From 8d0b9c631cc04a51fb9ed655f0a7ab81d6527900 Mon Sep 17 00:00:00 2001
From: cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>
Date: Sat, 6 Jun 2009 17:15:12 +0000
Subject: Bug 503045 -  CMC Revocation cannot be completed in EE page - fails
 with NullPointerException. Authorization not working properly.

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@561 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
---
 .../netscape/cms/policy/constraints/RevocationConstraints.java   | 7 ++++++-
 .../src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java      | 4 ++--
 .../src/com/netscape/cmscore/policy/GenericPolicyProcessor.java  | 9 ++++++++-
 pki/base/common/src/com/netscape/cmscore/policy/PolicySet.java   | 3 +++
 4 files changed, 19 insertions(+), 4 deletions(-)

(limited to 'pki/base/common')

diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java
index e5e7ec4ec..4ce438ec4 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java
@@ -107,6 +107,11 @@ public class RevocationConstraints extends APolicyRule
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
+        CMS.debug("RevocationConstraints: apply begins");
+        if (req.getExtDataInInteger(IRequest.REVOKED_REASON) == null) {
+            CMS.debug("RevocationConstraints: apply: no revocationReason found in request");
+            return PolicyResult.REJECTED;
+        }
         RevocationReason rr = RevocationReason.fromInt(
                 req.getExtDataInInteger(IRequest.REVOKED_REASON).intValue());
 
@@ -120,7 +125,7 @@ public class RevocationConstraints extends APolicyRule
                 return PolicyResult.REJECTED;
             }                
         }
-			        
+
         if (mAllowExpiredCerts)
             // nothing to check.
             return PolicyResult.ACCEPTED;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java
index d89288006..7ebe42361 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java
@@ -165,7 +165,7 @@ CMS.debug("**** mFormPath = "+mFormPath);
 
         AuthzToken authzToken = null;
         try {
-            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, "submit");
+            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, "revoke");
         } catch (Exception e) {
             // do nothing for now
         }
@@ -625,7 +625,7 @@ CMS.debug("**** mFormPath = "+mFormPath);
             revReq.setExtData(IRequest.CERT_INFO, revCertImpls);
             revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST);
             revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT);
-
+            revReq.setExtData(IRequest.REVOKED_REASON, reason);
             revReq.setExtData(IRequest.OLD_CERTS, oldCerts);
             if (comments != null) {
                 revReq.setExtData(IRequest.REQUESTOR_COMMENTS, comments);
diff --git a/pki/base/common/src/com/netscape/cmscore/policy/GenericPolicyProcessor.java b/pki/base/common/src/com/netscape/cmscore/policy/GenericPolicyProcessor.java
index 19315987f..d2a281be0 100644
--- a/pki/base/common/src/com/netscape/cmscore/policy/GenericPolicyProcessor.java
+++ b/pki/base/common/src/com/netscape/cmscore/policy/GenericPolicyProcessor.java
@@ -131,6 +131,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
     public synchronized void init(ISubsystem owner, IConfigStore config)
         throws EBaseException {
         // Debug.trace("GenericPolicyProcessor::init");
+        CMS.debug("GenericPolicyProcessor::init begins");
         mAuthority = (IAuthority) owner;
         mConfig = config;
         mGlobalStore = 
@@ -321,7 +322,9 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         IPolicySet rules = null;
         String op = (String) req.getRequestType();
 
+        CMS.debug("GenericPolicyProcessor: apply begins");
         if (op == null) {
+            CMS.debug("GenericPolicyProcessor: apply op null");
             // throw new AssertionException("Missing operation type in request. Can't happen!");
             // Return ACCEPTED for now. Looks like even get CA chain 
             // is being passed in here with request type set elsewhere 
@@ -333,6 +336,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
                 req.getRequestId().toString());
             return PolicyResult.ACCEPTED;
         }
+        CMS.debug("GenericPolicyProcessor: apply not ProfileRequest. op="+op);
 
         if (op.equalsIgnoreCase(IRequest.ENROLLMENT_REQUEST))
             rules = mEnrollmentRules;
@@ -353,6 +357,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         // ((PolicySet)rules).printPolicies();
         // If there are no rules, then it is a serious error.
         if (rules.count() == 0) {
+            CMS.debug("GenericPolicyProcessor: apply: rule count 0");
             // if no policy is specified, just accept the request.
             // KRA has no policy configured by default
             return PolicyResult.ACCEPTED;
@@ -362,6 +367,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
              return PolicyResult.REJECTED;
              **/
         }
+        CMS.debug("GenericPolicyProcessor: apply: rules.count="+ rules.count());
 
         // request must be up to date or can't process it.
         PolicyResult res = PolicyResult.ACCEPTED;
@@ -377,7 +383,8 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         if (res == PolicyResult.REJECTED)
             return res;
 
-            // Apply the policy rules.
+        CMS.debug("GenericPolicyProcessor: apply: calling rules.apply()");
+        // Apply the policy rules.
         return rules.apply(req);
     }
 
diff --git a/pki/base/common/src/com/netscape/cmscore/policy/PolicySet.java b/pki/base/common/src/com/netscape/cmscore/policy/PolicySet.java
index 67ea81add..fc5828871 100644
--- a/pki/base/common/src/com/netscape/cmscore/policy/PolicySet.java
+++ b/pki/base/common/src/com/netscape/cmscore/policy/PolicySet.java
@@ -178,6 +178,7 @@ public class PolicySet implements IPolicySet {
             try {
                 if (Debug.ON)
                     Debug.trace("evaluating predicate for rule " + rule.getName());
+                CMS.debug("PolicySet: apply()- evaluating predicate for rule " + rule.getName());
                 if (exp != null && !exp.evaluate(req))
                     continue;
             } catch (Exception e) {
@@ -190,7 +191,9 @@ public class PolicySet implements IPolicySet {
             try {
                 if (Debug.ON)
                     Debug.trace("Policy " + name + " selected");
+                CMS.debug("Policy " + name + " selected");
                 PolicyResult result = rule.apply(req);
+                CMS.debug("Policy applied");
 
                 if (Debug.ON)
                     Debug.trace("Policy " + name + " returned " + result);
-- 
cgit