summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java260
1 files changed, 142 insertions, 118 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java
index 4ac119dc0..da24d2c20 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.profile;
+
import java.util.Enumeration;
import java.util.Locale;
@@ -45,9 +46,10 @@ import com.netscape.certsrv.template.ArgList;
import com.netscape.certsrv.template.ArgSet;
import com.netscape.cms.servlet.common.CMSRequest;
+
/**
* Toggle the approval state of a profile
- *
+ *
* @version $Revision$, $Date$
*/
public class ProfileApproveServlet extends ProfileServlet {
@@ -57,9 +59,10 @@ public class ProfileApproveServlet extends ProfileServlet {
*/
private static final long serialVersionUID = 3956879326742839550L;
private static final String PROP_AUTHORITY_ID = "authorityId";
- private String mAuthorityId = null;
+ private String mAuthorityId = null;
- private final static String LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL = "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4";
+ private final static String LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL =
+ "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4";
private final static String OP_APPROVE = "approve";
private final static String OP_DISAPPROVE = "disapprove";
@@ -70,7 +73,7 @@ public class ProfileApproveServlet extends ProfileServlet {
/**
* initialize the servlet. This servlet uses the template file
* "ImportCert.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -81,14 +84,13 @@ public class ProfileApproveServlet extends ProfileServlet {
/**
* Process the HTTP request.
* <P>
- *
+ *
* <ul>
* <li>http.param profileId the id of the profile to change
* <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL used when an
* agent approves/disapproves a cert profile set by the administrator for
* automatic approval
* </ul>
- *
* @param cmsReq the object holding the request and response information
* @exception EBaseException an error has occurred
*/
@@ -124,18 +126,20 @@ public class ProfileApproveServlet extends ProfileServlet {
auditSubjectID = auditSubjectID();
CMS.debug(e.toString());
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
- e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON,
- CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR"));
+ args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
+ "CMS_AUTHENTICATION_ERROR"));
outputTemplate(request, response, args);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
- auditSubjectID, ILogger.FAILURE, auditProfileID,
- auditProfileOp);
+ LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditProfileID,
+ auditProfileOp);
audit(auditMessage);
@@ -146,28 +150,30 @@ public class ProfileApproveServlet extends ProfileServlet {
try {
authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "approve");
+ mAuthzResourceName, "approve");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
- e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
- e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
}
if (authzToken == null) {
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON,
- CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR"));
+ args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
+ "CMS_AUTHORIZATION_ERROR"));
outputTemplate(request, response, args);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
- auditSubjectID, ILogger.FAILURE, auditProfileID,
- auditProfileOp);
+ LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditProfileID,
+ auditProfileOp);
audit(auditMessage);
@@ -187,15 +193,17 @@ public class ProfileApproveServlet extends ProfileServlet {
if (ps == null) {
CMS.debug("ProfileApproveServlet: ProfileSubsystem not found");
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON,
- CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
+ "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
- auditSubjectID, ILogger.FAILURE, auditProfileID,
- auditProfileOp);
+ LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditProfileID,
+ auditProfileOp);
audit(auditMessage);
@@ -206,18 +214,20 @@ public class ProfileApproveServlet extends ProfileServlet {
IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId);
if (authority == null) {
- CMS.debug("ProfileApproveServlet: Authority " + mAuthorityId
- + " not found");
+ CMS.debug("ProfileApproveServlet: Authority " + mAuthorityId +
+ " not found");
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON,
- CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
+ "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
- auditSubjectID, ILogger.FAILURE, auditProfileID,
- auditProfileOp);
+ LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditProfileID,
+ auditProfileOp);
audit(auditMessage);
@@ -226,18 +236,20 @@ public class ProfileApproveServlet extends ProfileServlet {
IRequestQueue queue = authority.getRequestQueue();
if (queue == null) {
- CMS.debug("ProfileApproveServlet: Request Queue of "
- + mAuthorityId + " not found");
+ CMS.debug("ProfileApproveServlet: Request Queue of " +
+ mAuthorityId + " not found");
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON,
- CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
+ "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
- auditSubjectID, ILogger.FAILURE, auditProfileID,
- auditProfileOp);
+ LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditProfileID,
+ auditProfileOp);
audit(auditMessage);
@@ -253,54 +265,60 @@ public class ProfileApproveServlet extends ProfileServlet {
try {
if (ps.isProfileEnable(profileId)) {
- if (ps.checkOwner()) {
- if (ps.getProfileEnableBy(profileId).equals(userid)) {
- ps.disableProfile(profileId);
- } else {
- // only enableBy can disable profile
- args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(
- locale, "CMS_PROFILE_NOT_OWNER"));
- outputTemplate(request, response, args);
-
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
+ if (ps.checkOwner()) {
+ if (ps.getProfileEnableBy(profileId).equals(userid)) {
+ ps.disableProfile(profileId);
+ } else {
+ // only enableBy can disable profile
+ args.set(ARG_ERROR_CODE, "1");
+ args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
+ "CMS_PROFILE_NOT_OWNER"));
+ outputTemplate(request, response, args);
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
- auditSubjectID, ILogger.FAILURE,
- auditProfileID, auditProfileOp);
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditProfileID,
+ auditProfileOp);
- audit(auditMessage);
+ audit(auditMessage);
- return;
- }
- } else {
- ps.disableProfile(profileId);
+ return;
}
+ } else {
+ ps.disableProfile(profileId);
+ }
} else {
ps.enableProfile(profileId, userid);
}
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
- auditSubjectID, ILogger.SUCCESS, auditProfileID,
- auditProfileOp);
+ LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditProfileID,
+ auditProfileOp);
audit(auditMessage);
} catch (EProfileException e) {
// profile not enabled
- CMS.debug("ProfileApproveServlet: profile not error "
- + e.toString());
+ CMS.debug("ProfileApproveServlet: profile not error " +
+ e.toString());
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON,
- CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
+ "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
- auditSubjectID, ILogger.FAILURE, auditProfileID,
- auditProfileOp);
+ LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditProfileID,
+ auditProfileOp);
audit(auditMessage);
@@ -309,34 +327,37 @@ public class ProfileApproveServlet extends ProfileServlet {
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, auditSubjectID,
- ILogger.FAILURE, auditProfileID, auditProfileOp);
+ LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditProfileID,
+ auditProfileOp);
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit1;
// } catch( ServletException eAudit2 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditProfileID,
- // auditProfileOp );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditProfileID,
+ // auditProfileOp );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit2;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
}
try {
profile = ps.getProfile(profileId);
} catch (EProfileException e) {
// profile not found
- CMS.debug("ProfileApproveServlet: profile not found "
- + e.toString());
+ CMS.debug("ProfileApproveServlet: profile not found " +
+ e.toString());
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, e.toString());
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
@@ -364,13 +385,14 @@ public class ProfileApproveServlet extends ProfileServlet {
while (policyIds.hasMoreElements()) {
String id = (String) policyIds.nextElement();
- IProfilePolicy policy = (IProfilePolicy) profile
- .getProfilePolicy(setId, id);
+ IProfilePolicy policy = (IProfilePolicy)
+ profile.getProfilePolicy(setId, id);
// (3) query all the profile policies
// (4) default plugins convert request parameters
- // into string http parameters
- handlePolicy(list, response, locale, id, policy);
+ // into string http parameters
+ handlePolicy(list, response, locale,
+ id, policy);
}
ArgSet setArg = new ArgSet();
@@ -381,8 +403,8 @@ public class ProfileApproveServlet extends ProfileServlet {
args.set(ARG_POLICY_SET_LIST, setlist);
args.set(ARG_PROFILE_ID, profileId);
- args.set(ARG_PROFILE_IS_ENABLED,
- Boolean.toString(ps.isProfileEnable(profileId)));
+ args.set(ARG_PROFILE_IS_ENABLED,
+ Boolean.toString(ps.isProfileEnable(profileId)));
args.set(ARG_PROFILE_ENABLED_BY, ps.getProfileEnableBy(profileId));
args.set(ARG_PROFILE_NAME, profile.getName(locale));
args.set(ARG_PROFILE_DESC, profile.getDescription(locale));
@@ -391,8 +413,8 @@ public class ProfileApproveServlet extends ProfileServlet {
outputTemplate(request, response, args);
}
- private void handlePolicy(ArgList list, ServletResponse response,
- Locale locale, String id, IProfilePolicy policy) {
+ private void handlePolicy(ArgList list, ServletResponse response,
+ Locale locale, String id, IProfilePolicy policy) {
ArgSet set = new ArgSet();
set.set(ARG_POLICY_ID, id);
@@ -412,19 +434,19 @@ public class ProfileApproveServlet extends ProfileServlet {
String defName = (String) defNames.nextElement();
IDescriptor defDesc = def.getValueDescriptor(locale, defName);
if (defDesc == null) {
- CMS.debug("defName=" + defName);
+ CMS.debug("defName=" + defName);
} else {
- String defSyntax = defDesc.getSyntax();
- String defConstraint = defDesc.getConstraint();
- String defValueName = defDesc.getDescription(locale);
- String defValue = null;
-
- defset.set(ARG_DEF_ID, defName);
- defset.set(ARG_DEF_SYNTAX, defSyntax);
- defset.set(ARG_DEF_CONSTRAINT, defConstraint);
- defset.set(ARG_DEF_NAME, defValueName);
- defset.set(ARG_DEF_VAL, defValue);
- deflist.add(defset);
+ String defSyntax = defDesc.getSyntax();
+ String defConstraint = defDesc.getConstraint();
+ String defValueName = defDesc.getDescription(locale);
+ String defValue = null;
+
+ defset.set(ARG_DEF_ID, defName);
+ defset.set(ARG_DEF_SYNTAX, defSyntax);
+ defset.set(ARG_DEF_CONSTRAINT, defConstraint);
+ defset.set(ARG_DEF_NAME, defValueName);
+ defset.set(ARG_DEF_VAL, defValue);
+ deflist.add(defset);
}
}
}
@@ -441,11 +463,11 @@ public class ProfileApproveServlet extends ProfileServlet {
/**
* Signed Audit Log Profile ID
- *
- * This method is called to obtain the "ProfileID" for a signed audit log
- * message.
+ *
+ * This method is called to obtain the "ProfileID" for
+ * a signed audit log message.
* <P>
- *
+ *
* @param req HTTP request
* @return id string containing the signed audit log message ProfileID
*/
@@ -471,14 +493,14 @@ public class ProfileApproveServlet extends ProfileServlet {
/**
* Signed Audit Log Profile Operation
- *
- * This method is called to obtain the "Profile Operation" for a signed
- * audit log message.
+ *
+ * This method is called to obtain the "Profile Operation" for
+ * a signed audit log message.
* <P>
- *
+ *
* @param req HTTP request
- * @return operation string containing either OP_APPROVE, OP_DISAPPROVE, or
- * SIGNED_AUDIT_EMPTY_VALUE
+ * @return operation string containing either OP_APPROVE, OP_DISAPPROVE,
+ * or SIGNED_AUDIT_EMPTY_VALUE
*/
private String auditProfileOp(HttpServletRequest req) {
// if no signed audit object exists, bail
@@ -486,12 +508,13 @@ public class ProfileApproveServlet extends ProfileServlet {
return null;
}
- if (mProfileSubId == null || mProfileSubId.equals("")) {
+ if (mProfileSubId == null ||
+ mProfileSubId.equals("")) {
mProfileSubId = IProfileSubsystem.ID;
}
- IProfileSubsystem ps = (IProfileSubsystem) CMS
- .getSubsystem(mProfileSubId);
+ IProfileSubsystem ps = (IProfileSubsystem)
+ CMS.getSubsystem(mProfileSubId);
if (ps == null) {
return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
@@ -510,3 +533,4 @@ public class ProfileApproveServlet extends ProfileServlet {
}
}
}
+
generated by cgit (git 2.34.1) at 2024-07-11 18:50:54 +0000