From 58142dbf7ceb966c950db2e83373f8407e74dd56 Mon Sep 17 00:00:00 2001 From: Abhishek Koneru Date: Wed, 21 Nov 2012 18:45:32 -0500 Subject: Ticket 191 - Mapping HTTP Exception to their proper HTTP error codes --- .../com/netscape/certsrv/acls/ACLInterceptor.java | 17 ++-- .../base/ConflictingOperationException.java | 20 +++++ .../netscape/certsrv/base/ForbiddenException.java | 19 +++++ .../netscape/certsrv/base/HTTPGoneException.java | 20 +++++ .../certsrv/base/ResourceNotFoundException.java | 24 ++++++ .../certsrv/base/UserNotFoundException.java | 40 ++++++++++ .../certsrv/cert/CertNotFoundException.java | 10 +-- .../certsrv/group/GroupNotFoundException.java | 42 ++++++++++ .../certsrv/profile/ProfileNotFoundException.java | 10 +-- .../certsrv/request/RequestNotFoundException.java | 10 +-- .../cms/servlet/admin/GroupMemberService.java | 25 +++--- .../netscape/cms/servlet/admin/GroupService.java | 12 +-- .../cms/servlet/admin/SystemCertService.java | 11 +-- .../cms/servlet/admin/UserCertService.java | 42 +++++----- .../netscape/cms/servlet/admin/UserService.java | 22 +++--- .../com/netscape/cms/servlet/cert/CertService.java | 5 +- .../cms/servlet/csadmin/SystemConfigService.java | 90 +++++++++++----------- .../com/netscape/cms/servlet/key/KeyService.java | 24 +++--- .../cms/servlet/request/CertRequestService.java | 19 ++--- .../cms/servlet/request/KeyRequestService.java | 33 ++++---- 20 files changed, 333 insertions(+), 162 deletions(-) create mode 100644 base/common/src/com/netscape/certsrv/base/ConflictingOperationException.java create mode 100644 base/common/src/com/netscape/certsrv/base/ForbiddenException.java create mode 100644 base/common/src/com/netscape/certsrv/base/HTTPGoneException.java create mode 100644 base/common/src/com/netscape/certsrv/base/ResourceNotFoundException.java create mode 100644 base/common/src/com/netscape/certsrv/base/UserNotFoundException.java create mode 100644 base/common/src/com/netscape/certsrv/group/GroupNotFoundException.java diff --git a/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java b/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java index bcb0b80a2..c30740260 100644 --- a/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java +++ b/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java @@ -24,9 +24,7 @@ import java.security.Principal; import java.util.Properties; import javax.servlet.ServletContext; -import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.Context; -import javax.ws.rs.core.Response; import javax.ws.rs.core.SecurityContext; import javax.ws.rs.ext.Provider; @@ -44,6 +42,7 @@ import com.netscape.certsrv.authorization.AuthzToken; import com.netscape.certsrv.authorization.EAuthzAccessDenied; import com.netscape.certsrv.authorization.IAuthzSubsystem; import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.ForbiddenException; import com.netscape.cmscore.realm.PKIPrincipal; @@ -76,7 +75,7 @@ public class ACLInterceptor implements PreProcessInterceptor { public ServerResponse preProcess( HttpRequest request, ResourceMethod resourceMethod - ) throws Failure, WebApplicationException { + ) throws Failure, ForbiddenException { // Get ACL mapping for the method. Method method = resourceMethod.getMethod(); @@ -95,12 +94,12 @@ public class ACLInterceptor implements PreProcessInterceptor { // If unauthenticated, reject request. if (principal == null) { - throw new WebApplicationException(Response.Status.FORBIDDEN); + throw new ForbiddenException("No user principal provided."); } // If unrecognized principal, reject request. if (!(principal instanceof PKIPrincipal)) { - throw new WebApplicationException(Response.Status.FORBIDDEN); + throw new ForbiddenException("Invalid user principal"); } PKIPrincipal pkiPrincipal = (PKIPrincipal)principal; @@ -108,7 +107,7 @@ public class ACLInterceptor implements PreProcessInterceptor { // If missing auth token, reject request. if (authToken == null) { - throw new WebApplicationException(Response.Status.FORBIDDEN); + throw new ForbiddenException("No authorization token present."); } try { @@ -124,7 +123,7 @@ public class ACLInterceptor implements PreProcessInterceptor { // If invalid mapping, reject request. if (values.length != 2) { - throw new WebApplicationException(Response.Status.FORBIDDEN); + throw new ForbiddenException("Invalid ACL mapping."); } // Check authorization. @@ -137,11 +136,11 @@ public class ACLInterceptor implements PreProcessInterceptor { // If not authorized, reject request. if (authzToken == null) { - throw new WebApplicationException(Response.Status.FORBIDDEN); + throw new ForbiddenException("No authorization token present."); } } catch (EAuthzAccessDenied e) { - throw new WebApplicationException(Response.Status.FORBIDDEN); + throw new ForbiddenException(e.toString()); } catch (IOException|EBaseException e) { e.printStackTrace(); diff --git a/base/common/src/com/netscape/certsrv/base/ConflictingOperationException.java b/base/common/src/com/netscape/certsrv/base/ConflictingOperationException.java new file mode 100644 index 000000000..8b17caa04 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/base/ConflictingOperationException.java @@ -0,0 +1,20 @@ +package com.netscape.certsrv.base; + +import javax.ws.rs.core.Response; + +public class ConflictingOperationException extends PKIException { + + private static final long serialVersionUID = -5780172673428115193L; + + public ConflictingOperationException(String message) { + super(Response.Status.CONFLICT, message); + } + + public ConflictingOperationException(String message, Throwable cause) { + super(Response.Status.CONFLICT, message, cause); + } + + public ConflictingOperationException(Data data) { + super(data); + } +} diff --git a/base/common/src/com/netscape/certsrv/base/ForbiddenException.java b/base/common/src/com/netscape/certsrv/base/ForbiddenException.java new file mode 100644 index 000000000..218dc9c38 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/base/ForbiddenException.java @@ -0,0 +1,19 @@ +package com.netscape.certsrv.base; + +import javax.ws.rs.core.Response; + +public class ForbiddenException extends PKIException { + private static final long serialVersionUID = 3199015969025638546L; + + public ForbiddenException(String message) { + super(Response.Status.FORBIDDEN, message); + } + + public ForbiddenException(String message, Throwable cause) { + super(Response.Status.FORBIDDEN, message, cause); + } + + public ForbiddenException(Data data) { + super(data); + } +} diff --git a/base/common/src/com/netscape/certsrv/base/HTTPGoneException.java b/base/common/src/com/netscape/certsrv/base/HTTPGoneException.java new file mode 100644 index 000000000..7b8f0d371 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/base/HTTPGoneException.java @@ -0,0 +1,20 @@ +package com.netscape.certsrv.base; + +import javax.ws.rs.core.Response; + +public class HTTPGoneException extends PKIException { + + private static final long serialVersionUID = 1256191208802745690L; + + public HTTPGoneException(String message) { + super(Response.Status.GONE, message); + } + + public HTTPGoneException(String message, Throwable cause) { + super(Response.Status.GONE, message, cause); + } + + public HTTPGoneException(Data data) { + super(data); + } +} diff --git a/base/common/src/com/netscape/certsrv/base/ResourceNotFoundException.java b/base/common/src/com/netscape/certsrv/base/ResourceNotFoundException.java new file mode 100644 index 000000000..f41e9e654 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/base/ResourceNotFoundException.java @@ -0,0 +1,24 @@ +package com.netscape.certsrv.base; + +import javax.ws.rs.core.Response; + +public class ResourceNotFoundException extends PKIException { + + private static final long serialVersionUID = 2283994502912462263L; + + public ResourceNotFoundException(String message) { + super(Response.Status.NOT_FOUND, message); + } + + public ResourceNotFoundException(String message, Throwable cause) { + super(Response.Status.NOT_FOUND, message, cause); + } + + public ResourceNotFoundException(Data data) { + super(data); + } + + public Data getData() { + return super.getData(); + } +} diff --git a/base/common/src/com/netscape/certsrv/base/UserNotFoundException.java b/base/common/src/com/netscape/certsrv/base/UserNotFoundException.java new file mode 100644 index 000000000..63df7067a --- /dev/null +++ b/base/common/src/com/netscape/certsrv/base/UserNotFoundException.java @@ -0,0 +1,40 @@ +package com.netscape.certsrv.base; + + +public class UserNotFoundException extends ResourceNotFoundException { + private static final long serialVersionUID = -3446066672148673666L; + public String userId; + + public UserNotFoundException(String userId) { + this(userId, "User " + userId + " not found"); + } + + public UserNotFoundException(String userId, String message) { + super(message); + this.userId = userId; + } + + public UserNotFoundException(String userId, String message, Throwable cause) { + super(message, cause); + this.userId = userId; + } + + public UserNotFoundException(Data data) { + super(data); + userId = data.getAttribute("userId"); + } + + public Data getData() { + Data data = super.getData(); + data.setAttribute("userId", userId); + return data; + } + + public String getUserId() { + return userId; + } + + public void setUserId(String userId) { + this.userId = userId; + } +} diff --git a/base/common/src/com/netscape/certsrv/cert/CertNotFoundException.java b/base/common/src/com/netscape/certsrv/cert/CertNotFoundException.java index ce0962a84..171c2763d 100644 --- a/base/common/src/com/netscape/certsrv/cert/CertNotFoundException.java +++ b/base/common/src/com/netscape/certsrv/cert/CertNotFoundException.java @@ -17,12 +17,10 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.cert; -import javax.ws.rs.core.Response; - -import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.base.ResourceNotFoundException; import com.netscape.certsrv.dbs.certdb.CertId; -public class CertNotFoundException extends PKIException { +public class CertNotFoundException extends ResourceNotFoundException { private static final long serialVersionUID = -4784839378360933483L; @@ -33,12 +31,12 @@ public class CertNotFoundException extends PKIException { } public CertNotFoundException(CertId certId, String message) { - super(Response.Status.NOT_FOUND, message); + super(message); this.certId = certId; } public CertNotFoundException(CertId certId, String message, Throwable cause) { - super(Response.Status.NOT_FOUND, message, cause); + super(message, cause); this.certId = certId; } diff --git a/base/common/src/com/netscape/certsrv/group/GroupNotFoundException.java b/base/common/src/com/netscape/certsrv/group/GroupNotFoundException.java new file mode 100644 index 000000000..3bd9241b6 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/group/GroupNotFoundException.java @@ -0,0 +1,42 @@ +package com.netscape.certsrv.group; + +import com.netscape.certsrv.base.ResourceNotFoundException; + +public class GroupNotFoundException extends ResourceNotFoundException { + + private static final long serialVersionUID = 2283994502912462263L; + public String groupId; + + public GroupNotFoundException(String groupId) { + this(groupId, "Group " + groupId + " not found"); + } + + public GroupNotFoundException(String groupId, String message) { + super(message); + this.groupId = groupId; + } + + public GroupNotFoundException(String groupId, String message, Throwable cause) { + super(message, cause); + this.groupId = groupId; + } + + public GroupNotFoundException(Data data) { + super(data); + groupId = data.getAttribute("groupId"); + } + + public Data getData() { + Data data = super.getData(); + data.setAttribute("groupId", groupId); + return data; + } + + public String getGroupId() { + return groupId; + } + + public void setGroupId(String groupId) { + this.groupId = groupId; + } +} diff --git a/base/common/src/com/netscape/certsrv/profile/ProfileNotFoundException.java b/base/common/src/com/netscape/certsrv/profile/ProfileNotFoundException.java index 7a1c9ea62..c6a549b07 100644 --- a/base/common/src/com/netscape/certsrv/profile/ProfileNotFoundException.java +++ b/base/common/src/com/netscape/certsrv/profile/ProfileNotFoundException.java @@ -17,11 +17,9 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.profile; -import javax.ws.rs.core.Response; +import com.netscape.certsrv.base.ResourceNotFoundException; -import com.netscape.certsrv.base.PKIException; - -public class ProfileNotFoundException extends PKIException { +public class ProfileNotFoundException extends ResourceNotFoundException { private static final long serialVersionUID = -4784839378360933483L; @@ -32,12 +30,12 @@ public class ProfileNotFoundException extends PKIException { } public ProfileNotFoundException(String profileId, String message) { - super(Response.Status.NOT_FOUND, message); + super(message); this.profileId = profileId; } public ProfileNotFoundException(String profileId, String message, Throwable cause) { - super(Response.Status.NOT_FOUND, message, cause); + super(message, cause); this.profileId = profileId; } diff --git a/base/common/src/com/netscape/certsrv/request/RequestNotFoundException.java b/base/common/src/com/netscape/certsrv/request/RequestNotFoundException.java index 3db10dd3a..478675ab0 100644 --- a/base/common/src/com/netscape/certsrv/request/RequestNotFoundException.java +++ b/base/common/src/com/netscape/certsrv/request/RequestNotFoundException.java @@ -1,10 +1,8 @@ package com.netscape.certsrv.request; -import javax.ws.rs.core.Response; +import com.netscape.certsrv.base.ResourceNotFoundException; -import com.netscape.certsrv.base.PKIException; - -public class RequestNotFoundException extends PKIException { +public class RequestNotFoundException extends ResourceNotFoundException { private static final long serialVersionUID = -4784839378360933483L; @@ -15,12 +13,12 @@ public class RequestNotFoundException extends PKIException { } public RequestNotFoundException(RequestId requestId, String message) { - super(Response.Status.NOT_FOUND, message); + super(message); this.requestId = requestId; } public RequestNotFoundException(RequestId requestId, String message, Throwable cause) { - super(Response.Status.NOT_FOUND, message, cause); + super(message, cause); this.requestId = requestId; } diff --git a/base/common/src/com/netscape/cms/servlet/admin/GroupMemberService.java b/base/common/src/com/netscape/cms/servlet/admin/GroupMemberService.java index 0854be3aa..cd17f5b6c 100644 --- a/base/common/src/com/netscape/cms/servlet/admin/GroupMemberService.java +++ b/base/common/src/com/netscape/cms/servlet/admin/GroupMemberService.java @@ -29,15 +29,18 @@ import javax.ws.rs.core.Response; import org.jboss.resteasy.plugins.providers.atom.Link; import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.BadRequestException; +import com.netscape.certsrv.base.ConflictingOperationException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.base.ResourceNotFoundException; import com.netscape.certsrv.base.SessionContext; import com.netscape.certsrv.common.OpDef; import com.netscape.certsrv.common.ScopeDef; import com.netscape.certsrv.group.GroupMemberCollection; import com.netscape.certsrv.group.GroupMemberData; import com.netscape.certsrv.group.GroupMemberResource; +import com.netscape.certsrv.group.GroupNotFoundException; import com.netscape.certsrv.logging.AuditFormat; import com.netscape.certsrv.logging.IAuditor; import com.netscape.certsrv.logging.ILogger; @@ -81,13 +84,13 @@ public class GroupMemberService extends PKIService implements GroupMemberResourc if (groupID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IGroup group = userGroupManager.getGroupFromName(groupID); if (group == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST")); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_GROUP_NOT_EXIST")); + throw new GroupNotFoundException(groupID); } GroupMemberCollection response = new GroupMemberCollection(); @@ -141,13 +144,13 @@ public class GroupMemberService extends PKIService implements GroupMemberResourc try { if (groupID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IGroup group = userGroupManager.getGroupFromName(groupID); if (group == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST")); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_GROUP_NOT_EXIST")); + throw new GroupNotFoundException(groupID); } String memberID = groupMemberData.getID(); @@ -171,7 +174,7 @@ public class GroupMemberService extends PKIService implements GroupMemberResourc if (!isDuplicate(groupID, memberID)) { userGroupManager.addUserToGroup(group, memberID); } else { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_DUPLICATE_ROLES", memberID)); + throw new ConflictingOperationException(CMS.getUserMessage("CMS_BASE_DUPLICATE_ROLES", memberID)); } } else { @@ -289,13 +292,13 @@ public class GroupMemberService extends PKIService implements GroupMemberResourc try { if (groupID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IGroup group = userGroupManager.getGroupFromName(groupID); if (group == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST")); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_GROUP_NOT_EXIST")); + throw new GroupNotFoundException(groupID); } Enumeration e = group.getMemberNames(); @@ -307,7 +310,7 @@ public class GroupMemberService extends PKIService implements GroupMemberResourc return groupMemberData; } - throw new PKIException("Group member not found"); + throw new ResourceNotFoundException("Group member " + memberID + " not found"); } catch (PKIException e) { throw e; @@ -329,13 +332,13 @@ public class GroupMemberService extends PKIService implements GroupMemberResourc try { if (groupID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IGroup group = userGroupManager.getGroupFromName(groupID); if (group == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST")); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_GROUP_NOT_EXIST")); + throw new GroupNotFoundException(groupID); } String member = groupMemberData.getID(); diff --git a/base/common/src/com/netscape/cms/servlet/admin/GroupService.java b/base/common/src/com/netscape/cms/servlet/admin/GroupService.java index b82df9a2f..012e00c33 100644 --- a/base/common/src/com/netscape/cms/servlet/admin/GroupService.java +++ b/base/common/src/com/netscape/cms/servlet/admin/GroupService.java @@ -30,12 +30,14 @@ import org.apache.commons.lang.StringUtils; import org.jboss.resteasy.plugins.providers.atom.Link; import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.PKIException; import com.netscape.certsrv.common.OpDef; import com.netscape.certsrv.common.ScopeDef; import com.netscape.certsrv.group.GroupCollection; import com.netscape.certsrv.group.GroupData; +import com.netscape.certsrv.group.GroupNotFoundException; import com.netscape.certsrv.group.GroupResource; import com.netscape.certsrv.logging.IAuditor; import com.netscape.certsrv.logging.ILogger; @@ -131,13 +133,13 @@ public class GroupService extends PKIService implements GroupResource { try { if (groupID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IGroup group = userGroupManager.getGroupFromName(groupID); if (group == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST")); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_GROUP_NOT_EXIST")); + throw new GroupNotFoundException(groupID); } return createGroupData(group); @@ -173,7 +175,7 @@ public class GroupService extends PKIService implements GroupResource { try { if (groupID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IGroup group = userGroupManager.createGroup(groupID); @@ -237,7 +239,7 @@ public class GroupService extends PKIService implements GroupResource { try { if (groupID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IGroup group = userGroupManager.getGroupFromName(groupID); @@ -295,7 +297,7 @@ public class GroupService extends PKIService implements GroupResource { try { if (groupID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } // if fails, let the exception fall through diff --git a/base/common/src/com/netscape/cms/servlet/admin/SystemCertService.java b/base/common/src/com/netscape/cms/servlet/admin/SystemCertService.java index 8c2d8d9b9..2e1277b30 100644 --- a/base/common/src/com/netscape/cms/servlet/admin/SystemCertService.java +++ b/base/common/src/com/netscape/cms/servlet/admin/SystemCertService.java @@ -20,10 +20,11 @@ package com.netscape.cms.servlet.admin; import java.security.cert.CertificateEncodingException; -import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.Response; import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.base.ResourceNotFoundException; import com.netscape.certsrv.cert.CertData; import com.netscape.certsrv.kra.IKeyRecoveryAuthority; import com.netscape.certsrv.security.ITransportKeyUnit; @@ -50,25 +51,25 @@ public class SystemCertService extends PKIService implements SystemCertResource kra = (IKeyRecoveryAuthority) CMS.getSubsystem("kra"); if (kra == null) { // no KRA - throw new WebApplicationException(Response.Status.NOT_FOUND); + throw new ResourceNotFoundException("KRA subsystem not found."); } ITransportKeyUnit tu = kra.getTransportKeyUnit(); if (tu == null) { CMS.debug("getTransportCert: transport key unit is null"); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + throw new PKIException("No transport key unit."); } org.mozilla.jss.crypto.X509Certificate transportCert = tu.getCertificate(); if (transportCert == null) { CMS.debug("getTransportCert: transport cert is null"); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + throw new PKIException("Transport cert not found."); } try { cert = createCertificateData(transportCert); } catch (CertificateEncodingException e) { CMS.debug("getTransportCert: certificate encoding exception with transport cert"); e.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + throw new PKIException("Unable to encode transport cert"); } return sendConditionalGetResponse(DEFAULT_LONG_CACHE_LIFETIME, cert); } diff --git a/base/common/src/com/netscape/cms/servlet/admin/UserCertService.java b/base/common/src/com/netscape/cms/servlet/admin/UserCertService.java index 16a584ff8..57051040a 100644 --- a/base/common/src/com/netscape/cms/servlet/admin/UserCertService.java +++ b/base/common/src/com/netscape/cms/servlet/admin/UserCertService.java @@ -39,8 +39,11 @@ import org.mozilla.jss.CryptoManager; import org.mozilla.jss.crypto.InternalCertificate; import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.ICertPrettyPrint; import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.base.ResourceNotFoundException; +import com.netscape.certsrv.base.UserNotFoundException; import com.netscape.certsrv.common.OpDef; import com.netscape.certsrv.common.ScopeDef; import com.netscape.certsrv.dbs.certdb.CertId; @@ -96,7 +99,7 @@ public class UserCertService extends PKIService implements UserCertResource { if (userID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IUser user = null; @@ -109,7 +112,7 @@ public class UserCertService extends PKIService implements UserCertResource { if (user == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST")); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST")); + throw new UserNotFoundException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST")); } UserCertCollection response = new UserCertCollection(); @@ -148,7 +151,7 @@ public class UserCertService extends PKIService implements UserCertResource { if (userID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IUser user = null; @@ -161,13 +164,13 @@ public class UserCertService extends PKIService implements UserCertResource { if (user == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST")); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST")); + throw new UserNotFoundException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST")); } X509Certificate[] certs = user.getX509Certificates(); if (certs == null) { - throw new PKIException("Certificate not found"); + throw new ResourceNotFoundException("No certificates found for " + userID); } try { @@ -192,7 +195,7 @@ public class UserCertService extends PKIService implements UserCertResource { return userCertData; } - throw new PKIException("Certificate not found"); + throw new ResourceNotFoundException("No certificates found for " + userID); } catch (PKIException e) { throw e; @@ -223,7 +226,7 @@ public class UserCertService extends PKIService implements UserCertResource { try { if (userID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IUser user = userGroupManager.createUser(userID); @@ -266,7 +269,7 @@ public class UserCertService extends PKIService implements UserCertResource { X509Certificate p7certs[] = pkcs7.getCertificates(); if (p7certs.length == 0) { - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_CERT_ERROR")); + throw new BadRequestException(getUserMessage("CMS_USRGRP_SRVLT_CERT_ERROR")); } // fix for 370099 - cert ordering can not be assumed @@ -292,7 +295,7 @@ public class UserCertService extends PKIService implements UserCertResource { } else { // not a chain, or in random order CMS.debug("UserCertResourceService: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_BAD_CHAIN")); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_CERT_ERROR")); + throw new BadRequestException(getUserMessage("CMS_USRGRP_SRVLT_CERT_ERROR")); } CMS.debug("UserCertResourceService: " @@ -335,12 +338,15 @@ public class UserCertService extends PKIService implements UserCertResource { } } - /* - } catch (CryptoManager.UserCertConflictException e) { - // got a "user cert" in the chain, most likely the CA - // cert of this instance, which has a private key. Ignore - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_PKS7_IGNORED", e.toString())); - */ + /* + } catch (CryptoManager.UserCertConflictException e) { + // got a "user cert" in the chain, most likely the CA + // cert of this instance, which has a private key. Ignore + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_PKS7_IGNORED", e.toString())); + */ + } catch (PKIException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_ERROR", e.toString())); + throw e; } catch (Exception e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_ERROR", e.toString())); throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_CERT_ERROR")); @@ -375,12 +381,12 @@ public class UserCertService extends PKIService implements UserCertResource { } catch (CertificateExpiredException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_ADD_CERT_EXPIRED", String.valueOf(cert.getSubjectDN()))); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_CERT_EXPIRED")); + throw new BadRequestException(getUserMessage("CMS_USRGRP_SRVLT_CERT_EXPIRED")); } catch (CertificateNotYetValidException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_NOT_YET_VALID", String.valueOf(cert.getSubjectDN()))); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID")); + throw new BadRequestException(getUserMessage("CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID")); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) { @@ -438,7 +444,7 @@ public class UserCertService extends PKIService implements UserCertResource { try { if (userID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IUser user = userGroupManager.createUser(userID); diff --git a/base/common/src/com/netscape/cms/servlet/admin/UserService.java b/base/common/src/com/netscape/cms/servlet/admin/UserService.java index f28a8151f..4813d10be 100644 --- a/base/common/src/com/netscape/cms/servlet/admin/UserService.java +++ b/base/common/src/com/netscape/cms/servlet/admin/UserService.java @@ -32,8 +32,12 @@ import org.apache.commons.lang.StringUtils; import org.jboss.resteasy.plugins.providers.atom.Link; import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.BadRequestDataException; +import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.ForbiddenException; import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.base.UserNotFoundException; import com.netscape.certsrv.common.OpDef; import com.netscape.certsrv.common.ScopeDef; import com.netscape.certsrv.logging.IAuditor; @@ -142,7 +146,7 @@ public class UserService extends PKIService implements UserResource { if (userID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestDataException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IUser user; @@ -156,7 +160,7 @@ public class UserService extends PKIService implements UserResource { if (user == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST")); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST")); + throw new UserNotFoundException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST")); } UserData userData = createUserData(user); @@ -207,19 +211,19 @@ public class UserService extends PKIService implements UserResource { try { if (userID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestDataException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } if (userID.indexOf(BACK_SLASH) != -1) { // backslashes (BS) are not allowed log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_RS_ID_BS")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_RS_ID_BS")); + throw new BadRequestDataException(getUserMessage("CMS_ADMIN_SRVLT_RS_ID_BS")); } if (userID.equals(SYSTEM_USER)) { // backslashes (BS) are not allowed log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_SPECIAL_ID", userID)); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_SPECIAL_ID", userID)); + throw new ForbiddenException(getUserMessage("CMS_ADMIN_SRVLT_SPECIAL_ID", userID)); } IUser user = userGroupManager.createUser(userID); @@ -229,7 +233,7 @@ public class UserService extends PKIService implements UserResource { String msg = getUserMessage("CMS_USRGRP_USER_ADD_FAILED_1", "full name"); log(ILogger.LL_FAILURE, msg); - throw new PKIException(msg); + throw new BadRequestDataException(msg); } else { user.setFullName(fname); @@ -292,7 +296,7 @@ public class UserService extends PKIService implements UserResource { log(ILogger.LL_FAILURE, e.toString()); if (user.getUserID() == null) { - throw new PKIException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED_1", "uid")); + throw new BadRequestDataException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED_1", "uid")); } else { throw new PKIException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED")); } @@ -337,7 +341,7 @@ public class UserService extends PKIService implements UserResource { try { if (userID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestDataException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IUser user = userGroupManager.createUser(userID); @@ -425,7 +429,7 @@ public class UserService extends PKIService implements UserResource { try { if (userID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } // get list of groups, and see if uid belongs to any diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertService.java b/base/common/src/com/netscape/cms/servlet/cert/CertService.java index 12942aee6..9b7b9d45e 100644 --- a/base/common/src/com/netscape/cms/servlet/cert/CertService.java +++ b/base/common/src/com/netscape/cms/servlet/cert/CertService.java @@ -30,9 +30,6 @@ import java.util.Date; import java.util.Enumeration; import java.util.List; -import javax.ws.rs.WebApplicationException; -import javax.ws.rs.core.Response; - import netscape.security.pkcs.ContentInfo; import netscape.security.pkcs.PKCS7; import netscape.security.pkcs.SignerInfo; @@ -334,7 +331,7 @@ public class CertService extends PKIService implements CertResource { @Override public CertDataInfos searchCerts(CertSearchRequest data, Integer start, Integer size) { if (data == null) { - throw new WebApplicationException(Response.Status.BAD_REQUEST); + throw new BadRequestException("Search request is null."); } start = start == null ? 0 : start; size = size == null ? DEFAULT_SIZE : size; diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java index 7013d1c8a..2e7f0616b 100644 --- a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java +++ b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java @@ -29,7 +29,6 @@ import java.util.StringTokenizer; import java.util.Vector; import javax.ws.rs.core.MultivaluedMap; -import javax.ws.rs.core.Response; import netscape.security.x509.X509CertImpl; @@ -41,6 +40,7 @@ import org.mozilla.jss.crypto.TokenException; import org.mozilla.jss.util.IncorrectPasswordException; import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.EPropertyNotFound; import com.netscape.certsrv.base.IConfigStore; @@ -99,7 +99,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou @Override public ConfigurationResponse configure(ConfigurationRequest data){ if (csState.equals("1")) { - throw new PKIException(Response.Status.BAD_REQUEST, "System is already configured"); + throw new BadRequestException("System is already configured"); } String certList; @@ -132,12 +132,12 @@ public class SystemConfigService extends PKIService implements SystemConfigResou } catch (NotInitializedException e) { throw new PKIException("Token is not initialized"); } catch (NoSuchTokenException e) { - throw new PKIException(Response.Status.BAD_REQUEST, "Invalid Token provided. No such token."); + throw new BadRequestException("Invalid Token provided. No such token."); } catch (TokenException e) { e.printStackTrace(); throw new PKIException("Token Exception" + e); } catch (IncorrectPasswordException e) { - throw new PKIException(Response.Status.BAD_REQUEST, "Incorrect Password provided for token."); + throw new BadRequestException("Incorrect Password provided for token."); } } @@ -245,7 +245,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou } if (!validCloneUri) { - throw new PKIException(Response.Status.BAD_REQUEST, + throw new BadRequestException( "Invalid clone URI provided. Does not match the available subsystems in the security domain"); } @@ -295,7 +295,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou cs.putString("preop.hierarchy.select", "join"); cs.putString("hierarchy.select", "Subordinate"); } else { - throw new PKIException(Response.Status.BAD_REQUEST, "Invalid hierarchy provided"); + throw new BadRequestException("Invalid hierarchy provided"); } } @@ -329,12 +329,11 @@ public class SystemConfigService extends PKIService implements SystemConfigResou } if (masterhost.equals(realhostname) && masterport.equals(data.getDsPort())) { - throw new PKIException(Response.Status.BAD_REQUEST, - "Master and clone must not share the same internal database"); + throw new BadRequestException("Master and clone must not share the same internal database"); } if (!masterbasedn.equals(data.getBaseDN())) { - throw new PKIException(Response.Status.BAD_REQUEST, "Master and clone should have the same base DN"); + throw new BadRequestException("Master and clone should have the same base DN"); } String masterReplicationPort = data.getMasterReplicationPort(); @@ -537,7 +536,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou if (cdata.getCertChain() != null) { certObj.setCertChain(cdata.getCertChain()); } else { - throw new PKIException(Response.Status.BAD_REQUEST, "CertChain not provided"); + throw new BadRequestException("CertChain not provided"); } } } @@ -549,10 +548,10 @@ public class SystemConfigService extends PKIService implements SystemConfigResou } catch (NumberFormatException e) { // move these validations to validate()? - throw new PKIException(Response.Status.BAD_REQUEST, "Non-integer value for key size"); + throw new BadRequestException("Non-integer value for key size"); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); - throw new PKIException(Response.Status.BAD_REQUEST, "Invalid algorithm " + e); + throw new BadRequestException("Invalid algorithm " + e); } catch (Exception e) { e.printStackTrace(); throw new PKIException("Error in setting certificate names and key sizes: " + e); @@ -765,70 +764,69 @@ public class SystemConfigService extends PKIService implements SystemConfigResou // get the preop pin and validate it String pin = data.getPin(); if (pin == null) { - throw new PKIException(Response.Status.BAD_REQUEST, "No preop pin provided"); + throw new BadRequestException("No preop pin provided"); } if (!preopPin.equals(pin)) { - throw new PKIException(Response.Status.BAD_REQUEST, "Incorrect pin provided"); + throw new BadRequestException("Incorrect pin provided"); } // validate security domain settings String domainType = data.getSecurityDomainType(); if (domainType == null) { - throw new PKIException(Response.Status.BAD_REQUEST, "Security Domain Type not provided"); + throw new BadRequestException("Security Domain Type not provided"); } if (domainType.equals(ConfigurationRequest.NEW_DOMAIN)) { if (!csType.equals("CA")) { - throw new PKIException(Response.Status.BAD_REQUEST, "New Domain is only valid for CA subsytems"); + throw new BadRequestException("New Domain is only valid for CA subsytems"); } if (data.getSecurityDomainName() == null) { - throw new PKIException(Response.Status.BAD_REQUEST, "Security Domain Name is not provided"); + throw new BadRequestException("Security Domain Name is not provided"); } } else if (domainType.equals(ConfigurationRequest.EXISTING_DOMAIN)) { String domainURI = data.getSecurityDomainUri(); if (domainURI == null) { - throw new PKIException(Response.Status.BAD_REQUEST, - "Existing security domain requested, but no security domain URI provided"); + throw new BadRequestException("Existing security domain requested, but no security domain URI provided"); } try { @SuppressWarnings("unused") URL admin_u = new URL(domainURI); // check for invalid URL } catch (MalformedURLException e) { - throw new PKIException(Response.Status.BAD_REQUEST, "Invalid security domain URI"); + throw new BadRequestException("Invalid security domain URI"); } if ((data.getSecurityDomainUser() == null) || (data.getSecurityDomainPassword() == null)) { - throw new PKIException(Response.Status.BAD_REQUEST, "Security domain user or password not provided"); + throw new BadRequestException("Security domain user or password not provided"); } } else { - throw new PKIException(Response.Status.BAD_REQUEST, "Invalid security domain URI provided"); + throw new BadRequestException("Invalid security domain URI provided"); } if ((data.getSubsystemName() == null) || (data.getSubsystemName().length() ==0)) { - throw new PKIException(Response.Status.BAD_REQUEST, "Invalid or no subsystem name provided"); + throw new BadRequestException("Invalid or no subsystem name provided"); } if ((data.getIsClone() != null) && (data.getIsClone().equals("true"))) { String cloneUri = data.getCloneUri(); if (cloneUri == null) { - throw new PKIException(Response.Status.BAD_REQUEST, "Clone selected, but no clone URI provided"); + throw new BadRequestException("Clone selected, but no clone URI provided"); } try { @SuppressWarnings("unused") URL url = new URL(cloneUri); // check for invalid URL // confirm protocol is https } catch (MalformedURLException e) { - throw new PKIException(Response.Status.BAD_REQUEST, "Invalid clone URI"); + throw new BadRequestException("Invalid clone URI"); } if (data.getToken().equals(ConfigurationRequest.TOKEN_DEFAULT)) { if (data.getP12File() == null) { - throw new PKIException(Response.Status.BAD_REQUEST, "P12 filename not provided"); + throw new BadRequestException("P12 filename not provided"); } if (data.getP12Password() == null) { - throw new PKIException(Response.Status.BAD_REQUEST, "P12 password not provided"); + throw new BadRequestException("P12 password not provided"); } } } else { @@ -837,33 +835,33 @@ public class SystemConfigService extends PKIService implements SystemConfigResou String dsHost = data.getDsHost(); if (dsHost == null || dsHost.length() == 0) { - throw new PKIException(Response.Status.BAD_REQUEST, "Internal database host not provided"); + throw new BadRequestException("Internal database host not provided"); } try { Integer.parseInt(data.getDsPort()); // check for errors } catch (NumberFormatException e) { - throw new PKIException(Response.Status.BAD_REQUEST, "Internal database port is invalid"); + throw new BadRequestException("Internal database port is invalid"); } String basedn = data.getBaseDN(); if (basedn == null || basedn.length() == 0) { - throw new PKIException(Response.Status.BAD_REQUEST, "Internal database basedn not provided"); + throw new BadRequestException("Internal database basedn not provided"); } String binddn = data.getBindDN(); if (binddn == null || binddn.length() == 0) { - throw new PKIException(Response.Status.BAD_REQUEST, "Internal database basedn not provided"); + throw new BadRequestException("Internal database basedn not provided"); } String database = data.getDatabase(); if (database == null || database.length() == 0) { - throw new PKIException(Response.Status.BAD_REQUEST, "Internal database database name not provided"); + throw new BadRequestException("Internal database database name not provided"); } String bindpwd = data.getBindpwd(); if (bindpwd == null || bindpwd.length() == 0) { - throw new PKIException(Response.Status.BAD_REQUEST, "Internal database database name not provided"); + throw new BadRequestException("Internal database database name not provided"); } String masterReplicationPort = data.getMasterReplicationPort(); @@ -871,7 +869,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou try { Integer.parseInt(masterReplicationPort); // check for errors } catch (NumberFormatException e) { - throw new PKIException(Response.Status.BAD_REQUEST, "Master replication port is invalid"); + throw new BadRequestException("Master replication port is invalid"); } } @@ -880,7 +878,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou try { Integer.parseInt(cloneReplicationPort); // check for errors } catch (Exception e) { - throw new PKIException(Response.Status.BAD_REQUEST, "Clone replication port is invalid"); + throw new BadRequestException("Clone replication port is invalid"); } } @@ -893,32 +891,32 @@ public class SystemConfigService extends PKIService implements SystemConfigResou if ((data.getBackupKeys() != null) && data.getBackupKeys().equals("true")) { if ((data.getBackupFile() == null) || (data.getBackupFile().length()<=0)) { //TODO: also check for valid path, perhaps by touching file there - throw new PKIException(Response.Status.BAD_REQUEST, "Invalid key backup file name"); + throw new BadRequestException("Invalid key backup file name"); } if ((data.getBackupPassword() == null) || (data.getBackupPassword().length()<8)) { - throw new PKIException(Response.Status.BAD_REQUEST, "key backup password must be at least 8 characters"); + throw new BadRequestException("key backup password must be at least 8 characters"); } } else { data.setBackupKeys("false"); } if (csType.equals("CA") && (data.getHierarchy() == null)) { - throw new PKIException(Response.Status.BAD_REQUEST, "Hierarchy is requred for CA, not provided"); + throw new BadRequestException("Hierarchy is requred for CA, not provided"); } if (data.getIsClone().equals("false")) { if ((data.getAdminUID() == null) || (data.getAdminUID().length() == 0)) { - throw new PKIException(Response.Status.BAD_REQUEST, "Admin UID not provided"); + throw new BadRequestException("Admin UID not provided"); } if ((data.getAdminPassword() == null) || (data.getAdminPassword().length() == 0)) { - throw new PKIException(Response.Status.BAD_REQUEST, "Admin Password not provided"); + throw new BadRequestException("Admin Password not provided"); } if ((data.getAdminEmail() == null) || (data.getAdminEmail().length() == 0)) { - throw new PKIException(Response.Status.BAD_REQUEST, "Admin UID not provided"); + throw new BadRequestException("Admin UID not provided"); } if ((data.getAdminName() == null) || (data.getAdminName().length() == 0)) { - throw new PKIException(Response.Status.BAD_REQUEST, "Admin name not provided"); + throw new BadRequestException("Admin name not provided"); } if (data.getImportAdminCert() == null) { @@ -927,17 +925,17 @@ public class SystemConfigService extends PKIService implements SystemConfigResou if (data.getImportAdminCert().equalsIgnoreCase("true")) { if (data.getAdminCert() == null) { - throw new PKIException(Response.Status.BAD_REQUEST, "Admin Cert not provided"); + throw new BadRequestException("Admin Cert not provided"); } } else { if ((data.getAdminCertRequest() == null) || (data.getAdminCertRequest().length() == 0)) { - throw new PKIException(Response.Status.BAD_REQUEST, "Admin cert request not provided"); + throw new BadRequestException("Admin cert request not provided"); } if ((data.getAdminCertRequestType() == null) || (data.getAdminCertRequestType().length() == 0)) { - throw new PKIException(Response.Status.BAD_REQUEST, "Admin cert request type not provided"); + throw new BadRequestException("Admin cert request type not provided"); } if ((data.getAdminSubjectDN() == null) || (data.getAdminSubjectDN().length() == 0)) { - throw new PKIException(Response.Status.BAD_REQUEST, "Admin subjectDN not provided"); + throw new BadRequestException("Admin subjectDN not provided"); } } } diff --git a/base/common/src/com/netscape/cms/servlet/key/KeyService.java b/base/common/src/com/netscape/cms/servlet/key/KeyService.java index 01c8a0ee9..4b8a90758 100644 --- a/base/common/src/com/netscape/cms/servlet/key/KeyService.java +++ b/base/common/src/com/netscape/cms/servlet/key/KeyService.java @@ -24,13 +24,15 @@ import java.util.Enumeration; import java.util.Hashtable; import javax.ws.rs.Path; -import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.MultivaluedMap; -import javax.ws.rs.core.Response; import javax.ws.rs.core.UriBuilder; import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.HTTPGoneException; +import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.base.UnauthorizedException; import com.netscape.certsrv.dbs.keydb.IKeyRecord; import com.netscape.certsrv.dbs.keydb.IKeyRepository; import com.netscape.certsrv.dbs.keydb.KeyId; @@ -80,11 +82,11 @@ public class KeyService extends PKIService implements KeyResource { keyData = getKey(keyId, data); } catch (EBaseException e) { e.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + throw new PKIException(e.getMessage()); } if (keyData == null) { // no key record - throw new WebApplicationException(Response.Status.GONE); + throw new HTTPGoneException("No key record."); } return keyData; } @@ -199,14 +201,14 @@ public class KeyService extends PKIService implements KeyResource { RequestId reqId = data.getRequestId(); if (reqId == null) { // log error - throw new WebApplicationException(Response.Status.BAD_REQUEST); + throw new BadRequestException("Request id not found."); } // confirm that at least one wrapping method exists // There must be at least the wrapped session key method. if ((data.getTransWrappedSessionKey() == null)) { // log error - throw new WebApplicationException(Response.Status.BAD_REQUEST); + throw new BadRequestException("No wrapping method found."); } KeyRequestDAO reqDAO = new KeyRequestDAO(); @@ -216,18 +218,18 @@ public class KeyService extends PKIService implements KeyResource { } catch (EBaseException e1) { // failed to get request e1.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + throw new PKIException(e1.getMessage()); } if (reqInfo == null) { // request not found - throw new WebApplicationException(Response.Status.GONE); + throw new HTTPGoneException("No request information available."); } //confirm request is of the right type String type = reqInfo.getRequestType(); if (!type.equals(IRequest.SECURITY_DATA_RECOVERY_REQUEST)) { // log error - throw new WebApplicationException(Response.Status.BAD_REQUEST); + throw new BadRequestException("Invalid request type"); } //confirm that agent is originator of request, else throw 401 @@ -237,7 +239,7 @@ public class KeyService extends PKIService implements KeyResource { RequestStatus status = reqInfo.getRequestStatus(); if (!status.equals(RequestStatus.APPROVED)) { // log error - throw new WebApplicationException(Response.Status.UNAUTHORIZED); + throw new UnauthorizedException("Unauthorized request."); } return reqInfo.getKeyId(); @@ -274,7 +276,7 @@ public class KeyService extends PKIService implements KeyResource { } catch (EBaseException e) { e.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + throw new PKIException(e.getMessage()); } return infos; } diff --git a/base/common/src/com/netscape/cms/servlet/request/CertRequestService.java b/base/common/src/com/netscape/cms/servlet/request/CertRequestService.java index dba6d9c01..eef057644 100644 --- a/base/common/src/com/netscape/cms/servlet/request/CertRequestService.java +++ b/base/common/src/com/netscape/cms/servlet/request/CertRequestService.java @@ -20,7 +20,6 @@ package com.netscape.cms.servlet.request; import javax.ws.rs.PathParam; import javax.ws.rs.core.MultivaluedMap; -import javax.ws.rs.core.Response; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.EAuthException; @@ -29,6 +28,7 @@ import com.netscape.certsrv.base.BadRequestDataException; import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.base.UnauthorizedException; import com.netscape.certsrv.cert.CertEnrollmentRequest; import com.netscape.certsrv.cert.CertRequestInfo; import com.netscape.certsrv.cert.CertRequestInfos; @@ -96,13 +96,13 @@ public class CertRequestService extends PKIService implements CertRequestResourc infos = dao.submitRequest(data, servletRequest, uriInfo, getLocale()); } catch (EAuthException e) { CMS.debug("enrollCert: authentication failed: " + e); - throw new PKIException(Response.Status.UNAUTHORIZED, e.toString()); + throw new UnauthorizedException(e.toString()); } catch (EAuthzException e) { CMS.debug("enrollCert: authorization failed: " + e); - throw new PKIException(Response.Status.UNAUTHORIZED, e.toString()); + throw new UnauthorizedException(e.toString()); } catch (BadRequestDataException e) { CMS.debug("enrollCert: bad request data: " + e); - throw new PKIException(Response.Status.BAD_REQUEST, e.toString()); + throw new BadRequestException(e.toString()); } catch (EBaseException e) { throw new PKIException(e.toString()); } @@ -147,16 +147,14 @@ public class CertRequestService extends PKIService implements CertRequestResourc dao.changeRequestState(id, servletRequest, data, getLocale(), op); } catch (ERejectException e) { CMS.debug("changeRequestState: execution rejected " + e); - throw new PKIException(Response.Status.BAD_REQUEST, - CMS.getUserMessage(getLocale(), "CMS_PROFILE_REJECTED", e.toString())); + throw new BadRequestException(CMS.getUserMessage(getLocale(), "CMS_PROFILE_REJECTED", e.toString())); } catch (EDeferException e) { CMS.debug("changeRequestState: execution defered " + e); // TODO do we throw an exception here? - throw new PKIException(Response.Status.BAD_REQUEST, - CMS.getUserMessage(getLocale(), "CMS_PROFILE_DEFERRED", e.toString())); + throw new BadRequestException(CMS.getUserMessage(getLocale(), "CMS_PROFILE_DEFERRED", e.toString())); } catch (BadRequestDataException e) { CMS.debug("changeRequestState: bad request data: " + e); - throw new PKIException(Response.Status.BAD_REQUEST, e.toString()); + throw new BadRequestException(e.toString()); } catch (EPropertyException e) { CMS.debug("changeRequestState: execution error " + e); throw new PKIException(CMS.getUserMessage(getLocale(), @@ -169,8 +167,7 @@ public class CertRequestService extends PKIService implements CertRequestResourc throw new PKIException("Problem approving request in CertRequestResource.assignRequest! " + e); } catch (RequestNotFoundException e) { CMS.debug(e); - throw new PKIException(Response.Status.BAD_REQUEST, - CMS.getUserMessage(getLocale(), "CMS_REQUEST_NOT_FOUND", id.toString())); + throw new BadRequestException(CMS.getUserMessage(getLocale(), "CMS_REQUEST_NOT_FOUND", id.toString())); } } diff --git a/base/common/src/com/netscape/cms/servlet/request/KeyRequestService.java b/base/common/src/com/netscape/cms/servlet/request/KeyRequestService.java index 12f3bb7ee..433206298 100644 --- a/base/common/src/com/netscape/cms/servlet/request/KeyRequestService.java +++ b/base/common/src/com/netscape/cms/servlet/request/KeyRequestService.java @@ -18,11 +18,10 @@ package com.netscape.cms.servlet.request; -import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.MultivaluedMap; -import javax.ws.rs.core.Response; import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.PKIException; import com.netscape.certsrv.key.KeyArchivalRequest; @@ -81,7 +80,7 @@ public class KeyRequestService extends PKIService implements KeyRequestResource if (data == null || data.getClientId() == null || data.getWrappedPrivateData() == null || data.getDataType() == null) { - throw new WebApplicationException(Response.Status.BAD_REQUEST); + throw new BadRequestException("Invalid key archival request."); } KeyRequestDAO dao = new KeyRequestDAO(); @@ -91,7 +90,7 @@ public class KeyRequestService extends PKIService implements KeyRequestResource } catch (EBaseException e) { // TODO Auto-generated catch block e.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + throw new PKIException(e.toString()); } return info; } @@ -109,9 +108,13 @@ public class KeyRequestService extends PKIService implements KeyRequestResource //Catch this before the internal server processing has to deal with it //If data has been provided, we need at least the wrapped session key, //or the command is invalid. - if (data == null || (data.getTransWrappedSessionKey() == null - && data.getSessionWrappedPassphrase() != null)) { - throw new WebApplicationException(Response.Status.BAD_REQUEST); + + if (data == null) { + throw new BadRequestException("Invalid request."); + } + if (data.getTransWrappedSessionKey() == null + && data.getSessionWrappedPassphrase() != null) { + throw new BadRequestException("No wrapped session key."); } KeyRequestDAO dao = new KeyRequestDAO(); KeyRequestInfo info; @@ -120,14 +123,14 @@ public class KeyRequestService extends PKIService implements KeyRequestResource } catch (EBaseException e) { // TODO Auto-generated catch block e.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + throw new PKIException(e.toString()); } return info; } public void approveRequest(RequestId id) { if (id == null) { - throw new WebApplicationException(Response.Status.BAD_REQUEST); + throw new BadRequestException("Invalid request id."); } // auth and authz KeyRequestDAO dao = new KeyRequestDAO(); @@ -136,13 +139,13 @@ public class KeyRequestService extends PKIService implements KeyRequestResource } catch (EBaseException e) { // TODO Auto-generated catch block e.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + throw new PKIException(e.toString()); } } public void rejectRequest(RequestId id) { if (id == null) { - throw new WebApplicationException(Response.Status.BAD_REQUEST); + throw new BadRequestException("Invalid request id."); } // auth and authz KeyRequestDAO dao = new KeyRequestDAO(); @@ -151,13 +154,13 @@ public class KeyRequestService extends PKIService implements KeyRequestResource } catch (EBaseException e) { // TODO Auto-generated catch block e.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + throw new PKIException(e.toString()); } } public void cancelRequest(RequestId id) { if (id == null) { - throw new WebApplicationException(Response.Status.BAD_REQUEST); + throw new BadRequestException("Request id is null."); } // auth and authz KeyRequestDAO dao = new KeyRequestDAO(); @@ -166,7 +169,7 @@ public class KeyRequestService extends PKIService implements KeyRequestResource } catch (EBaseException e) { // TODO Auto-generated catch block e.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + throw new PKIException(e.toString()); } } @@ -193,7 +196,7 @@ public class KeyRequestService extends PKIService implements KeyRequestResource } catch (EBaseException e) { CMS.debug("listRequests: error in obtaining request results" + e); e.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + throw new PKIException(e.toString()); } return requests; } -- cgit