diff options
Diffstat (limited to 'base/common')
16 files changed, 80 insertions, 59 deletions
diff --git a/base/common/src/com/netscape/certsrv/authentication/AuthToken.java b/base/common/src/com/netscape/certsrv/authentication/AuthToken.java index d934f62e8..1b5bf2350 100644 --- a/base/common/src/com/netscape/certsrv/authentication/AuthToken.java +++ b/base/common/src/com/netscape/certsrv/authentication/AuthToken.java @@ -291,17 +291,13 @@ public class AuthToken implements IAuthToken { return set(name, out.toByteArray()); } - public CertificateExtensions getInCertExts(String name) { + public CertificateExtensions getInCertExts(String name) throws IOException { CertificateExtensions exts = null; byte[] data = getInByteArray(name); if (data != null) { - try { - exts = new CertificateExtensions(); - // exts.decode() doesn't work for empty CertExts - exts.decodeEx(new ByteArrayInputStream(data)); - } catch (IOException e) { - return null; - } + exts = new CertificateExtensions(); + // exts.decode() doesn't work for empty CertExts + exts.decodeEx(new ByteArrayInputStream(data)); } return exts; } @@ -321,7 +317,7 @@ public class AuthToken implements IAuthToken { return set(name, out.toByteArray()); } - public Certificates getInCertificates(String name) { + public Certificates getInCertificates(String name) throws IOException, CertificateException { X509CertImpl[] certArray; byte[] byteValue = getInByteArray(name); @@ -329,18 +325,12 @@ public class AuthToken implements IAuthToken { return null; } - try { - DerInputStream in = new DerInputStream(byteValue); - DerValue[] derValues = in.getSequence(5); - certArray = new X509CertImpl[derValues.length]; - for (int i = 0; i < derValues.length; i++) { - byte[] certData = derValues[i].toByteArray(); - certArray[i] = new X509CertImpl(certData); - } - } catch (IOException e) { - return null; - } catch (CertificateException e) { - return null; + DerInputStream in = new DerInputStream(byteValue); + DerValue[] derValues = in.getSequence(5); + certArray = new X509CertImpl[derValues.length]; + for (int i = 0; i < derValues.length; i++) { + byte[] certData = derValues[i].toByteArray(); + certArray[i] = new X509CertImpl(certData); } return new Certificates(certArray); } @@ -372,22 +362,18 @@ public class AuthToken implements IAuthToken { } } - public byte[][] getInByteArrayArray(String name) { + public byte[][] getInByteArrayArray(String name) throws IOException { byte[][] retval; byte[] byteValue = getInByteArray(name); if (byteValue == null) { return null; } - try { - DerInputStream in = new DerInputStream(byteValue); - DerValue[] derValues = in.getSequence(5); - retval = new byte[derValues.length][]; - for (int i = 0; i < derValues.length; i++) { - retval[i] = derValues[i].getOctetString(); - } - } catch (IOException e) { - return null; + DerInputStream in = new DerInputStream(byteValue); + DerValue[] derValues = in.getSequence(5); + retval = new byte[derValues.length][]; + for (int i = 0; i < derValues.length; i++) { + retval[i] = derValues[i].getOctetString(); } return retval; } diff --git a/base/common/src/com/netscape/certsrv/authentication/IAuthToken.java b/base/common/src/com/netscape/certsrv/authentication/IAuthToken.java index 25a73b8f1..e469f3786 100644 --- a/base/common/src/com/netscape/certsrv/authentication/IAuthToken.java +++ b/base/common/src/com/netscape/certsrv/authentication/IAuthToken.java @@ -17,7 +17,9 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.authentication; +import java.io.IOException; import java.math.BigInteger; +import java.security.cert.CertificateException; import java.util.Date; import java.util.Enumeration; @@ -176,9 +178,10 @@ public interface IAuthToken { * Retrieves the CertificateExtensions value for name. * * @param name The attribute name. - * @return The value or null on error. + * @return The value. + * @throws IOException */ - public CertificateExtensions getInCertExts(String name); + public CertificateExtensions getInCertExts(String name) throws IOException; /** * Stores the CertificateExtensions with the associated key. @@ -193,9 +196,11 @@ public interface IAuthToken { * Retrieves the Certificates value for name. * * @param name The attribute name. - * @return The value or null on error. + * @return The value. + * @throws IOException + * @throws CertificateException */ - public Certificates getInCertificates(String name); + public Certificates getInCertificates(String name) throws IOException, CertificateException; /** * Stores the Certificates with the associated key. @@ -210,9 +215,10 @@ public interface IAuthToken { * Retrieves the byte[][] value for name. * * @param name The attribute name. - * @return The value or null on error. + * @return The value. + * @throws IOException */ - public byte[][] getInByteArrayArray(String name); + public byte[][] getInByteArrayArray(String name) throws IOException; /** * Stores the byte[][] with the associated key. diff --git a/base/common/src/com/netscape/cms/authentication/CMCAuth.java b/base/common/src/com/netscape/cms/authentication/CMCAuth.java index d15f445f3..2844601f4 100644 --- a/base/common/src/com/netscape/cms/authentication/CMCAuth.java +++ b/base/common/src/com/netscape/cms/authentication/CMCAuth.java @@ -768,7 +768,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, level, "CMC Authentication: " + msg); } - protected IAuthToken verifySignerInfo(AuthToken authToken, SignedData cmcFullReq) throws EInvalidCredentials { + protected IAuthToken verifySignerInfo(AuthToken authToken, SignedData cmcFullReq) throws EBaseException { EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); OBJECT_IDENTIFIER id = ci.getContentType(); @@ -875,6 +875,9 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, IAuthSubsystem authSS = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); IAuthManager agentAuth = authSS.getAuthManager(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);//AGENT_AUTHMGR_ID); + if (agentAuth == null) { + throw new EBaseException(CMS.getUserMessage("CMS_AUTHENTICATION_MANAGER_NOT_FOUND", IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)); + } IAuthCredentials agentCred = new com.netscape.certsrv.authentication.AuthCredentials(); agentCred.set(IAuthManager.CRED_SSL_CLIENT_CERT, x509Certs); diff --git a/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java b/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java index e1ae7d074..d6e626aa9 100644 --- a/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java +++ b/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java @@ -250,9 +250,9 @@ public class SubjAltNameExt extends APolicyRule /** * Generate a String Vector containing all the email addresses * found in this Authentication token + * @throws IOException */ - protected Vector /* of String */<String> - getEmailList(IAuthToken tok) { + protected Vector<String> getEmailList(IAuthToken tok) throws IOException { Vector<String> v = new Vector<String>(); @@ -267,9 +267,10 @@ public class SubjAltNameExt extends APolicyRule /** * Add attribute values from an LDAP attribute to a vector + * @throws IOException */ protected void - addValues(IAuthToken tok, String attrName, Vector<String> v) { + addValues(IAuthToken tok, String attrName, Vector<String> v) throws IOException { String attr[] = tok.getInStringArray(attrName); if (attr == null) diff --git a/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java b/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java index a6cb97908..895e099fb 100644 --- a/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java +++ b/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java @@ -61,9 +61,7 @@ public class DisplayHtmlServlet extends CMSServlet { */ public void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("DisplayHtmlServlet about to service "); - authenticate(cmsReq); - try { String realpath = mServletConfig.getServletContext().getRealPath("/" + mHTMLPath); diff --git a/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java b/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java index e820bb87a..0b59fdc97 100644 --- a/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java +++ b/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java @@ -132,9 +132,9 @@ public class ChallengeRevocationServlet1 extends CMSServlet { * </ul> * * @param cmsReq the object holding the request and response information + * @throws EBaseException */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); diff --git a/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java b/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java index bd12bcfd8..a3cec570a 100644 --- a/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java +++ b/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java @@ -122,7 +122,6 @@ public class UpdateCRL extends CMSServlet { IAuthToken authToken = authenticate(cmsReq); AuthzToken authzToken = null; - try { authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, "update"); diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java b/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java index b9932722e..ff9ab5eba 100644 --- a/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java +++ b/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java @@ -192,7 +192,11 @@ public class LDAPSecurityDomainSessionTable LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); while (res.hasMoreElements()) { LDAPEntry entry = res.next(); - ret.add(entry.getAttribute("cn").getStringValueArray()[0]); + LDAPAttribute sid = entry.getAttribute("cn"); + if (sid == null) { + throw new Exception("Invalid LDAP Entry." + entry.getDN() + " No session id(cn)."); + } + ret.add(sid.getStringValueArray()[0]); } } catch (LDAPException e) { switch (e.getLDAPResultCode()) { @@ -228,10 +232,14 @@ public class LDAPSecurityDomainSessionTable LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); if (res.getCount() > 0) { LDAPEntry entry = res.next(); - ret = entry.getAttribute(attr).getStringValueArray()[0]; + LDAPAttribute searchAttribute = entry.getAttribute(attr); + if (searchAttribute == null) { + throw new Exception("No Attribute " + attr + " for this session in LDAPEntry "+entry.getDN()); + } + ret = searchAttribute.getStringValueArray()[0]; } } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e); + CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e.getMessage()); } try { diff --git a/base/common/src/com/netscape/cmscore/authentication/AuthSubsystem.java b/base/common/src/com/netscape/cmscore/authentication/AuthSubsystem.java index fbb589376..c5b09a7d7 100644 --- a/base/common/src/com/netscape/cmscore/authentication/AuthSubsystem.java +++ b/base/common/src/com/netscape/cmscore/authentication/AuthSubsystem.java @@ -458,9 +458,9 @@ public class AuthSubsystem implements IAuthSubsystem { * <P> */ public void shutdown() { - for (Enumeration<String> e = mAuthMgrInsts.keys(); e.hasMoreElements();) { + for (AuthManagerProxy proxy : mAuthMgrInsts.values()) { - IAuthManager mgr = get(e.nextElement()); + IAuthManager mgr = proxy.getAuthManager(); log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_SHUTDOWN", mgr.getName())); diff --git a/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java b/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java index 5b6418c00..fa8696c1d 100644 --- a/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java +++ b/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java @@ -191,7 +191,11 @@ public class PasswdUserDBAuthentication implements IAuthManager { e.printStackTrace(); // not a user in our user/group database. log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSCORE_AUTH_UID_NOT_FOUND", uid, e.toString())); - throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL") + " " + e.getMessage()); + } + if (user == null) { + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", + "Failure in User Group subsystem.")); } authToken.set(TOKEN_USERDN, user.getUserDN()); authToken.set(TOKEN_USERID, user.getUserID()); diff --git a/base/common/src/com/netscape/cmscore/dbs/DBSubsystem.java b/base/common/src/com/netscape/cmscore/dbs/DBSubsystem.java index 304f5aa94..c0bb627c2 100644 --- a/base/common/src/com/netscape/cmscore/dbs/DBSubsystem.java +++ b/base/common/src/com/netscape/cmscore/dbs/DBSubsystem.java @@ -408,6 +408,9 @@ public class DBSubsystem implements IDBSubsystem { LDAPEntry entry = conn.read(dn); LDAPAttribute attr = entry.getAttribute(PROP_NEXT_RANGE); + if (attr == null) { + throw new Exception("Missing Attribute" + PROP_NEXT_RANGE + "in Entry " + dn); + } nextRange = (String) attr.getStringValues().nextElement(); BigInteger nextRangeNo = new BigInteger(nextRange); diff --git a/base/common/src/com/netscape/cmscore/dbs/KeyRepository.java b/base/common/src/com/netscape/cmscore/dbs/KeyRepository.java index 726746627..0fbff688a 100644 --- a/base/common/src/com/netscape/cmscore/dbs/KeyRepository.java +++ b/base/common/src/com/netscape/cmscore/dbs/KeyRepository.java @@ -251,6 +251,9 @@ public class KeyRepository extends Repository implements IKeyRepository { */ public IKeyRecord readKeyRecord(BigInteger serialNo) throws EBaseException { + if (serialNo == null) { + throw new EBaseException("Invalid Serial Number."); + } IDBSSession s = mDBService.createSession(); KeyRecord rec = null; @@ -264,6 +267,9 @@ public class KeyRepository extends Repository implements IKeyRepository { if (s != null) s.close(); } + if (rec == null) { + throw new EBaseException("Failed to recover Key for Serial Number " + serialNo); + } return rec; } diff --git a/base/common/src/com/netscape/cmscore/profile/ProfileSubsystem.java b/base/common/src/com/netscape/cmscore/profile/ProfileSubsystem.java index 53d4fa14a..7da1cc332 100644 --- a/base/common/src/com/netscape/cmscore/profile/ProfileSubsystem.java +++ b/base/common/src/com/netscape/cmscore/profile/ProfileSubsystem.java @@ -96,6 +96,9 @@ public class ProfileSubsystem implements IProfileSubsystem { IConfigStore subStore = config.getSubStore(id); String classid = subStore.getString(PROP_CLASS_ID); IPluginInfo info = registry.getPluginInfo("profile", classid); + if (info == null) { + throw new EBaseException("No plugins for type : profile with id " + classid); + } String configPath = subStore.getString(PROP_CONFIG); CMS.debug("Start Profile Creation - " + id + " " + classid + " " + info.getClassName()); diff --git a/base/common/test/com/netscape/certsrv/authentication/AuthTokenTest.java b/base/common/test/com/netscape/certsrv/authentication/AuthTokenTest.java index fab809bad..370973f0a 100644 --- a/base/common/test/com/netscape/certsrv/authentication/AuthTokenTest.java +++ b/base/common/test/com/netscape/certsrv/authentication/AuthTokenTest.java @@ -109,7 +109,7 @@ public class AuthTokenTest extends CMSBaseTestCase { assertFalse(authToken.set("key4", (BigInteger[]) null)); } - public void testGetSetDate() { + public void testGetSetDate() throws Exception { Date value = new Date(); authToken.set("key", value); assertEquals(String.valueOf(value.getTime()), @@ -118,6 +118,9 @@ public class AuthTokenTest extends CMSBaseTestCase { authToken.set("key2", "234567"); Date retval = authToken.getInDate("key2"); + if (retval == null) { + throw new Exception("Unable to get key2 as Date"); + } assertEquals(234567L, retval.getTime()); authToken.set("key3", "oops"); @@ -137,6 +140,9 @@ public class AuthTokenTest extends CMSBaseTestCase { assertFalse(cmsStub.aToBCalled); String[] retval = authToken.getInStringArray("key"); + if (retval == null) { + throw new IOException("Unable to get key as String Array"); + } assertTrue(cmsStub.aToBCalled); assertEquals(4, retval.length); assertEquals(value[0], retval[0]); @@ -193,7 +199,7 @@ public class AuthTokenTest extends CMSBaseTestCase { assertFalse(authToken.set("key3", (CertificateExtensions) null)); } - public void testGetSetCertificates() throws CertificateException { + public void testGetSetCertificates() throws CertificateException, IOException { X509CertImpl cert1 = getFakeCert(); X509CertImpl cert2 = getFakeCert(); X509CertImpl[] certArray = new X509CertImpl[] { cert1, cert2 }; @@ -216,7 +222,7 @@ public class AuthTokenTest extends CMSBaseTestCase { assertFalse(authToken.set("key2", (Certificates) null)); } - public void testGetSetByteArrayArray() { + public void testGetSetByteArrayArray() throws IOException { byte[][] value = new byte[][] { new byte[] { 1, 2, 3, 4 }, new byte[] { 12, 13, 14 }, diff --git a/base/common/test/com/netscape/cmscore/dbs/DBSubsystemDefaultStub.java b/base/common/test/com/netscape/cmscore/dbs/DBSubsystemDefaultStub.java index fe19159d5..396121b29 100644 --- a/base/common/test/com/netscape/cmscore/dbs/DBSubsystemDefaultStub.java +++ b/base/common/test/com/netscape/cmscore/dbs/DBSubsystemDefaultStub.java @@ -7,7 +7,6 @@ import netscape.ldap.LDAPConnection; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.ISubsystem; -import com.netscape.certsrv.dbs.EDBException; import com.netscape.certsrv.dbs.IDBRegistry; import com.netscape.certsrv.dbs.IDBSSession; import com.netscape.certsrv.dbs.IDBSubsystem; @@ -25,7 +24,7 @@ public class DBSubsystemDefaultStub implements IDBSubsystem { return null; } - public IDBSSession createSession() throws EDBException { + public IDBSSession createSession() { return null; } diff --git a/base/common/test/com/netscape/cmscore/test/CMSBaseTestCase.java b/base/common/test/com/netscape/cmscore/test/CMSBaseTestCase.java index d3971afd4..007ccafcb 100644 --- a/base/common/test/com/netscape/cmscore/test/CMSBaseTestCase.java +++ b/base/common/test/com/netscape/cmscore/test/CMSBaseTestCase.java @@ -7,7 +7,6 @@ import netscape.security.x509.X509CertImpl; import com.netscape.certsrv.app.CMSEngineDefaultStub; import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.dbs.EDBException; import com.netscape.certsrv.dbs.IDBRegistry; import com.netscape.certsrv.dbs.IDBSSession; import com.netscape.certsrv.logging.ILogger; @@ -88,7 +87,7 @@ public abstract class CMSBaseTestCase extends TestCase { } class DBSubsystemStub extends DBSubsystemDefaultStub { - public IDBSSession createSession() throws EDBException { + public IDBSSession createSession() { return session; } |