diff options
Diffstat (limited to 'base/common/src/com/netscape/cms/servlet/profile')
14 files changed, 0 insertions, 4787 deletions
diff --git a/base/common/src/com/netscape/cms/servlet/profile/PolicyConstraintFactory.java b/base/common/src/com/netscape/cms/servlet/profile/PolicyConstraintFactory.java deleted file mode 100644 index 648e8bc57..000000000 --- a/base/common/src/com/netscape/cms/servlet/profile/PolicyConstraintFactory.java +++ /dev/null @@ -1,47 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2012 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.profile; - -import java.util.Enumeration; -import java.util.Locale; - -import com.netscape.certsrv.profile.IPolicyConstraint; -import com.netscape.certsrv.profile.PolicyConstraint; -import com.netscape.certsrv.profile.PolicyConstraintValue; -import com.netscape.certsrv.property.Descriptor; - -public class PolicyConstraintFactory { - - public static PolicyConstraint create(Locale locale, IPolicyConstraint cons, String classId) { - PolicyConstraint ret = new PolicyConstraint(); - ret.setName(cons.getName(locale)); - ret.setText(cons.getText(locale)); - ret.setClassId(classId); - - Enumeration<String> conNames = cons.getConfigNames(); - while (conNames.hasMoreElements()) { - String conName = conNames.nextElement(); - PolicyConstraintValue dataVal = - new PolicyConstraintValue(conName, (Descriptor) cons.getConfigDescriptor(locale, conName), - cons.getConfig(conName)); - ret.addConstraint(dataVal); - } - - return ret; - } -} diff --git a/base/common/src/com/netscape/cms/servlet/profile/PolicyDefaultFactory.java b/base/common/src/com/netscape/cms/servlet/profile/PolicyDefaultFactory.java deleted file mode 100644 index 0d6ab0495..000000000 --- a/base/common/src/com/netscape/cms/servlet/profile/PolicyDefaultFactory.java +++ /dev/null @@ -1,97 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2012 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.profile; - -import java.util.ArrayList; -import java.util.Enumeration; -import java.util.List; -import java.util.Locale; - -import com.netscape.certsrv.base.IArgBlock; -import com.netscape.certsrv.profile.IPolicyDefault; -import com.netscape.certsrv.profile.PolicyDefault; -import com.netscape.certsrv.profile.ProfileAttribute; -import com.netscape.certsrv.profile.ProfileParameter; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.request.IRequest; - -public class PolicyDefaultFactory { - - public static PolicyDefault create(IRequest request, Locale locale, IPolicyDefault def) throws EPropertyException { - PolicyDefault ret = new PolicyDefault(); - ret.setName(def.getName(locale)); - ret.setText(def.getText(locale)); - - Enumeration<String> defNames = def.getValueNames(); - while (defNames.hasMoreElements()) { - String defName = defNames.nextElement(); - ProfileAttribute attr = new ProfileAttribute( - defName, - def.getValue(defName, locale, request), - (Descriptor) def.getValueDescriptor(locale, defName)); - ret.addAttribute(attr); - } - return ret; - } - - public static PolicyDefault create(IArgBlock params, Locale locale, IPolicyDefault def) throws EPropertyException { - PolicyDefault ret = new PolicyDefault(); - ret.setName(def.getName(locale)); - ret.setText(def.getText(locale)); - - Enumeration<String> defNames = def.getValueNames(); - while (defNames.hasMoreElements()) { - String defName = defNames.nextElement(); - ProfileAttribute attr = new ProfileAttribute( - defName, - params.getValueAsString(defName, ""), - (Descriptor) def.getValueDescriptor(locale, defName)); - ret.addAttribute(attr); - } - return ret; - } - - public static PolicyDefault create(Locale locale, IPolicyDefault def, String classId) throws EPropertyException { - PolicyDefault ret = new PolicyDefault(); - ret.setName(def.getName(locale)); - ret.setText(def.getText(locale)); - ret.setClassId(classId); - - Enumeration<String> defNames = def.getValueNames(); - while (defNames.hasMoreElements()) { - String defName = defNames.nextElement(); - ProfileAttribute attr = new ProfileAttribute(); - attr.setName(defName); - attr.setDescriptor((Descriptor) def.getValueDescriptor(locale, defName)); - ret.addAttribute(attr); - } - - List<ProfileParameter> pList = new ArrayList<ProfileParameter>(); - Enumeration<String> paramNames = def.getConfigNames(); - while (paramNames.hasMoreElements()) { - String paramName = paramNames.nextElement(); - ProfileParameter p = new ProfileParameter(paramName, def.getConfig(paramName)); - pList.add(p); - } - ret.setParams(pList); - - return ret; - } - -} diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java deleted file mode 100644 index 7b5343000..000000000 --- a/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java +++ /dev/null @@ -1,532 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.profile; - -import java.util.Enumeration; -import java.util.Locale; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.IAuthToken; -import com.netscape.certsrv.authority.IAuthority; -import com.netscape.certsrv.authorization.AuthzToken; -import com.netscape.certsrv.authorization.EAuthzAccessDenied; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IPolicyConstraint; -import com.netscape.certsrv.profile.IPolicyDefault; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfilePolicy; -import com.netscape.certsrv.profile.IProfileSubsystem; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequestQueue; -import com.netscape.certsrv.template.ArgList; -import com.netscape.certsrv.template.ArgSet; -import com.netscape.cms.servlet.common.CMSRequest; - -/** - * Toggle the approval state of a profile - * - * @version $Revision$, $Date$ - */ -public class ProfileApproveServlet extends ProfileServlet { - - /** - * - */ - private static final long serialVersionUID = 3956879326742839550L; - private static final String PROP_AUTHORITY_ID = "authorityId"; - private String mAuthorityId = null; - - private final static String LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL = - "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4"; - private final static String OP_APPROVE = "approve"; - private final static String OP_DISAPPROVE = "disapprove"; - - public ProfileApproveServlet() { - super(); - } - - /** - * initialize the servlet. This servlet uses the template file - * "ImportCert.template" to process the response. - * - * @param sc servlet configuration, read from the web.xml file - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - mAuthorityId = sc.getInitParameter(PROP_AUTHORITY_ID); - } - - /** - * Process the HTTP request. - * <P> - * - * <ul> - * <li>http.param profileId the id of the profile to change - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL used when an agent approves/disapproves a cert - * profile set by the administrator for automatic approval - * </ul> - * - * @param cmsReq the object holding the request and response information - * @exception EBaseException an error has occurred - */ - public void process(CMSRequest cmsReq) throws EBaseException { - HttpServletRequest request = cmsReq.getHttpReq(); - HttpServletResponse response = cmsReq.getHttpResp(); - String auditMessage = null; - String auditSubjectID = auditSubjectID(); - String auditProfileID = auditProfileID(request); - String auditProfileOp = auditProfileOp(request); - - String userid = null; - IAuthToken authToken = null; - ArgSet args = new ArgSet(); - - Locale locale = getLocale(request); - - IProfile profile = null; - - String profileId = null; - - IProfileSubsystem ps = null; - - // ensure that any low-level exceptions are reported - // to the signed audit log and stored as failures - try { - try { - authToken = authenticate(cmsReq); - auditSubjectID = auditSubjectID(); - CMS.debug("uid=" + authToken.getInString("userid")); - userid = authToken.getInString("userid"); - } catch (Exception e) { - auditSubjectID = auditSubjectID(); - CMS.debug(e.toString()); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHENTICATION_ERROR")); - outputTemplate(request, response, args); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, - ILogger.FAILURE, - auditProfileID, - auditProfileOp); - - audit(auditMessage); - - return; - } - - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "approve"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); - } - - if (authzToken == null) { - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHORIZATION_ERROR")); - outputTemplate(request, response, args); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, - ILogger.FAILURE, - auditProfileID, - auditProfileOp); - - audit(auditMessage); - - return; - } - - CMS.debug("ProfileApproveServlet: start serving"); - // (1) Read request from the database - - // (2) Get profile id from the request - if (mProfileSubId == null || mProfileSubId.equals("")) { - mProfileSubId = IProfileSubsystem.ID; - } - CMS.debug("ProfileApproveServlet: SubId=" + mProfileSubId); - ps = (IProfileSubsystem) CMS.getSubsystem(mProfileSubId); - - if (ps == null) { - CMS.debug("ProfileApproveServlet: ProfileSubsystem not found"); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); - outputTemplate(request, response, args); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, - ILogger.FAILURE, - auditProfileID, - auditProfileOp); - - audit(auditMessage); - - return; - } - - // retrieve request - IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId); - - if (authority == null) { - CMS.debug("ProfileApproveServlet: Authority " + mAuthorityId + - " not found"); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); - outputTemplate(request, response, args); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, - ILogger.FAILURE, - auditProfileID, - auditProfileOp); - - audit(auditMessage); - - return; - } - IRequestQueue queue = authority.getRequestQueue(); - - if (queue == null) { - CMS.debug("ProfileApproveServlet: Request Queue of " + - mAuthorityId + " not found"); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); - outputTemplate(request, response, args); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, - ILogger.FAILURE, - auditProfileID, - auditProfileOp); - - audit(auditMessage); - - return; - } - - profileId = request.getParameter("profileId"); - - CMS.debug("ProfileApproveServlet: profileId=" + profileId); - - args.set(ARG_ERROR_CODE, "0"); - args.set(ARG_ERROR_REASON, ""); - - try { - if (ps.isProfileEnable(profileId)) { - if (ps.checkOwner()) { - if (ps.getProfileEnableBy(profileId).equals(userid)) { - ps.disableProfile(profileId); - } else { - // only enableBy can disable profile - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_OWNER")); - outputTemplate(request, response, args); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, - ILogger.FAILURE, - auditProfileID, - auditProfileOp); - - audit(auditMessage); - - return; - } - } else { - ps.disableProfile(profileId); - } - } else { - ps.enableProfile(profileId, userid); - } - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, - ILogger.SUCCESS, - auditProfileID, - auditProfileOp); - - audit(auditMessage); - } catch (EProfileException e) { - // profile not enabled - CMS.debug("ProfileApproveServlet: profile not error " + - e.toString()); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); - outputTemplate(request, response, args); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, - ILogger.FAILURE, - auditProfileID, - auditProfileOp); - - audit(auditMessage); - - return; - } - } catch (EBaseException eAudit1) { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, - ILogger.FAILURE, - auditProfileID, - auditProfileOp); - - audit(auditMessage); - - // rethrow the specific exception to be handled later - throw eAudit1; - // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - // auditSubjectID, - // ILogger.FAILURE, - // auditProfileID, - // auditProfileOp ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit2; - } - - try { - profile = ps.getProfile(profileId); - } catch (EProfileException e) { - // profile not found - CMS.debug("ProfileApproveServlet: profile not found " + - e.toString()); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, e.toString()); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", profileId)); - outputTemplate(request, response, args); - return; - } - if (profile == null) { - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", profileId)); - outputTemplate(request, response, args); - return; - } - - Enumeration<String> policySetIds = profile.getProfilePolicySetIds(); - - ArgList setlist = new ArgList(); - - while (policySetIds.hasMoreElements()) { - String setId = policySetIds.nextElement(); - - Enumeration<String> policyIds = profile.getProfilePolicyIds(setId); - ArgList list = new ArgList(); - - while (policyIds.hasMoreElements()) { - String id = policyIds.nextElement(); - IProfilePolicy policy = profile.getProfilePolicy(setId, id); - - // (3) query all the profile policies - // (4) default plugins convert request parameters - // into string http parameters - handlePolicy(list, response, locale, - id, policy); - } - ArgSet setArg = new ArgSet(); - - setArg.set(ARG_POLICY_SET_ID, setId); - setArg.set(ARG_POLICY, list); - setlist.add(setArg); - } - args.set(ARG_POLICY_SET_LIST, setlist); - - args.set(ARG_PROFILE_ID, profileId); - args.set(ARG_PROFILE_IS_ENABLED, - Boolean.toString(ps.isProfileEnable(profileId))); - args.set(ARG_PROFILE_ENABLED_BY, ps.getProfileEnableBy(profileId)); - args.set(ARG_PROFILE_NAME, profile.getName(locale)); - args.set(ARG_PROFILE_DESC, profile.getDescription(locale)); - - // (5) return info as template - outputTemplate(request, response, args); - } - - private void handlePolicy(ArgList list, ServletResponse response, - Locale locale, String id, IProfilePolicy policy) { - ArgSet set = new ArgSet(); - - set.set(ARG_POLICY_ID, id); - - // handle default policy - IPolicyDefault def = policy.getDefault(); - String dDesc = def.getText(locale); - - set.set(ARG_DEF_DESC, dDesc); - - ArgList deflist = new ArgList(); - Enumeration<String> defNames = def.getValueNames(); - - if (defNames != null) { - while (defNames.hasMoreElements()) { - ArgSet defset = new ArgSet(); - String defName = defNames.nextElement(); - IDescriptor defDesc = def.getValueDescriptor(locale, defName); - if (defDesc == null) { - CMS.debug("defName=" + defName); - } else { - String defSyntax = defDesc.getSyntax(); - String defConstraint = defDesc.getConstraint(); - String defValueName = defDesc.getDescription(locale); - String defValue = null; - - defset.set(ARG_DEF_ID, defName); - defset.set(ARG_DEF_SYNTAX, defSyntax); - defset.set(ARG_DEF_CONSTRAINT, defConstraint); - defset.set(ARG_DEF_NAME, defValueName); - defset.set(ARG_DEF_VAL, defValue); - deflist.add(defset); - } - } - } - set.set(ARG_DEF_LIST, deflist); - - // handle constraint policy - IPolicyConstraint con = policy.getConstraint(); - String conDesc = con.getText(locale); - - set.set(ARG_CON_DESC, conDesc); - - list.add(set); - } - - /** - * Signed Audit Log Profile ID - * - * This method is called to obtain the "ProfileID" for - * a signed audit log message. - * <P> - * - * @param req HTTP request - * @return id string containing the signed audit log message ProfileID - */ - private String auditProfileID(HttpServletRequest req) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } - - String profileID = null; - - // Obtain the profileID - profileID = req.getParameter("profileId"); - - if (profileID != null) { - profileID = profileID.trim(); - } else { - profileID = ILogger.UNIDENTIFIED; - } - - return profileID; - } - - /** - * Signed Audit Log Profile Operation - * - * This method is called to obtain the "Profile Operation" for - * a signed audit log message. - * <P> - * - * @param req HTTP request - * @return operation string containing either OP_APPROVE, OP_DISAPPROVE, - * or SIGNED_AUDIT_EMPTY_VALUE - */ - private String auditProfileOp(HttpServletRequest req) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } - - if (mProfileSubId == null || - mProfileSubId.equals("")) { - mProfileSubId = IProfileSubsystem.ID; - } - - IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); - - if (ps == null) { - return ILogger.SIGNED_AUDIT_EMPTY_VALUE; - } - - String profileID = auditProfileID(req); - - if (profileID == ILogger.UNIDENTIFIED) { - return ILogger.SIGNED_AUDIT_EMPTY_VALUE; - } - - if (ps.isProfileEnable(profileID)) { - return OP_DISAPPROVE; - } else { - return OP_APPROVE; - } - } -} diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileInputFactory.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileInputFactory.java deleted file mode 100644 index f89d8224e..000000000 --- a/base/common/src/com/netscape/cms/servlet/profile/ProfileInputFactory.java +++ /dev/null @@ -1,44 +0,0 @@ -package com.netscape.cms.servlet.profile; - -import java.util.Enumeration; -import java.util.Locale; - -import com.netscape.certsrv.base.IArgBlock; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfileInput; -import com.netscape.certsrv.profile.ProfileAttribute; -import com.netscape.certsrv.profile.ProfileInput; -import com.netscape.certsrv.request.IRequest; - -public class ProfileInputFactory { - - public static ProfileInput create(IProfileInput input, IRequest request, Locale locale) throws EProfileException { - ProfileInput ret = new ProfileInput(); - ret.setName(input.getName(locale)); - ret.setClassId(input.getClass().getSimpleName()); - Enumeration<String> names = input.getValueNames(); - while (names.hasMoreElements()) { - String name = names.nextElement(); - String value = input.getValue(name, locale, request); - if (value != null) { - ret.addAttribute(new ProfileAttribute(name, value, null)); - } - } - return ret; - } - - public static ProfileInput create(IProfileInput input, IArgBlock params, Locale locale) throws EProfileException { - ProfileInput ret = new ProfileInput(); - ret.setName(input.getName(locale)); - ret.setClassId(input.getClass().getSimpleName()); - Enumeration<String> names = input.getValueNames(); - while (names.hasMoreElements()) { - String name = names.nextElement(); - String value = params.getValueAsString(name, null); - if (value != null) { - ret.addAttribute(new ProfileAttribute(name, value, null)); - } - } - return ret; - } -} diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java deleted file mode 100644 index 6acc1634c..000000000 --- a/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java +++ /dev/null @@ -1,171 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.profile; - -import java.util.Enumeration; -import java.util.Locale; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.IAuthToken; -import com.netscape.certsrv.authorization.AuthzToken; -import com.netscape.certsrv.authorization.EAuthzAccessDenied; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfileSubsystem; -import com.netscape.certsrv.template.ArgList; -import com.netscape.certsrv.template.ArgSet; -import com.netscape.cms.servlet.common.CMSRequest; - -/** - * List all enabled profiles. - * - * @version $Revision$, $Date$ - */ -public class ProfileListServlet extends ProfileServlet { - - /** - * - */ - private static final long serialVersionUID = -5118812083812548395L; - - public ProfileListServlet() { - super(); - } - - /** - * initialize the servlet. This servlet uses the template file - * "ImportCert.template" to process the response. - * - * @param sc servlet configuration, read from the web.xml file - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - } - - /** - * Process the HTTP request. - * - * @param cmsReq the object holding the request and response information - */ - public void process(CMSRequest cmsReq) throws EBaseException { - HttpServletRequest request = cmsReq.getHttpReq(); - HttpServletResponse response = cmsReq.getHttpResp(); - - CMS.debug("ProfileListServlet: start serving"); - - Locale locale = getLocale(request); - - ArgSet args = new ArgSet(); - IAuthToken authToken = authenticate(cmsReq); - - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "list"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - - if (authzToken == null) { - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHORIZATION_ERROR")); - outputTemplate(request, response, args); - return; - } - - // (1) Read request from the database - - // (2) Get profile id from the request - if (mProfileSubId == null || mProfileSubId.equals("")) { - mProfileSubId = IProfileSubsystem.ID; - } - CMS.debug("ProfileListServlet: SubId=" + mProfileSubId); - IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); - - if (ps == null) { - CMS.debug("ProfileListServlet: ProfileSubsystem " + - mProfileSubId + " not found"); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); - outputTemplate(request, response, args); - return; - } - - ArgList list = new ArgList(); - Enumeration<String> e = ps.getProfileIds(); - - if (e != null) { - while (e.hasMoreElements()) { - String id = e.nextElement(); - IProfile profile = null; - - try { - profile = ps.getProfile(id); - } catch (EBaseException e1) { - // skip bad profile - CMS.debug("ProfileListServlet: profile " + id + - " not found (skipped) " + e1.toString()); - continue; - } - if (profile == null) { - CMS.debug("ProfileListServlet: profile " + id + - " not found (skipped)"); - continue; - } - - String name = profile.getName(locale); - String desc = profile.getDescription(locale); - - ArgSet profileArgs = new ArgSet(); - - profileArgs.set(ARG_PROFILE_IS_ENABLED, - Boolean.toString(ps.isProfileEnable(id))); - profileArgs.set(ARG_PROFILE_ENABLED_BY, - ps.getProfileEnableBy(id)); - profileArgs.set(ARG_PROFILE_ID, id); - profileArgs.set(ARG_PROFILE_IS_VISIBLE, - Boolean.toString(profile.isVisible())); - profileArgs.set(ARG_PROFILE_NAME, name); - profileArgs.set(ARG_PROFILE_DESC, desc); - list.add(profileArgs); - - } - } - args.set(ARG_RECORD, list); - args.set(ARG_ERROR_CODE, "0"); - args.set(ARG_ERROR_REASON, ""); - - // (5) return info as template - outputTemplate(request, response, args); - } - -} diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileOutputFactory.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileOutputFactory.java deleted file mode 100644 index 278acf488..000000000 --- a/base/common/src/com/netscape/cms/servlet/profile/ProfileOutputFactory.java +++ /dev/null @@ -1,49 +0,0 @@ -//--- BEGIN COPYRIGHT BLOCK --- -//This program is free software; you can redistribute it and/or modify -//it under the terms of the GNU General Public License as published by -//the Free Software Foundation; version 2 of the License. -// -//This program is distributed in the hope that it will be useful, -//but WITHOUT ANY WARRANTY; without even the implied warranty of -//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -//GNU General Public License for more details. -// -//You should have received a copy of the GNU General Public License along -//with this program; if not, write to the Free Software Foundation, Inc., -//51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -//(C) 2012 Red Hat, Inc. -//All rights reserved. -//--- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.profile; - -import java.util.Enumeration; -import java.util.Locale; - -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfileOutput; -import com.netscape.certsrv.profile.ProfileAttribute; -import com.netscape.certsrv.profile.ProfileOutput; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.request.IRequest; - -public class ProfileOutputFactory { - - public static ProfileOutput create(IProfileOutput output, IRequest request, Locale locale) throws EProfileException { - ProfileOutput ret = new ProfileOutput(); - ret.setName(output.getName(locale)); - ret.setText(output.getText(locale)); - - Enumeration<String> attrNames = output.getValueNames(); - while (attrNames.hasMoreElements()) { - String attrName = attrNames.nextElement(); - ProfileAttribute attr = new ProfileAttribute( - attrName, - output.getValue(attrName, locale, request), - (Descriptor) output.getValueDescriptor(locale, attrName)); - ret.addAttribute(attr); - } - return ret; - } - -} diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java deleted file mode 100644 index 82b168e6f..000000000 --- a/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java +++ /dev/null @@ -1,181 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.profile; - -import java.util.Locale; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.EAuthException; -import com.netscape.certsrv.authorization.EAuthzException; -import com.netscape.certsrv.base.BadRequestDataException; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.ForbiddenException; -import com.netscape.certsrv.cert.CertReviewResponse; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.certsrv.profile.EDeferException; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.ERejectException; -import com.netscape.certsrv.profile.ProfileAttribute; -import com.netscape.certsrv.profile.ProfileOutput; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.certsrv.template.ArgList; -import com.netscape.certsrv.template.ArgSet; -import com.netscape.certsrv.template.ArgString; -import com.netscape.cms.servlet.cert.RequestProcessor; -import com.netscape.cms.servlet.common.CMSRequest; - -/** - * This servlet approves profile-based request. - * - * @version $Revision$, $Date$ - */ -public class ProfileProcessServlet extends ProfileServlet { - - private static final long serialVersionUID = 5244627530516577838L; - - public ProfileProcessServlet() { - } - - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - } - - public void process(CMSRequest cmsReq) throws EBaseException { - HttpServletRequest request = cmsReq.getHttpReq(); - HttpServletResponse response = cmsReq.getHttpResp(); - - Locale locale = getLocale(request); - ArgSet args = new ArgSet(); - args.set(ARG_ERROR_CODE, "0"); - args.set(ARG_ERROR_REASON, ""); - - RequestProcessor processor = new RequestProcessor("caProfileProcess", locale); - - String op = request.getParameter("op"); - if (op == null) { - CMS.debug("ProfileProcessServlet: No op found"); - setError(args, CMS.getUserMessage(locale, "CMS_OP_NOT_FOUND"), request, response); - return; - } - - String requestId = request.getParameter("requestId"); - if (requestId == null || requestId.equals("")) { - CMS.debug("ProfileProcessServlet: Request Id not found"); - setError(args, CMS.getUserMessage(locale, "CMS_REQUEST_ID_NOT_FOUND"), request, response); - return; - } - - IRequest req = processor.getRequest(requestId); - if (req == null) { - setError(args, CMS.getUserMessage(locale, "CMS_REQUEST_NOT_FOUND", requestId), request, response); - return; - } - - String profileId = req.getExtDataInString("profileId"); - if (profileId == null || profileId.equals("")) { - CMS.debug("ProfileProcessServlet: Profile Id not found"); - setError(args, CMS.getUserMessage(locale, "CMS_PROFILE_ID_NOT_FOUND"), request, response); - return; - } - CMS.debug("ProfileProcessServlet: profileId=" + profileId); - - // set request in cmsReq for later retrieval - cmsReq.setIRequest(req); - - CertReviewResponse data = null; - try { - data = processor.processRequest(cmsReq, req, op); - - } catch (ForbiddenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - setError(args, e.getMessage(), request, response); - return; - } catch (EAuthException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - setError(args, e.getMessage(), request, response); - return; - } catch (EAuthzException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - setError(args, e.getMessage(), request, response); - return; - } catch (BadRequestDataException e) { - setError(args, e.getMessage(), request, response); - return; - } catch (ERejectException e) { - CMS.debug("ProfileProcessServlet: execution rejected " + e.toString()); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_REJECTED", e.toString())); - } catch (EDeferException e) { - CMS.debug("ProfileProcessServlet: execution defered " + e.toString()); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_DEFERRED", e.toString())); - } catch (EPropertyException e) { - CMS.debug("ProfileProcessServlet: execution error " + e.toString()); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_PROPERTY_ERROR", e.toString())); - } catch (EProfileException e) { - CMS.debug("ProfileProcessServlet: execution error " + e.toString()); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); - } catch (EBaseException e) { - setError(args, e.getMessage(), request, response); - return; - } - - args.set(ARG_OP, op); - args.set(ARG_REQUEST_ID, req.getRequestId().toString()); - args.set(ARG_REQUEST_STATUS, req.getRequestStatus().toString()); - args.set(ARG_REQUEST_TYPE, req.getRequestType()); - args.set(ARG_PROFILE_ID, profileId); - - String errorCode = ((ArgString) args.get(ARG_ERROR_CODE)).getValue(); - - if (op.equals("approve") && errorCode.equals("0") && (data != null)) { - ArgList outputlist = new ArgList(); - for (ProfileOutput output: data.getOutputs()) { - for (ProfileAttribute attr: output.getAttrs()){ - ArgSet outputset = new ArgSet(); - IDescriptor desc = attr.getDescriptor(); - outputset.set(ARG_OUTPUT_ID, attr.getName()); - outputset.set(ARG_OUTPUT_SYNTAX, desc.getSyntax()); - outputset.set(ARG_OUTPUT_CONSTRAINT, desc.getConstraint()); - outputset.set(ARG_OUTPUT_NAME, desc.getDescription(locale)); - outputset.set(ARG_OUTPUT_VAL, attr.getValue()); - outputlist.add(outputset); - } - } - args.set(ARG_OUTPUT_LIST, outputlist); - } - - outputTemplate(request, response, args); - } - - private void setError(ArgSet args, String reason, HttpServletRequest request, HttpServletResponse response) - throws EBaseException { - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, reason); - outputTemplate(request, response, args); - } -} diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java deleted file mode 100644 index 2b3ef83bb..000000000 --- a/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java +++ /dev/null @@ -1,450 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.profile; - -import java.util.Enumeration; -import java.util.Locale; -import java.util.Map; -import java.util.Random; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.IAuthToken; -import com.netscape.certsrv.authorization.AuthzToken; -import com.netscape.certsrv.authorization.EAuthzAccessDenied; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.ca.ICertificateAuthority; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IPolicyConstraint; -import com.netscape.certsrv.profile.IPolicyDefault; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfileInput; -import com.netscape.certsrv.profile.IProfileOutput; -import com.netscape.certsrv.profile.IProfilePolicy; -import com.netscape.certsrv.profile.IProfileSubsystem; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.certsrv.request.IRequestQueue; -import com.netscape.certsrv.request.RequestId; -import com.netscape.certsrv.template.ArgList; -import com.netscape.certsrv.template.ArgSet; -import com.netscape.cms.servlet.common.CMSRequest; - -/** - * This servlet allows reviewing of profile-based request. - * - * @version $Revision$, $Date$ - */ -public class ProfileReviewServlet extends ProfileServlet { - - /** - * - */ - private static final long serialVersionUID = -6559751428547928511L; - - private static final String PROP_AUTHORITY_ID = "authorityId"; - - private String mAuthorityId = null; - ICertificateAuthority authority = null; - private Random mRandom = null; - - public ProfileReviewServlet() { - } - - /** - * initialize the servlet. This servlet uses the template file - * "ImportCert.template" to process the response. - * - * @param sc servlet configuration, read from the web.xml file - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - mAuthorityId = sc.getInitParameter(PROP_AUTHORITY_ID); - - if (mAuthorityId != null) - authority = (ICertificateAuthority) CMS.getSubsystem(mAuthorityId); - - if (authority != null && authority.noncesEnabled()) { - mRandom = new Random(); - } - } - - /** - * Process the HTTP request. - * <ul> - * <li>http.param requestId the ID of the profile to review - * </ul> - * - * @param cmsReq the object holding the request and response information - */ - public void process(CMSRequest cmsReq) throws EBaseException { - HttpServletRequest request = cmsReq.getHttpReq(); - HttpServletResponse response = cmsReq.getHttpResp(); - - CMS.debug("ProfileReviewServlet: start serving"); - - Locale locale = getLocale(request); - ArgSet args = new ArgSet(); - IAuthToken authToken = null; - - if (mAuthMgr != null) { - try { - authToken = authenticate(request); - } catch (EBaseException e) { - CMS.debug("ReviewReqServlet: " + e.toString()); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHENTICATION_ERROR")); - outputTemplate(request, response, args); - return; - } - } - - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - - if (authzToken == null) { - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHORIZATION_ERROR")); - outputTemplate(request, response, args); - return; - } - - // (1) Read request from the database - - // (2) Get profile id from the request - if (mProfileSubId == null || mProfileSubId.equals("")) { - mProfileSubId = IProfileSubsystem.ID; - } - CMS.debug("ProfileReviewServlet: SubId=" + mProfileSubId); - IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); - - if (ps == null) { - CMS.debug("ProfileReviewServlet: ProfileSubsystem not found"); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); - outputTemplate(request, response, args); - return; - } - - // retrieve request - - if (authority == null) { - CMS.debug("ProfileReviewServlet: Authority " + mAuthorityId + - " not found"); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); - outputTemplate(request, response, args); - return; - } - IRequestQueue queue = authority.getRequestQueue(); - - if (queue == null) { - CMS.debug("ProfileReviewServlet: Request Queue of " + - mAuthorityId + " not found"); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); - outputTemplate(request, response, args); - return; - } - - String requestId = request.getParameter("requestId"); - IRequest req = null; - - CMS.debug("ProfileReviewServlet: requestId=" + requestId); - try { - req = queue.findRequest(new RequestId(requestId)); - } catch (EBaseException e) { - // request not found - CMS.debug("ProfileReviewServlet: request not found requestId=" + - requestId + " " + e.toString()); - } - if (req == null) { - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_REQUEST_NOT_FOUND", requestId)); - outputTemplate(request, response, args); - return; - } - - String profileId = req.getExtDataInString("profileId"); - - CMS.debug("ProfileReviewServlet: requestId=" + - requestId + " profileId=" + profileId); - IProfile profile = null; - - try { - profile = ps.getProfile(profileId); - } catch (EProfileException e) { - // profile not found - CMS.debug("ProfileReviewServlet: profile not found requestId=" + - requestId + " profileId=" + profileId + " " + e.toString()); - } - if (profile == null) { - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", profileId)); - outputTemplate(request, response, args); - return; - } - - String profileSetId = req.getExtDataInString("profileSetId"); - - CMS.debug("ProfileReviewServlet: profileSetId=" + profileSetId); - Enumeration<String> policyIds = (profileSetId != null && profileSetId.length() > 0) ? - profile.getProfilePolicyIds(profileSetId) : null; - ArgList list = new ArgList(); - - if (policyIds != null) { - while (policyIds.hasMoreElements()) { - String id = policyIds.nextElement(); - IProfilePolicy policy = - profile.getProfilePolicy(req.getExtDataInString("profileSetId"), - id); - - // (3) query all the profile policies - // (4) default plugins convert request parameters into string - // http parameters - handlePolicy(list, response, locale, - id, policy, req); - } - } - - if (authority != null && authority.noncesEnabled()) { - long n = mRandom.nextLong(); - Map<Object, Long> nonces = authority.getNonces(request, "cert-request"); - nonces.put(req.getRequestId().toBigInteger(), n); - args.set(ARG_REQUEST_NONCE, Long.toString(n)); - } - - args.set(ARG_REQUEST_ID, req.getRequestId().toString()); - args.set(ARG_REQUEST_TYPE, req.getRequestType()); - args.set(ARG_REQUEST_STATUS, req.getRequestStatus().toString()); - if (req.getRequestOwner() == null) { - args.set(ARG_REQUEST_OWNER, ""); - } else { - args.set(ARG_REQUEST_OWNER, req.getRequestOwner()); - } - args.set(ARG_REQUEST_CREATION_TIME, req.getCreationTime().toString()); - args.set(ARG_REQUEST_MODIFICATION_TIME, - req.getModificationTime().toString()); - - args.set(ARG_PROFILE_ID, profileId); - args.set(ARG_PROFILE_APPROVED_BY, - req.getExtDataInString("profileApprovedBy")); - args.set(ARG_PROFILE_SET_ID, req.getExtDataInString("profileSetId")); - if (profile.isVisible()) { - args.set(ARG_PROFILE_IS_VISIBLE, "true"); - } else { - args.set(ARG_PROFILE_IS_VISIBLE, "false"); - } - args.set(ARG_PROFILE_NAME, profile.getName(locale)); - args.set(ARG_PROFILE_DESC, profile.getDescription(locale)); - args.set(ARG_PROFILE_REMOTE_HOST, - req.getExtDataInString("profileRemoteHost")); - args.set(ARG_PROFILE_REMOTE_ADDR, - req.getExtDataInString("profileRemoteAddr")); - if (req.getExtDataInString("requestNotes") == null) { - args.set(ARG_REQUEST_NOTES, ""); - } else { - args.set(ARG_REQUEST_NOTES, - req.getExtDataInString("requestNotes")); - } - - args.set(ARG_RECORD, list); - args.set(ARG_ERROR_CODE, "0"); - args.set(ARG_ERROR_REASON, ""); - - ArgList inputlist = new ArgList(); - - // populate authentication parameters - - // populate input parameters - Enumeration<String> inputIds = profile.getProfileInputIds(); - - if (inputIds != null) { - while (inputIds.hasMoreElements()) { - String inputId = inputIds.nextElement(); - IProfileInput profileInput = profile.getProfileInput(inputId); - - Enumeration<String> inputNames = profileInput.getValueNames(); - - if (inputNames != null) { - while (inputNames.hasMoreElements()) { - ArgSet inputset = new ArgSet(); - String inputName = inputNames.nextElement(); - - IDescriptor inputDesc = profileInput.getValueDescriptor(locale, inputName); - - if (inputDesc == null) - continue; - String inputSyntax = inputDesc.getSyntax(); - String inputConstraint = inputDesc.getConstraint(); - String inputValueName = inputDesc.getDescription(locale); - String inputValue = null; - - try { - inputValue = profileInput.getValue(inputName, locale, req); - } catch (EBaseException e) { - CMS.debug("ProfileReviewServlet: " + e.toString()); - } - - inputset.set(ARG_INPUT_ID, inputName); - inputset.set(ARG_INPUT_SYNTAX, inputSyntax); - inputset.set(ARG_INPUT_CONSTRAINT, inputConstraint); - inputset.set(ARG_INPUT_NAME, inputValueName); - inputset.set(ARG_INPUT_VAL, inputValue); - inputlist.add(inputset); - } - } - } - } - args.set(ARG_INPUT_LIST, inputlist); - - // if request in complete state - - ArgList outputlist = new ArgList(); - Enumeration<String> outputIds = profile.getProfileOutputIds(); - - if (outputIds != null) { - while (outputIds.hasMoreElements()) { - String outputId = outputIds.nextElement(); - IProfileOutput profileOutput = profile.getProfileOutput(outputId - ); - - Enumeration<String> outputNames = profileOutput.getValueNames(); - - if (outputNames != null) { - while (outputNames.hasMoreElements()) { - ArgSet outputset = new ArgSet(); - String outputName = outputNames.nextElement - (); - IDescriptor outputDesc = - profileOutput.getValueDescriptor(locale, outputName); - - if (outputDesc == null) - continue; - String outputSyntax = outputDesc.getSyntax(); - String outputConstraint = outputDesc.getConstraint(); - String outputValueName = outputDesc.getDescription(locale); - String outputValue = null; - - try { - outputValue = profileOutput.getValue(outputName, - locale, req); - } catch (EProfileException e) { - CMS.debug("ProfileSubmitServlet: " + e.toString( - )); - } - - outputset.set(ARG_OUTPUT_ID, outputName); - outputset.set(ARG_OUTPUT_SYNTAX, outputSyntax); - outputset.set(ARG_OUTPUT_CONSTRAINT, outputConstraint); - outputset.set(ARG_OUTPUT_NAME, outputValueName); - outputset.set(ARG_OUTPUT_VAL, outputValue); - outputlist.add(outputset); - } - } - } - } - args.set(ARG_OUTPUT_LIST, outputlist); - - // (5) return info as template - outputTemplate(request, response, args); - } - - private void handlePolicy(ArgList list, ServletResponse response, - Locale locale, String id, IProfilePolicy policy, - IRequest req) { - ArgSet set = new ArgSet(); - - set.set(ARG_POLICY_ID, id); - - // handle default policy - IPolicyDefault def = policy.getDefault(); - String dDesc = def.getText(locale); - - set.set(ARG_DEF_DESC, dDesc); - ArgList deflist = new ArgList(); - Enumeration<String> defNames = def.getValueNames(); - - if (defNames != null) { - while (defNames.hasMoreElements()) { - ArgSet defset = new ArgSet(); - String defName = defNames.nextElement(); - IDescriptor defDesc = def.getValueDescriptor(locale, defName); - - if (defDesc == null) - continue; - String defSyntax = defDesc.getSyntax(); - String defConstraint = defDesc.getConstraint(); - String defValueName = defDesc.getDescription(locale); - String defValue = null; - - try { - defValue = def.getValue(defName, locale, req); - } catch (EPropertyException ee) { - CMS.debug("ProfileReviewServlet: " + ee.toString()); - } - - defset.set(ARG_DEF_ID, defName); - defset.set(ARG_DEF_SYNTAX, defSyntax); - defset.set(ARG_DEF_CONSTRAINT, defConstraint); - defset.set(ARG_DEF_NAME, defValueName); - defset.set(ARG_DEF_VAL, defValue); - deflist.add(defset); - } - } - set.set(ARG_DEF_LIST, deflist); - - // handle constraint policy - IPolicyConstraint con = policy.getConstraint(); - - if (con != null) { - String conDesc = con.getText(locale); - - set.set(ARG_CON_DESC, conDesc); - } - - list.add(set); - } -} diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java deleted file mode 100644 index 10013c88c..000000000 --- a/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java +++ /dev/null @@ -1,410 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.profile; - -import java.util.Enumeration; -import java.util.Locale; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.IAuthToken; -import com.netscape.certsrv.authority.IAuthority; -import com.netscape.certsrv.authorization.AuthzToken; -import com.netscape.certsrv.authorization.EAuthzAccessDenied; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IPolicyConstraint; -import com.netscape.certsrv.profile.IPolicyDefault; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfileAuthenticator; -import com.netscape.certsrv.profile.IProfileInput; -import com.netscape.certsrv.profile.IProfilePolicy; -import com.netscape.certsrv.profile.IProfileSubsystem; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequestQueue; -import com.netscape.certsrv.template.ArgList; -import com.netscape.certsrv.template.ArgSet; -import com.netscape.cms.servlet.common.CMSRequest; - -/** - * Retrieve detailed information of a particular profile. - * - * @version $Revision$, $Date$ - */ -public class ProfileSelectServlet extends ProfileServlet { - - /** - * - */ - private static final long serialVersionUID = -3765390650830903602L; - private static final String PROP_AUTHORITY_ID = "authorityId"; - private String mAuthorityId = null; - - public ProfileSelectServlet() { - } - - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - mAuthorityId = sc.getInitParameter(PROP_AUTHORITY_ID); - } - - /** - * Process the HTTP request. - * <ul> - * <li>http.param profileId the id of the profile to select - * </ul> - * - * @param cmsReq the object holding the request and response information - */ - public void process(CMSRequest cmsReq) throws EBaseException { - HttpServletRequest request = cmsReq.getHttpReq(); - HttpServletResponse response = cmsReq.getHttpResp(); - - CMS.debug("ProfileSelectServlet: start serving"); - - Locale locale = getLocale(request); - - IAuthToken authToken = null; - ArgSet args = new ArgSet(); - - if (mAuthMgr != null) { - try { - authToken = authenticate(request); - } catch (EBaseException e) { - CMS.debug("ProcessReqServlet: " + e.toString()); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHENTICATION_ERROR")); - outputTemplate(request, response, args); - return; - } - } - - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - - if (authzToken == null) { - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHORIZATION_ERROR")); - outputTemplate(request, response, args); - return; - } - - // (1) Read request from the database - - // (2) Get profile id from the request - if (mProfileSubId == null || mProfileSubId.equals("")) { - mProfileSubId = IProfileSubsystem.ID; - } - CMS.debug("ProfileSelectServlet: SubId=" + mProfileSubId); - IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); - - if (ps == null) { - CMS.debug("ProfileSelectServlet: ProfileSubsystem not found"); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); - outputTemplate(request, response, args); - return; - } - - // retrieve request - IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId); - - if (authority == null) { - CMS.debug("ProfileSelectServlet: Authority " + mAuthorityId + - " not found"); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); - outputTemplate(request, response, args); - return; - } - IRequestQueue queue = authority.getRequestQueue(); - - if (queue == null) { - CMS.debug("ProfileSelectServlet: Request Queue of " + - mAuthorityId + " not found"); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); - outputTemplate(request, response, args); - return; - } - - IProfile profile = null; - - String profileId = request.getParameter("profileId"); - - CMS.debug("ProfileSelectServlet: profileId=" + profileId); - - try { - profile = ps.getProfile(profileId); - } catch (EProfileException e) { - // profile not found - CMS.debug("ProfileSelectServlet: profile not found profileId=" + - profileId + " " + e.toString()); - } - if (profile == null) { - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", profileId)); - outputTemplate(request, response, args); - return; - } - - ArgList setlist = new ArgList(); - Enumeration<String> policySetIds = profile.getProfilePolicySetIds(); - - if (policySetIds != null) { - while (policySetIds.hasMoreElements()) { - String setId = policySetIds.nextElement(); - - ArgList list = new ArgList(); - Enumeration<String> policyIds = profile.getProfilePolicyIds(setId); - - if (policyIds != null) { - while (policyIds.hasMoreElements()) { - String id = policyIds.nextElement(); - IProfilePolicy policy = profile.getProfilePolicy(setId, id); - - // (3) query all the profile policies - // (4) default plugins convert request parameters into string - // http parameters - handlePolicy(list, response, locale, - id, policy); - } - } - ArgSet setArg = new ArgSet(); - - setArg.set(ARG_POLICY_SET_ID, setId); - setArg.set(ARG_POLICY, list); - setlist.add(setArg); - } - } - args.set(ARG_POLICY_SET_LIST, setlist); - - args.set(ARG_PROFILE_ID, profileId); - args.set(ARG_PROFILE_IS_ENABLED, - Boolean.toString(ps.isProfileEnable(profileId))); - args.set(ARG_PROFILE_ENABLED_BY, ps.getProfileEnableBy(profileId)); - args.set(ARG_PROFILE_NAME, profile.getName(locale)); - args.set(ARG_PROFILE_DESC, profile.getDescription(locale)); - args.set(ARG_PROFILE_IS_VISIBLE, - Boolean.toString(profile.isVisible())); - args.set(ARG_ERROR_CODE, "0"); - args.set(ARG_ERROR_REASON, ""); - - try { - boolean keyArchivalEnabled = CMS.getConfigStore().getBoolean("ca.connector.KRA.enable", false); - if (keyArchivalEnabled == true) { - CMS.debug("ProfileSelectServlet: keyArchivalEnabled is true"); - - // output transport certificate if present - args.set("transportCert", - CMS.getConfigStore().getString("ca.connector.KRA.transportCert", "")); - } else { - CMS.debug("ProfileSelectServlet: keyArchivalEnabled is false"); - args.set("transportCert", ""); - } - } catch (EBaseException e) { - CMS.debug("ProfileSelectServlet: exception caught:" + e.toString()); - } - - // build authentication - ArgList authlist = new ArgList(); - IProfileAuthenticator authenticator = null; - - try { - authenticator = profile.getAuthenticator(); - } catch (EProfileException e) { - // authenticator not installed correctly - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHENTICATION_MANAGER_NOT_FOUND", - profile.getAuthenticatorId())); - outputTemplate(request, response, args); - return; - } - - if (authenticator != null) { - Enumeration<String> authNames = authenticator.getValueNames(); - - if (authNames != null) { - while (authNames.hasMoreElements()) { - ArgSet authset = new ArgSet(); - String authName = authNames.nextElement(); - IDescriptor authDesc = - authenticator.getValueDescriptor(locale, authName); - - if (authDesc == null) - continue; - String authSyntax = authDesc.getSyntax(); - String authConstraint = authDesc.getConstraint(); - String authValueName = authDesc.getDescription(locale); - - authset.set(ARG_AUTH_ID, authName); - authset.set(ARG_AUTH_SYNTAX, authSyntax); - authset.set(ARG_AUTH_CONSTRAINT, authConstraint); - authset.set(ARG_AUTH_NAME, authValueName); - authlist.add(authset); - } - } - args.set(ARG_AUTH_LIST, authlist); - args.set(ARG_AUTH_NAME, authenticator.getName(locale)); - args.set(ARG_AUTH_DESC, authenticator.getText(locale)); - args.set(ARG_AUTH_IS_SSL, - Boolean.toString(authenticator.isSSLClientRequired())); - } - - // build input list - ArgList inputlist = new ArgList(); - ArgList inputPluginlist = new ArgList(); - Enumeration<String> inputIds = profile.getProfileInputIds(); - - if (inputIds != null) { - while (inputIds.hasMoreElements()) { - String inputId = inputIds.nextElement(); - IProfileInput profileInput = profile.getProfileInput(inputId); - - if (profileInput != null) { - - ArgSet inputpluginset = new ArgSet(); - inputpluginset.set(ARG_INPUT_PLUGIN_ID, inputId); - inputpluginset.set(ARG_INPUT_PLUGIN_NAME, - profileInput.getName(locale)); - inputpluginset.set(ARG_INPUT_PLUGIN_DESC, - profileInput.getText(locale)); - inputPluginlist.add(inputpluginset); - - Enumeration<String> inputNames = profileInput.getValueNames(); - - if (inputNames != null) { - while (inputNames.hasMoreElements()) { - ArgSet inputset = new ArgSet(); - String inputName = inputNames.nextElement(); - IDescriptor inputDesc = profileInput.getValueDescriptor( - locale, inputName); - - if (inputDesc == null) - continue; - String inputSyntax = inputDesc.getSyntax(); - String inputConstraint = inputDesc.getConstraint(); - String inputValueName = inputDesc.getDescription(locale); - String inputValue = null; - - inputset.set(ARG_INPUT_PLUGIN_ID, inputId); - inputset.set(ARG_INPUT_ID, inputName); - inputset.set(ARG_INPUT_SYNTAX, inputSyntax); - inputset.set(ARG_INPUT_CONSTRAINT, inputConstraint); - inputset.set(ARG_INPUT_NAME, inputValueName); - inputset.set(ARG_INPUT_VAL, inputValue); - inputlist.add(inputset); - } - } - } - } - } - args.set(ARG_INPUT_LIST, inputlist); - args.set(ARG_INPUT_PLUGIN_LIST, inputPluginlist); - args.set(ARG_IS_RENEWAL, profile.isRenewal()); - args.set(ARG_XML_OUTPUT, profile.isXmlOutput()); - - // (5) return info as template - outputTemplate(request, response, args); - } - - private void handlePolicy(ArgList list, ServletResponse response, - Locale locale, String id, IProfilePolicy policy) { - ArgSet set = new ArgSet(); - - set.set(ARG_POLICY_ID, id); - - // handle default policy - IPolicyDefault def = policy.getDefault(); - String dDesc = def.getText(locale); - - set.set(ARG_DEF_DESC, dDesc); - ArgList deflist = new ArgList(); - Enumeration<String> defNames = def.getValueNames(); - - if (defNames != null) { - while (defNames.hasMoreElements()) { - ArgSet defset = new ArgSet(); - String defName = defNames.nextElement(); - IDescriptor defDesc = def.getValueDescriptor(locale, defName); - - if (defDesc == null) - continue; - String defSyntax = defDesc.getSyntax(); - String defConstraint = defDesc.getConstraint(); - String defValueName = defDesc.getDescription(locale); - String defValue = null; - - defset.set(ARG_DEF_ID, defName); - defset.set(ARG_DEF_SYNTAX, defSyntax); - defset.set(ARG_DEF_CONSTRAINT, defConstraint); - defset.set(ARG_DEF_NAME, defValueName); - defset.set(ARG_DEF_VAL, defValue); - deflist.add(defset); - } - } - set.set(ARG_DEF_LIST, deflist); - - // handle constraint policy - IPolicyConstraint con = policy.getConstraint(); - String conDesc = con.getText(locale); - - set.set(ARG_CON_DESC, conDesc); - ArgList conlist = new ArgList(); - Enumeration<String> conNames = con.getConfigNames(); - if (conNames != null) { - while (conNames.hasMoreElements()) { - ArgSet conset = new ArgSet(); - String conName = conNames.nextElement(); - conset.set(ARG_CON_NAME, conName); - conset.set(ARG_CON_VALUE, con.getConfig(conName)); - conlist.add(conset); - } - } - set.set(ARG_CON_LIST, conlist); - - list.add(set); - } - -} diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileService.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileService.java deleted file mode 100644 index edb8b2248..000000000 --- a/base/common/src/com/netscape/cms/servlet/profile/ProfileService.java +++ /dev/null @@ -1,952 +0,0 @@ -//--- BEGIN COPYRIGHT BLOCK --- -//This program is free software; you can redistribute it and/or modify -//it under the terms of the GNU General Public License as published by -//the Free Software Foundation; version 2 of the License. -// -//This program is distributed in the hope that it will be useful, -//but WITHOUT ANY WARRANTY; without even the implied warranty of -//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -//GNU General Public License for more details. -// -//You should have received a copy of the GNU General Public License along -//with this program; if not, write to the Free Software Foundation, Inc., -//51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -//(C) 2011 Red Hat, Inc. -//All rights reserved. -//--- END COPYRIGHT BLOCK --- - -package com.netscape.cms.servlet.profile; - -import java.io.File; -import java.io.IOException; -import java.net.URI; -import java.security.Principal; -import java.util.ArrayList; -import java.util.Enumeration; -import java.util.LinkedHashMap; -import java.util.List; -import java.util.Locale; -import java.util.Map; -import java.util.Vector; - -import javax.servlet.http.HttpServletRequest; -import javax.ws.rs.PathParam; -import javax.ws.rs.core.Context; -import javax.ws.rs.core.HttpHeaders; -import javax.ws.rs.core.Request; -import javax.ws.rs.core.UriBuilder; -import javax.ws.rs.core.UriInfo; - -import org.apache.commons.lang.StringUtils; -import org.jboss.resteasy.plugins.providers.atom.Link; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.BadRequestException; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.base.PKIException; -import com.netscape.certsrv.base.UnauthorizedException; -import com.netscape.certsrv.common.NameValuePairs; -import com.netscape.certsrv.common.OpDef; -import com.netscape.certsrv.common.ScopeDef; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfileEx; -import com.netscape.certsrv.profile.IProfileInput; -import com.netscape.certsrv.profile.IProfileOutput; -import com.netscape.certsrv.profile.IProfilePolicy; -import com.netscape.certsrv.profile.IProfileSubsystem; -import com.netscape.certsrv.profile.PolicyConstraint; -import com.netscape.certsrv.profile.PolicyConstraintValue; -import com.netscape.certsrv.profile.PolicyDefault; -import com.netscape.certsrv.profile.ProfileData; -import com.netscape.certsrv.profile.ProfileDataInfo; -import com.netscape.certsrv.profile.ProfileDataInfos; -import com.netscape.certsrv.profile.ProfileInput; -import com.netscape.certsrv.profile.ProfileNotFoundException; -import com.netscape.certsrv.profile.ProfileOutput; -import com.netscape.certsrv.profile.ProfileParameter; -import com.netscape.certsrv.profile.ProfilePolicy; -import com.netscape.certsrv.profile.ProfileResource; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.registry.IPluginInfo; -import com.netscape.certsrv.registry.IPluginRegistry; -import com.netscape.cms.realm.PKIPrincipal; -import com.netscape.cms.servlet.base.PKIService; - -/** - * @author alee - * - */ -public class ProfileService extends PKIService implements ProfileResource { - - @Context - private UriInfo uriInfo; - - @Context - private HttpHeaders headers; - - @Context - private Request request; - - @Context - private HttpServletRequest servletRequest; - - private IProfileSubsystem ps = (IProfileSubsystem) CMS.getSubsystem(IProfileSubsystem.ID); - private IPluginRegistry registry = (IPluginRegistry) CMS.getSubsystem(CMS.SUBSYSTEM_REGISTRY); - private IConfigStore cs = CMS.getConfigStore().getSubStore("profile"); - - private final static String LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL = - "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4"; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE = - "LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE_3"; - - public ProfileDataInfos listProfiles() { - List<ProfileDataInfo> list = new ArrayList<ProfileDataInfo>(); - ProfileDataInfos infos = new ProfileDataInfos(); - boolean visibleOnly = true; - - if (ps == null) { - return null; - } - - PKIPrincipal principal = (PKIPrincipal) servletRequest.getUserPrincipal(); - if ((principal != null) && - (principal.hasRole("Certificate Manager Agents") || - principal.hasRole("Certificate Manager Administrators"))) { - visibleOnly = false; - } - Enumeration<String> profileIds = ps.getProfileIds(); - if (profileIds != null) { - while (profileIds.hasMoreElements()) { - String id = profileIds.nextElement(); - ProfileDataInfo info = null; - try { - info = createProfileDataInfo(id, visibleOnly, uriInfo, getLocale(headers)); - } catch (EBaseException e) { - continue; - } - - if (info != null) { - list.add(info); - } - } - } - - infos.setProfileInfos(list); - return infos; - } - - public ProfileData retrieveProfile(String profileId) throws ProfileNotFoundException { - ProfileData data = null; - boolean visibleOnly = true; - - if (ps == null) { - return null; - } - - PKIPrincipal principal = (PKIPrincipal) servletRequest.getUserPrincipal(); - if ((principal != null) && - (principal.hasRole("Certificate Manager Agents") || - principal.hasRole("Certificate Manager Administrators"))) { - visibleOnly = false; - } - - Enumeration<String> profileIds = ps.getProfileIds(); - - IProfile profile = null; - if (profileIds != null) { - while (profileIds.hasMoreElements()) { - String id = profileIds.nextElement(); - - if (id.equals(profileId)) { - - try { - profile = ps.getProfile(profileId); - } catch (EProfileException e) { - e.printStackTrace(); - throw new ProfileNotFoundException(profileId); - } - break; - } - } - } - - if (profile == null) { - throw new ProfileNotFoundException(profileId); - } - - if (visibleOnly && !profile.isVisible()) { - throw new ProfileNotFoundException(profileId); - } - - try { - data = createProfileData(profileId); - } catch (EBaseException e) { - e.printStackTrace(); - throw new ProfileNotFoundException(profileId); - } - - UriBuilder profileBuilder = uriInfo.getBaseUriBuilder(); - URI uri = profileBuilder.path(ProfileResource.class).path("{id}"). - build(profileId); - data.setLink(new Link("self", uri)); - - return data; - } - - public ProfileData createProfileData(String profileId) throws EBaseException { - - IProfile profile; - - try { - profile = ps.getProfile(profileId); - } catch (EProfileException e) { - e.printStackTrace(); - throw new ProfileNotFoundException(profileId); - } - - ProfileData data = new ProfileData(); - - data.setAuthenticatorId(profile.getAuthenticatorId()); - data.setAuthzAcl(profile.getAuthzAcl()); - data.setClassId(cs.getString(profileId + ".class_id")); - data.setDescription(profile.getDescription(getLocale(headers))); - data.setEnabled(ps.isProfileEnable(profileId)); - data.setEnabledBy(ps.getProfileEnableBy(profileId)); - data.setId(profileId); - data.setName(profile.getName(getLocale(headers))); - data.setRenewal(Boolean.getBoolean(profile.isRenewal())); - data.setVisible(profile.isVisible()); - data.setXMLOutput(Boolean.getBoolean(profile.isXmlOutput())); - - Enumeration<String> inputIds = profile.getProfileInputIds(); - if (inputIds != null) { - while (inputIds.hasMoreElements()) { - ProfileInput input = createProfileInput(profile, inputIds.nextElement(), getLocale(headers)); - if (input == null) - continue; - data.addProfileInput(input); - } - } - - // profile outputs - Enumeration<String> outputIds = profile.getProfileOutputIds(); - if (outputIds != null) { - while (outputIds.hasMoreElements()) { - ProfileOutput output = createProfileOutput(profile, outputIds.nextElement(), getLocale(headers)); - if (output == null) - continue; - data.addProfileOutput(output); - } - } - - // profile policies - Enumeration<String> policySetIds = profile.getProfilePolicySetIds(); - if (policySetIds != null) { - while (policySetIds.hasMoreElements()) { - Vector<ProfilePolicy> pset = new Vector<ProfilePolicy>(); - String policySetId = policySetIds.nextElement(); - Enumeration<String> policyIds = profile.getProfilePolicyIds(policySetId); - while (policyIds.hasMoreElements()) { - String policyId = policyIds.nextElement(); - pset.add(createProfilePolicy(profile, policySetId, policyId)); - } - - if (!pset.isEmpty()) { - data.addProfilePolicySet(policySetId, pset); - } - } - } - - UriBuilder profileBuilder = uriInfo.getBaseUriBuilder(); - URI uri = profileBuilder.path(ProfileResource.class).path("{id}"). - build(profileId); - data.setLink(new Link("self", uri)); - - return data; - } - - public ProfilePolicy createProfilePolicy(IProfile profile, String setId, String policyId) throws EBaseException { - IProfilePolicy policy = profile.getProfilePolicy(setId, policyId); - IConfigStore policyStore = profile.getConfigStore().getSubStore( - "policyset." + setId + "." + policy.getId()); - - ProfilePolicy p = new ProfilePolicy(); - String constraintClassId = policyStore.getString("constraint.class_id"); - p.setConstraint(PolicyConstraintFactory.create(getLocale(headers), policy.getConstraint(), constraintClassId)); - String defaultClassId = policyStore.getString("default.class_id"); - p.setDef(PolicyDefaultFactory.create(getLocale(headers), policy.getDefault(), defaultClassId)); - p.setId(policy.getId()); - return p; - } - - public static ProfileInput createProfileInput(IProfile profile, String inputId, Locale locale) throws EBaseException { - IProfileInput profileInput = profile.getProfileInput(inputId); - if (profileInput == null) - return null; - - IConfigStore inputStore = profile.getConfigStore().getSubStore("input"); - String classId = inputStore.getString(inputId + ".class_id"); - - return new ProfileInput(profileInput, inputId, classId, locale); - } - - public static ProfileOutput createProfileOutput(IProfile profile, String outputId, Locale locale) throws EBaseException { - IProfileOutput profileOutput = profile.getProfileOutput(outputId); - if (profileOutput == null) - return null; - - IConfigStore outputStore = profile.getConfigStore().getSubStore("output"); - String classId = outputStore.getString(outputId + ".class_id"); - - return new ProfileOutput(profileOutput, outputId, classId, locale); - } - - public static ProfileDataInfo createProfileDataInfo(String profileId, boolean visibleOnly, UriInfo uriInfo, - Locale locale) throws EBaseException { - - IProfileSubsystem ps = (IProfileSubsystem) CMS.getSubsystem(IProfileSubsystem.ID); - if (profileId == null) { - throw new EBaseException("Error creating ProfileDataInfo."); - } - ProfileDataInfo ret = null; - - IProfile profile = null; - - profile = ps.getProfile(profileId); - if (profile == null) { - return null; - } - - if (visibleOnly && !profile.isVisible()) { - return null; - } - - ret = new ProfileDataInfo(); - - ret.setProfileId(profileId); - ret.setProfileName(profile.getName(locale)); - ret.setProfileDescription(profile.getDescription(locale)); - - UriBuilder profileBuilder = uriInfo.getBaseUriBuilder(); - URI uri = profileBuilder.path(ProfileResource.class).path("{id}"). - build(profileId); - - ret.setProfileURL(uri.toString()); - - return ret; - } - - public void modifyProfileState(String profileId, String action) { - if (ps == null) { - CMS.debug("modifyProfileState: ps is null"); - throw new PKIException("Error modifying profile state. Profile Service not available"); - } - - if (profileId == null) { - CMS.debug("modifyProfileState: invalid request. profileId is null"); - throw new BadRequestException("Invalid ProfileId"); - } - - Principal principal = servletRequest.getUserPrincipal(); - - switch (action) { - case "enable": - if (ps.isProfileEnable(profileId)) { - throw new BadRequestException("Profile already enabled"); - } - try { - ps.enableProfile(profileId, principal.getName()); - auditProfileChangeState(profileId, "approve", ILogger.SUCCESS); - } catch (EProfileException e) { - CMS.debug("modifyProfileState: error enabling profile. " + e); - e.printStackTrace(); - auditProfileChangeState(profileId, "approve", ILogger.FAILURE); - throw new PKIException("Error enabling profile"); - } - break; - case "disable": - if (!ps.isProfileEnable(profileId)) { - throw new BadRequestException("Profile already disabled"); - } - String userid = principal.getName(); - try { - if (ps.checkOwner()) { - if (ps.getProfileEnableBy(profileId).equals(userid)) { - ps.disableProfile(profileId); - auditProfileChangeState(profileId, "disapprove", ILogger.SUCCESS); - } else { - auditProfileChangeState(profileId, "disapprove", ILogger.FAILURE); - throw new UnauthorizedException( - "Profile can only be disabled by the agent that enabled it"); - } - } else { - ps.disableProfile(profileId); - auditProfileChangeState(profileId, "disapprove", ILogger.SUCCESS); - } - } catch (EProfileException e) { - CMS.debug("modifyProfileState: Error disabling profile: " + e); - e.printStackTrace(); - auditProfileChangeState(profileId, "disapprove", ILogger.FAILURE); - throw new PKIException("Error disabling profile"); - } - break; - default: - auditProfileChangeState(profileId, "invalid", ILogger.FAILURE); - throw new BadRequestException("Invalid operation"); - } - } - - public void createProfile(ProfileData data) { - if (ps == null) { - CMS.debug("createProfile: ps is null"); - throw new PKIException("Error creating profile. Profile Service not available"); - } - - IProfile profile = null; - String profileId = data.getId(); - Map<String, String> auditParams = new LinkedHashMap<String, String>(); - try { - profile = ps.getProfile(profileId); - if (profile != null) { - throw new BadRequestException("Profile already exists"); - } - - auditParams.put("class_id", data.getClassId()); - auditParams.put("name", data.getName()); - auditParams.put("description", data.getDescription()); - auditParams.put("visible", Boolean.toString(data.isVisible())); - - String config = CMS.getConfigStore().getString("instanceRoot") + "/ca/profiles/ca/" + - profileId + ".cfg"; - File configFile = new File(config); - configFile.createNewFile(); - IPluginInfo info = registry.getPluginInfo("profile", data.getClassId()); - - profile = ps.createProfile(profileId, data.getClassId(), info.getClassName(), config); - profile.setName(getLocale(headers), data.getName()); - profile.setDescription(getLocale(headers), data.getDescription()); - profile.setVisible(data.isVisible()); - profile.getConfigStore().commit(false); - ps.createProfileConfig(profileId, data.getClassId(), config); - - if (profile instanceof IProfileEx) { - // populates profile specific plugins such as - // policies, inputs and outputs with defaults - ((IProfileEx) profile).populate(); - } - - auditProfileChange( - ScopeDef.SC_PROFILE_RULES, - OpDef.OP_ADD, - profileId, - ILogger.SUCCESS, - auditParams); - } catch (EBaseException | IOException e) { - CMS.debug("createProfile: error in creating profile: " + e); - e.printStackTrace(); - - auditProfileChange( - ScopeDef.SC_PROFILE_RULES, - OpDef.OP_ADD, - profileId, - ILogger.FAILURE, - auditParams); - - throw new PKIException("Error in creating profile"); - } - - changeProfileData(data, profile); - } - - public void modifyProfile(String profileId, ProfileData data) { - if (ps == null) { - CMS.debug("modifyProfile: ps is null"); - throw new PKIException("Error modifying profile. Profile Service not available"); - } - - IProfile profile = null; - try { - profile = ps.getProfile(profileId); - if (profile == null) { - throw new ProfileNotFoundException("Cannot modify profile `" + profileId + - "`. Profile not found"); - } - } catch (EBaseException e) { - CMS.debug("modifyProfile: error obtaining profile `" + profileId + "`: " + e); - e.printStackTrace(); - throw new PKIException("Error modifying profile. Cannot obtain profile."); - } - - changeProfileData(data, profile); - } - - private void changeProfileData(ProfileData data, IProfile profile) { - String profileId = data.getId(); - if (profile == null) { - CMS.debug("changeProfileData - profile is null"); - throw new PKIException("Error changing profile data. Profile not available."); - } - if (ps.isProfileEnable(profileId)) { - throw new BadRequestException("Cannot change profile data. Profile must be disabled"); - } - - Map<String, String> auditParams = new LinkedHashMap<String, String>(); - - if (differs(profile.getAuthenticatorId(), data.getAuthenticatorId())) { - profile.setAuthenticatorId(data.getAuthenticatorId()); - auditParams.put("authenticatorId", data.getAuthenticatorId()); - } - - if (differs(profile.getAuthzAcl(), data.getAuthzAcl())) { - profile.setAuthzAcl(data.getAuthzAcl()); - auditParams.put("authzAcl", data.getAuthzAcl()); - } - - if (differs(profile.getDescription(getLocale(headers)), data.getDescription())) { - profile.setDescription(getLocale(headers), data.getDescription()); - auditParams.put("description", data.getDescription()); - } - - if (differs(profile.getId(), data.getId())) { - profile.setId(data.getId()); - auditParams.put("id", data.getId()); - } - - if (differs(profile.getName(getLocale(headers)), data.getName())) { - profile.setName(getLocale(headers), data.getName()); - auditParams.put("name", data.getName()); - } - - // TODO renewal is a string in Profile, should be changed - if (differs(profile.isRenewal(), Boolean.toString(data.isRenewal()))) { - profile.setRenewal(data.isRenewal()); - auditParams.put("renewal", Boolean.toString(data.isRenewal())); - } - - if (!profile.isVisible() == data.isVisible()) { - profile.setVisible(data.isVisible()); - auditParams.put("visible", Boolean.toString(data.isVisible())); - } - - // TODO xmloutput is a string in Profile, should be changed - if (differs(profile.isXmlOutput(), Boolean.toString(data.isXMLOutput()))) { - profile.setXMLOutput(data.isXMLOutput()); - auditParams.put("xmloutput", Boolean.toString(data.isXMLOutput())); - } - - if (!auditParams.isEmpty()) { - auditProfileChange( - ScopeDef.SC_PROFILE_RULES, - OpDef.OP_MODIFY, - profileId, - ILogger.SUCCESS, - auditParams); - } - - try { - populateProfileInputs(data, profile); - populateProfileOutputs(data, profile); - populateProfilePolicies(data, profile); - profile.getConfigStore().commit(false); - } catch (EBaseException e) { - CMS.debug("changeProfileData: Error changing profile inputs/outputs/policies: " + e); - e.printStackTrace(); - throw new PKIException("Error changing profile data"); - } - } - - private boolean differs(String v1, String v2) { - if (v1 != null) { - if (!v1.equals(v2)) { - return true; - } - } else { - if (v2 != null) { - return true; - } - } - return false; - } - - private void populateProfilePolicies(ProfileData data, IProfile profile) throws EBaseException { - // get list of changes for auditing - List<String> auditAdd = new ArrayList<String>(); - List<String> auditModify = new ArrayList<String>(); - - Enumeration<String> existingSetIds = profile.getProfilePolicySetIds(); - Map<String, ProfilePolicy> existingPolicies = new LinkedHashMap<String, ProfilePolicy>(); - while (existingSetIds.hasMoreElements()) { - String setId = existingSetIds.nextElement(); - Enumeration<String> policyIds = profile.getProfilePolicyIds(setId); - while (policyIds.hasMoreElements()) { - String policyId = policyIds.nextElement(); - existingPolicies.put( - setId + ":" + policyId, - createProfilePolicy(profile, setId, policyId)); - } - } - - for (Map.Entry<String, List<ProfilePolicy>> policySet : data.getPolicySets().entrySet()) { - String setId = policySet.getKey(); - for (ProfilePolicy policy : policySet.getValue()) { - String id = setId + ":" + policy.getId(); - if (!existingPolicies.containsKey(id)) { - auditAdd.add(id); - } else { - if (!policy.equals(existingPolicies.get(id))) { - auditModify.add(id); - } - } - existingPolicies.remove(id); - } - } - - List<String> auditDelete = new ArrayList<String>(existingPolicies.keySet()); - - //perform actions - try { - profile.deleteAllProfilePolicies(); - for (Map.Entry<String, List<ProfilePolicy>> policySet : data.getPolicySets().entrySet()) { - String setId = policySet.getKey(); - for (ProfilePolicy policy : policySet.getValue()) { - PolicyDefault def = policy.getDef(); - PolicyConstraint con = policy.getConstraint(); - - // create policy using defaults for PolicyDefault and PolicyConstraint - IProfilePolicy p = profile.createProfilePolicy(setId, policy.getId(), - def.getClassId(), con.getClassId()); - - // change specific elements to match incoming data for PolicyDefault - IConfigStore pstore = profile.getConfigStore().getSubStore( - "policyset." + setId + "." + policy.getId()); - if (!def.getName().isEmpty()) { - pstore.putString("default.name", def.getName()); - } - /*if (!def.getText().isEmpty()) { - pstore.putString("default.description", def.getText()); - }*/ - for (ProfileParameter param : def.getParams()) { - if (!param.getValue().isEmpty()) { - p.getDefault().setConfig(param.getName(), param.getValue()); - } - } - - // change specific elements to match incoming data for PolicyConstraint - if (!con.getName().isEmpty()) { - pstore.putString("constraint.name", con.getName()); - } - /*if (!con.getText().isEmpty()) { - pstore.putString("constraint.description", con.getText()); - }*/ - for (PolicyConstraintValue pcv : con.getConstraints()) { - if (!pcv.getValue().isEmpty()) { - p.getConstraint().setConfig(pcv.getName(), pcv.getValue()); - } - } - } - } - - if (!auditDelete.isEmpty()) { - Map<String, String> auditParams = new LinkedHashMap<String, String>(); - auditParams.put("inputs", StringUtils.join(auditDelete, ",")); - auditProfileChange( - ScopeDef.SC_PROFILE_POLICIES, - OpDef.OP_DELETE, - profile.getId(), - ILogger.SUCCESS, - auditParams); - } - - if (!auditAdd.isEmpty()) { - Map<String, String> auditParams = new LinkedHashMap<String, String>(); - auditParams.put("inputs", StringUtils.join(auditAdd, ",")); - auditProfileChange( - ScopeDef.SC_PROFILE_POLICIES, - OpDef.OP_ADD, - profile.getId(), - ILogger.SUCCESS, - auditParams); - } - - if (!auditModify.isEmpty()) { - Map<String, String> auditParams = new LinkedHashMap<String, String>(); - auditParams.put("inputs", StringUtils.join(auditModify, ",")); - auditProfileChange( - ScopeDef.SC_PROFILE_POLICIES, - OpDef.OP_MODIFY, - profile.getId(), - ILogger.SUCCESS, - auditParams); - } - } catch (EProfileException | EPropertyException e) { - Map<String, String> auditParams = new LinkedHashMap<String, String>(); - auditParams.put("added", StringUtils.join(auditAdd, ",")); - auditParams.put("deleted", StringUtils.join(auditDelete, ",")); - auditParams.put("modified", StringUtils.join(auditModify, ",")); - auditProfileChange( - ScopeDef.SC_PROFILE_POLICIES, - OpDef.OP_MODIFY, - profile.getId(), - ILogger.FAILURE, - auditParams); - throw e; - } - } - - private void populateProfileOutputs(ProfileData data, IProfile profile) throws EBaseException { - // get list of changes for auditing - List<String> auditAdd = new ArrayList<String>(); - List<String> auditModify = new ArrayList<String>(); - - Enumeration<String> existingIds = profile.getProfileOutputIds(); - Map<String, ProfileOutput> existingOutputs = new LinkedHashMap<String, ProfileOutput>(); - while (existingIds.hasMoreElements()) { - String id = existingIds.nextElement(); - ProfileOutput output = createProfileOutput(profile, id, getLocale(headers)); - if (output == null) - continue; - existingOutputs.put(id, output); - } - - List<ProfileOutput> outputs = data.getOutputs(); - for (ProfileOutput output : outputs) { - String id = output.getId(); - if (!existingOutputs.containsKey(id)) { - auditAdd.add(id); - } else { - if (!output.equals(existingOutputs.get(id))) { - auditModify.add(id); - } - existingOutputs.remove(id); - } - } - List<String> auditDelete = new ArrayList<String>(existingOutputs.keySet()); - - // perform operations - - try { - profile.deleteAllProfileOutputs(); - for (ProfileOutput output : outputs) { - String id = output.getId(); - String classId = output.getClassId(); - - NameValuePairs nvp = new NameValuePairs(); - // TODO - add a field for params in ProfileOuput - // No current examples - profile.createProfileOutput(id, classId, nvp); - } - - if (!auditDelete.isEmpty()) { - Map<String, String> auditParams = new LinkedHashMap<String, String>(); - auditParams.put("outputs", StringUtils.join(auditDelete, ",")); - auditProfileChange( - ScopeDef.SC_PROFILE_OUTPUT, - OpDef.OP_DELETE, - profile.getId(), - ILogger.SUCCESS, - auditParams); - } - - if (!auditAdd.isEmpty()) { - Map<String, String> auditParams = new LinkedHashMap<String, String>(); - auditParams.put("outputs", StringUtils.join(auditAdd, ",")); - auditProfileChange( - ScopeDef.SC_PROFILE_OUTPUT, - OpDef.OP_ADD, - profile.getId(), - ILogger.SUCCESS, - auditParams); - } - - if (!auditModify.isEmpty()) { - Map<String, String> auditParams = new LinkedHashMap<String, String>(); - auditParams.put("outputs", StringUtils.join(auditModify, ",")); - auditProfileChange( - ScopeDef.SC_PROFILE_OUTPUT, - OpDef.OP_MODIFY, - profile.getId(), - ILogger.SUCCESS, - auditParams); - } - } catch (EProfileException e) { - Map<String, String> auditParams = new LinkedHashMap<String, String>(); - - auditParams.put("added", StringUtils.join(auditAdd, ",")); - auditParams.put("deleted", StringUtils.join(auditDelete, ",")); - auditParams.put("modified", StringUtils.join(auditModify, ",")); - auditProfileChange( - ScopeDef.SC_PROFILE_OUTPUT, - OpDef.OP_MODIFY, - profile.getId(), - ILogger.FAILURE, - auditParams); - throw e; - } - } - - private void populateProfileInputs(ProfileData data, IProfile profile) throws EBaseException { - // get list of changes for auditing - List<String> auditAdd = new ArrayList<String>(); - List<String> auditModify = new ArrayList<String>(); - Enumeration<String> existingIds = profile.getProfileInputIds(); - Map<String, ProfileInput> existingInputs = new LinkedHashMap<String, ProfileInput>(); - - while (existingIds.hasMoreElements()) { - String id = existingIds.nextElement(); - ProfileInput input = createProfileInput(profile, id, getLocale(headers)); - if (input == null) - continue; - existingInputs.put(id, input); - } - - List<ProfileInput> inputs = data.getInputs(); - for (ProfileInput input : inputs) { - String id = input.getId(); - if (!existingInputs.containsKey(id)) { - auditAdd.add(id); - } else { - if (!input.equals(existingInputs.get(id))) { - auditModify.add(id); - } - existingInputs.remove(id); - } - } - List<String> auditDelete = new ArrayList<String>(existingInputs.keySet()); - - try { - // perform the operations - profile.deleteAllProfileInputs(); - - for (ProfileInput input : inputs) { - String id = input.getId(); - String classId = input.getClassId(); - - NameValuePairs nvp = new NameValuePairs(); - // TODO - add a field for params in ProfileInput. - // an example of this is DomainController.cfg - profile.createProfileInput(id, classId, nvp); - } - - if (!auditDelete.isEmpty()) { - Map<String, String> auditParams = new LinkedHashMap<String, String>(); - auditParams.put("inputs", StringUtils.join(auditDelete, ",")); - auditProfileChange( - ScopeDef.SC_PROFILE_INPUT, - OpDef.OP_DELETE, - profile.getId(), - ILogger.SUCCESS, - auditParams); - } - - if (!auditAdd.isEmpty()) { - Map<String, String> auditParams = new LinkedHashMap<String, String>(); - auditParams.put("inputs", StringUtils.join(auditAdd, ",")); - auditProfileChange( - ScopeDef.SC_PROFILE_INPUT, - OpDef.OP_ADD, - profile.getId(), - ILogger.SUCCESS, - auditParams); - } - - if (!auditModify.isEmpty()) { - Map<String, String> auditParams = new LinkedHashMap<String, String>(); - auditParams.put("inputs", StringUtils.join(auditModify, ",")); - auditProfileChange( - ScopeDef.SC_PROFILE_INPUT, - OpDef.OP_MODIFY, - profile.getId(), - ILogger.SUCCESS, - auditParams); - } - } catch (EProfileException e) { - Map<String, String> auditParams = new LinkedHashMap<String, String>(); - - auditParams.put("added", StringUtils.join(auditAdd, ",")); - auditParams.put("deleted", StringUtils.join(auditDelete, ",")); - auditParams.put("modified", StringUtils.join(auditModify, ",")); - auditProfileChange( - ScopeDef.SC_PROFILE_INPUT, - OpDef.OP_MODIFY, - profile.getId(), - ILogger.FAILURE, - auditParams); - throw e; - } - } - - public void deleteProfile(@PathParam("id") String profileId) { - if (ps == null) { - CMS.debug("deleteProfile: ps is null"); - throw new PKIException("Error deleting profile. Profile Service not available"); - } - - try { - IProfile profile = ps.getProfile(profileId); - if (profile == null) { - CMS.debug("Trying to delete profile: " + profileId + ". Profile already deleted."); - return; - } - - if (ps.isProfileEnable(profileId)) { - CMS.debug("Delete profile not permitted. Profile must be disabled first."); - auditProfileChange( - ScopeDef.SC_PROFILE_RULES, - OpDef.OP_DELETE, - profileId, - ILogger.FAILURE, - null); - - throw new BadRequestException("Cannot delete profile `" + profileId + - "`. Profile must be disabled first."); - } - - String configFile = CMS.getConfigStore().getString("profile." + profileId + ".config"); - - ps.deleteProfile(profileId, configFile); - - auditProfileChange( - ScopeDef.SC_PROFILE_RULES, - OpDef.OP_DELETE, - profileId, - ILogger.FAILURE, - null); - } catch (EBaseException e) { - CMS.debug("deleteProfile: error in deleting profile `" + profileId + "`: " + e); - e.printStackTrace(); - - auditProfileChange( - ScopeDef.SC_PROFILE_RULES, - OpDef.OP_DELETE, - profileId, - ILogger.FAILURE, - null); - - throw new PKIException("Error deleting profile."); - } - } - - public void auditProfileChangeState(String profileId, String op, String status) { - String msg = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditor.getSubjectID(), - status, - profileId, - op); - auditor.log(msg); - } - - public void auditProfileChange(String scope, String type, String id, String status, Map<String, String> params) { - String msg = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditor.getSubjectID(), - status, - auditor.getParamString(scope, type, id, params)); - auditor.log(msg); - } - -} diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java deleted file mode 100644 index be331d6ef..000000000 --- a/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java +++ /dev/null @@ -1,578 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.profile; - -import java.io.BufferedReader; -import java.io.ByteArrayOutputStream; -import java.io.FileReader; -import java.io.IOException; -import java.io.PrintStream; -import java.io.PrintWriter; -import java.util.Enumeration; -import java.util.LinkedHashSet; -import java.util.Locale; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authorization.IAuthzSubsystem; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.certsrv.template.ArgList; -import com.netscape.certsrv.template.ArgSet; -import com.netscape.certsrv.template.ArgString; -import com.netscape.certsrv.template.IArgValue; -import com.netscape.certsrv.util.IStatsSubsystem; -import com.netscape.cms.servlet.base.CMSServlet; -import com.netscape.cms.servlet.base.UserInfo; -import com.netscape.cms.servlet.common.CMSRequest; -import com.netscape.cms.servlet.common.ServletUtils; - -/** - * This servlet is the base class of all profile servlets. - * - * @version $Revision$, $Date$ - */ -public class ProfileServlet extends CMSServlet { - - /** - * - */ - private static final long serialVersionUID = -7011378748671762375L; - public final static String ARG_ERROR_CODE = "errorCode"; - public final static String ARG_ERROR_REASON = "errorReason"; - public final static String ARG_RECORD = "record"; - public final static String ARG_OP = "op"; - - public final static String ARG_REQUEST_LIST = "requestList"; - public final static String ARG_REQUEST_ID = "requestId"; - public final static String ARG_REQUEST_TYPE = "requestType"; - public final static String ARG_REQUEST_STATUS = "requestStatus"; - public final static String ARG_REQUEST_OWNER = - "requestOwner"; - public final static String ARG_REQUEST_CREATION_TIME = - "requestCreationTime"; - public final static String ARG_REQUEST_MODIFICATION_TIME = - "requestModificationTime"; - public final static String ARG_REQUEST_NONCE = "nonce"; - - public final static String ARG_AUTH_ID = "authId"; - public final static String ARG_AUTH_SYNTAX = "authSyntax"; - public final static String ARG_AUTH_CONSTRAINT = "authConstraint"; - public final static String ARG_AUTH_NAME = "authName"; - public final static String ARG_AUTH_LIST = "authList"; - public final static String ARG_AUTH_DESC = "authDesc"; - public final static String ARG_AUTH_IS_SSL = "authIsSSLClientRequired"; - public final static String ARG_PROFILE = "profile"; - public final static String ARG_REQUEST_NOTES = "requestNotes"; - public final static String ARG_PROFILE_ID = "profileId"; - public final static String ARG_RENEWAL_PROFILE_ID = "rprofileId"; - public final static String ARG_PROFILE_IS_ENABLED = "profileIsEnable"; - public final static String ARG_PROFILE_IS_VISIBLE = "profileIsVisible"; - public final static String ARG_PROFILE_ENABLED_BY = "profileEnableBy"; - public final static String ARG_PROFILE_APPROVED_BY = "profileApprovedBy"; - public final static String ARG_PROFILE_NAME = "profileName"; - public final static String ARG_PROFILE_DESC = "profileDesc"; - public final static String ARG_PROFILE_REMOTE_HOST = "profileRemoteHost"; - public final static String ARG_PROFILE_REMOTE_ADDR = "profileRemoteAddr"; - public final static String ARG_DEF_ID = "defId"; - public final static String ARG_DEF_SYNTAX = "defSyntax"; - public final static String ARG_DEF_CONSTRAINT = "defConstraint"; - public final static String ARG_DEF_NAME = "defName"; - public final static String ARG_DEF_VAL = "defVal"; - public final static String ARG_DEF_DESC = "defDesc"; - public final static String ARG_DEF_LIST = "defList"; - public final static String ARG_CON_DESC = "conDesc"; - public final static String ARG_CON_LIST = "constraint"; - public final static String ARG_CON_NAME = "name"; - public final static String ARG_CON_VALUE = "value"; - public final static String ARG_PROFILE_SET_ID = "profileSetId"; - public final static String ARG_POLICY_SET_ID = "setId"; - public final static String ARG_POLICY = "policy"; - public final static String ARG_POLICY_ID = "policyId"; - public final static String ARG_POLICY_SET_LIST = "policySetList"; - public final static String ARG_INPUT_PLUGIN_LIST = "inputPluginList"; - public final static String ARG_INPUT_PLUGIN_ID = "inputPluginId"; - public final static String ARG_INPUT_PLUGIN_NAME = "inputPluginName"; - public final static String ARG_INPUT_PLUGIN_DESC = "inputPluginDesc"; - public final static String ARG_INPUT_LIST = "inputList"; - public final static String ARG_INPUT_ID = "inputId"; - public final static String ARG_INPUT_SYNTAX = "inputSyntax"; - public final static String ARG_INPUT_CONSTRAINT = "inputConstraint"; - public final static String ARG_INPUT_NAME = "inputName"; - public final static String ARG_INPUT_VAL = "inputVal"; - public final static String ARG_IS_RENEWAL = "renewal"; - public final static String ARG_XML_OUTPUT = "xmlOutput"; - public final static String ARG_OUTPUT_LIST = "outputList"; - public final static String ARG_OUTPUT_ID = "outputId"; - public final static String ARG_OUTPUT_SYNTAX = "outputSyntax"; - public final static String ARG_OUTPUT_CONSTRAINT = "outputConstraint"; - public final static String ARG_OUTPUT_NAME = "outputName"; - public final static String ARG_OUTPUT_VAL = "outputVal"; - - private static final String PROP_TEMPLATE = "templatePath"; - private final static String PROP_AUTHMGR = "AuthMgr"; - private final static String PROP_CLIENTAUTH = "GetClientCert"; - private static final String PROP_PROFILE_SUB_ID = "profileSubId"; - private static final String PROP_ID = "ID"; - public final static String PROP_RESOURCEID = "resourceID"; - public final static String AUTHZ_SRC_LDAP = "ldap"; - public final static String AUTHZ_SRC_TYPE = "sourceType"; - public final static String AUTHZ_CONFIG_STORE = "authz"; - public final static String AUTHZ_SRC_XML = "web.xml"; - public final static String PROP_AUTHZ_MGR = "AuthzMgr"; - public final static String PROP_ACL = "ACLinfo"; - public final static String AUTHZ_MGR_BASIC = "BasicAclAuthz"; - public final static String AUTHZ_MGR_LDAP = "DirAclAuthz"; - - private final static String HDR_LANG = "accept-language"; - - private String mTemplate = null; - - protected String mId = null; - protected String mGetClientCert = "false"; - protected String mAuthMgr = null; - protected IAuthzSubsystem mAuthz = null; - protected String mAclMethod = null; - protected String mAuthzResourceName = null; - protected ILogger mLogger = CMS.getLogger(); - protected int mLogCategory = ILogger.S_OTHER; - protected String mProfileSubId = null; - - protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); - - // stats - protected LinkedHashSet<String> statEvents = new LinkedHashSet<String>(); - - public ProfileServlet() { - super(); - } - - /** - * initialize the servlet. Servlets implementing this method - * must specify the template to use as a parameter called - * "templatePath" in the servletConfig - * - * @param sc servlet configuration, read from the web.xml file - */ - - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - mTemplate = sc.getServletContext().getRealPath( - sc.getInitParameter(PROP_TEMPLATE)); - mGetClientCert = sc.getInitParameter(PROP_CLIENTAUTH); - mAuthMgr = sc.getInitParameter(PROP_AUTHMGR); - mAuthz = (IAuthzSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTHZ); - mAuthzResourceName = sc.getInitParameter(PROP_RESOURCEID); - mProfileSubId = sc.getInitParameter(PROP_PROFILE_SUB_ID); - mId = sc.getInitParameter(PROP_ID); - - try { - mAclMethod = ServletUtils.initializeAuthz(sc, mAuthz, mId); - } catch (ServletException e) { - log(ILogger.LL_FAILURE, e.toString()); - throw e; - } - } - - protected String escapeXML(String v) { - if (v == null) { - return ""; - } - v = v.replaceAll("&", "&"); - return v; - } - - protected void outputArgValueAsXML(PrintStream ps, String name, IArgValue v) { - ps.println("<" + name + ">"); - if (v != null) { - if (v instanceof ArgList) { - ArgList list = (ArgList) v; - ps.println("<list>"); - for (int i = 0; i < list.size(); i++) { - outputArgValueAsXML(ps, name, list.get(i)); - } - ps.println("</list>"); - } else if (v instanceof ArgString) { - ArgString str = (ArgString) v; - ps.println(escapeXML(str.getValue())); - } else if (v instanceof ArgSet) { - ArgSet set = (ArgSet) v; - ps.println("<set>"); - Enumeration<String> names = set.getNames(); - while (names.hasMoreElements()) { - String n = names.nextElement(); - outputArgValueAsXML(ps, n, set.get(n)); - } - ps.println("</set>"); - } else { - ps.println(v); - } - } - ps.println("</" + name + ">"); - } - - protected void outputThisAsXML(ByteArrayOutputStream bos, ArgSet args) { - PrintStream ps = new PrintStream(bos); - ps.println("<xml>"); - outputArgValueAsXML(ps, "output", args); - ps.println("</xml>"); - ps.flush(); - } - - public void outputTemplate(HttpServletRequest request, - HttpServletResponse response, ArgSet args) - throws EBaseException { - - String xmlOutput = request.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - response.setContentType("text/xml"); - ByteArrayOutputStream bos = new ByteArrayOutputStream(); - outputThisAsXML(bos, args); - try { - response.setContentLength(bos.size()); - bos.writeTo(response.getOutputStream()); - } catch (Exception e) { - CMS.debug("outputTemplate error " + e); - } - return; - } - IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); - if (statsSub != null) { - statsSub.startTiming("output_template"); - } - BufferedReader reader = null; - try { - reader = new BufferedReader( - new FileReader(mTemplate)); - - response.setContentType("text/html; charset=UTF-8"); - - PrintWriter writer = response.getWriter(); - - // output template - String line = null; - - do { - line = reader.readLine(); - if (line != null) { - if (line.indexOf("<CMS_TEMPLATE>") == -1) { - writer.println(line); - } else { - // output javascript parameters - writer.println("<script type=\"text/javascript\">"); - outputData(writer, args); - writer.println("</script>"); - } - } - } while (line != null); - reader.close(); - } catch (IOException e) { - CMS.debug(e); - throw new EBaseException(e.toString()); - } finally { - if (statsSub != null) { - statsSub.endTiming("output_template"); - } - } - } - - public void outputTemplate(boolean isXML, HttpServletResponse response, ArgSet args) - throws EBaseException { - if (isXML) { - response.setContentType("text/xml"); - ByteArrayOutputStream bos = new ByteArrayOutputStream(); - outputThisAsXML(bos, args); - try { - response.setContentLength(bos.size()); - bos.writeTo(response.getOutputStream()); - } catch (Exception e) { - CMS.debug("outputTemplate error " + e); - } - return; - } - startTiming("output_template"); - - BufferedReader reader = null; - try { - reader = new BufferedReader(new FileReader(mTemplate)); - - response.setContentType("text/html; charset=UTF-8"); - - PrintWriter writer = response.getWriter(); - - // output template - String line = null; - - do { - line = reader.readLine(); - if (line != null) { - if (line.indexOf("<CMS_TEMPLATE>") == -1) { - writer.println(line); - } else { - // output javascript parameters - writer.println("<script type=\"text/javascript\">"); - outputData(writer, args); - writer.println("</script>"); - } - } - } while (line != null); - reader.close(); - } catch (IOException e) { - CMS.debug(e); - throw new EBaseException(e.toString()); - } finally { - endTiming("output_template"); - } - } - - protected void outputArgList(PrintWriter writer, String name, ArgList list) - throws IOException { - - String h_name = null; - - if (name.indexOf('.') == -1) { - h_name = name; - } else { - h_name = name.substring(name.indexOf('.') + 1); - } - writer.println(name + "Set = new Array;"); - // writer.println(h_name + "Count = 0;"); - - for (int i = 0; i < list.size(); i++) { - writer.println(h_name + " = new Object;"); - IArgValue val = list.get(i); - - if (val instanceof ArgString) { - ArgString str = (ArgString) val; - - outputArgString(writer, name, str); - } else if (val instanceof ArgSet) { - ArgSet set = (ArgSet) val; - - outputArgSet(writer, h_name, set); - writer.println(name + "Set[" + i + "] = " + h_name + ";"); - } - } - } - - public void startTiming(String event) { - IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); - if (statsSub != null) { - statsSub.startTiming(event, true); - } - statEvents.add(event); - } - - public void endTiming(String event) { - IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); - if (statsSub != null) { - statsSub.endTiming(event); - } - statEvents.remove(event); - } - - protected String escapeJavaScriptString(String v) { - int l = v.length(); - char in[] = new char[l]; - char out[] = new char[l * 4]; - int j = 0; - - v.getChars(0, l, in, 0); - - for (int i = 0; i < l; i++) { - char c = in[i]; - - /* presumably this gives better performance */ - if ((c > 0x23) && (c != 0x5c) && (c != 0x3c) && (c != 0x3e)) { - out[j++] = c; - continue; - } - - /* some inputs are coming in as '\' and 'n' */ - /* see BZ 500736 for details */ - if ((c == 0x5c) && ((i + 1) < l) && (in[i + 1] == 'n' || - in[i + 1] == 'r' || in[i + 1] == 'f' || in[i + 1] == 't' || - in[i + 1] == '<' || in[i + 1] == '>' || - in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) { - if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3' && - (in[i + 3] == 'c' || in[i + 3] == 'e')) { - out[j++] = '\\'; - out[j++] = in[i + 1]; - out[j++] = in[i + 2]; - out[j++] = in[i + 3]; - i += 3; - } else { - out[j++] = '\\'; - out[j++] = in[i + 1]; - i++; - } - continue; - } - - switch (c) { - case '\n': - out[j++] = '\\'; - out[j++] = 'n'; - break; - - case '\\': - out[j++] = '\\'; - out[j++] = '\\'; - break; - - case '\"': - out[j++] = '\\'; - out[j++] = '\"'; - break; - - case '\r': - out[j++] = '\\'; - out[j++] = 'r'; - break; - - case '\f': - out[j++] = '\\'; - out[j++] = 'f'; - break; - - case '\t': - out[j++] = '\\'; - out[j++] = 't'; - break; - - case '<': - out[j++] = '\\'; - out[j++] = 'x'; - out[j++] = '3'; - out[j++] = 'c'; - break; - - case '>': - out[j++] = '\\'; - out[j++] = 'x'; - out[j++] = '3'; - out[j++] = 'e'; - break; - - default: - out[j++] = c; - } - } - return new String(out, 0, j); - } - - protected void outputArgString(PrintWriter writer, String name, ArgString str) - throws IOException { - String s = str.getValue(); - - // sub \n with "\n" - if (s != null) { - s = escapeJavaScriptString(s); - } - writer.println(name + "=\"" + s + "\";"); - } - - protected void outputArgSet(PrintWriter writer, String name, ArgSet set) - throws IOException { - Enumeration<String> e = set.getNames(); - - while (e.hasMoreElements()) { - String n = e.nextElement(); - IArgValue val = set.get(n); - - if (val instanceof ArgSet) { - ArgSet set1 = (ArgSet) val; - - outputArgSet(writer, name + "." + n, set1); - } else if (val instanceof ArgList) { - ArgList list = (ArgList) val; - - outputArgList(writer, name + "." + n, list); - } else if (val instanceof ArgString) { - ArgString str = (ArgString) val; - - outputArgString(writer, name + "." + n, str); - } - } - } - - protected void outputData(PrintWriter writer, ArgSet set) - throws IOException { - if (set == null) - return; - Enumeration<String> e = set.getNames(); - - while (e.hasMoreElements()) { - String n = e.nextElement(); - IArgValue val = set.get(n); - - if (val instanceof ArgSet) { - ArgSet set1 = (ArgSet) val; - - outputArgSet(writer, n, set1); - } else if (val instanceof ArgList) { - ArgList list = (ArgList) val; - - outputArgList(writer, n, list); - } else if (val instanceof ArgString) { - ArgString str = (ArgString) val; - - outputArgString(writer, n, str); - } - } - } - - /** - * log according to authority category. - */ - protected void log(int event, int level, String msg) { - mLogger.log(event, mLogCategory, level, - "Servlet " + mId + ": " + msg); - } - - protected void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level, - "Servlet " + mId + ": " + msg); - } - - /** - * Retrieves locale based on the request. - */ - protected Locale getLocale(HttpServletRequest req) { - Locale locale = null; - String lang = req.getHeader(HDR_LANG); - - if (lang == null) { - // use server locale - locale = Locale.getDefault(); - } else { - locale = new Locale(UserInfo.getUserLanguage(lang), - UserInfo.getUserCountry(lang)); - } - return locale; - } - - protected void renderResult(CMSRequest cmsReq) - throws IOException { - // do nothing - } -} diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java deleted file mode 100644 index 1ee527c97..000000000 --- a/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java +++ /dev/null @@ -1,890 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.profile; - -import java.io.InputStream; -import java.io.OutputStream; -import java.security.cert.CertificateEncodingException; -import java.util.Enumeration; -import java.util.Locale; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import netscape.security.x509.X509CertImpl; - -import org.mozilla.jss.asn1.ASN1Util; -import org.mozilla.jss.asn1.INTEGER; -import org.mozilla.jss.asn1.InvalidBERException; -import org.mozilla.jss.asn1.OBJECT_IDENTIFIER; -import org.mozilla.jss.asn1.SEQUENCE; -import org.mozilla.jss.asn1.SET; -import org.mozilla.jss.asn1.UTF8String; -import org.mozilla.jss.pkix.cmc.LraPopWitness; -import org.mozilla.jss.pkix.cmc.OtherInfo; -import org.mozilla.jss.pkix.cmc.TaggedAttribute; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.IAuthToken; -import com.netscape.certsrv.authorization.AuthzToken; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.SessionContext; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.certsrv.profile.EDeferException; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.ERejectException; -import com.netscape.certsrv.profile.IEnrollProfile; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfileAuthenticator; -import com.netscape.certsrv.profile.IProfileContext; -import com.netscape.certsrv.profile.IProfileInput; -import com.netscape.certsrv.profile.IProfileSubsystem; -import com.netscape.certsrv.request.INotify; -import com.netscape.certsrv.request.IRequest; -import com.netscape.certsrv.request.RequestStatus; -import com.netscape.cms.servlet.common.AuthCredentials; -import com.netscape.cms.servlet.common.CMCOutputTemplate; -import com.netscape.cms.servlet.common.CMSRequest; -import com.netscape.cmsutil.util.Utils; - -/** - * This servlet submits end-user request into the profile framework. - * - * @version $Revision$, $Date$ - */ -public class ProfileSubmitCMCServlet extends ProfileServlet { - - /** - * - */ - private static final long serialVersionUID = -8017841111435988197L; - private static final String ARG_AUTH_TOKEN = "auth_token"; - private static final String PROP_PROFILE_ID = "profileId"; - - private String mProfileId = null; - private String mProfileSubId = null; - private String requestB64 = null; - - private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; - - public ProfileSubmitCMCServlet() { - } - - /** - * initialize the servlet. And instance of this servlet can - * be set up to always issue certificates against a certain profile - * by setting the 'profileId' configuration in the servletConfig - * If not, the user must specify the profileID when submitting the request - * - * "ImportCert.template" to process the response. - * - * @param sc servlet configuration, read from the web.xml file - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - mProfileId = sc.getInitParameter(PROP_PROFILE_ID); - mRenderResult = false; - } - - private void setInputsIntoContext(HttpServletRequest request, IProfile profile, IProfileContext ctx) { - - // passing inputs into context - Enumeration<String> inputIds = profile.getProfileInputIds(); - - if (inputIds != null) { - while (inputIds.hasMoreElements()) { - String inputId = inputIds.nextElement(); - IProfileInput profileInput = profile.getProfileInput(inputId); - Enumeration<String> inputNames = profileInput.getValueNames(); - - while (inputNames.hasMoreElements()) { - String inputName = inputNames.nextElement(); - - if (request.getParameter(inputName) != null) { - ctx.set(inputName, request.getParameter(inputName)); - } - } - } - } - - } - - private void setCredentialsIntoContext(HttpServletRequest request, IProfileAuthenticator authenticator, - IProfileContext ctx) { - Enumeration<String> authIds = authenticator.getValueNames(); - - if (authIds != null) { - while (authIds.hasMoreElements()) { - String authName = authIds.nextElement(); - - if (request.getParameter(authName) != null) { - ctx.set(authName, request.getParameter(authName)); - } - } - } - } - - public IAuthToken authenticate(IProfileAuthenticator authenticator, - HttpServletRequest request) throws EBaseException { - AuthCredentials credentials = new AuthCredentials(); - - // build credential - Enumeration<String> authNames = authenticator.getValueNames(); - - if (authNames != null) { - while (authNames.hasMoreElements()) { - String authName = authNames.nextElement(); - - if (authName.equals("cert_request")) - credentials.set(authName, requestB64); - else - credentials.set(authName, request.getParameter(authName)); - } - } - IAuthToken authToken = authenticator.authenticate(credentials); - - SessionContext sc = SessionContext.getContext(); - if (sc != null) { - sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); - String userid = authToken.getInString(IAuthToken.USER_ID); - if (userid != null) { - sc.put(SessionContext.USER_ID, userid); - } - } - - return authToken; - } - - private void setInputsIntoRequest(HttpServletRequest request, IProfile - profile, IRequest req) { - Enumeration<String> inputIds = profile.getProfileInputIds(); - - if (inputIds != null) { - while (inputIds.hasMoreElements()) { - String inputId = inputIds.nextElement(); - IProfileInput profileInput = profile.getProfileInput(inputId); - Enumeration<String> inputNames = profileInput.getValueNames(); - - if (inputNames != null) { - while (inputNames.hasMoreElements()) { - String inputName = inputNames.nextElement(); - - if (request.getParameter(inputName) != null) { - req.setExtData(inputName, request.getParameter(inputName)); - } - } - } - } - } - } - - /** - * Process the HTTP request - * <P> - * - * (Certificate Request Processed - either an automated "EE" profile based cert acceptance, or an automated "EE" - * profile based cert rejection) - * <P> - * - * <ul> - * <li>http.param profileId ID of profile to use to process request - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been - * through the approval process - * </ul> - * - * @param cmsReq the object holding the request and response information - * @exception EBaseException an error has occurred - */ - public void process(CMSRequest cmsReq) throws EBaseException { - HttpServletRequest request = cmsReq.getHttpReq(); - HttpServletResponse response = cmsReq.getHttpResp(); - - Locale locale = getLocale(request); - String cert_request_type = - mServletConfig.getInitParameter("cert_request_type"); - String outputFormat = mServletConfig.getInitParameter("outputFormat"); - - int reqlen = request.getContentLength(); - InputStream is = null; - try { - is = request.getInputStream(); - } catch (Exception ee) { - } - byte reqbuf[] = new byte[reqlen]; - int bytesread = 0; - boolean partial = false; - - while (bytesread < reqlen) { - try { - bytesread += is.read(reqbuf, bytesread, reqlen - bytesread); - } catch (Exception ee) { - } - - if (partial == false) { - if (bytesread < reqlen) - partial = true; - } - } - - requestB64 = Utils.base64encode(reqbuf); - - if (CMS.debugOn()) { - CMS.debug("Start of ProfileSubmitCMCServlet Input Parameters"); - Enumeration<String> paramNames = request.getParameterNames(); - - while (paramNames.hasMoreElements()) { - String paramName = paramNames.nextElement(); - // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with - // __ (double underscores); however, in the event that - // a security parameter slips through, we perform multiple - // additional checks to insure that it is NOT displayed - if (paramName.startsWith("__") || - paramName.endsWith("password") || - paramName.endsWith("passwd") || - paramName.endsWith("pwd") || - paramName.equalsIgnoreCase("admin_password_again") || - paramName.equalsIgnoreCase("directoryManagerPwd") || - paramName.equalsIgnoreCase("bindpassword") || - paramName.equalsIgnoreCase("bindpwd") || - paramName.equalsIgnoreCase("passwd") || - paramName.equalsIgnoreCase("password") || - paramName.equalsIgnoreCase("pin") || - paramName.equalsIgnoreCase("pwd") || - paramName.equalsIgnoreCase("pwdagain") || - paramName.equalsIgnoreCase("uPasswd")) { - CMS.debug("ProfileSubmitCMCServlet Input Parameter " + - paramName + "='(sensitive)'"); - } else { - CMS.debug("ProfileSubmitCMCServlet Input Parameter " + - paramName + "='" + - request.getParameter(paramName) + "'"); - } - } - CMS.debug("End of ProfileSubmitCMCServlet Input Parameters"); - } - - CMS.debug("ProfileSubmitCMCServlet: start serving"); - - if (mProfileSubId == null || mProfileSubId.equals("")) { - mProfileSubId = IProfileSubsystem.ID; - } - CMS.debug("ProfileSubmitCMCServlet: SubId=" + mProfileSubId); - IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); - - if (ps == null) { - CMS.debug("ProfileSubmitCMCServlet: ProfileSubsystem not found"); - CMCOutputTemplate template = new CMCOutputTemplate(); - SEQUENCE seq = new SEQUENCE(); - seq.addElement(new INTEGER(0)); - UTF8String s = null; - try { - s = new UTF8String(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); - } catch (Exception ee) { - } - template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); - return; - } - - // if we did not configure profileId in xml file, - // then accept the user-provided one - String profileId = null; - - if (mProfileId == null) { - profileId = request.getParameter("profileId"); - } else { - profileId = mProfileId; - } - - IProfile profile = null; - - try { - CMS.debug("ProfileSubmitCMCServlet: profileId " + profileId); - profile = ps.getProfile(profileId); - } catch (EProfileException e) { - CMS.debug("ProfileSubmitCMCServlet: profile not found profileId " + - profileId + " " + e.toString()); - } - if (profile == null) { - CMCOutputTemplate template = new CMCOutputTemplate(); - SEQUENCE seq = new SEQUENCE(); - seq.addElement(new INTEGER(0)); - UTF8String s = null; - try { - s = new UTF8String(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId)); - } catch (Exception ee) { - } - template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); - return; - } - - if (!ps.isProfileEnable(profileId)) { - CMS.debug("ProfileSubmitCMCServlet: Profile " + profileId + - " not enabled"); - CMCOutputTemplate template = new CMCOutputTemplate(); - SEQUENCE seq = new SEQUENCE(); - seq.addElement(new INTEGER(0)); - UTF8String s = null; - try { - s = new UTF8String(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId)); - } catch (Exception ee) { - } - template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); - return; - } - - IProfileContext ctx = profile.createContext(); - if (requestB64 != null) { - ctx.set("cert_request_type", cert_request_type); - ctx.set("cert_request", requestB64); - } - // passing auths into context - IProfileAuthenticator authenticator = null; - - try { - authenticator = profile.getAuthenticator(); - } catch (EProfileException e) { - // authenticator not installed correctly - } - if (authenticator == null) { - CMS.debug("ProfileSubmitCMCServlet: authenticator not found"); - } else { - CMS.debug("ProfileSubmitCMCServlet: authenticator " + - authenticator.getName() + " found"); - setCredentialsIntoContext(request, authenticator, ctx); - } - - setInputsIntoContext(request, profile, ctx); - CMS.debug("ProfileSubmistServlet: set Inputs into Context"); - - // before creating the request, authenticate the request - - IAuthToken authToken = null; - - // for ssl authentication; pass in servlet for retrieving - // ssl client certificates - SessionContext context = SessionContext.getContext(); - - // insert profile context so that input parameter can be retrieved - context.put("profileContext", ctx); - context.put("sslClientCertProvider", - new SSLClientCertProvider(request)); - CMS.debug("ProfileSubmitCMCServlet: set sslClientCertProvider"); - if (authenticator != null) { - try { - authToken = authenticate(authenticator, request); - // authentication success - } catch (EBaseException e) { - CMCOutputTemplate template = new CMCOutputTemplate(); - SEQUENCE seq = new SEQUENCE(); - seq.addElement(new INTEGER(0)); - UTF8String s = null; - try { - s = new UTF8String(e.toString()); - } catch (Exception ee) { - } - template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.BAD_REQUEST, s); - CMS.debug("ProfileSubmitCMCServlet: authentication error " + - e.toString()); - return; - } - - //authorization only makes sense when request is authenticated - AuthzToken authzToken = null; - if (authToken != null) { - CMS.debug("ProfileSubmitCMCServlet authToken not null"); - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "submit"); - } catch (Exception e) { - CMS.debug("ProfileSubmitCMCServlet authorization failure: " + e.toString()); - } - } - - if (authzToken == null) { - CMS.debug("ProfileSubmitCMCServlet authorization failure: authzToken is null"); - CMCOutputTemplate template = new CMCOutputTemplate(); - SEQUENCE seq = new SEQUENCE(); - seq.addElement(new INTEGER(0)); - UTF8String s = null; - try { - s = new UTF8String("ProfileSubmitCMCServlet authorization failure"); - } catch (Exception ee) { - } - template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.BAD_REQUEST, s); - return; - } - } - - IRequest reqs[] = null; - - /////////////////////////////////////////////// - // create request - /////////////////////////////////////////////// - try { - reqs = profile.createRequests(ctx, locale); - } catch (EProfileException e) { - CMS.debug("ProfileSubmitCMCServlet: createRequests " + e.toString()); - CMCOutputTemplate template = new CMCOutputTemplate(); - SEQUENCE seq = new SEQUENCE(); - seq.addElement(new INTEGER(0)); - UTF8String s = null; - try { - s = new UTF8String(e.toString()); - } catch (Exception ee) { - } - template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); - return; - } catch (Throwable e) { - CMS.debug("ProfileSubmitCMCServlet: createRequests " + e.toString()); - CMCOutputTemplate template = new CMCOutputTemplate(); - SEQUENCE seq = new SEQUENCE(); - seq.addElement(new INTEGER(0)); - UTF8String s = null; - try { - s = new UTF8String(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); - } catch (Exception ee) { - } - template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); - return; - } - - TaggedAttribute attr = - (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness)); - if (attr != null) { - boolean verifyAllow = true; - try { - verifyAllow = CMS.getConfigStore().getBoolean( - "cmc.lraPopWitness.verify.allow", true); - } catch (EBaseException ee) { - } - - if (!verifyAllow) { - LraPopWitness lraPop = null; - SET vals = attr.getValues(); - if (vals.size() > 0) { - try { - lraPop = (LraPopWitness) (ASN1Util.decode(LraPopWitness.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); - } catch (InvalidBERException e) { - CMS.debug( - CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR")); - } - - SEQUENCE bodyIds = lraPop.getBodyIds(); - - CMCOutputTemplate template = new CMCOutputTemplate(); - template.createFullResponseWithFailedStatus(response, bodyIds, - OtherInfo.POP_FAILED, null); - return; - } - } - } - - // for CMC, requests may be zero. Then check if controls exist. - if (reqs == null) { - Integer nums = (Integer) (context.get("numOfControls")); - CMCOutputTemplate template = new CMCOutputTemplate(); - // if there is only one control GetCert, then simple response - // must be returned. - if (nums != null && nums.intValue() == 1) { - TaggedAttribute attr1 = (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); - if (attr1 != null) { - template.createSimpleResponse(response, reqs); - } else - template.createFullResponse(response, reqs, - cert_request_type, null); - } else - template.createFullResponse(response, reqs, - cert_request_type, null); - return; - } - - String errorCode = null; - String errorReason = null; - - /////////////////////////////////////////////// - // populate request - /////////////////////////////////////////////// - for (int k = 0; k < reqs.length; k++) { - // adding parameters to request - setInputsIntoRequest(request, profile, reqs[k]); - - // serial auth token into request - if (authToken != null) { - Enumeration<String> tokenNames = authToken.getElements(); - while (tokenNames.hasMoreElements()) { - String tokenName = tokenNames.nextElement(); - String[] vals = authToken.getInStringArray(tokenName); - if (vals != null) { - for (int i = 0; i < vals.length; i++) { - reqs[k].setExtData(ARG_AUTH_TOKEN + "." + - tokenName + "[" + i + "]", vals[i]); - } - } else { - String val = authToken.getInString(tokenName); - if (val != null) { - reqs[k].setExtData(ARG_AUTH_TOKEN + "." + tokenName, - val); - } - } - } - } - - // put profile framework parameters into the request - reqs[k].setExtData(ARG_PROFILE, "true"); - reqs[k].setExtData(ARG_PROFILE_ID, profileId); - reqs[k].setExtData(ARG_PROFILE_APPROVED_BY, profile.getApprovedBy()); - String setId = profile.getPolicySetId(reqs[k]); - - if (setId == null) { - // no profile set found - CMCOutputTemplate template = new CMCOutputTemplate(); - SEQUENCE seq = new SEQUENCE(); - seq.addElement(new INTEGER(0)); - UTF8String s = null; - try { - s = new UTF8String(CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND")); - } catch (Exception ee) { - } - template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); - return; - } - - CMS.debug("ProfileSubmitCMCServlet profileSetid=" + setId); - reqs[k].setExtData(ARG_PROFILE_SET_ID, setId); - reqs[k].setExtData(ARG_PROFILE_REMOTE_HOST, request.getRemoteHost()); - reqs[k].setExtData(ARG_PROFILE_REMOTE_ADDR, request.getRemoteAddr()); - - CMS.debug("ProfileSubmitCMCServlet: request " + - reqs[k].getRequestId().toString()); - - try { - CMS.debug("ProfileSubmitCMCServlet: populating request inputs"); - // give authenticator a chance to populate the request - if (authenticator != null) { - authenticator.populate(authToken, reqs[k]); - } - profile.populateInput(ctx, reqs[k]); - profile.populate(reqs[k]); - } catch (EProfileException e) { - CMS.debug("ProfileSubmitCMCServlet: populate " + e.toString()); - CMCOutputTemplate template = new CMCOutputTemplate(); - SEQUENCE seq = new SEQUENCE(); - seq.addElement(new INTEGER(0)); - UTF8String s = null; - try { - s = new UTF8String(e.toString()); - } catch (Exception ee) { - } - template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.BAD_REQUEST, s); - return; - } catch (Throwable e) { - CMS.debug("ProfileSubmitCMCServlet: populate " + e.toString()); - // throw new IOException("Profile " + profileId + - // " cannot populate"); - CMCOutputTemplate template = new CMCOutputTemplate(); - SEQUENCE seq = new SEQUENCE(); - seq.addElement(new INTEGER(0)); - UTF8String s = null; - try { - s = new UTF8String(e.toString()); - } catch (Exception ee) { - } - template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); - return; - } - } - - String auditMessage = null; - String auditSubjectID = auditSubjectID(); - String auditRequesterID = ILogger.UNIDENTIFIED; - String auditInfoCertValue = ILogger.SIGNED_AUDIT_EMPTY_VALUE; - - try { - /////////////////////////////////////////////// - // submit request - /////////////////////////////////////////////// - int error_codes[] = null; - if (reqs != null && reqs.length > 0) - error_codes = new int[reqs.length]; - for (int k = 0; k < reqs.length; k++) { - try { - // reset the "auditRequesterID" - auditRequesterID = auditRequesterID(reqs[k]); - - // print request debug - if (reqs[k] != null) { - Enumeration<String> reqKeys = reqs[k].getExtDataKeys(); - while (reqKeys.hasMoreElements()) { - String reqKey = reqKeys.nextElement(); - String reqVal = reqs[k].getExtDataInString(reqKey); - if (reqVal != null) { - CMS.debug("ProfileSubmitCMCServlet: key=$request." + reqKey + "$ value=" + reqVal); - } - } - } - - profile.submit(authToken, reqs[k]); - reqs[k].setRequestStatus(RequestStatus.COMPLETE); - - // reset the "auditInfoCertValue" - auditInfoCertValue = auditInfoCertValue(reqs[k]); - - if (auditInfoCertValue != null) { - if (!(auditInfoCertValue.equals( - ILogger.SIGNED_AUDIT_EMPTY_VALUE))) { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - ILogger.SIGNED_AUDIT_ACCEPTANCE, - auditInfoCertValue); - - audit(auditMessage); - } - } - } catch (EDeferException e) { - // return defer message to the user - reqs[k].setRequestStatus(RequestStatus.PENDING); - // need to notify - INotify notify = profile.getRequestQueue().getPendingNotify(); - if (notify != null) { - notify.notify(reqs[k]); - } - - CMS.debug("ProfileSubmitCMCServlet: submit " + e.toString()); - errorCode = "2"; - errorReason = CMS.getUserMessage(locale, - "CMS_PROFILE_DEFERRED", - e.toString()); - } catch (ERejectException e) { - // return error to the user - reqs[k].setRequestStatus(RequestStatus.REJECTED); - CMS.debug("ProfileSubmitCMCServlet: submit " + e.toString()); - errorCode = "3"; - errorReason = CMS.getUserMessage(locale, - "CMS_PROFILE_REJECTED", - e.toString()); - } catch (Throwable e) { - // return error to the user - CMS.debug("ProfileSubmitCMCServlet: submit " + e.toString()); - errorCode = "1"; - errorReason = CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR"); - } - - try { - if (errorCode == null) { - profile.getRequestQueue().markAsServiced(reqs[k]); - } else { - profile.getRequestQueue().updateRequest(reqs[k]); - } - } catch (EBaseException e) { - CMS.debug("ProfileSubmitCMCServlet: updateRequest " + - e.toString()); - } - - if (errorCode != null) { - if (errorCode.equals("1")) { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - ILogger.SIGNED_AUDIT_REJECTION, - errorReason); - - audit(auditMessage); - } else if (errorCode.equals("2")) { - // do NOT store a message in the signed audit log file - // as this errorCode indicates that a process has been - // deferred for manual acceptance/cancellation/rejection - } else if (errorCode.equals("3")) { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - ILogger.SIGNED_AUDIT_REJECTION, - errorReason); - - audit(auditMessage); - } - error_codes[k] = Integer.parseInt(errorCode); - } else - error_codes[k] = 0; - } - - if (errorCode != null) { - // create the CMC full enrollment response - CMCOutputTemplate template = new CMCOutputTemplate(); - template.createFullResponse(response, reqs, cert_request_type, error_codes); - - return; - } - - /////////////////////////////////////////////// - // output output list - /////////////////////////////////////////////// - - CMS.debug("ProfileSubmitCMCServlet: done serving"); - CMCOutputTemplate template = new CMCOutputTemplate(); - if (cert_request_type.equals("pkcs10") || cert_request_type.equals("crmf")) { - - if (outputFormat != null && outputFormat.equals("pkcs7")) { - byte[] pkcs7 = CMS.getPKCS7(locale, reqs[0]); - response.setContentType("application/pkcs7-mime"); - response.setContentLength(pkcs7.length); - try { - OutputStream os = response.getOutputStream(); - os.write(pkcs7); - os.flush(); - } catch (Exception ee) { - } - return; - } - template.createSimpleResponse(response, reqs); - } else if (cert_request_type.equals("cmc")) { - Integer nums = (Integer) (context.get("numOfControls")); - if (nums != null && nums.intValue() == 1) { - TaggedAttribute attr1 = - (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); - if (attr1 != null) { - template.createSimpleResponse(response, reqs); - return; - } - } - template.createFullResponse(response, reqs, cert_request_type, - error_codes); - } - } finally { - SessionContext.releaseContext(); - } - } - - /** - * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for - * a signed audit log message. - * <P> - * - * @param request the actual request - * @return id string containing the signed audit log message RequesterID - */ - private String auditRequesterID(IRequest request) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } - - String requesterID = ILogger.UNIDENTIFIED; - - if (request != null) { - // overwrite "requesterID" if and only if "id" != null - String id = request.getRequestId().toString(); - - if (id != null) { - requesterID = id.trim(); - } - } - - return requesterID; - } - - /** - * Signed Audit Log Info Certificate Value - * - * This method is called to obtain the certificate from the passed in - * "X509CertImpl" for a signed audit log message. - * <P> - * - * @param request request containing an X509CertImpl - * @return cert string containing the certificate - */ - private String auditInfoCertValue(IRequest request) { - // if no signed audit object exists, bail - if (mSignedAuditLogger == null) { - return null; - } - - X509CertImpl x509cert = request.getExtDataInCert( - IEnrollProfile.REQUEST_ISSUED_CERT); - - if (x509cert == null) { - return ILogger.SIGNED_AUDIT_EMPTY_VALUE; - } - - byte rawData[] = null; - - try { - rawData = x509cert.getEncoded(); - } catch (CertificateEncodingException e) { - return ILogger.SIGNED_AUDIT_EMPTY_VALUE; - } - - String cert = null; - - // convert "rawData" into "base64Data" - if (rawData != null) { - String base64Data = null; - - base64Data = Utils.base64encode(rawData).trim(); - - // extract all line separators from the "base64Data" - StringBuffer sb = new StringBuffer(); - for (int i = 0; i < base64Data.length(); i++) { - if (!Character.isWhitespace(base64Data.charAt(i))) { - sb.append(base64Data.charAt(i)); - } - } - cert = sb.toString(); - } - - if (cert != null) { - cert = cert.trim(); - - if (cert.equals("")) { - return ILogger.SIGNED_AUDIT_EMPTY_VALUE; - } else { - return cert; - } - } else { - return ILogger.SIGNED_AUDIT_EMPTY_VALUE; - } - } -} diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java deleted file mode 100644 index 7b0813d71..000000000 --- a/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java +++ /dev/null @@ -1,347 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.profile; - -import java.util.Enumeration; -import java.util.HashMap; -import java.util.Locale; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import netscape.security.x509.X509CertImpl; -import netscape.security.x509.X509CertInfo; - -import org.w3c.dom.Node; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.EAuthException; -import com.netscape.certsrv.authorization.EAuthzException; -import com.netscape.certsrv.base.BadRequestDataException; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.IEnrollProfile; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.profile.IProfileOutput; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.certsrv.template.ArgList; -import com.netscape.certsrv.template.ArgSet; -import com.netscape.cms.servlet.cert.EnrollmentProcessor; -import com.netscape.cms.servlet.cert.RenewalProcessor; -import com.netscape.cms.servlet.common.CMSRequest; -import com.netscape.cms.servlet.processors.Processor; -import com.netscape.cmsutil.util.Cert; -import com.netscape.cmsutil.xml.XMLObject; - -/** - * This servlet submits end-user request into the profile framework. - * - * @author Christina Fu (renewal support) - * @version $Revision$, $Date$ - */ -public class ProfileSubmitServlet extends ProfileServlet { - - /** - * - */ - private static final long serialVersionUID = 7557922703180866442L; - private final static String SUCCESS = "0"; - private final static String FAILED = "1"; - - public ProfileSubmitServlet() { - } - - /** - * initialize the servlet. And instance of this servlet can - * be set up to always issue certificates against a certain profile - * by setting the 'profileId' configuration in the servletConfig - * If not, the user must specify the profileID when submitting the request - * - * "ImportCert.template" to process the response. - * - * @param sc servlet configuration, read from the web.xml file - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - } - - /** - * Process the HTTP request - * <P> - * - * (Certificate Request Processed - either an automated "EE" profile based cert acceptance, or an automated "EE" - * profile based cert rejection) - * <P> - * - * <ul> - * <li>http.param profileId ID of profile to use to process request - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been - * through the approval process - * </ul> - * - * @param cmsReq the object holding the request and response information - * @exception EBaseException an error has occurred - */ - - public void process(CMSRequest cmsReq) throws EBaseException { - HttpServletRequest request = cmsReq.getHttpReq(); - HttpServletResponse response = cmsReq.getHttpResp(); - boolean xmlOutput = getXMLOutput(request); - - Locale locale = getLocale(request); - - HashMap<String, Object> results = null; - String renewal = request.getParameter("renewal"); - - try { - if ((renewal != null) && (renewal.equalsIgnoreCase("true"))) { - CMS.debug("ProfileSubmitServlet: isRenewal true"); - RenewalProcessor processor = new RenewalProcessor("caProfileSubmit", locale); - results = processor.processRenewal(cmsReq); - } else { - CMS.debug("ProfileSubmitServlet: isRenewal false"); - EnrollmentProcessor processor = new EnrollmentProcessor("caProfileSubmit", locale); - results = processor.processEnrollment(cmsReq); - } - } catch (BadRequestDataException e) { - CMS.debug("ProfileSubmitServlet: bad data provided in processing request: " + e.toString()); - errorExit(response, xmlOutput, e.getMessage(), null); - return; - } catch (EAuthzException e) { - CMS.debug("ProfileSubmitServlet: authorization error in processing request: " + e.toString()); - errorExit(response, xmlOutput, e.getMessage(), null); - return; - } catch (EAuthException e) { - CMS.debug("ProfileSubmitServlet: authentication error in processing request: " + e.toString()); - errorExit(response, xmlOutput, e.getMessage(), null); - return; - } catch (EBaseException e) { - e.printStackTrace(); - CMS.debug("ProfileSubmitServlet: error in processing request: " + e.toString()); - errorExit(response, xmlOutput, e.getMessage(), null); - return; - } - - IRequest[] reqs = (IRequest []) results.get(Processor.ARG_REQUESTS); - String errorCode = (String) results.get(Processor.ARG_ERROR_CODE); - String errorReason = (String) results.get(Processor.ARG_ERROR_REASON); - IProfile profile = (IProfile) results.get(Processor.ARG_PROFILE); - ArgSet args = new ArgSet(); - - if (errorCode != null) { - if (xmlOutput) { - String requestIds = ""; - for (IRequest req : reqs) { - requestIds += " " + req.getRequestId().toString(); - } - - outputError(response, errorCode, errorReason, requestIds); - } else { - ArgList requestlist = new ArgList(); - - for (IRequest req : reqs) { - ArgSet requestset = new ArgSet(); - requestset.set(ARG_REQUEST_ID, req.getRequestId().toString()); - requestlist.add(requestset); - } - args.set(ARG_REQUEST_LIST, requestlist); - args.set(ARG_ERROR_CODE, errorCode); - args.set(ARG_ERROR_REASON, errorReason); - outputTemplate(request, response, args); - } - return; - } - - if (xmlOutput) { - xmlOutput(response, profile, locale, reqs); - } else { - ArgList outputlist = new ArgList(); - for (int k = 0; k < reqs.length; k++) { - - setOutputIntoArgs(profile, outputlist, locale, reqs[k]); - args.set(ARG_OUTPUT_LIST, outputlist); - } - - CMS.debug("ProfileSubmitServlet: done serving"); - - ArgList requestlist = new ArgList(); - - for (int k = 0; k < reqs.length; k++) { - ArgSet requestset = new ArgSet(); - - requestset.set(ARG_REQUEST_ID, - reqs[k].getRequestId().toString()); - requestlist.add(requestset); - } - args.set(ARG_REQUEST_LIST, requestlist); - args.set(ARG_ERROR_CODE, "0"); - args.set(ARG_ERROR_REASON, ""); - - outputTemplate(request, response, args); - } - } - - private void setOutputIntoArgs(IProfile profile, ArgList outputlist, Locale locale, IRequest req) { - Enumeration<String> outputIds = profile.getProfileOutputIds(); - - if (outputIds != null) { - while (outputIds.hasMoreElements()) { - String outputId = outputIds.nextElement(); - IProfileOutput profileOutput = profile.getProfileOutput(outputId); - - Enumeration<String> outputNames = profileOutput.getValueNames(); - - if (outputNames != null) { - while (outputNames.hasMoreElements()) { - ArgSet outputset = new ArgSet(); - String outputName = outputNames.nextElement(); - IDescriptor outputDesc = - profileOutput.getValueDescriptor(locale, outputName); - - if (outputDesc == null) - continue; - String outputSyntax = outputDesc.getSyntax(); - String outputConstraint = outputDesc.getConstraint(); - String outputValueName = outputDesc.getDescription(locale); - String outputValue = null; - - try { - outputValue = profileOutput.getValue(outputName, - locale, req); - } catch (EProfileException e) { - CMS.debug("ProfileSubmitServlet: " + e.toString()); - } - - outputset.set(ARG_OUTPUT_ID, outputName); - outputset.set(ARG_OUTPUT_SYNTAX, outputSyntax); - outputset.set(ARG_OUTPUT_CONSTRAINT, outputConstraint); - outputset.set(ARG_OUTPUT_NAME, outputValueName); - outputset.set(ARG_OUTPUT_VAL, outputValue); - outputlist.add(outputset); - } - } - } - } - } - - private void errorExit(HttpServletResponse response, boolean xmlOutput, String message, String requestId) - throws EBaseException { - if (xmlOutput) { - outputError(response, FAILED, message, requestId); - } else { - ArgSet args = new ArgSet(); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, message); - outputTemplate(xmlOutput, response, args); - } - - for (String event : statEvents) { - endTiming(event); - } - } - - private boolean getXMLOutput(HttpServletRequest request) { - boolean xmlOutput = false; - - String v = request.getParameter("xml"); - if ((v != null) && (v.equalsIgnoreCase("true"))) { - xmlOutput = true; - } - v = request.getParameter("xmlOutput"); - if ((v != null) && (v.equalsIgnoreCase("true"))) { - xmlOutput = true; - } - if (xmlOutput) { - CMS.debug("xmlOutput true"); - } else { - CMS.debug("xmlOutput false"); - } - return xmlOutput; - } - - private void xmlOutput(HttpServletResponse httpResp, IProfile profile, Locale locale, IRequest[] reqs) { - try { - XMLObject xmlObj = null; - xmlObj = new XMLObject(); - - Node root = xmlObj.createRoot("XMLResponse"); - xmlObj.addItemToContainer(root, "Status", SUCCESS); - Node n = xmlObj.createContainer(root, "Requests"); - CMS.debug("ProfileSubmitServlet xmlOutput: req len = " + reqs.length); - - for (int i = 0; i < reqs.length; i++) { - Node subnode = xmlObj.createContainer(n, "Request"); - xmlObj.addItemToContainer(subnode, "Id", reqs[i].getRequestId().toString()); - X509CertInfo certInfo = - reqs[i].getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); - if (certInfo != null) { - String subject = ""; - subject = certInfo.get(X509CertInfo.SUBJECT).toString(); - xmlObj.addItemToContainer(subnode, "SubjectDN", subject); - } else { - CMS.debug("ProfileSubmitServlet xmlOutput: no certInfo found in request"); - } - Enumeration<String> outputIds = profile.getProfileOutputIds(); - if (outputIds != null) { - while (outputIds.hasMoreElements()) { - String outputId = outputIds.nextElement(); - IProfileOutput profileOutput = profile.getProfileOutput(outputId); - Enumeration<String> outputNames = profileOutput.getValueNames(); - if (outputNames != null) { - while (outputNames.hasMoreElements()) { - String outputName = outputNames.nextElement(); - if (!outputName.equals("b64_cert") && !outputName.equals("pkcs7")) - continue; - try { - String outputValue = profileOutput.getValue(outputName, locale, reqs[i]); - if (outputName.equals("b64_cert")) { - String ss = Cert.normalizeCertStrAndReq(outputValue); - outputValue = Cert.stripBrackets(ss); - byte[] bcode = CMS.AtoB(outputValue); - X509CertImpl impl = new X509CertImpl(bcode); - xmlObj.addItemToContainer(subnode, - "serialno", impl.getSerialNumber().toString(16)); - xmlObj.addItemToContainer(subnode, "b64", outputValue); - }// if b64_cert - else if (outputName.equals("pkcs7")) { - String ss = Cert.normalizeCertStrAndReq(outputValue); - xmlObj.addItemToContainer(subnode, "pkcs7", ss); - } - - } catch (EProfileException e) { - CMS.debug("ProfileSubmitServlet xmlOutput: " + e.toString()); - } catch (Exception e) { - CMS.debug("ProfileSubmitServlet xmlOutput: " + e.toString()); - } - } - } - } - } - } - - byte[] cb = xmlObj.toByteArray(); - outputResult(httpResp, "application/xml", cb); - } catch (Exception e) { - CMS.debug("Failed to send the XML output"); - } - } - -} diff --git a/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java b/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java deleted file mode 100644 index 0114f6323..000000000 --- a/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java +++ /dev/null @@ -1,39 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.profile; - -import java.security.cert.X509Certificate; - -import javax.servlet.http.HttpServletRequest; - -import com.netscape.certsrv.authentication.ISSLClientCertProvider; - -public class SSLClientCertProvider implements ISSLClientCertProvider { - private HttpServletRequest mRequest = null; - - public SSLClientCertProvider(HttpServletRequest request) { - mRequest = request; - } - - public X509Certificate[] getClientCertificateChain() { - X509Certificate[] allCerts = (X509Certificate[]) - mRequest.getAttribute("javax.servlet.request.X509Certificate"); - - return allCerts; - } -} |