Realms - Address comments from review

Review comments addressed:
1. when archiving or generating keys, realm is checked
2. when no plugin is found for a realm, access is denied.
3. rename mFoo to foo for new variables.
4. add chaining of exceptions
5. remove attributes from KeyArchivalRequest etc. when realm is null
6. Add more detail to denial in BasicGroupAuthz

Part of Trac Ticket 2041

1 files changed, 10 insertions, 5 deletions

diff --git a/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java b/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java
index 8aa0d21ee..04bb6f2ec 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java
@@ -37,6 +37,7 @@ import org.mozilla.jss.crypto.KeyPairAlgorithm;
 
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.authentication.IAuthToken;
+import com.netscape.certsrv.authorization.EAuthzUnknownRealm;
 import com.netscape.certsrv.base.BadRequestException;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.PKIException;
@@ -259,13 +260,15 @@ public class KeyRequestDAO extends CMSRequestDAO {
         try {
             rec = repo.readKeyRecord(keyId.toBigInteger());
         } catch (EDBRecordNotFoundException e) {
-            throw new KeyNotFoundException(keyId);
+            throw new KeyNotFoundException(keyId, "key not found to recover", e);
         }
 
         try {
             authz.checkRealm(rec.getRealm(), authToken, rec.getOwnerName(), "key", "recover");
+        } catch (EAuthzUnknownRealm e) {
+            throw new UnauthorizedException("Invalid realm", e);
         } catch (EBaseException e) {
-            throw new UnauthorizedException("Agent not authorized by realm");
+            throw new UnauthorizedException("Agent not authorized by realm", e);
         }
 
         Hashtable<String, Object> requestParams;
@@ -315,13 +318,15 @@ public class KeyRequestDAO extends CMSRequestDAO {
         try {
             rec = repo.readKeyRecord(keyId.toBigInteger());
         } catch (EDBRecordNotFoundException e) {
-            throw new KeyNotFoundException(keyId);
+            throw new KeyNotFoundException(keyId, "key not found to recover", e);
         }
 
         try {
             authz.checkRealm(rec.getRealm(), authToken, rec.getOwnerName(), "key", "recover");
+        } catch (EAuthzUnknownRealm e) {
+            throw new UnauthorizedException("Invalid realm", e);
         } catch (EBaseException e) {
-            throw new UnauthorizedException("Agent not authorized by realm");
+            throw new UnauthorizedException("Agent not authorized by realm", e);
         }
 
         String b64Certificate = data.getCertificate();
@@ -332,7 +337,7 @@ public class KeyRequestDAO extends CMSRequestDAO {
             // TODO - update request with realm
         } catch (EBaseException | CertificateException e) {
             e.printStackTrace();
-            throw new PKIException(e.toString());
+            throw new PKIException(e.toString(), e);
         }
         IRequest request = null;
         try {