summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAbhishek Koneru <akoneru@redhat.com>2012-11-21 18:45:32 -0500
committerEndi Sukma Dewata <edewata@redhat.com>2013-01-04 10:10:13 -0500
commit4faa78799a947b7c06db6835ac25c0954e102c5a (patch)
tree53ee40116233f6d9386b51f35c0782e75680568f
parent01bbfc224a228206fbe18318b2a23363fa9663cc (diff)
downloadpki-4faa78799a947b7c06db6835ac25c0954e102c5a.zip
pki-4faa78799a947b7c06db6835ac25c0954e102c5a.tar.gz
pki-4faa78799a947b7c06db6835ac25c0954e102c5a.tar.xz
Ticket 191 - Mapping HTTP Exception to their proper HTTP error codes
-rw-r--r--base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java17
-rw-r--r--base/common/src/com/netscape/certsrv/base/ConflictingOperationException.java20
-rw-r--r--base/common/src/com/netscape/certsrv/base/ForbiddenException.java19
-rw-r--r--base/common/src/com/netscape/certsrv/base/HTTPGoneException.java20
-rw-r--r--base/common/src/com/netscape/certsrv/base/ResourceNotFoundException.java24
-rw-r--r--base/common/src/com/netscape/certsrv/base/UserNotFoundException.java40
-rw-r--r--base/common/src/com/netscape/certsrv/cert/CertNotFoundException.java10
-rw-r--r--base/common/src/com/netscape/certsrv/group/GroupNotFoundException.java42
-rw-r--r--base/common/src/com/netscape/certsrv/profile/ProfileNotFoundException.java10
-rw-r--r--base/common/src/com/netscape/certsrv/request/RequestNotFoundException.java10
-rw-r--r--base/common/src/com/netscape/cms/servlet/admin/GroupMemberService.java25
-rw-r--r--base/common/src/com/netscape/cms/servlet/admin/GroupService.java12
-rw-r--r--base/common/src/com/netscape/cms/servlet/admin/SystemCertService.java11
-rw-r--r--base/common/src/com/netscape/cms/servlet/admin/UserCertService.java42
-rw-r--r--base/common/src/com/netscape/cms/servlet/admin/UserService.java22
-rw-r--r--base/common/src/com/netscape/cms/servlet/cert/CertService.java5
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java90
-rw-r--r--base/common/src/com/netscape/cms/servlet/key/KeyService.java24
-rw-r--r--base/common/src/com/netscape/cms/servlet/request/CertRequestService.java19
-rw-r--r--base/common/src/com/netscape/cms/servlet/request/KeyRequestService.java33
20 files changed, 333 insertions, 162 deletions
diff --git a/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java b/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java
index bcb0b80..c307402 100644
--- a/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java
+++ b/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java
@@ -24,9 +24,7 @@ import java.security.Principal;
import java.util.Properties;
import javax.servlet.ServletContext;
-import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
-import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.ext.Provider;
@@ -44,6 +42,7 @@ import com.netscape.certsrv.authorization.AuthzToken;
import com.netscape.certsrv.authorization.EAuthzAccessDenied;
import com.netscape.certsrv.authorization.IAuthzSubsystem;
import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.ForbiddenException;
import com.netscape.cmscore.realm.PKIPrincipal;
@@ -76,7 +75,7 @@ public class ACLInterceptor implements PreProcessInterceptor {
public ServerResponse preProcess(
HttpRequest request,
ResourceMethod resourceMethod
- ) throws Failure, WebApplicationException {
+ ) throws Failure, ForbiddenException {
// Get ACL mapping for the method.
Method method = resourceMethod.getMethod();
@@ -95,12 +94,12 @@ public class ACLInterceptor implements PreProcessInterceptor {
// If unauthenticated, reject request.
if (principal == null) {
- throw new WebApplicationException(Response.Status.FORBIDDEN);
+ throw new ForbiddenException("No user principal provided.");
}
// If unrecognized principal, reject request.
if (!(principal instanceof PKIPrincipal)) {
- throw new WebApplicationException(Response.Status.FORBIDDEN);
+ throw new ForbiddenException("Invalid user principal");
}
PKIPrincipal pkiPrincipal = (PKIPrincipal)principal;
@@ -108,7 +107,7 @@ public class ACLInterceptor implements PreProcessInterceptor {
// If missing auth token, reject request.
if (authToken == null) {
- throw new WebApplicationException(Response.Status.FORBIDDEN);
+ throw new ForbiddenException("No authorization token present.");
}
try {
@@ -124,7 +123,7 @@ public class ACLInterceptor implements PreProcessInterceptor {
// If invalid mapping, reject request.
if (values.length != 2) {
- throw new WebApplicationException(Response.Status.FORBIDDEN);
+ throw new ForbiddenException("Invalid ACL mapping.");
}
// Check authorization.
@@ -137,11 +136,11 @@ public class ACLInterceptor implements PreProcessInterceptor {
// If not authorized, reject request.
if (authzToken == null) {
- throw new WebApplicationException(Response.Status.FORBIDDEN);
+ throw new ForbiddenException("No authorization token present.");
}
} catch (EAuthzAccessDenied e) {
- throw new WebApplicationException(Response.Status.FORBIDDEN);
+ throw new ForbiddenException(e.toString());
} catch (IOException|EBaseException e) {
e.printStackTrace();
diff --git a/base/common/src/com/netscape/certsrv/base/ConflictingOperationException.java b/base/common/src/com/netscape/certsrv/base/ConflictingOperationException.java
new file mode 100644
index 0000000..8b17caa
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/base/ConflictingOperationException.java
@@ -0,0 +1,20 @@
+package com.netscape.certsrv.base;
+
+import javax.ws.rs.core.Response;
+
+public class ConflictingOperationException extends PKIException {
+
+ private static final long serialVersionUID = -5780172673428115193L;
+
+ public ConflictingOperationException(String message) {
+ super(Response.Status.CONFLICT, message);
+ }
+
+ public ConflictingOperationException(String message, Throwable cause) {
+ super(Response.Status.CONFLICT, message, cause);
+ }
+
+ public ConflictingOperationException(Data data) {
+ super(data);
+ }
+}
diff --git a/base/common/src/com/netscape/certsrv/base/ForbiddenException.java b/base/common/src/com/netscape/certsrv/base/ForbiddenException.java
new file mode 100644
index 0000000..218dc9c
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/base/ForbiddenException.java
@@ -0,0 +1,19 @@
+package com.netscape.certsrv.base;
+
+import javax.ws.rs.core.Response;
+
+public class ForbiddenException extends PKIException {
+ private static final long serialVersionUID = 3199015969025638546L;
+
+ public ForbiddenException(String message) {
+ super(Response.Status.FORBIDDEN, message);
+ }
+
+ public ForbiddenException(String message, Throwable cause) {
+ super(Response.Status.FORBIDDEN, message, cause);
+ }
+
+ public ForbiddenException(Data data) {
+ super(data);
+ }
+}
diff --git a/base/common/src/com/netscape/certsrv/base/HTTPGoneException.java b/base/common/src/com/netscape/certsrv/base/HTTPGoneException.java
new file mode 100644
index 0000000..7b8f0d3
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/base/HTTPGoneException.java
@@ -0,0 +1,20 @@
+package com.netscape.certsrv.base;
+
+import javax.ws.rs.core.Response;
+
+public class HTTPGoneException extends PKIException {
+
+ private static final long serialVersionUID = 1256191208802745690L;
+
+ public HTTPGoneException(String message) {
+ super(Response.Status.GONE, message);
+ }
+
+ public HTTPGoneException(String message, Throwable cause) {
+ super(Response.Status.GONE, message, cause);
+ }
+
+ public HTTPGoneException(Data data) {
+ super(data);
+ }
+}
diff --git a/base/common/src/com/netscape/certsrv/base/ResourceNotFoundException.java b/base/common/src/com/netscape/certsrv/base/ResourceNotFoundException.java
new file mode 100644
index 0000000..f41e9e6
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/base/ResourceNotFoundException.java
@@ -0,0 +1,24 @@
+package com.netscape.certsrv.base;
+
+import javax.ws.rs.core.Response;
+
+public class ResourceNotFoundException extends PKIException {
+
+ private static final long serialVersionUID = 2283994502912462263L;
+
+ public ResourceNotFoundException(String message) {
+ super(Response.Status.NOT_FOUND, message);
+ }
+
+ public ResourceNotFoundException(String message, Throwable cause) {
+ super(Response.Status.NOT_FOUND, message, cause);
+ }
+
+ public ResourceNotFoundException(Data data) {
+ super(data);
+ }
+
+ public Data getData() {
+ return super.getData();
+ }
+}
diff --git a/base/common/src/com/netscape/certsrv/base/UserNotFoundException.java b/base/common/src/com/netscape/certsrv/base/UserNotFoundException.java
new file mode 100644
index 0000000..63df706
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/base/UserNotFoundException.java
@@ -0,0 +1,40 @@
+package com.netscape.certsrv.base;
+
+
+public class UserNotFoundException extends ResourceNotFoundException {
+ private static final long serialVersionUID = -3446066672148673666L;
+ public String userId;
+
+ public UserNotFoundException(String userId) {
+ this(userId, "User " + userId + " not found");
+ }
+
+ public UserNotFoundException(String userId, String message) {
+ super(message);
+ this.userId = userId;
+ }
+
+ public UserNotFoundException(String userId, String message, Throwable cause) {
+ super(message, cause);
+ this.userId = userId;
+ }
+
+ public UserNotFoundException(Data data) {
+ super(data);
+ userId = data.getAttribute("userId");
+ }
+
+ public Data getData() {
+ Data data = super.getData();
+ data.setAttribute("userId", userId);
+ return data;
+ }
+
+ public String getUserId() {
+ return userId;
+ }
+
+ public void setUserId(String userId) {
+ this.userId = userId;
+ }
+}
diff --git a/base/common/src/com/netscape/certsrv/cert/CertNotFoundException.java b/base/common/src/com/netscape/certsrv/cert/CertNotFoundException.java
index ce0962a..171c276 100644
--- a/base/common/src/com/netscape/certsrv/cert/CertNotFoundException.java
+++ b/base/common/src/com/netscape/certsrv/cert/CertNotFoundException.java
@@ -17,12 +17,10 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.certsrv.cert;
-import javax.ws.rs.core.Response;
-
-import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.base.ResourceNotFoundException;
import com.netscape.certsrv.dbs.certdb.CertId;
-public class CertNotFoundException extends PKIException {
+public class CertNotFoundException extends ResourceNotFoundException {
private static final long serialVersionUID = -4784839378360933483L;
@@ -33,12 +31,12 @@ public class CertNotFoundException extends PKIException {
}
public CertNotFoundException(CertId certId, String message) {
- super(Response.Status.NOT_FOUND, message);
+ super(message);
this.certId = certId;
}
public CertNotFoundException(CertId certId, String message, Throwable cause) {
- super(Response.Status.NOT_FOUND, message, cause);
+ super(message, cause);
this.certId = certId;
}
diff --git a/base/common/src/com/netscape/certsrv/group/GroupNotFoundException.java b/base/common/src/com/netscape/certsrv/group/GroupNotFoundException.java
new file mode 100644
index 0000000..3bd9241
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/group/GroupNotFoundException.java
@@ -0,0 +1,42 @@
+package com.netscape.certsrv.group;
+
+import com.netscape.certsrv.base.ResourceNotFoundException;
+
+public class GroupNotFoundException extends ResourceNotFoundException {
+
+ private static final long serialVersionUID = 2283994502912462263L;
+ public String groupId;
+
+ public GroupNotFoundException(String groupId) {
+ this(groupId, "Group " + groupId + " not found");
+ }
+
+ public GroupNotFoundException(String groupId, String message) {
+ super(message);
+ this.groupId = groupId;
+ }
+
+ public GroupNotFoundException(String groupId, String message, Throwable cause) {
+ super(message, cause);
+ this.groupId = groupId;
+ }
+
+ public GroupNotFoundException(Data data) {
+ super(data);
+ groupId = data.getAttribute("groupId");
+ }
+
+ public Data getData() {
+ Data data = super.getData();
+ data.setAttribute("groupId", groupId);
+ return data;
+ }
+
+ public String getGroupId() {
+ return groupId;
+ }
+
+ public void setGroupId(String groupId) {
+ this.groupId = groupId;
+ }
+}
diff --git a/base/common/src/com/netscape/certsrv/profile/ProfileNotFoundException.java b/base/common/src/com/netscape/certsrv/profile/ProfileNotFoundException.java
index 7a1c9ea..c6a549b 100644
--- a/base/common/src/com/netscape/certsrv/profile/ProfileNotFoundException.java
+++ b/base/common/src/com/netscape/certsrv/profile/ProfileNotFoundException.java
@@ -17,11 +17,9 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.certsrv.profile;
-import javax.ws.rs.core.Response;
+import com.netscape.certsrv.base.ResourceNotFoundException;
-import com.netscape.certsrv.base.PKIException;
-
-public class ProfileNotFoundException extends PKIException {
+public class ProfileNotFoundException extends ResourceNotFoundException {
private static final long serialVersionUID = -4784839378360933483L;
@@ -32,12 +30,12 @@ public class ProfileNotFoundException extends PKIException {
}
public ProfileNotFoundException(String profileId, String message) {
- super(Response.Status.NOT_FOUND, message);
+ super(message);
this.profileId = profileId;
}
public ProfileNotFoundException(String profileId, String message, Throwable cause) {
- super(Response.Status.NOT_FOUND, message, cause);
+ super(message, cause);
this.profileId = profileId;
}
diff --git a/base/common/src/com/netscape/certsrv/request/RequestNotFoundException.java b/base/common/src/com/netscape/certsrv/request/RequestNotFoundException.java
index 3db10dd..478675a 100644
--- a/base/common/src/com/netscape/certsrv/request/RequestNotFoundException.java
+++ b/base/common/src/com/netscape/certsrv/request/RequestNotFoundException.java
@@ -1,10 +1,8 @@
package com.netscape.certsrv.request;
-import javax.ws.rs.core.Response;
+import com.netscape.certsrv.base.ResourceNotFoundException;
-import com.netscape.certsrv.base.PKIException;
-
-public class RequestNotFoundException extends PKIException {
+public class RequestNotFoundException extends ResourceNotFoundException {
private static final long serialVersionUID = -4784839378360933483L;
@@ -15,12 +13,12 @@ public class RequestNotFoundException extends PKIException {
}
public RequestNotFoundException(RequestId requestId, String message) {
- super(Response.Status.NOT_FOUND, message);
+ super(message);
this.requestId = requestId;
}
public RequestNotFoundException(RequestId requestId, String message, Throwable cause) {
- super(Response.Status.NOT_FOUND, message, cause);
+ super(message, cause);
this.requestId = requestId;
}
diff --git a/base/common/src/com/netscape/cms/servlet/admin/GroupMemberService.java b/base/common/src/com/netscape/cms/servlet/admin/GroupMemberService.java
index 0854be3..cd17f5b 100644
--- a/base/common/src/com/netscape/cms/servlet/admin/GroupMemberService.java
+++ b/base/common/src/com/netscape/cms/servlet/admin/GroupMemberService.java
@@ -29,15 +29,18 @@ import javax.ws.rs.core.Response;
import org.jboss.resteasy.plugins.providers.atom.Link;
import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.BadRequestException;
+import com.netscape.certsrv.base.ConflictingOperationException;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.base.ResourceNotFoundException;
import com.netscape.certsrv.base.SessionContext;
import com.netscape.certsrv.common.OpDef;
import com.netscape.certsrv.common.ScopeDef;
import com.netscape.certsrv.group.GroupMemberCollection;
import com.netscape.certsrv.group.GroupMemberData;
import com.netscape.certsrv.group.GroupMemberResource;
+import com.netscape.certsrv.group.GroupNotFoundException;
import com.netscape.certsrv.logging.AuditFormat;
import com.netscape.certsrv.logging.IAuditor;
import com.netscape.certsrv.logging.ILogger;
@@ -81,13 +84,13 @@ public class GroupMemberService extends PKIService implements GroupMemberResourc
if (groupID == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
- throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+ throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
}
IGroup group = userGroupManager.getGroupFromName(groupID);
if (group == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
- throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"));
+ throw new GroupNotFoundException(groupID);
}
GroupMemberCollection response = new GroupMemberCollection();
@@ -141,13 +144,13 @@ public class GroupMemberService extends PKIService implements GroupMemberResourc
try {
if (groupID == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
- throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+ throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
}
IGroup group = userGroupManager.getGroupFromName(groupID);
if (group == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
- throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"));
+ throw new GroupNotFoundException(groupID);
}
String memberID = groupMemberData.getID();
@@ -171,7 +174,7 @@ public class GroupMemberService extends PKIService implements GroupMemberResourc
if (!isDuplicate(groupID, memberID)) {
userGroupManager.addUserToGroup(group, memberID);
} else {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_DUPLICATE_ROLES", memberID));
+ throw new ConflictingOperationException(CMS.getUserMessage("CMS_BASE_DUPLICATE_ROLES", memberID));
}
} else {
@@ -289,13 +292,13 @@ public class GroupMemberService extends PKIService implements GroupMemberResourc
try {
if (groupID == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
- throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+ throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
}
IGroup group = userGroupManager.getGroupFromName(groupID);
if (group == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
- throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"));
+ throw new GroupNotFoundException(groupID);
}
Enumeration<String> e = group.getMemberNames();
@@ -307,7 +310,7 @@ public class GroupMemberService extends PKIService implements GroupMemberResourc
return groupMemberData;
}
- throw new PKIException("Group member not found");
+ throw new ResourceNotFoundException("Group member " + memberID + " not found");
} catch (PKIException e) {
throw e;
@@ -329,13 +332,13 @@ public class GroupMemberService extends PKIService implements GroupMemberResourc
try {
if (groupID == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
- throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+ throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
}
IGroup group = userGroupManager.getGroupFromName(groupID);
if (group == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
- throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"));
+ throw new GroupNotFoundException(groupID);
}
String member = groupMemberData.getID();
diff --git a/base/common/src/com/netscape/cms/servlet/admin/GroupService.java b/base/common/src/com/netscape/cms/servlet/admin/GroupService.java
index b82df9a..012e00c 100644
--- a/base/common/src/com/netscape/cms/servlet/admin/GroupService.java
+++ b/base/common/src/com/netscape/cms/servlet/admin/GroupService.java
@@ -30,12 +30,14 @@ import org.apache.commons.lang.StringUtils;
import org.jboss.resteasy.plugins.providers.atom.Link;
import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.BadRequestException;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.PKIException;
import com.netscape.certsrv.common.OpDef;
import com.netscape.certsrv.common.ScopeDef;
import com.netscape.certsrv.group.GroupCollection;
import com.netscape.certsrv.group.GroupData;
+import com.netscape.certsrv.group.GroupNotFoundException;
import com.netscape.certsrv.group.GroupResource;
import com.netscape.certsrv.logging.IAuditor;
import com.netscape.certsrv.logging.ILogger;
@@ -131,13 +133,13 @@ public class GroupService extends PKIService implements GroupResource {
try {
if (groupID == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
- throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+ throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
}
IGroup group = userGroupManager.getGroupFromName(groupID);
if (group == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
- throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"));
+ throw new GroupNotFoundException(groupID);
}
return createGroupData(group);
@@ -173,7 +175,7 @@ public class GroupService extends PKIService implements GroupResource {
try {
if (groupID == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
- throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+ throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
}
IGroup group = userGroupManager.createGroup(groupID);
@@ -237,7 +239,7 @@ public class GroupService extends PKIService implements GroupResource {
try {
if (groupID == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
- throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+ throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
}
IGroup group = userGroupManager.getGroupFromName(groupID);
@@ -295,7 +297,7 @@ public class GroupService extends PKIService implements GroupResource {
try {
if (groupID == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
- throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+ throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
}
// if fails, let the exception fall through
diff --git a/base/common/src/com/netscape/cms/servlet/admin/SystemCertService.java b/base/common/src/com/netscape/cms/servlet/admin/SystemCertService.java
index 8c2d8d9..2e1277b 100644
--- a/base/common/src/com/netscape/cms/servlet/admin/SystemCertService.java
+++ b/base/common/src/com/netscape/cms/servlet/admin/SystemCertService.java
@@ -20,10 +20,11 @@ package com.netscape.cms.servlet.admin;
import java.security.cert.CertificateEncodingException;
-import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.base.ResourceNotFoundException;
import com.netscape.certsrv.cert.CertData;
import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
import com.netscape.certsrv.security.ITransportKeyUnit;
@@ -50,25 +51,25 @@ public class SystemCertService extends PKIService implements SystemCertResource
kra = (IKeyRecoveryAuthority) CMS.getSubsystem("kra");
if (kra == null) {
// no KRA
- throw new WebApplicationException(Response.Status.NOT_FOUND);
+ throw new ResourceNotFoundException("KRA subsystem not found.");
}
ITransportKeyUnit tu = kra.getTransportKeyUnit();
if (tu == null) {
CMS.debug("getTransportCert: transport key unit is null");
- throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
+ throw new PKIException("No transport key unit.");
}
org.mozilla.jss.crypto.X509Certificate transportCert = tu.getCertificate();
if (transportCert == null) {
CMS.debug("getTransportCert: transport cert is null");
- throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
+ throw new PKIException("Transport cert not found.");
}
try {
cert = createCertificateData(transportCert);
} catch (CertificateEncodingException e) {
CMS.debug("getTransportCert: certificate encoding exception with transport cert");
e.printStackTrace();
- throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
+ throw new PKIException("Unable to encode transport cert");
}
return sendConditionalGetResponse(DEFAULT_LONG_CACHE_LIFETIME, cert);
}
diff --git a/base/common/src/com/netscape/cms/servlet/admin/UserCertService.java b/base/common/src/com/netscape/cms/servlet/admin/UserCertService.java
index 16a584f..5705104 100644
--- a/base/common/src/com/netscape/cms/servlet/admin/UserCertService.java
+++ b/base/common/src/com/netscape/cms/servlet/admin/UserCertService.java
@@ -39,8 +39,11 @@ import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.crypto.InternalCertificate;
import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.BadRequestException;
import com.netscape.certsrv.base.ICertPrettyPrint;
import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.base.ResourceNotFoundException;
+import com.netscape.certsrv.base.UserNotFoundException;
import com.netscape.certsrv.common.OpDef;
import com.netscape.certsrv.common.ScopeDef;
import com.netscape.certsrv.dbs.certdb.CertId;
@@ -96,7 +99,7 @@ public class UserCertService extends PKIService implements UserCertResource {
if (userID == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
- throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+ throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
}
IUser user = null;
@@ -109,7 +112,7 @@ public class UserCertService extends PKIService implements UserCertResource {
if (user == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST"));
- throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST"));
+ throw new UserNotFoundException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST"));
}
UserCertCollection response = new UserCertCollection();
@@ -148,7 +151,7 @@ public class UserCertService extends PKIService implements UserCertResource {
if (userID == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
- throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+ throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
}
IUser user = null;
@@ -161,13 +164,13 @@ public class UserCertService extends PKIService implements UserCertResource {
if (user == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST"));
- throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST"));
+ throw new UserNotFoundException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST"));
}
X509Certificate[] certs = user.getX509Certificates();
if (certs == null) {
- throw new PKIException("Certificate not found");
+ throw new ResourceNotFoundException("No certificates found for " + userID);
}
try {
@@ -192,7 +195,7 @@ public class UserCertService extends PKIService implements UserCertResource {
return userCertData;
}
- throw new PKIException("Certificate not found");
+ throw new ResourceNotFoundException("No certificates found for " + userID);
} catch (PKIException e) {
throw e;
@@ -223,7 +226,7 @@ public class UserCertService extends PKIService implements UserCertResource {
try {
if (userID == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
- throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+ throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
}
IUser user = userGroupManager.createUser(userID);
@@ -266,7 +269,7 @@ public class UserCertService extends PKIService implements UserCertResource {
X509Certificate p7certs[] = pkcs7.getCertificates();
if (p7certs.length == 0) {
- throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_CERT_ERROR"));
+ throw new BadRequestException(getUserMessage("CMS_USRGRP_SRVLT_CERT_ERROR"));
}
// fix for 370099 - cert ordering can not be assumed
@@ -292,7 +295,7 @@ public class UserCertService extends PKIService implements UserCertResource {
} else {
// not a chain, or in random order
CMS.debug("UserCertResourceService: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_BAD_CHAIN"));
- throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_CERT_ERROR"));
+ throw new BadRequestException(getUserMessage("CMS_USRGRP_SRVLT_CERT_ERROR"));
}
CMS.debug("UserCertResourceService: "
@@ -335,12 +338,15 @@ public class UserCertService extends PKIService implements UserCertResource {
}
}
- /*
- } catch (CryptoManager.UserCertConflictException e) {
- // got a "user cert" in the chain, most likely the CA
- // cert of this instance, which has a private key. Ignore
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_PKS7_IGNORED", e.toString()));
- */
+ /*
+ } catch (CryptoManager.UserCertConflictException e) {
+ // got a "user cert" in the chain, most likely the CA
+ // cert of this instance, which has a private key. Ignore
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_PKS7_IGNORED", e.toString()));
+ */
+ } catch (PKIException e) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_ERROR", e.toString()));
+ throw e;
} catch (Exception e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_ERROR", e.toString()));
throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_CERT_ERROR"));
@@ -375,12 +381,12 @@ public class UserCertService extends PKIService implements UserCertResource {
} catch (CertificateExpiredException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_ADD_CERT_EXPIRED",
String.valueOf(cert.getSubjectDN())));
- throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_CERT_EXPIRED"));
+ throw new BadRequestException(getUserMessage("CMS_USRGRP_SRVLT_CERT_EXPIRED"));
} catch (CertificateNotYetValidException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_NOT_YET_VALID",
String.valueOf(cert.getSubjectDN())));
- throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID"));
+ throw new BadRequestException(getUserMessage("CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID"));
} catch (LDAPException e) {
if (e.getLDAPResultCode() == LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) {
@@ -438,7 +444,7 @@ public class UserCertService extends PKIService implements UserCertResource {
try {
if (userID == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
- throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+ throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
}
IUser user = userGroupManager.createUser(userID);
diff --git a/base/common/src/com/netscape/cms/servlet/admin/UserService.java b/base/common/src/com/netscape/cms/servlet/admin/UserService.java
index f28a815..4813d10 100644
--- a/base/common/src/com/netscape/cms/servlet/admin/UserService.java
+++ b/base/common/src/com/netscape/cms/servlet/admin/UserService.java
@@ -32,8 +32,12 @@ import org.apache.commons.lang.StringUtils;
import org.jboss.resteasy.plugins.providers.atom.Link;
import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.BadRequestDataException;
+import com.netscape.certsrv.base.BadRequestException;
import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.ForbiddenException;
import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.base.UserNotFoundException;
import com.netscape.certsrv.common.OpDef;
import com.netscape.certsrv.common.ScopeDef;
import com.netscape.certsrv.logging.IAuditor;
@@ -142,7 +146,7 @@ public class UserService extends PKIService implements UserResource {
if (userID == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
- throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+ throw new BadRequestDataException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
}
IUser user;
@@ -156,7 +160,7 @@ public class UserService extends PKIService implements UserResource {
if (user == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST"));
- throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST"));
+ throw new UserNotFoundException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST"));
}
UserData userData = createUserData(user);
@@ -207,19 +211,19 @@ public class UserService extends PKIService implements UserResource {
try {
if (userID == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
- throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+ throw new BadRequestDataException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
}
if (userID.indexOf(BACK_SLASH) != -1) {
// backslashes (BS) are not allowed
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_RS_ID_BS"));
- throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_RS_ID_BS"));
+ throw new BadRequestDataException(getUserMessage("CMS_ADMIN_SRVLT_RS_ID_BS"));
}
if (userID.equals(SYSTEM_USER)) {
// backslashes (BS) are not allowed
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_SPECIAL_ID", userID));
- throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_SPECIAL_ID", userID));
+ throw new ForbiddenException(getUserMessage("CMS_ADMIN_SRVLT_SPECIAL_ID", userID));
}
IUser user = userGroupManager.createUser(userID);
@@ -229,7 +233,7 @@ public class UserService extends PKIService implements UserResource {
String msg = getUserMessage("CMS_USRGRP_USER_ADD_FAILED_1", "full name");
log(ILogger.LL_FAILURE, msg);
- throw new PKIException(msg);
+ throw new BadRequestDataException(msg);
} else {
user.setFullName(fname);
@@ -292,7 +296,7 @@ public class UserService extends PKIService implements UserResource {
log(ILogger.LL_FAILURE, e.toString());
if (user.getUserID() == null) {
- throw new PKIException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED_1", "uid"));
+ throw new BadRequestDataException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED_1", "uid"));
} else {
throw new PKIException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED"));
}
@@ -337,7 +341,7 @@ public class UserService extends PKIService implements UserResource {
try {
if (userID == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
- throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+ throw new BadRequestDataException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
}
IUser user = userGroupManager.createUser(userID);
@@ -425,7 +429,7 @@ public class UserService extends PKIService implements UserResource {
try {
if (userID == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
- throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+ throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
}
// get list of groups, and see if uid belongs to any
diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertService.java b/base/common/src/com/netscape/cms/servlet/cert/CertService.java
index 12942ae..9b7b9d4 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/CertService.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/CertService.java
@@ -30,9 +30,6 @@ import java.util.Date;
import java.util.Enumeration;
import java.util.List;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.Response;
-
import netscape.security.pkcs.ContentInfo;
import netscape.security.pkcs.PKCS7;
import netscape.security.pkcs.SignerInfo;
@@ -334,7 +331,7 @@ public class CertService extends PKIService implements CertResource {
@Override
public CertDataInfos searchCerts(CertSearchRequest data, Integer start, Integer size) {
if (data == null) {
- throw new WebApplicationException(Response.Status.BAD_REQUEST);
+ throw new BadRequestException("Search request is null.");
}
start = start == null ? 0 : start;
size = size == null ? DEFAULT_SIZE : size;
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java
index 7013d1c..2e7f061 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java
@@ -29,7 +29,6 @@ import java.util.StringTokenizer;
import java.util.Vector;
import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
import netscape.security.x509.X509CertImpl;
@@ -41,6 +40,7 @@ import org.mozilla.jss.crypto.TokenException;
import org.mozilla.jss.util.IncorrectPasswordException;
import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.BadRequestException;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.EPropertyNotFound;
import com.netscape.certsrv.base.IConfigStore;
@@ -99,7 +99,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
@Override
public ConfigurationResponse configure(ConfigurationRequest data){
if (csState.equals("1")) {
- throw new PKIException(Response.Status.BAD_REQUEST, "System is already configured");
+ throw new BadRequestException("System is already configured");
}
String certList;
@@ -132,12 +132,12 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
} catch (NotInitializedException e) {
throw new PKIException("Token is not initialized");
} catch (NoSuchTokenException e) {
- throw new PKIException(Response.Status.BAD_REQUEST, "Invalid Token provided. No such token.");
+ throw new BadRequestException("Invalid Token provided. No such token.");
} catch (TokenException e) {
e.printStackTrace();
throw new PKIException("Token Exception" + e);
} catch (IncorrectPasswordException e) {
- throw new PKIException(Response.Status.BAD_REQUEST, "Incorrect Password provided for token.");
+ throw new BadRequestException("Incorrect Password provided for token.");
}
}
@@ -245,7 +245,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
}
if (!validCloneUri) {
- throw new PKIException(Response.Status.BAD_REQUEST,
+ throw new BadRequestException(
"Invalid clone URI provided. Does not match the available subsystems in the security domain");
}
@@ -295,7 +295,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
cs.putString("preop.hierarchy.select", "join");
cs.putString("hierarchy.select", "Subordinate");
} else {
- throw new PKIException(Response.Status.BAD_REQUEST, "Invalid hierarchy provided");
+ throw new BadRequestException("Invalid hierarchy provided");
}
}
@@ -329,12 +329,11 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
}
if (masterhost.equals(realhostname) && masterport.equals(data.getDsPort())) {
- throw new PKIException(Response.Status.BAD_REQUEST,
- "Master and clone must not share the same internal database");
+ throw new BadRequestException("Master and clone must not share the same internal database");
}
if (!masterbasedn.equals(data.getBaseDN())) {
- throw new PKIException(Response.Status.BAD_REQUEST, "Master and clone should have the same base DN");
+ throw new BadRequestException("Master and clone should have the same base DN");
}
String masterReplicationPort = data.getMasterReplicationPort();
@@ -537,7 +536,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
if (cdata.getCertChain() != null) {
certObj.setCertChain(cdata.getCertChain());
} else {
- throw new PKIException(Response.Status.BAD_REQUEST, "CertChain not provided");
+ throw new BadRequestException("CertChain not provided");
}
}
}
@@ -549,10 +548,10 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
} catch (NumberFormatException e) {
// move these validations to validate()?
- throw new PKIException(Response.Status.BAD_REQUEST, "Non-integer value for key size");
+ throw new BadRequestException("Non-integer value for key size");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
- throw new PKIException(Response.Status.BAD_REQUEST, "Invalid algorithm " + e);
+ throw new BadRequestException("Invalid algorithm " + e);
} catch (Exception e) {
e.printStackTrace();
throw new PKIException("Error in setting certificate names and key sizes: " + e);
@@ -765,70 +764,69 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
// get the preop pin and validate it
String pin = data.getPin();
if (pin == null) {
- throw new PKIException(Response.Status.BAD_REQUEST, "No preop pin provided");
+ throw new BadRequestException("No preop pin provided");
}
if (!preopPin.equals(pin)) {
- throw new PKIException(Response.Status.BAD_REQUEST, "Incorrect pin provided");
+ throw new BadRequestException("Incorrect pin provided");
}
// validate security domain settings
String domainType = data.getSecurityDomainType();
if (domainType == null) {
- throw new PKIException(Response.Status.BAD_REQUEST, "Security Domain Type not provided");
+ throw new BadRequestException("Security Domain Type not provided");
}
if (domainType.equals(ConfigurationRequest.NEW_DOMAIN)) {
if (!csType.equals("CA")) {
- throw new PKIException(Response.Status.BAD_REQUEST, "New Domain is only valid for CA subsytems");
+ throw new BadRequestException("New Domain is only valid for CA subsytems");
}
if (data.getSecurityDomainName() == null) {
- throw new PKIException(Response.Status.BAD_REQUEST, "Security Domain Name is not provided");
+ throw new BadRequestException("Security Domain Name is not provided");
}
} else if (domainType.equals(ConfigurationRequest.EXISTING_DOMAIN)) {
String domainURI = data.getSecurityDomainUri();
if (domainURI == null) {
- throw new PKIException(Response.Status.BAD_REQUEST,
- "Existing security domain requested, but no security domain URI provided");
+ throw new BadRequestException("Existing security domain requested, but no security domain URI provided");
}
try {
@SuppressWarnings("unused")
URL admin_u = new URL(domainURI); // check for invalid URL
} catch (MalformedURLException e) {
- throw new PKIException(Response.Status.BAD_REQUEST, "Invalid security domain URI");
+ throw new BadRequestException("Invalid security domain URI");
}
if ((data.getSecurityDomainUser() == null) || (data.getSecurityDomainPassword() == null)) {
- throw new PKIException(Response.Status.BAD_REQUEST, "Security domain user or password not provided");
+ throw new BadRequestException("Security domain user or password not provided");
}
} else {
- throw new PKIException(Response.Status.BAD_REQUEST, "Invalid security domain URI provided");
+ throw new BadRequestException("Invalid security domain URI provided");
}
if ((data.getSubsystemName() == null) || (data.getSubsystemName().length() ==0)) {
- throw new PKIException(Response.Status.BAD_REQUEST, "Invalid or no subsystem name provided");
+ throw new BadRequestException("Invalid or no subsystem name provided");
}
if ((data.getIsClone() != null) && (data.getIsClone().equals("true"))) {
String cloneUri = data.getCloneUri();
if (cloneUri == null) {
- throw new PKIException(Response.Status.BAD_REQUEST, "Clone selected, but no clone URI provided");
+ throw new BadRequestException("Clone selected, but no clone URI provided");
}
try {
@SuppressWarnings("unused")
URL url = new URL(cloneUri); // check for invalid URL
// confirm protocol is https
} catch (MalformedURLException e) {
- throw new PKIException(Response.Status.BAD_REQUEST, "Invalid clone URI");
+ throw new BadRequestException("Invalid clone URI");
}
if (data.getToken().equals(ConfigurationRequest.TOKEN_DEFAULT)) {
if (data.getP12File() == null) {
- throw new PKIException(Response.Status.BAD_REQUEST, "P12 filename not provided");
+ throw new BadRequestException("P12 filename not provided");
}
if (data.getP12Password() == null) {
- throw new PKIException(Response.Status.BAD_REQUEST, "P12 password not provided");
+ throw new BadRequestException("P12 password not provided");
}
}
} else {
@@ -837,33 +835,33 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
String dsHost = data.getDsHost();
if (dsHost == null || dsHost.length() == 0) {
- throw new PKIException(Response.Status.BAD_REQUEST, "Internal database host not provided");
+ throw new BadRequestException("Internal database host not provided");
}
try {
Integer.parseInt(data.getDsPort()); // check for errors
} catch (NumberFormatException e) {
- throw new PKIException(Response.Status.BAD_REQUEST, "Internal database port is invalid");
+ throw new BadRequestException("Internal database port is invalid");
}
String basedn = data.getBaseDN();
if (basedn == null || basedn.length() == 0) {
- throw new PKIException(Response.Status.BAD_REQUEST, "Internal database basedn not provided");
+ throw new BadRequestException("Internal database basedn not provided");
}
String binddn = data.getBindDN();
if (binddn == null || binddn.length() == 0) {
- throw new PKIException(Response.Status.BAD_REQUEST, "Internal database basedn not provided");
+ throw new BadRequestException("Internal database basedn not provided");
}
String database = data.getDatabase();
if (database == null || database.length() == 0) {
- throw new PKIException(Response.Status.BAD_REQUEST, "Internal database database name not provided");
+ throw new BadRequestException("Internal database database name not provided");
}
String bindpwd = data.getBindpwd();
if (bindpwd == null || bindpwd.length() == 0) {
- throw new PKIException(Response.Status.BAD_REQUEST, "Internal database database name not provided");
+ throw new BadRequestException("Internal database database name not provided");
}
String masterReplicationPort = data.getMasterReplicationPort();
@@ -871,7 +869,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
try {
Integer.parseInt(masterReplicationPort); // check for errors
} catch (NumberFormatException e) {
- throw new PKIException(Response.Status.BAD_REQUEST, "Master replication port is invalid");
+ throw new BadRequestException("Master replication port is invalid");
}
}
@@ -880,7 +878,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
try {
Integer.parseInt(cloneReplicationPort); // check for errors
} catch (Exception e) {
- throw new PKIException(Response.Status.BAD_REQUEST, "Clone replication port is invalid");
+ throw new BadRequestException("Clone replication port is invalid");
}
}
@@ -893,32 +891,32 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
if ((data.getBackupKeys() != null) && data.getBackupKeys().equals("true")) {
if ((data.getBackupFile() == null) || (data.getBackupFile().length()<=0)) {
//TODO: also check for valid path, perhaps by touching file there
- throw new PKIException(Response.Status.BAD_REQUEST, "Invalid key backup file name");
+ throw new BadRequestException("Invalid key backup file name");
}
if ((data.getBackupPassword() == null) || (data.getBackupPassword().length()<8)) {
- throw new PKIException(Response.Status.BAD_REQUEST, "key backup password must be at least 8 characters");
+ throw new BadRequestException("key backup password must be at least 8 characters");
}
} else {
data.setBackupKeys("false");
}
if (csType.equals("CA") && (data.getHierarchy() == null)) {
- throw new PKIException(Response.Status.BAD_REQUEST, "Hierarchy is requred for CA, not provided");
+ throw new BadRequestException("Hierarchy is requred for CA, not provided");
}
if (data.getIsClone().equals("false")) {
if ((data.getAdminUID() == null) || (data.getAdminUID().length() == 0)) {
- throw new PKIException(Response.Status.BAD_REQUEST, "Admin UID not provided");
+ throw new BadRequestException("Admin UID not provided");
}
if ((data.getAdminPassword() == null) || (data.getAdminPassword().length() == 0)) {
- throw new PKIException(Response.Status.BAD_REQUEST, "Admin Password not provided");
+ throw new BadRequestException("Admin Password not provided");
}
if ((data.getAdminEmail() == null) || (data.getAdminEmail().length() == 0)) {
- throw new PKIException(Response.Status.BAD_REQUEST, "Admin UID not provided");
+ throw new BadRequestException("Admin UID not provided");
}
if ((data.getAdminName() == null) || (data.getAdminName().length() == 0)) {
- throw new PKIException(Response.Status.BAD_REQUEST, "Admin name not provided");
+ throw new BadRequestException("Admin name not provided");
}
if (data.getImportAdminCert() == null) {
@@ -927,17 +925,17 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
if (data.getImportAdminCert().equalsIgnoreCase("true")) {
if (data.getAdminCert() == null) {
- throw new PKIException(Response.Status.BAD_REQUEST, "Admin Cert not provided");
+ throw new BadRequestException("Admin Cert not provided");
}
} else {
if ((data.getAdminCertRequest() == null) || (data.getAdminCertRequest().length() == 0)) {
- throw new PKIException(Response.Status.BAD_REQUEST, "Admin cert request not provided");
+ throw new BadRequestException("Admin cert request not provided");
}
if ((data.getAdminCertRequestType() == null) || (data.getAdminCertRequestType().length() == 0)) {
- throw new PKIException(Response.Status.BAD_REQUEST, "Admin cert request type not provided");
+ throw new BadRequestException("Admin cert request type not provided");
}
if ((data.getAdminSubjectDN() == null) || (data.getAdminSubjectDN().length() == 0)) {
- throw new PKIException(Response.Status.BAD_REQUEST, "Admin subjectDN not provided");
+ throw new BadRequestException("Admin subjectDN not provided");
}
}
}
diff --git a/base/common/src/com/netscape/cms/servlet/key/KeyService.java b/base/common/src/com/netscape/cms/servlet/key/KeyService.java
index 01c8a0e..4b8a907 100644
--- a/base/common/src/com/netscape/cms/servlet/key/KeyService.java
+++ b/base/common/src/com/netscape/cms/servlet/key/KeyService.java
@@ -24,13 +24,15 @@ import java.util.Enumeration;
import java.util.Hashtable;
import javax.ws.rs.Path;
-import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.BadRequestException;
import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.HTTPGoneException;
+import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.base.UnauthorizedException;
import com.netscape.certsrv.dbs.keydb.IKeyRecord;
import com.netscape.certsrv.dbs.keydb.IKeyRepository;
import com.netscape.certsrv.dbs.keydb.KeyId;
@@ -80,11 +82,11 @@ public class KeyService extends PKIService implements KeyResource {
keyData = getKey(keyId, data);
} catch (EBaseException e) {
e.printStackTrace();
- throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
+ throw new PKIException(e.getMessage());
}
if (keyData == null) {
// no key record
- throw new WebApplicationException(Response.Status.GONE);
+ throw new HTTPGoneException("No key record.");
}
return keyData;
}
@@ -199,14 +201,14 @@ public class KeyService extends PKIService implements KeyResource {
RequestId reqId = data.getRequestId();
if (reqId == null) {
// log error
- throw new WebApplicationException(Response.Status.BAD_REQUEST);
+ throw new BadRequestException("Request id not found.");
}
// confirm that at least one wrapping method exists
// There must be at least the wrapped session key method.
if ((data.getTransWrappedSessionKey() == null)) {
// log error
- throw new WebApplicationException(Response.Status.BAD_REQUEST);
+ throw new BadRequestException("No wrapping method found.");
}
KeyRequestDAO reqDAO = new KeyRequestDAO();
@@ -216,18 +218,18 @@ public class KeyService extends PKIService implements KeyResource {
} catch (EBaseException e1) {
// failed to get request
e1.printStackTrace();
- throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
+ throw new PKIException(e1.getMessage());
}
if (reqInfo == null) {
// request not found
- throw new WebApplicationException(Response.Status.GONE);
+ throw new HTTPGoneException("No request information available.");
}
//confirm request is of the right type
String type = reqInfo.getRequestType();
if (!type.equals(IRequest.SECURITY_DATA_RECOVERY_REQUEST)) {
// log error
- throw new WebApplicationException(Response.Status.BAD_REQUEST);
+ throw new BadRequestException("Invalid request type");
}
//confirm that agent is originator of request, else throw 401
@@ -237,7 +239,7 @@ public class KeyService extends PKIService implements KeyResource {
RequestStatus status = reqInfo.getRequestStatus();
if (!status.equals(RequestStatus.APPROVED)) {
// log error
- throw new WebApplicationException(Response.Status.UNAUTHORIZED);
+ throw new UnauthorizedException("Unauthorized request.");
}
return reqInfo.getKeyId();
@@ -274,7 +276,7 @@ public class KeyService extends PKIService implements KeyResource {
} catch (EBaseException e) {
e.printStackTrace();
- throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
+ throw new PKIException(e.getMessage());
}
return infos;
}
diff --git a/base/common/src/com/netscape/cms/servlet/request/CertRequestService.java b/base/common/src/com/netscape/cms/servlet/request/CertRequestService.java
index dba6d9c..eef0576 100644
--- a/base/common/src/com/netscape/cms/servlet/request/CertRequestService.java
+++ b/base/common/src/com/netscape/cms/servlet/request/CertRequestService.java
@@ -20,7 +20,6 @@ package com.netscape.cms.servlet.request;
import javax.ws.rs.PathParam;
import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.authentication.EAuthException;
@@ -29,6 +28,7 @@ import com.netscape.certsrv.base.BadRequestDataException;
import com.netscape.certsrv.base.BadRequestException;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.base.UnauthorizedException;
import com.netscape.certsrv.cert.CertEnrollmentRequest;
import com.netscape.certsrv.cert.CertRequestInfo;
import com.netscape.certsrv.cert.CertRequestInfos;
@@ -96,13 +96,13 @@ public class CertRequestService extends PKIService implements CertRequestResourc
infos = dao.submitRequest(data, servletRequest, uriInfo, getLocale());
} catch (EAuthException e) {
CMS.debug("enrollCert: authentication failed: " + e);
- throw new PKIException(Response.Status.UNAUTHORIZED, e.toString());
+ throw new UnauthorizedException(e.toString());
} catch (EAuthzException e) {
CMS.debug("enrollCert: authorization failed: " + e);
- throw new PKIException(Response.Status.UNAUTHORIZED, e.toString());
+ throw new UnauthorizedException(e.toString());
} catch (BadRequestDataException e) {
CMS.debug("enrollCert: bad request data: " + e);
- throw new PKIException(Response.Status.BAD_REQUEST, e.toString());
+ throw new BadRequestException(e.toString());
} catch (EBaseException e) {
throw new PKIException(e.toString());
}
@@ -147,16 +147,14 @@ public class CertRequestService extends PKIService implements CertRequestResourc
dao.changeRequestState(id, servletRequest, data, getLocale(), op);
} catch (ERejectException e) {
CMS.debug("changeRequestState: execution rejected " + e);
- throw new PKIException(Response.Status.BAD_REQUEST,
- CMS.getUserMessage(getLocale(), "CMS_PROFILE_REJECTED", e.toString()));
+ throw new BadRequestException(CMS.getUserMessage(getLocale(), "CMS_PROFILE_REJECTED", e.toString()));
} catch (EDeferException e) {
CMS.debug("changeRequestState: execution defered " + e);
// TODO do we throw an exception here?
- throw new PKIException(Response.Status.BAD_REQUEST,
- CMS.getUserMessage(getLocale(), "CMS_PROFILE_DEFERRED", e.toString()));
+ throw new BadRequestException(CMS.getUserMessage(getLocale(), "CMS_PROFILE_DEFERRED", e.toString()));
} catch (BadRequestDataException e) {
CMS.debug("changeRequestState: bad request data: " + e);
- throw new PKIException(Response.Status.BAD_REQUEST, e.toString());
+ throw new BadRequestException(e.toString());
} catch (EPropertyException e) {
CMS.debug("changeRequestState: execution error " + e);
throw new PKIException(CMS.getUserMessage(getLocale(),
@@ -169,8 +167,7 @@ public class CertRequestService extends PKIService implements CertRequestResourc
throw new PKIException("Problem approving request in CertRequestResource.assignRequest! " + e);
} catch (RequestNotFoundException e) {
CMS.debug(e);
- throw new PKIException(Response.Status.BAD_REQUEST,
- CMS.getUserMessage(getLocale(), "CMS_REQUEST_NOT_FOUND", id.toString()));
+ throw new BadRequestException(CMS.getUserMessage(getLocale(), "CMS_REQUEST_NOT_FOUND", id.toString()));
}
}
diff --git a/base/common/src/com/netscape/cms/servlet/request/KeyRequestService.java b/base/common/src/com/netscape/cms/servlet/request/KeyRequestService.java
index 12f3bb7..4332062 100644
--- a/base/common/src/com/netscape/cms/servlet/request/KeyRequestService.java
+++ b/base/common/src/com/netscape/cms/servlet/request/KeyRequestService.java
@@ -18,11 +18,10 @@
package com.netscape.cms.servlet.request;
-import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.BadRequestException;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.PKIException;
import com.netscape.certsrv.key.KeyArchivalRequest;
@@ -81,7 +80,7 @@ public class KeyRequestService extends PKIService implements KeyRequestResource
if (data == null || data.getClientId() == null
|| data.getWrappedPrivateData() == null
|| data.getDataType() == null) {
- throw new WebApplicationException(Response.Status.BAD_REQUEST);
+ throw new BadRequestException("Invalid key archival request.");
}
KeyRequestDAO dao = new KeyRequestDAO();
@@ -91,7 +90,7 @@ public class KeyRequestService extends PKIService implements KeyRequestResource
} catch (EBaseException e) {
// TODO Auto-generated catch block
e.printStackTrace();
- throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
+ throw new PKIException(e.toString());
}
return info;
}
@@ -109,9 +108,13 @@ public class KeyRequestService extends PKIService implements KeyRequestResource
//Catch this before the internal server processing has to deal with it
//If data has been provided, we need at least the wrapped session key,
//or the command is invalid.
- if (data == null || (data.getTransWrappedSessionKey() == null
- && data.getSessionWrappedPassphrase() != null)) {
- throw new WebApplicationException(Response.Status.BAD_REQUEST);
+
+ if (data == null) {
+ throw new BadRequestException("Invalid request.");
+ }
+ if (data.getTransWrappedSessionKey() == null
+ && data.getSessionWrappedPassphrase() != null) {
+ throw new BadRequestException("No wrapped session key.");
}
KeyRequestDAO dao = new KeyRequestDAO();
KeyRequestInfo info;
@@ -120,14 +123,14 @@ public class KeyRequestService extends PKIService implements KeyRequestResource
} catch (EBaseException e) {
// TODO Auto-generated catch block
e.printStackTrace();
- throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
+ throw new PKIException(e.toString());
}
return info;
}
public void approveRequest(RequestId id) {
if (id == null) {
- throw new WebApplicationException(Response.Status.BAD_REQUEST);
+ throw new BadRequestException("Invalid request id.");
}
// auth and authz
KeyRequestDAO dao = new KeyRequestDAO();
@@ -136,13 +139,13 @@ public class KeyRequestService extends PKIService implements KeyRequestResource
} catch (EBaseException e) {
// TODO Auto-generated catch block
e.printStackTrace();
- throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
+ throw new PKIException(e.toString());
}
}
public void rejectRequest(RequestId id) {
if (id == null) {
- throw new WebApplicationException(Response.Status.BAD_REQUEST);
+ throw new BadRequestException("Invalid request id.");
}
// auth and authz
KeyRequestDAO dao = new KeyRequestDAO();
@@ -151,13 +154,13 @@ public class KeyRequestService extends PKIService implements KeyRequestResource
} catch (EBaseException e) {
// TODO Auto-generated catch block
e.printStackTrace();
- throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
+ throw new PKIException(e.toString());
}
}
public void cancelRequest(RequestId id) {
if (id == null) {
- throw new WebApplicationException(Response.Status.BAD_REQUEST);
+ throw new BadRequestException("Request id is null.");
}
// auth and authz
KeyRequestDAO dao = new KeyRequestDAO();
@@ -166,7 +169,7 @@ public class KeyRequestService extends PKIService implements KeyRequestResource
} catch (EBaseException e) {
// TODO Auto-generated catch block
e.printStackTrace();
- throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
+ throw new PKIException(e.toString());
}
}
@@ -193,7 +196,7 @@ public class KeyRequestService extends PKIService implements KeyRequestResource
} catch (EBaseException e) {
CMS.debug("listRequests: error in obtaining request results" + e);
e.printStackTrace();
- throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
+ throw new PKIException(e.toString());
}
return requests;
}