/** * Seeds the bound instance's local ads-truststore with a set of instance key-pair public key * certificates. The result is the instance will trust any instance posessing the private key * corresponding to one of the public-key certificates. This trust is necessary at least to * initialize replication, which uses the trusted certificate entries in the ads-truststore for * server authentication. * * @param ctx The bound instance. * @param keyEntryMap The set of valid (i.e., not tagged as compromised) instance key-pair * public-key certificate entries in ADS represented as a map from keyID to public-key * certificate (binary). * @throws NamingException in case an error occurs while updating the instance's ads-truststore * via LDAP. */ public static void seedAdsTrustStore(InitialLdapContext ctx, Map<String, byte[]> keyEntryMap) throws NamingException { /* TODO: this DN is declared in some core constants file. Create a constants file for the installer and import it into the core. */ final Attribute oc = new BasicAttribute("objectclass"); oc.add("top"); oc.add("ds-cfg-instance-key"); for (Map.Entry<String, byte[]> keyEntry : keyEntryMap.entrySet()) { final BasicAttributes keyAttrs = new BasicAttributes(); keyAttrs.put(oc); final Attribute rdnAttr = new BasicAttribute( ADSContext.ServerProperty.INSTANCE_KEY_ID.getAttributeName(), keyEntry.getKey()); keyAttrs.put(rdnAttr); keyAttrs.put( new BasicAttribute( ADSContext.ServerProperty.INSTANCE_PUBLIC_KEY_CERTIFICATE.getAttributeName() + ";binary", keyEntry.getValue())); final LdapName keyDn = new LdapName( (new StringBuilder(rdnAttr.getID())) .append("=") .append(Rdn.escapeValue(rdnAttr.get())) .append(",") .append(TRUSTSTORE_DN) .toString()); try { ctx.createSubcontext(keyDn, keyAttrs).close(); } catch (NameAlreadyBoundException x) { ctx.destroySubcontext(keyDn); ctx.createSubcontext(keyDn, keyAttrs).close(); } } }
public static OsgiManifest read(List<String> lines) { // parse lines OsgiManifest manifest = new OsgiManifest(); for (int i = 0; i < lines.size(); i++) { String line = lines.get(i); for (int j = i + 1; j < lines.size() && lines.get(j).startsWith(" "); j++, i++) { line = line + lines.get(j); } int index = line.indexOf(':'); if (index > 0) { String attributeName = line.substring(0, index).trim(); List<String> valueTokens = tokenize(line.substring(index + 1), ','); Attribute values = manifest.getAttribute(attributeName); for (String valueToken : valueTokens) { if (valueToken.trim().isEmpty()) continue; Value value = new Value(); values.add(value); List<String> annotationTokens = tokenize(valueToken, ';'); value.setValue(annotationTokens.get(0)); for (int k = 1; k < annotationTokens.size(); k++) { String annotationToken = annotationTokens.get(k); index = annotationToken.indexOf('='); if (index > 0) { value.setAnnotation( annotationToken.substring(0, index), annotationToken.substring(index + 1)); } } } } } return manifest; }
/** * Updates the instance key public-key certificate value of this context from the local truststore * of the instance bound by this context. Any current value of the certificate is overwritten. The * intent of this method is to retrieve the instance-key public-key certificate when this context * is bound to an instance, and cache it for later use in registering the instance into ADS. * * @param desc The map to update with the instance key-pair public-key certificate. * @param ctx The bound server instance. * @throws NamingException if unable to retrieve certificate from bound instance. */ private static void updatePublicKeyCertificate( ServerDescriptor desc, InitialLdapContext ctx, TopologyCacheFilter filter) throws NamingException { /* TODO: this DN is declared in some core constants file. Create a constants file for the installer and import it into the core. */ final String dnStr = "ds-cfg-key-id=ads-certificate,cn=ads-truststore"; final LdapName dn = new LdapName(dnStr); for (int i = 0; i < 2; ++i) { /* If the entry does not exist in the instance's truststore backend, add it (which induces the CryptoManager to create the public-key certificate attribute), then repeat the search. */ try { final SearchControls searchControls = new SearchControls(); searchControls.setSearchScope(SearchControls.OBJECT_SCOPE); final String attrIDs[] = {"ds-cfg-public-key-certificate;binary"}; searchControls.setReturningAttributes(attrIDs); final SearchResult certEntry = ctx.search(dn, "(objectclass=ds-cfg-instance-key)", searchControls).next(); final Attribute certAttr = certEntry.getAttributes().get(attrIDs[0]); if (null != certAttr) { /* attribute ds-cfg-public-key-certificate is a MUST in the schema */ desc.serverProperties.put(ServerProperty.INSTANCE_PUBLIC_KEY_CERTIFICATE, certAttr.get()); } break; } catch (NameNotFoundException x) { if (0 == i) { /* Poke CryptoManager to initialize truststore. Note the special attribute in the request. */ final Attributes attrs = new BasicAttributes(); final Attribute oc = new BasicAttribute("objectclass"); oc.add("top"); oc.add("ds-cfg-self-signed-cert-request"); attrs.put(oc); ctx.createSubcontext(dn, attrs).close(); } else { throw x; } } } }
/** * Returns a pair consisting of a MarshalledObject and attributes to be bound with the stub. * * @param obj The non-null object to store. * @param inAttrs The possible null attributes to store with object. * @return A non-null Result consisting of the MarshalledObject and attributes. */ private static DirStateFactory.Result jrmpObject(Object obj, Attributes inAttrs) throws NamingException { try { Object mobj = new MarshalledObject(obj); Attributes outAttrs = null; Attribute cname = null; Attribute tnames = null; Attribute objectClass = null; if (inAttrs != null) { // Get existing objectclass attribute objectClass = (Attribute) inAttrs.get("objectClass"); if (objectClass == null && !inAttrs.isCaseIgnored()) { // %%% workaround objectClass = (Attribute) inAttrs.get("objectclass"); } // No objectclasses supplied, use "top" to start if (objectClass == null) { objectClass = new BasicAttribute("objectClass", "top"); } else { objectClass = (Attribute) objectClass.clone(); } cname = inAttrs.get(CLASSNAME_ATTRID); tnames = inAttrs.get(CLASSNAMES_ATTRID); outAttrs = (Attributes) inAttrs.clone(); } else { outAttrs = new BasicAttributes(true); objectClass = new BasicAttribute("objectClass", "top"); } if (cname == null) { outAttrs.put(CLASSNAME_ATTRID, obj.getClass().getName()); } if (tnames == null) { Attribute tAttr = LdapCtxFactory.createTypeNameAttr(obj.getClass()); if (tAttr != null) { outAttrs.put(tAttr); } } boolean structural = (objectClass.size() == 0 || (objectClass.size() == 1 && objectClass.contains("top"))); if (structural) { objectClass.add(STRUCTURAL_OCID); } objectClass.add(MARSHALLED_OCID); outAttrs.put(objectClass); return new DirStateFactory.Result(mobj, outAttrs); } catch (java.io.IOException e) { NamingException ne = new NamingException("Cannot create MarshallObject for " + obj); ne.setRootCause(e); throw ne; } }