ADSContext.java revision 040cba63ba4af5bed76846f0edb63c853b009da9
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at legal-notices/CDDLv1_0.txt.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2007-2010 Sun Microsystems, Inc.
* Portions Copyright 2012-2014 ForgeRock AS
*/
/**
* Class used to update and read the contents of the Administration Data.
*/
public class ADSContext
{
/**
* Enumeration containing the different server properties syntaxes
* that could be stored in the ADS.
*/
public enum ADSPropertySyntax
{
/**
* String syntax.
*/
/**
* Integer syntax.
*/
/**
* Boolean syntax.
*/
/**
* Certificate;binary syntax.
*/
}
/**
* Enumeration containing the different server properties that are stored in
* the ADS.
*/
public enum ServerProperty
{
/**
* The ID used to identify the server.
*/
/**
* The host name of the server.
*/
/**
* The LDAP port of the server.
*/
/**
* The JMX port of the server.
*/
/**
* The JMX secure port of the server.
*/
/**
* The LDAPS port of the server.
*/
/**
* The administration connector port of the server.
*/
/**
* The certificate used by the server.
*/
/**
* The path where the server is installed.
*/
/**
* The description of the server.
*/
/**
* The OS of the machine where the server is installed.
*/
/**
* Whether LDAP is enabled or not.
*/
/**
* Whether LDAPS is enabled or not.
*/
/**
* Whether ADMIN is enabled or not.
*/
/**
* Whether StartTLS is enabled or not.
*/
/**
* Whether JMX is enabled or not.
*/
/**
* Whether JMX is enabled or not.
*/
/**
* The location of the server.
*/
/**
* The groups to which this server belongs.
*/
/**
* The unique name of the instance key public-key certificate.
*/
/**
* The instance key-pair public-key certificate. Note: This attribute
* belongs to an instance key entry, separate from the server entry and
* named by the ds-cfg-key-id attribute from the server entry.
*/
"ds-cfg-public-key-certificate",
private ADSPropertySyntax attSyntax;
/**
* Private constructor.
* @param n the name of the attribute.
* @param s the name of the syntax.
*/
{
attrName = n;
attSyntax = s ;
}
/**
* Returns the attribute name.
* @return the attribute name.
*/
public String getAttributeName()
{
return attrName;
}
/**
* Returns the attribute syntax.
* @return the attribute syntax.
*/
public ADSPropertySyntax getAttributeSyntax()
{
return attSyntax;
}
}
/** Default global admin UID. */
/**
* Get a ServerProperty associated to a name.
* @param name The name of the property to retrieve.
*
* @return The corresponding ServerProperty or null if name
* doesn't match with an existing property.
*/
{
if (nameToServerProperty == null)
{
{
}
}
}
/**
* The list of server properties that are multivalued.
*/
new HashSet<ServerProperty>();
static
{
}
/**
* The default server group which will contain all registered servers.
*/
/**
* Enumeration containing the different server group properties that are
* stored in the ADS.
*/
public enum ServerGroupProperty
{
/**
* The UID of the server group.
*/
UID("cn"),
/**
* The description of the server group.
*/
DESCRIPTION("description"),
/**
* The members of the server group.
*/
MEMBERS("uniqueMember");
/**
* Private constructor.
* @param n the attribute name.
*/
private ServerGroupProperty(String n)
{
attrName = n;
}
/**
* Returns the attribute name.
* @return the attribute name.
*/
public String getAttributeName()
{
return attrName;
}
}
/**
* The list of server group properties that are multivalued.
*/
private final static
new HashSet<ServerGroupProperty>();
static
{
}
/**
* The enumeration containing the different Administrator properties.
*/
public enum AdministratorProperty
{
/**
* The UID of the administrator.
*/
/**
* The password of the administrator.
*/
/**
* The description of the administrator.
*/
/**
* The DN of the administrator.
*/
/**
* The administrator privilege.
*/
private ADSPropertySyntax attrSyntax;
/**
* Private constructor.
* @param n the name of the attribute.
* @param s the name of the syntax.
*/
{
attrName = n;
attrSyntax = s ;
}
/**
* Returns the attribute name.
* @return the attribute name.
*/
public String getAttributeName()
{
return attrName;
}
/**
* Returns the attribute syntax.
* @return the attribute syntax.
*/
public ADSPropertySyntax getAttributeSyntax()
{
return attrSyntax;
}
}
/**
* Get a AdministratorProperty associated to a name.
* @param name The name of the property to retrieve.
*
* @return The corresponding AdministratorProperty or null if name
* doesn't match with an existing property.
*/
{
if (nameToAdminUserProperty == null)
{
{
}
}
}
// The context used to retrieve information
private final InitialLdapContext dirContext;
/**
* Constructor of the ADSContext.
* @param dirContext the DirContext that must be used to retrieve information.
*/
{
this.dirContext = dirContext;
}
/**
* Returns the DirContext used to retrieve information by this ADSContext.
* @return the DirContext used to retrieve information by this ADSContext.
*/
public InitialLdapContext getDirContext()
{
return dirContext;
}
/**
* Method called to register a server in the ADS.
* @param serverProperties the properties of the server.
* @throws ADSContextException if the server could not be registered.
*/
throws ADSContextException
{
true);
try
{
// This check is required because by default the server container entry
// does not exist.
{
}
{
}
// register this server into "all" groups
if (memberList == null) {
}
// Update the server property "GROUPS"
if (rawGroupList != null) {
}
}
}
catch (ADSContextException ace)
{
throw ace;
}
catch (NameAlreadyBoundException x)
{
throw new ADSContextException(
}
catch (Exception x)
{
throw new ADSContextException(
}
}
/**
* Method called to update the properties of a server in the ADS.
* @param serverProperties the new properties of the server.
* @param newServerId The new server Identifier, or null.
* @throws ADSContextException if the server could not be registered.
*/
{
try
{
if (newServerId != null)
{
}
false);
attrs);
{
}
}
catch (ADSContextException ace)
{
throw ace;
}
catch (NameNotFoundException x)
{
throw new ADSContextException(
}
catch (Exception x)
{
throw new ADSContextException(
}
}
/**
* Method called to unregister a server in the ADS. Note that the server's
* instance key-pair public-key certificate entry (created in
* <tt>registerServer()</tt>)
* is left untouched.
* @param serverProperties the properties of the server.
* @throws ADSContextException if the server could not be unregistered.
*/
throws ADSContextException
{
try
{
// Unregister the server from the server groups.
{
Set<?> memberList =
if (memberList != null)
{
{
}
}
}
}
catch (NameNotFoundException x)
{
throw new ADSContextException(
}
catch (NamingException x)
{
throw new ADSContextException(
}
// Unregister the server in server groups
try
{
{
{
try
{
{
{
try
{
{
{
}
}
}
finally
{
}
}
}
}
finally
{
}
{
newAttrs);
}
else
{
newAttrs);
}
}
}
}
catch (NameNotFoundException x)
{
throw new ADSContextException(
}
catch (NoPermissionException x)
{
throw new ADSContextException(
}
catch (NamingException x)
{
throw new ADSContextException(
}
finally
{
}
}
/**
* Returns whether a given server is already registered or not.
* @param serverProperties the server properties.
* @return <CODE>true</CODE> if the server was registered and
* <CODE>false</CODE> otherwise.
* @throws ADSContextException if something went wrong.
*/
public boolean isServerAlreadyRegistered(
throws ADSContextException
{
return isExistingEntry(dn);
}
/**
* Returns whether a given administrator is already registered or not.
* @param uid the administrator UID.
* @return <CODE>true</CODE> if the administrator was registered and
* <CODE>false</CODE> otherwise.
* @throws ADSContextException if something went wrong.
*/
throws ADSContextException
{
return isExistingEntry(dn);
}
/**
* A convenience method that takes some server properties as parameter and
* if there is no server registered associated with those properties,
* registers it and if it is already registered, updates it.
* @param serverProperties the server properties.
* @return 0 if the server was registered; 1 if updated (i.e., the server
* entry was already in ADS).
* @throws ADSContextException if something goes wrong.
*/
public int registerOrUpdateServer(
{
int result = 0;
try
{
}
catch(ADSContextException x)
{
{
result = 1;
}
else
{
throw x;
}
}
return result;
}
/**
* Returns the member list of a group of server.
*
* @param serverGroupId
* The group name.
* @return the member list of a group of server.
* @throws ADSContextException
* if something goes wrong.
*/
{
try
{
{
return result;
}
{
{
continue;
}
// We have the members list
try
{
{
}
}
finally
{
}
break;
}
}
catch (NameNotFoundException x)
{
}
catch (NoPermissionException x)
{
throw new ADSContextException(
}
catch (NamingException x)
{
throw new ADSContextException(
}
finally
{
}
return result;
}
/**
* Returns a set containing the servers that are registered in the
* ADS.
*
* @return a set containing the servers that are registered in the
* ADS.
* @throws ADSContextException
* if something goes wrong.
*/
throws ADSContextException
{
try
{
{
{
try
{
boolean found = false;
{
found = true;
}
if (!found)
{
properties));
}
}
catch (NameNotFoundException x)
{
}
finally
{
}
}
}
}
catch (NameNotFoundException x)
{
throw new ADSContextException(
}
catch (NoPermissionException x)
{
throw new ADSContextException(
}
catch(NamingException x)
{
throw new ADSContextException(
}
finally
{
}
return result;
}
/**
* Creates a Server Group in the ADS.
* @param serverGroupProperties the properties of the server group to be
* created.
* @throws ADSContextException if something goes wrong.
*/
public void createServerGroup(
throws ADSContextException
{
// Add the objectclass attribute value
try
{
}
catch (NameAlreadyBoundException x)
{
throw new ADSContextException(
}
catch (NamingException x)
{
throw new ADSContextException(
}
}
/**
* Updates the properties of a Server Group in the ADS.
* @param serverGroupProperties the new properties of the server group to be
* updated.
* @param groupID The group name.
* @throws ADSContextException if something goes wrong.
*/
throws ADSContextException
{
try
{
// Entry renaming ?
{
{
// Rename to entry
+ "," + getServerGroupContainerDN());
}
// In any case, we remove the "cn" attribute.
}
if (serverGroupProperties.isEmpty())
{
return ;
}
// attribute modification
}
catch (NameNotFoundException x)
{
throw new ADSContextException(
}
catch (NameAlreadyBoundException x)
{
throw new ADSContextException(
}
catch (NamingException x)
{
throw new ADSContextException(
}
}
/**
* Updates the properties of a Server Group in the ADS.
* @param serverGroupProperties the new properties of the server group to be
* updated.
* @param groupID The group name.
* @throws ADSContextException if something goes wrong.
*/
throws ADSContextException
{
try
{
}
catch (NameAlreadyBoundException x)
{
throw new ADSContextException(
}
catch (NamingException x)
{
throw new ADSContextException(
}
}
/**
* Deletes a Server Group in the ADS.
* @param serverGroupProperties the properties of the server group to be
* deleted.
* @throws ADSContextException if something goes wrong.
*/
public void deleteServerGroup(
throws ADSContextException
{
try
{
}
catch(NamingException x)
{
throw new ADSContextException(
}
}
/**
* Returns a set containing the server groups that are defined in the ADS.
* @return a set containing the server groups that are defined in the ADS.
* @throws ADSContextException if something goes wrong.
*/
throws ADSContextException
{
try
{
sc);
{
}
}
catch (NameNotFoundException x)
{
throw new ADSContextException(
}
catch (NoPermissionException x)
{
throw new ADSContextException(
}
catch (NamingException x)
{
throw new ADSContextException(
}
finally
{
}
return result;
}
/**
* Returns a set containing the administrators that are defined in the ADS.
* @return a set containing the administrators that are defined in the ADS.
* @throws ADSContextException if something goes wrong.
*/
throws ADSContextException
{
try {
"description" };
sc);
{
}
}
catch (NameNotFoundException x)
{
throw new ADSContextException(
}
catch (NoPermissionException x)
{
throw new ADSContextException(
}
catch (NamingException x)
{
throw new ADSContextException(
}
finally
{
}
return result;
}
/**
* Creates the Administration Data in the server.
* The call to this method assumes that OpenDS.jar has already been loaded.
* So this should not be called by the Java Web Start before being sure that
* this jar is loaded.
* @param backendName the backend name which will handle admin information.
* <CODE>null</CODE> to use the default backend name for the admin
* information.
* @throws ADSContextException if something goes wrong.
*/
{
// Add the administration suffix
}
// Create container entries.
private void createAdminDataContainers() throws ADSContextException
{
// Create the DIT below the administration suffix
{
}
{
}
{
}
{
}
// Add the default "all-servers" group
{
}
// Create the CryptoManager instance key DIT below the administration suffix
{
}
// Create the CryptoManager secret key DIT below the administration suffix
{
}
}
/**
* Removes the administration data.
*
* @param removeAdministrators
* {@code true} if administrators should be removed. It may not be
* possible to remove administrators if the operation is being
* performed by one of the administrators because it will cause the
* administrator to be disconnected.
* @throws ADSContextException
* if something goes wrong.
*/
public void removeAdminData(boolean removeAdministrators)
throws ADSContextException
{
try
{
try
{
{
{
if (isExistingEntry(ldapName))
{
}
}
}
}
finally
{
try
{
tmpContext.close();
}
{
"Error while closing LDAP connection after removing admin data",
ex));
}
}
// Recreate the container entries:
}
catch(NamingException x)
{
throw new ADSContextException(
}
}
/**
* Returns <CODE>true</CODE> if the server contains Administration Data and
* <CODE>false</CODE> otherwise.
* @return <CODE>true</CODE> if the server contains Administration Data and
* <CODE>false</CODE> otherwise.
* @throws ADSContextException if something goes wrong.
*/
public boolean hasAdminData() throws ADSContextException
{
boolean hasAdminData = true;
{
}
return hasAdminData;
}
/**
* Returns the DN of the administrator for a given UID.
* @param uid the UID to be used to generate the DN.
* @return the DN of the administrator for the given UID:
*/
{
}
/**
* Creates an Administrator in the ADS.
* @param adminProperties the properties of the administrator to be created.
* @throws ADSContextException if something goes wrong.
*/
public void createAdministrator(
throws ADSContextException {
adminProperties, true, null);
try
{
}
catch (NameAlreadyBoundException x)
{
throw new ADSContextException(
}
catch (NoPermissionException x)
{
throw new ADSContextException(
}
catch (NamingException x)
{
throw new ADSContextException(
}
}
/**
* Deletes the administrator in the ADS.
* @param adminProperties the properties of the administrator to be deleted.
* @throws ADSContextException if something goes wrong.
*/
public void deleteAdministrator(
throws ADSContextException {
try
{
}
catch (NameNotFoundException x)
{
throw new ADSContextException(
}
catch (NotContextException x)
{
throw new ADSContextException(
}
catch (NoPermissionException x)
{
throw new ADSContextException(
}
catch (NamingException x)
{
throw new ADSContextException(
}
}
/**
* Updates and administrator registered in the ADS.
* @param adminProperties the new properties of the administrator.
* @param newAdminUserId The new admin user Identifier, or null.
* @throws ADSContextException if something goes wrong.
*/
public void updateAdministrator(
throws ADSContextException
{
boolean updatePassword = adminProperties
try
{
// Entry renaming
if (newAdminUserId != null)
{
dnCentralAdmin = newDn ;
}
// if modification includes 'privilege', we have to get first the
// current privileges list.
{
try
{
{
.getAll();
}
}
finally
{
}
}
// Replace properties, if needed.
{
}
}
catch (NameNotFoundException x)
{
throw new ADSContextException(
}
catch (NoPermissionException x)
{
throw new ADSContextException(
}
catch (NamingException x)
{
throw new ADSContextException(
}
finally
{
}
}
/**
* Returns the DN of the suffix that contains the administration data.
* @return the DN of the suffix that contains the administration data.
*/
public static String getAdministrationSuffixDN()
{
return "cn=admin data";
}
/**
* This method returns the DN of the entry that corresponds to the given host
* name and installation path.
* @param hostname the host name.
* @param ipath the installation path.
* @return the DN of the entry that corresponds to the given host name and
* installation path.
* @throws ADSContextException if something goes wrong.
*/
{
}
/**
* This method returns the DN of the entry that corresponds to the given host
* name port representation.
* @param serverUniqueId the host name and port.
* @return the DN of the entry that corresponds to the given host name and
* port.
* @throws ADSContextException if something goes wrong.
*/
throws ADSContextException
{
}
/**
* This method returns the DN of the entry that corresponds to the given
* server group properties.
* @param serverGroupProperties the server group properties
* @return the DN of the entry that corresponds to the given server group
* properties.
* @throws ADSContextException if something goes wrong.
*/
private static LdapName makeDNFromServerGroupProperties(
throws ADSContextException
{
if (serverGroupId == null)
{
}
}
/**
* This method returns the DN of the entry that corresponds to the given
* server properties.
* @param serverProperties the server properties.
* @return the DN of the entry that corresponds to the given server
* properties.
* @throws ADSContextException if something goes wrong.
*/
private static LdapName makeDNFromServerProperties(
{
{
return makeDNFromServerUniqueId(serverID);
}
try
{
}
catch (ADSContextException ace)
{
return makeDNFromServerUniqueId(s.getHostPort(true));
}
}
/**
* This method returns the DN of the entry that corresponds to the given
* server properties.
* @param serverProperties the server properties.
* @return the DN of the entry that corresponds to the given server
* properties.
* @throws ADSContextException if something goes wrong.
*/
public static String getServerIdFromServerProperties(
{
}
/**
* This method returns the DN of the entry that corresponds to the given
* administrator properties.
* @param adminProperties the administrator properties.
* @return the DN of the entry that corresponds to the given administrator
* properties.
* @throws ADSContextException if something goes wrong.
*/
private static LdapName makeDNFromAdministratorProperties(
throws ADSContextException
{
}
/**
* This method returns the DN of the entry that corresponds to the given
* administrator properties.
* @param adminUid the administrator uid.
* @return the DN of the entry that corresponds to the given administrator
* properties.
* @throws ADSContextException if something goes wrong.
*/
throws ADSContextException
{
return nameFromDN(dnCentralAdmin);
}
/**
* Returns the attributes for some administrator properties.
* @param adminProperties the administrator properties.
* @param passwordRequired Indicates if the properties should include
* the password.
* @param currentPrivileges The current privilege list or null.
* @return the attributes for the given administrator properties.
* @throws ADSContextException if something goes wrong.
*/
private static BasicAttributes makeAttrsFromAdministratorProperties(
throws ADSContextException
{
if (passwordRequired)
{
}
{
}
{
// We assume that privilege strings provided in
// AdministratorProperty.PRIVILEGE
// are valid privileges represented as a LinkedList of string.
if (currentPrivileges != null)
{
while (currentPrivileges.hasMoreElements())
{
}
}
for( Object o : privileges)
{
if (p.startsWith("-"))
{
}
else
{
privilegeAtt.add(p);
}
}
}
else
{
}
// Add the RootDNs Password policy so the password do not expire.
"cn=Root Password Policy,cn=Password Policies,cn=config");
return attrs;
}
/**
* Builds an attribute which contains 'root' privileges.
* @return The attribute which contains 'root' privileges.
*/
private static Attribute addRootPrivileges()
{
return privilege;
}
/**
* Returns the attributes for some server properties.
* @param serverProperties the server properties.
* @param addObjectClass Indicates if the object class has to be added.
* @return the attributes for the given server properties.
*/
private static BasicAttributes makeAttrsFromServerProperties(
{
// Transform 'properties' into 'attributes'
{
{
}
}
if (addObjectClass)
{
// Add the objectclass attribute value
// TODO: use another structural objectclass
}
return result;
}
/**
* Returns the attribute for a given server property.
* @param property the server property.
* @param value the value.
* @return the attribute for a given server property.
*/
{
switch(property)
{
break;
case GROUPS:
}
break;
default:
}
return result;
}
/**
* Returns the attributes for some server group properties.
* @param serverGroupProperties the server group properties.
* @return the attributes for the given server group properties.
*/
private static BasicAttributes makeAttrsFromServerGroupProperties(
{
// Transform 'properties' into 'attributes'
{
{
}
}
return result;
}
/**
* Returns the attributes for some server group properties.
* @param serverGroupProperties the server group properties.
* @return the attributes for the given server group properties.
*/
private static BasicAttributes makeAttrsFromServerGroupProperties(
{
// Transform 'properties' into 'attributes'
{
{
}
}
return result;
}
/**
* Returns the attribute for a given server group property.
* @param property the server group property.
* @param value the value.
* @return the attribute for a given server group property.
*/
private static Attribute makeAttrFromServerGroupProperty(
{
switch(property)
{
case MEMBERS:
result = new BasicAttribute(
}
break;
default:
}
return result;
}
/**
* Returns the properties of a server group for some LDAP attributes.
* @param attrs the LDAP attributes.
* @return the properties of a server group for some LDAP attributes.
* @throws ADSContextException if something goes wrong.
*/
{
try
{
{
{
continue ;
}
{
try
{
{
}
}
finally
{
}
}
else
{
}
}
}
catch(NamingException x)
{
throw new ADSContextException(
}
return result;
}
/**
* Returns the properties of a server for some LDAP attributes.
* @param attrs the LDAP attributes.
* @return the properties of a server for some LDAP attributes.
* @throws ADSContextException if something goes wrong.
*/
{
try
{
{
{
}
{
if (attrID.equalsIgnoreCase(v))
{
}
}
{
// Do not handle it
}
else
{
{
try
{
{
}
}
finally
{
}
}
else
{
}
}
}
}
catch(NamingException x)
{
throw new ADSContextException(
}
return result;
}
/**
* Returns the properties of an administrator for some rdn and LDAP
* attributes.
* @param rdn the RDN.
* @param attrs the LDAP attributes.
* @return the properties of an administrator for the given rdn and LDAP
* attributes.
* @throws ADSContextException if something goes wrong.
*/
throws ADSContextException
{
try
{
{
}
{
}
{
}
{
while (attValueList.hasMoreElements())
{
}
}
}
}
catch(NamingException x)
{
throw new ADSContextException(
}
finally
{
}
return result;
}
/**
* Returns the parent entry of the server entries.
* @return the parent entry of the server entries.
*/
public static String getServerContainerDN()
{
return "cn=Servers," + getAdministrationSuffixDN();
}
/**
* Returns the parent entry of the administrator entries.
* @return the parent entry of the administrator entries.
*/
public static String getAdministratorContainerDN()
{
return "cn=Administrators," + getAdministrationSuffixDN();
}
/**
* Returns the parent entry of the server group entries.
* @return the parent entry of the server group entries.
*/
public static String getServerGroupContainerDN()
{
return "cn=Server Groups," + getAdministrationSuffixDN();
}
/**
* Returns the all server group entry DN.
* @return the all server group entry DN.
*/
private static String getAllServerGroupDN()
{
"," + getServerGroupContainerDN();
}
/**
* Returns the host name for the given properties.
* @param serverProperties the server properties.
* @return the host name for the given properties.
* @throws ADSContextException if the host name could not be found or its
* value is not valid.
*/
private static String getHostname(
{
{
throw new ADSContextException(
}
{
throw new ADSContextException(
}
return result;
}
/**
* Returns the Server ID for the given properties.
* @param serverProperties the server properties.
* @return the server ID for the given properties or null.
*/
private static String getServerID(
{
{
{
}
}
return result;
}
/**
* Returns the install path for the given properties.
* @param serverProperties the server properties.
* @return the install path for the given properties.
* @throws ADSContextException if the install path could not be found or its
* value is not valid.
*/
private static String getInstallPath(
{
{
throw new ADSContextException(
}
{
throw new ADSContextException(
}
return result;
}
/**
* Returns the Administrator UID for the given properties.
* @param adminProperties the server properties.
* @return the Administrator UID for the given properties.
* @throws ADSContextException if the administrator UID could not be found.
*/
private static String getAdministratorUID(
throws ADSContextException {
{
throw new ADSContextException(
}
return result;
}
/**
* Returns the Administrator password for the given properties.
* @param adminProperties the server properties.
* @return the Administrator password for the given properties.
* @throws ADSContextException if the administrator password could not be
* found.
*/
private static String getAdministratorPassword(
throws ADSContextException {
{
throw new ADSContextException(
}
return result;
}
//
// LDAP utilities
//
/**
* Returns the LdapName object for the given dn.
* @param dn the DN.
* @return the LdapName object for the given dn.
* @throws ADSContextException if a valid LdapName could not be retrieved
* for the given dn.
*/
{
try
{
}
catch (InvalidNameException x)
{
throw new ADSContextException(
}
return result;
}
/**
* Returns the String rdn for the given search result name.
* @param rdnName the search result name.
* @return the String rdn for the given search result name.
* @throws ADSContextException if a valid String rdn could not be retrieved
* for the given result name.
*/
{
//
// Transform the JNDI name into a RDN string
//
try {
}
catch (InvalidNameException x)
{
throw new ADSContextException(
}
return rdn;
}
/**
* Tells whether an entry with the provided DN exists.
* @param dn the DN to check.
* @return <CODE>true</CODE> if the entry exists and <CODE>false</CODE> if
* it does not.
* @throws ADSContextException if an error occurred while checking if the
* entry exists or not.
*/
{
boolean result;
try
{
result = false;
try
{
{
result = true;
}
}
finally
{
}
}
catch (NameNotFoundException x)
{
result = false;
}
catch (NoPermissionException x)
{
throw new ADSContextException(
}
{
throw new ADSContextException(
}
return result;
}
/**
* Creates a container entry with the given dn.
* @param dn the entry of the new entry to be created.
* @throws ADSContextException if the entry could not be created.
*/
{
}
/**
* Creates the administrator container entry.
* @throws ADSContextException if the entry could not be created.
*/
private void createAdministratorContainerEntry() throws ADSContextException
{
"??one?(objectclass=*)");
}
/**
* Creates the top container entry.
* @throws ADSContextException if the entry could not be created.
*/
private void createTopContainerEntry() throws ADSContextException
{
}
/**
* Creates an entry with the provided dn and attributes.
* @param dn the dn of the entry.
* @param attrs the attributes of the entry.
* @throws ADSContextException if the entry could not be created.
*/
throws ADSContextException {
try
{
}
catch(NamingException x)
{
throw new ADSContextException(
}
}
/**
* Creates the Administration Suffix.
* @param backendName the backend name to be used for the Administration
* Suffix. If this value is null the default backendName for the
* Administration Suffix will be used.
* @throws ADSContextException if something goes wrong.
*/
throws ADSContextException
{
if (backendName == null)
{
ben = getDefaultBackendName() ;
}
}
/**
* Removes the administration suffix.
* @throws ADSContextException if something goes wrong.
*/
//private void removeAdministrationSuffix() throws ADSContextException
//{
//ADSContextHelper helper = new ADSContextHelper();
//helper.removeAdministrationSuffix(getDirContext(),
//getDefaultBackendName());
//}
/**
* Returns the default backend name of the administration data.
* @return the default backend name of the administration data.
*/
public static String getDefaultBackendName()
{
return "adminRoot";
}
/**
* Returns the LDIF file of the administration data.
* @return the LDIF file of the administration data.
*/
public static String getAdminLDIFFile()
{
}
/*
*** CryptoManager related types, fields, and methods. ***
*/
/**
Returns the parent entry of the server key entries in ADS.
@return the parent entry of the server key entries in ADS.
*/
public static String getInstanceKeysContainerDN()
{
return "cn=instance keys," + getAdministrationSuffixDN();
}
/**
Returns the parent entry of the secret key entries in ADS.
@return the parent entry of the secret key entries in ADS.
*/
public static String getSecretKeysContainerDN()
{
return "cn=secret keys," + getAdministrationSuffixDN();
}
/**
* Tells whether the provided server is registered in the registry.
* @param server the server.
* @param registry the registry.
* @return <CODE>true</CODE> if the server is registered in the registry
* and <CODE>false</CODE> otherwise.
*/
public static boolean isRegistered(
{
boolean isRegistered = false;
{
{
isRegistered = true;
break;
}
}
return isRegistered;
}
/**
Register instance key-pair public-key certificate provided in
serverProperties: generate a key-id attribute if one is not provided (as
expected); add an instance key public-key certificate entry for the key
certificate; and associate the certificate entry with the server entry via
the key ID attribute.
@param serverProperties Properties of the server being registered to which
the instance key entry belongs.
@param serverEntryDn The server's ADS entry DN.
@throws NamingException In case some JNDI operation fails.
@throws CryptoManager.CryptoManagerException In case there is a problem
getting the instance public key certificate ID.
*/
private void registerInstanceKeyCertificate(
throws ADSContextException {
}
/**
Unregister instance key-pair public-key certificate provided in
serverProperties..
@param serverProperties Properties of the server being unregistered to which
the instance key entry belongs.
@param serverEntryDn The server's ADS entry DN.
@throws NamingException In case some JNDI operation fails.
*/
@SuppressWarnings("unused")
private void unregisterInstanceKeyCertificate(
throws ADSContextException {
}
/**
Return the set of valid (i.e., not tagged as compromised) instance key-pair
public-key certificate entries in ADS.
NOTE: calling this method assumes that all the jar files are present in the
classpath.
@return The set of valid (i.e., not tagged as compromised) instance key-pair
public-key certificate entries in ADS represented as a Map from ds-cfg-key-id
value to ds-cfg-public-key-certificate;binary value. Note that the collection
might be empty.
@throws ADSContextException in case of problems with the entry search.
@see org.opends.server.crypto.CryptoManagerImpl#getTrustedCertificates
*/
throws ADSContextException
{
try {
final String FILTER_OC_INSTANCE_KEY
= new StringBuilder("(objectclass=")
.getAttributeName() + ";binary"};
try
{
while (keyEntries.hasMore()) {
{
continue;// schema viol.
}
(byte[])keyCertAttr.get());
}
}
finally
{
try
{
keyEntries.close();
}
{
"Unexpected error closing enumeration on ADS key pairs", ex));
}
}
}
catch (NamingException x) {
throw new ADSContextException(
}
return certificateMap;
}
/**
* Merge the contents of this ADSContext with the contents of the provided
* ADSContext. Note that only the contents of this ADSContext will be
* updated.
* @param adsCtx the other ADSContext to merge the contents with.
* @throws ADSContextException if there was an error during the merge.
*/
{
try
{
// Merge administrators.
// Merge groups.
// Merge servers.
}
catch (ADSContextException adce)
{
adce.getMessageObject());
throw new ADSContextException(
}
}
/**
* Merge the administrator contents of this ADSContext with the contents of
* the provided ADSContext. Note that only the contents of this ADSContext
* will be updated.
* @param adsCtx the other ADSContext to merge the contents with.
* @throws ADSContextException if there was an error during the merge.
*/
{
{
{
}
}
if (!notDefinedAdmins.isEmpty())
{
}
}
/**
* Merge the groups contents of this ADSContext with the contents of the
* provided ADSContext. Note that only the contents of this ADSContext will
* be updated.
* @param adsCtx the other ADSContext to merge the contents with.
* @throws ADSContextException if there was an error during the merge.
*/
{
{
{
{
break;
}
}
{
// Merge the members, keep the description on this ADS.
if (member1List == null)
{
}
{
}
}
else
{
}
}
}
/**
* Merge the server contents of this ADSContext with the contents of the
* provided ADSContext. Note that only the contents of this ADSContext will
* be updated.
* @param adsCtx the other ADSContext to merge the contents with.
* @throws ADSContextException if there was an error during the merge.
*/
{
{
if (!isServerAlreadyRegistered(server2))
{
}
}
}
throws ADSContextException
{
{
try
{
}
catch (NamingException ex)
{
throw new ADSContextException(
}
}
}
}