com.netscape.cms.ocsp
Class LDAPStore

java.lang.Object
  extended by com.netscape.cms.ocsp.LDAPStore
All Implemented Interfaces:
IExtendedPluginInfo, ISubsystem, IDefStore, IOCSPStore

public class LDAPStore
extends java.lang.Object
implements IDefStore, IExtendedPluginInfo

This is the LDAP OCSP store. It reads CA certificate and revocation list attributes from the CA entry.

Version:
$Revision: 1304 $, $Date: 2010-09-20 16:38:55 -0700 (Mon, 20 Sep 2010) $

Field Summary
protected  java.util.Hashtable mReqCounts
           
 
Fields inherited from interface com.netscape.certsrv.base.IExtendedPluginInfo
HELP_TEXT, HELP_TOKEN
 
Constructor Summary
LDAPStore()
          Constructs the default store.
 
Method Summary
 void addCRLIssuingPoint(java.lang.String name, ICRLIssuingPointRecord rec)
          This method adds a CRL issuing point
 void addRepository(java.lang.String name, java.lang.String thisUpdate, IRepositoryRecord rec)
          This method adds a request to the default OCSP store repository.
 ICRLIssuingPointRecord createCRLIssuingPointRecord(java.lang.String name, java.math.BigInteger crlNumber, java.lang.Long crlSize, java.util.Date thisUpdate, java.util.Date nextUpdate)
          This method creates a CRL issuing point record.
 IRepositoryRecord createRepositoryRecord()
          This method creates a an OCSP default store repository record.
 void deleteCRLIssuingPointRecord(java.lang.String id)
          This method deletes a CRL issuing point record
 NameValuePairs getConfigParameters()
          Provides configuration parameters.
 IConfigStore getConfigStore()
          Returns the root configuration storage of this system.
 java.lang.String[] getExtendedPluginInfo(java.util.Locale locale)
          This method returns an array of strings.
 java.lang.String getId()
          Retrieves the name of this subsystem.
 long getReqCount(java.lang.String id)
          This method retrieves the number of OCSP requests since startup.
 int getStateCount()
          This method retrieves the number of CRL updates since startup.
 boolean includeNextUpdate()
           
 void incReqCount(java.lang.String id)
           
 void init(ISubsystem owner, IConfigStore config)
          Fetch CA certificate and CRL from LDAP server.
 boolean isNotFoundGood()
          This method checks to see if the OCSP response should return good when the certificate is not found.
 boolean isNotFoundGood1()
           
 netscape.security.x509.X509CertImpl locateCACert(netscape.ldap.LDAPConnection conn, java.lang.String baseDN)
          Locates the CA certificate.
 netscape.security.x509.X509CRLImpl locateCRL(netscape.ldap.LDAPConnection conn, java.lang.String baseDN)
          Locates the CRL.
 void log(int level, java.lang.String msg)
           
 ICRLIssuingPointRecord readCRLIssuingPoint(java.lang.String name)
          This method attempts to read the CRL issuing point.
 java.util.Enumeration searchAllCRLIssuingPointRecord(int maxSize)
          This method searches all CRL issuing points.
 java.util.Enumeration searchCRLIssuingPointRecord(java.lang.String filter, int maxSize)
          This method searches all CRL issuing points constrained by the specified filtering mechanism.
 void setConfigParameters(NameValuePairs pairs)
          This method stores the configuration parameters specified by the passed-in Name Value pairs object.
 void setId(java.lang.String id)
          Sets specific to this subsystem.
 void shutdown()
          Stops this system.
 void startup()
          Notifies this subsystem if owner is in running mode.
 void updateCRL(java.security.cert.X509CRL crl)
          This method updates the specified CRL.
 void updateCRLHash(netscape.security.x509.X509CertImpl caCert, netscape.security.x509.X509CRLImpl crl)
           
 com.netscape.cmsutil.ocsp.OCSPResponse validate(com.netscape.cmsutil.ocsp.OCSPRequest request)
          Validate an OCSP request.
 boolean waitOnCRLUpdate()
          This method specifies whether or not to wait for the Certificate Revocation List (CRL) to be updated.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

mReqCounts

protected java.util.Hashtable mReqCounts
Constructor Detail

LDAPStore

public LDAPStore()
Constructs the default store.

Method Detail

getExtendedPluginInfo

public java.lang.String[] getExtendedPluginInfo(java.util.Locale locale)
Description copied from interface: IExtendedPluginInfo
This method returns an array of strings. Each element of the array represents a configurable parameter, or some other meta-info (such as help-token) there is an entry indexed on that parameter name ;[,required];;... Where: type_info is either 'string', 'number', 'boolean', 'password' or 'choice(ch1,ch2,ch3,...)' If the marker 'required' is included after the type_info, the parameter will has some visually distinctive marking in the UI. 'description' is a short sentence describing the parameter 'choice' is rendered as a drop-down list. The first parameter in the list will be activated by default 'boolean' is rendered as a checkbox. The resulting parameter will be either 'true' or 'false' 'string' allows any characters 'number' allows only numbers 'password' is rendered as a password field (the characters are replaced with *'s when being types. This parameter is not passed through to the plugin. It is instead inserted directly into the password cache keyed on the instance name. The value of the parameter 'bindPWPrompt' (see example below) is set to the key. In addition to the configurable parameters, the following magic parameters may be defined: HELP_TOKEN;helptoken - a pointer to the online manual section for this plugin HELP_TEXT;helptext - a general help string describing the plugin For example: "username;string;The username you wish to login as" "bindPWPrompt;password;Enter password to bind as above user with" "algorithm;choice(RSA,DSA);Which algorithm do you want to use" "enable;boolean;Do you want to run this plugin" "port;number;Which port number do you want to use"

Specified by:
getExtendedPluginInfo in interface IExtendedPluginInfo

init

public void init(ISubsystem owner,
                 IConfigStore config)
          throws EBaseException
Fetch CA certificate and CRL from LDAP server.

Specified by:
init in interface ISubsystem
Parameters:
owner - owner of this subsystem
config - configuration store
Throws:
EBaseException - failed to initialize

locateCACert

public netscape.security.x509.X509CertImpl locateCACert(netscape.ldap.LDAPConnection conn,
                                                        java.lang.String baseDN)
                                                 throws EBaseException
Locates the CA certificate.

Throws:
EBaseException

locateCRL

public netscape.security.x509.X509CRLImpl locateCRL(netscape.ldap.LDAPConnection conn,
                                                    java.lang.String baseDN)
                                             throws EBaseException
Locates the CRL.

Throws:
EBaseException

updateCRLHash

public void updateCRLHash(netscape.security.x509.X509CertImpl caCert,
                          netscape.security.x509.X509CRLImpl crl)
                   throws EBaseException
Throws:
EBaseException

log

public void log(int level,
                java.lang.String msg)

startup

public void startup()
             throws EBaseException
Description copied from interface: ISubsystem
Notifies this subsystem if owner is in running mode.

Specified by:
startup in interface ISubsystem
Throws:
EBaseException - failed to start up

shutdown

public void shutdown()
Description copied from interface: ISubsystem
Stops this system. The owner may call shutdown anytime after initialization.

Specified by:
shutdown in interface ISubsystem

getConfigStore

public IConfigStore getConfigStore()
Description copied from interface: ISubsystem
Returns the root configuration storage of this system.

Specified by:
getConfigStore in interface ISubsystem
Returns:
configuration store of this subsystem

setId

public void setId(java.lang.String id)
           throws EBaseException
Description copied from interface: ISubsystem
Sets specific to this subsystem.

Specified by:
setId in interface ISubsystem
Parameters:
id - subsystem identifier
Throws:
EBaseException - failed to set id

getId

public java.lang.String getId()
Description copied from interface: ISubsystem
Retrieves the name of this subsystem.

Specified by:
getId in interface ISubsystem
Returns:
subsystem identifier

validate

public com.netscape.cmsutil.ocsp.OCSPResponse validate(com.netscape.cmsutil.ocsp.OCSPRequest request)
                                                throws EBaseException
Validate an OCSP request.

Specified by:
validate in interface IOCSPStore
Parameters:
request - an OCSP request
Returns:
OCSPResponse the OCSP response associated with the specified OCSP request
Throws:
EBaseException - an error associated with the inability to process the supplied OCSP request

getStateCount

public int getStateCount()
Description copied from interface: IDefStore
This method retrieves the number of CRL updates since startup.

Specified by:
getStateCount in interface IDefStore
Returns:
count the number of OCSP default stores

getReqCount

public long getReqCount(java.lang.String id)
Description copied from interface: IDefStore
This method retrieves the number of OCSP requests since startup.

Specified by:
getReqCount in interface IDefStore
Parameters:
id - a string associated with an OCSP request
Returns:
count the number of this type of OCSP requests

createRepositoryRecord

public IRepositoryRecord createRepositoryRecord()
Description copied from interface: IDefStore
This method creates a an OCSP default store repository record.

Specified by:
createRepositoryRecord in interface IDefStore
Returns:
IRepositoryRecord an instance of the repository record object

addRepository

public void addRepository(java.lang.String name,
                          java.lang.String thisUpdate,
                          IRepositoryRecord rec)
                   throws EBaseException
Description copied from interface: IDefStore
This method adds a request to the default OCSP store repository.

Specified by:
addRepository in interface IDefStore
Parameters:
name - a string representing the name of this request
thisUpdate - the current request
rec - an instance of the repository record object
Throws:
EBaseException - occurs when there is an error attempting to add this request to the repository

waitOnCRLUpdate

public boolean waitOnCRLUpdate()
Description copied from interface: IDefStore
This method specifies whether or not to wait for the Certificate Revocation List (CRL) to be updated.

Specified by:
waitOnCRLUpdate in interface IDefStore
Returns:
boolean true or false

updateCRL

public void updateCRL(java.security.cert.X509CRL crl)
               throws EBaseException
Description copied from interface: IDefStore
This method updates the specified CRL.

Specified by:
updateCRL in interface IDefStore
Parameters:
crl - the CRL to be updated
Throws:
EBaseException - occurs when the CRL cannot be updated

readCRLIssuingPoint

public ICRLIssuingPointRecord readCRLIssuingPoint(java.lang.String name)
                                           throws EBaseException
Description copied from interface: IDefStore
This method attempts to read the CRL issuing point.

Specified by:
readCRLIssuingPoint in interface IDefStore
Parameters:
name - the name of the CRL to be read
Returns:
ICRLIssuingPointRecord the CRL issuing point
Throws:
EBaseException - occurs when the specified CRL cannot be located

searchAllCRLIssuingPointRecord

public java.util.Enumeration searchAllCRLIssuingPointRecord(int maxSize)
                                                     throws EBaseException
Description copied from interface: IDefStore
This method searches all CRL issuing points.

Specified by:
searchAllCRLIssuingPointRecord in interface IDefStore
Parameters:
maxSize - specifies the largest number of hits from the search
Returns:
Enumeration a list of the CRL issuing points
Throws:
EBaseException - occurs when no CRL issuing point exists

searchCRLIssuingPointRecord

public java.util.Enumeration searchCRLIssuingPointRecord(java.lang.String filter,
                                                         int maxSize)
                                                  throws EBaseException
Description copied from interface: IDefStore
This method searches all CRL issuing points constrained by the specified filtering mechanism.

Specified by:
searchCRLIssuingPointRecord in interface IDefStore
Parameters:
filter - a string which constrains the search
maxSize - specifies the largest number of hits from the search
Returns:
Enumeration a list of the CRL issuing points
Throws:
EBaseException - occurs when no CRL issuing point exists

createCRLIssuingPointRecord

public ICRLIssuingPointRecord createCRLIssuingPointRecord(java.lang.String name,
                                                          java.math.BigInteger crlNumber,
                                                          java.lang.Long crlSize,
                                                          java.util.Date thisUpdate,
                                                          java.util.Date nextUpdate)
Description copied from interface: IDefStore
This method creates a CRL issuing point record.

Specified by:
createCRLIssuingPointRecord in interface IDefStore
Parameters:
name - a string representation of this CRL issuing point record
crlNumber - the number of this CRL issuing point record
crlSize - the size of this CRL issuing point record
thisUpdate - the time for this CRL issuing point record
nextUpdate - the time for the next CRL issuing point record
Returns:
ICRLIssuingPointRecord this CRL issuing point record

addCRLIssuingPoint

public void addCRLIssuingPoint(java.lang.String name,
                               ICRLIssuingPointRecord rec)
                        throws EBaseException
Description copied from interface: IDefStore
This method adds a CRL issuing point

Specified by:
addCRLIssuingPoint in interface IDefStore
Parameters:
name - a string representation of this CRL issuing point record
rec - this CRL issuing point record
Throws:
EBaseException - occurs when the specified CRL issuing point record cannot be added

deleteCRLIssuingPointRecord

public void deleteCRLIssuingPointRecord(java.lang.String id)
                                 throws EBaseException
Description copied from interface: IDefStore
This method deletes a CRL issuing point record

Specified by:
deleteCRLIssuingPointRecord in interface IDefStore
Parameters:
id - a string representation of this CRL issuing point record
Throws:
EBaseException - occurs when the specified CRL issuing point record cannot be deleted

isNotFoundGood

public boolean isNotFoundGood()
Description copied from interface: IDefStore
This method checks to see if the OCSP response should return good when the certificate is not found.

Specified by:
isNotFoundGood in interface IDefStore
Returns:
boolean true or false

includeNextUpdate

public boolean includeNextUpdate()
                          throws EBaseException
Throws:
EBaseException

isNotFoundGood1

public boolean isNotFoundGood1()
                        throws EBaseException
Throws:
EBaseException

incReqCount

public void incReqCount(java.lang.String id)

getConfigParameters

public NameValuePairs getConfigParameters()
Provides configuration parameters.

Specified by:
getConfigParameters in interface IOCSPStore
Returns:
NameValuePairs all configuration items

setConfigParameters

public void setConfigParameters(NameValuePairs pairs)
                         throws EBaseException
Description copied from interface: IOCSPStore
This method stores the configuration parameters specified by the passed-in Name Value pairs object.

Specified by:
setConfigParameters in interface IOCSPStore
Parameters:
pairs - a name-value pair object
Throws:
EBaseException - an illegal name-value pair