diff options
Diffstat (limited to 'base/common/src/com/netscape/cms/servlet/admin')
5 files changed, 64 insertions, 48 deletions
diff --git a/base/common/src/com/netscape/cms/servlet/admin/GroupMemberService.java b/base/common/src/com/netscape/cms/servlet/admin/GroupMemberService.java index 0854be3aa..cd17f5b6c 100644 --- a/base/common/src/com/netscape/cms/servlet/admin/GroupMemberService.java +++ b/base/common/src/com/netscape/cms/servlet/admin/GroupMemberService.java @@ -29,15 +29,18 @@ import javax.ws.rs.core.Response; import org.jboss.resteasy.plugins.providers.atom.Link; import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.BadRequestException; +import com.netscape.certsrv.base.ConflictingOperationException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.base.ResourceNotFoundException; import com.netscape.certsrv.base.SessionContext; import com.netscape.certsrv.common.OpDef; import com.netscape.certsrv.common.ScopeDef; import com.netscape.certsrv.group.GroupMemberCollection; import com.netscape.certsrv.group.GroupMemberData; import com.netscape.certsrv.group.GroupMemberResource; +import com.netscape.certsrv.group.GroupNotFoundException; import com.netscape.certsrv.logging.AuditFormat; import com.netscape.certsrv.logging.IAuditor; import com.netscape.certsrv.logging.ILogger; @@ -81,13 +84,13 @@ public class GroupMemberService extends PKIService implements GroupMemberResourc if (groupID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IGroup group = userGroupManager.getGroupFromName(groupID); if (group == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST")); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_GROUP_NOT_EXIST")); + throw new GroupNotFoundException(groupID); } GroupMemberCollection response = new GroupMemberCollection(); @@ -141,13 +144,13 @@ public class GroupMemberService extends PKIService implements GroupMemberResourc try { if (groupID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IGroup group = userGroupManager.getGroupFromName(groupID); if (group == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST")); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_GROUP_NOT_EXIST")); + throw new GroupNotFoundException(groupID); } String memberID = groupMemberData.getID(); @@ -171,7 +174,7 @@ public class GroupMemberService extends PKIService implements GroupMemberResourc if (!isDuplicate(groupID, memberID)) { userGroupManager.addUserToGroup(group, memberID); } else { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_DUPLICATE_ROLES", memberID)); + throw new ConflictingOperationException(CMS.getUserMessage("CMS_BASE_DUPLICATE_ROLES", memberID)); } } else { @@ -289,13 +292,13 @@ public class GroupMemberService extends PKIService implements GroupMemberResourc try { if (groupID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IGroup group = userGroupManager.getGroupFromName(groupID); if (group == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST")); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_GROUP_NOT_EXIST")); + throw new GroupNotFoundException(groupID); } Enumeration<String> e = group.getMemberNames(); @@ -307,7 +310,7 @@ public class GroupMemberService extends PKIService implements GroupMemberResourc return groupMemberData; } - throw new PKIException("Group member not found"); + throw new ResourceNotFoundException("Group member " + memberID + " not found"); } catch (PKIException e) { throw e; @@ -329,13 +332,13 @@ public class GroupMemberService extends PKIService implements GroupMemberResourc try { if (groupID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IGroup group = userGroupManager.getGroupFromName(groupID); if (group == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST")); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_GROUP_NOT_EXIST")); + throw new GroupNotFoundException(groupID); } String member = groupMemberData.getID(); diff --git a/base/common/src/com/netscape/cms/servlet/admin/GroupService.java b/base/common/src/com/netscape/cms/servlet/admin/GroupService.java index b82df9a2f..012e00c33 100644 --- a/base/common/src/com/netscape/cms/servlet/admin/GroupService.java +++ b/base/common/src/com/netscape/cms/servlet/admin/GroupService.java @@ -30,12 +30,14 @@ import org.apache.commons.lang.StringUtils; import org.jboss.resteasy.plugins.providers.atom.Link; import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.PKIException; import com.netscape.certsrv.common.OpDef; import com.netscape.certsrv.common.ScopeDef; import com.netscape.certsrv.group.GroupCollection; import com.netscape.certsrv.group.GroupData; +import com.netscape.certsrv.group.GroupNotFoundException; import com.netscape.certsrv.group.GroupResource; import com.netscape.certsrv.logging.IAuditor; import com.netscape.certsrv.logging.ILogger; @@ -131,13 +133,13 @@ public class GroupService extends PKIService implements GroupResource { try { if (groupID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IGroup group = userGroupManager.getGroupFromName(groupID); if (group == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST")); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_GROUP_NOT_EXIST")); + throw new GroupNotFoundException(groupID); } return createGroupData(group); @@ -173,7 +175,7 @@ public class GroupService extends PKIService implements GroupResource { try { if (groupID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IGroup group = userGroupManager.createGroup(groupID); @@ -237,7 +239,7 @@ public class GroupService extends PKIService implements GroupResource { try { if (groupID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IGroup group = userGroupManager.getGroupFromName(groupID); @@ -295,7 +297,7 @@ public class GroupService extends PKIService implements GroupResource { try { if (groupID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } // if fails, let the exception fall through diff --git a/base/common/src/com/netscape/cms/servlet/admin/SystemCertService.java b/base/common/src/com/netscape/cms/servlet/admin/SystemCertService.java index 8c2d8d9b9..2e1277b30 100644 --- a/base/common/src/com/netscape/cms/servlet/admin/SystemCertService.java +++ b/base/common/src/com/netscape/cms/servlet/admin/SystemCertService.java @@ -20,10 +20,11 @@ package com.netscape.cms.servlet.admin; import java.security.cert.CertificateEncodingException; -import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.Response; import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.base.ResourceNotFoundException; import com.netscape.certsrv.cert.CertData; import com.netscape.certsrv.kra.IKeyRecoveryAuthority; import com.netscape.certsrv.security.ITransportKeyUnit; @@ -50,25 +51,25 @@ public class SystemCertService extends PKIService implements SystemCertResource kra = (IKeyRecoveryAuthority) CMS.getSubsystem("kra"); if (kra == null) { // no KRA - throw new WebApplicationException(Response.Status.NOT_FOUND); + throw new ResourceNotFoundException("KRA subsystem not found."); } ITransportKeyUnit tu = kra.getTransportKeyUnit(); if (tu == null) { CMS.debug("getTransportCert: transport key unit is null"); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + throw new PKIException("No transport key unit."); } org.mozilla.jss.crypto.X509Certificate transportCert = tu.getCertificate(); if (transportCert == null) { CMS.debug("getTransportCert: transport cert is null"); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + throw new PKIException("Transport cert not found."); } try { cert = createCertificateData(transportCert); } catch (CertificateEncodingException e) { CMS.debug("getTransportCert: certificate encoding exception with transport cert"); e.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + throw new PKIException("Unable to encode transport cert"); } return sendConditionalGetResponse(DEFAULT_LONG_CACHE_LIFETIME, cert); } diff --git a/base/common/src/com/netscape/cms/servlet/admin/UserCertService.java b/base/common/src/com/netscape/cms/servlet/admin/UserCertService.java index 16a584ff8..57051040a 100644 --- a/base/common/src/com/netscape/cms/servlet/admin/UserCertService.java +++ b/base/common/src/com/netscape/cms/servlet/admin/UserCertService.java @@ -39,8 +39,11 @@ import org.mozilla.jss.CryptoManager; import org.mozilla.jss.crypto.InternalCertificate; import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.ICertPrettyPrint; import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.base.ResourceNotFoundException; +import com.netscape.certsrv.base.UserNotFoundException; import com.netscape.certsrv.common.OpDef; import com.netscape.certsrv.common.ScopeDef; import com.netscape.certsrv.dbs.certdb.CertId; @@ -96,7 +99,7 @@ public class UserCertService extends PKIService implements UserCertResource { if (userID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IUser user = null; @@ -109,7 +112,7 @@ public class UserCertService extends PKIService implements UserCertResource { if (user == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST")); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST")); + throw new UserNotFoundException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST")); } UserCertCollection response = new UserCertCollection(); @@ -148,7 +151,7 @@ public class UserCertService extends PKIService implements UserCertResource { if (userID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IUser user = null; @@ -161,13 +164,13 @@ public class UserCertService extends PKIService implements UserCertResource { if (user == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST")); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST")); + throw new UserNotFoundException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST")); } X509Certificate[] certs = user.getX509Certificates(); if (certs == null) { - throw new PKIException("Certificate not found"); + throw new ResourceNotFoundException("No certificates found for " + userID); } try { @@ -192,7 +195,7 @@ public class UserCertService extends PKIService implements UserCertResource { return userCertData; } - throw new PKIException("Certificate not found"); + throw new ResourceNotFoundException("No certificates found for " + userID); } catch (PKIException e) { throw e; @@ -223,7 +226,7 @@ public class UserCertService extends PKIService implements UserCertResource { try { if (userID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IUser user = userGroupManager.createUser(userID); @@ -266,7 +269,7 @@ public class UserCertService extends PKIService implements UserCertResource { X509Certificate p7certs[] = pkcs7.getCertificates(); if (p7certs.length == 0) { - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_CERT_ERROR")); + throw new BadRequestException(getUserMessage("CMS_USRGRP_SRVLT_CERT_ERROR")); } // fix for 370099 - cert ordering can not be assumed @@ -292,7 +295,7 @@ public class UserCertService extends PKIService implements UserCertResource { } else { // not a chain, or in random order CMS.debug("UserCertResourceService: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_BAD_CHAIN")); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_CERT_ERROR")); + throw new BadRequestException(getUserMessage("CMS_USRGRP_SRVLT_CERT_ERROR")); } CMS.debug("UserCertResourceService: " @@ -335,12 +338,15 @@ public class UserCertService extends PKIService implements UserCertResource { } } - /* - } catch (CryptoManager.UserCertConflictException e) { - // got a "user cert" in the chain, most likely the CA - // cert of this instance, which has a private key. Ignore - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_PKS7_IGNORED", e.toString())); - */ + /* + } catch (CryptoManager.UserCertConflictException e) { + // got a "user cert" in the chain, most likely the CA + // cert of this instance, which has a private key. Ignore + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_PKS7_IGNORED", e.toString())); + */ + } catch (PKIException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_ERROR", e.toString())); + throw e; } catch (Exception e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_ERROR", e.toString())); throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_CERT_ERROR")); @@ -375,12 +381,12 @@ public class UserCertService extends PKIService implements UserCertResource { } catch (CertificateExpiredException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_ADD_CERT_EXPIRED", String.valueOf(cert.getSubjectDN()))); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_CERT_EXPIRED")); + throw new BadRequestException(getUserMessage("CMS_USRGRP_SRVLT_CERT_EXPIRED")); } catch (CertificateNotYetValidException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_NOT_YET_VALID", String.valueOf(cert.getSubjectDN()))); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID")); + throw new BadRequestException(getUserMessage("CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID")); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) { @@ -438,7 +444,7 @@ public class UserCertService extends PKIService implements UserCertResource { try { if (userID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IUser user = userGroupManager.createUser(userID); diff --git a/base/common/src/com/netscape/cms/servlet/admin/UserService.java b/base/common/src/com/netscape/cms/servlet/admin/UserService.java index f28a8151f..4813d10be 100644 --- a/base/common/src/com/netscape/cms/servlet/admin/UserService.java +++ b/base/common/src/com/netscape/cms/servlet/admin/UserService.java @@ -32,8 +32,12 @@ import org.apache.commons.lang.StringUtils; import org.jboss.resteasy.plugins.providers.atom.Link; import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.BadRequestDataException; +import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.ForbiddenException; import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.base.UserNotFoundException; import com.netscape.certsrv.common.OpDef; import com.netscape.certsrv.common.ScopeDef; import com.netscape.certsrv.logging.IAuditor; @@ -142,7 +146,7 @@ public class UserService extends PKIService implements UserResource { if (userID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestDataException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IUser user; @@ -156,7 +160,7 @@ public class UserService extends PKIService implements UserResource { if (user == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST")); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST")); + throw new UserNotFoundException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST")); } UserData userData = createUserData(user); @@ -207,19 +211,19 @@ public class UserService extends PKIService implements UserResource { try { if (userID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestDataException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } if (userID.indexOf(BACK_SLASH) != -1) { // backslashes (BS) are not allowed log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_RS_ID_BS")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_RS_ID_BS")); + throw new BadRequestDataException(getUserMessage("CMS_ADMIN_SRVLT_RS_ID_BS")); } if (userID.equals(SYSTEM_USER)) { // backslashes (BS) are not allowed log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_SPECIAL_ID", userID)); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_SPECIAL_ID", userID)); + throw new ForbiddenException(getUserMessage("CMS_ADMIN_SRVLT_SPECIAL_ID", userID)); } IUser user = userGroupManager.createUser(userID); @@ -229,7 +233,7 @@ public class UserService extends PKIService implements UserResource { String msg = getUserMessage("CMS_USRGRP_USER_ADD_FAILED_1", "full name"); log(ILogger.LL_FAILURE, msg); - throw new PKIException(msg); + throw new BadRequestDataException(msg); } else { user.setFullName(fname); @@ -292,7 +296,7 @@ public class UserService extends PKIService implements UserResource { log(ILogger.LL_FAILURE, e.toString()); if (user.getUserID() == null) { - throw new PKIException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED_1", "uid")); + throw new BadRequestDataException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED_1", "uid")); } else { throw new PKIException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED")); } @@ -337,7 +341,7 @@ public class UserService extends PKIService implements UserResource { try { if (userID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestDataException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IUser user = userGroupManager.createUser(userID); @@ -425,7 +429,7 @@ public class UserService extends PKIService implements UserResource { try { if (userID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } // get list of groups, and see if uid belongs to any |