1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
// --- BEGIN COPYRIGHT BLOCK ---
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; version 2 of the License.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License along
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
// (C) 2012 Red Hat, Inc.
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
import java.net.InetAddress;
import java.util.Locale;
import java.util.Random;
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.EPropertyNotFound;
import com.netscape.certsrv.base.ISecurityDomainSessionTable;
import com.netscape.certsrv.base.PKIException;
import com.netscape.certsrv.base.UnauthorizedException;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.system.InstallToken;
import com.netscape.cms.servlet.processors.Processor;
/**
* @author Endi S. Dewata
*/
public class SecurityDomainProcessor extends Processor {
private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE =
"LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
Random random = new Random();
public SecurityDomainProcessor(Locale locale) throws EPropertyNotFound, EBaseException {
super("securitydomain", locale);
}
public InstallToken getInstallToken(
String user,
String hostname,
String subsystem) throws EBaseException {
String groupname = ConfigurationUtils.getGroupName(user, subsystem);
if (groupname == null) {
String message = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
user,
ILogger.FAILURE,
"Enterprise " + subsystem + " Administrators");
audit(message);
throw new UnauthorizedException("Access denied.");
}
String message = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
user,
ILogger.SUCCESS,
groupname);
audit(message);
String ip = "";
try {
ip = InetAddress.getByName(hostname).getHostAddress();
} catch (Exception e) {
CMS.debug("Unable to determine IP address for "+hostname);
}
// assign cookie
Long num = random.nextLong();
String cookie = num.toString();
String auditParams = "operation;;issue_token+token;;" + cookie + "+ip;;" + ip +
"+uid;;" + user + "+groupname;;" + groupname;
ISecurityDomainSessionTable ctable = CMS.getSecurityDomainSessionTable();
int status = ctable.addEntry(cookie, ip, user, groupname);
if (status == ISecurityDomainSessionTable.SUCCESS) {
message = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE,
user,
ILogger.SUCCESS,
auditParams);
audit(message);
} else {
message = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE,
user,
ILogger.FAILURE,
auditParams);
audit(message);
throw new PKIException("Failed to update security domain.");
}
return new InstallToken(cookie);
}
}
|