// Check if the entry is already present, we will update it with the new certificate.
// To work well with the LdapSearchPublisher we need to pass the full certificate DN to the
// search function, and not only the LDAP DN. The regular publisher should only use the LDAP DN though,
// but the searchOldEntity function will take care of that.
LDAPEntry oldEntry = searchOldEntity(username, ldapVersion, lc, certdn, userDN, email);
// PART 2: Create LDAP entry
LDAPEntry newEntry = null;
ArrayList<LDAPModification> modSet = new ArrayList<LDAPModification>();
LDAPAttributeSet attributeSet = null;
String attribute = null;
String objectclass = null;
if (type == SecConst.CERTTYPE_ENDENTITY) {
if (log.isDebugEnabled()) {
log.debug("Publishing end user certificate to first available server of " + getHostnames());
}
if (oldEntry != null) {
modSet = getModificationSet(oldEntry, certdn, email, ADD_MODIFICATION_ATTRIBUTES, true, password);
} else {
objectclass = getUserObjectClass(); // just used for logging
attributeSet = getAttributeSet(incert, getUserObjectClass(), certdn, email, true, true, password, extendedinformation);
}
try {
attribute = getUserCertAttribute();
LDAPAttribute certAttr = new LDAPAttribute(getUserCertAttribute(), incert.getEncoded());
if (oldEntry != null) {
String oldDn = oldEntry.getDN();
if (getAddMultipleCertificates()) {
modSet.add(new LDAPModification(LDAPModification.ADD, certAttr));
if (log.isDebugEnabled()) {
log.debug("Appended new certificate in user entry; " + username+": "+oldDn);
}
} else {
modSet.add(new LDAPModification(LDAPModification.REPLACE, certAttr));
if (log.isDebugEnabled()) {
log.debug("Replaced certificate in user entry; " + username+": "+oldDn);
}
}
} else {
attributeSet.add(certAttr);
if (log.isDebugEnabled()) {
log.debug("Added new certificate to user entry; " + username+": "+dn);
}
}
} catch (CertificateEncodingException e) {
String msg = intres.getLocalizedMessage("publisher.errorldapencodestore", "certificate");
log.error(msg, e);
throw new PublisherException(msg);
}
} else if ((type == SecConst.CERTTYPE_SUBCA) || (type == SecConst.CERTTYPE_ROOTCA)) {
if (log.isDebugEnabled()) {
log.debug("Publishing CA certificate to first available server of " + getHostnames());
}
if (oldEntry != null) {
modSet = getModificationSet(oldEntry, certdn, null, false, false, password);
} else {
objectclass = getCAObjectClass(); // just used for logging
attributeSet = getAttributeSet(incert, getCAObjectClass(), certdn, null, true, false, password, extendedinformation);
}
try {
attribute = getCACertAttribute();
LDAPAttribute certAttr = new LDAPAttribute(getCACertAttribute(), incert.getEncoded());
if (oldEntry != null) {
modSet.add(new LDAPModification(LDAPModification.REPLACE, certAttr));
} else {
attributeSet.add(certAttr);
// Also create using the crlattribute, it may be required
LDAPAttribute crlAttr = new LDAPAttribute(getCRLAttribute(), getFakeCRL());
attributeSet.add(crlAttr);
// Also create using the arlattribute, it may be required
LDAPAttribute arlAttr = new LDAPAttribute(getARLAttribute(), getFakeCRL());
attributeSet.add(arlAttr);
if (log.isDebugEnabled()) {
log.debug("Added (fake) attribute for CRL and ARL.");
}
}
} catch (CertificateEncodingException e) {
String msg = intres.getLocalizedMessage("publisher.errorldapencodestore", "certificate");
log.error(msg, e);
throw new PublisherException(msg);
}
} else {
String msg = intres.getLocalizedMessage("publisher.notpubltype", Integer.valueOf(type));
log.info(msg);
throw new PublisherException(msg);
}
// PART 3: MODIFICATION AND ADDITION OF NEW USERS
// Try all the listed servers
Iterator servers = getHostnameList().iterator();
boolean connectionFailed;
do {
connectionFailed = false;
String currentServer = (String) servers.next();
try {
TCPTool.probeConnectionLDAP(currentServer, Integer.parseInt(getPort()), getConnectionTimeOut()); // Avoid waiting for halfdead-servers
lc.connect(currentServer, Integer.parseInt(getPort()));
// authenticate to the server
lc.bind(ldapVersion, getLoginDN(), getLoginPassword().getBytes("UTF8"), ldapBindConstraints);
// Add or modify the entry
if (oldEntry != null && getModifyExistingUsers()) {
LDAPModification[] mods = new LDAPModification[modSet.size()];
mods = (LDAPModification[])modSet.toArray(mods);
String oldDn = oldEntry.getDN();
if (log.isDebugEnabled()) {
log.debug("Writing modification to DN: "+oldDn);
}
lc.modify(oldDn, mods, ldapStoreConstraints);
String msg = intres.getLocalizedMessage("publisher.ldapmodify", "CERT", oldDn);
log.info(msg);
} else {
if(this.getCreateNonExistingUsers()){
if (oldEntry == null) {
// Check if the intermediate parent node is present, and if it is not
// we can create it, of allowed to do so by the publisher configuration
if(getCreateIntermediateNodes()) {
final String parentDN = new String(dn.substring(dn.indexOf(',') + 1));
try {
lc.read(parentDN, ldapSearchConstraints);
} catch(LDAPException e) {
if(e.getResultCode() == LDAPException.NO_SUCH_OBJECT) {
this.createIntermediateNodes(lc, dn);
String msg = intres.getLocalizedMessage("publisher.ldapaddedintermediate", "CERT", parentDN);
log.info(msg);
}
}
}
newEntry = new LDAPEntry(dn, attributeSet);
if (log.isDebugEnabled()) {
log.debug("Adding DN: "+dn);
}
lc.add(newEntry, ldapStoreConstraints);
String msg = intres.getLocalizedMessage("publisher.ldapadd", "CERT", dn);