diff options
Diffstat (limited to 'base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java')
| -rw-r--r-- | base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java | 321 |
1 files changed, 321 insertions, 0 deletions
diff --git a/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java b/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java new file mode 100644 index 000000000..52c87113d --- /dev/null +++ b/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java @@ -0,0 +1,321 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.profile.updater; + +import java.util.Enumeration; +import java.util.Locale; +import java.util.Vector; + +import netscape.ldap.LDAPException; +import netscape.security.x509.X509CertImpl; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.base.SessionContext; +import com.netscape.certsrv.logging.ILogger; +import com.netscape.certsrv.profile.EProfileException; +import com.netscape.certsrv.profile.IEnrollProfile; +import com.netscape.certsrv.profile.IProfile; +import com.netscape.certsrv.profile.IProfileUpdater; +import com.netscape.certsrv.property.EPropertyException; +import com.netscape.certsrv.property.IDescriptor; +import com.netscape.certsrv.request.IRequest; +import com.netscape.certsrv.request.RequestStatus; +import com.netscape.certsrv.usrgrp.IGroup; +import com.netscape.certsrv.usrgrp.IUGSubsystem; +import com.netscape.certsrv.usrgrp.IUser; +import com.netscape.cms.profile.common.EnrollProfile; + +/** + * This updater class will create the new user to the subsystem group and + * then add the subsystem certificate to the user. + * + * @version $Revision$, $Date$ + */ +public class SubsystemGroupUpdater implements IProfileUpdater { + + private IProfile mProfile = null; + private EnrollProfile mEnrollProfile = null; + private IConfigStore mConfig = null; + private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); + private Vector<String> mConfigNames = new Vector<String>(); + private Vector<String> mValueNames = new Vector<String>(); + + private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = + "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; + private final static String SIGNED_AUDIT_PASSWORD_VALUE = "********"; + private final static String SIGNED_AUDIT_EMPTY_NAME_VALUE_PAIR = "Unknown"; + private final static String SIGNED_AUDIT_NAME_VALUE_DELIMITER = ";;"; + private final static String SIGNED_AUDIT_NAME_VALUE_PAIRS_DELIMITER = "+"; + + public SubsystemGroupUpdater() { + } + + public void init(IProfile profile, IConfigStore config) + throws EProfileException { + mConfig = config; + mProfile = profile; + mEnrollProfile = (EnrollProfile) profile; + } + + public Enumeration<String> getConfigNames() { + return mConfigNames.elements(); + } + + public IDescriptor getConfigDescriptor(Locale locale, String name) { + return null; + } + + public void setConfig(String name, String value) + throws EPropertyException { + if (mConfig.getSubStore("params") == null) { + // + } else { + mConfig.getSubStore("params").putString(name, value); + } + } + + public String getConfig(String name) { + try { + if (mConfig == null) { + return null; + } + if (mConfig.getSubStore("params") != null) { + return mConfig.getSubStore("params").getString(name); + } + } catch (EBaseException e) { + } + return ""; + } + + public IConfigStore getConfigStore() { + return mConfig; + } + + public void update(IRequest req, RequestStatus status) + throws EProfileException { + + String auditMessage = null; + String auditSubjectID = auditSubjectID(); + + CMS.debug("SubsystemGroupUpdater update starts"); + if (status != req.getRequestStatus()) { + return; + } + + X509CertImpl cert = req.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); + if (cert == null) + return; + + IConfigStore mainConfig = CMS.getConfigStore(); + + int num = 0; + try { + num = mainConfig.getInteger("subsystem.count", 0); + } catch (Exception e) { + } + + IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID)); + + String requestor_name = "subsystem"; + try { + requestor_name = req.getExtDataInString("requestor_name"); + } catch (Exception e1) { + // ignore + } + + // i.e. tps-1.2.3.4-4 + String id = requestor_name; + + num++; + mainConfig.putInteger("subsystem.count", num); + + try { + mainConfig.commit(false); + } catch (Exception e) { + } + String auditParams = "Scope;;users+Operation;;OP_ADD+source;;SubsystemGroupUpdater" + + "+Resource;;" + id + + "+fullname;;" + id + + "+state;;1" + + "+userType;;agentType+email;;<null>+password;;<null>+phone;;<null>"; + + IUser user = null; + CMS.debug("SubsystemGroupUpdater adduser"); + try { + user = system.createUser(id); + user.setFullName(id); + user.setEmail(""); + user.setPassword(""); + user.setUserType("agentType"); + user.setState("1"); + user.setPhone(""); + X509CertImpl[] certs = new X509CertImpl[1]; + certs[0] = cert; + user.setX509Certificates(certs); + + system.addUser(user); + CMS.debug("SubsystemGroupUpdater update: successfully add the user"); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams); + audit(auditMessage); + + String b64 = ILogger.SIGNED_AUDIT_EMPTY_VALUE; + try { + byte[] certEncoded = cert.getEncoded(); + b64 = CMS.BtoA(certEncoded).trim(); + + // extract all line separators + StringBuffer sb = new StringBuffer(); + for (int i = 0; i < b64.length(); i++) { + if (!Character.isWhitespace(b64.charAt(i))) { + sb.append(b64.charAt(i)); + } + } + b64 = sb.toString(); + } catch (Exception ence) { + CMS.debug("SubsystemGroupUpdater update: user cert encoding failed: " + ence); + } + + auditParams = "Scope;;certs+Operation;;OP_ADD+source;;SubsystemGroupUpdater" + + "+Resource;;" + id + + "+cert;;" + b64; + + system.addUserCert(user); + CMS.debug("SubsystemGroupUpdater update: successfully add the user certificate"); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams); + audit(auditMessage); + } catch (LDAPException e) { + CMS.debug("UpdateSubsystemGroup: update " + e.toString()); + if (e.getLDAPResultCode() != LDAPException.ENTRY_ALREADY_EXISTS) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams); + audit(auditMessage); + throw new EProfileException(e.toString()); + } + } catch (Exception e) { + CMS.debug("UpdateSubsystemGroup: update addUser " + e.toString()); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams); + audit(auditMessage); + throw new EProfileException(e.toString()); + } + + IGroup group = null; + String groupName = "Subsystem Group"; + auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;SubsystemGroupUpdater" + + "+Resource;;" + groupName; + + try { + group = system.getGroupFromName(groupName); + + auditParams += "+user;;"; + Enumeration<String> members = group.getMemberNames(); + while (members.hasMoreElements()) { + auditParams += members.nextElement(); + if (members.hasMoreElements()) { + auditParams += ","; + } + } + + if (!group.isMember(id)) { + auditParams += "," + id; + group.addMemberName(id); + system.modifyGroup(group); + + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams); + audit(auditMessage); + + CMS.debug("UpdateSubsystemGroup: update: successfully added the user to the group."); + } else { + CMS.debug("UpdateSubsystemGroup: update: user already a member of the group"); + } + } catch (Exception e) { + CMS.debug("UpdateSubsystemGroup update: modifyGroup " + e.toString()); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams); + audit(auditMessage); + } + } + + public String getName(Locale locale) { + return CMS.getUserMessage(locale, "CMS_PROFILE_UPDATER_SUBSYSTEM_NAME"); + } + + public String getText(Locale locale) { + return CMS.getUserMessage(locale, "CMS_PROFILE_UPDATER_SUBSYSTEM_TEXT"); + } + + private void audit(String msg) { + if (mSignedAuditLogger == null) { + return; + } + + mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); + } + + private String auditSubjectID() { + if (mSignedAuditLogger == null) { + return null; + } + + String subjectID = null; + + // Initialize subjectID + SessionContext auditContext = SessionContext.getExistingContext(); + + if (auditContext != null) { + subjectID = (String) + auditContext.get(SessionContext.USER_ID); + + if (subjectID != null) { + subjectID = subjectID.trim(); + } else { + subjectID = ILogger.NONROLEUSER; + } + } else { + subjectID = ILogger.UNIDENTIFIED; + } + return subjectID; + } +} |