// --- BEGIN COPYRIGHT BLOCK --- // This program is free software; you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation; version 2 of the License. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License along // with this program; if not, write to the Free Software Foundation, Inc., // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. // // (C) 2007 Red Hat, Inc. // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.Date; import java.util.Enumeration; import java.util.Locale; import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import netscape.security.x509.X509CertImpl; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.authorization.AuthzToken; import com.netscape.certsrv.authorization.EAuthzAccessDenied; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.Nonces; import com.netscape.certsrv.ca.ICertificateAuthority; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.profile.EDeferException; import com.netscape.certsrv.profile.EProfileException; import com.netscape.certsrv.profile.ERejectException; import com.netscape.certsrv.profile.IEnrollProfile; import com.netscape.certsrv.profile.IPolicyConstraint; import com.netscape.certsrv.profile.IPolicyDefault; import com.netscape.certsrv.profile.IProfile; import com.netscape.certsrv.profile.IProfileOutput; import com.netscape.certsrv.profile.IProfilePolicy; import com.netscape.certsrv.profile.IProfileSubsystem; import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.request.RequestStatus; import com.netscape.certsrv.template.ArgList; import com.netscape.certsrv.template.ArgSet; import com.netscape.certsrv.util.IStatsSubsystem; import com.netscape.cms.profile.common.ProfilePolicy; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.util.Utils; /** * This servlet approves profile-based request. * * @version $Revision$, $Date$ */ public class ProfileProcessServlet extends ProfileServlet { /** * */ private static final long serialVersionUID = 5244627530516577838L; private static final String PROP_AUTHORITY_ID = "authorityId"; private String mAuthorityId = null; private Nonces mNonces = null; private final static String SIGNED_AUDIT_CERT_REQUEST_REASON = "requestNotes"; private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; public ProfileProcessServlet() { } public void init(ServletConfig sc) throws ServletException { super.init(sc); mAuthorityId = sc.getInitParameter(PROP_AUTHORITY_ID); ICertificateAuthority authority = null; if (mAuthorityId != null) authority = (ICertificateAuthority) CMS.getSubsystem(mAuthorityId); if (authority != null && authority.noncesEnabled()) { mNonces = authority.getNonces(); } } public void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest request = cmsReq.getHttpReq(); HttpServletResponse response = cmsReq.getHttpResp(); IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); if (statsSub != null) { statsSub.startTiming("approval", true /* main action */); } IAuthToken authToken = null; ArgSet args = new ArgSet(); Locale locale = getLocale(request); if (mAuthMgr != null) { try { authToken = authenticate(cmsReq); } catch (EBaseException e) { CMS.debug("ProfileProcessServlet: " + e.toString()); log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { statsSub.endTiming("approval"); } return; } } AuthzToken authzToken = null; try { authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, "approve"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { statsSub.endTiming("approval"); } return; } if (mNonces != null) { String requestNonce = request.getParameter(ARG_REQUEST_NONCE); boolean nonceVerified = false; if (requestNonce != null) { long nonce = Long.parseLong(requestNonce.trim()); X509Certificate cert1 = mNonces.getCertificate(nonce); X509Certificate cert2 = getSSLClientCertificate(request); if (cert1 == null) { CMS.debug("ProfileProcessServlet: Unknown nonce"); } else if (cert1 != null && cert2 != null && cert1.equals(cert2)) { nonceVerified = true; mNonces.removeNonce(nonce); } } else { CMS.debug("ProfileProcessServlet: Missing nonce"); } CMS.debug("ProfileProcessServlet: nonceVerified=" + nonceVerified); if (!nonceVerified) { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { statsSub.endTiming("approval"); } return; } } CMS.debug("ProfileProcessServlet: start serving"); // (1) Read request from the database // (2) Get profile id from the request if (mProfileSubId == null || mProfileSubId.equals("")) { mProfileSubId = IProfileSubsystem.ID; } CMS.debug("ProfileProcessServlet: SubId=" + mProfileSubId); IProfileSubsystem ps = (IProfileSubsystem) CMS.getSubsystem(mProfileSubId); if (ps == null) { CMS.debug("ProfileProcessServlet: ProfileSubsystem not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { statsSub.endTiming("approval"); } return; } // retrieve request IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId); if (authority == null) { CMS.debug("ProfileProcessServlet: Authority " + mAuthorityId + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { statsSub.endTiming("approval"); } return; } IRequestQueue queue = authority.getRequestQueue(); if (queue == null) { CMS.debug("ProfileProcessServlet: Request Queue of " + mAuthorityId + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { statsSub.endTiming("approval"); } return; } String requestId = request.getParameter("requestId"); if (requestId == null || requestId.equals("")) { CMS.debug("ProfileProcessServlet: Request Id not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_REQUEST_ID_NOT_FOUND")); outputTemplate(request, response, args); if (statsSub != null) { statsSub.endTiming("approval"); } return; } IRequest req = null; CMS.debug("ProfileProcessServlet: requestId=" + requestId); try { req = queue.findRequest(new RequestId(requestId)); } catch (EBaseException e) { // request not found CMS.debug("ProfileProcessServlet: request not found requestId=" + requestId + " " + e.toString()); } if (req == null) { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_REQUEST_NOT_FOUND", requestId)); outputTemplate(request, response, args); if (statsSub != null) { statsSub.endTiming("approval"); } return; } // check if the request is in one of the terminal states if (!req.getRequestStatus().equals(RequestStatus.PENDING)) { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_REQUEST_NOT_PENDING", requestId)); args.set(ARG_REQUEST_ID, requestId); outputTemplate(request, response, args); if (statsSub != null) { statsSub.endTiming("approval"); } return; } String profileId = req.getExtDataInString("profileId"); CMS.debug("ProfileProcessServlet: profileId=" + profileId); if (profileId == null || profileId.equals("")) { CMS.debug("ProfileProcessServlet: Profile Id not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_ID_NOT_FOUND")); outputTemplate(request, response, args); if (statsSub != null) { statsSub.endTiming("approval"); } return; } String op = request.getParameter("op"); if (op == null) { CMS.debug("ProfileProcessServlet: No op found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_OP_NOT_FOUND")); outputTemplate(request, response, args); if (statsSub != null) { statsSub.endTiming("approval"); } return; } IProfile profile = null; try { profile = ps.getProfile(profileId); } catch (EProfileException e) { // profile not found CMS.debug("ProfileProcessServlet: profile not found " + " " + " profileId=" + profileId + " " + e.toString()); } if (profile == null) { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId)); outputTemplate(request, response, args); if (statsSub != null) { statsSub.endTiming("approval"); } return; } // if profile is currently disabled, dont do anything if (!ps.isProfileEnable(profileId)) { CMS.debug("ProfileProcessServlet: Profile Id not enabled"); args.set(ARG_OP, op); args.set(ARG_REQUEST_ID, req.getRequestId().toString()); args.set(ARG_REQUEST_STATUS, req.getRequestStatus().toString()); args.set(ARG_REQUEST_TYPE, req.getRequestType()); args.set(ARG_PROFILE_ID, profileId); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_ID_NOT_ENABLED")); outputTemplate(request, response, args); if (statsSub != null) { statsSub.endTiming("approval"); } return; } args.set(ARG_ERROR_CODE, "0"); args.set(ARG_ERROR_REASON, ""); try { if (op.equals("assign")) { String owner = req.getRequestOwner(); // assigned owner if (owner != null && owner.length() > 0) { if (!grantPermission(req, authToken)) { CMS.debug("ProfileProcessServlet: Permission not granted to assign request."); args.set(ARG_OP, op); args.set(ARG_REQUEST_ID, req.getRequestId().toString()); args.set(ARG_REQUEST_STATUS, req.getRequestStatus().toString()); args.set(ARG_REQUEST_TYPE, req.getRequestType()); args.set(ARG_PROFILE_ID, profileId); args.set(ARG_PROFILE_ID, profileId); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_DENY_OPERATION")); outputTemplate(request, response, args); if (statsSub != null) { statsSub.endTiming("approval"); } return; } } assignRequest(request, args, req, queue, profile, locale); } else { if (grantPermission(req, authToken)) { if (op.equals("approve")) { checkProfileVersion(profile, req, locale); updateValues(request, req, queue, profile, locale); updateNotes(request, req); approveRequest(request, args, req, queue, profile, locale); } else if (op.equals("reject")) { updateNotes(request, req); rejectRequest(request, args, req, queue, profile, locale); } else if (op.equals("cancel")) { updateNotes(request, req); cancelRequest(request, args, req, queue, profile, locale); } else if (op.equals("update")) { checkProfileVersion(profile, req, locale); updateValues(request, req, queue, profile, locale); updateNotes(request, req); } else if (op.equals("validate")) { updateValues(request, req, queue, profile, locale); } else if (op.equals("unassign")) { unassignRequest(request, args, req, queue, profile, locale); } } else { CMS.debug("ProfileProcessServlet: Permission not granted to approve/reject/cancel/update/validate/unassign request."); args.set(ARG_OP, op); args.set(ARG_REQUEST_ID, req.getRequestId().toString()); args.set(ARG_REQUEST_STATUS, req.getRequestStatus().toString()); args.set(ARG_REQUEST_TYPE, req.getRequestType()); args.set(ARG_PROFILE_ID, profileId); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_DENY_OPERATION")); outputTemplate(request, response, args); if (statsSub != null) { statsSub.endTiming("approval"); } return; } } // commit request to the storage if (!op.equals("validate")) { try { if (op.equals("approve")) { queue.markAsServiced(req); } else { queue.updateRequest(req); } } catch (EBaseException e) { CMS.debug("ProfileProcessServlet: Request commit error " + e.toString()); // save request to disk args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { statsSub.endTiming("approval"); } return; } } } catch (ERejectException e) { CMS.debug("ProfileProcessServlet: execution rejected " + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_REJECTED", e.toString())); } catch (EDeferException e) { CMS.debug("ProfileProcessServlet: execution defered " + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_DEFERRED", e.toString())); } catch (EPropertyException e) { CMS.debug("ProfileProcessServlet: execution error " + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_PROPERTY_ERROR", e.toString())); } catch (EProfileException e) { CMS.debug("ProfileProcessServlet: execution error " + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); } args.set(ARG_OP, op); args.set(ARG_REQUEST_ID, req.getRequestId().toString()); args.set(ARG_REQUEST_STATUS, req.getRequestStatus().toString()); args.set(ARG_REQUEST_TYPE, req.getRequestType()); args.set(ARG_PROFILE_ID, profileId); outputTemplate(request, response, args); if (statsSub != null) { statsSub.endTiming("approval"); } } public boolean grantPermission(IRequest req, IAuthToken token) { try { boolean enable = CMS.getConfigStore().getBoolean("request.assignee.enable", false); if (!enable) return true; String owner = req.getRequestOwner(); // unassigned owner if (owner == null || owner.length() == 0) return true; String uid = token.getInString(IAuthToken.USER_ID); if (uid.equals(owner)) return true; } catch (Exception e) { } return false; } /** * Check if the request creation time is older than the profile * lastModified attribute. */ protected void checkProfileVersion(IProfile profile, IRequest req, Locale locale) throws EProfileException { IConfigStore profileConfig = profile.getConfigStore(); if (profileConfig != null) { String lastModified = null; try { lastModified = profileConfig.getString("lastModified", ""); } catch (EBaseException e) { CMS.debug(e.toString()); throw new EProfileException(e.toString()); } if (!lastModified.equals("")) { Date profileModifiedAt = new Date(Long.parseLong(lastModified)); CMS.debug("ProfileProcessServlet: Profile Last Modified=" + profileModifiedAt); Date reqCreatedAt = req.getCreationTime(); CMS.debug("ProfileProcessServlet: Request Created At=" + reqCreatedAt); if (profileModifiedAt.after(reqCreatedAt)) { CMS.debug("Profile Newer Than Request"); throw new ERejectException("Profile Newer Than Request"); } } } } protected void assignRequest(ServletRequest request, ArgSet args, IRequest req, IRequestQueue queue, IProfile profile, Locale locale) throws EProfileException { String id = auditSubjectID(); req.setRequestOwner(id); } protected void unassignRequest(ServletRequest request, ArgSet args, IRequest req, IRequestQueue queue, IProfile profile, Locale locale) throws EProfileException { req.setRequestOwner(""); } /** * Cancel request *

* * (Certificate Request Processed - a manual "agent" profile based cert cancellation) *

* *

* * @param request the servlet request * @param args argument set * @param req the certificate request * @param queue the certificate request queue * @param profile this profile * @param locale the system locale * @exception EProfileException an error related to this profile has * occurred */ protected void cancelRequest(ServletRequest request, ArgSet args, IRequest req, IRequestQueue queue, IProfile profile, Locale locale) throws EProfileException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(req); String auditInfoValue = auditInfoValue(req); // try { req.setRequestStatus(RequestStatus.CANCELED); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, auditSubjectID, ILogger.SUCCESS, auditRequesterID, ILogger.SIGNED_AUDIT_CANCELLATION, auditInfoValue); audit(auditMessage); // } catch( EProfileException eAudit1 ) { // // store a message in the signed audit log file // auditMessage = CMS.getLogMessage( // LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, // auditSubjectID, // ILogger.FAILURE, // auditRequesterID, // ILogger.SIGNED_AUDIT_CANCELLATION, // auditInfoValue ); // // audit( auditMessage ); // } } /** * Reject request *

* * (Certificate Request Processed - a manual "agent" profile based cert rejection) *

* *

* * @param request the servlet request * @param args argument set * @param req the certificate request * @param queue the certificate request queue * @param profile this profile * @param locale the system locale * @exception EProfileException an error related to this profile has * occurred */ protected void rejectRequest(ServletRequest request, ArgSet args, IRequest req, IRequestQueue queue, IProfile profile, Locale locale) throws EProfileException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(req); String auditInfoValue = auditInfoValue(req); // try { req.setRequestStatus(RequestStatus.REJECTED); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, auditSubjectID, ILogger.SUCCESS, auditRequesterID, ILogger.SIGNED_AUDIT_REJECTION, auditInfoValue); audit(auditMessage); // } catch( EProfileException eAudit1 ) { // // store a message in the signed audit log file // auditMessage = CMS.getLogMessage( // LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, // auditSubjectID, // ILogger.FAILURE, // auditRequesterID, // ILogger.SIGNED_AUDIT_REJECTION, // auditInfoValue ); // // audit( auditMessage ); // } } /** * Approve request *

* * (Certificate Request Processed - a manual "agent" profile based cert acceptance) *

* *

* * @param request the servlet request * @param args argument set * @param req the certificate request * @param queue the certificate request queue * @param profile this profile * @param locale the system locale * @exception EProfileException an error related to this profile has * occurred */ protected void approveRequest(ServletRequest request, ArgSet args, IRequest req, IRequestQueue queue, IProfile profile, Locale locale) throws EProfileException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(req); try { profile.execute(req); req.setRequestStatus(RequestStatus.COMPLETE); ArgList outputlist = new ArgList(); Enumeration outputIds = profile.getProfileOutputIds(); if (outputIds != null) { while (outputIds.hasMoreElements()) { String outputId = outputIds.nextElement(); IProfileOutput profileOutput = profile.getProfileOutput( outputId); Enumeration outputNames = profileOutput.getValueNames(); if (outputNames != null) { while (outputNames.hasMoreElements()) { ArgSet outputset = new ArgSet(); String outputName = outputNames.nextElement(); IDescriptor outputDesc = profileOutput.getValueDescriptor(locale, outputName); if (outputDesc == null) continue; String outputSyntax = outputDesc.getSyntax(); String outputConstraint = outputDesc.getConstraint(); String outputValueName = outputDesc.getDescription(locale); String outputValue = null; try { outputValue = profileOutput.getValue( outputName, locale, req); } catch (EProfileException e) { CMS.debug("ProfileSubmitServlet: " + e.toString()); } outputset.set(ARG_OUTPUT_ID, outputName); outputset.set(ARG_OUTPUT_SYNTAX, outputSyntax); outputset.set(ARG_OUTPUT_CONSTRAINT, outputConstraint); outputset.set(ARG_OUTPUT_NAME, outputValueName); outputset.set(ARG_OUTPUT_VAL, outputValue); outputlist.add(outputset); } } } } args.set(ARG_OUTPUT_LIST, outputlist); // retrieve the certificate X509CertImpl theCert = req.getExtDataInCert( IEnrollProfile.REQUEST_ISSUED_CERT); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, auditSubjectID, ILogger.SUCCESS, auditRequesterID, ILogger.SIGNED_AUDIT_ACCEPTANCE, auditInfoCertValue(theCert)); audit(auditMessage); } catch (EProfileException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, auditSubjectID, ILogger.FAILURE, auditRequesterID, ILogger.SIGNED_AUDIT_ACCEPTANCE, ILogger.SIGNED_AUDIT_EMPTY_VALUE); audit(auditMessage); CMS.debug("ProfileProcessServlet: about to throw EProfileException because of bad profile execute."); throw new EProfileException(eAudit1.toString()); } } protected void updateValues(ServletRequest request, IRequest req, IRequestQueue queue, IProfile profile, Locale locale) throws ERejectException, EDeferException, EPropertyException { String profileSetId = req.getExtDataInString("profileSetId"); Enumeration policies = profile.getProfilePolicies(profileSetId); int count = 0; while (policies.hasMoreElements()) { ProfilePolicy policy = policies.nextElement(); setValue(locale, count, policy, req, request); count++; } policies = profile.getProfilePolicies(profileSetId); count = 0; while (policies.hasMoreElements()) { ProfilePolicy policy = policies.nextElement(); validate(locale, count, policy, req, request); count++; } } protected void updateNotes(ServletRequest request, IRequest req) { String notes = request.getParameter(ARG_REQUEST_NOTES); if (notes != null) { req.setExtData("requestNotes", notes); } } protected void validate(Locale locale, int count, IProfilePolicy policy, IRequest req, ServletRequest request) throws ERejectException, EDeferException { IPolicyConstraint con = policy.getConstraint(); con.validate(req); } protected void setValue(Locale locale, int count, IProfilePolicy policy, IRequest req, ServletRequest request) throws EPropertyException { // handle default policy IPolicyDefault def = policy.getDefault(); Enumeration defNames = def.getValueNames(); while (defNames.hasMoreElements()) { String defName = defNames.nextElement(); String defValue = request.getParameter(defName); def.setValue(defName, locale, req, defValue); } } /** * Signed Audit Log Requester ID * * This method is called to obtain the "RequesterID" for * a signed audit log message. *

* * @param request the actual request * @return id string containing the signed audit log message RequesterID */ private String auditRequesterID(IRequest request) { // if no signed audit object exists, bail if (mSignedAuditLogger == null) { return null; } String requesterID = ILogger.UNIDENTIFIED; if (request != null) { // overwrite "requesterID" if and only if "id" != null String id = request.getRequestId().toString(); if (id != null) { requesterID = id.trim(); } } return requesterID; } /** * Signed Audit Log Info Value * * This method is called to obtain the "reason" for * a signed audit log message. *

* * @param request the actual request * @return reason string containing the signed audit log message reason */ private String auditInfoValue(IRequest request) { // if no signed audit object exists, bail if (mSignedAuditLogger == null) { return null; } String reason = ILogger.SIGNED_AUDIT_EMPTY_VALUE; if (request != null) { // overwrite "reason" if and only if "info" != null String info = request.getExtDataInString(SIGNED_AUDIT_CERT_REQUEST_REASON); if (info != null) { reason = info.trim(); // overwrite "reason" if and only if "reason" is empty if (reason.equals("")) { reason = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } } } return reason; } /** * Signed Audit Log Info Certificate Value * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. *

* * @param x509cert an X509CertImpl * @return cert string containing the certificate */ private String auditInfoCertValue(X509CertImpl x509cert) { // if no signed audit object exists, bail if (mSignedAuditLogger == null) { return null; } if (x509cert == null) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; } byte rawData[] = null; try { rawData = x509cert.getEncoded(); } catch (CertificateEncodingException e) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; } String cert = null; // convert "rawData" into "base64Data" if (rawData != null) { String base64Data = null; base64Data = Utils.base64encode(rawData).trim(); // extract all line separators from the "base64Data" StringBuffer sb = new StringBuffer(); for (int i = 0; i < base64Data.length(); i++) { if (!Character.isWhitespace(base64Data.charAt(i))) { sb.append(base64Data.charAt(i)); } } cert = sb.toString(); } if (cert != null) { cert = cert.trim(); if (cert.equals("")) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; } else { return cert; } } else { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; } } }