.lang.String baseDN) throws EBaseException
Locates the CA certificate.- Throws:
EBaseException
-
locateCRL
public X509CRLImpl locateCRL(netscape.ldap.LDAPConnection conn, java.lang.String baseDN) throws EBaseException
Locates the CRL.- Throws:
EBaseException
-
updateCRLHash
public void updateCRLHash(X509CertImpl caCert, X509CRLImpl crl) throws EBaseException
- Throws:
EBaseException
-
log
public void log(int level, java.lang.String msg)
-
startup
public void startup() throws EBaseException
Description copied from interface:ISubsystem
Notifies this subsystem if owner is in running mode.- Specified by:
startup
in interfaceISubsystem
- Throws:
EBaseException
- failed to start up
-
shutdown
public void shutdown()
Description copied from interface:ISubsystem
Stops this system. The owner may call shutdown anytime after initialization.- Specified by:
shutdown
in interfaceISubsystem
-
getConfigStore
public IConfigStore getConfigStore()
Description copied from interface:ISubsystem
Returns the root configuration storage of this system.- Specified by:
getConfigStore
in interfaceISubsystem
- Returns:
- configuration store of this subsystem
-
setId
public void setId(java.lang.String id) throws EBaseException
Description copied from interface:ISubsystem
Sets specific to this subsystem.- Specified by:
setId
in interfaceISubsystem
- Parameters:
id
- subsystem identifier- Throws:
EBaseException
- failed to set id
-
getId
public java.lang.String getId()
Description copied from interface:ISubsystem
Retrieves the name of this subsystem.- Specified by:
getId
in interfaceISubsystem
- Returns:
- subsystem identifier
-
validate
public OCSPResponse validate(OCSPRequest request) throws EBaseException
Validate an OCSP request.- Specified by:
validate
in interfaceIOCSPStore
- Parameters:
request
- an OCSP request- Returns:
- OCSPResponse the OCSP response associated with the specified OCSP request
- Throws:
EBaseException
- an error associated with the inability to process the supplied OCSP request
-
getStateCount
public int getStateCount()
Description copied from interface:IDefStore
This method retrieves the number of CRL updates since startup.- Specified by:
getStateCount
in interfaceIDefStore
- Returns:
- count the number of OCSP default stores
-
getReqCount
public long getReqCount(java.lang.String id)
Description copied from interface:IDefStore
This method retrieves the number of OCSP requests since startup.- Specified by:
getReqCount
in interfaceIDefStore
- Parameters:
id
- a string associated with an OCSP request- Returns:
- count the number of this type of OCSP requests
-
createRepositoryRecord
public IRepositoryRecord createRepositoryRecord()
Description copied from interface:IDefStore
This method creates a an OCSP default store repository record.- Specified by:
createRepositoryRecord
in interfaceIDefStore
- Returns:
- IRepositoryRecord an instance of the repository record object
-
addRepository
public void addRepository(java.lang.String name, java.lang.String thisUpdate, IRepositoryRecord rec) throws EBaseException
Description copied from interface:IDefStore
This method adds a request to the default OCSP store repository.- Specified by:
addRepository
in interfaceIDefStore
- Parameters:
name
- a string representing the name of this requestthisUpdate
- the current requestrec
- an instance of the repository record object- Throws:
EBaseException
- occurs when there is an error attempting to add this request to the repository
-
waitOnCRLUpdate
public boolean waitOnCRLUpdate()
Description copied from interface:IDefStore
This method specifies whether or not to wait for the Certificate Revocation List (CRL) to be updated.- Specified by:
waitOnCRLUpdate
in interfaceIDefStore
- Returns:
- boolean true or false
-
updateCRL
public void updateCRL(java.security.cert.X509CRL crl) throws EBaseException
Description copied from interface:IDefStore
This method updates the specified CRL.- Specified by:
updateCRL
in interfaceIDefStore
- Parameters:
crl
- the CRL to be updated- Throws:
EBaseException
- occurs when the CRL cannot be updated
-
readCRLIssuingPoint
public ICRLIssuingPointRecord readCRLIssuingPoint(java.lang.String name) throws EBaseException
Description copied from interface:IDefStore
This method attempts to read the CRL issuing point.- Specified by:
readCRLIssuingPoint
in interfaceIDefStore
- Parameters:
name
- the name of the CRL to be read- Returns:
- ICRLIssuingPointRecord the CRL issuing point
- Throws:
EBaseException
- occurs when the specified CRL cannot be located
-
searchAllCRLIssuingPointRecord
public java.util.Enumeration<ICRLIssuingPointRecord> searchAllCRLIssuingPointRecord(int maxSize) throws EBaseException
Description copied from interface:IDefStore
This method searches all CRL issuing points.- Specified by:
searchAllCRLIssuingPointRecord
in interfaceIDefStore
- Parameters:
maxSize
- specifies the largest number of hits from the search- Returns:
- Enumeration a list of the CRL issuing points
- Throws:
EBaseException
- occurs when no CRL issuing point exists
-
searchCRLIssuingPointRecord
public java.util.Enumeration<ICRLIssuingPointRecord> searchCRLIssuingPointRecord(java.lang.String filter, int maxSize) throws EBaseException
Description copied from interface:IDefStore
This method searches all CRL issuing points constrained by the specified filtering mechanism.- Specified by:
searchCRLIssuingPointRecord
in interfaceIDefStore
- Parameters:
filter
- a string which constrains the searchmaxSize
- specifies the largest number of hits from the search- Returns:
- Enumeration a list of the CRL issuing points
- Throws:
EBaseException
- occurs when no CRL issuing point exists
-
createCRLIssuingPointRecord
public ICRLIssuingPointRecord createCRLIssuingPointRecord(java.lang.String name, java.math.BigInteger crlNumber, java.lang.Long crlSize, java.util.Date thisUpdate, java.util.Date nextUpdate)
Description copied from interface:IDefStore
This method creates a CRL issuing point record.- Specified by:
createCRLIssuingPointRecord
in interfaceIDefStore
- Parameters:
name
- a string representation of this CRL issuing point recordcrlNumber
- the number of this CRL issuing point recordcrlSize
- the size of this CRL issuing point recordthisUpdate
- the time for this CRL issuing point recordnextUpdate
- the time for the next CRL issuing point record- Returns:
- ICRLIssuingPointRecord this CRL issuing point record
-
addCRLIssuingPoint
public void addCRLIssuingPoint(java.lang.String name, ICRLIssuingPointRecord rec) throws EBaseException
Description copied from interface:IDefStore
This method adds a CRL issuing point- Specified by:
addCRLIssuingPoint
in interfaceIDefStore
- Parameters:
name
- a string representation of this CRL issuing point recordrec
- this CRL issuing point record- Throws:
EBaseException
- occurs when the specified CRL issuing point record cannot be added
-
deleteCRLIssuingPointRecord
public void deleteCRLIssuingPointRecord(java.lang.String id) throws EBaseException
Description copied from interface:IDefStore
This method deletes a CRL issuing point record- Specified by:
deleteCRLIssuingPointRecord
in interfaceIDefStore
- Parameters:
id
- a string representation of this CRL issuing point record- Throws:
EBaseException
- occurs when the specified CRL issuing point record cannot be deleted
-
isNotFoundGood
public boolean isNotFoundGood()
Description copied from interface:IDefStore
This method checks to see if the OCSP response should return good when the certificate is not found.- Specified by:
isNotFoundGood
in interfaceIDefStore
- Returns:
- boolean true or false
-
includeNextUpdate
public boolean includeNextUpdate() throws EBaseException
- Throws:
EBaseException
-
isNotFoundGood1
public boolean isNotFoundGood1() throws EBaseException
- Throws:
EBaseException
-
incReqCount
public void incReqCount(java.lang.String id)
-
getConfigParameters
public NameValuePairs getConfigParameters()
Provides configuration parameters.- Specified by:
getConfigParameters
in interfaceIOCSPStore
- Returns:
- NameValuePairs all configuration items
-
setConfigParameters
public void setConfigParameters(NameValuePairs pairs) throws EBaseException
Description copied from interface:IOCSPStore
This method stores the configuration parameters specified by the passed-in Name Value pairs object.- Specified by:
setConfigParameters
in interfaceIOCSPStore
- Parameters:
pairs
- a name-value pair object- Throws:
EBaseException
- an illegal name-value pair
-
-