/**
* Seeds the bound instance's local ads-truststore with a set of instance key-pair public key
* certificates. The result is the instance will trust any instance posessing the private key
* corresponding to one of the public-key certificates. This trust is necessary at least to
* initialize replication, which uses the trusted certificate entries in the ads-truststore for
* server authentication.
*
* @param ctx The bound instance.
* @param keyEntryMap The set of valid (i.e., not tagged as compromised) instance key-pair
* public-key certificate entries in ADS represented as a map from keyID to public-key
* certificate (binary).
* @throws NamingException in case an error occurs while updating the instance's ads-truststore
* via LDAP.
*/
public static void seedAdsTrustStore(InitialLdapContext ctx, Map<String, byte[]> keyEntryMap)
throws NamingException {
/* TODO: this DN is declared in some core constants file. Create a
constants file for the installer and import it into the core. */
final Attribute oc = new BasicAttribute("objectclass");
oc.add("top");
oc.add("ds-cfg-instance-key");
for (Map.Entry<String, byte[]> keyEntry : keyEntryMap.entrySet()) {
final BasicAttributes keyAttrs = new BasicAttributes();
keyAttrs.put(oc);
final Attribute rdnAttr =
new BasicAttribute(
ADSContext.ServerProperty.INSTANCE_KEY_ID.getAttributeName(), keyEntry.getKey());
keyAttrs.put(rdnAttr);
keyAttrs.put(
new BasicAttribute(
ADSContext.ServerProperty.INSTANCE_PUBLIC_KEY_CERTIFICATE.getAttributeName()
+ ";binary",
keyEntry.getValue()));
final LdapName keyDn =
new LdapName(
(new StringBuilder(rdnAttr.getID()))
.append("=")
.append(Rdn.escapeValue(rdnAttr.get()))
.append(",")
.append(TRUSTSTORE_DN)
.toString());
try {
ctx.createSubcontext(keyDn, keyAttrs).close();
} catch (NameAlreadyBoundException x) {
ctx.destroySubcontext(keyDn);
ctx.createSubcontext(keyDn, keyAttrs).close();
}
}
}
public static OsgiManifest read(List<String> lines) {
// parse lines
OsgiManifest manifest = new OsgiManifest();
for (int i = 0; i < lines.size(); i++) {
String line = lines.get(i);
for (int j = i + 1; j < lines.size() && lines.get(j).startsWith(" "); j++, i++) {
line = line + lines.get(j);
}
int index = line.indexOf(':');
if (index > 0) {
String attributeName = line.substring(0, index).trim();
List<String> valueTokens = tokenize(line.substring(index + 1), ',');
Attribute values = manifest.getAttribute(attributeName);
for (String valueToken : valueTokens) {
if (valueToken.trim().isEmpty()) continue;
Value value = new Value();
values.add(value);
List<String> annotationTokens = tokenize(valueToken, ';');
value.setValue(annotationTokens.get(0));
for (int k = 1; k < annotationTokens.size(); k++) {
String annotationToken = annotationTokens.get(k);
index = annotationToken.indexOf('=');
if (index > 0) {
value.setAnnotation(
annotationToken.substring(0, index), annotationToken.substring(index + 1));
}
}
}
}
}
return manifest;
}
/**
* Updates the instance key public-key certificate value of this context from the local truststore
* of the instance bound by this context. Any current value of the certificate is overwritten. The
* intent of this method is to retrieve the instance-key public-key certificate when this context
* is bound to an instance, and cache it for later use in registering the instance into ADS.
*
* @param desc The map to update with the instance key-pair public-key certificate.
* @param ctx The bound server instance.
* @throws NamingException if unable to retrieve certificate from bound instance.
*/
private static void updatePublicKeyCertificate(
ServerDescriptor desc, InitialLdapContext ctx, TopologyCacheFilter filter)
throws NamingException {
/* TODO: this DN is declared in some core constants file. Create a constants
file for the installer and import it into the core. */
final String dnStr = "ds-cfg-key-id=ads-certificate,cn=ads-truststore";
final LdapName dn = new LdapName(dnStr);
for (int i = 0; i < 2; ++i) {
/* If the entry does not exist in the instance's truststore backend, add
it (which induces the CryptoManager to create the public-key
certificate attribute), then repeat the search. */
try {
final SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.OBJECT_SCOPE);
final String attrIDs[] = {"ds-cfg-public-key-certificate;binary"};
searchControls.setReturningAttributes(attrIDs);
final SearchResult certEntry =
ctx.search(dn, "(objectclass=ds-cfg-instance-key)", searchControls).next();
final Attribute certAttr = certEntry.getAttributes().get(attrIDs[0]);
if (null != certAttr) {
/* attribute ds-cfg-public-key-certificate is a MUST in the schema */
desc.serverProperties.put(ServerProperty.INSTANCE_PUBLIC_KEY_CERTIFICATE, certAttr.get());
}
break;
} catch (NameNotFoundException x) {
if (0 == i) {
/* Poke CryptoManager to initialize truststore. Note the special
attribute in the request. */
final Attributes attrs = new BasicAttributes();
final Attribute oc = new BasicAttribute("objectclass");
oc.add("top");
oc.add("ds-cfg-self-signed-cert-request");
attrs.put(oc);
ctx.createSubcontext(dn, attrs).close();
} else {
throw x;
}
}
}
}
/**
* Returns a pair consisting of a MarshalledObject and attributes to be bound with the stub.
*
* @param obj The non-null object to store.
* @param inAttrs The possible null attributes to store with object.
* @return A non-null Result consisting of the MarshalledObject and attributes.
*/
private static DirStateFactory.Result jrmpObject(Object obj, Attributes inAttrs)
throws NamingException {
try {
Object mobj = new MarshalledObject(obj);
Attributes outAttrs = null;
Attribute cname = null;
Attribute tnames = null;
Attribute objectClass = null;
if (inAttrs != null) {
// Get existing objectclass attribute
objectClass = (Attribute) inAttrs.get("objectClass");
if (objectClass == null && !inAttrs.isCaseIgnored()) {
// %%% workaround
objectClass = (Attribute) inAttrs.get("objectclass");
}
// No objectclasses supplied, use "top" to start
if (objectClass == null) {
objectClass = new BasicAttribute("objectClass", "top");
} else {
objectClass = (Attribute) objectClass.clone();
}
cname = inAttrs.get(CLASSNAME_ATTRID);
tnames = inAttrs.get(CLASSNAMES_ATTRID);
outAttrs = (Attributes) inAttrs.clone();
} else {
outAttrs = new BasicAttributes(true);
objectClass = new BasicAttribute("objectClass", "top");
}
if (cname == null) {
outAttrs.put(CLASSNAME_ATTRID, obj.getClass().getName());
}
if (tnames == null) {
Attribute tAttr = LdapCtxFactory.createTypeNameAttr(obj.getClass());
if (tAttr != null) {
outAttrs.put(tAttr);
}
}
boolean structural =
(objectClass.size() == 0 || (objectClass.size() == 1 && objectClass.contains("top")));
if (structural) {
objectClass.add(STRUCTURAL_OCID);
}
objectClass.add(MARSHALLED_OCID);
outAttrs.put(objectClass);
return new DirStateFactory.Result(mobj, outAttrs);
} catch (java.io.IOException e) {
NamingException ne = new NamingException("Cannot create MarshallObject for " + obj);
ne.setRootCause(e);
throw ne;
}
}
