Class UGSubsystem

    • Constructor Summary

      Constructors 
      Constructor Description
      UGSubsystem()
      Constructs LDAP based usr/grp management
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void addCertSubjectDN​(IUser identity)  
      void addGroup​(IGroup group)
      Adds a group of identities.
      void addUser​(IUser identity)
      Adds identity.
      void addUserCert​(IUser identity)
      adds a user certificate to user
      void addUserToGroup​(IGroup grp, java.lang.String userid)  
      protected IGroup buildGroup​(netscape.ldap.LDAPEntry entry)
      builds an instance of a Group entry
      protected java.util.Enumeration<IGroup> buildGroups​(netscape.ldap.LDAPSearchResults res)  
      protected IUser buildUser​(netscape.ldap.LDAPEntry entry)
      builds a User instance.
      protected java.util.Enumeration<IUser> buildUsers​(netscape.ldap.LDAPSearchResults res)  
      protected java.lang.String convertUIDtoDN​(java.lang.String uid)
      Converts an uid attribute to a DN.
      protected IGroup createGroup​(IUsrGrp scope, java.lang.String id)  
      IGroup createGroup​(java.lang.String id)  
      protected IUser createUser​(IUsrGrp base, java.lang.String id)  
      IUser createUser​(java.lang.String id)  
      boolean evaluate​(java.lang.String type, IUser id, java.lang.String op, java.lang.String value)
      Evalutes the given context with the attribute critieria.
      IGroup findGroup​(java.lang.String filter)  
      java.util.Enumeration<IGroup> findGroups​(java.lang.String filter)
      Finds groups.
      java.util.Enumeration<IGroup> findGroupsByUser​(java.lang.String userDn, java.lang.String filter)  
      User findUser​(java.security.cert.X509Certificate cert)
      Locates a user by certificate.
      java.util.Enumeration<IUser> findUsers​(java.lang.String filter)
      Searchs for identities that matches the filter.
      IUser findUsersByCert​(java.lang.String filter)
      Searchs for identities that matches the certificate locater generated filter.
      java.lang.String getCertificateString​(java.security.cert.X509Certificate cert)  
      protected java.lang.String getCertificateStringWithoutVersion​(java.security.cert.X509Certificate cert)
      Converts certificate into string format.
      ICertUserLocator getCertUserLocator()  
      protected netscape.ldap.LDAPConnection getConn()  
      java.lang.String getDescription()
      Retrieves the description of this scope.
      IGroup getGroup​(java.lang.String groupDN)
      Retrieves a group from LDAP NOTE - LH This takes a full LDAP DN.
      IGroup getGroupFromName​(java.lang.String name)
      Retrieves a group from LDAP NOTE - this takes just the group name.
      java.lang.String getId()
      Retrieves identifier of this scope.
      IUser getUser​(java.lang.String userID)
      Retrieves a user from LDAP
      java.lang.String getUserDN​(java.lang.String userID)  
      void init​(IConfigStore config)
      Connects to LDAP server.
      boolean isGroupPresent​(java.lang.String name)
      Checks if the given group exists
      protected boolean isMatched​(java.lang.String dn1, java.lang.String dn2)
      Checks if the given DNs are the same after normalization.
      boolean isMemberOf​(IUser id, java.lang.String name)
      Checks if the given user is a member of the given group (now runs an ldap search to find the user, instead of fetching the entire group entry)
      boolean isMemberOf​(java.lang.String userid, java.lang.String groupname)  
      protected boolean isMemberOfLdapGroup​(java.lang.String userid, java.lang.String groupname)
      checks if the given user DN is in the specified group by running an ldap search for the user in the group
      protected IUser lbuildUser​(netscape.ldap.LDAPEntry entry)
      builds a User instance.
      protected java.util.Enumeration<IUser> lbuildUsers​(netscape.ldap.LDAPSearchResults res)  
      java.util.Enumeration<IGroup> listGroups​(java.lang.String filter)
      List groups.
      java.util.Enumeration<IUser> listUsers​(java.lang.String filter)
      Searchs for identities that matches the filter.
      void modifyGroup​(IGroup group)
      Modifies an existing group in the database.
      void modifyUser​(IUser identity)
      modifies user attributes.
      void removeCertSubjectDN​(IUser identity)  
      void removeGroup​(java.lang.String name)
      Removes a group.
      void removeUser​(java.lang.String userid)
      Removes identity.
      void removeUserCert​(IUser identity)
      Removes a user certificate for a user entry given a user certificate DN (actually, a combination of version, serialNumber, issuerDN, and SubjectDN), and it gets removed
      void removeUserFromGroup​(IGroup grp, java.lang.String userid)  
      protected void returnConn​(netscape.ldap.LDAPConnection conn)  
      void setId​(java.lang.String id)
      Sets identifier of this manager
      void shutdown()
      Disconnects usr/grp manager from the LDAP
      void startup()
      Starts up this service.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • logger

        public static org.slf4j.Logger logger
      • SUPER_CERT_ADMINS

        public static final java.lang.String SUPER_CERT_ADMINS
        See Also:
        Constant Field Values
      • OBJECTCLASS_ATTR

        protected static final java.lang.String OBJECTCLASS_ATTR
        See Also:
        Constant Field Values
      • GROUP_ATTR_VALUE

        protected static final java.lang.String GROUP_ATTR_VALUE
        See Also:
        Constant Field Values
      • LDAP_ATTR_USER_CERT_STRING

        protected static final java.lang.String LDAP_ATTR_USER_CERT_STRING
        See Also:
        Constant Field Values
      • LDAP_ATTR_CERTDN

        protected static final java.lang.String LDAP_ATTR_CERTDN
        See Also:
        Constant Field Values
      • LDAP_ATTR_USER_CERT

        protected static final java.lang.String LDAP_ATTR_USER_CERT
        See Also:
        Constant Field Values
      • LDAP_ATTR_PROFILE_ID

        protected static final java.lang.String LDAP_ATTR_PROFILE_ID
        See Also:
        Constant Field Values
      • mBaseDN

        protected java.lang.String mBaseDN
    • Constructor Detail

      • UGSubsystem

        public UGSubsystem()
        Constructs LDAP based usr/grp management
    • Method Detail

      • getId

        public java.lang.String getId()
        Retrieves identifier of this scope.
        Specified by:
        getId in interface ISubsystem
        Specified by:
        getId in interface IUsrGrp
        Overrides:
        getId in class BaseSubsystem
        Returns:
        subsystem identifier
      • shutdown

        public void shutdown()
        Disconnects usr/grp manager from the LDAP
        Specified by:
        shutdown in interface ISubsystem
      • createUser

        public IUser createUser​(java.lang.String id)
      • createGroup

        public IGroup createGroup​(java.lang.String id)
      • getDescription

        public java.lang.String getDescription()
        Retrieves the description of this scope.
        Specified by:
        getDescription in interface IUsrGrp
        Returns:
        description
      • getUser

        public IUser getUser​(java.lang.String userID)
                      throws EUsrGrpException
        Retrieves a user from LDAP
        Specified by:
        getUser in interface IUsrGrp
        Parameters:
        userID - the user id for the given user
        Returns:
        user interface
        Throws:
        EUsrGrpException
      • findUsersByCert

        public IUser findUsersByCert​(java.lang.String filter)
                              throws EUsrGrpException
        Searchs for identities that matches the certificate locater generated filter.
        Throws:
        EUsrGrpException
      • findUsers

        public java.util.Enumeration<IUser> findUsers​(java.lang.String filter)
                                               throws EUsrGrpException
        Searchs for identities that matches the filter.
        Throws:
        EUsrGrpException
      • listUsers

        public java.util.Enumeration<IUser> listUsers​(java.lang.String filter)
                                               throws EUsrGrpException
        Searchs for identities that matches the filter. retrieves uid only, for efficiency of user listing
        Throws:
        EUsrGrpException
      • lbuildUser

        protected IUser lbuildUser​(netscape.ldap.LDAPEntry entry)
                            throws EUsrGrpException
        builds a User instance. Sets only uid for user entry retrieved from LDAP server. for listing efficiency only.
        Returns:
        the User entity.
        Throws:
        EUsrGrpException
      • buildUser

        protected IUser buildUser​(netscape.ldap.LDAPEntry entry)
                           throws EUsrGrpException
        builds a User instance. Set all attributes retrieved from LDAP server and set them on User.
        Returns:
        the User entity.
        Throws:
        EUsrGrpException
      • createUser

        protected IUser createUser​(IUsrGrp base,
                                   java.lang.String id)
      • addUser

        public void addUser​(IUser identity)
                     throws EUsrGrpException
        Adds identity. Certificates handled by a separate call to addUserCert()
        Specified by:
        addUser in interface IUsrGrp
        Parameters:
        identity - an user interface
        Throws:
        EUsrGrpException - thrown when some of the user attribute values are null
      • removeUserCert

        public void removeUserCert​(IUser identity)
                            throws EUsrGrpException
        Removes a user certificate for a user entry given a user certificate DN (actually, a combination of version, serialNumber, issuerDN, and SubjectDN), and it gets removed
        Throws:
        EUsrGrpException
      • removeUser

        public void removeUser​(java.lang.String userid)
                        throws EUsrGrpException
        Removes identity.
        Specified by:
        removeUser in interface IUsrGrp
        Parameters:
        userid - the user id for the given user
        Throws:
        EUsrGrpException - thrown when failed to remove user
      • modifyUser

        public void modifyUser​(IUser identity)
                        throws EUsrGrpException
        modifies user attributes. Certs are handled separately
        Specified by:
        modifyUser in interface IUsrGrp
        Parameters:
        identity - the user interface which contains the modified information
        Throws:
        EUsrGrpException - thrown when failed to modify user
      • listGroups

        public java.util.Enumeration<IGroup> listGroups​(java.lang.String filter)
                                                 throws EUsrGrpException
        List groups. more efficient than find Groups. only retrieves group names and description.
        Throws:
        EUsrGrpException
      • createGroup

        protected IGroup createGroup​(IUsrGrp scope,
                                     java.lang.String id)
      • getGroupFromName

        public IGroup getGroupFromName​(java.lang.String name)
        Retrieves a group from LDAP NOTE - this takes just the group name.
      • getGroup

        public IGroup getGroup​(java.lang.String groupDN)
        Retrieves a group from LDAP NOTE - LH This takes a full LDAP DN.
        Specified by:
        getGroup in interface IUsrGrp
        Parameters:
        groupDN - the given group id.
        Returns:
        the group interface
      • isGroupPresent

        public boolean isGroupPresent​(java.lang.String name)
        Checks if the given group exists
      • isMemberOf

        public boolean isMemberOf​(java.lang.String userid,
                                  java.lang.String groupname)
      • isMemberOf

        public boolean isMemberOf​(IUser id,
                                  java.lang.String name)
        Checks if the given user is a member of the given group (now runs an ldap search to find the user, instead of fetching the entire group entry)
      • isMemberOfLdapGroup

        protected boolean isMemberOfLdapGroup​(java.lang.String userid,
                                              java.lang.String groupname)
        checks if the given user DN is in the specified group by running an ldap search for the user in the group
      • removeGroup

        public void removeGroup​(java.lang.String name)
                         throws EUsrGrpException
        Removes a group. Can't remove SUPER_CERT_ADMINS
        Specified by:
        removeGroup in interface IUsrGrp
        Parameters:
        name - the group name
        Throws:
        EUsrGrpException - thrown when failed to remove the given group.
      • modifyGroup

        public void modifyGroup​(IGroup group)
                         throws EUsrGrpException
        Modifies an existing group in the database.
        Specified by:
        modifyGroup in interface IUsrGrp
        Parameters:
        group - an existing group that has been modified in memory
        Throws:
        EUsrGrpException - thrown when failed to modify the group.
      • evaluate

        public boolean evaluate​(java.lang.String type,
                                IUser id,
                                java.lang.String op,
                                java.lang.String value)
        Evalutes the given context with the attribute critieria.
        Specified by:
        evaluate in interface IIdEvaluator
        Parameters:
        type - the type of evaluator, in this case, it is group
        id - the user id for the given user
        op - operator, only "=" and "!=" are supported
        value - the name of the group, eg, "Certificate Manager Agents"
        Returns:
        true if the given user is a member of the group
      • convertUIDtoDN

        protected java.lang.String convertUIDtoDN​(java.lang.String uid)
                                           throws netscape.ldap.LDAPException
        Converts an uid attribute to a DN.
        Throws:
        netscape.ldap.LDAPException
      • isMatched

        protected boolean isMatched​(java.lang.String dn1,
                                    java.lang.String dn2)
        Checks if the given DNs are the same after normalization.
      • getCertificateStringWithoutVersion

        protected java.lang.String getCertificateStringWithoutVersion​(java.security.cert.X509Certificate cert)
        Converts certificate into string format. should eventually go into the locator itself
      • getCertificateString

        public java.lang.String getCertificateString​(java.security.cert.X509Certificate cert)
      • getUserDN

        public java.lang.String getUserDN​(java.lang.String userID)
      • returnConn

        protected void returnConn​(netscape.ldap.LDAPConnection conn)