diff options
Diffstat (limited to 'base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java')
-rw-r--r-- | base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java | 112 |
1 files changed, 112 insertions, 0 deletions
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java b/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java new file mode 100644 index 000000000..f6cb4c638 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java @@ -0,0 +1,112 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2012 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.csadmin; + +import java.net.InetAddress; +import java.util.Locale; +import java.util.Random; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.EPropertyNotFound; +import com.netscape.certsrv.base.ISecurityDomainSessionTable; +import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.base.UnauthorizedException; +import com.netscape.certsrv.logging.ILogger; +import com.netscape.certsrv.system.InstallToken; +import com.netscape.cms.servlet.processors.Processor; + +/** + * @author Endi S. Dewata + */ +public class SecurityDomainProcessor extends Processor { + + private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = + "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; + + Random random = new Random(); + + public SecurityDomainProcessor(Locale locale) throws EPropertyNotFound, EBaseException { + super("securitydomain", locale); + } + + public InstallToken getInstallToken( + String user, + String hostname, + String subsystem) throws EBaseException { + + String groupname = ConfigurationUtils.getGroupName(user, subsystem); + + if (groupname == null) { + String message = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + user, + ILogger.FAILURE, + "Enterprise " + subsystem + " Administrators"); + audit(message); + + throw new UnauthorizedException("Access denied."); + } + + String message = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + user, + ILogger.SUCCESS, + groupname); + audit(message); + + String ip = ""; + try { + ip = InetAddress.getByName(hostname).getHostAddress(); + } catch (Exception e) { + CMS.debug("Unable to determine IP address for "+hostname); + } + + // assign cookie + Long num = random.nextLong(); + String cookie = num.toString(); + + String auditParams = "operation;;issue_token+token;;" + cookie + "+ip;;" + ip + + "+uid;;" + user + "+groupname;;" + groupname; + + ISecurityDomainSessionTable ctable = CMS.getSecurityDomainSessionTable(); + int status = ctable.addEntry(cookie, ip, user, groupname); + + if (status == ISecurityDomainSessionTable.SUCCESS) { + message = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, + user, + ILogger.SUCCESS, + auditParams); + audit(message); + + } else { + message = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, + user, + ILogger.FAILURE, + auditParams); + audit(message); + + throw new PKIException("Failed to update security domain."); + } + + + return new InstallToken(cookie); + } +} |