diff options
12 files changed, 143 insertions, 75 deletions
diff --git a/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownRealm.java b/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownRealm.java new file mode 100644 index 000000000..1be1577b3 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownRealm.java @@ -0,0 +1,28 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + +public class EAuthzUnknownRealm extends EAuthzException { + + private static final long serialVersionUID = 2288587364467614277L; + + public EAuthzUnknownRealm(String errorString) { + super(errorString); + } + +} diff --git a/base/common/src/com/netscape/certsrv/key/KeyArchivalRequest.java b/base/common/src/com/netscape/certsrv/key/KeyArchivalRequest.java index d2a7749b3..67810a02f 100644 --- a/base/common/src/com/netscape/certsrv/key/KeyArchivalRequest.java +++ b/base/common/src/com/netscape/certsrv/key/KeyArchivalRequest.java @@ -214,7 +214,11 @@ public class KeyArchivalRequest extends ResourceMessage { * @param realm - the authentication realm */ public void setRealm(String realm) { - attributes.put(REALM, realm); + if (realm != null) { + attributes.put(REALM, realm); + } else { + attributes.remove(REALM); + } } public String toString() { diff --git a/base/common/src/com/netscape/certsrv/key/KeyClient.java b/base/common/src/com/netscape/certsrv/key/KeyClient.java index 1c8a76bfe..cb35922f6 100644 --- a/base/common/src/com/netscape/certsrv/key/KeyClient.java +++ b/base/common/src/com/netscape/certsrv/key/KeyClient.java @@ -653,10 +653,7 @@ public class KeyClient extends Client { String req1 = Utils.base64encode(encryptedData); data.setWrappedPrivateData(req1); data.setTransWrappedSessionKey(Utils.base64encode(transWrappedSessionKey)); - - if (realm != null) { - data.setRealm(realm); - } + data.setRealm(realm); return submitRequest(data); } @@ -708,10 +705,7 @@ public class KeyClient extends Client { String options = Utils.base64encode(pkiArchiveOptions); data.setPKIArchiveOptions(options); - - if (realm != null) { - data.setRealm(realm); - } + data.setRealm(realm); return submitRequest(data); } @@ -757,9 +751,7 @@ public class KeyClient extends Client { data.setUsages(usages); data.setTransWrappedSessionKey(transWrappedSessionKey); - if (realm != null) { - data.setRealm(realm); - } + data.setRealm(realm); return submitRequest(data); } @@ -829,10 +821,7 @@ public class KeyClient extends Client { data.setKeySize(keySize); data.setUsages(usages); data.setTransWrappedSessionKey(Utils.base64encode(transWrappedSessionKey)); - - if (realm != null) { - data.setRealm(realm); - } + data.setRealm(realm); return submitRequest(data); } diff --git a/base/common/src/com/netscape/certsrv/key/KeyGenerationRequest.java b/base/common/src/com/netscape/certsrv/key/KeyGenerationRequest.java index 37fc1c2b2..50946bb9f 100644 --- a/base/common/src/com/netscape/certsrv/key/KeyGenerationRequest.java +++ b/base/common/src/com/netscape/certsrv/key/KeyGenerationRequest.java @@ -134,6 +134,10 @@ public class KeyGenerationRequest extends ResourceMessage{ * @param realm - authorization realm to set */ public void setRealm(String realm) { - attributes.put(REALM, realm); + if (realm != null) { + attributes.put(REALM, realm); + } else { + attributes.remove(REALM); + } } } diff --git a/base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java b/base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java index 8504f0ea2..41d78af53 100644 --- a/base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java +++ b/base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java @@ -38,6 +38,7 @@ import org.mozilla.jss.crypto.SymmetricKey; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.authorization.EAuthzAccessDenied; +import com.netscape.certsrv.authorization.EAuthzUnknownRealm; import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.PKIException; @@ -171,15 +172,25 @@ public class KeyRequestService extends PKIService implements KeyRequestResource if (getRequestor() == null) { throw new UnauthorizedException("Archival must be performed by an agent"); } + + String realm = data.getRealm(); + if (realm != null) { + authz.checkRealm(realm, getAuthToken(), null, "keyRequest", "archive"); + } response = dao.submitRequest(data, uriInfo, getRequestor()); auditArchivalRequestMade(response.getRequestInfo().getRequestId(), ILogger.SUCCESS, data.getClientKeyId()); return createCreatedResponse(response, new URI(response.getRequestInfo().getRequestURL())); - + } catch (EAuthzAccessDenied e) { + auditArchivalRequestMade(null, ILogger.FAILURE, data.getClientKeyId()); + throw new UnauthorizedException("Not authorized to generate request in this realm", e); + } catch (EAuthzUnknownRealm e) { + auditArchivalRequestMade(null, ILogger.FAILURE, data.getClientKeyId()); + throw new BadRequestException("Invalid realm", e); } catch (EBaseException | URISyntaxException e) { e.printStackTrace(); auditArchivalRequestMade(null, ILogger.FAILURE, data.getClientKeyId()); - throw new PKIException(e.toString()); + throw new PKIException(e.toString(), e); } } @@ -216,7 +227,7 @@ public class KeyRequestService extends PKIService implements KeyRequestResource } catch (EBaseException | URISyntaxException e) { e.printStackTrace(); auditRecoveryRequestMade(null, ILogger.FAILURE, data.getKeyId()); - throw new PKIException(e.toString()); + throw new PKIException(e.toString(), e); } } @@ -233,11 +244,11 @@ public class KeyRequestService extends PKIService implements KeyRequestResource dao.approveRequest(id, getRequestor(), getAuthToken()); auditRecoveryRequestChange(id, ILogger.SUCCESS, "approve"); } catch (EAuthzAccessDenied e) { - throw new UnauthorizedException("Not authorized to approve request"); + throw new UnauthorizedException("Not authorized to approve request", e); } catch (EBaseException e) { e.printStackTrace(); auditRecoveryRequestChange(id, ILogger.FAILURE, "approve"); - throw new PKIException(e.toString()); + throw new PKIException(e.toString(), e); } return createNoContentResponse(); @@ -254,11 +265,11 @@ public class KeyRequestService extends PKIService implements KeyRequestResource dao.rejectRequest(id, getAuthToken()); auditRecoveryRequestChange(id, ILogger.SUCCESS, "reject"); }catch (EAuthzAccessDenied e) { - throw new UnauthorizedException("Not authorized to reject request"); + throw new UnauthorizedException("Not authorized to reject request", e); } catch (EBaseException e) { e.printStackTrace(); auditRecoveryRequestChange(id, ILogger.FAILURE, "reject"); - throw new PKIException(e.toString()); + throw new PKIException(e.toString(), e); } return createNoContentResponse(); @@ -275,11 +286,11 @@ public class KeyRequestService extends PKIService implements KeyRequestResource dao.cancelRequest(id, getAuthToken()); auditRecoveryRequestChange(id, ILogger.SUCCESS, "cancel"); } catch (EAuthzAccessDenied e) { - throw new UnauthorizedException("Not authorized to cancel request"); + throw new UnauthorizedException("Not authorized to cancel request", e); } catch (EBaseException e) { e.printStackTrace(); auditRecoveryRequestChange(id, ILogger.FAILURE, "cancel"); - throw new PKIException(e.toString()); + throw new PKIException(e.toString(), e); } return createNoContentResponse(); @@ -295,10 +306,12 @@ public class KeyRequestService extends PKIService implements KeyRequestResource try { authz.checkRealm(realm, getAuthToken(), null, "keyRequests", "list"); } catch (EAuthzAccessDenied e) { - throw new UnauthorizedException("Not authorized to list these requests"); + throw new UnauthorizedException("Not authorized to list these requests", e); + } catch (EAuthzUnknownRealm e) { + throw new BadRequestException("Invalid realm", e); } catch (EBaseException e) { CMS.debug("listRequests: unable to authorize realm" + e); - throw new PKIException(e.toString()); + throw new PKIException(e.toString(), e); } } // get ldap filter @@ -317,7 +330,7 @@ public class KeyRequestService extends PKIService implements KeyRequestResource } catch (EBaseException e) { CMS.debug("listRequests: error in obtaining request results" + e); e.printStackTrace(); - throw new PKIException(e.toString()); + throw new PKIException(e.toString(), e); } return createOKResponse(requests); } @@ -426,7 +439,7 @@ public class KeyRequestService extends PKIService implements KeyRequestResource request = requestClazz.getDeclaredConstructor(ResourceMessage.class).newInstance(data); } catch (ClassNotFoundException | NoSuchMethodException | SecurityException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) { - throw new BadRequestException("Invalid request class." + e); + throw new BadRequestException("Invalid request class." + e, e); } if (request instanceof KeyArchivalRequest) { @@ -453,16 +466,26 @@ public class KeyRequestService extends PKIService implements KeyRequestResource if (getRequestor() == null) { throw new UnauthorizedException("Key generation must be performed by an agent"); } + String realm = data.getRealm(); + if (realm != null) { + authz.checkRealm(realm, getAuthToken(), null, "keyRequest", "generateSymkey"); + } + response = dao.submitRequest(data, uriInfo, getRequestor()); auditSymKeyGenRequestMade(response.getRequestInfo().getRequestId(), ILogger.SUCCESS, data.getClientKeyId()); return createCreatedResponse(response, new URI(response.getRequestInfo().getRequestURL())); - + } catch (EAuthzAccessDenied e) { + auditSymKeyGenRequestMade(null, ILogger.FAILURE, data.getClientKeyId()); + throw new UnauthorizedException("Not authorized to generate request in this realm", e); + } catch (EAuthzUnknownRealm e) { + auditSymKeyGenRequestMade(null, ILogger.FAILURE, data.getClientKeyId()); + throw new BadRequestException("Invalid realm", e); } catch (EBaseException | URISyntaxException e) { e.printStackTrace(); auditSymKeyGenRequestMade(null, ILogger.FAILURE, data.getClientKeyId()); - throw new PKIException(e.toString()); + throw new PKIException(e.toString(), e); } } @@ -477,16 +500,26 @@ public class KeyRequestService extends PKIService implements KeyRequestResource if (getRequestor() == null) { throw new UnauthorizedException("Key generation must be performed by an agent"); } + String realm = data.getRealm(); + if (realm != null) { + authz.checkRealm(realm, getAuthToken(), null, "keyRequest", "generateAsymkey"); + } + response = dao.submitRequest(data, uriInfo, getRequestor()); auditAsymKeyGenRequestMade(response.getRequestInfo().getRequestId(), ILogger.SUCCESS, data.getClientKeyId()); return createCreatedResponse(response, new URI(response.getRequestInfo().getRequestURL())); - + } catch (EAuthzAccessDenied e) { + auditAsymKeyGenRequestMade(null, ILogger.FAILURE, data.getClientKeyId()); + throw new UnauthorizedException("Not authorized to generate request in this realm", e); + } catch (EAuthzUnknownRealm e) { + auditAsymKeyGenRequestMade(null, ILogger.FAILURE, data.getClientKeyId()); + throw new BadRequestException("Invalid realm", e); } catch (EBaseException | URISyntaxException e) { e.printStackTrace(); auditAsymKeyGenRequestMade(null, ILogger.FAILURE, data.getClientKeyId()); - throw new PKIException(e.toString()); + throw new PKIException(e.toString(), e); } } diff --git a/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java b/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java index 52df7696f..255d8d614 100644 --- a/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java +++ b/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java @@ -44,6 +44,7 @@ import org.jboss.resteasy.plugins.providers.atom.Link; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.authorization.EAuthzAccessDenied; +import com.netscape.certsrv.authorization.EAuthzUnknownRealm; import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.HTTPGoneException; @@ -150,7 +151,7 @@ public class KeyService extends PKIService implements KeyResource { } catch (EBaseException e) { CMS.debug(e); auditRetrieveKey(ILogger.FAILURE, requestID, null, auditInfo + ";" + e.getMessage()); - throw new PKIException(e.getMessage()); + throw new PKIException(e.getMessage(), e); } String type = request.getRequestType(); @@ -170,7 +171,7 @@ public class KeyService extends PKIService implements KeyResource { } catch (Exception e) { CMS.debug(e); auditRetrieveKey(ILogger.FAILURE, requestID, keyId, auditInfo + ";" + e.getMessage()); - throw new PKIException(e.getMessage()); + throw new PKIException(e.getMessage(), e); } if (keyData == null) { @@ -348,7 +349,7 @@ public class KeyService extends PKIService implements KeyResource { CMS.debug(logMessage); e1.printStackTrace(); - throw new PKIException(logMessage + e1.getMessage()); + throw new PKIException(logMessage + e1.getMessage(), e1); } if (reqInfo == null) { // request not found @@ -377,7 +378,7 @@ public class KeyService extends PKIService implements KeyResource { logMessage = e.getMessage(); CMS.debug(logMessage); - throw new PKIException(logMessage); + throw new PKIException(logMessage, e); } String originator = request.getExtDataInString(IRequest.ATTR_REQUEST_OWNER); if (! originator.equals(retriever)) { @@ -423,10 +424,12 @@ public class KeyService extends PKIService implements KeyResource { try { authz.checkRealm(realm, getAuthToken(), null, "keys", "list"); } catch (EAuthzAccessDenied e) { - throw new UnauthorizedException("Not authorized to list these keys"); + throw new UnauthorizedException("Not authorized to list these keys", e); + } catch (EAuthzUnknownRealm e) { + throw new BadRequestException("Invalid realm", e); } catch (EBaseException e) { CMS.debug("listRequests: unable to authorize realm" + e); - throw new PKIException(e.toString()); + throw new PKIException(e.toString(), e); } } @@ -475,7 +478,7 @@ public class KeyService extends PKIService implements KeyResource { auditRetrieveKey(ILogger.FAILURE, null, clientKeyID, e.getMessage() + auditInfo); e.printStackTrace(); - throw new PKIException(e.getMessage()); + throw new PKIException(e.getMessage(), e); } auditRetrieveKey(ILogger.SUCCESS, null, clientKeyID, auditInfo); @@ -508,10 +511,10 @@ public class KeyService extends PKIService implements KeyResource { try { authz.checkRealm(info.getRealm(), getAuthToken(), info.getOwnerName(), "key", "read"); } catch (EAuthzAccessDenied e) { - throw new UnauthorizedException("Not authorized to read this key"); + throw new UnauthorizedException("Not authorized to read this key", e); } catch (EBaseException e) { CMS.debug("listRequests: unable to authorize realm" + e); - throw new PKIException(e.toString()); + throw new PKIException(e.toString(), e); } auditRetrieveKey(ILogger.SUCCESS, null, clientKeyID, auditInfo); @@ -686,18 +689,17 @@ public class KeyService extends PKIService implements KeyResource { } catch (EAuthzAccessDenied e) { auditInfo = method + "Unauthorized access for key record"; auditRetrieveKey(ILogger.FAILURE, null, keyId, auditInfo); - throw new UnauthorizedException(auditInfo); + throw new UnauthorizedException(auditInfo, e); } catch (EDBRecordNotFoundException e) { auditInfo = method + e.getMessage(); auditRetrieveKey(ILogger.FAILURE, null, keyId, auditInfo); - - throw new KeyNotFoundException(keyId); + throw new KeyNotFoundException(keyId, "key not found", e); } catch (Exception e) { auditInfo = method + "Unable to retrieve key record: " + e.getMessage(); auditRetrieveKey(ILogger.FAILURE, null, keyId, auditInfo); CMS.debug(auditInfo); e.printStackTrace(); - throw new PKIException(e.getMessage()); + throw new PKIException(e.getMessage(), e); } } @@ -735,14 +737,14 @@ public class KeyService extends PKIService implements KeyResource { CMS.debug(auditInfo); auditKeyStatusChange(ILogger.FAILURE, keyId.toString(), (info!=null)?info.getStatus():null, status, auditInfo); - throw new KeyNotFoundException(keyId); + throw new KeyNotFoundException(keyId, "key not found to modify", e); } catch (Exception e) { auditInfo = auditInfo + ":" + e.getMessage(); CMS.debug(auditInfo); auditKeyStatusChange(ILogger.FAILURE, keyId.toString(), (info!=null)?info.getStatus():null, status, auditInfo); e.printStackTrace(); - throw new PKIException(e.getMessage()); + throw new PKIException(e.getMessage(), e); } } diff --git a/base/server/cms/src/com/netscape/cms/authorization/BasicGroupAuthz.java b/base/server/cms/src/com/netscape/cms/authorization/BasicGroupAuthz.java index 1908e3c69..0bf24311f 100644 --- a/base/server/cms/src/com/netscape/cms/authorization/BasicGroupAuthz.java +++ b/base/server/cms/src/com/netscape/cms/authorization/BasicGroupAuthz.java @@ -44,35 +44,35 @@ public class BasicGroupAuthz implements IAuthzManager, IExtendedPluginInfo { private static final String GROUP = "group"; /* name of this authorization manager instance */ - private String name = null; + private String name; /* name of the authorization manager plugin */ - private String implName = null; + private String implName; /* configuration store */ private IConfigStore config; /* group that is allowed to access resources */ - private String groupName = null; + private String groupName; /* Vector of extendedPluginInfo strings */ - protected static Vector<String> mExtendedPluginInfo = null; + protected static Vector<String> extendedPluginInfo; - protected static String[] mConfigParams = null; + protected static String[] configParams; static { - mExtendedPluginInfo = new Vector<String>(); - mExtendedPluginInfo.add("group;string,required;" + + extendedPluginInfo = new Vector<String>(); + extendedPluginInfo.add("group;string,required;" + "Group to permit access"); } public BasicGroupAuthz() { - mConfigParams = new String[] {"group"}; + configParams = new String[] {"group"}; } @Override public String[] getExtendedPluginInfo(Locale locale) { - String[] s = Utils.getStringArrayFromVector(mExtendedPluginInfo); + String[] s = Utils.getStringArrayFromVector(extendedPluginInfo); return s; } @@ -103,6 +103,7 @@ public class BasicGroupAuthz implements IAuthzManager, IExtendedPluginInfo { IUGSubsystem ug = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); IGroup group = ug.getGroupFromName(groupName); if (!group.isMember(user)) { + CMS.debug("BasicGroupAuthz: access denied. User: " + user + " is not a member of group: " + groupName); throw new EAuthzAccessDenied("Access denied"); } @@ -139,7 +140,7 @@ public class BasicGroupAuthz implements IAuthzManager, IExtendedPluginInfo { @Override public String[] getConfigParams() throws EBaseException { - return mConfigParams; + return configParams; } @Override diff --git a/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java b/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java index 8aa0d21ee..04bb6f2ec 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java +++ b/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java @@ -37,6 +37,7 @@ import org.mozilla.jss.crypto.KeyPairAlgorithm; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.IAuthToken; +import com.netscape.certsrv.authorization.EAuthzUnknownRealm; import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.PKIException; @@ -259,13 +260,15 @@ public class KeyRequestDAO extends CMSRequestDAO { try { rec = repo.readKeyRecord(keyId.toBigInteger()); } catch (EDBRecordNotFoundException e) { - throw new KeyNotFoundException(keyId); + throw new KeyNotFoundException(keyId, "key not found to recover", e); } try { authz.checkRealm(rec.getRealm(), authToken, rec.getOwnerName(), "key", "recover"); + } catch (EAuthzUnknownRealm e) { + throw new UnauthorizedException("Invalid realm", e); } catch (EBaseException e) { - throw new UnauthorizedException("Agent not authorized by realm"); + throw new UnauthorizedException("Agent not authorized by realm", e); } Hashtable<String, Object> requestParams; @@ -315,13 +318,15 @@ public class KeyRequestDAO extends CMSRequestDAO { try { rec = repo.readKeyRecord(keyId.toBigInteger()); } catch (EDBRecordNotFoundException e) { - throw new KeyNotFoundException(keyId); + throw new KeyNotFoundException(keyId, "key not found to recover", e); } try { authz.checkRealm(rec.getRealm(), authToken, rec.getOwnerName(), "key", "recover"); + } catch (EAuthzUnknownRealm e) { + throw new UnauthorizedException("Invalid realm", e); } catch (EBaseException e) { - throw new UnauthorizedException("Agent not authorized by realm"); + throw new UnauthorizedException("Agent not authorized by realm", e); } String b64Certificate = data.getCertificate(); @@ -332,7 +337,7 @@ public class KeyRequestDAO extends CMSRequestDAO { // TODO - update request with realm } catch (EBaseException | CertificateException e) { e.printStackTrace(); - throw new PKIException(e.toString()); + throw new PKIException(e.toString(), e); } IRequest request = null; try { diff --git a/base/server/cmscore/src/com/netscape/cmscore/authorization/AuthzSubsystem.java b/base/server/cmscore/src/com/netscape/cmscore/authorization/AuthzSubsystem.java index 8b126d2da..354485897 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/authorization/AuthzSubsystem.java +++ b/base/server/cmscore/src/com/netscape/cmscore/authorization/AuthzSubsystem.java @@ -32,6 +32,7 @@ import com.netscape.certsrv.authorization.EAuthzAccessDenied; import com.netscape.certsrv.authorization.EAuthzException; import com.netscape.certsrv.authorization.EAuthzMgrNotFound; import com.netscape.certsrv.authorization.EAuthzMgrPluginNotFound; +import com.netscape.certsrv.authorization.EAuthzUnknownRealm; import com.netscape.certsrv.authorization.IAuthzManager; import com.netscape.certsrv.authorization.IAuthzSubsystem; import com.netscape.certsrv.base.EBaseException; @@ -480,8 +481,9 @@ public class AuthzSubsystem implements IAuthzSubsystem { if ((owner != null) && owner.equals(authToken.getInString(IAuthToken.USER_ID))) return; String mgrName = getAuthzManagerByRealm(realm); - // if no authz manager for this realm, SUCCESS by default - if (mgrName == null) return; + if (mgrName == null) { + throw new EAuthzUnknownRealm("Realm not found"); + } AuthzToken authzToken = authorize(mgrName, authToken, resource, operation); if (authzToken == null) { diff --git a/base/server/cmscore/src/com/netscape/cmscore/dbs/KeyRecord.java b/base/server/cmscore/src/com/netscape/cmscore/dbs/KeyRecord.java index fbf2ee227..90050132b 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/dbs/KeyRecord.java +++ b/base/server/cmscore/src/com/netscape/cmscore/dbs/KeyRecord.java @@ -56,7 +56,7 @@ public class KeyRecord implements IDBObj, IKeyRecord { private String mClientId = null; private String mStatus = null; private String mDataType = null; - private String mRealm = null; + private String realm = null; protected static Vector<String> mNames = new Vector<String>(); @@ -141,7 +141,7 @@ public class KeyRecord implements IDBObj, IKeyRecord { } else if (name.equalsIgnoreCase(ATTR_STATUS)) { mStatus = (String) object; } else if (name.equalsIgnoreCase(ATTR_REALM)) { - mRealm = (String) object; + realm = (String) object; } else { throw new EBaseException(com.netscape.certsrv.apps.CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", name)); } @@ -183,7 +183,7 @@ public class KeyRecord implements IDBObj, IKeyRecord { } else if (name.equalsIgnoreCase(ATTR_STATUS)) { return mStatus; } else if (name.equalsIgnoreCase(ATTR_REALM)) { - return mRealm; + return realm; } else { throw new EBaseException(com.netscape.certsrv.apps.CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", name)); } @@ -395,6 +395,6 @@ public class KeyRecord implements IDBObj, IKeyRecord { @Override public String getRealm() throws EBaseException { - return mRealm; + return realm; } } diff --git a/base/server/cmscore/src/com/netscape/cmscore/request/ARequestRecord.java b/base/server/cmscore/src/com/netscape/cmscore/request/ARequestRecord.java index 418422a9b..6592b0148 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/request/ARequestRecord.java +++ b/base/server/cmscore/src/com/netscape/cmscore/request/ARequestRecord.java @@ -39,5 +39,5 @@ class ARequestRecord { String mOwner; String mRequestType; Hashtable<String, Object> mExtData; - String mRealm; + String realm; }; diff --git a/base/server/cmscore/src/com/netscape/cmscore/request/RequestRecord.java b/base/server/cmscore/src/com/netscape/cmscore/request/RequestRecord.java index 38060c2f2..074bff41c 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/request/RequestRecord.java +++ b/base/server/cmscore/src/com/netscape/cmscore/request/RequestRecord.java @@ -93,7 +93,7 @@ public class RequestRecord else if (name.equals(IRequestRecord.ATTR_EXT_DATA)) return mExtData; else if (name.equals(IRequestRecord.ATTR_REALM)) - return mRealm; + return realm; else { RequestAttr ra = mAttrTable.get(name); @@ -122,7 +122,7 @@ public class RequestRecord else if (name.equals(IRequestRecord.ATTR_REQUEST_OWNER)) mOwner = (String) o; else if (name.equals(IRequestRecord.ATTR_REALM)) - mRealm = (String) o; + realm = (String) o; else if (name.equals(IRequestRecord.ATTR_EXT_DATA)) mExtData = (Hashtable<String, Object>) o; else { @@ -159,7 +159,7 @@ public class RequestRecord mOwner = r.getRequestOwner(); mCreateTime = r.getCreationTime(); mModifyTime = r.getModificationTime(); - mRealm = r.getRealm(); + realm = r.getRealm(); mExtData = loadExtDataFromRequest(r); for (int i = 0; i < mRequestA.length; i++) { @@ -173,7 +173,7 @@ public class RequestRecord r.setRequestOwner(mOwner); a.modModificationTime(r, mModifyTime); a.modCreationTime(r, mCreateTime); - r.setRealm(mRealm); + r.setRealm(realm); storeExtDataIntoRequest(r); for (int i = 0; i < mRequestA.length; i++) { |