From 621d9e5c413e561293d7484b93882d985b3fe15f Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Sat, 24 Mar 2012 02:27:47 -0500 Subject: Removed unnecessary pki folder. Previously the source code was located inside a pki folder. This folder was created during svn migration and is no longer needed. This folder has now been removed and the contents have been moved up one level. Ticket #131 --- .../netscape/cms/servlet/csadmin/RegisterUser.java | 331 +++++++++++++++++++++ 1 file changed, 331 insertions(+) create mode 100644 base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java (limited to 'base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java') diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java b/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java new file mode 100644 index 000000000..0042cdb5a --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java @@ -0,0 +1,331 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.csadmin; + +import java.io.IOException; +import java.security.cert.X509Certificate; +import java.util.Enumeration; +import java.util.Locale; + +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import netscape.security.x509.X509CertImpl; + +import org.w3c.dom.Node; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.authentication.IAuthToken; +import com.netscape.certsrv.authorization.AuthzToken; +import com.netscape.certsrv.authorization.EAuthzAccessDenied; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.logging.ILogger; +import com.netscape.certsrv.usrgrp.ICertUserLocator; +import com.netscape.certsrv.usrgrp.IGroup; +import com.netscape.certsrv.usrgrp.IUGSubsystem; +import com.netscape.certsrv.usrgrp.IUser; +import com.netscape.cms.servlet.base.CMSServlet; +import com.netscape.cms.servlet.base.UserInfo; +import com.netscape.cms.servlet.common.CMSRequest; +import com.netscape.cms.servlet.common.ICMSTemplateFiller; +import com.netscape.cmsutil.util.Utils; +import com.netscape.cmsutil.xml.XMLObject; + +/** + * This servlet creates a TPS user in the CA, + * and it associates TPS's server certificate to + * the user. Finally, it addes the user to the + * administrator group. This procedure will + * allows TPS to connect to the CA for certificate + * issuance. + */ +public class RegisterUser extends CMSServlet { + + /** + * + */ + private static final long serialVersionUID = -699307373400031138L; + private final static String SUCCESS = "0"; + private final static String FAILED = "1"; + private final static String AUTH_FAILURE = "2"; + private String mGroupName = null; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = + "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; + + public RegisterUser() { + super(); + } + + /** + * initialize the servlet. + * + * @param sc servlet configuration, read from the web.xml file + */ + public void init(ServletConfig sc) throws ServletException { + CMS.debug("RegisterUser: initializing..."); + super.init(sc); + CMS.debug("RegisterUser: done initializing..."); + mGroupName = sc.getInitParameter("GroupName"); + CMS.debug("RegisterUser: group name " + mGroupName); + } + + /** + * Process the HTTP request. + */ + protected void process(CMSRequest cmsReq) throws EBaseException { + CMS.debug("UpdateUpdater: processing..."); + + HttpServletRequest httpReq = cmsReq.getHttpReq(); + HttpServletResponse httpResp = cmsReq.getHttpResp(); + + IAuthToken authToken = null; + try { + authToken = authenticate(cmsReq); + CMS.debug("RegisterUser authentication successful."); + } catch (Exception e) { + CMS.debug("RegisterUser: authentication failed."); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", + e.toString())); + outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); + return; + } + + if (authToken == null) { + CMS.debug("RegisterUser: authentication failed."); + outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); + return; + } + + AuthzToken authzToken = null; + try { + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); + CMS.debug("RegisterUser authorization successful."); + } catch (EAuthzAccessDenied e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + outputError(httpResp, "Error: Not authorized"); + return; + } catch (Exception e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + outputError(httpResp, + "Error: Encountered problem during authorization."); + return; + } + + if (authzToken == null) { + outputError(httpResp, "Error: Not authorized"); + return; + } + + // create user and add certificate + String uid = httpReq.getParameter("uid"); + String name = httpReq.getParameter("name"); + String certsString = httpReq.getParameter("certificate"); + CMS.debug("RegisterUser got uid=" + uid); + CMS.debug("RegisterUser got name=" + name); + CMS.debug("RegisterUser got certsString=" + certsString); + + String auditMessage = null; + String auditSubjectID = auditSubjectID(); + String auditParams = "Scope;;users+Operation;;OP_ADD+source;;RegisterUser" + + "+Resource;;" + uid + + "+fullname;;" + name + + "+state;;1" + + "+userType;;+email;;+password;;+phone;;"; + + IUGSubsystem ugsys = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); + + IUser user = null; + boolean foundByCert = false; + X509Certificate certs[] = new X509Certificate[1]; + try { + + byte bCert[] = null; + X509CertImpl cert = null; + bCert = Utils.base64decode(certsString); + cert = new X509CertImpl(bCert); + certs[0] = (X509Certificate) cert; + + // test to see if the cert already belongs to a user + ICertUserLocator cul = ugsys.getCertUserLocator(); + com.netscape.certsrv.usrgrp.Certificates c = + new com.netscape.certsrv.usrgrp.Certificates(certs); + user = (IUser) cul.locateUser(c); + } catch (Exception ec) { + CMS.debug("RegisterUser: exception thrown: " + ec.toString()); + } + if (user == null) { + CMS.debug("RegisterUser NOT found user by cert"); + try { + user = ugsys.getUser(uid); + CMS.debug("RegisterUser found user by uid " + uid); + } catch (Exception eee) { + } + } else { + foundByCert = true; + CMS.debug("RegisterUser found user by cert"); + } + + try { + + if (user == null) { + // create user only if such user does not exist + user = ugsys.createUser(uid); + user.setFullName(name); + user.setState("1"); + user.setUserType(""); + user.setEmail(""); + user.setPhone(""); + user.setPassword(""); + + ugsys.addUser(user); + CMS.debug("RegisterUser created user " + uid); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams); + audit(auditMessage); + } + + // extract all line separators + StringBuffer sb = new StringBuffer(); + for (int i = 0; i < certsString.length(); i++) { + if (!Character.isWhitespace(certsString.charAt(i))) { + sb.append(certsString.charAt(i)); + } + } + certsString = sb.toString(); + + auditParams = "Scope;;certs+Operation;;OP_ADD+source;;RegisterUser" + + "+Resource;;" + uid + + "+cert;;" + certsString; + + user.setX509Certificates(certs); + if (!foundByCert) { + ugsys.addUserCert(user); + CMS.debug("RegisterUser added user certificate"); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams); + audit(auditMessage); + } else + CMS.debug("RegisterUser no need to add user certificate"); + } catch (Exception eee) { + CMS.debug("RegisterUser error " + eee.toString()); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams); + + audit(auditMessage); + outputError(httpResp, "Error: Certificate malformed"); + return; + } + + // add user to the group + auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;RegisterUser" + + "+Resource;;" + mGroupName; + try { + Enumeration groups = ugsys.findGroups(mGroupName); + IGroup group = groups.nextElement(); + + auditParams += "+user;;"; + Enumeration members = group.getMemberNames(); + while (members.hasMoreElements()) { + auditParams += members.nextElement(); + if (members.hasMoreElements()) { + auditParams += ","; + } + } + + if (!group.isMember(user.getUserID())) { + auditParams += "," + user.getUserID(); + group.addMemberName(user.getUserID()); + ugsys.modifyGroup(group); + CMS.debug("RegisterUser modified group"); + + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams); + + audit(auditMessage); + } + } catch (Exception e) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams); + + audit(auditMessage); + } + + // send success status back to the requestor + try { + CMS.debug("RegisterUser: Sending response"); + XMLObject xmlObj = new XMLObject(); + Node root = xmlObj.createRoot("XMLResponse"); + + xmlObj.addItemToContainer(root, "Status", SUCCESS); + byte[] cb = xmlObj.toByteArray(); + + outputResult(httpResp, "application/xml", cb); + } catch (Exception e) { + CMS.debug("RegisterUser: Failed to send the XML output"); + } + } + + protected void setDefaultTemplates(ServletConfig sc) { + } + + protected void renderTemplate( + CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) + throws IOException {// do nothing + } + + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + } + + /** + * Retrieves locale based on the request. + */ + protected Locale getLocale(HttpServletRequest req) { + Locale locale = null; + String lang = req.getHeader("accept-language"); + + if (lang == null) { + // use server locale + locale = Locale.getDefault(); + } else { + locale = new Locale(UserInfo.getUserLanguage(lang), + UserInfo.getUserCountry(lang)); + } + return locale; + } +} -- cgit