From c50bb9a93e945bc755e6b6a46f5a57a8cb0b1ed6 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Fri, 8 Sep 2023 15:57:29 -0500 Subject: [PATCH] Remove CMSEngine dependency in LdapConnFactory The LdapConnFactory has been modified to no longer dependent on CMSEngine. Instead, the CMSEngine will provide methods to create an LDAP connection factory that is already configured with the engine's auditor, socket listener, and cert approval callback. All code that were calling LdapConnFactory.setCMSEngine() has been modified to call the new methods, except for DBSubsystem and UGSubsystem since they are also used by CLIs which do not have a CMSEngine instance. These changes will eventually allow LdapConnFactory to be used outside of PKI server environment. --- .../cms/authentication/SharedSecret.java | 12 +-- .../profile/def/nsNKeySubjectNameDefault.java | 8 +- .../def/nsTokenUserKeySubjectNameDefault.java | 8 +- .../cmscore/cert/CrossCertPairSubsystem.java | 9 +-- .../netscape/cmscore/ldap/LdapConnModule.java | 8 +- .../cmscore/ldap/LdapPublishModule.java | 14 +--- .../cmscore/profile/LDAPProfileSubsystem.java | 6 +- .../AttributePresentConstraints.java | 8 +- .../org/dogtagpki/server/ca/CAEngine.java | 8 +- .../certsrv/ldap/LdapConnFactory.java | 29 ++++--- .../DirBasedAuthentication.java | 33 +------- .../cms/authentication/PortalEnroll.java | 10 +-- .../UidPwdPinDirAuthentication.java | 10 +-- .../cms/authorization/DirAclAuthz.java | 10 +-- .../cms/listeners/PinRemovalListener.java | 9 +-- .../csadmin/SecurityDomainProcessor.java | 21 +---- .../com/netscape/cmscore/apps/CMSEngine.java | 81 +++++++++++++++++++ .../PasswdUserDBAuthentication.java | 10 +-- .../com/netscape/cmscore/dbs/DBSubsystem.java | 6 +- .../LDAPSecurityDomainSessionTable.java | 7 +- .../netscape/cmscore/usrgrp/UGSubsystem.java | 6 +- 21 files changed, 134 insertions(+), 179 deletions(-) diff --git a/base/ca/src/main/java/com/netscape/cms/authentication/SharedSecret.java b/base/ca/src/main/java/com/netscape/cms/authentication/SharedSecret.java index 6f9d0dd54ce..efdb783cd5a 100644 --- a/base/ca/src/main/java/com/netscape/cms/authentication/SharedSecret.java +++ b/base/ca/src/main/java/com/netscape/cms/authentication/SharedSecret.java @@ -50,7 +50,6 @@ import com.netscape.cmscore.dbs.CertificateRepository; import com.netscape.cmscore.ldapconn.LDAPConfig; import com.netscape.cmscore.ldapconn.LdapBoundConnFactory; -import com.netscape.cmscore.ldapconn.PKISocketConfig; import com.netscape.cmsutil.crypto.CryptoUtil; import netscape.ldap.LDAPAttribute; @@ -240,9 +239,6 @@ public void initLdapConn(AuthManagerConfig config) String method = "SharedSecret.initLdapConn"; String msg = ""; - CAEngine caEngine = (CAEngine) engine; - CAEngineConfig cs = caEngine.getConfig(); - shrTokLdapConfigStore = config.getLDAPConfig(); if (shrTokLdapConfigStore == null) { msg = method + "config substore ldap null"; @@ -250,13 +246,7 @@ public void initLdapConn(AuthManagerConfig config) throw new EBaseException(msg); } - PKISocketConfig socketConfig = cs.getSocketConfig(); - - LdapBoundConnFactory connFactory = new LdapBoundConnFactory("SharedSecret"); - connFactory.setCMSEngine(engine); - connFactory.init(socketConfig, shrTokLdapConfigStore, engine.getPasswordStore()); - - shrTokLdapFactory = connFactory; + shrTokLdapFactory = engine.createLdapBoundConnFactory("SharedSecret", shrTokLdapConfigStore); } /** diff --git a/base/ca/src/main/java/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java b/base/ca/src/main/java/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java index a9ae60e6065..ff09b6fd216 100644 --- a/base/ca/src/main/java/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java +++ b/base/ca/src/main/java/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java @@ -36,7 +36,6 @@ import com.netscape.cmscore.base.ConfigStore; import com.netscape.cmscore.ldapconn.LDAPConfig; import com.netscape.cmscore.ldapconn.LdapAnonConnFactory; -import com.netscape.cmscore.ldapconn.PKISocketConfig; import com.netscape.cmscore.request.Request; import netscape.ldap.LDAPAttribute; @@ -269,9 +268,6 @@ public void ldapInit() logger.debug("nsNKeySubjectNameDefault: ldapInit(): begin"); CAEngine engine = CAEngine.getInstance(); - CAEngineConfig cs = engine.getConfig(); - - PKISocketConfig socketConfig = cs.getSocketConfig(); try { // cfu - XXX do more error handling here later @@ -280,9 +276,7 @@ public void ldapInit() mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP, LDAPConfig.class); mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null); - mConnFactory = new LdapAnonConnFactory("nsNKeySubjectNameDefault"); - mConnFactory.setCMSEngine(engine); - mConnFactory.init(socketConfig, mLdapConfig); + mConnFactory = engine.createLdapAnonConnFactory("nsNKeySubjectNameDefault", mLdapConfig); /* initialize dn pattern */ String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null); diff --git a/base/ca/src/main/java/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java b/base/ca/src/main/java/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java index 5dadba01f0a..a7533a33365 100644 --- a/base/ca/src/main/java/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java +++ b/base/ca/src/main/java/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java @@ -36,7 +36,6 @@ import com.netscape.cmscore.base.ConfigStore; import com.netscape.cmscore.ldapconn.LDAPConfig; import com.netscape.cmscore.ldapconn.LdapAnonConnFactory; -import com.netscape.cmscore.ldapconn.PKISocketConfig; import com.netscape.cmscore.request.Request; import com.netscape.cmsutil.ldap.LDAPUtil; @@ -287,9 +286,6 @@ public void ldapInit() logger.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): begin"); CAEngine engine = CAEngine.getInstance(); - CAEngineConfig cs = engine.getConfig(); - - PKISocketConfig socketConfig = cs.getSocketConfig(); try { // cfu - XXX do more error handling here later @@ -303,9 +299,7 @@ public void ldapInit() mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null); - mConnFactory = new LdapAnonConnFactory("nsTokenUserKeySubjectNameDefault"); - mConnFactory.setCMSEngine(engine); - mConnFactory.init(socketConfig, mLdapConfig); + mConnFactory = engine.createLdapAnonConnFactory("nsTokenUserKeySubjectNameDefault", mLdapConfig); /* initialize dn pattern */ String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null); diff --git a/base/ca/src/main/java/com/netscape/cmscore/cert/CrossCertPairSubsystem.java b/base/ca/src/main/java/com/netscape/cmscore/cert/CrossCertPairSubsystem.java index 3c2057d69f6..17c6da6d6b4 100644 --- a/base/ca/src/main/java/com/netscape/cmscore/cert/CrossCertPairSubsystem.java +++ b/base/ca/src/main/java/com/netscape/cmscore/cert/CrossCertPairSubsystem.java @@ -26,7 +26,6 @@ import java.util.Enumeration; import org.dogtagpki.server.ca.CAEngine; -import org.dogtagpki.server.ca.CAEngineConfig; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.Subsystem; @@ -36,7 +35,6 @@ import com.netscape.cmscore.ldap.CAPublisherProcessor; import com.netscape.cmscore.ldapconn.LDAPConfig; import com.netscape.cmscore.ldapconn.LdapBoundConnFactory; -import com.netscape.cmscore.ldapconn.PKISocketConfig; import netscape.ldap.LDAPAttribute; import netscape.ldap.LDAPConnection; @@ -104,7 +102,6 @@ public void init(ConfigStore config) throws Exception { logger.debug("CrossCertPairSubsystem: initializing"); CAEngine caEngine = (CAEngine) engine; - CAEngineConfig cs = caEngine.getConfig(); try { mConfig = config; @@ -122,11 +119,7 @@ public void init(ConfigStore config) throws Exception { mBaseDN = ldapConfig.getBaseDN(); - mLdapConnFactory = new LdapBoundConnFactory("CrossCertPairSubsystem"); - mLdapConnFactory.setCMSEngine(engine); - - PKISocketConfig socketConfig = cs.getSocketConfig(); - mLdapConnFactory.init(socketConfig, ldapConfig, engine.getPasswordStore()); + mLdapConnFactory = engine.createLdapBoundConnFactory("CrossCertPairSubsystem", ldapConfig); } catch (EBaseException e) { logger.error("CrossCertPairSubsystem: Unable to initialize subsystem: " + e.getMessage(), e); diff --git a/base/ca/src/main/java/com/netscape/cmscore/ldap/LdapConnModule.java b/base/ca/src/main/java/com/netscape/cmscore/ldap/LdapConnModule.java index 89a812b70da..789718028b7 100644 --- a/base/ca/src/main/java/com/netscape/cmscore/ldap/LdapConnModule.java +++ b/base/ca/src/main/java/com/netscape/cmscore/ldap/LdapConnModule.java @@ -18,7 +18,6 @@ package com.netscape.cmscore.ldap; import org.dogtagpki.server.ca.CAEngine; -import org.dogtagpki.server.ca.CAEngineConfig; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.ldap.ELdapException; @@ -30,7 +29,6 @@ import com.netscape.cmscore.ldapconn.LdapAuthInfo; import com.netscape.cmscore.ldapconn.LdapBoundConnFactory; import com.netscape.cmscore.ldapconn.LdapConnInfo; -import com.netscape.cmscore.ldapconn.PKISocketConfig; import com.netscape.cmsutil.password.PasswordStore; import netscape.ldap.LDAPConnection; @@ -78,9 +76,7 @@ public void init(ConfigStore config) throws EBaseException { logger.debug("LdapConnModule: init begins"); CAEngine engine = CAEngine.getInstance(); - CAEngineConfig cs = engine.getConfig(); - PKISocketConfig socketConfig = cs.getSocketConfig(); PasswordStore passwordStore = engine.getPasswordStore(); mConfig = config; @@ -110,9 +106,7 @@ public void init(ConfigStore config) throws EBaseException { // must get authInfo from the config, don't default to internaldb!!! logger.debug("Creating LdapBoundConnFactory for LdapConnModule."); - mLdapConnFactory = new LdapBoundConnFactory("LDAPConnModule", minConns, maxConns, connInfo, authInfo); - mLdapConnFactory.setCMSEngine(engine); - mLdapConnFactory.init(socketConfig, passwordStore); + mLdapConnFactory = engine.createLdapBoundConnFactory("LDAPConnModule", minConns, maxConns, connInfo, authInfo); mInited = true; diff --git a/base/ca/src/main/java/com/netscape/cmscore/ldap/LdapPublishModule.java b/base/ca/src/main/java/com/netscape/cmscore/ldap/LdapPublishModule.java index 6f1e3cc925a..d4afdc4c407 100644 --- a/base/ca/src/main/java/com/netscape/cmscore/ldap/LdapPublishModule.java +++ b/base/ca/src/main/java/com/netscape/cmscore/ldap/LdapPublishModule.java @@ -25,7 +25,6 @@ import java.util.Hashtable; import org.dogtagpki.server.ca.CAEngine; -import org.dogtagpki.server.ca.CAEngineConfig; import org.mozilla.jss.netscape.security.x509.X500Name; import org.mozilla.jss.netscape.security.x509.X509CRLImpl; import org.mozilla.jss.netscape.security.x509.X509CertImpl; @@ -47,7 +46,6 @@ import com.netscape.cmscore.dbs.CertificateRepository; import com.netscape.cmscore.ldapconn.LDAPConfig; import com.netscape.cmscore.ldapconn.LdapBoundConnFactory; -import com.netscape.cmscore.ldapconn.PKISocketConfig; import com.netscape.cmscore.request.Request; import netscape.ldap.LDAPConnection; @@ -124,18 +122,14 @@ public void init(CertificateAuthority authority, CAPublisherProcessor p, ConfigS return; CAEngine engine = CAEngine.getInstance(); - CAEngineConfig cs = engine.getConfig(); mAuthority = authority; mPubProcessor = p; mConfig = config; - PKISocketConfig socketConfig = cs.getSocketConfig(); LDAPConfig ldapCfg = mConfig.getSubStore("ldap", LDAPConfig.class); - mLdapConnFactory = new LdapBoundConnFactory("LdapPublishModule"); - mLdapConnFactory.setCMSEngine(engine); - mLdapConnFactory.init(socketConfig, ldapCfg, engine.getPasswordStore()); + mLdapConnFactory = engine.createLdapBoundConnFactory("LdapPublishModule", ldapCfg); // initMappers(config); initHandlers(); @@ -148,17 +142,13 @@ public void init(CertificateAuthority authority, ConfigStore config) throws EBas return; CAEngine engine = CAEngine.getInstance(); - CAEngineConfig cs = engine.getConfig(); mAuthority = authority; mConfig = config; - PKISocketConfig socketConfig = cs.getSocketConfig(); LDAPConfig ldapCfg = mConfig.getSubStore("ldap", LDAPConfig.class); - mLdapConnFactory = new LdapBoundConnFactory("LdapPublishModule"); - mLdapConnFactory.setCMSEngine(engine); - mLdapConnFactory.init(socketConfig, ldapCfg, engine.getPasswordStore()); + mLdapConnFactory = engine.createLdapBoundConnFactory("LdapPublishModule", ldapCfg); initMappers(config); initHandlers(); diff --git a/base/ca/src/main/java/com/netscape/cmscore/profile/LDAPProfileSubsystem.java b/base/ca/src/main/java/com/netscape/cmscore/profile/LDAPProfileSubsystem.java index 7dda8009d27..eb2a3756eee 100644 --- a/base/ca/src/main/java/com/netscape/cmscore/profile/LDAPProfileSubsystem.java +++ b/base/ca/src/main/java/com/netscape/cmscore/profile/LDAPProfileSubsystem.java @@ -41,7 +41,6 @@ import com.netscape.cmscore.base.LDAPConfigStorage; import com.netscape.cmscore.ldapconn.LDAPConfig; import com.netscape.cmscore.ldapconn.LdapBoundConnFactory; -import com.netscape.cmscore.ldapconn.PKISocketConfig; import com.netscape.cmscore.registry.PluginInfo; import com.netscape.cmscore.registry.PluginRegistry; import com.netscape.cmsutil.ldap.LDAPUtil; @@ -99,12 +98,9 @@ public void init(ConfigStore config) throws Exception { CAEngine caEngine = (CAEngine) engine; CAEngineConfig cs = caEngine.getConfig(); - PKISocketConfig socketConfig = cs.getSocketConfig(); LDAPConfig dbCfg = cs.getInternalDBConfig(); - dbFactory = new LdapBoundConnFactory("LDAPProfileSubsystem"); - dbFactory.setCMSEngine(engine); - dbFactory.init(socketConfig, dbCfg, engine.getPasswordStore()); + dbFactory = engine.createLdapBoundConnFactory("LDAPProfileSubsystem", dbCfg); mConfig = config; diff --git a/base/ca/src/main/java/org/dogtagpki/legacy/server/policy/constraints/AttributePresentConstraints.java b/base/ca/src/main/java/org/dogtagpki/legacy/server/policy/constraints/AttributePresentConstraints.java index db702d1afed..830106984a3 100644 --- a/base/ca/src/main/java/org/dogtagpki/legacy/server/policy/constraints/AttributePresentConstraints.java +++ b/base/ca/src/main/java/org/dogtagpki/legacy/server/policy/constraints/AttributePresentConstraints.java @@ -25,7 +25,6 @@ import org.dogtagpki.legacy.policy.PolicyProcessor; import org.dogtagpki.legacy.server.policy.APolicyRule; import org.dogtagpki.server.ca.CAEngine; -import org.dogtagpki.server.ca.CAEngineConfig; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IExtendedPluginInfo; @@ -34,7 +33,6 @@ import com.netscape.cmscore.base.ConfigStore; import com.netscape.cmscore.ldapconn.LDAPConfig; import com.netscape.cmscore.ldapconn.LdapBoundConnFactory; -import com.netscape.cmscore.ldapconn.PKISocketConfig; import com.netscape.cmscore.request.Request; import netscape.ldap.LDAPAttribute; @@ -244,7 +242,6 @@ protected void getBooleanConfigParam(ConfigStore config, String paramName) { public void init(PolicyProcessor owner, ConfigStore config) throws EBaseException { CAEngine engine = CAEngine.getInstance(); - CAEngineConfig cs = engine.getConfig(); mConfig = config; @@ -264,12 +261,9 @@ public void init(PolicyProcessor owner, ConfigStore config) throws EBaseExceptio getStringConfigParam(mConfig, PROP_ATTR); getStringConfigParam(mConfig, PROP_VALUE); - PKISocketConfig socketConfig = cs.getSocketConfig(); mLdapConfig = mConfig.getSubStore(PROP_LDAP, LDAPConfig.class); - mConnFactory = new LdapBoundConnFactory("AttributePresentConstraints"); - mConnFactory.setCMSEngine(engine); - mConnFactory.init(socketConfig, mLdapConfig, engine.getPasswordStore()); + mConnFactory = engine.createLdapBoundConnFactory("AttributePresentConstraints", mLdapConfig); mCheckAttrLdapConnection = mConnFactory.getConn(); } diff --git a/base/ca/src/main/java/org/dogtagpki/server/ca/CAEngine.java b/base/ca/src/main/java/org/dogtagpki/server/ca/CAEngine.java index df7061a70cd..1c0f3b13de0 100644 --- a/base/ca/src/main/java/org/dogtagpki/server/ca/CAEngine.java +++ b/base/ca/src/main/java/org/dogtagpki/server/ca/CAEngine.java @@ -99,7 +99,6 @@ import com.netscape.cmscore.ldap.PublishingConfig; import com.netscape.cmscore.ldapconn.LDAPConfig; import com.netscape.cmscore.ldapconn.LdapBoundConnFactory; -import com.netscape.cmscore.ldapconn.PKISocketConfig; import com.netscape.cmscore.listeners.ListenerPlugin; import com.netscape.cmscore.profile.ProfileSubsystem; import com.netscape.cmscore.request.CertRequestRepository; @@ -206,14 +205,9 @@ public CAEngineConfig getConfig() { @Override public void initDatabase() throws Exception { - connectionFactory = new LdapBoundConnFactory("CertificateAuthority"); - connectionFactory.setCMSEngine(this); - - CAEngineConfig config = getConfig(); - PKISocketConfig socketConfig = config.getSocketConfig(); LDAPConfig ldapConfig = config.getInternalDBConfig(); - connectionFactory.init(socketConfig, ldapConfig, getPasswordStore()); + connectionFactory = createLdapBoundConnFactory("CertificateAuthority", ldapConfig); } public CertRequestRepository getCertRequestRepository() { diff --git a/base/server/src/main/java/com/netscape/certsrv/ldap/LdapConnFactory.java b/base/server/src/main/java/com/netscape/certsrv/ldap/LdapConnFactory.java index b971f49b661..bb25b71e876 100644 --- a/base/server/src/main/java/com/netscape/certsrv/ldap/LdapConnFactory.java +++ b/base/server/src/main/java/com/netscape/certsrv/ldap/LdapConnFactory.java @@ -20,7 +20,6 @@ import org.mozilla.jss.ssl.SSLCertificateApprovalCallback; import org.mozilla.jss.ssl.SSLSocketListener; -import com.netscape.cmscore.apps.CMSEngine; import com.netscape.cmscore.ldapconn.LdapConnInfo; import com.netscape.cmscore.ldapconn.PKISocketConfig; import com.netscape.cmscore.logging.Auditor; @@ -70,7 +69,6 @@ public abstract class LdapConnFactory { */ protected boolean mDefErrorIfDown; - protected CMSEngine engine; protected Auditor auditor; protected SSLSocketListener socketListener; protected SSLCertificateApprovalCallback approvalCallback; @@ -82,17 +80,28 @@ public LdapConnInfo getConnInfo() { return mConnInfo; } - public CMSEngine getCMSEngine() { - return engine; + public Auditor getAuditor() { + return auditor; } - public void setCMSEngine(CMSEngine engine) { - this.engine = engine; - if (engine == null) return; + public void setAuditor(Auditor auditor) { + this.auditor = auditor; + } + + public SSLSocketListener getSocketListener() { + return socketListener; + } + + public void setSocketListener(SSLSocketListener socketListener) { + this.socketListener = socketListener; + } + + public SSLCertificateApprovalCallback getApprovalCallback() { + return approvalCallback; + } - auditor = engine.getAuditor(); - socketListener = engine.getClientSocketListener(); - approvalCallback = engine.getApprovalCallback(); + public void setApprovalCallback(SSLCertificateApprovalCallback approvalCallback) { + this.approvalCallback = approvalCallback; } /** diff --git a/base/server/src/main/java/com/netscape/cms/authentication/DirBasedAuthentication.java b/base/server/src/main/java/com/netscape/cms/authentication/DirBasedAuthentication.java index c3bcef71dff..6ceac1140f1 100644 --- a/base/server/src/main/java/com/netscape/cms/authentication/DirBasedAuthentication.java +++ b/base/server/src/main/java/com/netscape/cms/authentication/DirBasedAuthentication.java @@ -50,12 +50,8 @@ import com.netscape.certsrv.profile.EProfileException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.cmscore.apps.CMS; -import com.netscape.cmscore.apps.EngineConfig; import com.netscape.cmscore.ldapconn.LDAPAuthenticationConfig; import com.netscape.cmscore.ldapconn.LDAPConfig; -import com.netscape.cmscore.ldapconn.LdapAnonConnFactory; -import com.netscape.cmscore.ldapconn.LdapBoundConnFactory; -import com.netscape.cmscore.ldapconn.PKISocketConfig; import com.netscape.cmscore.request.Request; import netscape.ldap.LDAPAttribute; @@ -265,9 +261,6 @@ public void init( mName = name; mImplName = implName; mConfig = config; - String method = "DirBasedAuthentication: init: "; - - EngineConfig cs = engine.getConfig(); /* initialize ldap server configuration */ mLdapConfig = mConfig.getLDAPConfig(); @@ -299,8 +292,6 @@ public void init( logger.info("DirBasedAuthentication: Group user ID name: " + mGroupUserIDName); } - PKISocketConfig socketConfig = cs.getSocketConfig(); - mBoundConnEnable = mLdapConfig.getBoolean(PROP_LDAP_BOUND_CONN, false); logger.info("DirBasedAuthentication: Bound connection enable: " + mBoundConnEnable); @@ -309,16 +300,10 @@ public void init( mTag = mLdapConfig.getString("bindPWPrompt"); logger.info("DirBasedAuthentication: Bind password prompt: " + mTag); - LdapBoundConnFactory connFactory = new LdapBoundConnFactory(mTag); - connFactory.setCMSEngine(engine); - connFactory.init(socketConfig, mLdapConfig, engine.getPasswordStore()); - mConnFactory = connFactory; + mConnFactory = engine.createLdapBoundConnFactory(mTag, mLdapConfig); } else { - LdapAnonConnFactory connFactory = new LdapAnonConnFactory("DirBasedAuthentication"); - connFactory.setCMSEngine(engine); - connFactory.init(socketConfig, mLdapConfig); - mConnFactory = connFactory; + mConnFactory = engine.createLdapAnonConnFactory("DirBasedAuthentication", mLdapConfig); } /* initialize dn pattern */ @@ -438,10 +423,6 @@ public AuthToken authenticate(AuthCredentials authCred) logger.debug(method + " begins...mBoundConnEnable=" + mBoundConnEnable); - EngineConfig cs = engine.getConfig(); - - PKISocketConfig socketConfig = cs.getSocketConfig(); - try { if (mConnFactory == null) { logger.debug(method + " mConnFactory null, getting conn factory"); @@ -451,16 +432,10 @@ public AuthToken authenticate(AuthCredentials authCred) mTag = authConfig.getString("bindPWPrompt"); logger.debug(method + " getting ldap bound conn factory using id= " + mTag); - LdapBoundConnFactory connFactory = new LdapBoundConnFactory(mTag); - connFactory.setCMSEngine(engine); - connFactory.init(socketConfig, mLdapConfig, engine.getPasswordStore()); - mConnFactory = connFactory; + mConnFactory = engine.createLdapBoundConnFactory(mTag, mLdapConfig); } else { - LdapAnonConnFactory connFactory = new LdapAnonConnFactory("DirBasedAuthentication"); - connFactory.setCMSEngine(engine); - connFactory.init(socketConfig, mLdapConfig); - mConnFactory = connFactory; + mConnFactory = engine.createLdapAnonConnFactory("DirBasedAuthentication", mLdapConfig); } if (mConnFactory != null) { diff --git a/base/server/src/main/java/com/netscape/cms/authentication/PortalEnroll.java b/base/server/src/main/java/com/netscape/cms/authentication/PortalEnroll.java index 46135c3b711..bed6ddf2819 100644 --- a/base/server/src/main/java/com/netscape/cms/authentication/PortalEnroll.java +++ b/base/server/src/main/java/com/netscape/cms/authentication/PortalEnroll.java @@ -36,12 +36,10 @@ import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.profile.EProfileException; import com.netscape.cmscore.apps.CMS; -import com.netscape.cmscore.apps.EngineConfig; import com.netscape.cmscore.base.ArgBlock; import com.netscape.cmscore.base.ConfigStore; import com.netscape.cmscore.ldapconn.LDAPAuthenticationConfig; import com.netscape.cmscore.ldapconn.LdapBoundConnFactory; -import com.netscape.cmscore.ldapconn.PKISocketConfig; import netscape.ldap.LDAPAttribute; import netscape.ldap.LDAPAttributeSet; @@ -143,8 +141,6 @@ public void init( throws EBaseException { super.init(authenticationConfig, name, implName, config); - EngineConfig cs = engine.getConfig(); - /* Get Bind DN for directory server */ LDAPAuthenticationConfig authConfig = mLdapConfig.getAuthenticationConfig(); mBindDN = authConfig.getString(PROP_BINDDN); @@ -161,12 +157,8 @@ public void init( if (mObjectClass == null || mObjectClass.length() == 0) throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", "objectclass")); - PKISocketConfig socketConfig = cs.getSocketConfig(); - /* Get connect parameter */ - mLdapFactory = new LdapBoundConnFactory("PortalEnroll"); - mLdapFactory.setCMSEngine(engine); - mLdapFactory.init(socketConfig, mLdapConfig, engine.getPasswordStore()); + mLdapFactory = engine.createLdapBoundConnFactory("PortalEnroll", mLdapConfig); mLdapConn = mLdapFactory.getConn(); diff --git a/base/server/src/main/java/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java b/base/server/src/main/java/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java index d4dd89ffab5..66647fb374d 100644 --- a/base/server/src/main/java/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java +++ b/base/server/src/main/java/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java @@ -40,11 +40,9 @@ import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.cmscore.apps.CMS; -import com.netscape.cmscore.apps.EngineConfig; import com.netscape.cmscore.base.ConfigStore; import com.netscape.cmscore.ldapconn.LDAPConfig; import com.netscape.cmscore.ldapconn.LdapBoundConnFactory; -import com.netscape.cmscore.ldapconn.PKISocketConfig; import com.netscape.cmscore.request.Request; import netscape.ldap.LDAPAttribute; @@ -157,8 +155,6 @@ public void init( throws EBaseException { super.init(authenticationConfig, name, implName, config); - EngineConfig cs = engine.getConfig(); - mRemovePin = config.getBoolean(PROP_REMOVE_PIN, DEF_REMOVE_PIN); mPinAttr = @@ -168,12 +164,8 @@ public void init( } if (mRemovePin) { - PKISocketConfig socketConfig = cs.getSocketConfig(); - removePinLdapConfigStore = config.getLDAPConfig(); - removePinLdapFactory = new LdapBoundConnFactory("UidPwdPinDirAuthentication"); - removePinLdapFactory.setCMSEngine(engine); - removePinLdapFactory.init(socketConfig, removePinLdapConfigStore, engine.getPasswordStore()); + removePinLdapFactory = engine.createLdapBoundConnFactory("UidPwdPinDirAuthentication", removePinLdapConfigStore); removePinLdapConnection = removePinLdapFactory.getConn(); } diff --git a/base/server/src/main/java/com/netscape/cms/authorization/DirAclAuthz.java b/base/server/src/main/java/com/netscape/cms/authorization/DirAclAuthz.java index 9bfc477590c..786f8f99164 100644 --- a/base/server/src/main/java/com/netscape/cms/authorization/DirAclAuthz.java +++ b/base/server/src/main/java/com/netscape/cms/authorization/DirAclAuthz.java @@ -29,11 +29,9 @@ import com.netscape.certsrv.base.IExtendedPluginInfo; import com.netscape.certsrv.ldap.ELdapException; import com.netscape.cmscore.apps.CMS; -import com.netscape.cmscore.apps.EngineConfig; import com.netscape.cmscore.ldapconn.LDAPConfig; import com.netscape.cmscore.ldapconn.LDAPConnectionConfig; import com.netscape.cmscore.ldapconn.LdapBoundConnFactory; -import com.netscape.cmscore.ldapconn.PKISocketConfig; import netscape.ldap.LDAPAttribute; import netscape.ldap.LDAPConnection; @@ -112,8 +110,6 @@ public void init(String name, String implName, AuthzManagerConfig config) throws super.init(name, implName, config); - EngineConfig cs = engine.getConfig(); - searchBase = config.getString(PROP_SEARCHBASE, null); LDAPConfig ldapConfig = config.getLDAPConfig(); @@ -137,11 +133,7 @@ public void init(String name, String implName, AuthzManagerConfig config) throws } } - PKISocketConfig socketConfig = cs.getSocketConfig(); - - mLdapConnFactory = new LdapBoundConnFactory("DirAclAuthz"); - mLdapConnFactory.setCMSEngine(engine); - mLdapConnFactory.init(socketConfig, ldapConfig, engine.getPasswordStore()); + mLdapConnFactory = engine.createLdapBoundConnFactory("DirAclAuthz", ldapConfig); logger.info("DirAclAuthz: initialization done"); } diff --git a/base/server/src/main/java/com/netscape/cms/listeners/PinRemovalListener.java b/base/server/src/main/java/com/netscape/cms/listeners/PinRemovalListener.java index 3448bbb0972..bdfec0226c3 100644 --- a/base/server/src/main/java/com/netscape/cms/listeners/PinRemovalListener.java +++ b/base/server/src/main/java/com/netscape/cms/listeners/PinRemovalListener.java @@ -20,11 +20,9 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.Subsystem; import com.netscape.certsrv.request.RequestListener; -import com.netscape.cmscore.apps.EngineConfig; import com.netscape.cmscore.base.ConfigStore; import com.netscape.cmscore.ldapconn.LDAPConfig; import com.netscape.cmscore.ldapconn.LdapBoundConnFactory; -import com.netscape.cmscore.ldapconn.PKISocketConfig; import com.netscape.cmscore.request.Request; import netscape.ldap.LDAPAttribute; @@ -93,18 +91,13 @@ public void init(Subsystem sub, ConfigStore config) throws EBaseException { public void init(String name, String ImplName, ConfigStore config) throws EBaseException { - EngineConfig cs = engine.getConfig(); - mName = name; mImplName = ImplName; mConfig = config; - PKISocketConfig socketConfig = cs.getSocketConfig(); mLdapConfig = mConfig.getSubStore(PROP_LDAP, LDAPConfig.class); - mConnFactory = new LdapBoundConnFactory("PinRemovalListener"); - mConnFactory.setCMSEngine(engine); - mConnFactory.init(socketConfig, mLdapConfig, engine.getPasswordStore()); + mConnFactory = engine.createLdapBoundConnFactory("PinRemovalListener", mLdapConfig); mRemovePinLdapConnection = mConnFactory.getConn(); diff --git a/base/server/src/main/java/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java b/base/server/src/main/java/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java index dd2016e1aa3..dd81f17e989 100644 --- a/base/server/src/main/java/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java +++ b/base/server/src/main/java/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java @@ -55,7 +55,6 @@ import com.netscape.cmscore.apps.EngineConfig; import com.netscape.cmscore.ldapconn.LDAPConfig; import com.netscape.cmscore.ldapconn.LdapBoundConnFactory; -import com.netscape.cmscore.ldapconn.PKISocketConfig; import com.netscape.cmscore.logging.Auditor; import com.netscape.cmscore.security.JssSubsystem; import com.netscape.cmscore.usrgrp.UGSubsystem; @@ -160,7 +159,6 @@ public InstallToken getInstallToken( public DomainInfo getDomainInfo() throws EBaseException { EngineConfig cs = engine.getConfig(); - PKISocketConfig socketConfig = cs.getSocketConfig(); LdapBoundConnFactory connFactory = null; LDAPConnection conn = null; @@ -174,9 +172,7 @@ public DomainInfo getDomainInfo() throws EBaseException { String dn = "ou=Security Domain," + basedn; String filter = "objectclass=pkiSecurityGroup"; - connFactory = new LdapBoundConnFactory("SecurityDomainProcessor"); - connFactory.setCMSEngine(engine); - connFactory.init(socketConfig, ldapConfig, engine.getPasswordStore()); + connFactory = engine.createLdapBoundConnFactory("SecurityDomainProcessor", ldapConfig); conn = connFactory.getConn(); @@ -501,7 +497,6 @@ public String addHost( String clone) throws EBaseException { EngineConfig cs = engine.getConfig(); - PKISocketConfig socketConfig = cs.getSocketConfig(); LDAPConfig ldapConfig = cs.getInternalDBConfig(); String baseDN = ldapConfig.getBaseDN(); @@ -569,9 +564,7 @@ public String addHost( LDAPConnection conn = null; try { - connFactory = new LdapBoundConnFactory("UpdateDomainXML"); - connFactory.setCMSEngine(engine); - connFactory.init(socketConfig, ldapConfig, engine.getPasswordStore()); + connFactory = engine.createLdapBoundConnFactory("UpdateDomainXML", ldapConfig); conn = connFactory.getConn(); conn.add(entry); @@ -641,13 +634,10 @@ public String modifyEntry(String dn, LDAPModification mod) { LDAPConnection conn = null; EngineConfig cs = engine.getConfig(); - PKISocketConfig socketConfig = cs.getSocketConfig(); try { LDAPConfig ldapConfig = cs.getInternalDBConfig(); - connFactory = new LdapBoundConnFactory("UpdateDomainXML"); - connFactory.setCMSEngine(engine); - connFactory.init(socketConfig, ldapConfig, engine.getPasswordStore()); + connFactory = engine.createLdapBoundConnFactory("UpdateDomainXML", ldapConfig); conn = connFactory.getConn(); conn.modify(dn, mod); @@ -686,13 +676,10 @@ public String removeEntry(String dn) { LDAPConnection conn = null; EngineConfig cs = engine.getConfig(); - PKISocketConfig socketConfig = cs.getSocketConfig(); try { LDAPConfig ldapConfig = cs.getInternalDBConfig(); - connFactory = new LdapBoundConnFactory("UpdateDomainXML"); - connFactory.setCMSEngine(engine); - connFactory.init(socketConfig, ldapConfig, engine.getPasswordStore()); + connFactory = engine.createLdapBoundConnFactory("UpdateDomainXML", ldapConfig); conn = connFactory.getConn(); conn.delete(dn); diff --git a/base/server/src/main/java/com/netscape/cmscore/apps/CMSEngine.java b/base/server/src/main/java/com/netscape/cmscore/apps/CMSEngine.java index 0baf101103e..768c26cbfb5 100644 --- a/base/server/src/main/java/com/netscape/cmscore/apps/CMSEngine.java +++ b/base/server/src/main/java/com/netscape/cmscore/apps/CMSEngine.java @@ -78,6 +78,9 @@ import com.netscape.cmscore.ldapconn.LDAPAuthenticationConfig; import com.netscape.cmscore.ldapconn.LDAPConfig; import com.netscape.cmscore.ldapconn.LDAPConnectionConfig; +import com.netscape.cmscore.ldapconn.LdapAnonConnFactory; +import com.netscape.cmscore.ldapconn.LdapAuthInfo; +import com.netscape.cmscore.ldapconn.LdapBoundConnFactory; import com.netscape.cmscore.ldapconn.LdapConnInfo; import com.netscape.cmscore.ldapconn.PKISocketConfig; import com.netscape.cmscore.ldapconn.PKISocketFactory; @@ -1290,6 +1293,84 @@ public void setServerCertNickname(String newName) { mServerCertNickname = newName; } + public LdapAnonConnFactory createLdapAnonConnFactory( + String id, + LDAPConfig ldapConfig + ) throws EBaseException { + + PKISocketConfig socketConfig = mConfig.getSocketConfig(); + + LdapAnonConnFactory connFactory = new LdapAnonConnFactory(id); + connFactory.setAuditor(auditor); + connFactory.setSocketListener(clientSocketListener); + connFactory.setApprovalCallback(approvalCallback); + connFactory.init(socketConfig, ldapConfig); + + return connFactory; + } + + public LdapAnonConnFactory createLdapAnonConnFactory( + String id, + int minConns, + int maxConns, + LdapConnInfo connInfo + ) throws EBaseException { + + PKISocketConfig socketConfig = mConfig.getSocketConfig(); + + LdapAnonConnFactory connFactory = new LdapAnonConnFactory( + id, + minConns, + maxConns, + connInfo); + connFactory.setAuditor(auditor); + connFactory.setSocketListener(clientSocketListener); + connFactory.setApprovalCallback(approvalCallback); + connFactory.init(socketConfig); + + return connFactory; + } + + public LdapBoundConnFactory createLdapBoundConnFactory( + String id, + LDAPConfig ldapConfig + ) throws EBaseException { + + PKISocketConfig socketConfig = mConfig.getSocketConfig(); + + LdapBoundConnFactory connFactory = new LdapBoundConnFactory(id); + connFactory.setAuditor(auditor); + connFactory.setSocketListener(clientSocketListener); + connFactory.setApprovalCallback(approvalCallback); + connFactory.init(socketConfig, ldapConfig, getPasswordStore()); + + return connFactory; + } + + public LdapBoundConnFactory createLdapBoundConnFactory( + String id, + int minConns, + int maxConns, + LdapConnInfo connInfo, + LdapAuthInfo authInfo + ) throws EBaseException { + + PKISocketConfig socketConfig = mConfig.getSocketConfig(); + + LdapBoundConnFactory connFactory = new LdapBoundConnFactory( + id, + minConns, + maxConns, + connInfo, + authInfo); + connFactory.setAuditor(auditor); + connFactory.setSocketListener(clientSocketListener); + connFactory.setApprovalCallback(approvalCallback); + connFactory.init(socketConfig, getPasswordStore()); + + return connFactory; + } + public MailNotification getMailNotification() { try { String className = mConfig.getString("notificationClassName", MailNotification.class.getName()); diff --git a/base/server/src/main/java/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java b/base/server/src/main/java/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java index 88c21d71d37..9c92b05e94b 100644 --- a/base/server/src/main/java/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java +++ b/base/server/src/main/java/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java @@ -33,12 +33,10 @@ import com.netscape.certsrv.profile.EProfileException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.cmscore.apps.CMS; -import com.netscape.cmscore.apps.EngineConfig; import com.netscape.cmscore.base.ConfigStore; import com.netscape.cmscore.dbs.DBSubsystem; import com.netscape.cmscore.ldapconn.LdapAnonConnFactory; import com.netscape.cmscore.ldapconn.LdapConnInfo; -import com.netscape.cmscore.ldapconn.PKISocketConfig; import com.netscape.cmscore.request.Request; import com.netscape.cmscore.usrgrp.UGSubsystem; import com.netscape.cmscore.usrgrp.User; @@ -94,16 +92,10 @@ public void init( mImplName = implName; mConfig = config; - EngineConfig cs = engine.getConfig(); - - PKISocketConfig socketConfig = cs.getSocketConfig(); - DBSubsystem dbSubsystem = engine.getDBSubsystem(); LdapConnInfo ldapinfo = dbSubsystem.getLdapConnInfo(); - mAnonConnFactory = new LdapAnonConnFactory("PasswdUserDBAuthentication", 0, 20, ldapinfo); - mAnonConnFactory.setCMSEngine(engine); - mAnonConnFactory.init(socketConfig); + mAnonConnFactory = engine.createLdapAnonConnFactory("PasswdUserDBAuthentication", 0, 20, ldapinfo); } @Override diff --git a/base/server/src/main/java/com/netscape/cmscore/dbs/DBSubsystem.java b/base/server/src/main/java/com/netscape/cmscore/dbs/DBSubsystem.java index bb053625489..7571fa5dca7 100644 --- a/base/server/src/main/java/com/netscape/cmscore/dbs/DBSubsystem.java +++ b/base/server/src/main/java/com/netscape/cmscore/dbs/DBSubsystem.java @@ -223,7 +223,11 @@ public void init( // initialize LDAP connection factory // by default return error if server is down at startup time. mLdapConnFactory = new LdapBoundConnFactory("DBSubsystem", true); - mLdapConnFactory.setCMSEngine(engine); + if (engine != null) { + mLdapConnFactory.setAuditor(engine.getAuditor()); + mLdapConnFactory.setSocketListener(engine.getClientSocketListener()); + mLdapConnFactory.setApprovalCallback(engine.getApprovalCallback()); + } } catch (EBaseException e) { logger.error("DBSubsystem: initialization failed: " + e.getMessage(), e); diff --git a/base/server/src/main/java/com/netscape/cmscore/session/LDAPSecurityDomainSessionTable.java b/base/server/src/main/java/com/netscape/cmscore/session/LDAPSecurityDomainSessionTable.java index d3a94a2d84b..7691a98a40b 100644 --- a/base/server/src/main/java/com/netscape/cmscore/session/LDAPSecurityDomainSessionTable.java +++ b/base/server/src/main/java/com/netscape/cmscore/session/LDAPSecurityDomainSessionTable.java @@ -29,7 +29,6 @@ import com.netscape.cmscore.apps.EngineConfig; import com.netscape.cmscore.ldapconn.LDAPConfig; import com.netscape.cmscore.ldapconn.LdapBoundConnFactory; -import com.netscape.cmscore.ldapconn.PKISocketConfig; import netscape.ldap.LDAPAttribute; import netscape.ldap.LDAPAttributeSet; @@ -66,13 +65,9 @@ public void setCMSEngine(CMSEngine engine) { public void init() throws ELdapException, EBaseException { EngineConfig cs = engine.getConfig(); - - PKISocketConfig socketConfig = cs.getSocketConfig(); LDAPConfig internaldb = cs.getInternalDBConfig(); - mLdapConnFactory = new LdapBoundConnFactory("LDAPSecurityDomainSessionTable"); - mLdapConnFactory.setCMSEngine(engine); - mLdapConnFactory.init(socketConfig, internaldb, engine.getPasswordStore()); + mLdapConnFactory = engine.createLdapBoundConnFactory("LDAPSecurityDomainSessionTable", internaldb); } @Override diff --git a/base/server/src/main/java/com/netscape/cmscore/usrgrp/UGSubsystem.java b/base/server/src/main/java/com/netscape/cmscore/usrgrp/UGSubsystem.java index 68070a18deb..03259c2692f 100644 --- a/base/server/src/main/java/com/netscape/cmscore/usrgrp/UGSubsystem.java +++ b/base/server/src/main/java/com/netscape/cmscore/usrgrp/UGSubsystem.java @@ -104,7 +104,11 @@ public void init( mBaseDN = ldapConfig.getBaseDN(); mLdapConnFactory = new LdapBoundConnFactory("UGSubsystem"); - mLdapConnFactory.setCMSEngine(engine); + if (engine != null) { + mLdapConnFactory.setAuditor(engine.getAuditor()); + mLdapConnFactory.setSocketListener(engine.getClientSocketListener()); + mLdapConnFactory.setApprovalCallback(engine.getApprovalCallback()); + } mLdapConnFactory.init(socketConfig, ldapConfig, passwordStore); }