Class LDAPStore

    • Constructor Summary

      Constructors 
      Constructor Description
      LDAPStore()
      Constructs the default store.
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void addCRLIssuingPoint​(java.lang.String name, com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord rec)
      This method adds a CRL issuing point
      void addRepository​(java.lang.String name, java.lang.String thisUpdate, com.netscape.certsrv.dbs.repository.IRepositoryRecord rec)
      This method adds a request to the default OCSP store repository.
      com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord createCRLIssuingPointRecord​(java.lang.String name, java.math.BigInteger crlNumber, java.lang.Long crlSize, java.util.Date thisUpdate, java.util.Date nextUpdate)
      This method creates a CRL issuing point record.
      com.netscape.certsrv.dbs.repository.IRepositoryRecord createRepositoryRecord()
      This method creates a an OCSP default store repository record.
      void deleteCRLIssuingPointRecord​(java.lang.String id)
      This method deletes a CRL issuing point record
      com.netscape.certsrv.common.NameValuePairs getConfigParameters()
      Provides configuration parameters.
      IConfigStore getConfigStore()  
      java.lang.String[] getExtendedPluginInfo​(java.util.Locale locale)
      This method returns an array of strings.
      java.lang.String getId()  
      long getReqCount​(java.lang.String id)
      This method retrieves the number of OCSP requests since startup.
      int getStateCount()
      This method retrieves the number of CRL updates since startup.
      boolean includeNextUpdate()  
      void incReqCount​(java.lang.String id)  
      void init​(IOCSPAuthority owner, IConfigStore config)
      Fetch CA certificate and CRL from LDAP server.
      boolean isNotFoundGood()
      This method checks to see if the OCSP response should return good when the certificate is not found.
      boolean isNotFoundGood1()  
      org.mozilla.jss.netscape.security.x509.X509CertImpl locateCACert​(netscape.ldap.LDAPConnection conn, java.lang.String baseDN)
      Locates the CA certificate.
      org.mozilla.jss.netscape.security.x509.X509CRLImpl locateCRL​(netscape.ldap.LDAPConnection conn, java.lang.String baseDN)
      Locates the CRL.
      com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord readCRLIssuingPoint​(java.lang.String name)
      This method attempts to read the CRL issuing point.
      java.util.Enumeration<com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord> searchAllCRLIssuingPointRecord​(int maxSize)
      This method searches all CRL issuing points.
      java.util.Enumeration<com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord> searchCRLIssuingPointRecord​(java.lang.String filter, int maxSize)
      This method searches all CRL issuing points constrained by the specified filtering mechanism.
      void setConfigParameters​(com.netscape.certsrv.common.NameValuePairs pairs)
      This method stores the configuration parameters specified by the passed-in Name Value pairs object.
      void setId​(java.lang.String id)  
      void shutdown()  
      void startup()  
      void updateCRL​(java.security.cert.X509CRL crl)
      This method updates the specified CRL.
      void updateCRLHash​(org.mozilla.jss.netscape.security.x509.X509CertImpl caCert, org.mozilla.jss.netscape.security.x509.X509CRLImpl crl)  
      OCSPResponse validate​(OCSPRequest request)
      Validate an OCSP request.
      boolean waitOnCRLUpdate()
      This method specifies whether or not to wait for the Certificate Revocation List (CRL) to be updated.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • logger

        public static org.slf4j.Logger logger
      • mReqCounts

        protected java.util.Hashtable<java.lang.String,​java.lang.Long> mReqCounts
    • Constructor Detail

      • LDAPStore

        public LDAPStore()
        Constructs the default store.
    • Method Detail

      • getExtendedPluginInfo

        public java.lang.String[] getExtendedPluginInfo​(java.util.Locale locale)
        Description copied from interface: IExtendedPluginInfo
        This method returns an array of strings. Each element of the array represents a configurable parameter, or some other meta-info (such as help-token) there is an entry indexed on that parameter name ;[,required];;... Where: type_info is either 'string', 'number', 'boolean', 'password' or 'choice(ch1,ch2,ch3,...)' If the marker 'required' is included after the type_info, the parameter will has some visually distinctive marking in the UI. 'description' is a short sentence describing the parameter 'choice' is rendered as a drop-down list. The first parameter in the list will be activated by default 'boolean' is rendered as a checkbox. The resulting parameter will be either 'true' or 'false' 'string' allows any characters 'number' allows only numbers 'password' is rendered as a password field (the characters are replaced with *'s when being types. This parameter is not passed through to the plugin. It is instead inserted directly into the password cache keyed on the instance name. The value of the parameter 'bindPWPrompt' (see example below) is set to the key. In addition to the configurable parameters, the following magic parameters may be defined: HELP_TOKEN;helptoken - a pointer to the online manual section for this plugin HELP_TEXT;helptext - a general help string describing the plugin For example: "username;string;The username you wish to login as" "bindPWPrompt;password;Enter password to bind as above user with" "algorithm;choice(RSA,DSA);Which algorithm do you want to use" "enable;boolean;Do you want to run this plugin" "port;number;Which port number do you want to use"
        Specified by:
        getExtendedPluginInfo in interface IExtendedPluginInfo
      • locateCACert

        public org.mozilla.jss.netscape.security.x509.X509CertImpl locateCACert​(netscape.ldap.LDAPConnection conn,
                                                                                java.lang.String baseDN)
                                                                         throws EBaseException
        Locates the CA certificate.
        Throws:
        EBaseException
      • locateCRL

        public org.mozilla.jss.netscape.security.x509.X509CRLImpl locateCRL​(netscape.ldap.LDAPConnection conn,
                                                                            java.lang.String baseDN)
                                                                     throws EBaseException
        Locates the CRL.
        Throws:
        EBaseException
      • updateCRLHash

        public void updateCRLHash​(org.mozilla.jss.netscape.security.x509.X509CertImpl caCert,
                                  org.mozilla.jss.netscape.security.x509.X509CRLImpl crl)
                           throws EBaseException
        Throws:
        EBaseException
      • getId

        public java.lang.String getId()
      • validate

        public OCSPResponse validate​(OCSPRequest request)
                              throws EBaseException
        Validate an OCSP request.
        Specified by:
        validate in interface IOCSPStore
        Parameters:
        request - an OCSP request
        Returns:
        OCSPResponse the OCSP response associated with the specified OCSP request
        Throws:
        EBaseException - an error associated with the inability to process the supplied OCSP request
      • getStateCount

        public int getStateCount()
        Description copied from interface: IDefStore
        This method retrieves the number of CRL updates since startup.

        Specified by:
        getStateCount in interface IDefStore
        Returns:
        count the number of OCSP default stores
      • getReqCount

        public long getReqCount​(java.lang.String id)
        Description copied from interface: IDefStore
        This method retrieves the number of OCSP requests since startup.

        Specified by:
        getReqCount in interface IDefStore
        Parameters:
        id - a string associated with an OCSP request
        Returns:
        count the number of this type of OCSP requests
      • createRepositoryRecord

        public com.netscape.certsrv.dbs.repository.IRepositoryRecord createRepositoryRecord()
        Description copied from interface: IDefStore
        This method creates a an OCSP default store repository record.

        Specified by:
        createRepositoryRecord in interface IDefStore
        Returns:
        IRepositoryRecord an instance of the repository record object
      • addRepository

        public void addRepository​(java.lang.String name,
                                  java.lang.String thisUpdate,
                                  com.netscape.certsrv.dbs.repository.IRepositoryRecord rec)
                           throws EBaseException
        Description copied from interface: IDefStore
        This method adds a request to the default OCSP store repository.

        Specified by:
        addRepository in interface IDefStore
        Parameters:
        name - a string representing the name of this request
        thisUpdate - the current request
        rec - an instance of the repository record object
        Throws:
        EBaseException - occurs when there is an error attempting to add this request to the repository
      • waitOnCRLUpdate

        public boolean waitOnCRLUpdate()
        Description copied from interface: IDefStore
        This method specifies whether or not to wait for the Certificate Revocation List (CRL) to be updated.

        Specified by:
        waitOnCRLUpdate in interface IDefStore
        Returns:
        boolean true or false
      • updateCRL

        public void updateCRL​(java.security.cert.X509CRL crl)
                       throws EBaseException
        Description copied from interface: IDefStore
        This method updates the specified CRL.

        Specified by:
        updateCRL in interface IDefStore
        Parameters:
        crl - the CRL to be updated
        Throws:
        EBaseException - occurs when the CRL cannot be updated
      • readCRLIssuingPoint

        public com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord readCRLIssuingPoint​(java.lang.String name)
                                                                                  throws EBaseException
        Description copied from interface: IDefStore
        This method attempts to read the CRL issuing point.

        Specified by:
        readCRLIssuingPoint in interface IDefStore
        Parameters:
        name - the name of the CRL to be read
        Returns:
        ICRLIssuingPointRecord the CRL issuing point
        Throws:
        EBaseException - occurs when the specified CRL cannot be located
      • searchAllCRLIssuingPointRecord

        public java.util.Enumeration<com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord> searchAllCRLIssuingPointRecord​(int maxSize)
                                                                                                                    throws EBaseException
        Description copied from interface: IDefStore
        This method searches all CRL issuing points.

        Specified by:
        searchAllCRLIssuingPointRecord in interface IDefStore
        Parameters:
        maxSize - specifies the largest number of hits from the search
        Returns:
        Enumeration a list of the CRL issuing points
        Throws:
        EBaseException - occurs when no CRL issuing point exists
      • searchCRLIssuingPointRecord

        public java.util.Enumeration<com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord> searchCRLIssuingPointRecord​(java.lang.String filter,
                                                                                                                        int maxSize)
                                                                                                                 throws EBaseException
        Description copied from interface: IDefStore
        This method searches all CRL issuing points constrained by the specified filtering mechanism.

        Specified by:
        searchCRLIssuingPointRecord in interface IDefStore
        Parameters:
        filter - a string which constrains the search
        maxSize - specifies the largest number of hits from the search
        Returns:
        Enumeration a list of the CRL issuing points
        Throws:
        EBaseException - occurs when no CRL issuing point exists
      • createCRLIssuingPointRecord

        public com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord createCRLIssuingPointRecord​(java.lang.String name,
                                                                                                 java.math.BigInteger crlNumber,
                                                                                                 java.lang.Long crlSize,
                                                                                                 java.util.Date thisUpdate,
                                                                                                 java.util.Date nextUpdate)
        Description copied from interface: IDefStore
        This method creates a CRL issuing point record.

        Specified by:
        createCRLIssuingPointRecord in interface IDefStore
        Parameters:
        name - a string representation of this CRL issuing point record
        crlNumber - the number of this CRL issuing point record
        crlSize - the size of this CRL issuing point record
        thisUpdate - the time for this CRL issuing point record
        nextUpdate - the time for the next CRL issuing point record
        Returns:
        ICRLIssuingPointRecord this CRL issuing point record
      • addCRLIssuingPoint

        public void addCRLIssuingPoint​(java.lang.String name,
                                       com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord rec)
                                throws EBaseException
        Description copied from interface: IDefStore
        This method adds a CRL issuing point

        Specified by:
        addCRLIssuingPoint in interface IDefStore
        Parameters:
        name - a string representation of this CRL issuing point record
        rec - this CRL issuing point record
        Throws:
        EBaseException - occurs when the specified CRL issuing point record cannot be added
      • deleteCRLIssuingPointRecord

        public void deleteCRLIssuingPointRecord​(java.lang.String id)
                                         throws EBaseException
        Description copied from interface: IDefStore
        This method deletes a CRL issuing point record

        Specified by:
        deleteCRLIssuingPointRecord in interface IDefStore
        Parameters:
        id - a string representation of this CRL issuing point record
        Throws:
        EBaseException - occurs when the specified CRL issuing point record cannot be deleted
      • isNotFoundGood

        public boolean isNotFoundGood()
        Description copied from interface: IDefStore
        This method checks to see if the OCSP response should return good when the certificate is not found.

        Specified by:
        isNotFoundGood in interface IDefStore
        Returns:
        boolean true or false
      • incReqCount

        public void incReqCount​(java.lang.String id)
      • getConfigParameters

        public com.netscape.certsrv.common.NameValuePairs getConfigParameters()
        Provides configuration parameters.
        Specified by:
        getConfigParameters in interface IOCSPStore
        Returns:
        NameValuePairs all configuration items
      • setConfigParameters

        public void setConfigParameters​(com.netscape.certsrv.common.NameValuePairs pairs)
                                 throws EBaseException
        Description copied from interface: IOCSPStore
        This method stores the configuration parameters specified by the passed-in Name Value pairs object.

        Specified by:
        setConfigParameters in interface IOCSPStore
        Parameters:
        pairs - a name-value pair object
        Throws:
        EBaseException - an illegal name-value pair