diff options
author | Endi S. Dewata <edewata@redhat.com> | 2015-04-08 02:21:56 -0400 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2015-04-08 18:08:11 -0400 |
commit | 94ab251fd231919db05cf2e928102c15a5f2fc3c (patch) | |
tree | e0924f225b404b37f0deeb8bd17f8fbe94d1a707 /base | |
parent | b2082c227af0b3f27162ead335cd46bd145dba35 (diff) | |
download | pki-94ab251fd231919db05cf2e928102c15a5f2fc3c.tar.gz pki-94ab251fd231919db05cf2e928102c15a5f2fc3c.tar.xz pki-94ab251fd231919db05cf2e928102c15a5f2fc3c.zip |
Fixed problem with TPS profile default status.
The base class of ProfileDatabase (i.e. CSCfgDatabase) has been
modified to return the correct default value (i.e. Enabled) if the
status parameter doesn't exist. The TPSProcessor has been modified
to use ProfileDatabase and other TPS codes have also been changed
to use constants instead of string literals to ensure consistency.
https://fedorahosted.org/pki/ticket/1270
Diffstat (limited to 'base')
9 files changed, 74 insertions, 64 deletions
diff --git a/base/common/src/com/netscape/certsrv/common/Constants.java b/base/common/src/com/netscape/certsrv/common/Constants.java index d91fded2e..100b91110 100644 --- a/base/common/src/com/netscape/certsrv/common/Constants.java +++ b/base/common/src/com/netscape/certsrv/common/Constants.java @@ -733,4 +733,9 @@ public interface Constants { public final static String PR_REPLICATION_PORT_2 = "replication.master2.port"; public final static String PR_REPLICATION_BINDDN_2 = "replication.master2.binddn"; public final static String PR_REPLICATION_CHANGELOGDB_2 = "replication.master2.changelogdb"; + + //Config + public final static String CFG_ENABLED = "Enabled"; + public final static String CFG_DISABLED = "Disabled"; + public final static String CFG_PENDING_APPROVAL = "Pending_Approval"; } diff --git a/base/server/cmscore/src/com/netscape/cmscore/dbs/CSCfgDatabase.java b/base/server/cmscore/src/com/netscape/cmscore/dbs/CSCfgDatabase.java index 4dee392e2..38f542ffb 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/dbs/CSCfgDatabase.java +++ b/base/server/cmscore/src/com/netscape/cmscore/dbs/CSCfgDatabase.java @@ -26,6 +26,7 @@ import org.apache.commons.lang.StringUtils; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.common.Constants; import com.netscape.cms.realm.PKIPrincipal; @@ -59,7 +60,7 @@ public class CSCfgDatabase<E extends CSCfgRecord> extends Database<E> { } public String getRecordStatus(String recordID) throws EBaseException { - return configStore.getString("config." + substoreName + "." + recordID + ".state", "Disabled"); + return configStore.getString("config." + substoreName + "." + recordID + ".state", Constants.CFG_ENABLED); } public void setRecordStatus(String recordID, String status) throws EBaseException { diff --git a/base/tps/src/org/dogtagpki/server/tps/config/ConnectorDatabase.java b/base/tps/src/org/dogtagpki/server/tps/config/ConnectorDatabase.java index 4b1589797..f1f344129 100644 --- a/base/tps/src/org/dogtagpki/server/tps/config/ConnectorDatabase.java +++ b/base/tps/src/org/dogtagpki/server/tps/config/ConnectorDatabase.java @@ -24,6 +24,7 @@ import java.util.Map; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.common.Constants; import com.netscape.cmscore.dbs.CSCfgDatabase; /** @@ -174,7 +175,7 @@ public class ConnectorDatabase extends CSCfgDatabase<ConnectorRecord> { ConnectorRecord record = new ConnectorRecord(); record.setID(id); - record.setStatus("Enabled"); + record.setStatus(Constants.CFG_ENABLED); record.setProperty(prefix + "." + id + ".enable", "true"); record.setProperty(prefix + "." + id + ".host", hostname); @@ -198,7 +199,7 @@ public class ConnectorDatabase extends CSCfgDatabase<ConnectorRecord> { ConnectorRecord record = new ConnectorRecord(); record.setID(id); - record.setStatus("Enabled"); + record.setStatus(Constants.CFG_ENABLED); record.setProperty(prefix + "." + id + ".enable", "true"); record.setProperty(prefix + "." + id + ".host", hostname); @@ -219,7 +220,7 @@ public class ConnectorDatabase extends CSCfgDatabase<ConnectorRecord> { ConnectorRecord record = new ConnectorRecord(); record.setID(id); - record.setStatus("Enabled"); + record.setStatus(Constants.CFG_ENABLED); record.setProperty(prefix + "." + id + ".enable", "true"); record.setProperty(prefix + "." + id + ".host", hostname); diff --git a/base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java b/base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java index 609fc0367..4580b46ca 100644 --- a/base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java +++ b/base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java @@ -127,7 +127,6 @@ public class TPSEngine { public static final String CFG_DEF_NETKEY_OLD_INSTANCE_AID = "A00000000101"; public static final String CFG_DEF_NETKEY_OLD_FILE_AID = "A000000001"; public static final String CFG_DEF_APPLET_SO_PIN = "000000000000"; - public static final String CFG_ENABLED = "Enabled"; public static final int CFG_CHANNEL_DEF_BLOCK_SIZE = 242; public static final int CFG_CHANNEL_DEF_INSTANCE_SIZE = 18000; diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java index f9a0445d6..500dad412 100644 --- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java +++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java @@ -47,6 +47,7 @@ import org.dogtagpki.server.tps.cms.TKSComputeRandomDataResponse; import org.dogtagpki.server.tps.cms.TKSComputeSessionKeyResponse; import org.dogtagpki.server.tps.cms.TKSEncryptDataResponse; import org.dogtagpki.server.tps.cms.TKSRemoteRequestHandler; +import org.dogtagpki.server.tps.config.ProfileDatabase; import org.dogtagpki.server.tps.dbs.ActivityDatabase; import org.dogtagpki.server.tps.dbs.TPSCertRecord; import org.dogtagpki.server.tps.dbs.TokenRecord; @@ -88,6 +89,7 @@ import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.EPropertyNotFound; import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.tps.token.TokenStatus; import com.netscape.symkey.SessionKey; @@ -125,6 +127,8 @@ public class TPSProcessor { protected BeginOpMsg beginMsg; private PlatformAndSecChannelProtoInfo platProtInfo; + ProfileDatabase profileDatabase = new ProfileDatabase(); + public TPSProcessor(TPSSession session) { setSession(session); } @@ -2110,22 +2114,18 @@ public class TPSProcessor { void checkProfileStateOK() throws TPSException { - IConfigStore configStore = CMS.getConfigStore(); + CMS.debug("TPSProcessor.checkProfileStateOK()"); - String profileConfig = "config.Profiles." + selectedTokenType + ".state"; String profileState = null; - - CMS.debug("TPSProcessor.checkProfileStateOK: config value to check: " + profileConfig); - try { - profileState = configStore.getString(profileConfig, TPSEngine.CFG_ENABLED); + profileState = profileDatabase.getRecordStatus(selectedTokenType); } catch (EBaseException e) { //Default TPSException will return a "contact admin" error code. throw new TPSException( "TPSProcessor.checkProfileStateOK: internal error in getting profile state from config."); } - if (!profileState.equals(TPSEngine.CFG_ENABLED)) { + if (!profileState.equals(Constants.CFG_ENABLED)) { CMS.debug("TPSProcessor.checkProfileStateOK: profile specifically disabled."); throw new TPSException("TPSProcessor.checkProfileStateOK: profile disabled!"); } diff --git a/base/tps/src/org/dogtagpki/server/tps/rest/AuthenticatorService.java b/base/tps/src/org/dogtagpki/server/tps/rest/AuthenticatorService.java index d862e261d..ce240ebe5 100644 --- a/base/tps/src/org/dogtagpki/server/tps/rest/AuthenticatorService.java +++ b/base/tps/src/org/dogtagpki/server/tps/rest/AuthenticatorService.java @@ -41,6 +41,7 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.ForbiddenException; import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.tps.authenticator.AuthenticatorCollection; import com.netscape.certsrv.tps.authenticator.AuthenticatorData; import com.netscape.certsrv.tps.authenticator.AuthenticatorResource; @@ -185,7 +186,7 @@ public class AuthenticatorService extends PKIService implements AuthenticatorRes if (status == null || database.requiresApproval() && !database.canApprove(principal)) { // if status is unspecified or user doesn't have rights to approve, the entry is disabled - authenticatorData.setStatus("Disabled"); + authenticatorData.setStatus(Constants.CFG_DISABLED); } database.addRecord(authenticatorData.getID(), createAuthenticatorRecord(authenticatorData)); @@ -217,21 +218,21 @@ public class AuthenticatorService extends PKIService implements AuthenticatorRes AuthenticatorRecord record = database.getRecord(authenticatorID); // only disabled authenticator can be updated - if (!"Disabled".equals(record.getStatus())) { + if (!Constants.CFG_DISABLED.equals(record.getStatus())) { throw new ForbiddenException("Unable to update authenticator " + authenticatorID); } // update status if specified String status = authenticatorData.getStatus(); - if (status != null && !"Disabled".equals(status)) { - if (!"Enabled".equals(status)) { + if (status != null && !Constants.CFG_DISABLED.equals(status)) { + if (!Constants.CFG_ENABLED.equals(status)) { throw new ForbiddenException("Invalid authenticator status: " + status); } // if user doesn't have rights, set to pending Principal principal = servletRequest.getUserPrincipal(); if (database.requiresApproval() && !database.canApprove(principal)) { - status = "Pending_Approval"; + status = Constants.CFG_PENDING_APPROVAL; } // enable authenticator @@ -274,25 +275,25 @@ public class AuthenticatorService extends PKIService implements AuthenticatorRes AuthenticatorRecord record = database.getRecord(authenticatorID); String status = record.getStatus(); - if ("Disabled".equals(status)) { + if (Constants.CFG_DISABLED.equals(status)) { if ("enable".equals(action)) { - status = "Enabled"; + status = Constants.CFG_ENABLED; } else { throw new BadRequestException("Invalid action: " + action); } - } else if ("Enabled".equals(status)) { + } else if (Constants.CFG_ENABLED.equals(status)) { if ("disable".equals(action)) { - status = "Disabled"; + status = Constants.CFG_DISABLED; } else { throw new BadRequestException("Invalid action: " + action); } - } else if ("Pending_Approval".equals(status)) { + } else if (Constants.CFG_PENDING_APPROVAL.equals(status)) { if ("approve".equals(action)) { - status = "Enabled"; + status = Constants.CFG_ENABLED; } else if ("reject".equals(action)) { - status = "Disabled"; + status = Constants.CFG_DISABLED; } else { throw new BadRequestException("Invalid action: " + action); } @@ -331,7 +332,7 @@ public class AuthenticatorService extends PKIService implements AuthenticatorRes AuthenticatorRecord record = database.getRecord(authenticatorID); String status = record.getStatus(); - if (!"Disabled".equals(status)) { + if (!Constants.CFG_DISABLED.equals(status)) { throw new ForbiddenException("Unable to delete authenticator " + authenticatorID); } diff --git a/base/tps/src/org/dogtagpki/server/tps/rest/ConnectorService.java b/base/tps/src/org/dogtagpki/server/tps/rest/ConnectorService.java index c281265ef..d81b508f2 100644 --- a/base/tps/src/org/dogtagpki/server/tps/rest/ConnectorService.java +++ b/base/tps/src/org/dogtagpki/server/tps/rest/ConnectorService.java @@ -41,6 +41,7 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.ForbiddenException; import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.tps.connector.ConnectorCollection; import com.netscape.certsrv.tps.connector.ConnectorData; import com.netscape.certsrv.tps.connector.ConnectorResource; @@ -185,7 +186,7 @@ public class ConnectorService extends PKIService implements ConnectorResource { if (status == null || database.requiresApproval() && !database.canApprove(principal)) { // if status is unspecified or user doesn't have rights to approve, the entry is disabled - connectorData.setStatus("Disabled"); + connectorData.setStatus(Constants.CFG_DISABLED); } database.addRecord(connectorData.getID(), createConnectorRecord(connectorData)); @@ -217,21 +218,21 @@ public class ConnectorService extends PKIService implements ConnectorResource { ConnectorRecord record = database.getRecord(connectorID); // only disabled connector can be updated - if (!"Disabled".equals(record.getStatus())) { + if (!Constants.CFG_DISABLED.equals(record.getStatus())) { throw new ForbiddenException("Unable to update connector " + connectorID); } // update status if specified String status = connectorData.getStatus(); - if (status != null && !"Disabled".equals(status)) { - if (!"Enabled".equals(status)) { + if (status != null && !Constants.CFG_DISABLED.equals(status)) { + if (!Constants.CFG_ENABLED.equals(status)) { throw new ForbiddenException("Invalid connector status: " + status); } // if user doesn't have rights, set to pending Principal principal = servletRequest.getUserPrincipal(); if (database.requiresApproval() && !database.canApprove(principal)) { - status = "Pending_Approval"; + status = Constants.CFG_PENDING_APPROVAL; } // enable connector @@ -274,25 +275,25 @@ public class ConnectorService extends PKIService implements ConnectorResource { ConnectorRecord record = database.getRecord(connectorID); String status = record.getStatus(); - if ("Disabled".equals(status)) { + if (Constants.CFG_DISABLED.equals(status)) { if ("enable".equals(action)) { - status = "Enabled"; + status = Constants.CFG_ENABLED; } else { throw new BadRequestException("Invalid action: " + action); } - } else if ("Enabled".equals(status)) { + } else if (Constants.CFG_ENABLED.equals(status)) { if ("disable".equals(action)) { - status = "Disabled"; + status = Constants.CFG_DISABLED; } else { throw new BadRequestException("Invalid action: " + action); } - } else if ("Pending_Approval".equals(status)) { + } else if (Constants.CFG_PENDING_APPROVAL.equals(status)) { if ("approve".equals(action)) { - status = "Enabled"; + status = Constants.CFG_ENABLED; } else if ("reject".equals(action)) { - status = "Disabled"; + status = Constants.CFG_DISABLED; } else { throw new BadRequestException("Invalid action: " + action); } @@ -331,7 +332,7 @@ public class ConnectorService extends PKIService implements ConnectorResource { ConnectorRecord record = database.getRecord(connectorID); String status = record.getStatus(); - if (!"Disabled".equals(status)) { + if (!Constants.CFG_DISABLED.equals(status)) { throw new ForbiddenException("Unable to delete connector " + connectorID); } diff --git a/base/tps/src/org/dogtagpki/server/tps/rest/ProfileMappingService.java b/base/tps/src/org/dogtagpki/server/tps/rest/ProfileMappingService.java index f3a6f2e38..98f5f0986 100644 --- a/base/tps/src/org/dogtagpki/server/tps/rest/ProfileMappingService.java +++ b/base/tps/src/org/dogtagpki/server/tps/rest/ProfileMappingService.java @@ -41,6 +41,7 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.ForbiddenException; import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.tps.profile.ProfileMappingCollection; import com.netscape.certsrv.tps.profile.ProfileMappingData; import com.netscape.certsrv.tps.profile.ProfileMappingResource; @@ -181,7 +182,7 @@ public class ProfileMappingService extends PKIService implements ProfileMappingR if (status == null || database.requiresApproval() && !database.canApprove(principal)) { // if status is unspecified or user doesn't have rights to approve, the entry is disabled - profileMappingData.setStatus("Disabled"); + profileMappingData.setStatus(Constants.CFG_DISABLED); } database.addRecord(profileMappingData.getID(), createProfileMappingRecord(profileMappingData)); @@ -210,21 +211,21 @@ public class ProfileMappingService extends PKIService implements ProfileMappingR ProfileMappingRecord record = database.getRecord(profileMappingID); // only disabled profile mapping can be updated - if (!"Disabled".equals(record.getStatus())) { + if (!Constants.CFG_DISABLED.equals(record.getStatus())) { throw new ForbiddenException("Unable to update profile mapping " + profileMappingID); } // update status if specified String status = profileMappingData.getStatus(); - if (status != null && !"Disabled".equals(status)) { - if (!"Enabled".equals(status)) { + if (status != null && !Constants.CFG_DISABLED.equals(status)) { + if (!Constants.CFG_ENABLED.equals(status)) { throw new ForbiddenException("Invalid profile mapping status: " + status); } // if user doesn't have rights, set to pending Principal principal = servletRequest.getUserPrincipal(); if (database.requiresApproval() && !database.canApprove(principal)) { - status = "Pending_Approval"; + status = Constants.CFG_PENDING_APPROVAL; } // enable profile mapping @@ -267,25 +268,25 @@ public class ProfileMappingService extends PKIService implements ProfileMappingR ProfileMappingRecord record = database.getRecord(profileMappingID); String status = record.getStatus(); - if ("Disabled".equals(status)) { + if (Constants.CFG_DISABLED.equals(status)) { if ("enable".equals(action)) { - status = "Enabled"; + status = Constants.CFG_ENABLED; } else { throw new BadRequestException("Invalid action: " + action); } - } else if ("Enabled".equals(status)) { + } else if (Constants.CFG_ENABLED.equals(status)) { if ("disable".equals(action)) { - status = "Disabled"; + status = Constants.CFG_DISABLED; } else { throw new BadRequestException("Invalid action: " + action); } - } else if ("Pending_Approval".equals(status)) { + } else if (Constants.CFG_PENDING_APPROVAL.equals(status)) { if ("approve".equals(action)) { - status = "Enabled"; + status = Constants.CFG_ENABLED; } else if ("reject".equals(action)) { - status = "Disabled"; + status = Constants.CFG_DISABLED; } else { throw new BadRequestException("Invalid action: " + action); } @@ -322,7 +323,7 @@ public class ProfileMappingService extends PKIService implements ProfileMappingR ProfileMappingRecord record = database.getRecord(profileMappingID); String status = record.getStatus(); - if (!"Disabled".equals(status)) { + if (!Constants.CFG_DISABLED.equals(status)) { throw new ForbiddenException("Unable to delete profile mapping " + profileMappingID); } diff --git a/base/tps/src/org/dogtagpki/server/tps/rest/ProfileService.java b/base/tps/src/org/dogtagpki/server/tps/rest/ProfileService.java index e5bfd4663..9505ad208 100644 --- a/base/tps/src/org/dogtagpki/server/tps/rest/ProfileService.java +++ b/base/tps/src/org/dogtagpki/server/tps/rest/ProfileService.java @@ -41,6 +41,7 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.ForbiddenException; import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.tps.profile.ProfileCollection; import com.netscape.certsrv.tps.profile.ProfileData; import com.netscape.certsrv.tps.profile.ProfileResource; @@ -185,7 +186,7 @@ public class ProfileService extends PKIService implements ProfileResource { if (status == null || database.requiresApproval() && !database.canApprove(principal)) { // if status is unspecified or user doesn't have rights to approve, the entry is disabled - profileData.setStatus("Disabled"); + profileData.setStatus(Constants.CFG_DISABLED); } database.addRecord(profileData.getID(), createProfileRecord(profileData)); @@ -218,21 +219,21 @@ public class ProfileService extends PKIService implements ProfileResource { ProfileRecord record = database.getRecord(profileID); // only disabled profile can be updated - if (!"Disabled".equals(record.getStatus())) { + if (!Constants.CFG_DISABLED.equals(record.getStatus())) { throw new ForbiddenException("Unable to update profile " + profileID); } // update status if specified String status = profileData.getStatus(); - if (status != null && !"Disabled".equals(status)) { - if (!"Enabled".equals(status)) { + if (status != null && !Constants.CFG_DISABLED.equals(status)) { + if (!Constants.CFG_ENABLED.equals(status)) { throw new ForbiddenException("Invalid profile status: " + status); } // if user doesn't have rights, set to pending Principal principal = servletRequest.getUserPrincipal(); if (database.requiresApproval() && !database.canApprove(principal)) { - status = "Pending_Approval"; + status = Constants.CFG_PENDING_APPROVAL; } // enable profile @@ -275,25 +276,25 @@ public class ProfileService extends PKIService implements ProfileResource { ProfileRecord record = database.getRecord(profileID); String status = record.getStatus(); - if ("Disabled".equals(status)) { + if (Constants.CFG_DISABLED.equals(status)) { if ("enable".equals(action)) { - status = "Enabled"; + status = Constants.CFG_ENABLED; } else { throw new BadRequestException("Invalid action: " + action); } - } else if ("Enabled".equals(status)) { + } else if (Constants.CFG_ENABLED.equals(status)) { if ("disable".equals(action)) { - status = "Disabled"; + status = Constants.CFG_DISABLED; } else { throw new BadRequestException("Invalid action: " + action); } - } else if ("Pending_Approval".equals(status)) { + } else if (Constants.CFG_PENDING_APPROVAL.equals(status)) { if ("approve".equals(action)) { - status = "Enabled"; + status = Constants.CFG_ENABLED; } else if ("reject".equals(action)) { - status = "Disabled"; + status = Constants.CFG_DISABLED; } else { throw new BadRequestException("Invalid action: " + action); } @@ -332,7 +333,7 @@ public class ProfileService extends PKIService implements ProfileResource { ProfileRecord record = database.getRecord(profileID); String status = record.getStatus(); - if (!"Disabled".equals(status)) { + if (!Constants.CFG_DISABLED.equals(status)) { throw new ForbiddenException("Unable to delete profile " + profileID); } |