diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java | 232 |
1 files changed, 120 insertions, 112 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java index 8d484f4ee..cf37fdff9 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Enumeration; @@ -49,9 +50,11 @@ import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; /** - * This servlet creates a TPS user in the CA, and it associates TPS's server - * certificate to the user. Finally, it addes the user to the administrator - * group. This procedure will allows TPS to connect to the CA for certificate + * This servlet creates a TPS user in the CA, + * and it associates TPS's server certificate to + * the user. Finally, it addes the user to the + * administrator group. This procedure will + * allows TPS to connect to the CA for certificate * issuance. */ public class RegisterUser extends CMSServlet { @@ -64,7 +67,9 @@ public class RegisterUser extends CMSServlet { private final static String FAILED = "1"; private final static String AUTH_FAILURE = "2"; private String mGroupName = null; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = + "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; + public RegisterUser() { super(); @@ -72,7 +77,6 @@ public class RegisterUser extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -84,7 +88,7 @@ public class RegisterUser extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateUpdater: processing..."); @@ -98,9 +102,9 @@ public class RegisterUser extends CMSServlet { CMS.debug("RegisterUser authentication successful."); } catch (Exception e) { CMS.debug("RegisterUser: authentication failed."); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -113,19 +117,19 @@ public class RegisterUser extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); CMS.debug("RegisterUser authorization successful."); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } @@ -146,112 +150,119 @@ public class RegisterUser extends CMSServlet { String auditMessage = null; String auditSubjectID = auditSubjectID(); - String auditParams = "Scope;;users+Operation;;OP_ADD+source;;RegisterUser" - + "+Resource;;" - + uid - + "+fullname;;" - + name - + "+state;;1" - + "+userType;;<null>+email;;<null>+password;;<null>+phone;;<null>"; + String auditParams = "Scope;;users+Operation;;OP_ADD+source;;RegisterUser" + + "+Resource;;"+ uid + + "+fullname;;"+ name + + "+state;;1" + + "+userType;;<null>+email;;<null>+password;;<null>+phone;;<null>"; - IUGSubsystem ugsys = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); + IUGSubsystem ugsys = (IUGSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_UG); IUser user = null; boolean foundByCert = false; X509Certificate certs[] = new X509Certificate[1]; try { - byte bCert[] = null; - X509CertImpl cert = null; - bCert = (byte[]) (com.netscape.osutil.OSUtil.AtoB(certsString)); - cert = new X509CertImpl(bCert); - certs[0] = (X509Certificate) cert; - - // test to see if the cert already belongs to a user - ICertUserLocator cul = ugsys.getCertUserLocator(); - com.netscape.certsrv.usrgrp.Certificates c = new com.netscape.certsrv.usrgrp.Certificates( - certs); - user = (IUser) cul.locateUser(c); + byte bCert[] = null; + X509CertImpl cert = null; + bCert = (byte[]) (com.netscape.osutil.OSUtil.AtoB(certsString)); + cert = new X509CertImpl(bCert); + certs[0] = (X509Certificate)cert; + + // test to see if the cert already belongs to a user + ICertUserLocator cul = ugsys.getCertUserLocator(); + com.netscape.certsrv.usrgrp.Certificates c = + new com.netscape.certsrv.usrgrp.Certificates(certs); + user = (IUser) cul.locateUser(c); } catch (Exception ec) { - CMS.debug("RegisterUser: exception thrown: " + ec.toString()); + CMS.debug("RegisterUser: exception thrown: "+ec.toString()); } if (user == null) { - CMS.debug("RegisterUser NOT found user by cert"); - try { - user = ugsys.getUser(uid); - CMS.debug("RegisterUser found user by uid " + uid); - } catch (Exception eee) { - } + CMS.debug("RegisterUser NOT found user by cert"); + try { + user = ugsys.getUser(uid); + CMS.debug("RegisterUser found user by uid "+uid); + } catch (Exception eee) { + } } else { - foundByCert = true; - CMS.debug("RegisterUser found user by cert"); + foundByCert = true; + CMS.debug("RegisterUser found user by cert"); } - - try { - - if (user == null) { - // create user only if such user does not exist - user = ugsys.createUser(uid); - user.setFullName(name); - user.setState("1"); - user.setUserType(""); - user.setEmail(""); - user.setPhone(""); - user.setPassword(""); - - ugsys.addUser(user); - CMS.debug("RegisterUser created user " + uid); - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.SUCCESS, auditParams); - audit(auditMessage); - } - - // extract all line separators - StringBuffer sb = new StringBuffer(); - for (int i = 0; i < certsString.length(); i++) { - if (!Character.isWhitespace(certsString.charAt(i))) { - sb.append(certsString.charAt(i)); - } - } - certsString = sb.toString(); - - auditParams = "Scope;;certs+Operation;;OP_ADD+source;;RegisterUser" - + "+Resource;;" + uid + "+cert;;" + certsString; - - user.setX509Certificates(certs); - if (!foundByCert) { - ugsys.addUserCert(user); - CMS.debug("RegisterUser added user certificate"); - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.SUCCESS, auditParams); - audit(auditMessage); - } else - CMS.debug("RegisterUser no need to add user certificate"); - } catch (Exception eee) { + + try { + + if (user == null) { + // create user only if such user does not exist + user = ugsys.createUser(uid); + user.setFullName(name); + user.setState("1"); + user.setUserType(""); + user.setEmail(""); + user.setPhone(""); + user.setPassword(""); + + ugsys.addUser(user); + CMS.debug("RegisterUser created user " + uid); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams); + audit(auditMessage); + } + + // extract all line separators + StringBuffer sb = new StringBuffer(); + for (int i = 0; i < certsString.length(); i++) { + if (!Character.isWhitespace(certsString.charAt(i))) { + sb.append(certsString.charAt(i)); + } + } + certsString = sb.toString(); + + auditParams = "Scope;;certs+Operation;;OP_ADD+source;;RegisterUser" + + "+Resource;;"+ uid + + "+cert;;"+certsString; + + user.setX509Certificates(certs); + if (!foundByCert) { + ugsys.addUserCert(user); + CMS.debug("RegisterUser added user certificate"); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams); + audit(auditMessage); + } else + CMS.debug("RegisterUser no need to add user certificate"); + } catch (Exception eee) { CMS.debug("RegisterUser error " + eee.toString()); - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.FAILURE, auditParams); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams); audit(auditMessage); outputError(httpResp, "Error: Certificate malformed"); return; } + // add user to the group - auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;RegisterUser" - + "+Resource;;" + mGroupName; + auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;RegisterUser" + + "+Resource;;"+ mGroupName; try { Enumeration groups = ugsys.findGroups(mGroupName); - IGroup group = (IGroup) groups.nextElement(); + IGroup group = (IGroup)groups.nextElement(); auditParams += "+user;;"; Enumeration members = group.getMemberNames(); while (members.hasMoreElements()) { auditParams += (String) members.nextElement(); if (members.hasMoreElements()) { - auditParams += ","; + auditParams +=","; } } @@ -262,17 +273,22 @@ public class RegisterUser extends CMSServlet { CMS.debug("RegisterUser modified group"); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.SUCCESS, auditParams); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams); audit(auditMessage); } - } catch (Exception e) { - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.FAILURE, auditParams); + } catch (Exception e) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams); - audit(auditMessage); - } + audit(auditMessage); + } // send success status back to the requestor try { @@ -289,22 +305,14 @@ public class RegisterUser extends CMSServlet { } } - protected void setDefaultTemplates(ServletConfig sc) { - } + protected void setDefaultTemplates(ServletConfig sc) {} - protected void renderTemplate(CMSRequest cmsReq, String templateName, - ICMSTemplateFiller filler) throws IOException {// do nothing - } + protected void renderTemplate( + CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do - // nothing, - // ie, it - // will - // not - // return - // the - // default - // javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } /** |