summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java2683
1 files changed, 2683 insertions, 0 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java
new file mode 100644
index 000000000..8306bc77e
--- /dev/null
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java
@@ -0,0 +1,2683 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.cms.servlet.admin;
+
+
+import java.io.*;
+import java.util.*;
+import java.net.*;
+import java.util.*;
+import java.text.*;
+import java.math.*;
+import java.security.*;
+import javax.servlet.*;
+import javax.servlet.http.*;
+import com.netscape.certsrv.common.*;
+import com.netscape.certsrv.apps.*;
+import com.netscape.certsrv.base.*;
+import com.netscape.certsrv.logging.*;
+import com.netscape.certsrv.policy.*;
+import com.netscape.certsrv.profile.*;
+import com.netscape.certsrv.registry.*;
+import com.netscape.certsrv.property.*;
+import com.netscape.certsrv.authority.IAuthority;
+import com.netscape.certsrv.ca.ICertificateAuthority;
+import com.netscape.certsrv.ra.IRegistrationAuthority;
+import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
+
+
+/**
+ * This class is an administration servlet for policy management.
+ *
+ * Each service (CA, KRA, RA) should be responsible
+ * for registering an instance of this with the remote
+ * administration subsystem.
+ *
+ * @version $Revision$, $Date$
+ */
+public class ProfileAdminServlet extends AdminServlet {
+ public final static String PROP_AUTHORITY = "authority";
+
+ private final static String INFO = "ProfileAdminServlet";
+ private final static String PW_PASSWORD_CACHE_ADD =
+ "PASSWORD_CACHE_ADD";
+
+ public final static String PROP_PREDICATE = "predicate";
+ private IAuthority mAuthority = null;
+ private IPluginRegistry mRegistry = null;
+ private IProfileSubsystem mProfileSub = null;
+
+ // These will be moved to PolicyResources
+ public static String INVALID_POLICY_SCOPE = "Invalid policy administration scope";
+ public static String INVALID_POLICY_IMPL_OP = "Invalid operation for policy implementation management";
+ public static String NYI = "Not Yet Implemented";
+ public static String INVALID_POLICY_IMPL_CONFIG = "Invalid policy implementation configuration";
+ public static String INVALID_POLICY_INSTANCE_CONFIG = "Invalid policy instance configuration";
+ public static String MISSING_POLICY_IMPL_ID = "Missing policy impl id in request";
+ public static String MISSING_POLICY_IMPL_CLASS = "Missing policy impl class in request";
+ public static String INVALID_POLICY_IMPL_ID = "Invalid policy impl id in request";
+ public static String MISSING_POLICY_INST_ID = "Missing policy id in request";
+ public static String POLICY_INST_ID_ALREADY_USED = "policy id already used";
+ public static String INVALID_POLICY_INST_ID = "Invalid policy id in request";
+ public static String COMMA = ",";
+ public static String MISSING_POLICY_ORDERING = "Missing policy ordering";
+ public static String BAD_CONFIGURATION_VAL = "Invalid configuration value.";
+
+ private final static String LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE =
+ "LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE_3";
+
+ /**
+ * Constructs administration servlet.
+ */
+ public ProfileAdminServlet() {
+ super();
+ }
+
+ /**
+ * Initializes this servlet.
+ */
+ public void init(ServletConfig config) throws ServletException {
+ super.init(config);
+ String authority = config.getInitParameter(PROP_AUTHORITY);
+
+ if (authority != null)
+ mAuthority = (IAuthority) CMS.getSubsystem(authority);
+ mRegistry = (IPluginRegistry) CMS.getSubsystem(CMS.SUBSYSTEM_REGISTRY);
+ mProfileSub = (IProfileSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_PROFILE);
+ }
+
+ /**
+ * Returns serlvet information.
+ */
+ public String getServletInfo() {
+ return INFO;
+ }
+
+ private void addDefaultParams(Object ext_info, NameValuePairs nvps) {
+
+ /* make sure policy rules have 'enable' and 'predicate' */
+
+ if (ext_info instanceof IPolicyRule) {
+ if (nvps.getPair(IPolicyRule.PROP_ENABLE) == null) {
+ nvps.add(IPolicyRule.PROP_ENABLE, "boolean;Enable this policy rule");
+ }
+ if (nvps.getPair(PROP_PREDICATE) == null) {
+ nvps.add(PROP_PREDICATE, "string;Rules describing when this policy should run.");
+ }
+ }
+ }
+
+ /**
+ * Serves HTTP admin request.
+ */
+ public void service(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+ super.service(req, resp);
+
+ super.authenticate(req);
+
+ AUTHZ_RES_NAME = "certServer.profile.configuration";
+ String scope = req.getParameter(Constants.OP_SCOPE);
+
+ CMS.debug("ProfileAdminServlet: service scope: " + scope);
+ if (scope.equals(ScopeDef.SC_PROFILE_RULES)) {
+ processProfileRuleMgmt(req, resp);
+ } else if (scope.equals(ScopeDef.SC_PROFILE_POLICIES)) {
+ processProfilePolicy(req, resp);
+ } else if (scope.equals(ScopeDef.SC_PROFILE_DEFAULT_POLICY)) {
+ processPolicyDefaultConfig(req, resp);
+ } else if (scope.equals(ScopeDef.SC_PROFILE_CONSTRAINT_POLICY)) {
+ processPolicyConstraintConfig(req, resp);
+ } else if (scope.equals(ScopeDef.SC_POLICY_IMPLS)) {
+ processPolicyImplMgmt(req, resp);
+ } else if (scope.equals(ScopeDef.SC_PROFILE_INPUT)) {
+ processProfileInput(req, resp);
+ } else if (scope.equals(ScopeDef.SC_PROFILE_OUTPUT)) {
+ processProfileOutput(req, resp);
+ } else if (scope.equals(ScopeDef.SC_PROFILE_INPUT_CONFIG)) {
+ processProfileInputConfig(req, resp);
+ } else if (scope.equals(ScopeDef.SC_PROFILE_OUTPUT_CONFIG)) {
+ processProfileOutputConfig(req, resp);
+ } else
+ sendResponse(ERROR, INVALID_POLICY_SCOPE, null, resp);
+ }
+
+ private boolean readAuthorize(HttpServletRequest req,
+ HttpServletResponse resp) throws IOException {
+ mOp = "read";
+ if ((mToken = super.authorize(req)) == null) {
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
+ return false;
+ }
+ return true;
+ }
+
+ private boolean modifyAuthorize(HttpServletRequest req,
+ HttpServletResponse resp) throws IOException {
+ mOp = "modify";
+ if ((mToken = super.authorize(req)) == null) {
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
+ return false;
+ }
+ return true;
+ }
+
+ public void processProfilePolicy(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+ // Get operation type
+ String op = req.getParameter(Constants.OP_TYPE);
+
+ if (op.equals(OpDef.OP_READ)) {
+ if (!readAuthorize(req, resp))
+ return;
+ getProfilePolicy(req, resp);
+ } else if (op.equals(OpDef.OP_ADD)) {
+ if (!modifyAuthorize(req, resp))
+ return;
+ addProfilePolicy(req, resp);
+ } else if (op.equals(OpDef.OP_DELETE)) {
+ if (!modifyAuthorize(req, resp))
+ return;
+ deleteProfilePolicy(req, resp);
+ }
+ }
+
+ public void processProfileInput(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+ // Get operation type
+ String op = req.getParameter(Constants.OP_TYPE);
+ String scope = super.getParameter(req, Constants.OP_SCOPE);
+
+ if (op.equals(OpDef.OP_READ)) {
+ if (!readAuthorize(req, resp))
+ return;
+ getProfileInput(req, resp);
+ } else if (op.equals(OpDef.OP_ADD)) {
+ if (!modifyAuthorize(req, resp))
+ return;
+ addProfileInput(req, resp);
+ } else if (op.equals(OpDef.OP_DELETE)) {
+ if (!modifyAuthorize(req, resp))
+ return;
+ deleteProfileInput(req, resp);
+ }
+ }
+
+ public void processProfileOutput(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+ // Get operation type
+ String op = req.getParameter(Constants.OP_TYPE);
+ String scope = super.getParameter(req, Constants.OP_SCOPE);
+
+ if (op.equals(OpDef.OP_READ)) {
+ if (!readAuthorize(req, resp))
+ return;
+ getProfileOutput(req, resp);
+ } else if (op.equals(OpDef.OP_ADD)) {
+ if (!modifyAuthorize(req, resp))
+ return;
+ addProfileOutput(req, resp);
+ } else if (op.equals(OpDef.OP_DELETE)) {
+ if (!modifyAuthorize(req, resp))
+ return;
+ deleteProfileOutput(req, resp);
+ }
+ }
+
+ public void processProfileInputConfig(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+ // Get operation type
+ String op = req.getParameter(Constants.OP_TYPE);
+
+ if (op.equals(OpDef.OP_READ)) {
+ if (!readAuthorize(req, resp))
+ return;
+ getInputConfig(req, resp);
+ } else if (op.equals(OpDef.OP_MODIFY)) {
+ if (!modifyAuthorize(req, resp))
+ return;
+ modifyInputConfig(req, resp);
+ }
+ }
+
+ public void processProfileOutputConfig(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+ // Get operation type
+ String op = req.getParameter(Constants.OP_TYPE);
+
+ if (op.equals(OpDef.OP_READ)) {
+ if (!readAuthorize(req, resp))
+ return;
+ getOutputConfig(req, resp);
+ } else if (op.equals(OpDef.OP_MODIFY)) {
+ if (!modifyAuthorize(req, resp))
+ return;
+ modifyOutputConfig(req, resp);
+ }
+ }
+
+ public void processPolicyDefaultConfig(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+ // Get operation type
+ String op = req.getParameter(Constants.OP_TYPE);
+
+ if (op.equals(OpDef.OP_READ)) {
+ if (!readAuthorize(req, resp))
+ return;
+ getPolicyDefaultConfig(req, resp);
+ } else if (op.equals(OpDef.OP_ADD)) {
+ if (!modifyAuthorize(req, resp))
+ return;
+ addPolicyDefaultConfig(req, resp);
+ } else if (op.equals(OpDef.OP_MODIFY)) {
+ if (!modifyAuthorize(req, resp))
+ return;
+ modifyPolicyDefaultConfig(req, resp);
+ }
+ }
+
+ public void processPolicyConstraintConfig(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+ // Get operation type
+ String op = req.getParameter(Constants.OP_TYPE);
+
+ CMS.debug("ProfileAdminServlet: processPolicyConstraintConfig op " + op);
+ if (op.equals(OpDef.OP_READ)) {
+ if (!readAuthorize(req, resp))
+ return;
+ getPolicyConstraintConfig(req, resp);
+ } else if (op.equals(OpDef.OP_ADD)) {
+ if (!modifyAuthorize(req, resp))
+ return;
+ addPolicyConstraintConfig(req, resp);
+ } else if (op.equals(OpDef.OP_MODIFY)) {
+ if (!modifyAuthorize(req, resp))
+ return;
+ modifyPolicyConstraintConfig(req, resp);
+ }
+ }
+
+ /**
+ * Process Policy Implementation Management.
+ */
+ public void processPolicyImplMgmt(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+ // Get operation type
+ String op = req.getParameter(Constants.OP_TYPE);
+
+ if (op.equals(OpDef.OP_SEARCH)) {
+ if (!readAuthorize(req, resp))
+ return;
+ listProfileImpls(req, resp);
+ } else
+ sendResponse(ERROR, INVALID_POLICY_IMPL_OP,
+ null, resp);
+ }
+
+ public void processProfileRuleMgmt(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+ // Get operation type
+ String op = req.getParameter(Constants.OP_TYPE);
+
+ if (op.equals(OpDef.OP_SEARCH)) {
+ if (!readAuthorize(req, resp))
+ return;
+ listProfileInstances(req, resp);
+ } else if (op.equals(OpDef.OP_DELETE)) {
+ if (!modifyAuthorize(req, resp))
+ return;
+ deleteProfileInstance(req, resp);
+ } else if (op.equals(OpDef.OP_READ)) {
+ if (!readAuthorize(req, resp))
+ return;
+ getProfileInstanceConfig(req, resp);
+ } else if (op.equals(OpDef.OP_ADD)) {
+ if (!modifyAuthorize(req, resp))
+ return;
+ addProfileInstance(req, resp);
+ } else if (op.equals(OpDef.OP_MODIFY)) {
+ if (!modifyAuthorize(req, resp))
+ return;
+ modifyProfileInstance(req, resp);
+ } else
+ sendResponse(ERROR, INVALID_POLICY_IMPL_OP,
+ null, resp);
+ }
+
+ /**
+ * Lists all registered profile impementations
+ */
+ public void listProfileImpls(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Enumeration impls = mRegistry.getIds("profile");
+ NameValuePairs nvp = new NameValuePairs();
+
+ while (impls.hasMoreElements()) {
+ String id = (String) impls.nextElement();
+ IPluginInfo info = mRegistry.getPluginInfo("profile", id);
+
+ nvp.add(id, info.getClassName() + "," +
+ info.getDescription(getLocale(req)));
+ }
+ sendResponse(SUCCESS, null, nvp, resp);
+ }
+
+ /**
+ * Add policy profile
+ * <P>
+ *
+ * <ul>
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
+ * configuring cert profile (general settings and cert profile; obsoletes
+ * extensions and constraints policies)
+ * </ul>
+ * @param req HTTP servlet request
+ * @param resp HTTP servlet response
+ * @exception ServletException a servlet error has occurred
+ * @exception IOException an input/output error has occurred
+ */
+ public void addProfilePolicy(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+ String auditMessage = null;
+ String auditSubjectID = auditSubjectID();
+
+ CMS.debug("ProfileAdminServlet: in addProfilePolicy");
+ // ensure that any low-level exceptions are reported
+ // to the signed audit log and stored as failures
+ try {
+ String id = req.getParameter(Constants.RS_ID);
+
+ StringTokenizer st = new StringTokenizer(id, ";");
+ String profileId = st.nextToken();
+ String policyId = st.nextToken();
+ String defImpl = st.nextToken();
+ String conImpl = st.nextToken();
+
+ IProfile profile = null;
+
+ try {
+ profile = mProfileSub.getProfile(profileId);
+ } catch (EBaseException e1) {
+ // error
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, null, null, resp);
+ return;
+ }
+
+ if (mProfileSub.isProfileEnable(profileId)) {
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req),
+ "CMS_PROFILE_CREATE_POLICY_FAILED",
+ "Profile is currently enabled"),
+ null, resp);
+ return;
+ }
+
+ StringTokenizer ss = new StringTokenizer(policyId, ":");
+ String setId = ss.nextToken();
+ String pId = ss.nextToken();
+
+ IProfilePolicy policy = null;
+
+ try {
+ if (!isValidId(setId)) {
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req),
+ "CMS_PROFILE_CREATE_POLICY_FAILED",
+ "Invalid set id " + setId),
+ null, resp);
+ return;
+ }
+ if (!isValidId(pId)) {
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req),
+ "CMS_PROFILE_CREATE_POLICY_FAILED",
+ "Invalid policy id " + pId),
+ null, resp);
+ return;
+ }
+ policy = profile.createProfilePolicy(setId, pId,
+ defImpl, conImpl);
+ } catch (EBaseException e1) {
+ // error
+ CMS.debug("ProfileAdminServlet: addProfilePolicy " +
+ e1.toString());
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_POLICY_FAILED",
+ e1.toString()),
+ null, resp);
+ return;
+ }
+ NameValuePairs nvp = new NameValuePairs();
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(SUCCESS, null, nvp, resp);
+ } catch (IOException eAudit1) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ // rethrow the specific exception to be handled later
+ throw eAudit1;
+ // } catch( ServletException eAudit2 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
+ }
+ }
+
+ /**
+ * Add profile input
+ * <P>
+ *
+ * <ul>
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
+ * configuring cert profile (general settings and cert profile; obsoletes
+ * extensions and constraints policies)
+ * </ul>
+ * @param req HTTP servlet request
+ * @param resp HTTP servlet response
+ * @exception ServletException a servlet error has occurred
+ * @exception IOException an input/output error has occurred
+ */
+ public void addProfileInput(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+ String auditMessage = null;
+ String auditSubjectID = auditSubjectID();
+
+ // ensure that any low-level exceptions are reported
+ // to the signed audit log and stored as failures
+ try {
+ String id = req.getParameter(Constants.RS_ID);
+
+ StringTokenizer st = new StringTokenizer(id, ";");
+ String profileId = st.nextToken();
+ String inputId = st.nextToken();
+ String inputImpl = st.nextToken();
+
+ IProfile profile = null;
+
+ try {
+ profile = mProfileSub.getProfile(profileId);
+ } catch (EBaseException e1) {
+ // error
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, null, null, resp);
+ return;
+ }
+
+ IProfileInput input = null;
+ Enumeration names = req.getParameterNames();
+ NameValuePairs nvps = new NameValuePairs();
+
+ while (names.hasMoreElements()) {
+ String name = (String) names.nextElement();
+
+ if (name.equals("OP_SCOPE"))
+ continue;
+ if (name.equals("OP_TYPE"))
+ continue;
+ if (name.equals("RS_ID"))
+ continue;
+ nvps.add(name, req.getParameter(name));
+ }
+
+ try {
+ input = profile.createProfileInput(inputId, inputImpl, nvps);
+ } catch (EBaseException e1) {
+ // error
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_INPUT_FAILED",
+ e1.toString()),
+ null, resp);
+
+ return;
+ }
+
+ NameValuePairs nvp = new NameValuePairs();
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(SUCCESS, null, nvp, resp);
+ } catch (IOException eAudit1) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ // rethrow the specific exception to be handled later
+ throw eAudit1;
+ // } catch( ServletException eAudit2 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
+ }
+ }
+
+ /**
+ * Add profile output
+ * <P>
+ *
+ * <ul>
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
+ * configuring cert profile (general settings and cert profile; obsoletes
+ * extensions and constraints policies)
+ * </ul>
+ * @param req HTTP servlet request
+ * @param resp HTTP servlet response
+ * @exception ServletException a servlet error has occurred
+ * @exception IOException an input/output error has occurred
+ */
+ public void addProfileOutput(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+ String auditMessage = null;
+ String auditSubjectID = auditSubjectID();
+
+ // ensure that any low-level exceptions are reported
+ // to the signed audit log and stored as failures
+ try {
+ String id = req.getParameter(Constants.RS_ID);
+
+ StringTokenizer st = new StringTokenizer(id, ";");
+ String profileId = st.nextToken();
+ String outputId = st.nextToken();
+ String outputImpl = st.nextToken();
+
+ IProfile profile = null;
+
+ try {
+ profile = mProfileSub.getProfile(profileId);
+ } catch (EBaseException e1) {
+ // error
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, null, null, resp);
+ return;
+ }
+
+ IProfileOutput output = null;
+ Enumeration names = req.getParameterNames();
+ NameValuePairs nvps = new NameValuePairs();
+
+ while (names.hasMoreElements()) {
+ String name = (String) names.nextElement();
+
+ if (name.equals("OP_SCOPE"))
+ continue;
+ if (name.equals("OP_TYPE"))
+ continue;
+ if (name.equals("RS_ID"))
+ continue;
+ nvps.add(name, req.getParameter(name));
+ }
+
+ try {
+ output = profile.createProfileOutput(outputId, outputImpl,
+ nvps);
+ } catch (EBaseException e1) {
+ // error
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_OUTPUT_FAILED",
+ e1.toString()),
+ null, resp);
+
+ return;
+ }
+
+ NameValuePairs nvp = new NameValuePairs();
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(SUCCESS, null, nvp, resp);
+ } catch (IOException eAudit1) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ // rethrow the specific exception to be handled later
+ throw eAudit1;
+ // } catch( ServletException eAudit2 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
+ }
+ }
+
+ /**
+ * Delete policy profile
+ * <P>
+ *
+ * <ul>
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
+ * configuring cert profile (general settings and cert profile; obsoletes
+ * extensions and constraints policies)
+ * </ul>
+ * @param req HTTP servlet request
+ * @param resp HTTP servlet response
+ * @exception ServletException a servlet error has occurred
+ * @exception IOException an input/output error has occurred
+ */
+ public void deleteProfilePolicy(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+ String auditMessage = null;
+ String auditSubjectID = auditSubjectID();
+
+ // ensure that any low-level exceptions are reported
+ // to the signed audit log and stored as failures
+ try {
+ String profileId = "";
+ String policyId = "";
+ Enumeration names = req.getParameterNames();
+
+ while (names.hasMoreElements()) {
+ String name = (String) names.nextElement();
+
+ if (name.equals("OP_SCOPE"))
+ continue;
+ if (name.equals("OP_TYPE"))
+ continue;
+ if (name.equals("RS_ID"))
+ profileId = req.getParameter(name);
+ if (name.equals("POLICYID"))
+ policyId = req.getParameter(name);
+ }
+ IProfile profile = null;
+
+ try {
+ profile = mProfileSub.getProfile(profileId);
+ } catch (EBaseException e1) {
+ // error
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, null, null, resp);
+ return;
+ }
+
+ StringTokenizer ss = new StringTokenizer(policyId, ":");
+ String setId = ss.nextToken();
+ String pId = ss.nextToken();
+
+ try {
+ profile.deleteProfilePolicy(setId, pId);
+ } catch (EBaseException e1) {
+ CMS.debug("ProfileAdminServlet: " + e1.toString());
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, null, null, resp);
+ return;
+ }
+
+ NameValuePairs nvp = new NameValuePairs();
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(SUCCESS, null, nvp, resp);
+ } catch (IOException eAudit1) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ // rethrow the specific exception to be handled later
+ throw eAudit1;
+ // } catch( ServletException eAudit2 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
+ }
+ }
+
+ /**
+ * Delete profile input
+ * <P>
+ *
+ * <ul>
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
+ * configuring cert profile (general settings and cert profile; obsoletes
+ * extensions and constraints policies)
+ * </ul>
+ * @param req HTTP servlet request
+ * @param resp HTTP servlet response
+ * @exception ServletException a servlet error has occurred
+ * @exception IOException an input/output error has occurred
+ */
+ public void deleteProfileInput(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+ String auditMessage = null;
+ String auditSubjectID = auditSubjectID();
+
+ // ensure that any low-level exceptions are reported
+ // to the signed audit log and stored as failures
+ try {
+ String profileId = "";
+ String inputId = "";
+ Enumeration names = req.getParameterNames();
+
+ while (names.hasMoreElements()) {
+ String name = (String) names.nextElement();
+
+ if (name.equals("OP_SCOPE"))
+ continue;
+ if (name.equals("OP_TYPE"))
+ continue;
+ if (name.equals("RS_ID"))
+ profileId = req.getParameter(name);
+ if (name.equals("INPUTID"))
+ inputId = req.getParameter(name);
+ }
+ CMS.debug("ProfileAdminServlet: deleteProfileInput profileId -> " + profileId);
+ CMS.debug("ProfileAdminServlet: deleteProfileInput inputId -> " + inputId);
+ IProfile profile = null;
+
+ try {
+ profile = mProfileSub.getProfile(profileId);
+ } catch (EBaseException e1) {
+ // error
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, null, null, resp);
+ return;
+ }
+
+ CMS.debug("deleteProfileInput profile -> " + profile);
+ try {
+ profile.deleteProfileInput(inputId);
+ } catch (EBaseException e1) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, null, null, resp);
+ return;
+ }
+
+ NameValuePairs nvp = new NameValuePairs();
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(SUCCESS, null, nvp, resp);
+ } catch (IOException eAudit1) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ // rethrow the specific exception to be handled later
+ throw eAudit1;
+ // } catch( ServletException eAudit2 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
+ }
+ }
+
+ /**
+ * Delete profile output
+ * <P>
+ *
+ * <ul>
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
+ * configuring cert profile (general settings and cert profile; obsoletes
+ * extensions and constraints policies)
+ * </ul>
+ * @param req HTTP servlet request
+ * @param resp HTTP servlet response
+ * @exception ServletException a servlet error has occurred
+ * @exception IOException an input/output error has occurred
+ */
+ public void deleteProfileOutput(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+ String auditMessage = null;
+ String auditSubjectID = auditSubjectID();
+
+ // ensure that any low-level exceptions are reported
+ // to the signed audit log and stored as failures
+ try {
+ String profileId = "";
+ String outputId = "";
+ Enumeration names = req.getParameterNames();
+
+ while (names.hasMoreElements()) {
+ String name = (String) names.nextElement();
+
+ if (name.equals("OP_SCOPE"))
+ continue;
+ if (name.equals("OP_TYPE"))
+ continue;
+ if (name.equals("RS_ID"))
+ profileId = req.getParameter(name);
+ if (name.equals("OUTPUTID"))
+ outputId = req.getParameter(name);
+ }
+ CMS.debug("ProfileAdminServlet: deleteProfileOutput profileId -> " + profileId);
+ CMS.debug("ProfileAdminServlet: deleteProfileOutput outputId -> " + outputId);
+ IProfile profile = null;
+
+ try {
+ profile = mProfileSub.getProfile(profileId);
+ } catch (EBaseException e1) {
+ // error
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, null, null, resp);
+ return;
+ }
+
+ CMS.debug("ProfileAdminServlet: deleteProfileOutput profile -> " + profile);
+ try {
+ profile.deleteProfileOutput(outputId);
+ } catch (EBaseException e1) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, null, null, resp);
+ return;
+ }
+
+ NameValuePairs nvp = new NameValuePairs();
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(SUCCESS, null, nvp, resp);
+ } catch (IOException eAudit1) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ // rethrow the specific exception to be handled later
+ throw eAudit1;
+ // } catch( ServletException eAudit2 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
+ }
+ }
+
+ /**
+ * Add default policy profile configuration
+ * <P>
+ *
+ * <ul>
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
+ * configuring cert profile (general settings and cert profile; obsoletes
+ * extensions and constraints policies)
+ * </ul>
+ * @param req HTTP servlet request
+ * @param resp HTTP servlet response
+ * @exception ServletException a servlet error has occurred
+ * @exception IOException an input/output error has occurred
+ */
+ public void addPolicyDefaultConfig(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+ String auditMessage = null;
+ String auditSubjectID = auditSubjectID();
+
+ // ensure that any low-level exceptions are reported
+ // to the signed audit log and stored as failures
+ try {
+ String id = req.getParameter(Constants.RS_ID);
+
+ StringTokenizer st = new StringTokenizer(id, ";");
+ String profileId = st.nextToken();
+ String policyId = st.nextToken();
+
+ IProfile profile = null;
+
+ try {
+ profile = mProfileSub.getProfile(profileId);
+ } catch (EBaseException e1) {
+ // error
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, null, null, resp);
+ return;
+ }
+
+ StringTokenizer ss = new StringTokenizer(policyId, ":");
+ String setId = ss.nextToken();
+ String pId = ss.nextToken();
+
+ IProfilePolicy policy = profile.getProfilePolicy(setId, pId);
+ IPolicyDefault def = policy.getDefault();
+ IConfigStore defConfig = def.getConfigStore();
+
+ Enumeration names = req.getParameterNames();
+
+ while (names.hasMoreElements()) {
+ String name = (String) names.nextElement();
+
+ if (name.equals("OP_SCOPE"))
+ continue;
+ if (name.equals("OP_TYPE"))
+ continue;
+ if (name.equals("RS_ID"))
+ continue;
+ try {
+ def.setConfig(name,req.getParameter(name));
+
+ } catch (EPropertyException e) {
+
+ CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception.");
+ try {
+ profile.deleteProfilePolicy(setId, pId);
+ } catch (Exception e11) {}
+ sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp);
+ return;
+ }
+ // defConfig.putString("params." + name, req.getParameter(name));
+ }
+ try {
+ profile.getConfigStore().commit(false);
+ } catch (Exception e) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, null, null, resp);
+ return;
+ }
+ NameValuePairs nvp = new NameValuePairs();
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(SUCCESS, null, nvp, resp);
+ } catch (IOException eAudit1) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ // rethrow the specific exception to be handled later
+ throw eAudit1;
+ // } catch( ServletException eAudit2 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
+ }
+ }
+
+ /**
+ * Add policy constraints profile configuration
+ * <P>
+ *
+ * <ul>
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
+ * configuring cert profile (general settings and cert profile; obsoletes
+ * extensions and constraints policies)
+ * </ul>
+ * @param req HTTP servlet request
+ * @param resp HTTP servlet response
+ * @exception ServletException a servlet error has occurred
+ * @exception IOException an input/output error has occurred
+ */
+ public void addPolicyConstraintConfig(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+ String auditMessage = null;
+ String auditSubjectID = auditSubjectID();
+
+ // ensure that any low-level exceptions are reported
+ // to the signed audit log and stored as failures
+ try {
+ String id = req.getParameter(Constants.RS_ID);
+
+ StringTokenizer st = new StringTokenizer(id, ";");
+ String profileId = st.nextToken();
+ String policyId = st.nextToken();
+
+ IProfile profile = null;
+
+ try {
+ profile = mProfileSub.getProfile(profileId);
+ } catch (EBaseException e1) {
+ // error
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, null, null, resp);
+ return;
+ }
+
+ StringTokenizer ss = new StringTokenizer(policyId, ":");
+ String setId = ss.nextToken();
+ String pId = ss.nextToken();
+
+ IProfilePolicy policy = profile.getProfilePolicy(setId, pId);
+ IPolicyConstraint con = policy.getConstraint();
+ IConfigStore conConfig = con.getConfigStore();
+
+ Enumeration names = req.getParameterNames();
+
+ while (names.hasMoreElements()) {
+ String name = (String) names.nextElement();
+
+ if (name.equals("OP_SCOPE"))
+ continue;
+ if (name.equals("OP_TYPE"))
+ continue;
+ if (name.equals("RS_ID"))
+ continue;
+
+ try {
+ con.setConfig(name,req.getParameter(name));
+
+ } catch (EPropertyException e) {
+
+ CMS.debug("ProfileAdminServlet: addPolicyConstraintsConfig setConfig exception.");
+ try {
+ profile.deleteProfilePolicy(setId, pId);
+ } catch (Exception e11) {}
+ sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp);
+ return;
+ }
+ // conConfig.putString("params." + name, req.getParameter(name));
+ }
+ try {
+ profile.getConfigStore().commit(false);
+ } catch (Exception e) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, null, null, resp);
+ return;
+ }
+
+ NameValuePairs nvp = new NameValuePairs();
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(SUCCESS, null, nvp, resp);
+ } catch (IOException eAudit1) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ // rethrow the specific exception to be handled later
+ throw eAudit1;
+ // } catch( ServletException eAudit2 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
+ }
+ }
+
+ /**
+ * Modify default policy profile configuration
+ * <P>
+ *
+ * <ul>
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
+ * configuring cert profile (general settings and cert profile; obsoletes
+ * extensions and constraints policies)
+ * </ul>
+ * @param req HTTP servlet request
+ * @param resp HTTP servlet response
+ * @exception ServletException a servlet error has occurred
+ * @exception IOException an input/output error has occurred
+ */
+ public void modifyPolicyDefaultConfig(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+ String auditMessage = null;
+ String auditSubjectID = auditSubjectID();
+
+ // ensure that any low-level exceptions are reported
+ // to the signed audit log and stored as failures
+ try {
+ String id = req.getParameter(Constants.RS_ID);
+
+ StringTokenizer st = new StringTokenizer(id, ";");
+ String profileId = st.nextToken();
+ String policyId = st.nextToken();
+
+ IProfile profile = null;
+
+ try {
+ profile = mProfileSub.getProfile(profileId);
+ } catch (EBaseException e1) {
+ // error
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, null, null, resp);
+ return;
+ }
+
+ StringTokenizer ss = new StringTokenizer(policyId, ":");
+ String setId = ss.nextToken();
+ String pId = ss.nextToken();
+ IProfilePolicy policy = profile.getProfilePolicy(setId, pId);
+ IPolicyDefault def = policy.getDefault();
+ IConfigStore defConfig = def.getConfigStore();
+
+ Enumeration names = req.getParameterNames();
+
+ while (names.hasMoreElements()) {
+ String name = (String) names.nextElement();
+
+ if (name.equals("OP_SCOPE"))
+ continue;
+ if (name.equals("OP_TYPE"))
+ continue;
+ if (name.equals("RS_ID"))
+ continue;
+ try {
+ def.setConfig(name,req.getParameter(name));
+
+ } catch (EPropertyException e) {
+
+ CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception.");
+ sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp);
+ return;
+ }
+ // defConfig.putString("params." + name, req.getParameter(name));
+ }
+ try {
+ profile.getConfigStore().commit(false);
+ } catch (Exception e) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, null, null, resp);
+ return;
+ }
+ NameValuePairs nvp = new NameValuePairs();
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(SUCCESS, null, nvp, resp);
+ } catch (IOException eAudit1) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ // rethrow the specific exception to be handled later
+ throw eAudit1;
+ // } catch( ServletException eAudit2 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
+ }
+ }
+
+ /**
+ * Modify profile input configuration
+ * <P>
+ *
+ * <ul>
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
+ * configuring cert profile (general settings and cert profile; obsoletes
+ * extensions and constraints policies)
+ * </ul>
+ * @param req HTTP servlet request
+ * @param resp HTTP servlet response
+ * @exception ServletException a servlet error has occurred
+ * @exception IOException an input/output error has occurred
+ */
+ public void modifyInputConfig(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+ String auditMessage = null;
+ String auditSubjectID = auditSubjectID();
+
+ // ensure that any low-level exceptions are reported
+ // to the signed audit log and stored as failures
+ try {
+ String id = req.getParameter(Constants.RS_ID);
+
+ StringTokenizer st = new StringTokenizer(id, ";");
+ String profileId = st.nextToken();
+ String inputId = st.nextToken();
+
+ IProfile profile = null;
+
+ try {
+ profile = mProfileSub.getProfile(profileId);
+ } catch (EBaseException e1) {
+ // error
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, null, null, resp);
+ return;
+ }
+
+ IProfileInput input = profile.getProfileInput(inputId);
+ IConfigStore inputConfig = input.getConfigStore();
+
+ Enumeration names = req.getParameterNames();
+
+ while (names.hasMoreElements()) {
+ String name = (String) names.nextElement();
+
+ if (name.equals("OP_SCOPE"))
+ continue;
+ if (name.equals("OP_TYPE"))
+ continue;
+ if (name.equals("RS_ID"))
+ continue;
+ inputConfig.putString("params." + name, req.getParameter(name));
+ }
+ try {
+ profile.getConfigStore().commit(false);
+ } catch (Exception e) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, null, null, resp);
+ return;
+ }
+ NameValuePairs nvp = new NameValuePairs();
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(SUCCESS, null, nvp, resp);
+ } catch (IOException eAudit1) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ // rethrow the specific exception to be handled later
+ throw eAudit1;
+ // } catch( ServletException eAudit2 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
+ }
+ }
+
+ /**
+ * Modify profile output configuration
+ * <P>
+ *
+ * <ul>
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
+ * configuring cert profile (general settings and cert profile; obsoletes
+ * extensions and constraints policies)
+ * </ul>
+ * @param req HTTP servlet request
+ * @param resp HTTP servlet response
+ * @exception ServletException a servlet error has occurred
+ * @exception IOException an input/output error has occurred
+ */
+ public void modifyOutputConfig(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+ String auditMessage = null;
+ String auditSubjectID = auditSubjectID();
+
+ // ensure that any low-level exceptions are reported
+ // to the signed audit log and stored as failures
+ try {
+ String id = req.getParameter(Constants.RS_ID);
+
+ StringTokenizer st = new StringTokenizer(id, ";");
+ String profileId = st.nextToken();
+ String outputId = st.nextToken();
+
+ IProfile profile = null;
+
+ try {
+ profile = mProfileSub.getProfile(profileId);
+ } catch (EBaseException e1) {
+ // error
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, null, null, resp);
+ return;
+ }
+
+ IProfileOutput output = profile.getProfileOutput(outputId);
+ IConfigStore outputConfig = output.getConfigStore();
+
+ Enumeration names = req.getParameterNames();
+
+ while (names.hasMoreElements()) {
+ String name = (String) names.nextElement();
+
+ if (name.equals("OP_SCOPE"))
+ continue;
+ if (name.equals("OP_TYPE"))
+ continue;
+ if (name.equals("RS_ID"))
+ continue;
+ outputConfig.putString("params." + name,
+ req.getParameter(name));
+ }
+ try {
+ profile.getConfigStore().commit(false);
+ } catch (Exception e) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, null, null, resp);
+ return;
+ }
+ NameValuePairs nvp = new NameValuePairs();
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(SUCCESS, null, nvp, resp);
+ } catch (IOException eAudit1) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ // rethrow the specific exception to be handled later
+ throw eAudit1;
+ // } catch( ServletException eAudit2 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
+ }
+ }
+
+ /**
+ * Modify policy constraints profile configuration
+ * <P>
+ *
+ * <ul>
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
+ * configuring cert profile (general settings and cert profile; obsoletes
+ * extensions and constraints policies)
+ * </ul>
+ * @param req HTTP servlet request
+ * @param resp HTTP servlet response
+ * @exception ServletException a servlet error has occurred
+ * @exception IOException an input/output error has occurred
+ */
+ public void modifyPolicyConstraintConfig(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+ String auditMessage = null;
+ String auditSubjectID = auditSubjectID();
+
+ // ensure that any low-level exceptions are reported
+ // to the signed audit log and stored as failures
+ try {
+ String id = req.getParameter(Constants.RS_ID);
+
+ StringTokenizer st = new StringTokenizer(id, ";");
+ String profileId = st.nextToken();
+ String policyId = st.nextToken();
+
+ IProfile profile = null;
+
+ try {
+ profile = mProfileSub.getProfile(profileId);
+ } catch (EBaseException e1) {
+ // error
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, null, null, resp);
+ return;
+ }
+
+ StringTokenizer ss = new StringTokenizer(policyId, ":");
+ String setId = ss.nextToken();
+ String pId = ss.nextToken();
+ IProfilePolicy policy = profile.getProfilePolicy(setId, pId);
+ IPolicyConstraint con = policy.getConstraint();
+ IConfigStore conConfig = con.getConfigStore();
+
+ Enumeration names = req.getParameterNames();
+
+ CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig policy " + policy + " con " + con);
+ while (names.hasMoreElements()) {
+ String name = (String) names.nextElement();
+
+ if (name.equals("OP_SCOPE"))
+ continue;
+ if (name.equals("OP_TYPE"))
+ continue;
+ if (name.equals("RS_ID"))
+ continue;
+
+ // CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig name" + name + " val " + req.getParameter(name));
+ try {
+ con.setConfig(name,req.getParameter(name));
+
+ } catch (EPropertyException e) {
+
+ CMS.debug("ProfileAdminServlet: modifyPolicyConstraintsConfig setConfig exception.");
+ sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp);
+ return;
+ }
+ //conConfig.putString("params." + name, req.getParameter(name));
+ }
+ try {
+ profile.getConfigStore().commit(false);
+ } catch (Exception e) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, null, null, resp);
+ return;
+ }
+
+ NameValuePairs nvp = new NameValuePairs();
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(SUCCESS, null, nvp, resp);
+ } catch (IOException eAudit1) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ // rethrow the specific exception to be handled later
+ throw eAudit1;
+ // } catch( ServletException eAudit2 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
+ }
+ }
+
+ public void getPolicyDefaultConfig(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+ String id = req.getParameter(Constants.RS_ID);
+
+ StringTokenizer st = new StringTokenizer(id, ";");
+ String profileId = st.nextToken();
+ String policyId = st.nextToken();
+
+ IProfile profile = null;
+
+ try {
+ profile = mProfileSub.getProfile(profileId);
+ } catch (EBaseException e1) {
+ CMS.debug( "ProfileAdminServlet::getPolicyDefaultConfig() - " +
+ "profile is null!" );
+ throw new ServletException( e1.toString() );
+ }
+
+ IProfilePolicy policy = null;
+ IPolicyDefault rule = null;
+
+ StringTokenizer ss = new StringTokenizer(policyId, ":");
+ String setId = ss.nextToken();
+ String pId = ss.nextToken();
+
+ policy = profile.getProfilePolicy(setId, pId);
+ rule = policy.getDefault();
+
+ NameValuePairs nvp = new NameValuePairs();
+ Enumeration names = rule.getConfigNames();
+
+ while (names.hasMoreElements()) {
+ String name = (String) names.nextElement();
+ IDescriptor desc = rule.getConfigDescriptor(getLocale(req), name);
+
+ if (desc == null) {
+ nvp.add(name, ";" + ";" + rule.getConfig(name));
+ } else {
+ nvp.add(name, desc.getSyntax() + ";" + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + rule.getConfig(name));
+ }
+ }
+ sendResponse(SUCCESS, null, nvp, resp);
+ }
+
+ public void getPolicyConstraintConfig(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+ String id = req.getParameter(Constants.RS_ID);
+ String constraintsList = req.getParameter(Constants.PR_CONSTRAINTS_LIST);
+
+ // this one gets called when one of the elements in the default list get
+ // selected, then it returns the list of supported constraintsPolicy
+ if (constraintsList != null) {
+
+ }
+
+ StringTokenizer st = new StringTokenizer(id, ";");
+ String profileId = st.nextToken();
+ String policyId = st.nextToken();
+
+ IProfile profile = null;
+
+ try {
+ profile = mProfileSub.getProfile(profileId);
+ } catch (EBaseException e1) {
+ CMS.debug( "ProfileAdminServlet::getPolicyConstraintConfig() - " +
+ "profile is null!" );
+ throw new ServletException( e1.toString() );
+ }
+
+ StringTokenizer ss = new StringTokenizer(policyId, ":");
+ String setId = ss.nextToken();
+ String pId = ss.nextToken();
+ IProfilePolicy policy = profile.getProfilePolicy(setId, pId);
+ IPolicyConstraint rule = policy.getConstraint();
+
+ NameValuePairs nvp = new NameValuePairs();
+ Enumeration names = rule.getConfigNames();
+
+ while (names.hasMoreElements()) {
+ String name = (String) names.nextElement();
+ IDescriptor desc = rule.getConfigDescriptor(getLocale(req), name);
+
+ if (desc == null) {
+ nvp.add(name, ";" + rule.getConfig(name));
+ } else {
+ nvp.add(name, desc.getSyntax() + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + rule.getConfig(name));
+ }
+ }
+ sendResponse(SUCCESS, null, nvp, resp);
+ }
+
+ public void getProfilePolicy(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+ String id = req.getParameter(Constants.RS_ID);
+
+ // only allow profile retrival if it is disabled
+
+ IProfile profile = null;
+
+ try {
+ profile = mProfileSub.getProfile(id);
+ } catch (EBaseException e1) {
+ CMS.debug( "ProfileAdminServlet::getProfilePolicy() - " +
+ "profile is null!" );
+ throw new ServletException( e1.toString() );
+ }
+
+ NameValuePairs nvp = new NameValuePairs();
+ Enumeration setIds = profile.getProfilePolicySetIds();
+
+ if (!setIds.hasMoreElements()) {
+ // no set id; this is a brand new profile
+ sendResponse(SUCCESS, null, nvp, resp);
+ return;
+ }
+ while (setIds.hasMoreElements()) {
+ String setId = (String) setIds.nextElement();
+ Enumeration policies = profile.getProfilePolicies(setId);
+
+ while (policies.hasMoreElements()) {
+ IProfilePolicy policy = (IProfilePolicy) policies.nextElement();
+ IPolicyDefault def = policy.getDefault();
+ IConfigStore defConfig = def.getConfigStore();
+ IPolicyConstraint con = policy.getConstraint();
+ IConfigStore conConfig = con.getConfigStore();
+
+ nvp.add(setId + ":" + policy.getId(),
+ def.getName(getLocale(req)) + ";" +
+ con.getName(getLocale(req)));
+ }
+ }
+
+ sendResponse(SUCCESS, null, nvp, resp);
+ }
+
+ public void getProfileOutput(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+ String id = req.getParameter(Constants.RS_ID);
+ IProfile profile = null;
+
+ try {
+ profile = mProfileSub.getProfile(id);
+ } catch (EBaseException e1) {
+ CMS.debug( "ProfileAdminServlet::getProfileOutput() - " +
+ "profile is null!" );
+ throw new ServletException( e1.toString() );
+ }
+
+ NameValuePairs nvp = new NameValuePairs();
+ Enumeration outputs = profile.getProfileOutputIds();
+
+ while (outputs.hasMoreElements()) {
+ String outputId = (String) outputs.nextElement();
+ IProfileOutput output = profile.getProfileOutput(outputId);
+
+ nvp.add(outputId, output.getName(getLocale(req)));
+ }
+
+ sendResponse(SUCCESS, null, nvp, resp);
+ }
+
+ public void getProfileInput(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+ String id = req.getParameter(Constants.RS_ID);
+ IProfile profile = null;
+
+ try {
+ profile = mProfileSub.getProfile(id);
+ } catch (EBaseException e1) {
+ CMS.debug( "ProfileAdminServlet::getProfileInput() - " +
+ "profile is null!" );
+ throw new ServletException( e1.toString() );
+ }
+
+ NameValuePairs nvp = new NameValuePairs();
+ Enumeration inputs = profile.getProfileInputIds();
+
+ while (inputs.hasMoreElements()) {
+ String inputId = (String) inputs.nextElement();
+ IProfileInput input = profile.getProfileInput(inputId);
+
+ nvp.add(inputId, input.getName(getLocale(req)));
+ }
+
+ sendResponse(SUCCESS, null, nvp, resp);
+ }
+
+ public void getInputConfig(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ String id = req.getParameter(Constants.RS_ID);
+ StringTokenizer st = new StringTokenizer(id, ";");
+ String profileId = st.nextToken();
+ String inputId = st.nextToken();
+ IProfile profile = null;
+
+ try {
+ profile = mProfileSub.getProfile(profileId);
+ } catch (EBaseException e1) {
+ CMS.debug( "ProfileAdminServlet::getInputConfig() - " +
+ "profile is null!" );
+ throw new ServletException( e1.toString() );
+ }
+
+ IProfileInput profileInput = null;
+ NameValuePairs nvp = new NameValuePairs();
+
+ profileInput = profile.getProfileInput(inputId);
+ Enumeration names = profileInput.getConfigNames();
+
+ while (names.hasMoreElements()) {
+ String name = (String) names.nextElement();
+ IDescriptor desc = profileInput.getConfigDescriptor(
+ getLocale(req), name);
+ if (desc == null) {
+ nvp.add(name, ";" + ";" + profileInput.getConfig(name));
+ } else {
+ nvp.add(name, desc.getSyntax() + ";" +
+ getNonNull(desc.getConstraint()) + ";" +
+ desc.getDescription(getLocale(req)) + ";" +
+ profileInput.getConfig(name));
+ }
+ }
+
+ sendResponse(SUCCESS, null, nvp, resp);
+ }
+
+ public void getOutputConfig(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ String id = req.getParameter(Constants.RS_ID);
+ StringTokenizer st = new StringTokenizer(id, ";");
+ String profileId = st.nextToken();
+ String outputId = st.nextToken();
+ IProfile profile = null;
+
+ try {
+ profile = mProfileSub.getProfile(profileId);
+ } catch (EBaseException e1) {
+ CMS.debug( "ProfileAdminServlet::getOutputConfig() - " +
+ "profile is null!" );
+ throw new ServletException( e1.toString() );
+ }
+
+ IProfileOutput profileOutput = null;
+ NameValuePairs nvp = new NameValuePairs();
+
+ profileOutput = profile.getProfileOutput(outputId);
+ Enumeration names = profileOutput.getConfigNames();
+
+ while (names.hasMoreElements()) {
+ String name = (String) names.nextElement();
+ IDescriptor desc = profileOutput.getConfigDescriptor(
+ getLocale(req), name);
+ if (desc == null) {
+ nvp.add(name, ";" + ";" + profileOutput.getConfig(name));
+ } else {
+ nvp.add(name, desc.getSyntax() + ";" +
+ getNonNull(desc.getConstraint()) + ";" +
+ desc.getDescription(getLocale(req)) + ";" +
+ profileOutput.getConfig(name));
+ }
+ }
+
+ sendResponse(SUCCESS, null, nvp, resp);
+ }
+
+ public void listProfileInstances(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ NameValuePairs nvp = new NameValuePairs();
+ Enumeration e = mProfileSub.getProfileIds();
+
+ while (e.hasMoreElements()) {
+ String profileId = (String) e.nextElement();
+ IProfile profile = null;
+
+ try {
+ profile = mProfileSub.getProfile(profileId);
+ } catch (EBaseException e1) {
+ // error
+ }
+
+ String status = null;
+
+ if (mProfileSub.isProfileEnable(profileId)) {
+ status = "enabled";
+ } else {
+ status = "disabled";
+ }
+
+ // mInstanceId + ";visible;" + enabled
+ nvp.add(profileId, profileId + ";visible;" + status);
+ }
+ sendResponse(SUCCESS, null, nvp, resp);
+ }
+
+ public void getProfileInstanceConfig(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ String id = req.getParameter(Constants.RS_ID);
+ IProfile profile = null;
+
+ try {
+ profile = mProfileSub.getProfile(id);
+ } catch (EBaseException e1) {
+ CMS.debug( "ProfileAdminServlet::getProfileInstanceConfig() - " +
+ "profile is null!" );
+ throw new ServletException( e1.toString() );
+ }
+
+ NameValuePairs nvp = new NameValuePairs();
+
+ nvp.add("name", profile.getName(getLocale(req)));
+ nvp.add("desc", profile.getDescription(getLocale(req)));
+ nvp.add("visible", Boolean.toString(profile.isVisible()));
+ nvp.add("enable", Boolean.toString(
+ mProfileSub.isProfileEnable(id)));
+
+ String authid = profile.getAuthenticatorId();
+
+ if (authid == null) {
+ nvp.add("auth", "");
+ } else {
+ nvp.add("auth", authid);
+ }
+ CMS.debug("ProfileAdminServlet: authid=" + authid);
+ nvp.add("plugin", mProfileSub.getProfileClassId(id));
+
+ sendResponse(SUCCESS, null, nvp, resp);
+ }
+
+ /**
+ * Delete profile instance
+ * <P>
+ *
+ * <ul>
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
+ * configuring cert profile (general settings and cert profile; obsoletes
+ * extensions and constraints policies)
+ * </ul>
+ * @param req HTTP servlet request
+ * @param resp HTTP servlet response
+ * @exception ServletException a servlet error has occurred
+ * @exception IOException an input/output error has occurred
+ */
+ public void deleteProfileInstance(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+ String auditMessage = null;
+ String auditSubjectID = auditSubjectID();
+
+ // ensure that any low-level exceptions are reported
+ // to the signed audit log and stored as failures
+ try {
+ // Get the policy impl id and class path.
+ String id = req.getParameter(Constants.RS_ID);
+
+ if (id == null) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, MISSING_POLICY_INST_ID, null, resp);
+ return;
+ }
+
+ String config = null;
+
+ ISubsystem subsystem = CMS.getSubsystem("ca");
+ String subname = "ca";
+
+ if (subsystem == null)
+ subname = "ra";
+
+ try {
+ config = CMS.getConfigStore().getString("instanceRoot") +
+ "/profiles/" + subname + "/" + id + ".cfg";
+ } catch (EBaseException e) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, null, null, resp);
+ return;
+ }
+
+ try {
+ mProfileSub.deleteProfile(id, config);
+ } catch (EProfileException e) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req), e.toString(), id), null, resp);
+ return;
+ }
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(SUCCESS, null, null, resp);
+ } catch (IOException eAudit1) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ // rethrow the specific exception to be handled later
+ throw eAudit1;
+ // } catch( ServletException eAudit2 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
+ }
+ }
+
+ public void
+ putUserPWPair(String combo) {
+ int semicolon;
+
+ semicolon = combo.indexOf(";");
+ String user = combo.substring(0, semicolon);
+ String pw = combo.substring(semicolon + 1);
+
+ CMS.putPasswordCache(user, pw);
+ }
+
+ public boolean isValidId(String id)
+ {
+ for (int i = 0; i < id.length(); i++) {
+ char c = id.charAt(i);
+ if (!Character.isLetterOrDigit(c))
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Add profile instance
+ * <P>
+ *
+ * <ul>
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
+ * configuring cert profile (general settings and cert profile; obsoletes
+ * extensions and constraints policies)
+ * </ul>
+ * @param req HTTP servlet request
+ * @param resp HTTP servlet response
+ * @exception ServletException a servlet error has occurred
+ * @exception IOException an input/output error has occurred
+ */
+ public void addProfileInstance(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+ String auditMessage = null;
+ String auditSubjectID = auditSubjectID();
+
+ // ensure that any low-level exceptions are reported
+ // to the signed audit log and stored as failures
+ try {
+ // Get the policy impl id and class path.
+ String id = req.getParameter(Constants.RS_ID);
+
+ if (id == null || id.trim().equals("") || !isValidId(id)) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, MISSING_POLICY_INST_ID, null, resp);
+ return;
+ }
+
+ // see if profile id already used
+ IProfile p = null;
+
+ try {
+ p = mProfileSub.getProfile(id);
+ } catch (EProfileException e1) {
+ }
+ if (p != null) {
+ sendResponse(ERROR, POLICY_INST_ID_ALREADY_USED, null, resp);
+ return;
+ }
+
+ String impl = req.getParameter("impl");
+ String name = req.getParameter("name");
+ String desc = req.getParameter("desc");
+ String visible = req.getParameter("visible");
+ String auth = req.getParameter("auth");
+ String config = null;
+
+ ISubsystem subsystem = CMS.getSubsystem("ca");
+ String subname = "ca";
+
+ if (subsystem == null)
+ subname = "ra";
+
+ try {
+ config = CMS.getConfigStore().getString("instanceRoot") + "/profiles/" + subname + "/" + id + ".cfg";
+ } catch (EBaseException e) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, null, null, resp);
+ return;
+ }
+
+ IPluginInfo info = mRegistry.getPluginInfo("profile", impl);
+
+ IProfile profile = null;
+
+ // create configuration file
+ File configFile = new File(config);
+
+ configFile.createNewFile();
+
+ // create profile
+ try {
+ profile = mProfileSub.createProfile(id, impl,
+ info.getClassName(),
+ config);
+ profile.setName(getLocale(req), name);
+ profile.setDescription(getLocale(req), name);
+ if (visible != null && visible.equals("true")) {
+ profile.setVisible(true);
+ } else {
+ profile.setVisible(false);
+ }
+ profile.setAuthenticatorId(auth);
+ profile.getConfigStore().commit(false);
+
+ mProfileSub.createProfileConfig(id, impl, config);
+ if (profile instanceof IProfileEx) {
+ // populates profile specific plugins such as
+ // policies, inputs and outputs
+ ((IProfileEx)profile).populate();
+ }
+ } catch (Exception e) {
+ CMS.debug("ProfileAdminServlet: " + e.toString());
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, null, null, resp);
+ return;
+ }
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(SUCCESS, null, null, resp);
+ } catch (IOException eAudit1) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ // rethrow the specific exception to be handled later
+ throw eAudit1;
+ // } catch( ServletException eAudit2 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
+ }
+ }
+
+ /**
+ * Modify profile instance
+ * <P>
+ *
+ * <ul>
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
+ * configuring cert profile (general settings and cert profile; obsoletes
+ * extensions and constraints policies)
+ * </ul>
+ * @param req HTTP servlet request
+ * @param resp HTTP servlet response
+ * @exception ServletException a servlet error has occurred
+ * @exception IOException an input/output error has occurred
+ */
+ public void modifyProfileInstance(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+ String auditMessage = null;
+ String auditSubjectID = auditSubjectID();
+
+ // ensure that any low-level exceptions are reported
+ // to the signed audit log and stored as failures
+ try {
+ // Get the policy impl id and class path.
+ String id = req.getParameter(Constants.RS_ID);
+
+ IProfile profile = null;
+
+ try {
+ profile = mProfileSub.getProfile(id);
+ } catch (EBaseException e1) {
+ // error
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, null, null, resp);
+ return;
+ }
+ String name = req.getParameter("name");
+ String desc = req.getParameter("desc");
+ String auth = req.getParameter("auth");
+ String visible = req.getParameter("visible");
+
+ // String config = req.getParameter("config");
+
+ profile.setAuthenticatorId(auth);
+ profile.setName(getLocale(req), name);
+ profile.setDescription(getLocale(req), desc);
+ if (visible != null && visible.equals("true")) {
+ profile.setVisible(true);
+ } else {
+ profile.setVisible(false);
+ }
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ try {
+ profile.getConfigStore().commit(false);
+ } catch (Exception e) {
+ }
+
+ sendResponse(SUCCESS, null, null, resp);
+ } catch (IOException eAudit1) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ // rethrow the specific exception to be handled later
+ throw eAudit1;
+ // } catch( ServletException eAudit2 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
+ }
+ }
+
+ protected String getNonNull(String s) {
+ if (s == null)
+ return "";
+ return s;
+ }
+
+}
+
generated by cgit (git 2.34.1) at 2024-04-26 07:48:11 +0000