summaryrefslogtreecommitdiffstats
path: root/base/common
diff options
context:
space:
mode:
authorAde Lee <alee@redhat.com>2016-04-19 14:52:40 -0400
committerAde Lee <alee@redhat.com>2016-04-20 17:31:01 -0400
commitb59d8305130e81d3e00240b5612a327c9dfc7d12 (patch)
tree0634fd72c54083da01fa8bf5173c027cb3a55fdb /base/common
parent3e4eb72ec8a295784e9283cccf637d4199d96626 (diff)
downloadpki-b59d8305130e81d3e00240b5612a327c9dfc7d12.tar.gz
pki-b59d8305130e81d3e00240b5612a327c9dfc7d12.tar.xz
pki-b59d8305130e81d3e00240b5612a327c9dfc7d12.zip
Realms - Address comments from review
Review comments addressed: 1. when archiving or generating keys, realm is checked 2. when no plugin is found for a realm, access is denied. 3. rename mFoo to foo for new variables. 4. add chaining of exceptions 5. remove attributes from KeyArchivalRequest etc. when realm is null 6. Add more detail to denial in BasicGroupAuthz Part of Trac Ticket 2041
Diffstat (limited to 'base/common')
-rw-r--r--base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownRealm.java28
-rw-r--r--base/common/src/com/netscape/certsrv/key/KeyArchivalRequest.java6
-rw-r--r--base/common/src/com/netscape/certsrv/key/KeyClient.java19
-rw-r--r--base/common/src/com/netscape/certsrv/key/KeyGenerationRequest.java6
4 files changed, 42 insertions, 17 deletions
diff --git a/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownRealm.java b/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownRealm.java
new file mode 100644
index 000000000..1be1577b3
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownRealm.java
@@ -0,0 +1,28 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.authorization;
+
+public class EAuthzUnknownRealm extends EAuthzException {
+
+ private static final long serialVersionUID = 2288587364467614277L;
+
+ public EAuthzUnknownRealm(String errorString) {
+ super(errorString);
+ }
+
+}
diff --git a/base/common/src/com/netscape/certsrv/key/KeyArchivalRequest.java b/base/common/src/com/netscape/certsrv/key/KeyArchivalRequest.java
index d2a7749b3..67810a02f 100644
--- a/base/common/src/com/netscape/certsrv/key/KeyArchivalRequest.java
+++ b/base/common/src/com/netscape/certsrv/key/KeyArchivalRequest.java
@@ -214,7 +214,11 @@ public class KeyArchivalRequest extends ResourceMessage {
* @param realm - the authentication realm
*/
public void setRealm(String realm) {
- attributes.put(REALM, realm);
+ if (realm != null) {
+ attributes.put(REALM, realm);
+ } else {
+ attributes.remove(REALM);
+ }
}
public String toString() {
diff --git a/base/common/src/com/netscape/certsrv/key/KeyClient.java b/base/common/src/com/netscape/certsrv/key/KeyClient.java
index 1c8a76bfe..cb35922f6 100644
--- a/base/common/src/com/netscape/certsrv/key/KeyClient.java
+++ b/base/common/src/com/netscape/certsrv/key/KeyClient.java
@@ -653,10 +653,7 @@ public class KeyClient extends Client {
String req1 = Utils.base64encode(encryptedData);
data.setWrappedPrivateData(req1);
data.setTransWrappedSessionKey(Utils.base64encode(transWrappedSessionKey));
-
- if (realm != null) {
- data.setRealm(realm);
- }
+ data.setRealm(realm);
return submitRequest(data);
}
@@ -708,10 +705,7 @@ public class KeyClient extends Client {
String options = Utils.base64encode(pkiArchiveOptions);
data.setPKIArchiveOptions(options);
-
- if (realm != null) {
- data.setRealm(realm);
- }
+ data.setRealm(realm);
return submitRequest(data);
}
@@ -757,9 +751,7 @@ public class KeyClient extends Client {
data.setUsages(usages);
data.setTransWrappedSessionKey(transWrappedSessionKey);
- if (realm != null) {
- data.setRealm(realm);
- }
+ data.setRealm(realm);
return submitRequest(data);
}
@@ -829,10 +821,7 @@ public class KeyClient extends Client {
data.setKeySize(keySize);
data.setUsages(usages);
data.setTransWrappedSessionKey(Utils.base64encode(transWrappedSessionKey));
-
- if (realm != null) {
- data.setRealm(realm);
- }
+ data.setRealm(realm);
return submitRequest(data);
}
diff --git a/base/common/src/com/netscape/certsrv/key/KeyGenerationRequest.java b/base/common/src/com/netscape/certsrv/key/KeyGenerationRequest.java
index 37fc1c2b2..50946bb9f 100644
--- a/base/common/src/com/netscape/certsrv/key/KeyGenerationRequest.java
+++ b/base/common/src/com/netscape/certsrv/key/KeyGenerationRequest.java
@@ -134,6 +134,10 @@ public class KeyGenerationRequest extends ResourceMessage{
* @param realm - authorization realm to set
*/
public void setRealm(String realm) {
- attributes.put(REALM, realm);
+ if (realm != null) {
+ attributes.put(REALM, realm);
+ } else {
+ attributes.remove(REALM);
+ }
}
}
generated by cgit (git 2.34.1) at 2024-05-22 04:40:35 +0000