From d0f2e4efbd3eb0f1d7f5a28e7f97c1fb4ec027bb Mon Sep 17 00:00:00 2001 From: PKI Team Date: Tue, 18 Mar 2008 22:36:57 +0000 Subject: Initial open source version based upon proprietary Red Hat Certificate System (RHCS) 7.3. git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2 c9f7a03b-bd48-0410-a16d-cbbf54688b0b --- .../cms/servlet/admin/PolicyAdminServlet.java | 1160 ++++++++++++++++++++ 1 file changed, 1160 insertions(+) create mode 100644 pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java (limited to 'pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java') diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java new file mode 100644 index 000000000..8a8b28636 --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java @@ -0,0 +1,1160 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.admin; + + +import java.io.*; +import java.util.*; +import java.net.*; +import java.util.*; +import java.text.*; +import java.math.*; +import java.security.*; +import javax.servlet.*; +import javax.servlet.http.*; +import com.netscape.certsrv.common.*; +import com.netscape.certsrv.apps.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.logging.*; +import com.netscape.certsrv.policy.*; +import com.netscape.certsrv.authority.IAuthority; +import com.netscape.certsrv.ca.ICertificateAuthority; +import com.netscape.certsrv.ra.IRegistrationAuthority; +import com.netscape.certsrv.kra.IKeyRecoveryAuthority; + + +/** + * This class is an administration servlet for policy management. + * + * Each service (CA, KRA, RA) should be responsible + * for registering an instance of this with the remote + * administration subsystem. + * + * @version $Revision: 14561 $, $Date: 2007-05-01 10:28:56 -0700 (Tue, 01 May 2007) $ + */ +public class PolicyAdminServlet extends AdminServlet { + public final static String PROP_AUTHORITY = "authority"; + + private final static String INFO = "PolicyAdminServlet"; + private final static String PW_PASSWORD_CACHE_ADD = + "PASSWORD_CACHE_ADD"; + + public final static String PROP_PREDICATE = "predicate"; + private IPolicyProcessor mProcessor = null; + private IAuthority mAuthority = null; + + // These will be moved to PolicyResources + public static String INVALID_POLICY_SCOPE = "Invalid policy administration scope"; + public static String INVALID_POLICY_IMPL_OP = "Invalid operation for policy implementation management"; + public static String NYI = "Not Yet Implemented"; + public static String INVALID_POLICY_IMPL_CONFIG = "Invalid policy implementation configuration"; + public static String INVALID_POLICY_INSTANCE_CONFIG = "Invalid policy instance configuration"; + public static String MISSING_POLICY_IMPL_ID = "Missing policy impl id in request"; + public static String MISSING_POLICY_IMPL_CLASS = "Missing policy impl class in request"; + public static String INVALID_POLICY_IMPL_ID = "Invalid policy impl id in request"; + public static String MISSING_POLICY_INST_ID = "Missing policy impl id in request"; + public static String INVALID_POLICY_INST_ID = "Invalid policy impl id in request"; + public static String COMMA = ","; + public static String MISSING_POLICY_ORDERING = "Missing policy ordering"; + + private final static String LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY = + "LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY_3"; + + /** + * Constructs administration servlet. + */ + public PolicyAdminServlet() { + super(); + } + + /** + * Initializes this servlet. + */ + public void init(ServletConfig config) throws ServletException { + super.init(config); + String authority = config.getInitParameter(PROP_AUTHORITY); + + if (authority != null) + mAuthority = (IAuthority) CMS.getSubsystem(authority); + if (mAuthority != null) + if (mAuthority instanceof ICertificateAuthority) { + mProcessor = ((ICertificateAuthority) mAuthority).getPolicyProcessor(); + } else if (mAuthority instanceof IRegistrationAuthority) { + mProcessor = ((IRegistrationAuthority) mAuthority).getPolicyProcessor(); + } else if (mAuthority instanceof IKeyRecoveryAuthority) { + mProcessor = ((IKeyRecoveryAuthority) mAuthority).getPolicyProcessor(); + } else + throw new ServletException(authority + " does not have policy processor!"); + } + + /** + * Returns serlvet information. + */ + public String getServletInfo() { + return INFO; + } + + /** + * retrieve extended plugin info such as brief description, type info + * from policy, authentication, + * need to add: listener, mapper and publishing plugins + */ + private void getExtendedPluginInfo(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { + + if (!readAuthorize(req, resp)) + return; + String id = req.getParameter(Constants.RS_ID); + NameValuePairs params = null; + + int colon = id.indexOf(':'); + + String implType = id.substring(0, colon); + String implName1 = id.substring(colon + 1); + String implName = implName1; + String instName = null; + + colon = implName1.indexOf(':'); + if (colon > -1) { + implName = implName1.substring(0, colon); + instName = implName1.substring(colon + 1); + params = getExtendedPluginInfo(getLocale(req), implType, implName, instName); + } else { + params = getExtendedPluginInfo(getLocale(req), implType, implName); + } + sendResponse(SUCCESS, null, params, resp); + } + + private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) { + IExtendedPluginInfo ext_info = null; + Object impl = null; + IPolicyRule policy = mProcessor.getPolicyImpl(implName); + + impl = policy; + + if (impl != null) { + if (impl instanceof IExtendedPluginInfo) { + ext_info = (IExtendedPluginInfo) impl; + } + } + + NameValuePairs nvps = null; + + if (ext_info == null) { + nvps = new NameValuePairs(); + } else { + nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale)); + } + + return nvps; + } + + public NameValuePairs getExtendedPluginInfo(Locale locale, String pluginType, + String implName, + String instName) { + IExtendedPluginInfo ext_info = null; + + Object impl = null; + + IPolicyRule policy = mProcessor.getPolicyInstance(instName); + + impl = policy; + if (impl == null) { + impl = mProcessor.getPolicyImpl(implName); + } + if (impl != null) { + if (impl instanceof IExtendedPluginInfo) { + ext_info = (IExtendedPluginInfo) impl; + } + } + + NameValuePairs nvps = null; + + if (ext_info == null) { + nvps = new NameValuePairs(); + } else { + nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale)); + + } + + if (nvps != null) { + addDefaultParams(impl, nvps); + } + + return nvps; + } + + private void addDefaultParams(Object ext_info, NameValuePairs nvps) { + + /* make sure policy rules have 'enable' and 'predicate' */ + + if (ext_info instanceof IPolicyRule) { + if (nvps.getPair(IPolicyRule.PROP_ENABLE) == null) { + nvps.add(IPolicyRule.PROP_ENABLE, "boolean;Enable this policy rule"); + } + if (nvps.getPair(PROP_PREDICATE) == null) { + nvps.add(PROP_PREDICATE, "string;Rules describing when this policy should run."); + } + } + } + + /** + * Serves HTTP admin request. + */ + public void service(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException { + super.service(req, resp); + + super.authenticate(req); + + AUTHZ_RES_NAME = "certServer.policy.configuration"; + String scope = req.getParameter(Constants.OP_SCOPE); + + if (scope.equals(ScopeDef.SC_POLICY_RULES)) + processPolicyRuleMgmt(req, resp); + else if (scope.equals(ScopeDef.SC_POLICY_IMPLS)) + processPolicyImplMgmt(req, resp); + else if (scope.equals(ScopeDef.SC_EXTENDED_PLUGIN_INFO)) { + try { + getExtendedPluginInfo(req, resp); + } catch (EBaseException e) { + sendResponse(ERROR, e.toString(getLocale(req)), null, resp); + return; + } + } else + sendResponse(ERROR, INVALID_POLICY_SCOPE, null, resp); + } + + private boolean readAuthorize(HttpServletRequest req, + HttpServletResponse resp) throws IOException { + mOp = "read"; + if ((mToken = super.authorize(req)) == null) { + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); + return false; + } + return true; + } + + private boolean modifyAuthorize(HttpServletRequest req, + HttpServletResponse resp) throws IOException { + mOp = "modify"; + if ((mToken = super.authorize(req)) == null) { + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); + return false; + } + return true; + } + + /** + * Process Policy Implementation Management. + */ + public void processPolicyImplMgmt(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException { + // Get operation type + String op = req.getParameter(Constants.OP_TYPE); + + if (op.equals(OpDef.OP_SEARCH)) { + if (!readAuthorize(req, resp)) + return; + listPolicyImpls(req, resp); + } else if (op.equals(OpDef.OP_DELETE)) { + if (!modifyAuthorize(req, resp)) + return; + deletePolicyImpl(req, resp); + } else if (op.equals(OpDef.OP_READ)) { + if (!readAuthorize(req, resp)) + return; + getPolicyImplConfig(req, resp); + } else if (op.equals(OpDef.OP_ADD)) { + if (!modifyAuthorize(req, resp)) + return; + addPolicyImpl(req, resp); + } else + sendResponse(ERROR, INVALID_POLICY_IMPL_OP, + null, resp); + } + + public void processPolicyRuleMgmt(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException { + // Get operation type + String op = req.getParameter(Constants.OP_TYPE); + + if (op.equals(OpDef.OP_SEARCH)) { + if (!readAuthorize(req, resp)) + return; + listPolicyInstances(req, resp); + } else if (op.equals(OpDef.OP_DELETE)) { + if (!modifyAuthorize(req, resp)) + return; + deletePolicyInstance(req, resp); + } else if (op.equals(OpDef.OP_READ)) { + if (!readAuthorize(req, resp)) + return; + getPolicyInstanceConfig(req, resp); + } else if (op.equals(OpDef.OP_ADD)) { + if (!modifyAuthorize(req, resp)) + return; + addPolicyInstance(req, resp); + } else if (op.equals(OpDef.OP_MODIFY)) { + if (!modifyAuthorize(req, resp)) + return; + String id = req.getParameter(Constants.RS_ID); + + if (id.equalsIgnoreCase(Constants.RS_ID_ORDER)) + changePolicyInstanceOrdering(req, resp); + else + modifyPolicyInstance(req, resp); + } else + sendResponse(ERROR, INVALID_POLICY_IMPL_OP, + null, resp); + } + + public void listPolicyImpls(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException { + Enumeration policyImplNames = mProcessor.getPolicyImplsInfo(); + Enumeration policyImpls = mProcessor.getPolicyImpls(); + + if (policyImplNames == null || + policyImpls == null) { + sendResponse(ERROR, INVALID_POLICY_IMPL_CONFIG, null, resp); + return; + } + + // Assemble a name value pair; + NameValuePairs nvp = new NameValuePairs(); + + while (policyImplNames.hasMoreElements() && + policyImpls.hasMoreElements()) { + String id = (String) policyImplNames.nextElement(); + IPolicyRule impl = (IPolicyRule) + policyImpls.nextElement(); + String className = + impl.getClass().getName(); + String desc = impl.getDescription(); + + nvp.add(id, className + "," + desc); + } + sendResponse(SUCCESS, null, nvp, resp); + } + + public void listPolicyInstances(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException { + Enumeration instancesInfo = mProcessor.getPolicyInstancesInfo(); + + if (instancesInfo == null) { + sendResponse(ERROR, INVALID_POLICY_INSTANCE_CONFIG, null, resp); + return; + } + + // Assemble name value pairs + NameValuePairs nvp = new NameValuePairs(); + String instName, rest; + + while (instancesInfo.hasMoreElements()) { + String info = (String) instancesInfo.nextElement(); + int i = info.indexOf(";"); + + nvp.add(info.substring(0, i), info.substring(i + 1)); + + } + sendResponse(SUCCESS, null, nvp, resp); + } + + /** + * Delete policy implementation + *

+ * + *

+ * @param req HTTP servlet request + * @param resp HTTP servlet response + * @exception ServletException a servlet error has occurred + * @exception IOException an input/output error has occurred + */ + public void deletePolicyImpl(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException { + String auditMessage = null; + String auditSubjectID = auditSubjectID(); + + // ensure that any low-level exceptions are reported + // to the signed audit log and stored as failures + try { + // Get the policy impl id. + String id = req.getParameter(Constants.RS_ID).trim(); + + if (id == null) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp); + return; + } + + try { + mProcessor.deletePolicyImpl(id); + + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); + + audit(auditMessage); + + sendResponse(SUCCESS, null, null, resp); + } catch (Exception e) { + //e.printStackTrace(); + + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse(ERROR, e.toString(), null, resp); + } + } catch (IOException eAudit1) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + // rethrow the specific exception to be handled later + throw eAudit1; + // } catch( ServletException eAudit2 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit2; + } + } + + public void getPolicyImplConfig(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException { + // Get the policy impl id. + String id = req.getParameter(Constants.RS_ID); + + if (id == null) { + sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp); + return; + } + + Vector v = mProcessor.getPolicyImplConfig(id); + + if (v == null) { + sendResponse(ERROR, INVALID_POLICY_IMPL_ID, null, resp); + return; + } + NameValuePairs nvp = new NameValuePairs(); + + for (Enumeration e = v.elements(); e.hasMoreElements();) { + String nv = (String) e.nextElement(); + int index = nv.indexOf("="); + + nvp.add(nv.substring(0, index), nv.substring(index + 1)); + } + sendResponse(SUCCESS, null, nvp, resp); + } + + /** + * Add policy implementation + *

+ * + *

+ * @param req HTTP servlet request + * @param resp HTTP servlet response + * @exception ServletException a servlet error has occurred + * @exception IOException an input/output error has occurred + */ + public void addPolicyImpl(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException { + String auditMessage = null; + String auditSubjectID = auditSubjectID(); + + // ensure that any low-level exceptions are reported + // to the signed audit log and stored as failures + try { + // Get the policy impl id and class path. + String id = req.getParameter(Constants.RS_ID); + + if (id == null) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp); + return; + } + + String classPath = req.getParameter(Constants.PR_POLICY_CLASS); + + if (classPath == null) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse(ERROR, MISSING_POLICY_IMPL_CLASS, null, resp); + return; + } + try { + mProcessor.addPolicyImpl(id, classPath); + + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); + + audit(auditMessage); + + sendResponse(SUCCESS, null, null, resp); + } catch (Exception e) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse(ERROR, e.toString(), null, resp); + } + } catch (IOException eAudit1) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + // rethrow the specific exception to be handled later + throw eAudit1; + // } catch( ServletException eAudit2 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit2; + } + } + + /** + * Delete policy instance + *

+ * + *

+ * @param req HTTP servlet request + * @param resp HTTP servlet response + * @exception ServletException a servlet error has occurred + * @exception IOException an input/output error has occurred + */ + public void deletePolicyInstance(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException { + String auditMessage = null; + String auditSubjectID = auditSubjectID(); + + // ensure that any low-level exceptions are reported + // to the signed audit log and stored as failures + try { + // Get the policy impl id. + String id = req.getParameter(Constants.RS_ID).trim(); + + if (id == null) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse(ERROR, MISSING_POLICY_INST_ID, null, resp); + return; + } + + try { + mProcessor.deletePolicyInstance(id); + + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); + + audit(auditMessage); + + sendResponse(SUCCESS, null, null, resp); + } catch (Exception e) { + //e.printStackTrace(); + + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse(ERROR, e.toString(), null, resp); + } + } catch (IOException eAudit1) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + // rethrow the specific exception to be handled later + throw eAudit1; + // } catch( ServletException eAudit2 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit2; + } + } + + public void getPolicyInstanceConfig(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException { + // Get the policy rule id. + String id = req.getParameter(Constants.RS_ID).trim(); + + if (id == null) { + sendResponse(ERROR, MISSING_POLICY_INST_ID, null, resp); + return; + } + + Vector v = mProcessor.getPolicyInstanceConfig(id); + + if (v == null) { + sendResponse(ERROR, INVALID_POLICY_INST_ID, null, resp); + return; + } + NameValuePairs nvp = new NameValuePairs(); + + for (Enumeration e = v.elements(); e.hasMoreElements();) { + String nv = (String) e.nextElement(); + int index = nv.indexOf("="); + String name = nv.substring(0, index); + String value = nv.substring(index + 1); + + if (value == null) { + value = ""; + } + + nvp.add(name, value); + + } + sendResponse(SUCCESS, null, nvp, resp); + } + + public void + putUserPWPair(String combo) { + int semicolon; + + semicolon = combo.indexOf(";"); + String user = combo.substring(0, semicolon); + String pw = combo.substring(semicolon + 1); + + CMS.putPasswordCache(user, pw); + } + + /** + * Add policy instance + *

+ * + *

+ * @param req HTTP servlet request + * @param resp HTTP servlet response + * @exception ServletException a servlet error has occurred + * @exception IOException an input/output error has occurred + */ + public void addPolicyInstance(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException { + String auditMessage = null; + String auditSubjectID = auditSubjectID(); + + // ensure that any low-level exceptions are reported + // to the signed audit log and stored as failures + try { + // Get the policy impl id and class path. + String id = req.getParameter(Constants.RS_ID); + + if (id == null) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse(ERROR, MISSING_POLICY_INST_ID, null, resp); + return; + } + + // Get the default config params for the implementation. + String implName = req.getParameter(IPolicyRule.PROP_IMPLNAME); + + if (implName == null) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp); + return; + } + + // We need to fetch parameters: enable, predicate and implname + // always, and any additional parameters as required by the + // implementation. + Hashtable ht = new Hashtable(); + String val = req.getParameter(IPolicyRule.PROP_ENABLE).trim(); + + if (val == null) + val = "true"; + ht.put(IPolicyRule.PROP_ENABLE, val); + + val = req.getParameter(IPolicyRule.PROP_PREDICATE); + if (val != null) + ht.put(IPolicyRule.PROP_PREDICATE, val); + ht.put(IPolicyRule.PROP_IMPLNAME, implName); + + Vector v = mProcessor.getPolicyImplConfig(implName); + + if (v == null) { + // Invalid impl id + + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse(ERROR, INVALID_POLICY_IMPL_ID, null, resp); + return; + } + for (Enumeration e = v.elements(); e.hasMoreElements();) { + String nv = (String) e.nextElement(); + int index = nv.indexOf("="); + String key = nv.substring(0, index); + + val = req.getParameter(key).trim(); + if (val != null) + ht.put(key, val); + } + + String pwadd = req.getParameter(PW_PASSWORD_CACHE_ADD); + + if (pwadd != null) { + putUserPWPair(pwadd); + } + + try { + mProcessor.addPolicyInstance(id, ht); + + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); + + audit(auditMessage); + + sendResponse(SUCCESS, null, null, resp); + } catch (Exception e) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse(ERROR, e.toString(), null, resp); + } + } catch (IOException eAudit1) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + // rethrow the specific exception to be handled later + throw eAudit1; + // } catch( ServletException eAudit2 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit2; + } + } + + /** + * Change ordering of policy instances + *

+ * + *

+ * @param req HTTP servlet request + * @param resp HTTP servlet response + * @exception ServletException a servlet error has occurred + * @exception IOException an input/output error has occurred + */ + public void changePolicyInstanceOrdering(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException { + String auditMessage = null; + String auditSubjectID = auditSubjectID(); + + // ensure that any low-level exceptions are reported + // to the signed audit log and stored as failures + try { + String policyOrder = + req.getParameter(Constants.PR_POLICY_ORDER); + + if (policyOrder == null) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse(ERROR, MISSING_POLICY_ORDERING, null, resp); + return; + } + try { + mProcessor.changePolicyInstanceOrdering(policyOrder); + + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); + + audit(auditMessage); + + sendResponse(SUCCESS, null, null, resp); + } catch (Exception e) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse(ERROR, e.toString(), null, resp); + } + } catch (IOException eAudit1) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + // rethrow the specific exception to be handled later + throw eAudit1; + // } catch( ServletException eAudit2 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit2; + } + } + + /** + * Modify policy instance + *

+ * + *

+ * @param req HTTP servlet request + * @param resp HTTP servlet response + * @exception ServletException a servlet error has occurred + * @exception IOException an input/output error has occurred + */ + public void modifyPolicyInstance(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException { + String auditMessage = null; + String auditSubjectID = auditSubjectID(); + + // ensure that any low-level exceptions are reported + // to the signed audit log and stored as failures + try { + // Get the policy impl id and class path. + String id = req.getParameter(Constants.RS_ID); + + if (id == null) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse(ERROR, MISSING_POLICY_INST_ID, null, resp); + return; + } + + // Get the default config params for the implementation. + String implName = req.getParameter(IPolicyRule.PROP_IMPLNAME).trim(); + + if (implName == null) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp); + return; + } + + // We need to fetch parameters: enable, predicate and implname + // always, and any additional parameters as required by the + // implementation. + Hashtable ht = new Hashtable(); + String val = req.getParameter(IPolicyRule.PROP_ENABLE).trim(); + + if (val == null) + val = "true"; + ht.put(IPolicyRule.PROP_ENABLE, val); + + val = req.getParameter(IPolicyRule.PROP_PREDICATE); + if (val != null) + ht.put(IPolicyRule.PROP_PREDICATE, val); + ht.put(IPolicyRule.PROP_IMPLNAME, implName); + Vector v = mProcessor.getPolicyImplConfig(implName); + + if (v == null) { + // Invalid impl id + + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse(ERROR, INVALID_POLICY_IMPL_ID, null, resp); + return; + } + // XXX + for (Enumeration n = req.getParameterNames(); n.hasMoreElements();) { + String p = (String) n.nextElement(); + String l = (String) req.getParameter(p); + + if (l != null) + ht.put(p, l); + } + + /* + for(Enumeration e = v.elements(); e.hasMoreElements(); ) + { + String nv = (String)e.nextElement(); + int index = nv.indexOf("="); + String key = nv.substring(0, index); + val = req.getParameter(key); + if (val != null) + ht.put(key, val); + } + */ + + try { + mProcessor.modifyPolicyInstance(id, ht); + + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); + + audit(auditMessage); + + sendResponse(SUCCESS, null, null, resp); + } catch (Exception e) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + sendResponse(ERROR, e.toString(), null, resp); + } + } catch (IOException eAudit1) { + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + + // rethrow the specific exception to be handled later + throw eAudit1; + // } catch( ServletException eAudit2 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit2; + } + } +} + -- cgit