Class UGSubsystem


  • public class UGSubsystem
    extends java.lang.Object
    This class defines low-level LDAP usr/grp management usr/grp information is located remotely on another LDAP server.
    Version:
    $Revision$, $Date$
    Author:
    thomask, cfu
    • Constructor Summary

      Constructors 
      Constructor Description
      UGSubsystem()
      Constructs LDAP based usr/grp management
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void addGroup​(Group group)
      Adds a group of identities.
      void addSeeAlso​(java.lang.String userID, java.lang.String value)  
      void addUser​(User user)
      Adds identity.
      void addUserCert​(java.lang.String userID, java.security.cert.X509Certificate cert)
      adds a user certificate to user
      void addUserToGroup​(Group grp, java.lang.String userid)  
      protected Group buildGroup​(netscape.ldap.LDAPEntry entry)
      builds an instance of a Group entry
      protected java.util.Enumeration<Group> buildGroups​(netscape.ldap.LDAPSearchResults res)  
      protected User buildUser​(netscape.ldap.LDAPEntry entry)
      builds a User instance.
      protected java.util.Enumeration<User> buildUsers​(netscape.ldap.LDAPSearchResults res)  
      protected java.lang.String convertUIDtoDN​(java.lang.String uid)
      Converts an uid attribute to a DN.
      Group createGroup​(java.lang.String id)  
      User createUser​(java.lang.String id)  
      boolean evaluate​(java.lang.String type, User id, java.lang.String op, java.lang.String value)
      Evalutes the given context with the attribute critieria.
      Group findGroup​(java.lang.String filter)  
      java.util.Enumeration<Group> findGroups​(java.lang.String filter)
      Finds groups.
      java.util.Enumeration<Group> findGroupsByUser​(java.lang.String userDn, java.lang.String filter)  
      User findUser​(java.security.cert.X509Certificate cert)
      Locates a user by certificate.
      java.util.Enumeration<User> findUsers​(java.lang.String filter)  
      User findUsersByCert​(java.lang.String filter)
      Searchs for identities that matches the certificate locater generated filter.
      java.util.Enumeration<User> findUsersByKeyword​(java.lang.String keyword)
      Searchs for identities that matches the filter.
      java.lang.String getCertificateString​(java.security.cert.X509Certificate cert)  
      protected java.lang.String getCertificateStringWithoutVersion​(java.security.cert.X509Certificate cert)
      Converts certificate into string format.
      protected netscape.ldap.LDAPConnection getConn()  
      Group getGroup​(java.lang.String groupDN)
      Retrieves a group from LDAP NOTE - LH This takes a full LDAP DN.
      Group getGroupFromName​(java.lang.String name)
      Retrieves a group from LDAP NOTE - this takes just the group name.
      User getUser​(java.lang.String userID)
      Retrieves a user from LDAP
      java.lang.String getUserDN​(java.lang.String userID)  
      void init​(PKISocketConfig socketConfig, UGSubsystemConfig config, IPasswordStore passwordStore)  
      boolean isGroupPresent​(java.lang.String name)
      Checks if the given group exists
      protected boolean isMatched​(java.lang.String dn1, java.lang.String dn2)
      Checks if the given DNs are the same after normalization.
      boolean isMemberOf​(User id, java.lang.String name)
      Checks if the given user is a member of the given group (now runs an ldap search to find the user, instead of fetching the entire group entry)
      boolean isMemberOf​(java.lang.String userid, java.lang.String groupname)  
      protected boolean isMemberOfLdapGroup​(java.lang.String userid, java.lang.String groupname)
      checks if the given user DN is in the specified group by running an ldap search for the user in the group
      protected User lbuildUser​(netscape.ldap.LDAPEntry entry)
      builds a User instance.
      protected java.util.Enumeration<User> lbuildUsers​(netscape.ldap.LDAPSearchResults res)  
      java.util.Enumeration<Group> listGroups​(java.lang.String filter)
      List groups.
      java.util.Enumeration<User> listUsers​(java.lang.String filter)
      Searchs for identities that matches the filter.
      void modifyGroup​(Group group)
      Modifies an existing group in the database.
      void modifyUser​(User identity)
      modifies user attributes.
      void removeGroup​(java.lang.String name)
      Removes a group.
      void removeSeeAlso​(java.lang.String userID, java.lang.String value)  
      void removeUser​(java.lang.String userid)
      Removes identity.
      void removeUserCert​(User identity)
      Removes a user certificate for a user entry given a user certificate DN (actually, a combination of version, serialNumber, issuerDN, and SubjectDN), and it gets removed
      void removeUserFromGroup​(Group grp, java.lang.String userid)  
      protected void returnConn​(netscape.ldap.LDAPConnection conn)  
      void shutdown()
      Disconnects usr/grp manager from the LDAP
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • logger

        public static org.slf4j.Logger logger
      • SUPER_CERT_ADMINS

        public static final java.lang.String SUPER_CERT_ADMINS
        See Also:
        Constant Field Values
      • OBJECTCLASS_ATTR

        protected static final java.lang.String OBJECTCLASS_ATTR
        See Also:
        Constant Field Values
      • GROUP_ATTR_VALUE

        protected static final java.lang.String GROUP_ATTR_VALUE
        See Also:
        Constant Field Values
      • LDAP_ATTR_USER_CERT_STRING

        protected static final java.lang.String LDAP_ATTR_USER_CERT_STRING
        See Also:
        Constant Field Values
      • LDAP_ATTR_CERTDN

        protected static final java.lang.String LDAP_ATTR_CERTDN
        See Also:
        Constant Field Values
      • LDAP_ATTR_USER_CERT

        protected static final java.lang.String LDAP_ATTR_USER_CERT
        See Also:
        Constant Field Values
      • LDAP_ATTR_PROFILE_ID

        protected static final java.lang.String LDAP_ATTR_PROFILE_ID
        See Also:
        Constant Field Values
      • mBaseDN

        protected java.lang.String mBaseDN
    • Constructor Detail

      • UGSubsystem

        public UGSubsystem()
        Constructs LDAP based usr/grp management
    • Method Detail

      • shutdown

        public void shutdown()
        Disconnects usr/grp manager from the LDAP
      • createUser

        public User createUser​(java.lang.String id)
      • createGroup

        public Group createGroup​(java.lang.String id)
      • findUsersByCert

        public User findUsersByCert​(java.lang.String filter)
                             throws EUsrGrpException
        Searchs for identities that matches the certificate locater generated filter.
        Throws:
        EUsrGrpException
      • findUsersByKeyword

        public java.util.Enumeration<User> findUsersByKeyword​(java.lang.String keyword)
                                                       throws EUsrGrpException
        Searchs for identities that matches the filter.
        Throws:
        EUsrGrpException
      • listUsers

        public java.util.Enumeration<User> listUsers​(java.lang.String filter)
                                              throws EUsrGrpException
        Searchs for identities that matches the filter. retrieves uid only, for efficiency of user listing
        Throws:
        EUsrGrpException
      • lbuildUser

        protected User lbuildUser​(netscape.ldap.LDAPEntry entry)
                           throws EUsrGrpException
        builds a User instance. Sets only uid for user entry retrieved from LDAP server. for listing efficiency only.
        Returns:
        the User entity.
        Throws:
        EUsrGrpException
      • buildUser

        protected User buildUser​(netscape.ldap.LDAPEntry entry)
                          throws EUsrGrpException
        builds a User instance. Set all attributes retrieved from LDAP server and set them on User.
        Returns:
        the User entity.
        Throws:
        EUsrGrpException
      • addUserCert

        public void addUserCert​(java.lang.String userID,
                                java.security.cert.X509Certificate cert)
                         throws EUsrGrpException
        adds a user certificate to user
        Throws:
        EUsrGrpException
      • removeUserCert

        public void removeUserCert​(User identity)
                            throws EUsrGrpException
        Removes a user certificate for a user entry given a user certificate DN (actually, a combination of version, serialNumber, issuerDN, and SubjectDN), and it gets removed
        Throws:
        EUsrGrpException
      • listGroups

        public java.util.Enumeration<Group> listGroups​(java.lang.String filter)
                                                throws EUsrGrpException
        List groups. more efficient than find Groups. only retrieves group names and description.
        Throws:
        EUsrGrpException
      • getGroupFromName

        public Group getGroupFromName​(java.lang.String name)
        Retrieves a group from LDAP NOTE - this takes just the group name.
      • getGroup

        public Group getGroup​(java.lang.String groupDN)
        Retrieves a group from LDAP NOTE - LH This takes a full LDAP DN.
      • isGroupPresent

        public boolean isGroupPresent​(java.lang.String name)
        Checks if the given group exists
      • isMemberOf

        public boolean isMemberOf​(java.lang.String userid,
                                  java.lang.String groupname)
      • isMemberOf

        public boolean isMemberOf​(User id,
                                  java.lang.String name)
        Checks if the given user is a member of the given group (now runs an ldap search to find the user, instead of fetching the entire group entry)
      • isMemberOfLdapGroup

        protected boolean isMemberOfLdapGroup​(java.lang.String userid,
                                              java.lang.String groupname)
        checks if the given user DN is in the specified group by running an ldap search for the user in the group
      • removeGroup

        public void removeGroup​(java.lang.String name)
                         throws EUsrGrpException
        Removes a group. Can't remove SUPER_CERT_ADMINS
        Throws:
        EUsrGrpException
      • modifyGroup

        public void modifyGroup​(Group group)
                         throws EUsrGrpException
        Modifies an existing group in the database.
        Parameters:
        group - an existing group that has been modified in memory
        Throws:
        EUsrGrpException
      • evaluate

        public boolean evaluate​(java.lang.String type,
                                User id,
                                java.lang.String op,
                                java.lang.String value)
        Evalutes the given context with the attribute critieria.
      • convertUIDtoDN

        protected java.lang.String convertUIDtoDN​(java.lang.String uid)
                                           throws netscape.ldap.LDAPException
        Converts an uid attribute to a DN.
        Throws:
        netscape.ldap.LDAPException
      • isMatched

        protected boolean isMatched​(java.lang.String dn1,
                                    java.lang.String dn2)
        Checks if the given DNs are the same after normalization.
      • getCertificateStringWithoutVersion

        protected java.lang.String getCertificateStringWithoutVersion​(java.security.cert.X509Certificate cert)
        Converts certificate into string format. should eventually go into the locator itself
      • getCertificateString

        public java.lang.String getCertificateString​(java.security.cert.X509Certificate cert)
      • getUserDN

        public java.lang.String getUserDN​(java.lang.String userID)
      • returnConn

        protected void returnConn​(netscape.ldap.LDAPConnection conn)