summaryrefslogtreecommitdiffstats
path: root/base/server/cms
diff options
context:
space:
mode:
Diffstat (limited to 'base/server/cms')
-rw-r--r--base/server/cms/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java16
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/admin/GroupMemberProcessor.java4
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/admin/GroupService.java50
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/admin/UserService.java115
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java28
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/cert/EnrollServlet.java11
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java24
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java21
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java11
9 files changed, 96 insertions, 184 deletions
diff --git a/base/server/cms/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java b/base/server/cms/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java
index b703f5b47..b1da18892 100644
--- a/base/server/cms/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java
+++ b/base/server/cms/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java
@@ -21,10 +21,10 @@ import java.util.Enumeration;
import java.util.Locale;
import java.util.Vector;
-import netscape.ldap.LDAPException;
import netscape.security.x509.X509CertImpl;
import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.ConflictingOperationException;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.base.SessionContext;
@@ -201,17 +201,11 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
ILogger.SUCCESS,
auditParams);
audit(auditMessage);
- } catch (LDAPException e) {
+
+ } catch (ConflictingOperationException e) {
CMS.debug("UpdateSubsystemGroup: update " + e.toString());
- if (e.getLDAPResultCode() != LDAPException.ENTRY_ALREADY_EXISTS) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams);
- audit(auditMessage);
- throw new EProfileException(e.toString());
- }
+ // ignore
+
} catch (Exception e) {
CMS.debug("UpdateSubsystemGroup: update addUser " + e.toString());
auditMessage = CMS.getLogMessage(
diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/GroupMemberProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/admin/GroupMemberProcessor.java
index 399b97d0c..9f976d401 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/admin/GroupMemberProcessor.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/admin/GroupMemberProcessor.java
@@ -254,7 +254,7 @@ public class GroupMemberProcessor extends Processor {
} catch (Exception e) {
log(ILogger.LL_FAILURE, e.toString());
auditAddGroupMember(groupID, groupMemberData, ILogger.FAILURE);
- throw new PKIException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED"));
+ throw new PKIException(getUserMessage("CMS_USRGRP_GROUP_MODIFY_FAILED"));
}
}
@@ -372,7 +372,7 @@ public class GroupMemberProcessor extends Processor {
} catch (Exception e) {
log(ILogger.LL_FAILURE, e.toString());
auditDeleteGroupMember(groupID, groupMemberData, ILogger.FAILURE);
- throw new PKIException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED"));
+ throw new PKIException(getUserMessage("CMS_USRGRP_GROUP_MODIFY_FAILED"));
}
}
diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/GroupService.java b/base/server/cms/src/com/netscape/cms/servlet/admin/GroupService.java
index 3fd84da6c..3f250517a 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/admin/GroupService.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/admin/GroupService.java
@@ -38,6 +38,7 @@ import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.BadRequestException;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.base.ResourceNotFoundException;
import com.netscape.certsrv.common.OpDef;
import com.netscape.certsrv.common.ScopeDef;
import com.netscape.certsrv.group.GroupCollection;
@@ -207,23 +208,18 @@ public class GroupService extends PKIService implements GroupResource {
}
// allow adding a group with no members
- try {
- userGroupManager.addGroup(group);
+ userGroupManager.addGroup(group);
- auditAddGroup(groupID, groupData, ILogger.SUCCESS);
+ auditAddGroup(groupID, groupData, ILogger.SUCCESS);
- // read the data back
- groupData = getGroup(groupID);
+ // read the data back
+ groupData = getGroup(groupID);
- return Response
- .created(groupData.getLink().getHref())
- .entity(groupData)
- .type(MediaType.APPLICATION_XML)
- .build();
-
- } catch (Exception e) {
- throw new PKIException(getUserMessage("CMS_USRGRP_GROUP_ADD_FAILED", headers));
- }
+ return Response
+ .created(groupData.getLink().getHref())
+ .entity(groupData)
+ .type(MediaType.APPLICATION_XML)
+ .build();
} catch (PKIException e) {
auditAddGroup(groupID, groupData, ILogger.FAILURE);
@@ -263,27 +259,25 @@ public class GroupService extends PKIService implements GroupResource {
IGroup group = userGroupManager.getGroupFromName(groupID);
+ if (group == null) {
+ throw new ResourceNotFoundException("Group " + groupID + " not found.");
+ }
+
group.set("description", groupData.getDescription());
// allow adding a group with no members, except "Certificate
// Server Administrators"
- try {
- userGroupManager.modifyGroup(group);
-
- auditModifyGroup(groupID, groupData, ILogger.SUCCESS);
+ userGroupManager.modifyGroup(group);
- // read the data back
- groupData = getGroup(groupID);
+ auditModifyGroup(groupID, groupData, ILogger.SUCCESS);
- return Response
- .ok(groupData)
- .type(MediaType.APPLICATION_XML)
- .build();
+ // read the data back
+ groupData = getGroup(groupID);
- } catch (Exception e) {
- log(ILogger.LL_FAILURE, e.toString());
- throw new PKIException(getUserMessage("CMS_USRGRP_GROUP_MODIFY_FAILED", headers));
- }
+ return Response
+ .ok(groupData)
+ .type(MediaType.APPLICATION_XML)
+ .build();
} catch (PKIException e) {
auditModifyGroup(groupID, groupData, ILogger.FAILURE);
diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/UserService.java b/base/server/cms/src/com/netscape/cms/servlet/admin/UserService.java
index 827541e2f..3f172abeb 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/admin/UserService.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/admin/UserService.java
@@ -39,7 +39,6 @@ import javax.ws.rs.core.Request;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
-import netscape.ldap.LDAPException;
import netscape.security.pkcs.PKCS7;
import netscape.security.x509.X509CertImpl;
@@ -49,7 +48,6 @@ import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.crypto.InternalCertificate;
import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.BadRequestDataException;
import com.netscape.certsrv.base.BadRequestException;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.ForbiddenException;
@@ -62,7 +60,6 @@ import com.netscape.certsrv.common.OpDef;
import com.netscape.certsrv.common.ScopeDef;
import com.netscape.certsrv.dbs.certdb.CertId;
import com.netscape.certsrv.group.GroupMemberData;
-import com.netscape.certsrv.ldap.LDAPExceptionConverter;
import com.netscape.certsrv.logging.IAuditor;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.password.IPasswordCheck;
@@ -187,7 +184,7 @@ public class UserService extends PKIService implements UserResource {
if (userID == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
- throw new BadRequestDataException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID", headers));
+ throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID", headers));
}
IUser user;
@@ -266,13 +263,13 @@ public class UserService extends PKIService implements UserResource {
try {
if (userID == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
- throw new BadRequestDataException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID", headers));
+ throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID", headers));
}
if (userID.indexOf(BACK_SLASH) != -1) {
// backslashes (BS) are not allowed
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_RS_ID_BS"));
- throw new BadRequestDataException(getUserMessage("CMS_ADMIN_SRVLT_RS_ID_BS", headers));
+ throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_RS_ID_BS", headers));
}
if (userID.equals(SYSTEM_USER)) {
@@ -288,7 +285,7 @@ public class UserService extends PKIService implements UserResource {
String msg = getUserMessage("CMS_USRGRP_USER_ADD_FAILED_1", headers, "full name");
log(ILogger.LL_FAILURE, msg);
- throw new BadRequestDataException(msg);
+ throw new BadRequestException(msg);
} else {
user.setFullName(fname);
@@ -337,43 +334,24 @@ public class UserService extends PKIService implements UserResource {
String csType = cs.getString("cs.type");
if (tpsProfiles != null) {
if (!csType.equals("TPS")) {
- throw new BadRequestDataException("Cannot set tpsProfiles on a non-TPS subsystem");
+ throw new BadRequestException("Cannot set tpsProfiles on a non-TPS subsystem");
}
String[] profiles = tpsProfiles.split(",");
user.setTpsProfiles(Arrays.asList(profiles));
}
- try {
- userGroupManager.addUser(user);
-
- auditAddUser(userID, userData, ILogger.SUCCESS);
-
- // read the data back
- userData = getUser(userID);
-
- return Response
- .created(userData.getLink().getHref())
- .entity(userData)
- .type(MediaType.APPLICATION_XML)
- .build();
-
- } catch (EUsrGrpException e) {
- log(ILogger.LL_FAILURE, e.toString());
+ userGroupManager.addUser(user);
- if (user.getUserID() == null) {
- throw new BadRequestDataException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED_1", headers, "uid"));
- } else {
- throw new PKIException(e.getMessage(), e);
- }
+ auditAddUser(userID, userData, ILogger.SUCCESS);
- } catch (LDAPException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_ADD_USER_FAIL", e.toString()));
- throw LDAPExceptionConverter.toPKIException(e);
+ // read the data back
+ userData = getUser(userID);
- } catch (Exception e) {
- log(ILogger.LL_FAILURE, e.toString());
- throw new PKIException(e.getMessage(), e);
- }
+ return Response
+ .created(userData.getLink().getHref())
+ .entity(userData)
+ .type(MediaType.APPLICATION_XML)
+ .build();
} catch (PKIException e) {
auditAddUser(userID, userData, ILogger.FAILURE);
@@ -407,7 +385,7 @@ public class UserService extends PKIService implements UserResource {
try {
if (userID == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
- throw new BadRequestDataException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID", headers));
+ throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID", headers));
}
IUser user = userGroupManager.createUser(userID);
@@ -447,29 +425,23 @@ public class UserService extends PKIService implements UserResource {
String csType = cs.getString("cs.type");
if (tpsProfiles != null) {
if (!csType.equals("TPS")) {
- throw new BadRequestDataException("Cannot set tpsProfiles on a non-TPS subsystem");
+ throw new BadRequestException("Cannot set tpsProfiles on a non-TPS subsystem");
}
String[] profiles = tpsProfiles.split(",");
user.setTpsProfiles(Arrays.asList(profiles));
}
- try {
- userGroupManager.modifyUser(user);
-
- auditModifyUser(userID, userData, ILogger.SUCCESS);
+ userGroupManager.modifyUser(user);
- // read the data back
- userData = getUser(userID);
+ auditModifyUser(userID, userData, ILogger.SUCCESS);
- return Response
- .ok(userData)
- .type(MediaType.APPLICATION_XML)
- .build();
+ // read the data back
+ userData = getUser(userID);
- } catch (Exception e) {
- log(ILogger.LL_FAILURE, e.toString());
- throw new PKIException(getUserMessage("CMS_USRGRP_USER_MOD_FAILED", headers));
- }
+ return Response
+ .ok(userData)
+ .type(MediaType.APPLICATION_XML)
+ .build();
} catch (PKIException e) {
auditModifyUser(userID, userData, ILogger.FAILURE);
@@ -509,35 +481,27 @@ public class UserService extends PKIService implements UserResource {
}
// get list of groups, and see if uid belongs to any
- Enumeration<IGroup> groups;
+ Enumeration<IGroup> groups = userGroupManager.findGroups("*");
- try {
- groups = userGroupManager.findGroups("*");
+ while (groups.hasMoreElements()) {
+ IGroup group = groups.nextElement();
+ if (!group.isMember(userID)) continue;
- } catch (Exception e) {
- throw new PKIException(getUserMessage("CMS_INTERNAL_ERROR", headers));
+ userGroupManager.removeUserFromGroup(group, userID);
}
- try {
- while (groups.hasMoreElements()) {
- IGroup group = groups.nextElement();
- if (!group.isMember(userID)) continue;
+ // comes out clean of group membership...now remove user
+ userGroupManager.removeUser(userID);
- userGroupManager.removeUserFromGroup(group, userID);
- }
-
- // comes out clean of group membership...now remove user
- userGroupManager.removeUser(userID);
-
- auditDeleteUser(userID, ILogger.SUCCESS);
-
- } catch (Exception e) {
- throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_FAIL_USER_RMV", headers));
- }
+ auditDeleteUser(userID, ILogger.SUCCESS);
} catch (PKIException e) {
auditDeleteUser(userID, ILogger.FAILURE);
throw e;
+
+ } catch (EBaseException e) {
+ auditDeleteUser(userID, ILogger.FAILURE);
+ throw new PKIException(e.getMessage());
}
}
@@ -864,13 +828,6 @@ public class UserService extends PKIService implements UserResource {
log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_NOT_YET_VALID",
String.valueOf(cert.getSubjectDN())));
throw new BadRequestException(getUserMessage("CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID", headers));
-
- } catch (LDAPException e) {
- if (e.getLDAPResultCode() == LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) {
- throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_USER_CERT_EXISTS", headers));
- } else {
- throw new PKIException(getUserMessage("CMS_USRGRP_USER_MOD_FAILED", headers));
- }
}
} catch (PKIException e) {
diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java b/base/server/cms/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java
index 2cd337123..c4eed9068 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java
@@ -31,7 +31,6 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import netscape.ldap.LDAPException;
import netscape.security.pkcs.PKCS7;
import netscape.security.x509.X509CertImpl;
@@ -40,6 +39,7 @@ import org.mozilla.jss.crypto.InternalCertificate;
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.authorization.IAuthzSubsystem;
+import com.netscape.certsrv.base.ConflictingOperationException;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.ICertPrettyPrint;
import com.netscape.certsrv.base.ISubsystem;
@@ -900,21 +900,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
}
return;
- } catch (LDAPException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_ADD_USER_FAIL", e.toString()));
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
-
- audit(auditMessage);
-
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
- return;
} catch (Exception e) {
log(ILogger.LL_FAILURE, e.toString());
@@ -1251,7 +1237,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID"), null, resp);
return;
- } catch (LDAPException e) {
+ } catch (ConflictingOperationException e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
@@ -1261,14 +1247,10 @@ public class UsrGrpAdminServlet extends AdminServlet {
audit(auditMessage);
- if (e.getLDAPResultCode() == LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_CERT_EXISTS"), null, resp);
- } else {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
- }
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_CERT_EXISTS"), null, resp);
return;
+
} catch (Exception e) {
log(ILogger.LL_FAILURE, e.toString());
diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/EnrollServlet.java b/base/server/cms/src/com/netscape/cms/servlet/cert/EnrollServlet.java
index 16e2ab840..a0b975007 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/cert/EnrollServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/cert/EnrollServlet.java
@@ -1555,15 +1555,8 @@ public class EnrollServlet extends CMSServlet {
IUser adminuser = ug.createUser(userid);
adminuser.setX509Certificates(issuedCerts);
- try {
- ug.addUserCert(adminuser);
- } catch (netscape.ldap.LDAPException e) {
- CMS.debug(
- "EnrollServlet: Cannot add admin's certificate to its entry in the " +
- "user group database. Error " + e);
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_ADDING_ADMIN_CERT_ERROR", e.toString()));
- }
+ ug.addUserCert(adminuser);
+
IGroup agentGroup =
ug.getGroupFromName(CA_AGENT_GROUP);
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
index 1936b2c5a..ede632ee5 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
@@ -29,7 +29,6 @@ import java.util.Set;
import javax.servlet.http.HttpServletResponse;
-import netscape.ldap.LDAPException;
import netscape.security.pkcs.PKCS10;
import netscape.security.x509.CertificateExtensions;
import netscape.security.x509.X500Name;
@@ -45,6 +44,7 @@ import org.mozilla.jss.crypto.PrivateKey;
import org.mozilla.jss.crypto.X509Certificate;
import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.ConflictingOperationException;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.base.MetaInfo;
@@ -281,7 +281,7 @@ public class CertUtil {
* If that entry does not exist, uses basic default
*
* 2. Gets default.params.signingAlg from profile.
- * If entry does not exist or equals "-", selects first algorithm in allowed algorithm list
+ * If entry does not exist or equals "-", selects first algorithm in allowed algorithm list
* that matches CA signing key type
* Otherwise returns entry if it matches signing CA key type.
*
@@ -584,27 +584,25 @@ public class CertUtil {
user.setUserType("agentType");
user.setState("1");
user.setPhone("");
- certs[0] = cert;
- user.setX509Certificates(certs);
system.addUser(user);
CMS.debug("CertUtil addUserCertificate: successfully add the user");
- } catch (LDAPException e) {
+
+ } catch (ConflictingOperationException e) {
CMS.debug("CertUtil addUserCertificate" + e.toString());
- if (e.getLDAPResultCode() != LDAPException.ENTRY_ALREADY_EXISTS) {
- try {
- user = system.getUser(id);
- user.setX509Certificates(certs);
- } catch (Exception ee) {
- CMS.debug("CertUtil addUserCertificate: successfully find the user");
- }
- }
+ // ignore
+
} catch (Exception e) {
CMS.debug("CertUtil addUserCertificate addUser " + e.toString());
}
try {
+ user = system.getUser(id);
+ certs[0] = cert;
+ user.setX509Certificates(certs);
+
system.addUserCert(user);
CMS.debug("CertUtil addUserCertificate: successfully add the user certificate");
+
} catch (Exception e) {
CMS.debug("CertUtil addUserCertificate exception=" + e.toString());
}
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
index bbfb17374..b2634f6c2 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
@@ -137,6 +137,7 @@ import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.authentication.EAuthException;
import com.netscape.certsrv.authentication.IAuthSubsystem;
import com.netscape.certsrv.authorization.IAuthzSubsystem;
+import com.netscape.certsrv.base.ConflictingOperationException;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.EPropertyNotFound;
import com.netscape.certsrv.base.IConfigStore;
@@ -3121,7 +3122,7 @@ public class ConfigurationUtils {
}
public static void createAdmin(String uid, String email, String name, String pwd) throws IOException,
- EBaseException {
+ EBaseException, LDAPException {
IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
IConfigStore config = CMS.getConfigStore();
String groupNames = config.getString("preop.admin.group", "Certificate Manager Agents,Administrators");
@@ -3137,14 +3138,10 @@ public class ConfigurationUtils {
user.setState("1");
user.setPhone("");
system.addUser(user);
- } catch (LDAPException e) {
- CMS.debug("AdminPanel createAdmin: addUser " + e.toString());
- if (e.getLDAPResultCode() != LDAPException.ENTRY_ALREADY_EXISTS) {
- throw new IOException(e.toString());
- }
- } catch (Exception e) {
+
+ } catch (ConflictingOperationException e) {
CMS.debug("AdminPanel createAdmin: addUser " + e.toString());
- throw new IOException(e.toString());
+ // ignore
}
IGroup group = null;
@@ -3529,10 +3526,8 @@ public class ConfigurationUtils {
user.setX509Certificates(certs);
try {
system.addUser(user);
- } catch (LDAPException e) {
- if (e.getLDAPResultCode() != LDAPException.ENTRY_ALREADY_EXISTS) {
- throw e;
- }
+ } catch (ConflictingOperationException e) {
+ // ignore if
}
CMS.debug("DonePanel display: successfully add the user");
system.addUserCert(user);
@@ -3777,7 +3772,7 @@ public class ConfigurationUtils {
removeOldDBUsers(certs[0].getSubjectDN().toString());
}
- public static void addProfilesToTPSUser(String adminID) throws EUsrGrpException {
+ public static void addProfilesToTPSUser(String adminID) throws EUsrGrpException, LDAPException {
CMS.debug("Adding all profiles to TPS admin user");
IUGSubsystem system = (IUGSubsystem) CMS.getSubsystem(IUGSubsystem.ID);
IUser user = system.getUser(adminID);
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java
index 7019d1492..98614ac61 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java
@@ -27,12 +27,12 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import netscape.ldap.LDAPException;
import netscape.security.x509.X509CertImpl;
import org.apache.velocity.context.Context;
import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.ConflictingOperationException;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.base.ISubsystem;
@@ -291,13 +291,12 @@ public class ImportAdminCertPanel extends WizardPanelBase {
IUser user = ug.getUser(uid);
user.setX509Certificates(certs);
ug.addUserCert(user);
- } catch (LDAPException e) {
+
+ } catch (ConflictingOperationException e) {
CMS.debug("ImportAdminCertPanel update: failed to add certificate to the internal database. Exception: "
+ e.toString());
- if (e.getLDAPResultCode() != LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) {
- context.put("updateStatus", "failure");
- throw new IOException(e.toString());
- }
+ // ignore
+
} catch (Exception e) {
CMS.debug(
"ImportAdminCertPanel update: failed to add certificate. Exception: "
generated by cgit (git 2.34.1) at 2024-06-29 00:48:24 +0000