>From 392f22cd77497434e6db9af73399b4593124fdb1 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Thu, 17 Jul 2014 00:24:06 -0400 Subject: [PATCH] change ProfileSubsystem to use LDAP database --- .../dogtagpki/server/ca/rest/ProfileService.java | 14 +- base/server/cmsbundle/src/UserMessages.properties | 2 + .../com/netscape/cmscore/base/FileConfigStore.java | 4 +- .../netscape/cmscore/profile/ProfileSubsystem.java | 175 ++++++++++++--------- 4 files changed, 108 insertions(+), 87 deletions(-) diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/ProfileService.java b/base/ca/src/org/dogtagpki/server/ca/rest/ProfileService.java index 3b2f8a50ebcd18fe0098b2e92e0300645b904fa3..cf0d4db7f8bed44baf6d2abbf70a61406ddb4b7c 100644 --- a/base/ca/src/org/dogtagpki/server/ca/rest/ProfileService.java +++ b/base/ca/src/org/dogtagpki/server/ca/rest/ProfileService.java @@ -18,7 +18,6 @@ package org.dogtagpki.server.ca.rest; -import java.io.File; import java.io.IOException; import java.net.URI; import java.security.Principal; @@ -244,7 +243,7 @@ public class ProfileService extends PKIService implements ProfileResource { data.setAuthenticatorId(profile.getAuthenticatorId()); data.setAuthzAcl(profile.getAuthzAcl()); - data.setClassId(cs.getString(profileId + ".class_id")); + data.setClassId(ps.getProfileClassId(profileId)); data.setDescription(profile.getDescription(getLocale(headers))); data.setEnabled(ps.isProfileEnable(profileId)); data.setEnabledBy(ps.getProfileEnableBy(profileId)); @@ -472,18 +471,15 @@ public class ProfileService extends PKIService implements ProfileResource { auditParams.put("description", data.getDescription()); auditParams.put("visible", Boolean.toString(data.isVisible())); - String config = CMS.getConfigStore().getString("instanceRoot") + "/ca/profiles/ca/" + - profileId + ".cfg"; - File configFile = new File(config); - configFile.createNewFile(); IPluginInfo info = registry.getPluginInfo("profile", data.getClassId()); - profile = ps.createProfile(profileId, data.getClassId(), info.getClassName(), config); + String dn = "cn=" + profileId + ",ou=certProfiles," + + CMS.getConfigStore().getString("internaldb.basedn"); + profile = ps.createProfile(profileId, data.getClassId(), info.getClassName(), dn); profile.setName(getLocale(headers), data.getName()); profile.setDescription(getLocale(headers), data.getDescription()); profile.setVisible(data.isVisible()); profile.getConfigStore().commit(false); - ps.createProfileConfig(profileId, data.getClassId(), config); if (profile instanceof IProfileEx) { // populates profile specific plugins such as @@ -504,7 +500,7 @@ public class ProfileService extends PKIService implements ProfileResource { return createCreatedResponse(profileData, profileData.getLink().getHref()); - } catch (EBaseException | IOException e) { + } catch (EBaseException e) { CMS.debug("createProfile: error in creating profile: " + e); e.printStackTrace(); diff --git a/base/server/cmsbundle/src/UserMessages.properties b/base/server/cmsbundle/src/UserMessages.properties index fe43094e6b2a0531502570bc626da557fc9061ae..cd7fa18bfb1e17bc4ab4aa9e0dac06f815861291 100644 --- a/base/server/cmsbundle/src/UserMessages.properties +++ b/base/server/cmsbundle/src/UserMessages.properties @@ -754,6 +754,8 @@ CMS_PROFILE_CONFIG_KEY_USAGE_EXTENSION_CHECKING=Allow duplicate subject names wi CMS_PROFILE_INTERNAL_ERROR=Profile internal error: {0} CMS_PROFILE_DENY_OPERATION=Not authorized to do this operation. CMS_PROFILE_DELETE_ENABLEPROFILE=Cannot delete enabled profile: {0} +CMS_PROFILE_DELETE_UNKNOWNPROFILE=Cannot delete unknown profile: {0} +CMS_PROFILE_DELETE_DATABASEERROR=Failed to delete profile: {0} CMS_PROFILE_INVALID_REQUEST=Invalid Request CMS_PROFILE_EMPTY_REQUEST_TYPE=Request type is not specified. Check your profile input. CMS_PROFILE_CREATE_POLICY_FAILED=Failed to create profile policy: {0} diff --git a/base/server/cmscore/src/com/netscape/cmscore/base/FileConfigStore.java b/base/server/cmscore/src/com/netscape/cmscore/base/FileConfigStore.java index b77f86d781995e27bb0fe16135fc45a7d6fc4da3..4f8cb2743fdecc354338042a5219a9aaf6e27880 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/base/FileConfigStore.java +++ b/base/server/cmscore/src/com/netscape/cmscore/base/FileConfigStore.java @@ -33,12 +33,10 @@ import com.netscape.cmsutil.util.Utils; /** * FileConfigStore: - * Extends HashConfigStore with methods to load/save from/to file for + * Extends PropConfigStore with methods to load/save from/to file for * persistent storage. This is a configuration store agent who * reads data from a file. *

- * Note that a LdapConfigStore can be implemented so that it reads the configuration stores from the Ldap directory. - *

* * @version $Revision$, $Date$ * @see PropConfigStore diff --git a/base/server/cmscore/src/com/netscape/cmscore/profile/ProfileSubsystem.java b/base/server/cmscore/src/com/netscape/cmscore/profile/ProfileSubsystem.java index 27e72352ef22c742b5ea09a180d440d58452dd49..aaa3b29b46ae4579a59cee9f5f7bab750a40a057 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/profile/ProfileSubsystem.java +++ b/base/server/cmscore/src/com/netscape/cmscore/profile/ProfileSubsystem.java @@ -17,26 +17,30 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.profile; -import java.io.File; import java.util.Enumeration; import java.util.Hashtable; -import java.util.StringTokenizer; import java.util.Vector; +import netscape.ldap.LDAPAttribute; +import netscape.ldap.LDAPConnection; +import netscape.ldap.LDAPEntry; +import netscape.ldap.LDAPException; +import netscape.ldap.LDAPSearchResults; + import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.ISubsystem; +import com.netscape.certsrv.ldap.ELdapException; +import com.netscape.certsrv.ldap.ILdapConnFactory; import com.netscape.certsrv.profile.EProfileException; import com.netscape.certsrv.profile.IProfile; import com.netscape.certsrv.profile.IProfileSubsystem; import com.netscape.certsrv.registry.IPluginInfo; import com.netscape.certsrv.registry.IPluginRegistry; +import com.netscape.cmscore.base.LDAPConfigStore; public class ProfileSubsystem implements IProfileSubsystem { - private static final String PROP_LIST = "list"; - private static final String PROP_CLASS_ID = "class_id"; - private static final String PROP_CONFIG = "config"; private static final String PROP_CHECK_OWNER = "checkOwner"; private static final String PROP_ENABLE = "enable"; @@ -45,9 +49,12 @@ public class ProfileSubsystem implements IProfileSubsystem { private IConfigStore mConfig = null; @SuppressWarnings("unused") private ISubsystem mOwner; - private Vector mProfileIds = new Vector(); - private Hashtable mProfiles = new Hashtable(); - private Hashtable mProfileClassIds = new Hashtable(); + private Vector mProfileIds; + private Hashtable mProfiles; + private Hashtable mProfileClassIds; + private Hashtable mProfileDNs; + + private ILdapConnFactory dbFactory; /** * Retrieves the name of this subsystem. @@ -74,9 +81,21 @@ public class ProfileSubsystem implements IProfileSubsystem { public void init(ISubsystem owner, IConfigStore config) throws EBaseException { CMS.debug("ProfileSubsystem: start init"); + + // (re)init member collections + mProfileIds = new Vector(); + mProfiles = new Hashtable(); + mProfileClassIds = new Hashtable(); + mProfileDNs = new Hashtable(); + IPluginRegistry registry = (IPluginRegistry) CMS.getSubsystem(CMS.SUBSYSTEM_REGISTRY); + IConfigStore cs = CMS.getConfigStore(); + IConfigStore dbCfg = cs.getSubStore("internaldb"); + dbFactory = CMS.getLdapBoundConnFactory(); + dbFactory.init(dbCfg); + mConfig = config; mOwner = owner; @@ -88,24 +107,45 @@ public class ProfileSubsystem implements IProfileSubsystem { // *.profile2.config=config/profiles/profile2.cfg // read profile id, implementation, and its configuration files - String ids = config.getString(PROP_LIST, ""); - StringTokenizer st = new StringTokenizer(ids, ","); - - while (st.hasMoreTokens()) { - String id = st.nextToken(); - IConfigStore subStore = config.getSubStore(id); - String classid = subStore.getString(PROP_CLASS_ID); - IPluginInfo info = registry.getPluginInfo("profile", classid); - if (info == null) { - throw new EBaseException("No plugins for type : profile, with id " + classid); - } - String configPath = subStore.getString(PROP_CONFIG); + String basedn = cs.getString("internaldb.basedn"); + String dn = "ou=certProfiles," + basedn; + LDAPConnection conn = dbFactory.getConn(); + + String[] attrs = {"cn", "classId"}; + try { + LDAPSearchResults ldapProfiles = conn.search( + dn, LDAPConnection.SCOPE_ONE, "(objectclass=*)", attrs, false); + + while (ldapProfiles.hasMoreElements()) { + LDAPEntry ldapProfile = ldapProfiles.next(); + + String id = (String) + ldapProfile.getAttribute("cn").getStringValues().nextElement(); + + String classid = (String) + ldapProfile.getAttribute("classId").getStringValues().nextElement(); - CMS.debug("Start Profile Creation - " + id + " " + classid + " " + info.getClassName()); - createProfile(id, classid, info.getClassName(), - configPath); + IPluginInfo info = registry.getPluginInfo("profile", classid); + if (info == null) { + throw new EBaseException("No plugins for type : profile, with id " + classid); + } - CMS.debug("Done Profile Creation - " + id); + CMS.debug("Start Profile Creation - " + id + " " + classid + " " + info.getClassName()); + + createProfile(id, classid, info.getClassName(), ldapProfile.getDN()); + + CMS.debug("Done Profile Creation - " + id); + } + } + catch (LDAPException e) { + throw new EBaseException("Error reading profiles: " + e.toString()); + } + finally { + try { + dbFactory.returnConn(conn); + } catch (Exception e) { + throw new EProfileException("Error releasing the ldap connection" + e.toString()); + } } Enumeration ee = getProfileIds(); @@ -121,20 +161,27 @@ public class ProfileSubsystem implements IProfileSubsystem { * Creates a profile instance. */ public IProfile createProfile(String id, String classid, String className, - String configPath) + String dn) throws EProfileException { - IProfile profile = null; - try { - profile = (IProfile) Class.forName(className).newInstance(); - IConfigStore subStoreConfig = CMS.createFileConfigStore(configPath); + String[] objectClasses = {"top", "certProfile"}; + LDAPAttribute[] createAttrs = { + new LDAPAttribute("objectclass", objectClasses), + new LDAPAttribute("cn", id), + new LDAPAttribute("classId", classid) + }; + + IConfigStore subStoreConfig = new LDAPConfigStore( + dbFactory, dn, createAttrs, "certProfileConfig"); CMS.debug("ProfileSubsystem: initing " + className); + IProfile profile = (IProfile) Class.forName(className).newInstance(); profile.setId(id); profile.init(this, subStoreConfig); mProfileIds.addElement(id); mProfiles.put(id, profile); mProfileClassIds.put(id, classid); + mProfileDNs.put(id, dn); return profile; } catch (Exception e) { // throw exceptions @@ -145,62 +192,46 @@ public class ProfileSubsystem implements IProfileSubsystem { } public void deleteProfile(String id, String configPath) throws EProfileException { - if (isProfileEnable(id)) { throw new EProfileException("CMS_PROFILE_DELETE_ENABLEPROFILE"); } - String ids = ""; - try { - ids = mConfig.getString(PROP_LIST, ""); - } catch (Exception e) { + String dn = mProfileDNs.get(id); + if (dn == null) { + throw new EProfileException("CMS_PROFILE_DELETE_UNKNOWNPROFILE"); } - StringTokenizer tokenizer = new StringTokenizer(ids, ","); - StringBuffer list = new StringBuffer(); - - while (tokenizer.hasMoreTokens()) { - String element = tokenizer.nextToken(); - - if (!element.equals(id)) { - list.append(element + ","); + LDAPConnection conn; + try { + conn = dbFactory.getConn(); + } + catch (ELdapException e) { + throw new EProfileException("Error acquiring the ldap connection" + e.toString()); + } + try { + conn.delete(dn); + } + catch (LDAPException e) { + throw new EProfileException("CMS_PROFILE_DELETE_DATABASEERROR"); + } + finally { + try { + dbFactory.returnConn(conn); + } catch (Exception e) { + throw new EProfileException("Error releasing the ldap connection" + e.toString()); } } - if (list.length() != 0) - list.deleteCharAt(list.length() - 1); - mConfig.putString(PROP_LIST, list.toString()); - mConfig.removeSubStore(id); - File file1 = new File(configPath); - - if (!file1.delete()) { - CMS.debug("ProfileSubsystem: deleteProfile: Cannot delete the configuration file : " + configPath); - } mProfileIds.removeElement(id); mProfiles.remove(id); mProfileClassIds.remove(id); - try { - CMS.getConfigStore().commit(false); - } catch (Exception e) { - } + mProfileDNs.remove(id); } public void createProfileConfig(String id, String classId, String configPath) throws EProfileException { - try { - if (mProfiles.size() > 0) { - mConfig.putString(PROP_LIST, - mConfig.getString(PROP_LIST) + "," + id); - } else { - mConfig.putString(PROP_LIST, id); - } - mConfig.putString(id + "." + PROP_CLASS_ID, classId); - mConfig.putString(id + "." + PROP_CONFIG, configPath); - CMS.getConfigStore().commit(true); - } catch (EBaseException e) { - CMS.debug(e.toString()); - } + // nothing to do } /** @@ -219,6 +250,7 @@ public class ProfileSubsystem implements IProfileSubsystem { mProfileIds.clear(); mProfiles.clear(); mProfileClassIds.clear(); + mProfileDNs.clear(); } /** @@ -231,13 +263,6 @@ public class ProfileSubsystem implements IProfileSubsystem { return mConfig; } - /** - * Adds a profile. - */ - public void addProfile(String id, IProfile profile) - throws EProfileException { - } - public boolean isProfileEnable(String id) { IProfile profile = mProfiles.get(id); String enable = null; -- 1.9.3