diff options
9 files changed, 74 insertions, 64 deletions
diff --git a/base/common/src/com/netscape/certsrv/common/Constants.java b/base/common/src/com/netscape/certsrv/common/Constants.java index d91fded2e..100b91110 100644 --- a/base/common/src/com/netscape/certsrv/common/Constants.java +++ b/base/common/src/com/netscape/certsrv/common/Constants.java @@ -733,4 +733,9 @@ public interface Constants { public final static String PR_REPLICATION_PORT_2 = "replication.master2.port"; public final static String PR_REPLICATION_BINDDN_2 = "replication.master2.binddn"; public final static String PR_REPLICATION_CHANGELOGDB_2 = "replication.master2.changelogdb"; + + //Config + public final static String CFG_ENABLED = "Enabled"; + public final static String CFG_DISABLED = "Disabled"; + public final static String CFG_PENDING_APPROVAL = "Pending_Approval"; } diff --git a/base/server/cmscore/src/com/netscape/cmscore/dbs/CSCfgDatabase.java b/base/server/cmscore/src/com/netscape/cmscore/dbs/CSCfgDatabase.java index 4dee392e2..38f542ffb 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/dbs/CSCfgDatabase.java +++ b/base/server/cmscore/src/com/netscape/cmscore/dbs/CSCfgDatabase.java @@ -26,6 +26,7 @@ import org.apache.commons.lang.StringUtils; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.common.Constants; import com.netscape.cms.realm.PKIPrincipal; @@ -59,7 +60,7 @@ public class CSCfgDatabase<E extends CSCfgRecord> extends Database<E> { } public String getRecordStatus(String recordID) throws EBaseException { - return configStore.getString("config." + substoreName + "." + recordID + ".state", "Disabled"); + return configStore.getString("config." + substoreName + "." + recordID + ".state", Constants.CFG_ENABLED); } public void setRecordStatus(String recordID, String status) throws EBaseException { diff --git a/base/tps/src/org/dogtagpki/server/tps/config/ConnectorDatabase.java b/base/tps/src/org/dogtagpki/server/tps/config/ConnectorDatabase.java index 4b1589797..f1f344129 100644 --- a/base/tps/src/org/dogtagpki/server/tps/config/ConnectorDatabase.java +++ b/base/tps/src/org/dogtagpki/server/tps/config/ConnectorDatabase.java @@ -24,6 +24,7 @@ import java.util.Map; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.common.Constants; import com.netscape.cmscore.dbs.CSCfgDatabase; /** @@ -174,7 +175,7 @@ public class ConnectorDatabase extends CSCfgDatabase<ConnectorRecord> { ConnectorRecord record = new ConnectorRecord(); record.setID(id); - record.setStatus("Enabled"); + record.setStatus(Constants.CFG_ENABLED); record.setProperty(prefix + "." + id + ".enable", "true"); record.setProperty(prefix + "." + id + ".host", hostname); @@ -198,7 +199,7 @@ public class ConnectorDatabase extends CSCfgDatabase<ConnectorRecord> { ConnectorRecord record = new ConnectorRecord(); record.setID(id); - record.setStatus("Enabled"); + record.setStatus(Constants.CFG_ENABLED); record.setProperty(prefix + "." + id + ".enable", "true"); record.setProperty(prefix + "." + id + ".host", hostname); @@ -219,7 +220,7 @@ public class ConnectorDatabase extends CSCfgDatabase<ConnectorRecord> { ConnectorRecord record = new ConnectorRecord(); record.setID(id); - record.setStatus("Enabled"); + record.setStatus(Constants.CFG_ENABLED); record.setProperty(prefix + "." + id + ".enable", "true"); record.setProperty(prefix + "." + id + ".host", hostname); diff --git a/base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java b/base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java index 609fc0367..4580b46ca 100644 --- a/base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java +++ b/base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java @@ -127,7 +127,6 @@ public class TPSEngine { public static final String CFG_DEF_NETKEY_OLD_INSTANCE_AID = "A00000000101"; public static final String CFG_DEF_NETKEY_OLD_FILE_AID = "A000000001"; public static final String CFG_DEF_APPLET_SO_PIN = "000000000000"; - public static final String CFG_ENABLED = "Enabled"; public static final int CFG_CHANNEL_DEF_BLOCK_SIZE = 242; public static final int CFG_CHANNEL_DEF_INSTANCE_SIZE = 18000; diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java index f9a0445d6..500dad412 100644 --- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java +++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java @@ -47,6 +47,7 @@ import org.dogtagpki.server.tps.cms.TKSComputeRandomDataResponse; import org.dogtagpki.server.tps.cms.TKSComputeSessionKeyResponse; import org.dogtagpki.server.tps.cms.TKSEncryptDataResponse; import org.dogtagpki.server.tps.cms.TKSRemoteRequestHandler; +import org.dogtagpki.server.tps.config.ProfileDatabase; import org.dogtagpki.server.tps.dbs.ActivityDatabase; import org.dogtagpki.server.tps.dbs.TPSCertRecord; import org.dogtagpki.server.tps.dbs.TokenRecord; @@ -88,6 +89,7 @@ import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.EPropertyNotFound; import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.tps.token.TokenStatus; import com.netscape.symkey.SessionKey; @@ -125,6 +127,8 @@ public class TPSProcessor { protected BeginOpMsg beginMsg; private PlatformAndSecChannelProtoInfo platProtInfo; + ProfileDatabase profileDatabase = new ProfileDatabase(); + public TPSProcessor(TPSSession session) { setSession(session); } @@ -2110,22 +2114,18 @@ public class TPSProcessor { void checkProfileStateOK() throws TPSException { - IConfigStore configStore = CMS.getConfigStore(); + CMS.debug("TPSProcessor.checkProfileStateOK()"); - String profileConfig = "config.Profiles." + selectedTokenType + ".state"; String profileState = null; - - CMS.debug("TPSProcessor.checkProfileStateOK: config value to check: " + profileConfig); - try { - profileState = configStore.getString(profileConfig, TPSEngine.CFG_ENABLED); + profileState = profileDatabase.getRecordStatus(selectedTokenType); } catch (EBaseException e) { //Default TPSException will return a "contact admin" error code. throw new TPSException( "TPSProcessor.checkProfileStateOK: internal error in getting profile state from config."); } - if (!profileState.equals(TPSEngine.CFG_ENABLED)) { + if (!profileState.equals(Constants.CFG_ENABLED)) { CMS.debug("TPSProcessor.checkProfileStateOK: profile specifically disabled."); throw new TPSException("TPSProcessor.checkProfileStateOK: profile disabled!"); } diff --git a/base/tps/src/org/dogtagpki/server/tps/rest/AuthenticatorService.java b/base/tps/src/org/dogtagpki/server/tps/rest/AuthenticatorService.java index d862e261d..ce240ebe5 100644 --- a/base/tps/src/org/dogtagpki/server/tps/rest/AuthenticatorService.java +++ b/base/tps/src/org/dogtagpki/server/tps/rest/AuthenticatorService.java @@ -41,6 +41,7 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.ForbiddenException; import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.tps.authenticator.AuthenticatorCollection; import com.netscape.certsrv.tps.authenticator.AuthenticatorData; import com.netscape.certsrv.tps.authenticator.AuthenticatorResource; @@ -185,7 +186,7 @@ public class AuthenticatorService extends PKIService implements AuthenticatorRes if (status == null || database.requiresApproval() && !database.canApprove(principal)) { // if status is unspecified or user doesn't have rights to approve, the entry is disabled - authenticatorData.setStatus("Disabled"); + authenticatorData.setStatus(Constants.CFG_DISABLED); } database.addRecord(authenticatorData.getID(), createAuthenticatorRecord(authenticatorData)); @@ -217,21 +218,21 @@ public class AuthenticatorService extends PKIService implements AuthenticatorRes AuthenticatorRecord record = database.getRecord(authenticatorID); // only disabled authenticator can be updated - if (!"Disabled".equals(record.getStatus())) { + if (!Constants.CFG_DISABLED.equals(record.getStatus())) { throw new ForbiddenException("Unable to update authenticator " + authenticatorID); } // update status if specified String status = authenticatorData.getStatus(); - if (status != null && !"Disabled".equals(status)) { - if (!"Enabled".equals(status)) { + if (status != null && !Constants.CFG_DISABLED.equals(status)) { + if (!Constants.CFG_ENABLED.equals(status)) { throw new ForbiddenException("Invalid authenticator status: " + status); } // if user doesn't have rights, set to pending Principal principal = servletRequest.getUserPrincipal(); if (database.requiresApproval() && !database.canApprove(principal)) { - status = "Pending_Approval"; + status = Constants.CFG_PENDING_APPROVAL; } // enable authenticator @@ -274,25 +275,25 @@ public class AuthenticatorService extends PKIService implements AuthenticatorRes AuthenticatorRecord record = database.getRecord(authenticatorID); String status = record.getStatus(); - if ("Disabled".equals(status)) { + if (Constants.CFG_DISABLED.equals(status)) { if ("enable".equals(action)) { - status = "Enabled"; + status = Constants.CFG_ENABLED; } else { throw new BadRequestException("Invalid action: " + action); } - } else if ("Enabled".equals(status)) { + } else if (Constants.CFG_ENABLED.equals(status)) { if ("disable".equals(action)) { - status = "Disabled"; + status = Constants.CFG_DISABLED; } else { throw new BadRequestException("Invalid action: " + action); } - } else if ("Pending_Approval".equals(status)) { + } else if (Constants.CFG_PENDING_APPROVAL.equals(status)) { if ("approve".equals(action)) { - status = "Enabled"; + status = Constants.CFG_ENABLED; } else if ("reject".equals(action)) { - status = "Disabled"; + status = Constants.CFG_DISABLED; } else { throw new BadRequestException("Invalid action: " + action); } @@ -331,7 +332,7 @@ public class AuthenticatorService extends PKIService implements AuthenticatorRes AuthenticatorRecord record = database.getRecord(authenticatorID); String status = record.getStatus(); - if (!"Disabled".equals(status)) { + if (!Constants.CFG_DISABLED.equals(status)) { throw new ForbiddenException("Unable to delete authenticator " + authenticatorID); } diff --git a/base/tps/src/org/dogtagpki/server/tps/rest/ConnectorService.java b/base/tps/src/org/dogtagpki/server/tps/rest/ConnectorService.java index c281265ef..d81b508f2 100644 --- a/base/tps/src/org/dogtagpki/server/tps/rest/ConnectorService.java +++ b/base/tps/src/org/dogtagpki/server/tps/rest/ConnectorService.java @@ -41,6 +41,7 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.ForbiddenException; import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.tps.connector.ConnectorCollection; import com.netscape.certsrv.tps.connector.ConnectorData; import com.netscape.certsrv.tps.connector.ConnectorResource; @@ -185,7 +186,7 @@ public class ConnectorService extends PKIService implements ConnectorResource { if (status == null || database.requiresApproval() && !database.canApprove(principal)) { // if status is unspecified or user doesn't have rights to approve, the entry is disabled - connectorData.setStatus("Disabled"); + connectorData.setStatus(Constants.CFG_DISABLED); } database.addRecord(connectorData.getID(), createConnectorRecord(connectorData)); @@ -217,21 +218,21 @@ public class ConnectorService extends PKIService implements ConnectorResource { ConnectorRecord record = database.getRecord(connectorID); // only disabled connector can be updated - if (!"Disabled".equals(record.getStatus())) { + if (!Constants.CFG_DISABLED.equals(record.getStatus())) { throw new ForbiddenException("Unable to update connector " + connectorID); } // update status if specified String status = connectorData.getStatus(); - if (status != null && !"Disabled".equals(status)) { - if (!"Enabled".equals(status)) { + if (status != null && !Constants.CFG_DISABLED.equals(status)) { + if (!Constants.CFG_ENABLED.equals(status)) { throw new ForbiddenException("Invalid connector status: " + status); } // if user doesn't have rights, set to pending Principal principal = servletRequest.getUserPrincipal(); if (database.requiresApproval() && !database.canApprove(principal)) { - status = "Pending_Approval"; + status = Constants.CFG_PENDING_APPROVAL; } // enable connector @@ -274,25 +275,25 @@ public class ConnectorService extends PKIService implements ConnectorResource { ConnectorRecord record = database.getRecord(connectorID); String status = record.getStatus(); - if ("Disabled".equals(status)) { + if (Constants.CFG_DISABLED.equals(status)) { if ("enable".equals(action)) { - status = "Enabled"; + status = Constants.CFG_ENABLED; } else { throw new BadRequestException("Invalid action: " + action); } - } else if ("Enabled".equals(status)) { + } else if (Constants.CFG_ENABLED.equals(status)) { if ("disable".equals(action)) { - status = "Disabled"; + status = Constants.CFG_DISABLED; } else { throw new BadRequestException("Invalid action: " + action); } - } else if ("Pending_Approval".equals(status)) { + } else if (Constants.CFG_PENDING_APPROVAL.equals(status)) { if ("approve".equals(action)) { - status = "Enabled"; + status = Constants.CFG_ENABLED; } else if ("reject".equals(action)) { - status = "Disabled"; + status = Constants.CFG_DISABLED; } else { throw new BadRequestException("Invalid action: " + action); } @@ -331,7 +332,7 @@ public class ConnectorService extends PKIService implements ConnectorResource { ConnectorRecord record = database.getRecord(connectorID); String status = record.getStatus(); - if (!"Disabled".equals(status)) { + if (!Constants.CFG_DISABLED.equals(status)) { throw new ForbiddenException("Unable to delete connector " + connectorID); } diff --git a/base/tps/src/org/dogtagpki/server/tps/rest/ProfileMappingService.java b/base/tps/src/org/dogtagpki/server/tps/rest/ProfileMappingService.java index f3a6f2e38..98f5f0986 100644 --- a/base/tps/src/org/dogtagpki/server/tps/rest/ProfileMappingService.java +++ b/base/tps/src/org/dogtagpki/server/tps/rest/ProfileMappingService.java @@ -41,6 +41,7 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.ForbiddenException; import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.tps.profile.ProfileMappingCollection; import com.netscape.certsrv.tps.profile.ProfileMappingData; import com.netscape.certsrv.tps.profile.ProfileMappingResource; @@ -181,7 +182,7 @@ public class ProfileMappingService extends PKIService implements ProfileMappingR if (status == null || database.requiresApproval() && !database.canApprove(principal)) { // if status is unspecified or user doesn't have rights to approve, the entry is disabled - profileMappingData.setStatus("Disabled"); + profileMappingData.setStatus(Constants.CFG_DISABLED); } database.addRecord(profileMappingData.getID(), createProfileMappingRecord(profileMappingData)); @@ -210,21 +211,21 @@ public class ProfileMappingService extends PKIService implements ProfileMappingR ProfileMappingRecord record = database.getRecord(profileMappingID); // only disabled profile mapping can be updated - if (!"Disabled".equals(record.getStatus())) { + if (!Constants.CFG_DISABLED.equals(record.getStatus())) { throw new ForbiddenException("Unable to update profile mapping " + profileMappingID); } // update status if specified String status = profileMappingData.getStatus(); - if (status != null && !"Disabled".equals(status)) { - if (!"Enabled".equals(status)) { + if (status != null && !Constants.CFG_DISABLED.equals(status)) { + if (!Constants.CFG_ENABLED.equals(status)) { throw new ForbiddenException("Invalid profile mapping status: " + status); } // if user doesn't have rights, set to pending Principal principal = servletRequest.getUserPrincipal(); if (database.requiresApproval() && !database.canApprove(principal)) { - status = "Pending_Approval"; + status = Constants.CFG_PENDING_APPROVAL; } // enable profile mapping @@ -267,25 +268,25 @@ public class ProfileMappingService extends PKIService implements ProfileMappingR ProfileMappingRecord record = database.getRecord(profileMappingID); String status = record.getStatus(); - if ("Disabled".equals(status)) { + if (Constants.CFG_DISABLED.equals(status)) { if ("enable".equals(action)) { - status = "Enabled"; + status = Constants.CFG_ENABLED; } else { throw new BadRequestException("Invalid action: " + action); } - } else if ("Enabled".equals(status)) { + } else if (Constants.CFG_ENABLED.equals(status)) { if ("disable".equals(action)) { - status = "Disabled"; + status = Constants.CFG_DISABLED; } else { throw new BadRequestException("Invalid action: " + action); } - } else if ("Pending_Approval".equals(status)) { + } else if (Constants.CFG_PENDING_APPROVAL.equals(status)) { if ("approve".equals(action)) { - status = "Enabled"; + status = Constants.CFG_ENABLED; } else if ("reject".equals(action)) { - status = "Disabled"; + status = Constants.CFG_DISABLED; } else { throw new BadRequestException("Invalid action: " + action); } @@ -322,7 +323,7 @@ public class ProfileMappingService extends PKIService implements ProfileMappingR ProfileMappingRecord record = database.getRecord(profileMappingID); String status = record.getStatus(); - if (!"Disabled".equals(status)) { + if (!Constants.CFG_DISABLED.equals(status)) { throw new ForbiddenException("Unable to delete profile mapping " + profileMappingID); } diff --git a/base/tps/src/org/dogtagpki/server/tps/rest/ProfileService.java b/base/tps/src/org/dogtagpki/server/tps/rest/ProfileService.java index e5bfd4663..9505ad208 100644 --- a/base/tps/src/org/dogtagpki/server/tps/rest/ProfileService.java +++ b/base/tps/src/org/dogtagpki/server/tps/rest/ProfileService.java @@ -41,6 +41,7 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.ForbiddenException; import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.tps.profile.ProfileCollection; import com.netscape.certsrv.tps.profile.ProfileData; import com.netscape.certsrv.tps.profile.ProfileResource; @@ -185,7 +186,7 @@ public class ProfileService extends PKIService implements ProfileResource { if (status == null || database.requiresApproval() && !database.canApprove(principal)) { // if status is unspecified or user doesn't have rights to approve, the entry is disabled - profileData.setStatus("Disabled"); + profileData.setStatus(Constants.CFG_DISABLED); } database.addRecord(profileData.getID(), createProfileRecord(profileData)); @@ -218,21 +219,21 @@ public class ProfileService extends PKIService implements ProfileResource { ProfileRecord record = database.getRecord(profileID); // only disabled profile can be updated - if (!"Disabled".equals(record.getStatus())) { + if (!Constants.CFG_DISABLED.equals(record.getStatus())) { throw new ForbiddenException("Unable to update profile " + profileID); } // update status if specified String status = profileData.getStatus(); - if (status != null && !"Disabled".equals(status)) { - if (!"Enabled".equals(status)) { + if (status != null && !Constants.CFG_DISABLED.equals(status)) { + if (!Constants.CFG_ENABLED.equals(status)) { throw new ForbiddenException("Invalid profile status: " + status); } // if user doesn't have rights, set to pending Principal principal = servletRequest.getUserPrincipal(); if (database.requiresApproval() && !database.canApprove(principal)) { - status = "Pending_Approval"; + status = Constants.CFG_PENDING_APPROVAL; } // enable profile @@ -275,25 +276,25 @@ public class ProfileService extends PKIService implements ProfileResource { ProfileRecord record = database.getRecord(profileID); String status = record.getStatus(); - if ("Disabled".equals(status)) { + if (Constants.CFG_DISABLED.equals(status)) { if ("enable".equals(action)) { - status = "Enabled"; + status = Constants.CFG_ENABLED; } else { throw new BadRequestException("Invalid action: " + action); } - } else if ("Enabled".equals(status)) { + } else if (Constants.CFG_ENABLED.equals(status)) { if ("disable".equals(action)) { - status = "Disabled"; + status = Constants.CFG_DISABLED; } else { throw new BadRequestException("Invalid action: " + action); } - } else if ("Pending_Approval".equals(status)) { + } else if (Constants.CFG_PENDING_APPROVAL.equals(status)) { if ("approve".equals(action)) { - status = "Enabled"; + status = Constants.CFG_ENABLED; } else if ("reject".equals(action)) { - status = "Disabled"; + status = Constants.CFG_DISABLED; } else { throw new BadRequestException("Invalid action: " + action); } @@ -332,7 +333,7 @@ public class ProfileService extends PKIService implements ProfileResource { ProfileRecord record = database.getRecord(profileID); String status = record.getStatus(); - if (!"Disabled".equals(status)) { + if (!Constants.CFG_DISABLED.equals(status)) { throw new ForbiddenException("Unable to delete profile " + profileID); } |