diff options
author | Ade Lee <alee@redhat.com> | 2011-12-08 21:15:59 -0500 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2011-12-08 21:15:59 -0500 |
commit | 171aaece4f23709d33d180cf36eb3af5e454b0c9 (patch) | |
tree | 1485f9f0a7bd10de4ff25030db575dbb8dafae74 /pki/base/common/src/com/netscape/cms/servlet/profile | |
parent | adad2fcee8a29fdb82376fbce07dedb11fccc182 (diff) | |
download | pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.tar.gz pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.tar.xz pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.zip |
Revert "Formatting"
This reverts commit 32150d3ee32f8ac27118af7c792794b538c78a2f.
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/profile')
9 files changed, 1344 insertions, 1376 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java index 4ac119dc0..da24d2c20 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; + import java.util.Enumeration; import java.util.Locale; @@ -45,9 +46,10 @@ import com.netscape.certsrv.template.ArgList; import com.netscape.certsrv.template.ArgSet; import com.netscape.cms.servlet.common.CMSRequest; + /** * Toggle the approval state of a profile - * + * * @version $Revision$, $Date$ */ public class ProfileApproveServlet extends ProfileServlet { @@ -57,9 +59,10 @@ public class ProfileApproveServlet extends ProfileServlet { */ private static final long serialVersionUID = 3956879326742839550L; private static final String PROP_AUTHORITY_ID = "authorityId"; - private String mAuthorityId = null; + private String mAuthorityId = null; - private final static String LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL = "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4"; + private final static String LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL = + "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4"; private final static String OP_APPROVE = "approve"; private final static String OP_DISAPPROVE = "disapprove"; @@ -70,7 +73,7 @@ public class ProfileApproveServlet extends ProfileServlet { /** * initialize the servlet. This servlet uses the template file * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -81,14 +84,13 @@ public class ProfileApproveServlet extends ProfileServlet { /** * Process the HTTP request. * <P> - * + * * <ul> * <li>http.param profileId the id of the profile to change * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL used when an * agent approves/disapproves a cert profile set by the administrator for * automatic approval * </ul> - * * @param cmsReq the object holding the request and response information * @exception EBaseException an error has occurred */ @@ -124,18 +126,20 @@ public class ProfileApproveServlet extends ProfileServlet { auditSubjectID = auditSubjectID(); CMS.debug(e.toString()); log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_AUTHENTICATION_ERROR")); outputTemplate(request, response, args); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, ILogger.FAILURE, auditProfileID, - auditProfileOp); + LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + auditSubjectID, + ILogger.FAILURE, + auditProfileID, + auditProfileOp); audit(auditMessage); @@ -146,28 +150,30 @@ public class ProfileApproveServlet extends ProfileServlet { try { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "approve"); + mAuthzResourceName, "approve"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } if (authzToken == null) { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, ILogger.FAILURE, auditProfileID, - auditProfileOp); + LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + auditSubjectID, + ILogger.FAILURE, + auditProfileID, + auditProfileOp); audit(auditMessage); @@ -187,15 +193,17 @@ public class ProfileApproveServlet extends ProfileServlet { if (ps == null) { CMS.debug("ProfileApproveServlet: ProfileSubsystem not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, ILogger.FAILURE, auditProfileID, - auditProfileOp); + LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + auditSubjectID, + ILogger.FAILURE, + auditProfileID, + auditProfileOp); audit(auditMessage); @@ -206,18 +214,20 @@ public class ProfileApproveServlet extends ProfileServlet { IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId); if (authority == null) { - CMS.debug("ProfileApproveServlet: Authority " + mAuthorityId - + " not found"); + CMS.debug("ProfileApproveServlet: Authority " + mAuthorityId + + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, ILogger.FAILURE, auditProfileID, - auditProfileOp); + LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + auditSubjectID, + ILogger.FAILURE, + auditProfileID, + auditProfileOp); audit(auditMessage); @@ -226,18 +236,20 @@ public class ProfileApproveServlet extends ProfileServlet { IRequestQueue queue = authority.getRequestQueue(); if (queue == null) { - CMS.debug("ProfileApproveServlet: Request Queue of " - + mAuthorityId + " not found"); + CMS.debug("ProfileApproveServlet: Request Queue of " + + mAuthorityId + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, ILogger.FAILURE, auditProfileID, - auditProfileOp); + LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + auditSubjectID, + ILogger.FAILURE, + auditProfileID, + auditProfileOp); audit(auditMessage); @@ -253,54 +265,60 @@ public class ProfileApproveServlet extends ProfileServlet { try { if (ps.isProfileEnable(profileId)) { - if (ps.checkOwner()) { - if (ps.getProfileEnableBy(profileId).equals(userid)) { - ps.disableProfile(profileId); - } else { - // only enableBy can disable profile - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage( - locale, "CMS_PROFILE_NOT_OWNER")); - outputTemplate(request, response, args); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( + if (ps.checkOwner()) { + if (ps.getProfileEnableBy(profileId).equals(userid)) { + ps.disableProfile(profileId); + } else { + // only enableBy can disable profile + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_PROFILE_NOT_OWNER")); + outputTemplate(request, response, args); + + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, ILogger.FAILURE, - auditProfileID, auditProfileOp); + auditSubjectID, + ILogger.FAILURE, + auditProfileID, + auditProfileOp); - audit(auditMessage); + audit(auditMessage); - return; - } - } else { - ps.disableProfile(profileId); + return; } + } else { + ps.disableProfile(profileId); + } } else { ps.enableProfile(profileId, userid); } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, ILogger.SUCCESS, auditProfileID, - auditProfileOp); + LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + auditSubjectID, + ILogger.SUCCESS, + auditProfileID, + auditProfileOp); audit(auditMessage); } catch (EProfileException e) { // profile not enabled - CMS.debug("ProfileApproveServlet: profile not error " - + e.toString()); + CMS.debug("ProfileApproveServlet: profile not error " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, ILogger.FAILURE, auditProfileID, - auditProfileOp); + LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + auditSubjectID, + ILogger.FAILURE, + auditProfileID, + auditProfileOp); audit(auditMessage); @@ -309,34 +327,37 @@ public class ProfileApproveServlet extends ProfileServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, auditSubjectID, - ILogger.FAILURE, auditProfileID, auditProfileOp); + LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + auditSubjectID, + ILogger.FAILURE, + auditProfileID, + auditProfileOp); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - // auditSubjectID, - // ILogger.FAILURE, - // auditProfileID, - // auditProfileOp ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + // auditSubjectID, + // ILogger.FAILURE, + // auditProfileID, + // auditProfileOp ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } try { profile = ps.getProfile(profileId); } catch (EProfileException e) { // profile not found - CMS.debug("ProfileApproveServlet: profile not found " - + e.toString()); + CMS.debug("ProfileApproveServlet: profile not found " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, e.toString()); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, @@ -364,13 +385,14 @@ public class ProfileApproveServlet extends ProfileServlet { while (policyIds.hasMoreElements()) { String id = (String) policyIds.nextElement(); - IProfilePolicy policy = (IProfilePolicy) profile - .getProfilePolicy(setId, id); + IProfilePolicy policy = (IProfilePolicy) + profile.getProfilePolicy(setId, id); // (3) query all the profile policies // (4) default plugins convert request parameters - // into string http parameters - handlePolicy(list, response, locale, id, policy); + // into string http parameters + handlePolicy(list, response, locale, + id, policy); } ArgSet setArg = new ArgSet(); @@ -381,8 +403,8 @@ public class ProfileApproveServlet extends ProfileServlet { args.set(ARG_POLICY_SET_LIST, setlist); args.set(ARG_PROFILE_ID, profileId); - args.set(ARG_PROFILE_IS_ENABLED, - Boolean.toString(ps.isProfileEnable(profileId))); + args.set(ARG_PROFILE_IS_ENABLED, + Boolean.toString(ps.isProfileEnable(profileId))); args.set(ARG_PROFILE_ENABLED_BY, ps.getProfileEnableBy(profileId)); args.set(ARG_PROFILE_NAME, profile.getName(locale)); args.set(ARG_PROFILE_DESC, profile.getDescription(locale)); @@ -391,8 +413,8 @@ public class ProfileApproveServlet extends ProfileServlet { outputTemplate(request, response, args); } - private void handlePolicy(ArgList list, ServletResponse response, - Locale locale, String id, IProfilePolicy policy) { + private void handlePolicy(ArgList list, ServletResponse response, + Locale locale, String id, IProfilePolicy policy) { ArgSet set = new ArgSet(); set.set(ARG_POLICY_ID, id); @@ -412,19 +434,19 @@ public class ProfileApproveServlet extends ProfileServlet { String defName = (String) defNames.nextElement(); IDescriptor defDesc = def.getValueDescriptor(locale, defName); if (defDesc == null) { - CMS.debug("defName=" + defName); + CMS.debug("defName=" + defName); } else { - String defSyntax = defDesc.getSyntax(); - String defConstraint = defDesc.getConstraint(); - String defValueName = defDesc.getDescription(locale); - String defValue = null; - - defset.set(ARG_DEF_ID, defName); - defset.set(ARG_DEF_SYNTAX, defSyntax); - defset.set(ARG_DEF_CONSTRAINT, defConstraint); - defset.set(ARG_DEF_NAME, defValueName); - defset.set(ARG_DEF_VAL, defValue); - deflist.add(defset); + String defSyntax = defDesc.getSyntax(); + String defConstraint = defDesc.getConstraint(); + String defValueName = defDesc.getDescription(locale); + String defValue = null; + + defset.set(ARG_DEF_ID, defName); + defset.set(ARG_DEF_SYNTAX, defSyntax); + defset.set(ARG_DEF_CONSTRAINT, defConstraint); + defset.set(ARG_DEF_NAME, defValueName); + defset.set(ARG_DEF_VAL, defValue); + deflist.add(defset); } } } @@ -441,11 +463,11 @@ public class ProfileApproveServlet extends ProfileServlet { /** * Signed Audit Log Profile ID - * - * This method is called to obtain the "ProfileID" for a signed audit log - * message. + * + * This method is called to obtain the "ProfileID" for + * a signed audit log message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message ProfileID */ @@ -471,14 +493,14 @@ public class ProfileApproveServlet extends ProfileServlet { /** * Signed Audit Log Profile Operation - * - * This method is called to obtain the "Profile Operation" for a signed - * audit log message. + * + * This method is called to obtain the "Profile Operation" for + * a signed audit log message. * <P> - * + * * @param req HTTP request - * @return operation string containing either OP_APPROVE, OP_DISAPPROVE, or - * SIGNED_AUDIT_EMPTY_VALUE + * @return operation string containing either OP_APPROVE, OP_DISAPPROVE, + * or SIGNED_AUDIT_EMPTY_VALUE */ private String auditProfileOp(HttpServletRequest req) { // if no signed audit object exists, bail @@ -486,12 +508,13 @@ public class ProfileApproveServlet extends ProfileServlet { return null; } - if (mProfileSubId == null || mProfileSubId.equals("")) { + if (mProfileSubId == null || + mProfileSubId.equals("")) { mProfileSubId = IProfileSubsystem.ID; } - IProfileSubsystem ps = (IProfileSubsystem) CMS - .getSubsystem(mProfileSubId); + IProfileSubsystem ps = (IProfileSubsystem) + CMS.getSubsystem(mProfileSubId); if (ps == null) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -510,3 +533,4 @@ public class ProfileApproveServlet extends ProfileServlet { } } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java index ded3dff8d..4da41f7a7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; + import java.util.Enumeration; import java.util.Locale; @@ -37,9 +38,10 @@ import com.netscape.certsrv.template.ArgList; import com.netscape.certsrv.template.ArgSet; import com.netscape.cms.servlet.common.CMSRequest; + /** * List all enabled profiles. - * + * * @version $Revision$, $Date$ */ public class ProfileListServlet extends ProfileServlet { @@ -51,7 +53,7 @@ public class ProfileListServlet extends ProfileServlet { private static final String PROP_AUTHORITY_ID = "authorityId"; - private String mAuthorityId = null; + private String mAuthorityId = null; public ProfileListServlet() { super(); @@ -60,7 +62,7 @@ public class ProfileListServlet extends ProfileServlet { /** * initialize the servlet. This servlet uses the template file * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -70,7 +72,7 @@ public class ProfileListServlet extends ProfileServlet { /** * Process the HTTP request. - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -87,20 +89,20 @@ public class ProfileListServlet extends ProfileServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "list"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "list"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); return; } @@ -112,18 +114,18 @@ public class ProfileListServlet extends ProfileServlet { mProfileSubId = IProfileSubsystem.ID; } CMS.debug("ProfileListServlet: SubId=" + mProfileSubId); - IProfileSubsystem ps = (IProfileSubsystem) CMS - .getSubsystem(mProfileSubId); + IProfileSubsystem ps = (IProfileSubsystem) + CMS.getSubsystem(mProfileSubId); if (ps == null) { - CMS.debug("ProfileListServlet: ProfileSubsystem " + mProfileSubId - + " not found"); + CMS.debug("ProfileListServlet: ProfileSubsystem " + + mProfileSubId + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; - } + } ArgList list = new ArgList(); Enumeration e = ps.getProfileIds(); @@ -137,13 +139,13 @@ public class ProfileListServlet extends ProfileServlet { profile = ps.getProfile(id); } catch (EBaseException e1) { // skip bad profile - CMS.debug("ProfileListServlet: profile " + id - + " not found (skipped) " + e1.toString()); + CMS.debug("ProfileListServlet: profile " + id + + " not found (skipped) " + e1.toString()); continue; } if (profile == null) { - CMS.debug("ProfileListServlet: profile " + id - + " not found (skipped)"); + CMS.debug("ProfileListServlet: profile " + id + + " not found (skipped)"); continue; } @@ -153,16 +155,16 @@ public class ProfileListServlet extends ProfileServlet { ArgSet profileArgs = new ArgSet(); profileArgs.set(ARG_PROFILE_IS_ENABLED, - Boolean.toString(ps.isProfileEnable(id))); + Boolean.toString(ps.isProfileEnable(id))); profileArgs.set(ARG_PROFILE_ENABLED_BY, - ps.getProfileEnableBy(id)); + ps.getProfileEnableBy(id)); profileArgs.set(ARG_PROFILE_ID, id); - profileArgs.set(ARG_PROFILE_IS_VISIBLE, - Boolean.toString(profile.isVisible())); + profileArgs.set(ARG_PROFILE_IS_VISIBLE, + Boolean.toString(profile.isVisible())); profileArgs.set(ARG_PROFILE_NAME, name); profileArgs.set(ARG_PROFILE_DESC, desc); list.add(profileArgs); - + } } args.set(ARG_RECORD, list); diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java index 073d2cfb9..a159c0f2d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; + import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.Date; @@ -62,9 +63,10 @@ import com.netscape.certsrv.template.ArgSet; import com.netscape.certsrv.util.IStatsSubsystem; import com.netscape.cms.servlet.common.CMSRequest; + /** * This servlet approves profile-based request. - * + * * @version $Revision$, $Date$ */ public class ProfileProcessServlet extends ProfileServlet { @@ -76,8 +78,10 @@ public class ProfileProcessServlet extends ProfileServlet { private String mAuthorityId = null; private Nonces mNonces = null; - private final static String SIGNED_AUDIT_CERT_REQUEST_REASON = "requestNotes"; - private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + private final static String SIGNED_AUDIT_CERT_REQUEST_REASON = + "requestNotes"; + private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; public ProfileProcessServlet() { } @@ -99,9 +103,9 @@ public class ProfileProcessServlet extends ProfileServlet { HttpServletRequest request = cmsReq.getHttpReq(); HttpServletResponse response = cmsReq.getHttpResp(); - IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("approval", true /* main action */); + statsSub.startTiming("approval", true /* main action */); } IAuthToken authToken = null; @@ -115,14 +119,13 @@ public class ProfileProcessServlet extends ProfileServlet { } catch (EBaseException e) { CMS.debug("ProfileProcessServlet: " + e.toString()); log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_AUTHENTICATION_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -131,23 +134,23 @@ public class ProfileProcessServlet extends ProfileServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "approve"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "approve"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -161,19 +164,18 @@ public class ProfileProcessServlet extends ProfileServlet { X509Certificate cert2 = getSSLClientCertificate(request); if (cert1 == null) { CMS.debug("ProfileProcessServlet: Unknown nonce"); - } else if (cert1 != null && cert2 != null - && cert1.equals(cert2)) { + } else if (cert1 != null && cert2 != null && cert1.equals(cert2)) { nonceVerified = true; mNonces.removeNonce(nonce); } } else { CMS.debug("ProfileProcessServlet: Missing nonce"); } - CMS.debug("ProfileProcessServlet: nonceVerified=" + nonceVerified); + CMS.debug("ProfileProcessServlet: nonceVerified="+nonceVerified); if (!nonceVerified) { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { statsSub.endTiming("approval"); @@ -191,17 +193,17 @@ public class ProfileProcessServlet extends ProfileServlet { mProfileSubId = IProfileSubsystem.ID; } CMS.debug("ProfileProcessServlet: SubId=" + mProfileSubId); - IProfileSubsystem ps = (IProfileSubsystem) CMS - .getSubsystem(mProfileSubId); + IProfileSubsystem ps = (IProfileSubsystem) + CMS.getSubsystem(mProfileSubId); if (ps == null) { CMS.debug("ProfileProcessServlet: ProfileSubsystem not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -210,28 +212,28 @@ public class ProfileProcessServlet extends ProfileServlet { IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId); if (authority == null) { - CMS.debug("ProfileProcessServlet: Authority " + mAuthorityId - + " not found"); + CMS.debug("ProfileProcessServlet: Authority " + mAuthorityId + + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } IRequestQueue queue = authority.getRequestQueue(); if (queue == null) { - CMS.debug("ProfileProcessServlet: Request Queue of " + mAuthorityId - + " not found"); + CMS.debug("ProfileProcessServlet: Request Queue of " + + mAuthorityId + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -241,11 +243,11 @@ public class ProfileProcessServlet extends ProfileServlet { if (requestId == null || requestId.equals("")) { CMS.debug("ProfileProcessServlet: Request Id not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_REQUEST_ID_NOT_FOUND")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_REQUEST_ID_NOT_FOUND")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -257,8 +259,8 @@ public class ProfileProcessServlet extends ProfileServlet { req = queue.findRequest(new RequestId(requestId)); } catch (EBaseException e) { // request not found - CMS.debug("ProfileProcessServlet: request not found requestId=" - + requestId + " " + e.toString()); + CMS.debug("ProfileProcessServlet: request not found requestId=" + + requestId + " " + e.toString()); } if (req == null) { args.set(ARG_ERROR_CODE, "1"); @@ -266,12 +268,12 @@ public class ProfileProcessServlet extends ProfileServlet { "CMS_REQUEST_NOT_FOUND", requestId)); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } - // check if the request is in one of the terminal states + // check if the request is in one of the terminal states if (!req.getRequestStatus().equals(RequestStatus.PENDING)) { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, @@ -279,7 +281,7 @@ public class ProfileProcessServlet extends ProfileServlet { args.set(ARG_REQUEST_ID, requestId); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -290,11 +292,11 @@ public class ProfileProcessServlet extends ProfileServlet { if (profileId == null || profileId.equals("")) { CMS.debug("ProfileProcessServlet: Profile Id not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_PROFILE_ID_NOT_FOUND")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_PROFILE_ID_NOT_FOUND")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -303,23 +305,24 @@ public class ProfileProcessServlet extends ProfileServlet { if (op == null) { CMS.debug("ProfileProcessServlet: No op found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_OP_NOT_FOUND")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_OP_NOT_FOUND")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } + IProfile profile = null; try { profile = ps.getProfile(profileId); } catch (EProfileException e) { // profile not found - CMS.debug("ProfileProcessServlet: profile not found " + " " - + " profileId=" + profileId + " " + e.toString()); + CMS.debug("ProfileProcessServlet: profile not found " + + " " + " profileId=" + profileId + " " + e.toString()); } if (profile == null) { args.set(ARG_ERROR_CODE, "1"); @@ -327,7 +330,7 @@ public class ProfileProcessServlet extends ProfileServlet { "CMS_PROFILE_NOT_FOUND", profileId)); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -341,15 +344,16 @@ public class ProfileProcessServlet extends ProfileServlet { args.set(ARG_REQUEST_TYPE, req.getRequestType()); args.set(ARG_PROFILE_ID, profileId); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_PROFILE_ID_NOT_ENABLED")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_PROFILE_ID_NOT_ENABLED")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } + args.set(ARG_ERROR_CODE, "0"); args.set(ARG_ERROR_REASON, ""); @@ -357,23 +361,21 @@ public class ProfileProcessServlet extends ProfileServlet { if (op.equals("assign")) { String owner = req.getRequestOwner(); - // assigned owner + // assigned owner if (owner != null && owner.length() > 0) { if (!grantPermission(req, authToken)) { CMS.debug("ProfileProcessServlet: Permission not granted to assign request."); args.set(ARG_OP, op); args.set(ARG_REQUEST_ID, req.getRequestId().toString()); - args.set(ARG_REQUEST_STATUS, req.getRequestStatus() - .toString()); + args.set(ARG_REQUEST_STATUS, req.getRequestStatus().toString()); args.set(ARG_REQUEST_TYPE, req.getRequestType()); args.set(ARG_PROFILE_ID, profileId); args.set(ARG_PROFILE_ID, profileId); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_DENY_OPERATION")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_DENY_OPERATION")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -385,16 +387,13 @@ public class ProfileProcessServlet extends ProfileServlet { checkProfileVersion(profile, req, locale); updateValues(request, req, queue, profile, locale); updateNotes(request, req); - approveRequest(request, args, req, queue, profile, - locale); + approveRequest(request, args, req, queue, profile, locale); } else if (op.equals("reject")) { updateNotes(request, req); - rejectRequest(request, args, req, queue, profile, - locale); + rejectRequest(request, args, req, queue, profile, locale); } else if (op.equals("cancel")) { updateNotes(request, req); - cancelRequest(request, args, req, queue, profile, - locale); + cancelRequest(request, args, req, queue, profile, locale); } else if (op.equals("update")) { checkProfileVersion(profile, req, locale); updateValues(request, req, queue, profile, locale); @@ -402,30 +401,27 @@ public class ProfileProcessServlet extends ProfileServlet { } else if (op.equals("validate")) { updateValues(request, req, queue, profile, locale); } else if (op.equals("unassign")) { - unassignRequest(request, args, req, queue, profile, - locale); + unassignRequest(request, args, req, queue, profile, locale); } } else { CMS.debug("ProfileProcessServlet: Permission not granted to approve/reject/cancel/update/validate/unassign request."); args.set(ARG_OP, op); args.set(ARG_REQUEST_ID, req.getRequestId().toString()); - args.set(ARG_REQUEST_STATUS, req.getRequestStatus() - .toString()); + args.set(ARG_REQUEST_STATUS, req.getRequestStatus().toString()); args.set(ARG_REQUEST_TYPE, req.getRequestType()); args.set(ARG_PROFILE_ID, profileId); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_DENY_OPERATION")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_DENY_OPERATION")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } } // commit request to the storage - if (!op.equals("validate")) { + if (!op.equals("validate")) { try { if (op.equals("approve")) { queue.markAsServiced(req); @@ -433,47 +429,43 @@ public class ProfileProcessServlet extends ProfileServlet { queue.updateRequest(req); } } catch (EBaseException e) { - CMS.debug("ProfileProcessServlet: Request commit error " - + e.toString()); + CMS.debug("ProfileProcessServlet: Request commit error " + + e.toString()); // save request to disk args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } } } catch (ERejectException e) { - CMS.debug("ProfileProcessServlet: execution rejected " - + e.toString()); + CMS.debug("ProfileProcessServlet: execution rejected " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); - args.set( - ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_PROFILE_REJECTED", - e.toString())); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_PROFILE_REJECTED", e.toString())); } catch (EDeferException e) { - CMS.debug("ProfileProcessServlet: execution defered " - + e.toString()); + CMS.debug("ProfileProcessServlet: execution defered " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); - args.set( - ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_PROFILE_DEFERRED", - e.toString())); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_PROFILE_DEFERRED", e.toString())); } catch (EPropertyException e) { - CMS.debug("ProfileProcessServlet: execution error " + e.toString()); + CMS.debug("ProfileProcessServlet: execution error " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); - args.set( - ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_PROFILE_PROPERTY_ERROR", - e.toString())); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_PROFILE_PROPERTY_ERROR", e.toString())); } catch (EProfileException e) { - CMS.debug("ProfileProcessServlet: execution error " + e.toString()); + CMS.debug("ProfileProcessServlet: execution error " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); } args.set(ARG_OP, op); @@ -483,15 +475,15 @@ public class ProfileProcessServlet extends ProfileServlet { args.set(ARG_PROFILE_ID, profileId); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } } - + public boolean grantPermission(IRequest req, IAuthToken token) { try { - boolean enable = CMS.getConfigStore().getBoolean( - "request.assignee.enable", false); + boolean enable = CMS.getConfigStore().getBoolean("request.assignee.enable", + false); if (!enable) return true; String owner = req.getRequestOwner(); @@ -504,32 +496,32 @@ public class ProfileProcessServlet extends ProfileServlet { return true; } catch (Exception e) { } - + return false; } /** - * Check if the request creation time is older than the profile lastModified - * attribute. + * Check if the request creation time is older than the profile + * lastModified attribute. */ - protected void checkProfileVersion(IProfile profile, IRequest req, - Locale locale) throws EProfileException { + protected void checkProfileVersion(IProfile profile, IRequest req, + Locale locale) throws EProfileException { IConfigStore profileConfig = profile.getConfigStore(); if (profileConfig != null) { String lastModified = null; try { - lastModified = profileConfig.getString("lastModified", ""); + lastModified = profileConfig.getString("lastModified",""); } catch (EBaseException e) { - CMS.debug(e.toString()); - throw new EProfileException(e.toString()); + CMS.debug(e.toString()); + throw new EProfileException( e.toString() ); } if (!lastModified.equals("")) { Date profileModifiedAt = new Date(Long.parseLong(lastModified)); - CMS.debug("ProfileProcessServlet: Profile Last Modified=" - + profileModifiedAt); + CMS.debug("ProfileProcessServlet: Profile Last Modified=" + + profileModifiedAt); Date reqCreatedAt = req.getCreationTime(); - CMS.debug("ProfileProcessServlet: Request Created At=" - + reqCreatedAt); + CMS.debug("ProfileProcessServlet: Request Created At=" + + reqCreatedAt); if (profileModifiedAt.after(reqCreatedAt)) { CMS.debug("Profile Newer Than Request"); throw new ERejectException("Profile Newer Than Request"); @@ -539,16 +531,18 @@ public class ProfileProcessServlet extends ProfileServlet { } protected void assignRequest(ServletRequest request, ArgSet args, - IRequest req, IRequestQueue queue, IProfile profile, Locale locale) - throws EProfileException { + IRequest req, + IRequestQueue queue, IProfile profile, Locale locale) + throws EProfileException { String id = auditSubjectID(); req.setRequestOwner(id); } protected void unassignRequest(ServletRequest request, ArgSet args, - IRequest req, IRequestQueue queue, IProfile profile, Locale locale) - throws EProfileException { + IRequest req, + IRequestQueue queue, IProfile profile, Locale locale) + throws EProfileException { req.setRequestOwner(""); } @@ -558,14 +552,13 @@ public class ProfileProcessServlet extends ProfileServlet { * <P> * * (Certificate Request Processed - a manual "agent" profile based cert - * cancellation) + * cancellation) * <P> * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> - * * @param request the servlet request * @param args argument set * @param req the certificate request @@ -573,11 +566,12 @@ public class ProfileProcessServlet extends ProfileServlet { * @param profile this profile * @param locale the system locale * @exception EProfileException an error related to this profile has - * occurred + * occurred */ protected void cancelRequest(ServletRequest request, ArgSet args, - IRequest req, IRequestQueue queue, IProfile profile, Locale locale) - throws EProfileException { + IRequest req, + IRequestQueue queue, IProfile profile, Locale locale) + throws EProfileException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(req); @@ -588,22 +582,25 @@ public class ProfileProcessServlet extends ProfileServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, auditSubjectID, - ILogger.SUCCESS, auditRequesterID, - ILogger.SIGNED_AUDIT_CANCELLATION, auditInfoValue); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + ILogger.SIGNED_AUDIT_CANCELLATION, + auditInfoValue); audit(auditMessage); // } catch( EProfileException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - // auditSubjectID, - // ILogger.FAILURE, - // auditRequesterID, - // ILogger.SIGNED_AUDIT_CANCELLATION, - // auditInfoValue ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + // auditSubjectID, + // ILogger.FAILURE, + // auditRequesterID, + // ILogger.SIGNED_AUDIT_CANCELLATION, + // auditInfoValue ); // - // audit( auditMessage ); + // audit( auditMessage ); // } } @@ -612,14 +609,13 @@ public class ProfileProcessServlet extends ProfileServlet { * <P> * * (Certificate Request Processed - a manual "agent" profile based cert - * rejection) + * rejection) * <P> * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> - * * @param request the servlet request * @param args argument set * @param req the certificate request @@ -627,11 +623,12 @@ public class ProfileProcessServlet extends ProfileServlet { * @param profile this profile * @param locale the system locale * @exception EProfileException an error related to this profile has - * occurred + * occurred */ protected void rejectRequest(ServletRequest request, ArgSet args, - IRequest req, IRequestQueue queue, IProfile profile, Locale locale) - throws EProfileException { + IRequest req, + IRequestQueue queue, IProfile profile, Locale locale) + throws EProfileException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(req); @@ -642,22 +639,25 @@ public class ProfileProcessServlet extends ProfileServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, auditSubjectID, - ILogger.SUCCESS, auditRequesterID, - ILogger.SIGNED_AUDIT_REJECTION, auditInfoValue); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + ILogger.SIGNED_AUDIT_REJECTION, + auditInfoValue); audit(auditMessage); // } catch( EProfileException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - // auditSubjectID, - // ILogger.FAILURE, - // auditRequesterID, - // ILogger.SIGNED_AUDIT_REJECTION, - // auditInfoValue ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + // auditSubjectID, + // ILogger.FAILURE, + // auditRequesterID, + // ILogger.SIGNED_AUDIT_REJECTION, + // auditInfoValue ); // - // audit( auditMessage ); + // audit( auditMessage ); // } } @@ -666,14 +666,13 @@ public class ProfileProcessServlet extends ProfileServlet { * <P> * * (Certificate Request Processed - a manual "agent" profile based cert - * acceptance) + * acceptance) * <P> * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> - * * @param request the servlet request * @param args argument set * @param req the certificate request @@ -681,11 +680,12 @@ public class ProfileProcessServlet extends ProfileServlet { * @param profile this profile * @param locale the system locale * @exception EProfileException an error related to this profile has - * occurred + * occurred */ - protected void approveRequest(ServletRequest request, ArgSet args, - IRequest req, IRequestQueue queue, IProfile profile, Locale locale) - throws EProfileException { + protected void approveRequest(ServletRequest request, ArgSet args, + IRequest req, + IRequestQueue queue, IProfile profile, Locale locale) + throws EProfileException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(req); @@ -700,40 +700,42 @@ public class ProfileProcessServlet extends ProfileServlet { if (outputIds != null) { while (outputIds.hasMoreElements()) { String outputId = (String) outputIds.nextElement(); - IProfileOutput profileOutput = profile - .getProfileOutput(outputId); + IProfileOutput profileOutput = profile.getProfileOutput( + outputId); Enumeration outputNames = profileOutput.getValueNames(); if (outputNames != null) { while (outputNames.hasMoreElements()) { ArgSet outputset = new ArgSet(); - String outputName = (String) outputNames - .nextElement(); - IDescriptor outputDesc = profileOutput - .getValueDescriptor(locale, outputName); + String outputName = (String) + outputNames.nextElement(); + IDescriptor outputDesc = + profileOutput.getValueDescriptor(locale, + outputName); if (outputDesc == null) continue; String outputSyntax = outputDesc.getSyntax(); - String outputConstraint = outputDesc - .getConstraint(); - String outputValueName = outputDesc - .getDescription(locale); + String outputConstraint = + outputDesc.getConstraint(); + String outputValueName = + outputDesc.getDescription(locale); String outputValue = null; try { outputValue = profileOutput.getValue( - outputName, locale, req); + outputName, + locale, req); } catch (EProfileException e) { - CMS.debug("ProfileSubmitServlet: " - + e.toString()); + CMS.debug("ProfileSubmitServlet: " + + e.toString()); } outputset.set(ARG_OUTPUT_ID, outputName); outputset.set(ARG_OUTPUT_SYNTAX, outputSyntax); outputset.set(ARG_OUTPUT_CONSTRAINT, - outputConstraint); + outputConstraint); outputset.set(ARG_OUTPUT_NAME, outputValueName); outputset.set(ARG_OUTPUT_VAL, outputValue); outputlist.add(outputset); @@ -744,37 +746,42 @@ public class ProfileProcessServlet extends ProfileServlet { args.set(ARG_OUTPUT_LIST, outputlist); // retrieve the certificate - X509CertImpl theCert = req - .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); + X509CertImpl theCert = req.getExtDataInCert( + IEnrollProfile.REQUEST_ISSUED_CERT); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.SUCCESS, auditRequesterID, - ILogger.SIGNED_AUDIT_ACCEPTANCE, - auditInfoCertValue(theCert)); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + ILogger.SIGNED_AUDIT_ACCEPTANCE, + auditInfoCertValue(theCert)); audit(auditMessage); } catch (EProfileException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - ILogger.SIGNED_AUDIT_ACCEPTANCE, - ILogger.SIGNED_AUDIT_EMPTY_VALUE); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + ILogger.SIGNED_AUDIT_ACCEPTANCE, + ILogger.SIGNED_AUDIT_EMPTY_VALUE); audit(auditMessage); CMS.debug("ProfileProcessServlet: about to throw EProfileException because of bad profile execute."); throw new EProfileException(eAudit1.toString()); + } } - protected void updateValues(ServletRequest request, IRequest req, - IRequestQueue queue, IProfile profile, Locale locale) - throws ERejectException, EDeferException, EPropertyException { + protected void updateValues(ServletRequest request, IRequest req, + IRequestQueue queue, IProfile profile, Locale locale) + throws ERejectException, EDeferException, EPropertyException { String profileSetId = req.getExtDataInString("profileSetId"); Enumeration policies = profile.getProfilePolicies(profileSetId); @@ -806,16 +813,17 @@ public class ProfileProcessServlet extends ProfileServlet { } } - protected void validate(Locale locale, int count, IProfilePolicy policy, - IRequest req, ServletRequest request) throws ERejectException, - EDeferException { + protected void validate(Locale locale, int count, + IProfilePolicy policy, IRequest req, ServletRequest request) + throws ERejectException, EDeferException { IPolicyConstraint con = policy.getConstraint(); con.validate(req); } - protected void setValue(Locale locale, int count, IProfilePolicy policy, - IRequest req, ServletRequest request) throws EPropertyException { + protected void setValue(Locale locale, int count, + IProfilePolicy policy, IRequest req, ServletRequest request) + throws EPropertyException { // handle default policy IPolicyDefault def = policy.getDefault(); Enumeration defNames = def.getValueNames(); @@ -830,11 +838,11 @@ public class ProfileProcessServlet extends ProfileServlet { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for a signed audit log - * message. + * + * This method is called to obtain the "RequesterID" for + * a signed audit log message. * <P> - * + * * @param request the actual request * @return id string containing the signed audit log message RequesterID */ @@ -860,11 +868,11 @@ public class ProfileProcessServlet extends ProfileServlet { /** * Signed Audit Log Info Value - * - * This method is called to obtain the "reason" for a signed audit log - * message. + * + * This method is called to obtain the "reason" for + * a signed audit log message. * <P> - * + * * @param request the actual request * @return reason string containing the signed audit log message reason */ @@ -878,8 +886,8 @@ public class ProfileProcessServlet extends ProfileServlet { if (request != null) { // overwrite "reason" if and only if "info" != null - String info = request - .getExtDataInString(SIGNED_AUDIT_CERT_REQUEST_REASON); + String info = + request.getExtDataInString(SIGNED_AUDIT_CERT_REQUEST_REASON); if (info != null) { reason = info.trim(); @@ -896,11 +904,11 @@ public class ProfileProcessServlet extends ProfileServlet { /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param x509cert an X509CertImpl * @return cert string containing the certificate */ @@ -933,7 +941,7 @@ public class ProfileProcessServlet extends ProfileServlet { // extract all line separators from the "base64Data" StringBuffer sb = new StringBuffer(); for (int i = 0; i < base64Data.length(); i++) { - if (!Character.isWhitespace(base64Data.charAt(i))) { + if (!Character.isWhitespace(base64Data.charAt(i))) { sb.append(base64Data.charAt(i)); } } @@ -953,3 +961,4 @@ public class ProfileProcessServlet extends ProfileServlet { } } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java index 433dfdd7a..00840dd85 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; + import java.util.Enumeration; import java.util.Locale; import java.util.Random; @@ -53,9 +54,10 @@ import com.netscape.certsrv.template.ArgList; import com.netscape.certsrv.template.ArgSet; import com.netscape.cms.servlet.common.CMSRequest; + /** * This servlet allows reviewing of profile-based request. - * + * * @version $Revision$, $Date$ */ public class ProfileReviewServlet extends ProfileServlet { @@ -67,7 +69,7 @@ public class ProfileReviewServlet extends ProfileServlet { private static final String PROP_AUTHORITY_ID = "authorityId"; - private String mAuthorityId = null; + private String mAuthorityId = null; private Random mRandom = null; private Nonces mNonces = null; @@ -77,7 +79,7 @@ public class ProfileReviewServlet extends ProfileServlet { /** * initialize the servlet. This servlet uses the template file * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -99,7 +101,7 @@ public class ProfileReviewServlet extends ProfileServlet { * <ul> * <li>http.param requestId the ID of the profile to review * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -118,33 +120,32 @@ public class ProfileReviewServlet extends ProfileServlet { } catch (EBaseException e) { CMS.debug("ReviewReqServlet: " + e.toString()); log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_AUTHENTICATION_ERROR")); outputTemplate(request, response, args); return; - } + } } AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "read"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR")); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); return; } @@ -156,14 +157,14 @@ public class ProfileReviewServlet extends ProfileServlet { mProfileSubId = IProfileSubsystem.ID; } CMS.debug("ProfileReviewServlet: SubId=" + mProfileSubId); - IProfileSubsystem ps = (IProfileSubsystem) CMS - .getSubsystem(mProfileSubId); + IProfileSubsystem ps = (IProfileSubsystem) + CMS.getSubsystem(mProfileSubId); if (ps == null) { CMS.debug("ProfileReviewServlet: ProfileSubsystem not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -172,22 +173,22 @@ public class ProfileReviewServlet extends ProfileServlet { IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId); if (authority == null) { - CMS.debug("ProfileReviewServlet: Authority " + mAuthorityId - + " not found"); + CMS.debug("ProfileReviewServlet: Authority " + mAuthorityId + + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } IRequestQueue queue = authority.getRequestQueue(); if (queue == null) { - CMS.debug("ProfileReviewServlet: Request Queue of " + mAuthorityId - + " not found"); + CMS.debug("ProfileReviewServlet: Request Queue of " + + mAuthorityId + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -200,8 +201,8 @@ public class ProfileReviewServlet extends ProfileServlet { req = queue.findRequest(new RequestId(requestId)); } catch (EBaseException e) { // request not found - CMS.debug("ProfileReviewServlet: request not found requestId=" - + requestId + " " + e.toString()); + CMS.debug("ProfileReviewServlet: request not found requestId=" + + requestId + " " + e.toString()); } if (req == null) { args.set(ARG_ERROR_CODE, "1"); @@ -213,17 +214,16 @@ public class ProfileReviewServlet extends ProfileServlet { String profileId = req.getExtDataInString("profileId"); - CMS.debug("ProfileReviewServlet: requestId=" + requestId - + " profileId=" + profileId); + CMS.debug("ProfileReviewServlet: requestId=" + + requestId + " profileId=" + profileId); IProfile profile = null; try { profile = ps.getProfile(profileId); } catch (EProfileException e) { // profile not found - CMS.debug("ProfileReviewServlet: profile not found requestId=" - + requestId + " profileId=" + profileId + " " - + e.toString()); + CMS.debug("ProfileReviewServlet: profile not found requestId=" + + requestId + " profileId=" + profileId + " " + e.toString()); } if (profile == null) { args.set(ARG_ERROR_CODE, "1"); @@ -232,26 +232,27 @@ public class ProfileReviewServlet extends ProfileServlet { outputTemplate(request, response, args); return; } - + String profileSetId = req.getExtDataInString("profileSetId"); CMS.debug("ProfileReviewServlet: profileSetId=" + profileSetId); - Enumeration policyIds = (profileSetId != null && profileSetId.length() > 0) ? profile - .getProfilePolicyIds(profileSetId) : null; + Enumeration policyIds = (profileSetId != null && profileSetId.length() > 0)? + profile.getProfilePolicyIds(profileSetId): null; int count = 0; ArgList list = new ArgList(); if (policyIds != null) { - while (policyIds.hasMoreElements()) { + while (policyIds.hasMoreElements()) { String id = (String) policyIds.nextElement(); - IProfilePolicy policy = (IProfilePolicy) profile - .getProfilePolicy( - req.getExtDataInString("profileSetId"), id); + IProfilePolicy policy = (IProfilePolicy) + profile.getProfilePolicy(req.getExtDataInString("profileSetId"), + id); // (3) query all the profile policies // (4) default plugins convert request parameters into string - // http parameters - handlePolicy(list, response, locale, id, policy, req); + // http parameters + handlePolicy(list, response, locale, + id, policy, req); count++; } } @@ -268,33 +269,34 @@ public class ProfileReviewServlet extends ProfileServlet { args.set(ARG_REQUEST_TYPE, req.getRequestType()); args.set(ARG_REQUEST_STATUS, req.getRequestStatus().toString()); if (req.getRequestOwner() == null) { - args.set(ARG_REQUEST_OWNER, ""); + args.set(ARG_REQUEST_OWNER, ""); } else { - args.set(ARG_REQUEST_OWNER, req.getRequestOwner()); + args.set(ARG_REQUEST_OWNER, req.getRequestOwner()); } args.set(ARG_REQUEST_CREATION_TIME, req.getCreationTime().toString()); - args.set(ARG_REQUEST_MODIFICATION_TIME, req.getModificationTime() - .toString()); + args.set(ARG_REQUEST_MODIFICATION_TIME, + req.getModificationTime().toString()); args.set(ARG_PROFILE_ID, profileId); - args.set(ARG_PROFILE_APPROVED_BY, - req.getExtDataInString("profileApprovedBy")); + args.set(ARG_PROFILE_APPROVED_BY, + req.getExtDataInString("profileApprovedBy")); args.set(ARG_PROFILE_SET_ID, req.getExtDataInString("profileSetId")); if (profile.isVisible()) { - args.set(ARG_PROFILE_IS_VISIBLE, "true"); + args.set(ARG_PROFILE_IS_VISIBLE, "true"); } else { - args.set(ARG_PROFILE_IS_VISIBLE, "false"); + args.set(ARG_PROFILE_IS_VISIBLE, "false"); } args.set(ARG_PROFILE_NAME, profile.getName(locale)); args.set(ARG_PROFILE_DESC, profile.getDescription(locale)); - args.set(ARG_PROFILE_REMOTE_HOST, - req.getExtDataInString("profileRemoteHost")); - args.set(ARG_PROFILE_REMOTE_ADDR, - req.getExtDataInString("profileRemoteAddr")); + args.set(ARG_PROFILE_REMOTE_HOST, + req.getExtDataInString("profileRemoteHost")); + args.set(ARG_PROFILE_REMOTE_ADDR, + req.getExtDataInString("profileRemoteAddr")); if (req.getExtDataInString("requestNotes") == null) { args.set(ARG_REQUEST_NOTES, ""); } else { - args.set(ARG_REQUEST_NOTES, req.getExtDataInString("requestNotes")); + args.set(ARG_REQUEST_NOTES, + req.getExtDataInString("requestNotes")); } args.set(ARG_RECORD, list); @@ -320,20 +322,17 @@ public class ProfileReviewServlet extends ProfileServlet { ArgSet inputset = new ArgSet(); String inputName = (String) inputNames.nextElement(); - IDescriptor inputDesc = profileInput - .getValueDescriptor(locale, inputName); + IDescriptor inputDesc = profileInput.getValueDescriptor(locale, inputName); if (inputDesc == null) continue; String inputSyntax = inputDesc.getSyntax(); String inputConstraint = inputDesc.getConstraint(); - String inputValueName = inputDesc - .getDescription(locale); + String inputValueName = inputDesc.getDescription(locale); String inputValue = null; try { - inputValue = profileInput.getValue(inputName, - locale, req); + inputValue = profileInput.getValue(inputName, locale, req); } catch (EBaseException e) { CMS.debug("ProfileReviewServlet: " + e.toString()); } @@ -358,31 +357,32 @@ public class ProfileReviewServlet extends ProfileServlet { if (outputIds != null) { while (outputIds.hasMoreElements()) { String outputId = (String) outputIds.nextElement(); - IProfileOutput profileOutput = profile - .getProfileOutput(outputId); + IProfileOutput profileOutput = profile.getProfileOutput(outputId + ); Enumeration outputNames = profileOutput.getValueNames(); if (outputNames != null) { while (outputNames.hasMoreElements()) { ArgSet outputset = new ArgSet(); - String outputName = (String) outputNames.nextElement(); - IDescriptor outputDesc = profileOutput - .getValueDescriptor(locale, outputName); + String outputName = (String) outputNames.nextElement + (); + IDescriptor outputDesc = + profileOutput.getValueDescriptor(locale, outputName); if (outputDesc == null) continue; String outputSyntax = outputDesc.getSyntax(); String outputConstraint = outputDesc.getConstraint(); - String outputValueName = outputDesc - .getDescription(locale); + String outputValueName = outputDesc.getDescription(locale); String outputValue = null; try { outputValue = profileOutput.getValue(outputName, - locale, req); + locale, req); } catch (EProfileException e) { - CMS.debug("ProfileSubmitServlet: " + e.toString()); + CMS.debug("ProfileSubmitServlet: " + e.toString( + )); } outputset.set(ARG_OUTPUT_ID, outputName); @@ -401,8 +401,9 @@ public class ProfileReviewServlet extends ProfileServlet { outputTemplate(request, response, args); } - private void handlePolicy(ArgList list, ServletResponse response, - Locale locale, String id, IProfilePolicy policy, IRequest req) { + private void handlePolicy(ArgList list, ServletResponse response, + Locale locale, String id, IProfilePolicy policy, + IRequest req) { ArgSet set = new ArgSet(); set.set(ARG_POLICY_ID, id); diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java index 92aedb856..813af8f62 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; + import java.util.Enumeration; import java.util.Locale; @@ -47,9 +48,10 @@ import com.netscape.certsrv.template.ArgList; import com.netscape.certsrv.template.ArgSet; import com.netscape.cms.servlet.common.CMSRequest; + /** * Retrieve detailed information of a particular profile. - * + * * @version $Revision$, $Date$ */ public class ProfileSelectServlet extends ProfileServlet { @@ -59,7 +61,7 @@ public class ProfileSelectServlet extends ProfileServlet { */ private static final long serialVersionUID = -3765390650830903602L; private static final String PROP_AUTHORITY_ID = "authorityId"; - private String mAuthorityId = null; + private String mAuthorityId = null; public ProfileSelectServlet() { } @@ -74,7 +76,7 @@ public class ProfileSelectServlet extends ProfileServlet { * <ul> * <li>http.param profileId the id of the profile to select * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -94,11 +96,10 @@ public class ProfileSelectServlet extends ProfileServlet { } catch (EBaseException e) { CMS.debug("ProcessReqServlet: " + e.toString()); log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_AUTHENTICATION_ERROR")); outputTemplate(request, response, args); return; } @@ -107,20 +108,20 @@ public class ProfileSelectServlet extends ProfileServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "read"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); return; } @@ -132,14 +133,14 @@ public class ProfileSelectServlet extends ProfileServlet { mProfileSubId = IProfileSubsystem.ID; } CMS.debug("ProfileSelectServlet: SubId=" + mProfileSubId); - IProfileSubsystem ps = (IProfileSubsystem) CMS - .getSubsystem(mProfileSubId); + IProfileSubsystem ps = (IProfileSubsystem) + CMS.getSubsystem(mProfileSubId); if (ps == null) { CMS.debug("ProfileSelectServlet: ProfileSubsystem not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -148,22 +149,22 @@ public class ProfileSelectServlet extends ProfileServlet { IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId); if (authority == null) { - CMS.debug("ProfileSelectServlet: Authority " + mAuthorityId - + " not found"); + CMS.debug("ProfileSelectServlet: Authority " + mAuthorityId + + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } IRequestQueue queue = authority.getRequestQueue(); if (queue == null) { - CMS.debug("ProfileSelectServlet: Request Queue of " + mAuthorityId - + " not found"); + CMS.debug("ProfileSelectServlet: Request Queue of " + + mAuthorityId + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -178,8 +179,8 @@ public class ProfileSelectServlet extends ProfileServlet { profile = ps.getProfile(profileId); } catch (EProfileException e) { // profile not found - CMS.debug("ProfileSelectServlet: profile not found profileId=" - + profileId + " " + e.toString()); + CMS.debug("ProfileSelectServlet: profile not found profileId=" + + profileId + " " + e.toString()); } if (profile == null) { args.set(ARG_ERROR_CODE, "1"); @@ -188,7 +189,7 @@ public class ProfileSelectServlet extends ProfileServlet { outputTemplate(request, response, args); return; } - + ArgList setlist = new ArgList(); Enumeration policySetIds = profile.getProfilePolicySetIds(); @@ -202,14 +203,14 @@ public class ProfileSelectServlet extends ProfileServlet { if (policyIds != null) { while (policyIds.hasMoreElements()) { String id = (String) policyIds.nextElement(); - IProfilePolicy policy = (IProfilePolicy) profile - .getProfilePolicy(setId, id); + IProfilePolicy policy = (IProfilePolicy) + profile.getProfilePolicy(setId, id); // (3) query all the profile policies - // (4) default plugins convert request parameters into - // string - // http parameters - handlePolicy(list, response, locale, id, policy); + // (4) default plugins convert request parameters into string + // http parameters + handlePolicy(list, response, locale, + id, policy); } } ArgSet setArg = new ArgSet(); @@ -223,31 +224,29 @@ public class ProfileSelectServlet extends ProfileServlet { args.set(ARG_PROFILE_ID, profileId); args.set(ARG_PROFILE_IS_ENABLED, - Boolean.toString(ps.isProfileEnable(profileId))); + Boolean.toString(ps.isProfileEnable(profileId))); args.set(ARG_PROFILE_ENABLED_BY, ps.getProfileEnableBy(profileId)); args.set(ARG_PROFILE_NAME, profile.getName(locale)); - args.set(ARG_PROFILE_DESC, profile.getDescription(locale)); - args.set(ARG_PROFILE_IS_VISIBLE, Boolean.toString(profile.isVisible())); + args.set(ARG_PROFILE_DESC, profile.getDescription(locale)); + args.set(ARG_PROFILE_IS_VISIBLE, + Boolean.toString(profile.isVisible())); args.set(ARG_ERROR_CODE, "0"); args.set(ARG_ERROR_REASON, ""); try { - boolean keyArchivalEnabled = CMS.getConfigStore().getBoolean( - "ca.connector.KRA.enable", false); - if (keyArchivalEnabled == true) { - CMS.debug("ProfileSelectServlet: keyArchivalEnabled is true"); - - // output transport certificate if present - args.set( - "transportCert", - CMS.getConfigStore().getString( - "ca.connector.KRA.transportCert", "")); - } else { - CMS.debug("ProfileSelectServlet: keyArchivalEnabled is false"); - args.set("transportCert", ""); - } + boolean keyArchivalEnabled = CMS.getConfigStore().getBoolean("ca.connector.KRA.enable", false); + if (keyArchivalEnabled == true) { + CMS.debug("ProfileSelectServlet: keyArchivalEnabled is true"); + + // output transport certificate if present + args.set("transportCert", + CMS.getConfigStore().getString("ca.connector.KRA.transportCert", "")); + } else { + CMS.debug("ProfileSelectServlet: keyArchivalEnabled is false"); + args.set("transportCert", ""); + } } catch (EBaseException e) { - CMS.debug("ProfileSelectServlet: exception caught:" + e.toString()); + CMS.debug("ProfileSelectServlet: exception caught:"+e.toString()); } // build authentication @@ -260,7 +259,7 @@ public class ProfileSelectServlet extends ProfileServlet { // authenticator not installed correctly args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHENTICATION_MANAGER_NOT_FOUND", + "CMS_AUTHENTICATION_MANAGER_NOT_FOUND", profile.getAuthenticatorId())); outputTemplate(request, response, args); return; @@ -273,8 +272,8 @@ public class ProfileSelectServlet extends ProfileServlet { while (authNames.hasMoreElements()) { ArgSet authset = new ArgSet(); String authName = (String) authNames.nextElement(); - IDescriptor authDesc = authenticator.getValueDescriptor( - locale, authName); + IDescriptor authDesc = + authenticator.getValueDescriptor(locale, authName); if (authDesc == null) continue; @@ -292,8 +291,8 @@ public class ProfileSelectServlet extends ProfileServlet { args.set(ARG_AUTH_LIST, authlist); args.set(ARG_AUTH_NAME, authenticator.getName(locale)); args.set(ARG_AUTH_DESC, authenticator.getText(locale)); - args.set(ARG_AUTH_IS_SSL, - Boolean.toString(authenticator.isSSLClientRequired())); + args.set(ARG_AUTH_IS_SSL, + Boolean.toString(authenticator.isSSLClientRequired())); } // build input list @@ -310,10 +309,10 @@ public class ProfileSelectServlet extends ProfileServlet { ArgSet inputpluginset = new ArgSet(); inputpluginset.set(ARG_INPUT_PLUGIN_ID, inputId); - inputpluginset.set(ARG_INPUT_PLUGIN_NAME, - profileInput.getName(locale)); - inputpluginset.set(ARG_INPUT_PLUGIN_DESC, - profileInput.getText(locale)); + inputpluginset.set(ARG_INPUT_PLUGIN_NAME, + profileInput.getName(locale)); + inputpluginset.set(ARG_INPUT_PLUGIN_DESC, + profileInput.getText(locale)); inputPluginlist.add(inputpluginset); Enumeration inputNames = profileInput.getValueNames(); @@ -321,17 +320,15 @@ public class ProfileSelectServlet extends ProfileServlet { if (inputNames != null) { while (inputNames.hasMoreElements()) { ArgSet inputset = new ArgSet(); - String inputName = (String) inputNames - .nextElement(); - IDescriptor inputDesc = profileInput - .getValueDescriptor(locale, inputName); + String inputName = (String) inputNames.nextElement(); + IDescriptor inputDesc = profileInput.getValueDescriptor( + locale, inputName); if (inputDesc == null) continue; String inputSyntax = inputDesc.getSyntax(); String inputConstraint = inputDesc.getConstraint(); - String inputValueName = inputDesc - .getDescription(locale); + String inputValueName = inputDesc.getDescription(locale); String inputValue = null; inputset.set(ARG_INPUT_PLUGIN_ID, inputId); @@ -355,8 +352,8 @@ public class ProfileSelectServlet extends ProfileServlet { outputTemplate(request, response, args); } - private void handlePolicy(ArgList list, ServletResponse response, - Locale locale, String id, IProfilePolicy policy) { + private void handlePolicy(ArgList list, ServletResponse response, + Locale locale, String id, IProfilePolicy policy) { ArgSet set = new ArgSet(); set.set(ARG_POLICY_ID, id); diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java index a5f1c6c70..46f3797d4 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; + import java.io.BufferedReader; import java.io.ByteArrayOutputStream; import java.io.FileReader; @@ -45,9 +46,10 @@ import com.netscape.cms.servlet.base.UserInfo; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.Utils; + /** * This servlet is the base class of all profile servlets. - * + * * @version $Revision$, $Date$ */ public class ProfileServlet extends CMSServlet { @@ -65,9 +67,12 @@ public class ProfileServlet extends CMSServlet { public final static String ARG_REQUEST_ID = "requestId"; public final static String ARG_REQUEST_TYPE = "requestType"; public final static String ARG_REQUEST_STATUS = "requestStatus"; - public final static String ARG_REQUEST_OWNER = "requestOwner"; - public final static String ARG_REQUEST_CREATION_TIME = "requestCreationTime"; - public final static String ARG_REQUEST_MODIFICATION_TIME = "requestModificationTime"; + public final static String ARG_REQUEST_OWNER = + "requestOwner"; + public final static String ARG_REQUEST_CREATION_TIME = + "requestCreationTime"; + public final static String ARG_REQUEST_MODIFICATION_TIME = + "requestModificationTime"; public final static String ARG_REQUEST_NONCE = "nonce"; public final static String ARG_AUTH_ID = "authId"; @@ -161,18 +166,18 @@ public class ProfileServlet extends CMSServlet { super(); } - /** - * initialize the servlet. Servlets implementing this method must specify - * the template to use as a parameter called "templatePath" in the - * servletConfig - * + /** + * initialize the servlet. Servlets implementing this method + * must specify the template to use as a parameter called + * "templatePath" in the servletConfig + * * @param sc servlet configuration, read from the web.xml file */ - public void init(ServletConfig sc) throws ServletException { + public void init(ServletConfig sc) throws ServletException { super.init(sc); mTemplate = sc.getServletContext().getRealPath( - sc.getInitParameter(PROP_TEMPLATE)); + sc.getInitParameter(PROP_TEMPLATE)); mGetClientCert = sc.getInitParameter(PROP_CLIENTAUTH); mAuthMgr = sc.getInitParameter(PROP_AUTHMGR); mAuthz = (IAuthzSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTHZ); @@ -188,44 +193,47 @@ public class ProfileServlet extends CMSServlet { } } - protected String escapeXML(String v) { - if (v == null) { - return ""; - } - v = v.replaceAll("&", "&"); - return v; + protected String escapeXML(String v) + { + if (v == null) { + return ""; + } + v = v.replaceAll("&", "&"); + return v; } - protected void outputArgValueAsXML(PrintStream ps, String name, IArgValue v) { - ps.println("<" + name + ">"); - if (v != null) { - if (v instanceof ArgList) { - ArgList list = (ArgList) v; - ps.println("<list>"); - for (int i = 0; i < list.size(); i++) { - outputArgValueAsXML(ps, name, list.get(i)); - } - ps.println("</list>"); - } else if (v instanceof ArgString) { - ArgString str = (ArgString) v; - ps.println(escapeXML(str.getValue())); - } else if (v instanceof ArgSet) { - ArgSet set = (ArgSet) v; - ps.println("<set>"); - Enumeration names = set.getNames(); - while (names.hasMoreElements()) { - String n = (String) names.nextElement(); + protected void outputArgValueAsXML(PrintStream ps, String name, IArgValue v) + { + ps.println("<" + name + ">"); + if (v != null) { + if (v instanceof ArgList) { + ArgList list = (ArgList)v; + ps.println("<list>"); + for (int i = 0; i < list.size(); i++) { + outputArgValueAsXML(ps, name, list.get(i)); + } + ps.println("</list>"); + } else if (v instanceof ArgString) { + ArgString str = (ArgString)v; + ps.println(escapeXML(str.getValue())); + } else if (v instanceof ArgSet) { + ArgSet set = (ArgSet)v; + ps.println("<set>"); + Enumeration names = set.getNames(); + while (names.hasMoreElements()) { + String n = (String)names.nextElement(); outputArgValueAsXML(ps, n, set.get(n)); - } - ps.println("</set>"); - } else { - ps.println(v); + } + ps.println("</set>"); + } else { + ps.println(v); + } } - } - ps.println("</" + name + ">"); + ps.println("</" + name + ">"); } - protected void outputThisAsXML(ByteArrayOutputStream bos, ArgSet args) { + protected void outputThisAsXML(ByteArrayOutputStream bos, ArgSet args) + { PrintStream ps = new PrintStream(bos); ps.println("<xml>"); outputArgValueAsXML(ps, "output", args); @@ -233,8 +241,9 @@ public class ProfileServlet extends CMSServlet { ps.flush(); } - public void outputTemplate(HttpServletRequest request, - HttpServletResponse response, ArgSet args) throws EBaseException { + public void outputTemplate(HttpServletRequest request, + HttpServletResponse response, ArgSet args) + throws EBaseException { String xmlOutput = request.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { @@ -242,30 +251,32 @@ public class ProfileServlet extends CMSServlet { ByteArrayOutputStream bos = new ByteArrayOutputStream(); outputThisAsXML(bos, args); try { - response.setContentLength(bos.size()); - bos.writeTo(response.getOutputStream()); + response.setContentLength(bos.size()); + bos.writeTo(response.getOutputStream()); } catch (Exception e) { CMS.debug("outputTemplate error " + e); } return; } - IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("output_template"); + statsSub.startTiming("output_template"); } BufferedReader reader = null; try { - reader = new BufferedReader(new FileReader(mTemplate)); + reader = new BufferedReader( + new FileReader(mTemplate)); response.setContentType("text/html; charset=UTF-8"); PrintWriter writer = response.getWriter(); + // output template String line = null; do { - line = reader.readLine(); + line = reader.readLine(); if (line != null) { if (line.indexOf("<CMS_TEMPLATE>") == -1) { writer.println(line); @@ -276,20 +287,21 @@ public class ProfileServlet extends CMSServlet { writer.println("</script>"); } } - } while (line != null); + } + while (line != null); reader.close(); } catch (IOException e) { - CMS.debug(e); - throw new EBaseException(e.toString()); + CMS.debug(e); + throw new EBaseException(e.toString()); } finally { - if (statsSub != null) { - statsSub.endTiming("output_template"); - } + if (statsSub != null) { + statsSub.endTiming("output_template"); + } } } protected void outputArgList(PrintWriter writer, String name, ArgList list) - throws IOException { + throws IOException { String h_name = null; @@ -299,7 +311,7 @@ public class ProfileServlet extends CMSServlet { h_name = name.substring(name.indexOf('.') + 1); } writer.println(name + "Set = new Array;"); - // writer.println(h_name + "Count = 0;"); + // writer.println(h_name + "Count = 0;"); for (int i = 0; i < list.size(); i++) { writer.println(h_name + " = new Object;"); @@ -330,29 +342,27 @@ public class ProfileServlet extends CMSServlet { char c = in[i]; /* presumably this gives better performance */ - if ((c > 0x23) && (c != 0x5c) && (c != 0x3c) && (c != 0x3e)) { + if ((c > 0x23) && (c!= 0x5c) && (c!= 0x3c) && (c!= 0x3e)) { out[j++] = c; continue; } /* some inputs are coming in as '\' and 'n' */ /* see BZ 500736 for details */ - if ((c == 0x5c) - && ((i + 1) < l) - && (in[i + 1] == 'n' || in[i + 1] == 'r' - || in[i + 1] == 'f' || in[i + 1] == 't' - || in[i + 1] == '<' || in[i + 1] == '>' - || in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) { - if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3' - && (in[i + 3] == 'c' || in[i + 3] == 'e')) { + if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' || + in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' || + in[i+1] == '<' || in[i+1] == '>' || + in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) { + if (in[i+1] == 'x' && ((i+3)<l) && in[i+2] == '3' && + (in[i+3] == 'c' || in[i+3] == 'e')) { out[j++] = '\\'; - out[j++] = in[i + 1]; - out[j++] = in[i + 2]; - out[j++] = in[i + 3]; + out[j++] = in[i+1]; + out[j++] = in[i+2]; + out[j++] = in[i+3]; i += 3; - } else { + } else { out[j++] = '\\'; - out[j++] = in[i + 1]; + out[j++] = in[i+1]; i++; } continue; @@ -410,19 +420,19 @@ public class ProfileServlet extends CMSServlet { return new String(out, 0, j); } - protected void outputArgString(PrintWriter writer, String name, - ArgString str) throws IOException { + protected void outputArgString(PrintWriter writer, String name, ArgString str) + throws IOException { String s = str.getValue(); // sub \n with "\n" if (s != null) { - s = escapeJavaScriptString(s); + s = escapeJavaScriptString(s); } writer.println(name + "=\"" + s + "\";"); } protected void outputArgSet(PrintWriter writer, String name, ArgSet set) - throws IOException { + throws IOException { Enumeration e = set.getNames(); while (e.hasMoreElements()) { @@ -446,7 +456,7 @@ public class ProfileServlet extends CMSServlet { } protected void outputData(PrintWriter writer, ArgSet set) - throws IOException { + throws IOException { if (set == null) return; Enumeration e = set.getNames(); @@ -475,12 +485,13 @@ public class ProfileServlet extends CMSServlet { * log according to authority category. */ protected void log(int event, int level, String msg) { - mLogger.log(event, mLogCategory, level, "Servlet " + mId + ": " + msg); + mLogger.log(event, mLogCategory, level, + "Servlet " + mId + ": " + msg); } protected void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level, "Servlet " + mId - + ": " + msg); + mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level, + "Servlet " + mId + ": " + msg); } /** @@ -495,12 +506,14 @@ public class ProfileServlet extends CMSServlet { locale = Locale.getDefault(); } else { locale = new Locale(UserInfo.getUserLanguage(lang), - UserInfo.getUserCountry(lang)); + UserInfo.getUserCountry(lang)); } return locale; } - protected void renderResult(CMSRequest cmsReq) throws IOException { + protected void renderResult(CMSRequest cmsReq) + throws IOException { // do nothing } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java index d24f7332d..b00b13a9d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; + import java.io.InputStream; import java.io.OutputStream; import java.security.cert.CertificateEncodingException; @@ -64,9 +65,10 @@ import com.netscape.cms.servlet.common.AuthCredentials; import com.netscape.cms.servlet.common.CMCOutputTemplate; import com.netscape.cms.servlet.common.CMSRequest; + /** * This servlet submits end-user request into the profile framework. - * + * * @version $Revision$, $Date$ */ public class ProfileSubmitCMCServlet extends ProfileServlet { @@ -87,24 +89,27 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { private String requestBinary = null; private String requestB64 = null; - private final static String[] SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { - - /* 0 */"automated profile cert request rejection: " + private final static String[] + SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { + + /* 0 */ "automated profile cert request rejection: " + "indeterminate reason for inability to process " - + "cert request due to an EBaseException" }; - private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + + "cert request due to an EBaseException" + }; + private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; public ProfileSubmitCMCServlet() { } /** - * initialize the servlet. And instance of this servlet can be set up to - * always issue certificates against a certain profile by setting the - * 'profileId' configuration in the servletConfig If not, the user must - * specify the profileID when submitting the request + * initialize the servlet. And instance of this servlet can + * be set up to always issue certificates against a certain profile + * by setting the 'profileId' configuration in the servletConfig + * If not, the user must specify the profileID when submitting the request * * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -115,8 +120,7 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { mRenderResult = false; } - private void setInputsIntoContext(HttpServletRequest request, - IProfile profile, IProfileContext ctx) { + private void setInputsIntoContext(HttpServletRequest request, IProfile profile, IProfileContext ctx) { // passing inputs into context Enumeration inputIds = profile.getProfileInputIds(); @@ -139,8 +143,7 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { } - private void setCredentialsIntoContext(HttpServletRequest request, - IProfileAuthenticator authenticator, IProfileContext ctx) { + private void setCredentialsIntoContext(HttpServletRequest request, IProfileAuthenticator authenticator, IProfileContext ctx) { Enumeration authIds = authenticator.getValueNames(); if (authIds != null) { @@ -155,7 +158,7 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { } public IAuthToken authenticate(IProfileAuthenticator authenticator, - HttpServletRequest request) throws EBaseException { + HttpServletRequest request) throws EBaseException { AuthCredentials credentials = new AuthCredentials(); // build credential @@ -174,19 +177,19 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { IAuthToken authToken = authenticator.authenticate(credentials); SessionContext sc = SessionContext.getContext(); - if (sc != null) { - sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); - String userid = authToken.getInString(IAuthToken.USER_ID); - if (userid != null) { - sc.put(SessionContext.USER_ID, userid); - } + if (sc != null) { + sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); + String userid = authToken.getInString(IAuthToken.USER_ID); + if (userid != null) { + sc.put(SessionContext.USER_ID, userid); + } } return authToken; } - private void setInputsIntoRequest(HttpServletRequest request, - IProfile profile, IRequest req) { + private void setInputsIntoRequest(HttpServletRequest request, IProfile +profile, IRequest req) { Enumeration inputIds = profile.getProfileInputIds(); if (inputIds != null) { @@ -200,8 +203,7 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { String inputName = (String) inputNames.nextElement(); if (request.getParameter(inputName) != null) { - req.setExtData(inputName, - request.getParameter(inputName)); + req.setExtData(inputName, request.getParameter(inputName)); } } } @@ -214,7 +216,7 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { * <P> * * (Certificate Request Processed - either an automated "EE" profile based - * cert acceptance, or an automated "EE" profile based cert rejection) + * cert acceptance, or an automated "EE" profile based cert rejection) * <P> * * <ul> @@ -222,7 +224,6 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> - * * @param cmsReq the object holding the request and response information * @exception EBaseException an error has occurred */ @@ -232,8 +233,8 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { Locale locale = getLocale(request); ArgSet args = new ArgSet(); - String cert_request_type = mServletConfig - .getInitParameter("cert_request_type"); + String cert_request_type = + mServletConfig.getInitParameter("cert_request_type"); String outputFormat = mServletConfig.getInitParameter("outputFormat"); int reqlen = request.getContentLength(); @@ -267,30 +268,30 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { while (paramNames.hasMoreElements()) { String paramName = (String) paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if (paramName.startsWith("__") - || paramName.endsWith("password") - || paramName.endsWith("passwd") - || paramName.endsWith("pwd") - || paramName.equalsIgnoreCase("admin_password_again") - || paramName.equalsIgnoreCase("directoryManagerPwd") - || paramName.equalsIgnoreCase("bindpassword") - || paramName.equalsIgnoreCase("bindpwd") - || paramName.equalsIgnoreCase("passwd") - || paramName.equalsIgnoreCase("password") - || paramName.equalsIgnoreCase("pin") - || paramName.equalsIgnoreCase("pwd") - || paramName.equalsIgnoreCase("pwdagain") - || paramName.equalsIgnoreCase("uPasswd")) { - CMS.debug("ProfileSubmitCMCServlet Input Parameter " - + paramName + "='(sensitive)'"); + if( paramName.startsWith("__") || + paramName.endsWith("password") || + paramName.endsWith("passwd") || + paramName.endsWith("pwd") || + paramName.equalsIgnoreCase("admin_password_again") || + paramName.equalsIgnoreCase("directoryManagerPwd") || + paramName.equalsIgnoreCase("bindpassword") || + paramName.equalsIgnoreCase("bindpwd") || + paramName.equalsIgnoreCase("passwd") || + paramName.equalsIgnoreCase("password") || + paramName.equalsIgnoreCase("pin") || + paramName.equalsIgnoreCase("pwd") || + paramName.equalsIgnoreCase("pwdagain") || + paramName.equalsIgnoreCase("uPasswd") ) { + CMS.debug("ProfileSubmitCMCServlet Input Parameter " + + paramName + "='(sensitive)'"); } else { - CMS.debug("ProfileSubmitCMCServlet Input Parameter " - + paramName + "='" - + request.getParameter(paramName) + "'"); + CMS.debug("ProfileSubmitCMCServlet Input Parameter " + + paramName + "='" + + request.getParameter(paramName) + "'"); } } CMS.debug("End of ProfileSubmitCMCServlet Input Parameters"); @@ -302,8 +303,8 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { mProfileSubId = IProfileSubsystem.ID; } CMS.debug("ProfileSubmitCMCServlet: SubId=" + mProfileSubId); - IProfileSubsystem ps = (IProfileSubsystem) CMS - .getSubsystem(mProfileSubId); + IProfileSubsystem ps = (IProfileSubsystem) + CMS.getSubsystem(mProfileSubId); if (ps == null) { CMS.debug("ProfileSubmitCMCServlet: ProfileSubsystem not found"); @@ -312,12 +313,11 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { seq.addElement(new INTEGER(0)); UTF8String s = null; try { - s = new UTF8String(CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + s = new UTF8String(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } @@ -331,14 +331,14 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { profileId = mProfileId; } - IProfile profile = null; + IProfile profile = null; - try { + try { CMS.debug("ProfileSubmitCMCServlet: profileId " + profileId); - profile = ps.getProfile(profileId); - } catch (EProfileException e) { - CMS.debug("ProfileSubmitCMCServlet: profile not found profileId " - + profileId + " " + e.toString()); + profile = ps.getProfile(profileId); + } catch (EProfileException e) { + CMS.debug("ProfileSubmitCMCServlet: profile not found profileId " + + profileId + " " + e.toString()); } if (profile == null) { CMCOutputTemplate template = new CMCOutputTemplate(); @@ -346,29 +346,27 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { seq.addElement(new INTEGER(0)); UTF8String s = null; try { - s = new UTF8String(CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", profileId)); + s = new UTF8String(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId)); } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } if (!ps.isProfileEnable(profileId)) { - CMS.debug("ProfileSubmitCMCServlet: Profile " + profileId - + " not enabled"); + CMS.debug("ProfileSubmitCMCServlet: Profile " + profileId + + " not enabled"); CMCOutputTemplate template = new CMCOutputTemplate(); SEQUENCE seq = new SEQUENCE(); seq.addElement(new INTEGER(0)); UTF8String s = null; try { - s = new UTF8String(CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", profileId)); + s = new UTF8String(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId)); } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } @@ -388,8 +386,8 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { if (authenticator == null) { CMS.debug("ProfileSubmitCMCServlet: authenticator not found"); } else { - CMS.debug("ProfileSubmitCMCServlet: authenticator " - + authenticator.getName() + " found"); + CMS.debug("ProfileSubmitCMCServlet: authenticator " + + authenticator.getName() + " found"); setCredentialsIntoContext(request, authenticator, ctx); } @@ -405,39 +403,39 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { SessionContext context = SessionContext.getContext(); // insert profile context so that input parameter can be retrieved - context.put("profileContext", ctx); - context.put("sslClientCertProvider", new SSLClientCertProvider(request)); + context.put("profileContext", ctx); + context.put("sslClientCertProvider", + new SSLClientCertProvider(request)); CMS.debug("ProfileSubmitCMCServlet: set sslClientCertProvider"); - if (authenticator != null) { + if (authenticator != null) { try { authToken = authenticate(authenticator, request); // authentication success } catch (EBaseException e) { CMCOutputTemplate template = new CMCOutputTemplate(); SEQUENCE seq = new SEQUENCE(); - seq.addElement(new INTEGER(0)); + seq.addElement(new INTEGER(0)); UTF8String s = null; try { - s = new UTF8String(e.toString()); + s = new UTF8String(e.toString()); } catch (Exception ee) { } - template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.BAD_REQUEST, s); - CMS.debug("ProfileSubmitCMCServlet: authentication error " - + e.toString()); + template.createFullResponseWithFailedStatus(response, seq, + OtherInfo.BAD_REQUEST, s); + CMS.debug("ProfileSubmitCMCServlet: authentication error " + + e.toString()); return; } - // authorization only makes sense when request is authenticated + //authorization only makes sense when request is authenticated AuthzToken authzToken = null; if (authToken != null) { CMS.debug("ProfileSubmitCMCServlet authToken not null"); try { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "submit"); + mAuthzResourceName, "submit"); } catch (Exception e) { - CMS.debug("ProfileSubmitCMCServlet authorization failure: " - + e.toString()); + CMS.debug("ProfileSubmitCMCServlet authorization failure: "+e.toString()); } } @@ -448,21 +446,20 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { seq.addElement(new INTEGER(0)); UTF8String s = null; try { - s = new UTF8String( - "ProfileSubmitCMCServlet authorization failure"); + s = new UTF8String("ProfileSubmitCMCServlet authorization failure"); } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.BAD_REQUEST, s); + OtherInfo.BAD_REQUEST, s); return; } } IRequest reqs[] = null; - // ///////////////////////////////////////////// + /////////////////////////////////////////////// // create request - // ///////////////////////////////////////////// + /////////////////////////////////////////////// try { reqs = profile.createRequests(ctx, locale); } catch (EProfileException e) { @@ -476,7 +473,7 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } catch (Throwable e) { CMS.debug("ProfileSubmitCMCServlet: createRequests " + e.toString()); @@ -485,22 +482,21 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { seq.addElement(new INTEGER(0)); UTF8String s = null; try { - s = new UTF8String(CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + s = new UTF8String(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } - TaggedAttribute attr = (TaggedAttribute) (context - .get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness)); + TaggedAttribute attr = + (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness)); if (attr != null) { boolean verifyAllow = true; try { verifyAllow = CMS.getConfigStore().getBoolean( - "cmc.lraPopWitness.verify.allow", true); + "cmc.lraPopWitness.verify.allow", true); } catch (EBaseException ee) { } @@ -509,19 +505,18 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { SET vals = attr.getValues(); if (vals.size() > 0) { try { - lraPop = (LraPopWitness) (ASN1Util.decode( - LraPopWitness.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); + lraPop = (LraPopWitness)(ASN1Util.decode(LraPopWitness.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); } catch (InvalidBERException e) { - CMS.debug(CMS.getUserMessage(locale, - "CMS_PROFILE_ENCODING_ERROR")); + CMS.debug( + CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR")); } SEQUENCE bodyIds = lraPop.getBodyIds(); CMCOutputTemplate template = new CMCOutputTemplate(); - template.createFullResponseWithFailedStatus(response, - bodyIds, OtherInfo.POP_FAILED, null); + template.createFullResponseWithFailedStatus(response, bodyIds, + OtherInfo.POP_FAILED, null); return; } } @@ -529,54 +524,53 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { // for CMC, requests may be zero. Then check if controls exist. if (reqs == null) { - Integer nums = (Integer) (context.get("numOfControls")); + Integer nums = (Integer)(context.get("numOfControls")); CMCOutputTemplate template = new CMCOutputTemplate(); // if there is only one control GetCert, then simple response - // must be returned. + // must be returned. if (nums != null && nums.intValue() == 1) { - TaggedAttribute attr1 = (TaggedAttribute) (context - .get(OBJECT_IDENTIFIER.id_cmc_getCert)); + TaggedAttribute attr1 = (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); if (attr1 != null) { template.createSimpleResponse(response, reqs); } else - template.createFullResponse(response, reqs, - cert_request_type, null); + template.createFullResponse(response, reqs, + cert_request_type, null); } else - template.createFullResponse(response, reqs, cert_request_type, - null); + template.createFullResponse(response, reqs, + cert_request_type, null); return; } String errorCode = null; - String errorReason = null; + String errorReason = null; - // ///////////////////////////////////////////// + /////////////////////////////////////////////// // populate request - // ///////////////////////////////////////////// + /////////////////////////////////////////////// for (int k = 0; k < reqs.length; k++) { // adding parameters to request setInputsIntoRequest(request, profile, reqs[k]); // serial auth token into request if (authToken != null) { - Enumeration tokenNames = authToken.getElements(); - while (tokenNames.hasMoreElements()) { - String tokenName = (String) tokenNames.nextElement(); - String[] vals = authToken.getInStringArray(tokenName); - if (vals != null) { - for (int i = 0; i < vals.length; i++) { - reqs[k].setExtData(ARG_AUTH_TOKEN + "." + tokenName - + "[" + i + "]", vals[i]); - } - } else { - String val = authToken.getInString(tokenName); - if (val != null) { - reqs[k].setExtData( - ARG_AUTH_TOKEN + "." + tokenName, val); - } - } - } - } + Enumeration tokenNames = authToken.getElements(); + while (tokenNames.hasMoreElements()) { + String tokenName = (String)tokenNames.nextElement(); + String[] vals = authToken.getInStringArray(tokenName); + if (vals != null) { + for (int i = 0; i < vals.length; i++) { + reqs[k].setExtData(ARG_AUTH_TOKEN + "." + + tokenName + "[" + i + "]", vals[i]); + } + } else { + String val = authToken.getInString(tokenName); + if (val != null) { + reqs[k].setExtData(ARG_AUTH_TOKEN + "." + tokenName, + val); + } + } + } + } // put profile framework parameters into the request reqs[k].setExtData(ARG_PROFILE, "true"); @@ -591,12 +585,11 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { seq.addElement(new INTEGER(0)); UTF8String s = null; try { - s = new UTF8String( - CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND")); + s = new UTF8String(CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND")); } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } @@ -605,13 +598,13 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { reqs[k].setExtData(ARG_PROFILE_REMOTE_HOST, request.getRemoteHost()); reqs[k].setExtData(ARG_PROFILE_REMOTE_ADDR, request.getRemoteAddr()); - CMS.debug("ProfileSubmitCMCServlet: request " - + reqs[k].getRequestId().toString()); + CMS.debug("ProfileSubmitCMCServlet: request " + + reqs[k].getRequestId().toString()); try { CMS.debug("ProfileSubmitCMCServlet: populating request inputs"); // give authenticator a chance to populate the request - if (authenticator != null) { + if (authenticator != null) { authenticator.populate(authToken, reqs[k]); } profile.populateInput(ctx, reqs[k]); @@ -627,12 +620,12 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.BAD_REQUEST, s); + OtherInfo.BAD_REQUEST, s); return; } catch (Throwable e) { CMS.debug("ProfileSubmitCMCServlet: populate " + e.toString()); - // throw new IOException("Profile " + profileId + - // " cannot populate"); + // throw new IOException("Profile " + profileId + + // " cannot populate"); CMCOutputTemplate template = new CMCOutputTemplate(); SEQUENCE seq = new SEQUENCE(); seq.addElement(new INTEGER(0)); @@ -642,7 +635,7 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } } @@ -654,28 +647,28 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { int responseType = 0; try { - // ///////////////////////////////////////////// + /////////////////////////////////////////////// // submit request - // ///////////////////////////////////////////// + /////////////////////////////////////////////// int error_codes[] = null; if (reqs != null && reqs.length > 0) - error_codes = new int[reqs.length]; + error_codes = new int[reqs.length]; for (int k = 0; k < reqs.length; k++) { try { // reset the "auditRequesterID" auditRequesterID = auditRequesterID(reqs[k]); + // print request debug if (reqs[k] != null) { - Enumeration reqKeys = reqs[k].getExtDataKeys(); - while (reqKeys.hasMoreElements()) { - String reqKey = (String) reqKeys.nextElement(); - String reqVal = reqs[k].getExtDataInString(reqKey); - if (reqVal != null) { - CMS.debug("ProfileSubmitCMCServlet: key=$request." - + reqKey + "$ value=" + reqVal); - } + Enumeration reqKeys = reqs[k].getExtDataKeys(); + while (reqKeys.hasMoreElements()) { + String reqKey = (String)reqKeys.nextElement(); + String reqVal = reqs[k].getExtDataInString(reqKey); + if (reqVal != null) { + CMS.debug("ProfileSubmitCMCServlet: key=$request." + reqKey + "$ value=" + reqVal); } + } } profile.submit(authToken, reqs[k]); @@ -685,16 +678,16 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { auditInfoCertValue = auditInfoCertValue(reqs[k]); if (auditInfoCertValue != null) { - if (!(auditInfoCertValue - .equals(ILogger.SIGNED_AUDIT_EMPTY_VALUE))) { + if (!(auditInfoCertValue.equals( + ILogger.SIGNED_AUDIT_EMPTY_VALUE))) { // store a message in the signed audit log file - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.SUCCESS, - auditRequesterID, - ILogger.SIGNED_AUDIT_ACCEPTANCE, - auditInfoCertValue); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + ILogger.SIGNED_AUDIT_ACCEPTANCE, + auditInfoCertValue); audit(auditMessage); } @@ -703,50 +696,53 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { // return defer message to the user reqs[k].setRequestStatus(RequestStatus.PENDING); // need to notify - INotify notify = profile.getRequestQueue() - .getPendingNotify(); + INotify notify = profile.getRequestQueue().getPendingNotify(); if (notify != null) { - notify.notify(reqs[k]); + notify.notify(reqs[k]); } - + CMS.debug("ProfileSubmitCMCServlet: submit " + e.toString()); errorCode = "2"; errorReason = CMS.getUserMessage(locale, - "CMS_PROFILE_DEFERRED", e.toString()); + "CMS_PROFILE_DEFERRED", + e.toString()); } catch (ERejectException e) { - // return error to the user + // return error to the user reqs[k].setRequestStatus(RequestStatus.REJECTED); CMS.debug("ProfileSubmitCMCServlet: submit " + e.toString()); errorCode = "3"; errorReason = CMS.getUserMessage(locale, - "CMS_PROFILE_REJECTED", e.toString()); + "CMS_PROFILE_REJECTED", + e.toString()); } catch (Throwable e) { // return error to the user CMS.debug("ProfileSubmitCMCServlet: submit " + e.toString()); errorCode = "1"; errorReason = CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR"); + "CMS_INTERNAL_ERROR"); } - try { + try { if (errorCode == null) { profile.getRequestQueue().markAsServiced(reqs[k]); } else { profile.getRequestQueue().updateRequest(reqs[k]); } } catch (EBaseException e) { - CMS.debug("ProfileSubmitCMCServlet: updateRequest " - + e.toString()); + CMS.debug("ProfileSubmitCMCServlet: updateRequest " + + e.toString()); } if (errorCode != null) { if (errorCode.equals("1")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, - ILogger.SIGNED_AUDIT_REJECTION, errorReason); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + ILogger.SIGNED_AUDIT_REJECTION, + errorReason); audit(auditMessage); } else if (errorCode.equals("2")) { @@ -756,10 +752,12 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { } else if (errorCode.equals("3")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, - ILogger.SIGNED_AUDIT_REJECTION, errorReason); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + ILogger.SIGNED_AUDIT_REJECTION, + errorReason); audit(auditMessage); } @@ -771,47 +769,45 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { if (errorCode != null) { // create the CMC full enrollment response CMCOutputTemplate template = new CMCOutputTemplate(); - template.createFullResponse(response, reqs, cert_request_type, - error_codes); + template.createFullResponse(response, reqs, cert_request_type, error_codes); return; } - // ///////////////////////////////////////////// - // output output list - // ///////////////////////////////////////////// - - CMS.debug("ProfileSubmitCMCServlet: done serving"); - CMCOutputTemplate template = new CMCOutputTemplate(); - if (cert_request_type.equals("pkcs10") - || cert_request_type.equals("crmf")) { - - if (outputFormat != null && outputFormat.equals("pkcs7")) { - byte[] pkcs7 = CMS.getPKCS7(locale, reqs[0]); - response.setContentType("application/pkcs7-mime"); - response.setContentLength(pkcs7.length); - try { - OutputStream os = response.getOutputStream(); - os.write(pkcs7); - os.flush(); - } catch (Exception ee) { - } - return; - } - template.createSimpleResponse(response, reqs); - } else if (cert_request_type.equals("cmc")) { - Integer nums = (Integer) (context.get("numOfControls")); - if (nums != null && nums.intValue() == 1) { - TaggedAttribute attr1 = (TaggedAttribute) (context - .get(OBJECT_IDENTIFIER.id_cmc_getCert)); - if (attr1 != null) { - template.createSimpleResponse(response, reqs); - return; - } - } - template.createFullResponse(response, reqs, cert_request_type, - error_codes); - } + /////////////////////////////////////////////// + // output output list + /////////////////////////////////////////////// + + CMS.debug("ProfileSubmitCMCServlet: done serving"); + CMCOutputTemplate template = new CMCOutputTemplate(); + if (cert_request_type.equals("pkcs10") || cert_request_type.equals("crmf")) { + + if (outputFormat != null &&outputFormat.equals("pkcs7")) { + byte[] pkcs7 = CMS.getPKCS7(locale, reqs[0]); + response.setContentType("application/pkcs7-mime"); + response.setContentLength(pkcs7.length); + try { + OutputStream os = response.getOutputStream(); + os.write(pkcs7); + os.flush(); + } catch (Exception ee) { + } + return; + } + template.createSimpleResponse(response, reqs); + } else if (cert_request_type.equals("cmc")) { + Integer nums = (Integer)(context.get("numOfControls")); + if (nums != null && nums.intValue() == 1) { + TaggedAttribute attr1 = + (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); + if (attr1 != null) { + template.createSimpleResponse(response, reqs); + return; + } + } + template.createFullResponse(response, reqs, cert_request_type, + error_codes); + } } finally { SessionContext.releaseContext(); } @@ -819,11 +815,11 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for a signed audit log - * message. + * + * This method is called to obtain the "RequesterID" for + * a signed audit log message. * <P> - * + * * @param request the actual request * @return id string containing the signed audit log message RequesterID */ @@ -849,11 +845,11 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param request request containing an X509CertImpl * @return cert string containing the certificate */ @@ -863,8 +859,8 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { return null; } - X509CertImpl x509cert = request - .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); + X509CertImpl x509cert = request.getExtDataInCert( + IEnrollProfile.REQUEST_ISSUED_CERT); if (x509cert == null) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java index 626b35789..184a82b2e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; + import java.math.BigInteger; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; @@ -71,9 +72,10 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.util.Cert; import com.netscape.cmsutil.xml.XMLObject; + /** * This servlet submits end-user request into the profile framework. - * + * * @author Christina Fu (renewal support) * @version $Revision$, $Date$ */ @@ -95,27 +97,34 @@ public class ProfileSubmitServlet extends ProfileServlet { private String mReqType = null; private String mAuthorityId = null; - private final static String[] SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { - - /* 0 */"automated profile cert request rejection: " + private final static String[] + SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { + + /* 0 */ "automated profile cert request rejection: " + "indeterminate reason for inability to process " - + "cert request due to an EBaseException" }; - private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + + "cert request due to an EBaseException" + }; + private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + + + private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = + "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; + private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = + "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; - private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; - private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; public ProfileSubmitServlet() { } /** - * initialize the servlet. And instance of this servlet can be set up to - * always issue certificates against a certain profile by setting the - * 'profileId' configuration in the servletConfig If not, the user must - * specify the profileID when submitting the request + * initialize the servlet. And instance of this servlet can + * be set up to always issue certificates against a certain profile + * by setting the 'profileId' configuration in the servletConfig + * If not, the user must specify the profileID when submitting the request * * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -124,8 +133,7 @@ public class ProfileSubmitServlet extends ProfileServlet { mProfileId = sc.getInitParameter(PROP_PROFILE_ID); } - private void setInputsIntoContext(HttpServletRequest request, - IProfile profile, IProfileContext ctx) { + private void setInputsIntoContext(HttpServletRequest request, IProfile profile, IProfileContext ctx) { // passing inputs into context Enumeration inputIds = profile.getProfileInputIds(); @@ -138,13 +146,9 @@ public class ProfileSubmitServlet extends ProfileServlet { while (inputNames.hasMoreElements()) { String inputName = (String) inputNames.nextElement(); if (request.getParameter(inputName) != null) { - // all subject name parameters start with sn_, no other - // input parameters do + // all subject name parameters start with sn_, no other input parameters do if (inputName.matches("^sn_.*")) { - ctx.set(inputName, - escapeValueRfc1779( - request.getParameter(inputName), - false).toString()); + ctx.set(inputName, escapeValueRfc1779(request.getParameter(inputName), false).toString()); } else { ctx.set(inputName, request.getParameter(inputName)); } @@ -155,12 +159,12 @@ public class ProfileSubmitServlet extends ProfileServlet { } - /* - * fill input info from "request" to context. This is expected to be used by - * renewal where the request is retrieved from request record + /* + * fill input info from "request" to context. + * This is expected to be used by renewal where the request + * is retrieved from request record */ - private void setInputsIntoContext(IRequest request, IProfile profile, - IProfileContext ctx, Locale locale) { + private void setInputsIntoContext(IRequest request, IProfile profile, IProfileContext ctx, Locale locale) { // passing inputs into context Enumeration inputIds = profile.getProfileInputIds(); @@ -173,19 +177,15 @@ public class ProfileSubmitServlet extends ProfileServlet { while (inputNames.hasMoreElements()) { String inputName = (String) inputNames.nextElement(); String inputValue = ""; - CMS.debug("ProfileSubmitServlet: setInputsIntoContext() getting input name= " - + inputName); + CMS.debug("ProfileSubmitServlet: setInputsIntoContext() getting input name= " + inputName); try { - inputValue = profileInput.getValue(inputName, locale, - request); + inputValue = profileInput.getValue(inputName, locale, request); } catch (Exception e) { - CMS.debug("ProfileSubmitServlet: setInputsIntoContext() getvalue() failed: " - + e.toString()); + CMS.debug("ProfileSubmitServlet: setInputsIntoContext() getvalue() failed: " + e.toString()); } if (inputValue != null) { - CMS.debug("ProfileSubmitServlet: setInputsIntoContext() setting value in ctx:" - + inputValue); + CMS.debug("ProfileSubmitServlet: setInputsIntoContext() setting value in ctx:"+ inputValue); ctx.set(inputName, inputValue); } else { CMS.debug("ProfileSubmitServlet: setInputsIntoContext() value null"); @@ -196,8 +196,9 @@ public class ProfileSubmitServlet extends ProfileServlet { } - private void setCredentialsIntoContext(HttpServletRequest request, - IProfileAuthenticator authenticator, IProfileContext ctx) { + + + private void setCredentialsIntoContext(HttpServletRequest request, IProfileAuthenticator authenticator, IProfileContext ctx) { Enumeration authIds = authenticator.getValueNames(); if (authIds != null) { @@ -205,8 +206,8 @@ public class ProfileSubmitServlet extends ProfileServlet { while (authIds.hasMoreElements()) { String authName = (String) authIds.nextElement(); - CMS.debug("ProfileSubmitServlet:setCredentialsIntoContext() authName:" - + authName); + CMS.debug("ProfileSubmitServlet:setCredentialsIntoContext() authName:"+ + authName); if (request.getParameter(authName) != null) { CMS.debug("ProfileSubmitServlet:setCredentialsIntoContext() authName found in request"); ctx.set(authName, request.getParameter(authName)); @@ -231,8 +232,7 @@ public class ProfileSubmitServlet extends ProfileServlet { String n = t.substring(0, i); if (n.equalsIgnoreCase("uid")) { String v = t.substring(i + 1); - CMS.debug("ProfileSubmitServlet:: getUidFromDN(): uid found:" - + v); + CMS.debug("ProfileSubmitServlet:: getUidFromDN(): uid found:"+v); return v; } else { continue; @@ -242,74 +242,70 @@ public class ProfileSubmitServlet extends ProfileServlet { } /* - * authenticate for renewal - more to add necessary params/values to the - * session context + * authenticate for renewal - more to add necessary params/values + * to the session context */ public IAuthToken authenticate(IProfileAuthenticator authenticator, - HttpServletRequest request, IRequest origReq, SessionContext context) - throws EBaseException { - IAuthToken authToken = authenticate(authenticator, request); - // For renewal, fill in necessary params - if (authToken != null) { - String ouid = origReq.getExtDataInString("auth_token.uid"); - // if the orig cert was manually approved, then there was - // no auth token uid. Try to get the uid from the cert dn - // itself, if possible - if (ouid == null) { - String sdn = (String) context.get("origSubjectDN"); - if (sdn != null) { - ouid = getUidFromDN(sdn); - if (ouid != null) - CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found"); - } - } else { - CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found in orig request auth_token"); - } - String auid = authToken.getInString("uid"); - if (auid != null) { // not through ssl client auth - CMS.debug("ProfileSubmitServlet: renewal: authToken uid found:" - + auid); - // authenticated with uid - // put "orig_req.auth_token.uid" so that authz with - // UserOrigReqAccessEvaluator will work - if (ouid != null) { - context.put("orig_req.auth_token.uid", ouid); - CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found:" - + ouid); - } else { - CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found"); - } - } else { // through ssl client auth? - CMS.debug("ProfileSubmitServlet: renewal: authToken uid not found:"); - // put in orig_req's uid - if (ouid != null) { - CMS.debug("ProfileSubmitServlet: renewal: origReq uid not null:" - + ouid + ". Setting authtoken"); - authToken.set("uid", ouid); - context.put(SessionContext.USER_ID, ouid); + HttpServletRequest request, IRequest origReq, SessionContext context) + throws EBaseException { + IAuthToken authToken = authenticate(authenticator, request); + // For renewal, fill in necessary params + if (authToken!= null) { + String ouid = origReq.getExtDataInString("auth_token.uid"); + // if the orig cert was manually approved, then there was + // no auth token uid. Try to get the uid from the cert dn + // itself, if possible + if (ouid == null) { + String sdn = (String) context.get("origSubjectDN"); + if (sdn != null) { + ouid = getUidFromDN(sdn); + if (ouid != null) + CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found"); + } + } else { + CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found in orig request auth_token"); + } + String auid = authToken.getInString("uid"); + if (auid != null) { // not through ssl client auth + CMS.debug("ProfileSubmitServlet: renewal: authToken uid found:"+auid); + // authenticated with uid + // put "orig_req.auth_token.uid" so that authz with + // UserOrigReqAccessEvaluator will work + if (ouid != null) { + context.put("orig_req.auth_token.uid", ouid); + CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found:"+ouid); + } else { + CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found"); + } + } else { // through ssl client auth? + CMS.debug("ProfileSubmitServlet: renewal: authToken uid not found:"); + // put in orig_req's uid + if (ouid != null) { + CMS.debug("ProfileSubmitServlet: renewal: origReq uid not null:" +ouid+". Setting authtoken"); + authToken.set("uid", ouid); + context.put(SessionContext.USER_ID, ouid); + } else { + CMS.debug("ProfileSubmitServlet: renewal: origReq uid not found"); +// throw new EBaseException("origReq uid not found"); + } + } + + String userdn = origReq.getExtDataInString("auth_token.userdn"); + if (userdn != null) { + CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not null:"+userdn+". Setting authtoken"); + authToken.set("userdn", userdn); + } else { + CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not found"); +// throw new EBaseException("origReq userdn not found"); + } } else { - CMS.debug("ProfileSubmitServlet: renewal: origReq uid not found"); - // throw new EBaseException("origReq uid not found"); + CMS.debug("ProfileSubmitServlet: renewal: authToken null"); } - } - - String userdn = origReq.getExtDataInString("auth_token.userdn"); - if (userdn != null) { - CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not null:" - + userdn + ". Setting authtoken"); - authToken.set("userdn", userdn); - } else { - CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not found"); - // throw new EBaseException("origReq userdn not found"); - } - } else { - CMS.debug("ProfileSubmitServlet: renewal: authToken null"); - } - return authToken; + return authToken; } public IAuthToken authenticate(IProfileAuthenticator authenticator, - HttpServletRequest request) throws EBaseException { + HttpServletRequest request) throws EBaseException { AuthCredentials credentials = new AuthCredentials(); // build credential @@ -327,19 +323,18 @@ public class ProfileSubmitServlet extends ProfileServlet { IAuthToken authToken = authenticator.authenticate(credentials); SessionContext sc = SessionContext.getContext(); - if (sc != null) { - sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); - String userid = authToken.getInString(IAuthToken.USER_ID); - if (userid != null) { - sc.put(SessionContext.USER_ID, userid); - } + if (sc != null) { + sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); + String userid = authToken.getInString(IAuthToken.USER_ID); + if (userid != null) { + sc.put(SessionContext.USER_ID, userid); + } } return authToken; } - private void setInputsIntoRequest(HttpServletRequest request, - IProfile profile, IRequest req) { + private void setInputsIntoRequest(HttpServletRequest request, IProfile profile, IRequest req) { Enumeration inputIds = profile.getProfileInputIds(); if (inputIds != null) { @@ -353,17 +348,11 @@ public class ProfileSubmitServlet extends ProfileServlet { String inputName = (String) inputNames.nextElement(); if (request.getParameter(inputName) != null) { - // special characters in subject names parameters - // must be escaped + // special characters in subject names parameters must be escaped if (inputName.matches("^sn_.*")) { - req.setExtData( - inputName, - escapeValueRfc1779( - request.getParameter(inputName), - false).toString()); + req.setExtData(inputName, escapeValueRfc1779(request.getParameter(inputName), false).toString()); } else { - req.setExtData(inputName, - request.getParameter(inputName)); + req.setExtData(inputName, request.getParameter(inputName)); } } } @@ -372,12 +361,12 @@ public class ProfileSubmitServlet extends ProfileServlet { } } - /* - * fill input info from orig request to the renew request. This is expected - * to be used by renewal where the request is retrieved from request record + /* + * fill input info from orig request to the renew request. + * This is expected to be used by renewal where the request + * is retrieved from request record */ - private void setInputsIntoRequest(IRequest request, IProfile profile, - IRequest req, Locale locale) { + private void setInputsIntoRequest(IRequest request, IProfile profile, IRequest req, Locale locale) { // passing inputs into request Enumeration inputIds = profile.getProfileInputIds(); @@ -390,19 +379,15 @@ public class ProfileSubmitServlet extends ProfileServlet { while (inputNames.hasMoreElements()) { String inputName = (String) inputNames.nextElement(); String inputValue = ""; - CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() getting input name= " - + inputName); + CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() getting input name= " + inputName); try { - inputValue = profileInput.getValue(inputName, locale, - request); + inputValue = profileInput.getValue(inputName, locale, request); } catch (Exception e) { - CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() getvalue() failed: " - + e.toString()); + CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() getvalue() failed: " + e.toString()); } if (inputValue != null) { - CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() setting value in ctx:" - + inputValue); + CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() setting value in ctx:"+ inputValue); req.setExtData(inputName, inputValue); } else { CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() value null"); @@ -413,15 +398,13 @@ public class ProfileSubmitServlet extends ProfileServlet { } - private void setOutputIntoArgs(IProfile profile, ArgList outputlist, - Locale locale, IRequest req) { + private void setOutputIntoArgs(IProfile profile, ArgList outputlist, Locale locale, IRequest req) { Enumeration outputIds = profile.getProfileOutputIds(); if (outputIds != null) { while (outputIds.hasMoreElements()) { String outputId = (String) outputIds.nextElement(); - IProfileOutput profileOutput = profile - .getProfileOutput(outputId); + IProfileOutput profileOutput = profile.getProfileOutput(outputId); Enumeration outputNames = profileOutput.getValueNames(); @@ -429,20 +412,19 @@ public class ProfileSubmitServlet extends ProfileServlet { while (outputNames.hasMoreElements()) { ArgSet outputset = new ArgSet(); String outputName = (String) outputNames.nextElement(); - IDescriptor outputDesc = profileOutput - .getValueDescriptor(locale, outputName); + IDescriptor outputDesc = + profileOutput.getValueDescriptor(locale, outputName); if (outputDesc == null) continue; String outputSyntax = outputDesc.getSyntax(); String outputConstraint = outputDesc.getConstraint(); - String outputValueName = outputDesc - .getDescription(locale); + String outputValueName = outputDesc.getDescription(locale); String outputValue = null; try { - outputValue = profileOutput.getValue(outputName, - locale, req); + outputValue = profileOutput.getValue(outputName, + locale, req); } catch (EProfileException e) { CMS.debug("ProfileSubmitServlet: " + e.toString()); } @@ -464,7 +446,7 @@ public class ProfileSubmitServlet extends ProfileServlet { * <P> * * (Certificate Request Processed - either an automated "EE" profile based - * cert acceptance, or an automated "EE" profile based cert rejection) + * cert acceptance, or an automated "EE" profile based cert rejection) * <P> * * <ul> @@ -472,7 +454,6 @@ public class ProfileSubmitServlet extends ProfileServlet { * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> - * * @param cmsReq the object holding the request and response information * @exception EBaseException an error has occurred */ @@ -495,9 +476,9 @@ public class ProfileSubmitServlet extends ProfileServlet { CMS.debug("xmlOutput false"); } - IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("enrollment", true /* main action */); + statsSub.startTiming("enrollment", true /* main action */); } long startTime = CMS.getCurrentDate().getTime(); @@ -511,30 +492,30 @@ public class ProfileSubmitServlet extends ProfileServlet { while (paramNames.hasMoreElements()) { String paramName = (String) paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if (paramName.startsWith("__") - || paramName.endsWith("password") - || paramName.endsWith("passwd") - || paramName.endsWith("pwd") - || paramName.equalsIgnoreCase("admin_password_again") - || paramName.equalsIgnoreCase("directoryManagerPwd") - || paramName.equalsIgnoreCase("bindpassword") - || paramName.equalsIgnoreCase("bindpwd") - || paramName.equalsIgnoreCase("passwd") - || paramName.equalsIgnoreCase("password") - || paramName.equalsIgnoreCase("pin") - || paramName.equalsIgnoreCase("pwd") - || paramName.equalsIgnoreCase("pwdagain") - || paramName.equalsIgnoreCase("uPasswd")) { - CMS.debug("ProfileSubmitServlet Input Parameter " - + paramName + "='(sensitive)'"); + if( paramName.startsWith("__") || + paramName.endsWith("password") || + paramName.endsWith("passwd") || + paramName.endsWith("pwd") || + paramName.equalsIgnoreCase("admin_password_again") || + paramName.equalsIgnoreCase("directoryManagerPwd") || + paramName.equalsIgnoreCase("bindpassword") || + paramName.equalsIgnoreCase("bindpwd") || + paramName.equalsIgnoreCase("passwd") || + paramName.equalsIgnoreCase("password") || + paramName.equalsIgnoreCase("pin") || + paramName.equalsIgnoreCase("pwd") || + paramName.equalsIgnoreCase("pwdagain") || + paramName.equalsIgnoreCase("uPasswd") ) { + CMS.debug("ProfileSubmitServlet Input Parameter " + + paramName + "='(sensitive)'"); } else { - CMS.debug("ProfileSubmitServlet Input Parameter " - + paramName + "='" - + request.getParameter(paramName) + "'"); + CMS.debug("ProfileSubmitServlet Input Parameter " + + paramName + "='" + + request.getParameter(paramName) + "'"); } } CMS.debug("End of ProfileSubmitServlet Input Parameters"); @@ -546,42 +527,44 @@ public class ProfileSubmitServlet extends ProfileServlet { mProfileSubId = IProfileSubsystem.ID; } CMS.debug("ProfileSubmitServlet: SubId=" + mProfileSubId); - IProfileSubsystem ps = (IProfileSubsystem) CMS - .getSubsystem(mProfileSubId); + IProfileSubsystem ps = (IProfileSubsystem) + CMS.getSubsystem(mProfileSubId); if (ps == null) { CMS.debug("ProfileSubmitServlet: ProfileSubsystem not found"); if (xmlOutput) { - outputError(response, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + outputError(response, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); } else { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } return; } /* * Renewal - Renewal is retrofitted into the Profile Enrollment - * Framework. The authentication and authorization are taken from the - * renewal profile, while the input (with requests) and grace period - * constraint are taken from the original cert's request record. + * Framework. The authentication and authorization are taken from + * the renewal profile, while the input (with requests) and grace + * period constraint are taken from the original cert's request record. * - * Things to note: * the renew request will contain the original profile - * instead of the new * there is no request for system and admin certs - * generated at time of installation configuration. + * Things to note: + * * the renew request will contain the original profile instead + * of the new + * * there is no request for system and admin certs generated at + * time of installation configuration. */ String renewal = request.getParameter("renewal"); boolean isRenewal = false; - if ((renewal != null) && (renewal.equalsIgnoreCase("true"))) { + if ((renewal!= null) && (renewal.equalsIgnoreCase("true"))) { CMS.debug("ProfileSubmitServlet: isRenewal true"); isRenewal = true; - request.setAttribute("reqType", (Object) "renewal"); + request.setAttribute("reqType", (Object)"renewal"); } else { CMS.debug("ProfileSubmitServlet: isRenewal false"); } @@ -609,25 +592,25 @@ public class ProfileSubmitServlet extends ProfileServlet { if (isRenewal) { // dig up the original request to "clone" renewProfileId = profileId; - CMS.debug("ProfileSubmitServlet: renewProfileId =" + renewProfileId); + CMS.debug("ProfileSubmitServlet: renewProfileId ="+renewProfileId); IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId); if (authority == null) { - CMS.debug("ProfileSubmitServlet: renewal: Authority " - + mAuthorityId + " not found"); + CMS.debug("ProfileSubmitServlet: renewal: Authority " + mAuthorityId + + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } IRequestQueue queue = authority.getRequestQueue(); if (queue == null) { - CMS.debug("ProfileSubmitServlet: renewal: Request Queue of " - + mAuthorityId + " not found"); + CMS.debug("ProfileSubmitServlet: renewal: Request Queue of " + + mAuthorityId + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -635,7 +618,7 @@ public class ProfileSubmitServlet extends ProfileServlet { String serial = request.getParameter("serial_num"); BigInteger certSerial = null; // if serial number is sent with request, then the authentication - // method is not ssl client auth. In this case, an alternative + // method is not ssl client auth. In this case, an alternative // authentication method is used (default: ldap based) if (serial != null) { CMS.debug("ProfileSubmitServlet: renewal: found serial_num"); @@ -647,15 +630,14 @@ public class ProfileSubmitServlet extends ProfileServlet { // ssl client auth is to be used // this is not authentication. Just use the cert to search // for orig request and find the right profile - SSLClientCertProvider sslCCP = new SSLClientCertProvider( - request); + SSLClientCertProvider sslCCP = new SSLClientCertProvider(request); X509Certificate[] certs = sslCCP.getClientCertificateChain(); certSerial = null; if (certs == null || certs.length == 0) { CMS.debug("ProfileSubmitServlet: renewal: no ssl client cert chain"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } else { // has ssl client cert @@ -663,46 +645,45 @@ public class ProfileSubmitServlet extends ProfileServlet { // shouldn't expect leaf cert to be always at the // same location X509Certificate clientCert = null; - for (int i = 0; i < certs.length; i++) { + for (int i = 0; i< certs.length; i++) { clientCert = certs[i]; - byte[] extBytes = clientCert - .getExtensionValue("2.5.29.19"); + byte [] extBytes = clientCert.getExtensionValue("2.5.29.19"); // try to see if this is a leaf cert // look for BasicConstraint extension if (extBytes == null) { // found leaf cert - CMS.debug("ProfileSubmitServlet: renewal: found leaf cert"); + CMS.debug("ProfileSubmitServlet: renewal: found leaf cert"); break; } else { - CMS.debug("ProfileSubmitServlet: renewal: found cert having BasicConstraints ext"); - // it's got BasicConstraints extension - // so it's not likely to be a leaf cert, - // however, check the isCA field regardless - try { - BasicConstraintsExtension bce = new BasicConstraintsExtension( - true, extBytes); - if (bce != null) { - if (!(Boolean) bce.get("is_ca")) { - CMS.debug("ProfileSubmitServlet: renewal: found CA cert in chain"); - break; - } // else found a ca cert, continue - } - } catch (Exception e) { - CMS.debug("ProfileSubmitServlet: renewal: exception:" - + e.toString()); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage( - locale, "CMS_INTERNAL_ERROR")); - outputTemplate(request, response, args); - return; + CMS.debug("ProfileSubmitServlet: renewal: found cert having BasicConstraints ext"); + // it's got BasicConstraints extension + // so it's not likely to be a leaf cert, + // however, check the isCA field regardless + try { + BasicConstraintsExtension bce = + new BasicConstraintsExtension(true, extBytes); + if (bce != null) { + if (!(Boolean)bce.get("is_ca")) { + CMS.debug("ProfileSubmitServlet: renewal: found CA cert in chain"); + break; + } // else found a ca cert, continue } + } catch (Exception e) { + CMS.debug("ProfileSubmitServlet: renewal: exception:"+ + e.toString()); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); + outputTemplate(request, response, args); + return; + } } } if (clientCert == null) { CMS.debug("ProfileSubmitServlet: renewal: no client cert in chain"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -712,11 +693,10 @@ public class ProfileSubmitServlet extends ProfileServlet { clientCert = new X509CertImpl(certEncoded); } catch (Exception e) { - CMS.debug("ProfileSubmitServlet: renewal: exception:" - + e.toString()); + CMS.debug("ProfileSubmitServlet: renewal: exception:"+e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -725,123 +705,96 @@ public class ProfileSubmitServlet extends ProfileServlet { } } - CMS.debug("ProfileSubmitServlet: renewal: serial number of cert to renew:" - + certSerial.toString()); + CMS.debug("ProfileSubmitServlet: renewal: serial number of cert to renew:"+ certSerial.toString()); try { ICertificateRepository certDB = null; if (authority instanceof ICertificateAuthority) { - certDB = ((ICertificateAuthority) authority) - .getCertificateRepository(); + certDB = ((ICertificateAuthority) authority).getCertificateRepository(); } if (certDB == null) { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } - ICertRecord rec = (ICertRecord) certDB - .readCertificateRecord(certSerial); - if (rec == null) { - CMS.debug("ProfileSubmitServlet: renewal cert record not found for serial number " - + certSerial.toString()); + ICertRecord rec = (ICertRecord) certDB.readCertificateRecord(certSerial); + if (rec == null) { + CMS.debug("ProfileSubmitServlet: renewal cert record not found for serial number "+ certSerial.toString()); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } else { - CMS.debug("ProfileSubmitServlet: renewal cert record found for serial number:" - + certSerial.toString()); + CMS.debug("ProfileSubmitServlet: renewal cert record found for serial number:"+ certSerial.toString()); // check to see if the cert is revoked or revoked_expired - if ((rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) - || (rec.getStatus() - .equals(ICertRecord.STATUS_REVOKED_EXPIRED))) { - CMS.debug("ProfileSubmitServlet: renewal cert found to be revoked. Serial number = " - + certSerial.toString()); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_CA_CANNOT_RENEW_REVOKED_CERT", - certSerial.toString())); - outputTemplate(request, response, args); - return; + if ((rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) || (rec.getStatus().equals(ICertRecord.STATUS_REVOKED_EXPIRED))) { + CMS.debug("ProfileSubmitServlet: renewal cert found to be revoked. Serial number = "+ certSerial.toString()); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_CA_CANNOT_RENEW_REVOKED_CERT", certSerial.toString())); + outputTemplate(request, response, args); + return; } - MetaInfo metaInfo = (MetaInfo) rec - .get(ICertRecord.ATTR_META_INFO); + MetaInfo metaInfo = (MetaInfo) rec.get(ICertRecord.ATTR_META_INFO); // note: CA's internal certs don't have request ids // so some other way needs to be done if (metaInfo != null) { - String rid = (String) metaInfo - .get(ICertRecord.META_REQUEST_ID); + String rid = (String) metaInfo.get(ICertRecord.META_REQUEST_ID); if (rid != null) { origReq = queue.findRequest(new RequestId(rid)); if (origReq != null) { - CMS.debug("ProfileSubmitServlet: renewal: found original enrollment request id:" - + rid); + CMS.debug("ProfileSubmitServlet: renewal: found original enrollment request id:"+ rid); // debug: print the extData keys Enumeration en = origReq.getExtDataKeys(); - /* - * CMS.debug( - * "ProfileSubmitServlet: renewal: origRequest extdata key print BEGINS" - * ); while (en.hasMoreElements()) { String next - * = (String) en.nextElement(); CMS.debug( - * "ProfileSubmitServlet: renewal: origRequest extdata key:" - * + next); } CMS.debug( - * "ProfileSubmitServlet: renewal: origRequest extdata key print ENDS" - * ); - */ - String requestorE = origReq - .getExtDataInString("requestor_email"); - CMS.debug("ProfileSubmitServlet: renewal original requestor email=" - + requestorE); - profileId = origReq - .getExtDataInString("profileId"); +/* + CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key print BEGINS"); + while (en.hasMoreElements()) { + String next = (String) en.nextElement(); + CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key:"+ next); + } + CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key print ENDS"); +*/ + String requestorE = origReq.getExtDataInString("requestor_email"); + CMS.debug("ProfileSubmitServlet: renewal original requestor email="+requestorE); + profileId = origReq.getExtDataInString("profileId"); if (profileId != null) - CMS.debug("ProfileSubmitServlet: renewal original profileId=" - + profileId); + CMS.debug("ProfileSubmitServlet: renewal original profileId="+profileId); else { - CMS.debug("ProfileSubmitServlet: renewal original profileId not found"); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS - .getUserMessage(locale, - "CMS_INTERNAL_ERROR")); - outputTemplate(request, response, args); - return; + CMS.debug("ProfileSubmitServlet: renewal original profileId not found"); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); + outputTemplate(request, response, args); + return; } - origSeqNum = origReq - .getExtDataInInteger(IEnrollProfile.REQUEST_SEQ_NUM); - - } else { // if origReq - CMS.debug("ProfileSubmitServlet: renewal original request not found for request id " - + rid); + origSeqNum = origReq.getExtDataInInteger(IEnrollProfile.REQUEST_SEQ_NUM); + + } else { //if origReq + CMS.debug("ProfileSubmitServlet: renewal original request not found for request id "+ rid); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage( - locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } } else { - CMS.debug("ProfileSubmitServlet: renewal: cert record locating request id in MetaInfo failed for serial number " - + certSerial.toString()); - CMS.debug("ProfileSubmitServlet: renewal: cert may be bootstrapped system cert during installation/configuration - no request record exists"); - args.set(ARG_ERROR_CODE, "1"); - args.set( - ARG_ERROR_REASON, - CMS.getUserMessage( - locale, - "CMS_INTERNAL_ERROR" - + ": original request not found")); - outputTemplate(request, response, args); - return; + CMS.debug("ProfileSubmitServlet: renewal: cert record locating request id in MetaInfo failed for serial number "+ certSerial.toString()); + CMS.debug("ProfileSubmitServlet: renewal: cert may be bootstrapped system cert during installation/configuration - no request record exists"); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR"+": original request not found")); + outputTemplate(request, response, args); + return; } } else { - CMS.debug("ProfileSubmitServlet: renewal: cert record locating MetaInfo failed for serial number " - + certSerial.toString()); + CMS.debug("ProfileSubmitServlet: renewal: cert record locating MetaInfo failed for serial number "+ certSerial.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -849,101 +802,96 @@ public class ProfileSubmitServlet extends ProfileServlet { CMS.debug("ProfileSubmitServlet: renewal: before getting origNotAfter"); X509CertImpl origCert = rec.getCertificate(); origNotAfter = origCert.getNotAfter(); - CMS.debug("ProfileSubmitServlet: renewal: origNotAfter =" - + origNotAfter.toString()); + CMS.debug("ProfileSubmitServlet: renewal: origNotAfter ="+ + origNotAfter.toString()); origSubjectDN = origCert.getSubjectDN().getName(); - CMS.debug("ProfileSubmitServlet: renewal: orig subj dn =" - + origSubjectDN); + CMS.debug("ProfileSubmitServlet: renewal: orig subj dn ="+ + origSubjectDN); } } catch (Exception e) { - CMS.debug("ProfileSubmitServlet: renewal: exception:" - + e.toString()); + CMS.debug("ProfileSubmitServlet: renewal: exception:"+e.toString()); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } } // end isRenewal - IProfile profile = null; + IProfile profile = null; IProfile renewProfile = null; - try { - profile = ps.getProfile(profileId); + try { + profile = ps.getProfile(profileId); if (isRenewal) { // in case of renew, "profile" is the orig profile // while "renewProfile" is the current profile used for renewal - renewProfile = ps.getProfile(renewProfileId); + renewProfile = ps.getProfile(renewProfileId); } - } catch (EProfileException e) { - if (profile == null) { - CMS.debug("ProfileSubmitServlet: profile not found profileId " - + profileId + " " + e.toString()); + } catch (EProfileException e) { + if(profile == null) { + CMS.debug("ProfileSubmitServlet: profile not found profileId " + + profileId + " " + e.toString()); } if (renewProfile == null) { - CMS.debug("ProfileSubmitServlet: profile not found renewProfileId " - + renewProfileId + " " + e.toString()); + CMS.debug("ProfileSubmitServlet: profile not found renewProfileId " + + renewProfileId + " " + e.toString()); } } if (profile == null) { if (xmlOutput) { - outputError(response, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", profileId)); + outputError(response, CMS.getUserMessage(locale,"CMS_PROFILE_NOT_FOUND", profileId)); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", profileId)); + "CMS_PROFILE_NOT_FOUND", profileId)); outputTemplate(request, response, args); } return; } if (isRenewal && (renewProfile == null)) { if (xmlOutput) { - outputError(response, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", renewProfileId)); + outputError(response, CMS.getUserMessage(locale,"CMS_PROFILE_NOT_FOUND", renewProfileId)); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", renewProfileId)); + "CMS_PROFILE_NOT_FOUND", renewProfileId)); outputTemplate(request, response, args); } return; } if (!ps.isProfileEnable(profileId)) { - CMS.debug("ProfileSubmitServlet: Profile " + profileId - + " not enabled"); + CMS.debug("ProfileSubmitServlet: Profile " + profileId + + " not enabled"); if (xmlOutput) { - outputError(response, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", profileId)); + outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId)); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", profileId)); + "CMS_PROFILE_NOT_FOUND", profileId)); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } return; } if (isRenewal) { - if (!ps.isProfileEnable(renewProfileId)) { - CMS.debug("ProfileSubmitServlet: renewal Profile " - + renewProfileId + " not enabled"); - if (xmlOutput) { - outputError(response, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", renewProfileId)); - } else { - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", renewProfileId)); - outputTemplate(request, response, args); - } - return; + if (!ps.isProfileEnable(renewProfileId)) { + CMS.debug("ProfileSubmitServlet: renewal Profile " + renewProfileId + + " not enabled"); + if (xmlOutput) { + outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", renewProfileId)); + } else { + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_PROFILE_NOT_FOUND", renewProfileId)); + outputTemplate(request, response, args); } + return; + } } IProfileContext ctx = profile.createContext(); @@ -960,42 +908,40 @@ public class ProfileSubmitServlet extends ProfileServlet { } } catch (EProfileException e) { // authenticator not installed correctly - CMS.debug("ProfileSubmitServlet: renewal: exception:" - + e.toString()); + CMS.debug("ProfileSubmitServlet: renewal: exception:"+e.toString()); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } if (authenticator == null) { CMS.debug("ProfileSubmitServlet: authenticator not found"); } else { - CMS.debug("ProfileSubmitServlet: authenticator " - + authenticator.getName() + " found"); + CMS.debug("ProfileSubmitServlet: authenticator " + + authenticator.getName() + " found"); setCredentialsIntoContext(request, authenticator, ctx); } - // for renewal, this will override or add auth info to the profile - // context + // for renewal, this will override or add auth info to the profile context if (isRenewal) { - if (origAuthenticator != null) { - CMS.debug("ProfileSubmitServlet: for renewal, original authenticator " - + origAuthenticator.getName() + " found"); - setCredentialsIntoContext(request, origAuthenticator, ctx); - } else { - CMS.debug("ProfileSubmitServlet: for renewal, original authenticator not found"); - } + if (origAuthenticator!= null) { + CMS.debug("ProfileSubmitServlet: for renewal, original authenticator " + + origAuthenticator.getName() + " found"); + setCredentialsIntoContext(request, origAuthenticator, ctx); + } else { + CMS.debug("ProfileSubmitServlet: for renewal, original authenticator not found"); + } } CMS.debug("ProfileSubmistServlet: set Inputs into profile Context"); if (isRenewal) { - // for renewal, input needs to be retrieved from the orig req record + // for renewal, input needs to be retrieved from the orig req record CMS.debug("ProfileSubmitServlet: set original Inputs into profile Context"); setInputsIntoContext(origReq, profile, ctx, locale); ctx.set(IEnrollProfile.CTX_RENEWAL, "true"); ctx.set("renewProfileId", renewProfileId); - ctx.set(IEnrollProfile.CTX_RENEWAL_SEQ_NUM, origSeqNum.toString()); + ctx.set(IEnrollProfile.CTX_RENEWAL_SEQ_NUM, origSeqNum.toString()); } else { setInputsIntoContext(request, profile, ctx); } @@ -1009,13 +955,14 @@ public class ProfileSubmitServlet extends ProfileServlet { SessionContext context = SessionContext.getContext(); // insert profile context so that input parameter can be retrieved - context.put("profileContext", ctx); - context.put("sslClientCertProvider", new SSLClientCertProvider(request)); + context.put("profileContext", ctx); + context.put("sslClientCertProvider", + new SSLClientCertProvider(request)); CMS.debug("ProfileSubmitServlet: set sslClientCertProvider"); if ((isRenewal == true) && (origSubjectDN != null)) - context.put("origSubjectDN", origSubjectDN); + context.put("origSubjectDN", origSubjectDN); if (statsSub != null) { - statsSub.startTiming("profile_authentication"); + statsSub.startTiming("profile_authentication"); } if (authenticator != null) { @@ -1024,68 +971,67 @@ public class ProfileSubmitServlet extends ProfileServlet { String uid_cred = "Unidentified"; String uid_attempted_cred = "Unidentified"; Enumeration authIds = authenticator.getValueNames(); - // Attempt to possibly fetch attemped uid, may not always be - // available. + //Attempt to possibly fetch attemped uid, may not always be available. if (authIds != null) { while (authIds.hasMoreElements()) { String authName = (String) authIds.nextElement(); - String value = request.getParameter(authName); + String value = request.getParameter(authName); if (value != null) { - if (authName.equals("uid")) { - uid_attempted_cred = value; - } + if (authName.equals("uid")) { + uid_attempted_cred = value; + } } } } - String authSubjectID = auditSubjectID(); + String authSubjectID = auditSubjectID(); - String authMgrID = authenticator.getName(); - String auditMessage = null; + String authMgrID = authenticator.getName(); + String auditMessage = null; try { if (isRenewal) { CMS.debug("ProfileSubmitServlet: renewal authenticate begins"); - authToken = authenticate(authenticator, request, origReq, - context); + authToken = authenticate(authenticator, request, origReq, context); CMS.debug("ProfileSubmitServlet: renewal authenticate ends"); } else { authToken = authenticate(authenticator, request); } } catch (EBaseException e) { - CMS.debug("ProfileSubmitServlet: authentication error " - + e.toString()); + CMS.debug("ProfileSubmitServlet: authentication error " + + e.toString()); // authentication error if (xmlOutput) { - outputError(response, CMS.getUserMessage(locale, - "CMS_AUTHENTICATION_ERROR")); + outputError(response, CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHENTICATION_ERROR")); + "CMS_AUTHENTICATION_ERROR")); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("authentication"); + statsSub.endTiming("authentication"); } if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } - // audit log our authentication failure + //audit log our authentication failure authSubjectID += " : " + uid_cred; auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, authSubjectID, - ILogger.FAILURE, authMgrID, uid_attempted_cred); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + authSubjectID, + ILogger.FAILURE, + authMgrID, + uid_attempted_cred); audit(auditMessage); return; } - // Log successful authentication + //Log successful authentication - // Attempt to get uid from authToken, most tokens respond to the - // "uid" cred. + //Attempt to get uid from authToken, most tokens respond to the "uid" cred. uid_cred = authToken.getInString("uid"); if (uid_cred == null || uid_cred.length() == 0) { @@ -1093,16 +1039,19 @@ public class ProfileSubmitServlet extends ProfileServlet { } authSubjectID = authSubjectID + " : " + uid_cred; - + // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, - authSubjectID, ILogger.SUCCESS, authMgrID); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, + authSubjectID, + ILogger.SUCCESS, + authMgrID); audit(auditMessage); } if (statsSub != null) { - statsSub.endTiming("profile_authentication"); + statsSub.endTiming("profile_authentication"); } // authentication success @@ -1111,24 +1060,23 @@ public class ProfileSubmitServlet extends ProfileServlet { // do profile authorization String acl = null; if (isRenewal) - acl = renewProfile.getAuthzAcl(); + acl = renewProfile.getAuthzAcl(); else - acl = profile.getAuthzAcl(); - CMS.debug("ProfileSubmitServlet: authz using acl: " + acl); + acl = profile.getAuthzAcl(); + CMS.debug("ProfileSubmitServlet: authz using acl: "+acl); if (acl != null && acl.length() > 0) { try { String resource = profileId + ".authz.acl"; - AuthzToken authzToken = authorize(mAclMethod, resource, - authToken, acl); + AuthzToken authzToken = authorize(mAclMethod, resource, authToken, acl); } catch (Exception e) { - CMS.debug("ProfileSubmitServlet authorize: " + e.toString()); + CMS.debug("ProfileSubmitServlet authorize: "+e.toString()); if (xmlOutput) { - outputError(response, CMS.getUserMessage(locale, - "CMS_AUTHORIZATION_ERROR")); + outputError(response, CMS.getUserMessage(locale, + "CMS_AUTHORIZATION_ERROR")); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHORIZATION_ERROR")); + "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); } @@ -1140,11 +1088,11 @@ public class ProfileSubmitServlet extends ProfileServlet { IRequest reqs[] = null; if (statsSub != null) { - statsSub.startTiming("request_population"); + statsSub.startTiming("request_population"); } - // ///////////////////////////////////////////// + /////////////////////////////////////////////// // create request - // ///////////////////////////////////////////// + /////////////////////////////////////////////// try { reqs = profile.createRequests(ctx, locale); } catch (EProfileException e) { @@ -1158,52 +1106,50 @@ public class ProfileSubmitServlet extends ProfileServlet { outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("request_population"); - statsSub.endTiming("enrollment"); + statsSub.endTiming("request_population"); + statsSub.endTiming("enrollment"); } return; } catch (Throwable e) { CMS.debug(e); CMS.debug("ProfileSubmitServlet: createRequests " + e.toString()); if (xmlOutput) { - outputError(response, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + outputError(response, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); } else { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("request_population"); - statsSub.endTiming("enrollment"); + statsSub.endTiming("request_population"); + statsSub.endTiming("enrollment"); } return; } String errorCode = null; - String errorReason = null; + String errorReason = null; - // ///////////////////////////////////////////// + /////////////////////////////////////////////// // populate request - // ///////////////////////////////////////////// + /////////////////////////////////////////////// for (int k = 0; k < reqs.length; k++) { boolean fromRA = false; String uid = ""; // adding parameters to request if (isRenewal) { - setInputsIntoRequest(origReq, profile, reqs[k], locale); - // set orig expiration date to be used in Validity constraint - reqs[k].setExtData("origNotAfter", - BigInteger.valueOf(origNotAfter.getTime())); - // set subjectDN to be used in subject name default - reqs[k].setExtData(IProfileAuthenticator.AUTHENTICATED_NAME, - origSubjectDN); - // set request type - reqs[k].setRequestType("renewal"); + setInputsIntoRequest(origReq, profile, reqs[k], locale); + // set orig expiration date to be used in Validity constraint + reqs[k].setExtData("origNotAfter", + BigInteger.valueOf(origNotAfter.getTime())); + // set subjectDN to be used in subject name default + reqs[k].setExtData(IProfileAuthenticator.AUTHENTICATED_NAME, origSubjectDN); + // set request type + reqs[k].setRequestType("renewal"); } else - setInputsIntoRequest(request, profile, reqs[k]); + setInputsIntoRequest(request, profile, reqs[k]); // serial auth token into request if (authToken != null) { @@ -1213,20 +1159,19 @@ public class ProfileSubmitServlet extends ProfileServlet { String[] tokenVals = authToken.getInStringArray(tokenName); if (tokenVals != null) { for (int i = 0; i < tokenVals.length; i++) { - reqs[k].setExtData(ARG_AUTH_TOKEN + "." + tokenName - + "[" + i + "]", tokenVals[i]); + reqs[k].setExtData(ARG_AUTH_TOKEN + "." + + tokenName + "[" + i + "]", tokenVals[i]); } } else { String tokenVal = authToken.getInString(tokenName); if (tokenVal != null) { - reqs[k].setExtData( - ARG_AUTH_TOKEN + "." + tokenName, tokenVal); + reqs[k].setExtData(ARG_AUTH_TOKEN + "." + tokenName, + tokenVal); // if RA agent, auto assign the request if (tokenName.equals("uid")) uid = tokenVal; - if (tokenName.equals("group") - && tokenVal - .equals("Registration Manager Agents")) { + if (tokenName.equals("group") && + tokenVal.equals("Registration Manager Agents")) { fromRA = true; } } @@ -1235,7 +1180,7 @@ public class ProfileSubmitServlet extends ProfileServlet { } if (fromRA) { - CMS.debug("ProfileSubmitServlet: request from RA: " + uid); + CMS.debug("ProfileSubmitServlet: request from RA: "+ uid); reqs[k].setExtData(ARG_REQUEST_OWNER, uid); } @@ -1243,8 +1188,7 @@ public class ProfileSubmitServlet extends ProfileServlet { reqs[k].setExtData(ARG_PROFILE, "true"); reqs[k].setExtData(ARG_PROFILE_ID, profileId); if (isRenewal) - reqs[k].setExtData(ARG_RENEWAL_PROFILE_ID, - request.getParameter("profileId")); + reqs[k].setExtData(ARG_RENEWAL_PROFILE_ID, request.getParameter("profileId")); reqs[k].setExtData(ARG_PROFILE_APPROVED_BY, profile.getApprovedBy()); String setId = profile.getPolicySetId(reqs[k]); @@ -1252,20 +1196,16 @@ public class ProfileSubmitServlet extends ProfileServlet { // no profile set found CMS.debug("ProfileSubmitServlet: no profile policy set found"); if (xmlOutput) { - outputError( - response, - FAILED, - CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND"), - reqs[k].getRequestId().toString()); + outputError(response, FAILED, CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND"), reqs[k].getRequestId().toString()); } else { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS - .getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND")); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("request_population"); - statsSub.endTiming("enrollment"); + statsSub.endTiming("request_population"); + statsSub.endTiming("enrollment"); } return; } @@ -1275,13 +1215,13 @@ public class ProfileSubmitServlet extends ProfileServlet { reqs[k].setExtData(ARG_PROFILE_REMOTE_HOST, request.getRemoteHost()); reqs[k].setExtData(ARG_PROFILE_REMOTE_ADDR, request.getRemoteAddr()); - CMS.debug("ProfileSubmitServlet: request " - + reqs[k].getRequestId().toString()); + CMS.debug("ProfileSubmitServlet: request " + + reqs[k].getRequestId().toString()); try { CMS.debug("ProfileSubmitServlet: populating request inputs"); // give authenticator a chance to populate the request - if (authenticator != null) { + if (authenticator != null) { authenticator.populate(authToken, reqs[k]); } profile.populateInput(ctx, reqs[k]); @@ -1289,41 +1229,38 @@ public class ProfileSubmitServlet extends ProfileServlet { } catch (EProfileException e) { CMS.debug("ProfileSubmitServlet: populate " + e.toString()); if (xmlOutput) { - outputError(response, FAILED, e.toString(), reqs[k] - .getRequestId().toString()); + outputError(response, FAILED, e.toString(), reqs[k].getRequestId().toString()); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, e.toString()); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("request_population"); - statsSub.endTiming("enrollment"); + statsSub.endTiming("request_population"); + statsSub.endTiming("enrollment"); } return; } catch (Throwable e) { CMS.debug("ProfileSubmitServlet: populate " + e.toString()); - // throw new IOException("Profile " + profileId + - // " cannot populate"); + // throw new IOException("Profile " + profileId + + // " cannot populate"); if (xmlOutput) { - outputError(response, FAILED, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"), - reqs[k].getRequestId().toString()); + outputError(response, FAILED, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"), reqs[k].getRequestId().toString()); } else { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("request_population"); - statsSub.endTiming("enrollment"); + statsSub.endTiming("request_population"); + statsSub.endTiming("enrollment"); } return; } } if (statsSub != null) { - statsSub.endTiming("request_population"); + statsSub.endTiming("request_population"); } String auditMessage = null; @@ -1332,9 +1269,9 @@ public class ProfileSubmitServlet extends ProfileServlet { String auditInfoCertValue = ILogger.SIGNED_AUDIT_EMPTY_VALUE; try { - // ///////////////////////////////////////////// + /////////////////////////////////////////////// // submit request - // ///////////////////////////////////////////// + /////////////////////////////////////////////// String requestIds = ""; // deliminated with double space for (int k = 0; k < reqs.length; k++) { try { @@ -1343,16 +1280,15 @@ public class ProfileSubmitServlet extends ProfileServlet { // print request debug if (reqs[k] != null) { - requestIds += " " + reqs[k].getRequestId().toString(); - Enumeration reqKeys = reqs[k].getExtDataKeys(); - while (reqKeys.hasMoreElements()) { - String reqKey = (String) reqKeys.nextElement(); - String reqVal = reqs[k].getExtDataInString(reqKey); - if (reqVal != null) { - CMS.debug("ProfileSubmitServlet: key=$request." - + reqKey + "$ value=" + reqVal); - } + requestIds += " "+reqs[k].getRequestId().toString(); + Enumeration reqKeys = reqs[k].getExtDataKeys(); + while (reqKeys.hasMoreElements()) { + String reqKey = (String)reqKeys.nextElement(); + String reqVal = reqs[k].getExtDataInString(reqKey); + if (reqVal != null) { + CMS.debug("ProfileSubmitServlet: key=$request." + reqKey + "$ value=" + reqVal); } + } } profile.submit(authToken, reqs[k]); @@ -1362,16 +1298,16 @@ public class ProfileSubmitServlet extends ProfileServlet { auditInfoCertValue = auditInfoCertValue(reqs[k]); if (auditInfoCertValue != null) { - if (!(auditInfoCertValue - .equals(ILogger.SIGNED_AUDIT_EMPTY_VALUE))) { + if (!(auditInfoCertValue.equals( + ILogger.SIGNED_AUDIT_EMPTY_VALUE))) { // store a message in the signed audit log file - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.SUCCESS, - auditRequesterID, - ILogger.SIGNED_AUDIT_ACCEPTANCE, - auditInfoCertValue); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + ILogger.SIGNED_AUDIT_ACCEPTANCE, + auditInfoCertValue); audit(auditMessage); } @@ -1380,50 +1316,53 @@ public class ProfileSubmitServlet extends ProfileServlet { // return defer message to the user reqs[k].setRequestStatus(RequestStatus.PENDING); // need to notify - INotify notify = profile.getRequestQueue() - .getPendingNotify(); + INotify notify = profile.getRequestQueue().getPendingNotify(); if (notify != null) { - notify.notify(reqs[k]); + notify.notify(reqs[k]); } - + CMS.debug("ProfileSubmitServlet: submit " + e.toString()); errorCode = "2"; errorReason = CMS.getUserMessage(locale, - "CMS_PROFILE_DEFERRED", e.toString()); + "CMS_PROFILE_DEFERRED", + e.toString()); } catch (ERejectException e) { - // return error to the user + // return error to the user reqs[k].setRequestStatus(RequestStatus.REJECTED); CMS.debug("ProfileSubmitServlet: submit " + e.toString()); errorCode = "3"; errorReason = CMS.getUserMessage(locale, - "CMS_PROFILE_REJECTED", e.toString()); + "CMS_PROFILE_REJECTED", + e.toString()); } catch (Throwable e) { // return error to the user CMS.debug("ProfileSubmitServlet: submit " + e.toString()); errorCode = "1"; errorReason = CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR"); + "CMS_INTERNAL_ERROR"); } - try { + try { if (errorCode == null) { profile.getRequestQueue().markAsServiced(reqs[k]); } else { profile.getRequestQueue().updateRequest(reqs[k]); } } catch (EBaseException e) { - CMS.debug("ProfileSubmitServlet: updateRequest " - + e.toString()); + CMS.debug("ProfileSubmitServlet: updateRequest " + + e.toString()); } if (errorCode != null) { if (errorCode.equals("1")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, - ILogger.SIGNED_AUDIT_REJECTION, errorReason); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + ILogger.SIGNED_AUDIT_REJECTION, + errorReason); audit(auditMessage); } else if (errorCode.equals("2")) { @@ -1433,10 +1372,12 @@ public class ProfileSubmitServlet extends ProfileServlet { } else if (errorCode.equals("3")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, - ILogger.SIGNED_AUDIT_REJECTION, errorReason); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + ILogger.SIGNED_AUDIT_REJECTION, + errorReason); audit(auditMessage); } @@ -1453,8 +1394,8 @@ public class ProfileSubmitServlet extends ProfileServlet { for (int k = 0; k < reqs.length; k++) { ArgSet requestset = new ArgSet(); - requestset.set(ARG_REQUEST_ID, reqs[k].getRequestId() - .toString()); + requestset.set(ARG_REQUEST_ID, + reqs[k].getRequestId().toString()); requestlist.add(requestset); } args.set(ARG_REQUEST_LIST, requestlist); @@ -1463,14 +1404,14 @@ public class ProfileSubmitServlet extends ProfileServlet { outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } return; } - // ///////////////////////////////////////////// - // output output list - // ///////////////////////////////////////////// + /////////////////////////////////////////////// + // output output list + /////////////////////////////////////////////// if (xmlOutput) { xmlOutput(response, profile, locale, reqs); } else { @@ -1488,8 +1429,8 @@ public class ProfileSubmitServlet extends ProfileServlet { for (int k = 0; k < reqs.length; k++) { ArgSet requestset = new ArgSet(); - requestset.set(ARG_REQUEST_ID, reqs[k].getRequestId() - .toString()); + requestset.set(ARG_REQUEST_ID, + reqs[k].getRequestId().toString()); requestlist.add(requestset); } args.set(ARG_REQUEST_LIST, requestlist); @@ -1502,27 +1443,28 @@ public class ProfileSubmitServlet extends ProfileServlet { // store a message in the signed audit log file // (automated cert request processed - "rejected") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - ILogger.SIGNED_AUDIT_REJECTION, - SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[0]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + ILogger.SIGNED_AUDIT_REJECTION, + SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[0]); audit(auditMessage); if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } throw eAudit1; } finally { SessionContext.releaseContext(); } if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } } - private void xmlOutput(HttpServletResponse httpResp, IProfile profile, - Locale locale, IRequest[] reqs) { + private void xmlOutput(HttpServletResponse httpResp, IProfile profile, Locale locale, IRequest[] reqs) { try { XMLObject xmlObj = null; xmlObj = new XMLObject(); @@ -1530,68 +1472,51 @@ public class ProfileSubmitServlet extends ProfileServlet { Node root = xmlObj.createRoot("XMLResponse"); xmlObj.addItemToContainer(root, "Status", SUCCESS); Node n = xmlObj.createContainer(root, "Requests"); - CMS.debug("ProfileSubmitServlet xmlOutput: req len = " - + reqs.length); + CMS.debug("ProfileSubmitServlet xmlOutput: req len = " +reqs.length); - for (int i = 0; i < reqs.length; i++) { + for (int i=0; i<reqs.length; i++) { Node subnode = xmlObj.createContainer(n, "Request"); - xmlObj.addItemToContainer(subnode, "Id", reqs[i].getRequestId() - .toString()); - X509CertInfo certInfo = reqs[i] - .getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); + xmlObj.addItemToContainer(subnode, "Id", reqs[i].getRequestId().toString()); + X509CertInfo certInfo = + reqs[i].getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); if (certInfo != null) { - String subject = ""; - subject = (String) certInfo.get(X509CertInfo.SUBJECT) - .toString(); - xmlObj.addItemToContainer(subnode, "SubjectDN", subject); + String subject = ""; + subject = (String) certInfo.get(X509CertInfo.SUBJECT).toString(); + xmlObj.addItemToContainer(subnode, "SubjectDN", subject); } else { - CMS.debug("ProfileSubmitServlet xmlOutput: no certInfo found in request"); + CMS.debug("ProfileSubmitServlet xmlOutput: no certInfo found in request"); } Enumeration outputIds = profile.getProfileOutputIds(); if (outputIds != null) { while (outputIds.hasMoreElements()) { String outputId = (String) outputIds.nextElement(); - IProfileOutput profileOutput = profile - .getProfileOutput(outputId); + IProfileOutput profileOutput = profile.getProfileOutput(outputId); Enumeration outputNames = profileOutput.getValueNames(); if (outputNames != null) { while (outputNames.hasMoreElements()) { - String outputName = (String) outputNames - .nextElement(); - if (!outputName.equals("b64_cert") - && !outputName.equals("pkcs7")) + String outputName = (String) outputNames.nextElement(); + if (!outputName.equals("b64_cert") && !outputName.equals("pkcs7")) continue; try { - String outputValue = profileOutput - .getValue(outputName, locale, - reqs[i]); + String outputValue = profileOutput.getValue(outputName, locale, reqs[i]); if (outputName.equals("b64_cert")) { - String ss = Cert - .normalizeCertStrAndReq(outputValue); - outputValue = Cert.stripBrackets(ss); - byte[] bcode = CMS.AtoB(outputValue); - X509CertImpl impl = new X509CertImpl( - bcode); - xmlObj.addItemToContainer(subnode, - "serialno", impl - .getSerialNumber() - .toString(16)); - xmlObj.addItemToContainer(subnode, - "b64", outputValue); + String ss = Cert.normalizeCertStrAndReq(outputValue); + outputValue = Cert.stripBrackets(ss); + byte[] bcode = CMS.AtoB(outputValue); + X509CertImpl impl = new X509CertImpl(bcode); + xmlObj.addItemToContainer(subnode, + "serialno", impl.getSerialNumber().toString(16)); + xmlObj.addItemToContainer(subnode, "b64", outputValue); }// if b64_cert else if (outputName.equals("pkcs7")) { - String ss = Cert - .normalizeCertStrAndReq(outputValue); - xmlObj.addItemToContainer(subnode, - "pkcs7", ss); + String ss = Cert.normalizeCertStrAndReq(outputValue); + xmlObj.addItemToContainer(subnode, "pkcs7", ss); } - + } catch (EProfileException e) { - CMS.debug("ProfileSubmitServlet xmlOutput: " - + e.toString()); + CMS.debug("ProfileSubmitServlet xmlOutput: "+e.toString()); } catch (Exception e) { - CMS.debug("ProfileSubmitServlet xmlOutput: " - + e.toString()); + CMS.debug("ProfileSubmitServlet xmlOutput: "+e.toString()); } } } @@ -1608,11 +1533,11 @@ public class ProfileSubmitServlet extends ProfileServlet { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for a signed audit log - * message. + * + * This method is called to obtain the "RequesterID" for + * a signed audit log message. * <P> - * + * * @param request the actual request * @return id string containing the signed audit log message RequesterID */ @@ -1638,11 +1563,11 @@ public class ProfileSubmitServlet extends ProfileServlet { /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param request request containing an X509CertImpl * @return cert string containing the certificate */ @@ -1652,8 +1577,8 @@ public class ProfileSubmitServlet extends ProfileServlet { return null; } - X509CertImpl x509cert = request - .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); + X509CertImpl x509cert = request.getExtDataInCert( + IEnrollProfile.REQUEST_ISSUED_CERT); if (x509cert == null) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java b/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java index 4570fedd6..989710e30 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java @@ -31,9 +31,10 @@ public class SSLClientCertProvider implements ISSLClientCertProvider { } public X509Certificate[] getClientCertificateChain() { - X509Certificate[] allCerts = (X509Certificate[]) mRequest - .getAttribute("javax.servlet.request.X509Certificate"); + X509Certificate[] allCerts = (X509Certificate[]) + mRequest.getAttribute("javax.servlet.request.X509Certificate"); return allCerts; } } + |