Class UGSubsystem


  • public class UGSubsystem
    extends java.lang.Object
    This class defines low-level LDAP usr/grp management usr/grp information is located remotely on another LDAP server.
    Version:
    $Revision$, $Date$
    Author:
    thomask, cfu
    • Constructor Summary

      Constructors 
      Constructor Description
      UGSubsystem()
      Constructs LDAP based usr/grp management
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void addCertSubjectDN​(IUser identity)  
      void addGroup​(IGroup group)
      Adds a group of identities.
      void addUser​(IUser identity)
      Adds identity.
      void addUserCert​(IUser identity)
      adds a user certificate to user
      void addUserToGroup​(IGroup grp, java.lang.String userid)  
      protected IGroup buildGroup​(netscape.ldap.LDAPEntry entry)
      builds an instance of a Group entry
      protected java.util.Enumeration<IGroup> buildGroups​(netscape.ldap.LDAPSearchResults res)  
      protected IUser buildUser​(netscape.ldap.LDAPEntry entry)
      builds a User instance.
      protected java.util.Enumeration<IUser> buildUsers​(netscape.ldap.LDAPSearchResults res)  
      protected java.lang.String convertUIDtoDN​(java.lang.String uid)
      Converts an uid attribute to a DN.
      IGroup createGroup​(java.lang.String id)  
      IUser createUser​(java.lang.String id)  
      boolean evaluate​(java.lang.String type, IUser id, java.lang.String op, java.lang.String value)
      Evalutes the given context with the attribute critieria.
      IGroup findGroup​(java.lang.String filter)  
      java.util.Enumeration<IGroup> findGroups​(java.lang.String filter)
      Finds groups.
      java.util.Enumeration<IGroup> findGroupsByUser​(java.lang.String userDn, java.lang.String filter)  
      User findUser​(java.security.cert.X509Certificate cert)
      Locates a user by certificate.
      java.util.Enumeration<IUser> findUsers​(java.lang.String filter)
      Searchs for identities that matches the filter.
      IUser findUsersByCert​(java.lang.String filter)
      Searchs for identities that matches the certificate locater generated filter.
      java.lang.String getCertificateString​(java.security.cert.X509Certificate cert)  
      protected java.lang.String getCertificateStringWithoutVersion​(java.security.cert.X509Certificate cert)
      Converts certificate into string format.
      protected netscape.ldap.LDAPConnection getConn()  
      IGroup getGroup​(java.lang.String groupDN)
      Retrieves a group from LDAP NOTE - LH This takes a full LDAP DN.
      IGroup getGroupFromName​(java.lang.String name)
      Retrieves a group from LDAP NOTE - this takes just the group name.
      IUser getUser​(java.lang.String userID)
      Retrieves a user from LDAP
      java.lang.String getUserDN​(java.lang.String userID)  
      void init​(PKISocketConfig socketConfig, UGSubsystemConfig config, IPasswordStore passwordStore)  
      boolean isGroupPresent​(java.lang.String name)
      Checks if the given group exists
      protected boolean isMatched​(java.lang.String dn1, java.lang.String dn2)
      Checks if the given DNs are the same after normalization.
      boolean isMemberOf​(IUser id, java.lang.String name)
      Checks if the given user is a member of the given group (now runs an ldap search to find the user, instead of fetching the entire group entry)
      boolean isMemberOf​(java.lang.String userid, java.lang.String groupname)  
      protected boolean isMemberOfLdapGroup​(java.lang.String userid, java.lang.String groupname)
      checks if the given user DN is in the specified group by running an ldap search for the user in the group
      protected IUser lbuildUser​(netscape.ldap.LDAPEntry entry)
      builds a User instance.
      protected java.util.Enumeration<IUser> lbuildUsers​(netscape.ldap.LDAPSearchResults res)  
      java.util.Enumeration<IGroup> listGroups​(java.lang.String filter)
      List groups.
      java.util.Enumeration<IUser> listUsers​(java.lang.String filter)
      Searchs for identities that matches the filter.
      void modifyGroup​(IGroup group)
      Modifies an existing group in the database.
      void modifyUser​(IUser identity)
      modifies user attributes.
      void removeCertSubjectDN​(IUser identity)  
      void removeGroup​(java.lang.String name)
      Removes a group.
      void removeUser​(java.lang.String userid)
      Removes identity.
      void removeUserCert​(IUser identity)
      Removes a user certificate for a user entry given a user certificate DN (actually, a combination of version, serialNumber, issuerDN, and SubjectDN), and it gets removed
      void removeUserFromGroup​(IGroup grp, java.lang.String userid)  
      protected void returnConn​(netscape.ldap.LDAPConnection conn)  
      void shutdown()
      Disconnects usr/grp manager from the LDAP
      void startup()
      Starts up this service.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • logger

        public static org.slf4j.Logger logger
      • SUPER_CERT_ADMINS

        public static final java.lang.String SUPER_CERT_ADMINS
        See Also:
        Constant Field Values
      • OBJECTCLASS_ATTR

        protected static final java.lang.String OBJECTCLASS_ATTR
        See Also:
        Constant Field Values
      • GROUP_ATTR_VALUE

        protected static final java.lang.String GROUP_ATTR_VALUE
        See Also:
        Constant Field Values
      • LDAP_ATTR_USER_CERT_STRING

        protected static final java.lang.String LDAP_ATTR_USER_CERT_STRING
        See Also:
        Constant Field Values
      • LDAP_ATTR_CERTDN

        protected static final java.lang.String LDAP_ATTR_CERTDN
        See Also:
        Constant Field Values
      • LDAP_ATTR_USER_CERT

        protected static final java.lang.String LDAP_ATTR_USER_CERT
        See Also:
        Constant Field Values
      • LDAP_ATTR_PROFILE_ID

        protected static final java.lang.String LDAP_ATTR_PROFILE_ID
        See Also:
        Constant Field Values
      • mBaseDN

        protected java.lang.String mBaseDN
    • Constructor Detail

      • UGSubsystem

        public UGSubsystem()
        Constructs LDAP based usr/grp management
    • Method Detail

      • shutdown

        public void shutdown()
        Disconnects usr/grp manager from the LDAP
      • createUser

        public IUser createUser​(java.lang.String id)
      • createGroup

        public IGroup createGroup​(java.lang.String id)
      • findUsersByCert

        public IUser findUsersByCert​(java.lang.String filter)
                              throws EUsrGrpException
        Searchs for identities that matches the certificate locater generated filter.
        Throws:
        EUsrGrpException
      • findUsers

        public java.util.Enumeration<IUser> findUsers​(java.lang.String filter)
                                               throws EUsrGrpException
        Searchs for identities that matches the filter.
        Throws:
        EUsrGrpException
      • listUsers

        public java.util.Enumeration<IUser> listUsers​(java.lang.String filter)
                                               throws EUsrGrpException
        Searchs for identities that matches the filter. retrieves uid only, for efficiency of user listing
        Throws:
        EUsrGrpException
      • lbuildUser

        protected IUser lbuildUser​(netscape.ldap.LDAPEntry entry)
                            throws EUsrGrpException
        builds a User instance. Sets only uid for user entry retrieved from LDAP server. for listing efficiency only.
        Returns:
        the User entity.
        Throws:
        EUsrGrpException
      • buildUser

        protected IUser buildUser​(netscape.ldap.LDAPEntry entry)
                           throws EUsrGrpException
        builds a User instance. Set all attributes retrieved from LDAP server and set them on User.
        Returns:
        the User entity.
        Throws:
        EUsrGrpException
      • removeUserCert

        public void removeUserCert​(IUser identity)
                            throws EUsrGrpException
        Removes a user certificate for a user entry given a user certificate DN (actually, a combination of version, serialNumber, issuerDN, and SubjectDN), and it gets removed
        Throws:
        EUsrGrpException
      • listGroups

        public java.util.Enumeration<IGroup> listGroups​(java.lang.String filter)
                                                 throws EUsrGrpException
        List groups. more efficient than find Groups. only retrieves group names and description.
        Throws:
        EUsrGrpException
      • getGroupFromName

        public IGroup getGroupFromName​(java.lang.String name)
        Retrieves a group from LDAP NOTE - this takes just the group name.
      • getGroup

        public IGroup getGroup​(java.lang.String groupDN)
        Retrieves a group from LDAP NOTE - LH This takes a full LDAP DN.
      • isGroupPresent

        public boolean isGroupPresent​(java.lang.String name)
        Checks if the given group exists
      • isMemberOf

        public boolean isMemberOf​(java.lang.String userid,
                                  java.lang.String groupname)
      • isMemberOf

        public boolean isMemberOf​(IUser id,
                                  java.lang.String name)
        Checks if the given user is a member of the given group (now runs an ldap search to find the user, instead of fetching the entire group entry)
      • isMemberOfLdapGroup

        protected boolean isMemberOfLdapGroup​(java.lang.String userid,
                                              java.lang.String groupname)
        checks if the given user DN is in the specified group by running an ldap search for the user in the group
      • removeGroup

        public void removeGroup​(java.lang.String name)
                         throws EUsrGrpException
        Removes a group. Can't remove SUPER_CERT_ADMINS
        Throws:
        EUsrGrpException
      • modifyGroup

        public void modifyGroup​(IGroup group)
                         throws EUsrGrpException
        Modifies an existing group in the database.
        Parameters:
        group - an existing group that has been modified in memory
        Throws:
        EUsrGrpException
      • evaluate

        public boolean evaluate​(java.lang.String type,
                                IUser id,
                                java.lang.String op,
                                java.lang.String value)
        Evalutes the given context with the attribute critieria.
      • convertUIDtoDN

        protected java.lang.String convertUIDtoDN​(java.lang.String uid)
                                           throws netscape.ldap.LDAPException
        Converts an uid attribute to a DN.
        Throws:
        netscape.ldap.LDAPException
      • isMatched

        protected boolean isMatched​(java.lang.String dn1,
                                    java.lang.String dn2)
        Checks if the given DNs are the same after normalization.
      • getCertificateStringWithoutVersion

        protected java.lang.String getCertificateStringWithoutVersion​(java.security.cert.X509Certificate cert)
        Converts certificate into string format. should eventually go into the locator itself
      • getCertificateString

        public java.lang.String getCertificateString​(java.security.cert.X509Certificate cert)
      • getUserDN

        public java.lang.String getUserDN​(java.lang.String userID)
      • getConn

        protected netscape.ldap.LDAPConnection getConn()
                                                throws com.netscape.certsrv.ldap.ELdapException
        Throws:
        com.netscape.certsrv.ldap.ELdapException
      • returnConn

        protected void returnConn​(netscape.ldap.LDAPConnection conn)