diff options
| author | Ade Lee <alee@redhat.com> | 2012-06-16 00:42:53 -0400 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2012-06-16 00:42:53 -0400 |
| commit | dd8a44d7639f107c26de4334c671dcabba1a7d11 (patch) | |
| tree | c3d89dbe18692d8e383a05ab60cb980c02e95eba | |
| parent | 65b495b46626f738da5646cdf302b683aa78b51c (diff) | |
| download | pki-alee_profilesubmit_0616.tar.gz pki-alee_profilesubmit_0616.tar.xz pki-alee_profilesubmit_0616.zip | |
latest commit with endi changes and debuggingalee_profilesubmit_0616
9 files changed, 734 insertions, 687 deletions
diff --git a/base/ca/functional/src/com/netscape/cms/servlet/test/CATest.java b/base/ca/functional/src/com/netscape/cms/servlet/test/CATest.java index b250e9b3..2ccea830 100644 --- a/base/ca/functional/src/com/netscape/cms/servlet/test/CATest.java +++ b/base/ca/functional/src/com/netscape/cms/servlet/test/CATest.java @@ -205,52 +205,21 @@ public class CATest { //Initiate a Certificate Enrollment - EnrollmentRequestData data = new EnrollmentRequestData(); - data.setProfileId("caUserCert"); - data.setIsRenewal(false); - - //Simulate a "caUserCert" Profile enrollment - - ProfileInput certReq = data.createInput("Key Generation"); - certReq.setInputAttr("cert_request_type", "crmf"); - certReq.setInputAttr( - "cert_request", - "MIIBozCCAZ8wggEFAgQBMQp8MIHHgAECpQ4wDDEKMAgGA1UEAxMBeKaBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2NgaPHp0jiohcP4M+ufrJOZEqH8GV+liu5JLbT8nWpkfhC+8EUBqT6g+n3qroSxIcNVGNdcsBEqs1utvpItzyslAbpdyat3WwQep1dWMzo6RHrPDuIoxNA0Yka1n3qEX4U//08cLQtUv2bYglYgN/hOCNQemLV6vZWAv0n7zelkCAwEAAakQMA4GA1UdDwEB/wQEAwIF4DAzMBUGCSsGAQUFBwUBAQwIcmVnVG9rZW4wGgYJKwYBBQUHBQECDA1hdXRoZW50aWNhdG9yoYGTMA0GCSqGSIb3DQEBBQUAA4GBAJ1VOQcaSEhdHa94s8kifVbSZ2WZeYE5//qxL6wVlEst20vq4ybj13CetnbN3+WT49Zkwp7Fg+6lALKgSk47suTg3EbbQDm+8yOrC0nc/q4PTRoHl0alMmUxIhirYc1t3xoCMqJewmjX1bNP8lpVIZAYFZo4eZCpZaiSkM5BeHhz"); - - ProfileInput subjectName = data.createInput("Subject Name"); - subjectName.setInputAttr("sn_uid", "jmagne"); - subjectName.setInputAttr("sn_e", "jmagne@redhat.com"); - subjectName.setInputAttr("sn_c", "US"); - subjectName.setInputAttr("sn_ou", "Development"); - subjectName.setInputAttr("sn_ou1", "IPA"); - subjectName.setInputAttr("sn_ou2", "Dogtag"); - subjectName.setInputAttr("sn_ou3", "CA"); - subjectName.setInputAttr("sn_cn", "Common"); - subjectName.setInputAttr("sn_o", "RedHat"); + EnrollmentRequestData data = createUserCertEnrollment(); + enrollAndApproveCertRequest(client, data); - ProfileInput submitter = data.createInput("Requestor Information"); - submitter.setInputAttr("requestor_name", "admin"); - submitter.setInputAttr("requestor_email", "admin@redhat.com"); - submitter.setInputAttr("requestor_phone", "650-555-5555"); - - CertRequestInfos reqInfo = null; - - try { - reqInfo = client.enrollCertificate(data); - } catch (Exception e) { - e.printStackTrace(); - log(e.toString()); - } + // submit a RA authenticated user cert request + data.setProfileId("caDualRAuserCert"); + enrollCertRequest(client, data); - for (CertRequestInfo info : reqInfo.getRequests()) { - printRequestInfo(info); - AgentEnrollmentRequestData reviewData = client.reviewRequest(info.getRequestId()); - log(reviewData.toString()); + // now try a manually approved server cert + EnrollmentRequestData serverData = createServerCertEnrollment(); + enrollAndApproveCertRequest(client,serverData); - reviewData.setRequestNotes("This is an approval message"); - client.approveRequest(reviewData); - } + // submit using an agent approval profile + serverData.setProfileId("caAgentServerCert"); + enrollCertRequest(client, serverData); //Perform a sample certificate search with advanced search terms @@ -303,6 +272,95 @@ public class CATest { } + private static void enrollAndApproveCertRequest(CARestClient client, EnrollmentRequestData data) { + CertRequestInfos reqInfo = null; + try { + reqInfo = client.enrollCertificate(data); + } catch (Exception e) { + e.printStackTrace(); + log(e.toString()); + } + + for (CertRequestInfo info : reqInfo.getRequests()) { + printRequestInfo(info); + + AgentEnrollmentRequestData reviewData = client.reviewRequest(info.getRequestId()); + log(reviewData.toString()); + + reviewData.setRequestNotes("This is an approval message"); + client.approveRequest(reviewData); + } + } + + private static void enrollCertRequest(CARestClient client, EnrollmentRequestData data) { + CertRequestInfos reqInfo = null; + try { + reqInfo = client.enrollCertificate(data); + } catch (Exception e) { + e.printStackTrace(); + log(e.toString()); + } + + for (CertRequestInfo info : reqInfo.getRequests()) { + printRequestInfo(info); + } + } + + private static EnrollmentRequestData createUserCertEnrollment() { + EnrollmentRequestData data = new EnrollmentRequestData(); + data.setProfileId("caUserCert"); + data.setIsRenewal(false); + + //Simulate a "caUserCert" Profile enrollment + + ProfileInput certReq = data.createInput("Key Generation"); + certReq.setInputAttr("cert_request_type", "crmf"); + certReq.setInputAttr( + "cert_request", + "MIIBozCCAZ8wggEFAgQBMQp8MIHHgAECpQ4wDDEKMAgGA1UEAxMBeKaBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2NgaPHp0jiohcP4M+ufrJOZEqH8GV+liu5JLbT8nWpkfhC+8EUBqT6g+n3qroSxIcNVGNdcsBEqs1utvpItzyslAbpdyat3WwQep1dWMzo6RHrPDuIoxNA0Yka1n3qEX4U//08cLQtUv2bYglYgN/hOCNQemLV6vZWAv0n7zelkCAwEAAakQMA4GA1UdDwEB/wQEAwIF4DAzMBUGCSsGAQUFBwUBAQwIcmVnVG9rZW4wGgYJKwYBBQUHBQECDA1hdXRoZW50aWNhdG9yoYGTMA0GCSqGSIb3DQEBBQUAA4GBAJ1VOQcaSEhdHa94s8kifVbSZ2WZeYE5//qxL6wVlEst20vq4ybj13CetnbN3+WT49Zkwp7Fg+6lALKgSk47suTg3EbbQDm+8yOrC0nc/q4PTRoHl0alMmUxIhirYc1t3xoCMqJewmjX1bNP8lpVIZAYFZo4eZCpZaiSkM5BeHhz"); + + ProfileInput subjectName = data.createInput("Subject Name"); + subjectName.setInputAttr("sn_uid", "jmagne"); + subjectName.setInputAttr("sn_e", "jmagne@redhat.com"); + subjectName.setInputAttr("sn_c", "US"); + subjectName.setInputAttr("sn_ou", "Development"); + subjectName.setInputAttr("sn_ou1", "IPA"); + subjectName.setInputAttr("sn_ou2", "Dogtag"); + subjectName.setInputAttr("sn_ou3", "CA"); + subjectName.setInputAttr("sn_cn", "Common"); + subjectName.setInputAttr("sn_o", "RedHat"); + + ProfileInput submitter = data.createInput("Requestor Information"); + submitter.setInputAttr("requestor_name", "admin"); + submitter.setInputAttr("requestor_email", "admin@redhat.com"); + submitter.setInputAttr("requestor_phone", "650-555-5555"); + return data; + } + + private static EnrollmentRequestData createServerCertEnrollment() { + EnrollmentRequestData data = new EnrollmentRequestData(); + data.setProfileId("caServerCert"); + data.setIsRenewal(false); + + //Simulate a "caUserCert" Profile enrollment + + ProfileInput certReq = data.createInput("Key Generation"); + certReq.setInputAttr("cert_request_type", "pkcs10"); + certReq.setInputAttr( + "cert_request", + "MIIBZjCB0AIBADAnMQ8wDQYDVQQKEwZyZWRoYXQxFDASBgNVBAMTC2FsZWUtd29ya3BjMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJtuKg9osJEBUwz8LoMQwwm1m7D97NNJEmvEhvBMet+VCtbd/erAFMoVXEgSKks/XFK2ViTeZYpp0A2pe4bm4yxowZm0b6von9BKGQ0jNtLemoOkGRWC/PP+fYP16aH62xu4z8MH1pBubdlAEp3Ppnr93aB1lzQaPVmcR3B4OWhwIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEAgZhZOe0LqQD5iywAO7sY0PANVGzzdcmoLZJjjASY3kU5E3K8u3FKh24WJxcWzdC+/FysDkJixJb7xGUm697QwZvGxmAIQH4yIebWJ2KLHQQgRJytjVYySrRo2Fuo/dm2zzf3+o8WBuD2eMsEjsZfuKxhz7EahvyC2y/CuTBA08s=" + ); + ProfileInput subjectName = data.createInput("Subject Name"); + subjectName.setInputAttr("sn_cn", "alee-workpc"); + subjectName.setInputAttr("sn_o", "redhat"); + + ProfileInput submitter = data.createInput("Requestor Information"); + submitter.setInputAttr("requestor_name", "admin"); + submitter.setInputAttr("requestor_email", "admin@redhat.com"); + submitter.setInputAttr("requestor_phone", "650-555-5555"); + return data; + } + private static void printProfileInfos(ProfileDataInfos pInfos) { if (pInfos == null) { diff --git a/base/common/src/CMakeLists.txt b/base/common/src/CMakeLists.txt index 2af0a6a7..b7f9d7fd 100644 --- a/base/common/src/CMakeLists.txt +++ b/base/common/src/CMakeLists.txt @@ -793,7 +793,6 @@ set(pki-cms_java_SRCS com/netscape/cms/servlet/ocsp/RemoveCAServlet.java com/netscape/cms/servlet/ocsp/GetOCSPInfo.java com/netscape/cms/servlet/ocsp/AddCAServlet.java - com/netscape/cms/servlet/profile/ProfileConfig.java com/netscape/cms/servlet/profile/ProfileSubmitServlet.java com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java com/netscape/cms/servlet/profile/ProfileSelectServlet.java diff --git a/base/common/src/com/netscape/certsrv/profile/IPolicyDefault.java b/base/common/src/com/netscape/certsrv/profile/IPolicyDefault.java index e18534d6..2c1d6250 100644 --- a/base/common/src/com/netscape/certsrv/profile/IPolicyDefault.java +++ b/base/common/src/com/netscape/certsrv/profile/IPolicyDefault.java @@ -133,4 +133,5 @@ public interface IPolicyDefault extends IConfigTemplate { */ public String getValue(String name, Locale locale, IRequest request) throws EPropertyException; + } diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileConfig.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileConfig.java deleted file mode 100644 index 2562f8c6..00000000 --- a/base/common/src/com/netscape/cms/servlet/profile/ProfileConfig.java +++ /dev/null @@ -1,147 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2012 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.profile; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.profile.IProfileSubsystem; -import com.netscape.cms.servlet.common.ServletUtils; - -public class ProfileConfig { - public static final String PROFILE_ID = "profileId"; - public static final String AUTH_ID = "authId"; - public static final String ACL_METHOD = "aclMethod"; - public static final String AUTHZ_RESOURCE_NAME = "authzResourceName"; - public static final String AUTH_MGR = "authMgr"; - public static final String AUTHZ_MGR = "authzMgr"; - public static final String GET_CLIENT_CERT = "getClientCert"; - public static final String ACL_INFO = "ACLinfo"; - public static final String AUTHORITY_ID = "authorityId"; - public static final String PROFILE_SUB_ID = "profileSubId"; - - private String profileId; - private String authId; - private String aclMethod; - private String authzResourceName; - private String authMgr; - private String authzMgr; - private String getClientCert; - private String aclInfo; - private String authorityId; - private String profileSubId; - - public ProfileConfig(String id) throws EBaseException { - IConfigStore cs = CMS.getConfigStore().getSubStore("profile." + id); - try { - profileId = cs.getString(PROFILE_ID, "").isEmpty() ? null : cs.getString(PROFILE_ID); - authId = cs.getString(AUTH_ID, "").isEmpty() ? null : cs.getString(AUTH_ID); - aclInfo = cs.getString(ACL_INFO, "").isEmpty() ? null : cs.getString(ACL_INFO); - authzResourceName = cs.getString(AUTHZ_RESOURCE_NAME, "").isEmpty() ? null : cs.getString(AUTHZ_RESOURCE_NAME); - authMgr = cs.getString(AUTH_MGR, "").isEmpty() ? null : cs.getString(AUTH_MGR); - authzMgr = cs.getString(AUTHZ_MGR, "").isEmpty() ? null : cs.getString(AUTHZ_MGR); - getClientCert = cs.getString(GET_CLIENT_CERT, "").isEmpty() ? "false" : cs.getString(GET_CLIENT_CERT); - authorityId = cs.getString(AUTHORITY_ID, "").isEmpty() ? null : cs.getString(AUTHORITY_ID); - profileSubId = cs.getString(PROFILE_SUB_ID, "").isEmpty() ? IProfileSubsystem.ID : cs.getString(PROFILE_SUB_ID); - } catch (EBaseException e) { - e.printStackTrace(); - CMS.debug("Error in getting profile config for profile." + id); - } - aclMethod = ServletUtils.getACLMethod(aclInfo, authzMgr, id); - } - - public String getProfileId() { - return profileId; - } - - public void setProfileId(String profileId) { - this.profileId = profileId; - } - - public String getAuthId() { - return authId; - } - - public void setAuthId(String authId) { - this.authId = authId; - } - - public String getAclMethod() { - return aclMethod; - } - - public void setAclMethod(String aclMethod) { - this.aclMethod = aclMethod; - } - - public String getAuthzResourceName() { - return authzResourceName; - } - - public void setAuthzResourceName(String authzResourceName) { - this.authzResourceName = authzResourceName; - } - - public String getAuthMgr() { - return authMgr; - } - - public void setAuthMgr(String authMgr) { - this.authMgr = authMgr; - } - - public String getGetClientCert() { - return getClientCert; - } - - public void setGetClientCert(String getClientCert) { - this.getClientCert = getClientCert; - } - - public String getAuthzMgr() { - return authzMgr; - } - - public void setAuthzMgr(String authzMgr) { - this.authzMgr = authzMgr; - } - - public String getAclInfo() { - return aclInfo; - } - - public void setAclInfo(String aclInfo) { - this.aclInfo = aclInfo; - } - - public String getAuthorityId() { - return authorityId; - } - - public void setAuthorityId(String authorityId) { - this.authorityId = authorityId; - } - - public String getProfileSubId() { - return profileSubId; - } - - public void setProfileSubId(String profileSubId) { - this.profileSubId = profileSubId; - } -} diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessor.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessor.java index 567ecf01..808b9d5d 100644 --- a/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessor.java +++ b/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessor.java @@ -26,10 +26,11 @@ import java.util.Enumeration; import java.util.HashMap; import java.util.Hashtable; import java.util.LinkedHashSet; +import java.util.List; import java.util.Locale; +import java.util.Map; import java.util.StringTokenizer; -import javax.servlet.ServletRequest; import javax.servlet.http.HttpServletRequest; import netscape.security.x509.BasicConstraintsExtension; @@ -38,12 +39,12 @@ import netscape.security.x509.X509CertImpl; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.AuthToken; import com.netscape.certsrv.authentication.IAuthToken; -import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.authorization.AuthzToken; import com.netscape.certsrv.authorization.EAuthzException; import com.netscape.certsrv.authorization.IAuthzSubsystem; import com.netscape.certsrv.base.BadRequestDataException; import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.EPropertyNotFound; import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.MetaInfo; @@ -75,10 +76,16 @@ import com.netscape.certsrv.usrgrp.IGroup; import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.util.IStatsSubsystem; import com.netscape.cms.profile.common.ProfilePolicy; -import com.netscape.cms.servlet.base.UserInfo; import com.netscape.cms.servlet.common.AuthCredentials; import com.netscape.cms.servlet.common.CMSGateway; import com.netscape.cms.servlet.common.CMSRequest; +import com.netscape.cms.servlet.common.ServletUtils; +import com.netscape.cms.servlet.profile.model.PolicyAttribute; +import com.netscape.cms.servlet.profile.model.PolicyDefault; +import com.netscape.cms.servlet.profile.model.ProfileInput; +import com.netscape.cms.servlet.profile.model.ProfilePolicySet; +import com.netscape.cms.servlet.request.model.AgentEnrollmentRequestData; +import com.netscape.cms.servlet.request.model.EnrollmentRequestData; import com.netscape.cmsutil.util.Utils; public class ProfileProcessor { @@ -118,9 +125,20 @@ public class ProfileProcessor { public final static String ARG_ERROR_REASON = "errorReason"; public final static String CERT_ATTR = "javax.servlet.request.X509Certificate"; + // servlet config constants + public static final String PROFILE_ID = "profileId"; + public static final String AUTH_ID = "authId"; + public static final String ACL_METHOD = "aclMethod"; + public static final String AUTHZ_RESOURCE_NAME = "authzResourceName"; + public static final String AUTH_MGR = "authMgr"; + public static final String AUTHZ_MGR = "authzMgr"; + public static final String GET_CLIENT_CERT = "getClientCert"; + public static final String ACL_INFO = "ACLinfo"; + public static final String AUTHORITY_ID = "authorityId"; + public static final String PROFILE_SUB_ID = "profileSubId"; + private String profileID = null; private String profileSubId = null; - private String authorityId = null; private String aclMethod = null; private String authzResourceName = null; private String authMgr = null; @@ -129,9 +147,12 @@ public class ProfileProcessor { private Locale locale = null; // subsystems - private ICertificateAuthority authority = null; + private ICertificateAuthority authority = (ICertificateAuthority) CMS.getSubsystem("ca"); private IAuthzSubsystem authz = (IAuthzSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTHZ); private IUGSubsystem ug = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); + private IRequestQueue queue = null; + private IProfileSubsystem ps = null; + private ICertificateRepository certdb = null; //logging and stats protected ILogger signedAuditLogger = CMS.getSignedAuditLogger(); @@ -152,27 +173,64 @@ public class ProfileProcessor { private final static String SIGNED_AUDIT_CERT_REQUEST_REASON = "requestNotes"; - public ProfileProcessor(ProfileConfig config, Locale locale) { - this.authorityId = config.getAuthorityId(); - this.profileID = config.getProfileId(); - this.aclMethod = config.getAclMethod(); + public ProfileProcessor(String id, Locale locale) throws EPropertyNotFound, EBaseException { + IConfigStore cs = CMS.getConfigStore().getSubStore("profile." + id); this.locale = locale; - this.authzResourceName = config.getAuthzResourceName(); - this.authMgr = config.getAuthMgr(); - this.getClientCert = config.getGetClientCert(); + this.profileID = cs.getString(PROFILE_ID, "").isEmpty() ? null : cs.getString(PROFILE_ID); + this.authzResourceName = cs.getString(AUTHZ_RESOURCE_NAME, "").isEmpty() ? null : + cs.getString(AUTHZ_RESOURCE_NAME); + this.authMgr = cs.getString(AUTH_MGR, "").isEmpty() ? null : cs.getString(AUTH_MGR); + this.getClientCert = cs.getString(GET_CLIENT_CERT, "").isEmpty() ? "false" : cs.getString(GET_CLIENT_CERT); + this.profileSubId = cs.getString(PROFILE_SUB_ID, "").isEmpty() ? IProfileSubsystem.ID : + cs.getString(PROFILE_SUB_ID); - if (authorityId != null) { - authority = (ICertificateAuthority) CMS.getSubsystem(authorityId); - if (authority.noncesEnabled()) { - nonces = authority.getNonces(); - } + String aclInfo = cs.getString(ACL_INFO, "").isEmpty() ? null : cs.getString(ACL_INFO); + String authzMgr = cs.getString(AUTHZ_MGR, "").isEmpty() ? null : cs.getString(AUTHZ_MGR); + this.aclMethod = ServletUtils.getACLMethod(aclInfo, authzMgr, id); + + // currently unused but in servlet config + // authId = cs.getString(AUTH_ID, "").isEmpty() ? null : cs.getString(AUTH_ID); + + if (authority == null) { + throw new EBaseException("ProfileProcessor: authority is null"); + } + + if (authority.noncesEnabled()) { + nonces = authority.getNonces(); + } + + queue = authority.getRequestQueue(); + if (queue == null) { + throw new EBaseException("ProfileProcessor: cannot get request queue"); + } + + if (profileSubId == null || profileSubId.equals("")) { + profileSubId = IProfileSubsystem.ID; + } + + ps = (IProfileSubsystem) CMS.getSubsystem(profileSubId); + if (ps == null) { + throw new EBaseException("ProfileProcessor: Profile Subsystem not found"); + } + + certdb = authority.getCertificateRepository(); + if (certdb == null) { + throw new EBaseException("ProfileProcessor: Certificate repository not found"); } } - private void setInputsIntoContext(HttpServletRequest request, IProfile profile, IProfileContext ctx) { - // passing inputs into context - Enumeration<String> inputIds = profile.getProfileInputIds(); + private void setInputsIntoContext(EnrollmentRequestData data, IProfile profile, IProfileContext ctx) { + // put profile inputs into a local map + HashMap<String, String> dataInputs = new HashMap<String, String>(); + for (ProfileInput input : data.getInputs()) { + Map<String, String> attrs = input.getAttributes(); + for (Map.Entry<String, String> entry : attrs.entrySet()) { + dataInputs.put(entry.getKey(), entry.getValue()); + } + } + // iterate through inputs in profile and put those in context + Enumeration<String> inputIds = profile.getProfileInputIds(); if (inputIds != null) { while (inputIds.hasMoreElements()) { String inputId = inputIds.nextElement(); @@ -181,12 +239,12 @@ public class ProfileProcessor { while (inputNames.hasMoreElements()) { String inputName = inputNames.nextElement(); - if (request.getParameter(inputName) != null) { + if (dataInputs.containsKey(inputName)) { // all subject name parameters start with sn_, no other input parameters do if (inputName.matches("^sn_.*")) { - ctx.set(inputName, escapeValueRfc1779(request.getParameter(inputName), false).toString()); + ctx.set(inputName, escapeValueRfc1779(dataInputs.get(inputName), false).toString()); } else { - ctx.set(inputName, request.getParameter(inputName)); + ctx.set(inputName, dataInputs.get(inputName)); } } } @@ -255,9 +313,19 @@ public class ProfileProcessor { } } - private void setInputsIntoRequest(HttpServletRequest request, IProfile profile, IRequest req) { - Enumeration<String> inputIds = profile.getProfileInputIds(); + private void setInputsIntoRequest(EnrollmentRequestData data, IProfile profile, IRequest req) { + // put profile inputs into a local map + HashMap<String, String> dataInputs = new HashMap<String, String>(); + for (ProfileInput input : data.getInputs()) { + Map<String, String> attrs = input.getAttributes(); + for (Map.Entry<String, String> entry : attrs.entrySet()) { + dataInputs.put(entry.getKey(), entry.getValue()); + CMS.debug("alee: putting into map key: " + entry.getKey() + " value: " + entry.getValue()); + } + } + // iterate over inputs in profile + Enumeration<String> inputIds = profile.getProfileInputIds(); if (inputIds != null) { while (inputIds.hasMoreElements()) { String inputId = inputIds.nextElement(); @@ -268,13 +336,18 @@ public class ProfileProcessor { while (inputNames.hasMoreElements()) { String inputName = inputNames.nextElement(); - if (request.getParameter(inputName) != null) { + CMS.debug("alee: setting parameter for " + inputName); + + if (dataInputs.containsKey(inputName)) { // special characters in subject names parameters must be escaped if (inputName.matches("^sn_.*")) { - req.setExtData(inputName, escapeValueRfc1779(request.getParameter(inputName), false) + req.setExtData(inputName, + escapeValueRfc1779(dataInputs.get(inputName), false) .toString()); + CMS.debug("alee: setting sn parameter " + escapeValueRfc1779(dataInputs.get(inputName), false).toString()); } else { - req.setExtData(inputName, request.getParameter(inputName)); + req.setExtData(inputName, dataInputs.get(inputName)); + CMS.debug("alee: setting non parameter " + dataInputs.get(inputName)); } } } @@ -320,32 +393,38 @@ public class ProfileProcessor { } - private void errorExit(String message) throws EBaseException { - CMS.debug(message); - - for (String event : statEvents) { - endTiming(event); - } - throw new EBaseException(message); + /** + * Called by the legacy servlets to access the Processor function + * @param request + * @return + * @throws EBaseException + */ + public HashMap<String, Object> processEnrollment(CMSRequest cmsReq) + throws EBaseException { + EnrollmentRequestData data = createEnrollmentRequestData(cmsReq); + return processEnrollment(data, cmsReq.getHttpReq()); } - private void authzErrorExit(String message) throws EAuthzException { - CMS.debug(message); + private EnrollmentRequestData createEnrollmentRequestData(CMSRequest cmsReq) throws EProfileException { + HttpServletRequest req = cmsReq.getHttpReq(); + IArgBlock params = cmsReq.getHttpParams(); - for (String event : statEvents) { - endTiming(event); - } - throw new EAuthzException(message); - } + EnrollmentRequestData ret = new EnrollmentRequestData(); + String profileId = req.getParameter("profileId"); + ret.setProfileId(profileId); - private void badRequestDataErrorExit(String message) throws BadRequestDataException { - CMS.debug(message); + ret.setSerialNum(req.getParameter("serial_num")); - for (String event : statEvents) { - endTiming(event); + // populate profile inputs + IProfile profile = ps.getProfile(profileId); + Enumeration<String> inputIds = profile.getProfileInputIds(); + while (inputIds.hasMoreElements()) { + IProfileInput input = profile.getProfileInput(inputIds.nextElement()); + ProfileInput addInput = new ProfileInput(input, params, locale); + ret.addInput(addInput); } - throw new BadRequestDataException(message); + return ret; } /** @@ -365,73 +444,90 @@ public class ProfileProcessor { * @param cmsReq the object holding the request and response information * @exception EBaseException an error has occurred */ - public HashMap<String, Object> processEnrollment(HttpServletRequest request) throws EBaseException { + public HashMap<String, Object> processEnrollment(EnrollmentRequestData data, HttpServletRequest request) + throws EBaseException { - if (CMS.debugOn()) { - printParameterValues(request); - } + try { + if (CMS.debugOn()) { + printParameterValues(request); + } - CMS.debug("ProfileProcessor: isRenewal false"); - startTiming("enrollment"); + CMS.debug("ProfileProcessor: isRenewal false"); + startTiming("enrollment"); - // if we did not configure profileId in xml file, - // then accept the user-provided one - String profileId = (this.profileID == null) ? request.getParameter("profileId") : this.profileID; - CMS.debug("ProfileProcessor: profileId " + profileId); + // if we did not configure profileId in xml file, + // then accept the user-provided one + String profileId = (this.profileID == null) ? data.getProfileId() : this.profileID; + CMS.debug("ProfileProcessor: profileId " + profileId); - IProfile profile = getProfile(profileId); - if (profile == null) { - errorExit(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId)); - } + IProfile profile = ps.getProfile(profileId); + if (profile == null) { + CMS.debug(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId)); + throw new BadRequestDataException(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId)); + } + if (!ps.isProfileEnable(profileId)) { + CMS.debug("ProfileProcessor: Profile " + profileId + " not enabled"); + throw new BadRequestDataException("Profile " + profileId + " not enabled"); + } - IProfileContext ctx = profile.createContext(); - CMS.debug("ProfileProcessor: set Inputs into profile Context"); - setInputsIntoContext(request, profile, ctx); + IProfileContext ctx = profile.createContext(); + CMS.debug("ProfileProcessor: set Inputs into profile Context"); + setInputsIntoContext(data, profile, ctx); - IProfileAuthenticator authenticator = profile.getAuthenticator(); - if (authenticator != null) { - CMS.debug("ProfileProcessor: authenticator " + authenticator.getName() + " found"); - setCredentialsIntoContext(request, authenticator, ctx); - } - - // for ssl authentication; pass in servlet for retrieving ssl client certificates - // insert profile context so that input parameter can be retrieved - SessionContext context = SessionContext.getContext(); - context.put("profileContext", ctx); - context.put("sslClientCertProvider", new SSLClientCertProvider(request)); - CMS.debug("ProfileProcessor: set sslClientCertProvider"); - - // before creating the request, authenticate the request - IAuthToken authToken = authenticate(request, null, authenticator, context, false); - - // authentication success, now authorize - authorize(profileId, profile, authToken); - - /////////////////////////////////////////////// - // create and populate request - /////////////////////////////////////////////// - startTiming("request_population"); - IRequest[] reqs = profile.createRequests(ctx, locale); - populateRequests(request, false, locale, null, null, null, profileId, profile, - ctx, authenticator, authToken, reqs); - endTiming("request_population"); - - /////////////////////////////////////////////// - // submit request - /////////////////////////////////////////////// - String errorCode = submitRequests(locale, profile, authToken, reqs); - String errorReason = codeToReason(locale, errorCode); - - HashMap<String, Object> ret = new HashMap<String, Object>(); - ret.put(ARG_REQUESTS, reqs); - ret.put(ARG_ERROR_CODE, errorCode); - ret.put(ARG_ERROR_REASON, errorReason); - - CMS.debug("ProfileProcessor: done serving"); - SessionContext.releaseContext(); - endTiming("enrollment"); + IProfileAuthenticator authenticator = profile.getAuthenticator(); + if (authenticator != null) { + CMS.debug("ProfileProcessor: authenticator " + authenticator.getName() + " found"); + setCredentialsIntoContext(request, authenticator, ctx); + } - return ret; + // for ssl authentication; pass in servlet for retrieving ssl client certificates + // insert profile context so that input parameter can be retrieved + SessionContext context = SessionContext.getContext(); + context.put("profileContext", ctx); + context.put("sslClientCertProvider", new SSLClientCertProvider(request)); + CMS.debug("ProfileProcessor: set sslClientCertProvider"); + + // before creating the request, authenticate the request + IAuthToken authToken = authenticate(request, null, authenticator, context, false); + + // authentication success, now authorize + authorize(profileId, profile, authToken); + + /////////////////////////////////////////////// + // create and populate request + /////////////////////////////////////////////// + startTiming("request_population"); + IRequest[] reqs = profile.createRequests(ctx, locale); + populateRequests(data, false, locale, null, null, null, profileId, profile, + ctx, authenticator, authToken, reqs); + endTiming("request_population"); + + /////////////////////////////////////////////// + // submit request + /////////////////////////////////////////////// + String errorCode = submitRequests(locale, profile, authToken, reqs); + String errorReason = codeToReason(locale, errorCode); + + HashMap<String, Object> ret = new HashMap<String, Object>(); + ret.put(ARG_REQUESTS, reqs); + ret.put(ARG_ERROR_CODE, errorCode); + ret.put(ARG_ERROR_REASON, errorReason); + + CMS.debug("ProfileProcessor: done serving"); + endTiming("enrollment"); + + return ret; + } finally { + SessionContext.releaseContext(); + for (String event : statEvents) { + endTiming(event); + } + } + } + + public HashMap<String, Object> processRenewal(CMSRequest cmsReq) throws EBaseException { + EnrollmentRequestData data = createEnrollmentRequestData(cmsReq); + return processRenewal(data, cmsReq.getHttpReq()); } /* @@ -443,153 +539,170 @@ public class ProfileProcessor { * Things to note: * * the renew request will contain the original profile instead of the new */ - public HashMap<String, Object> processRenewal(HttpServletRequest request) throws EBaseException { - if (CMS.debugOn()) { - printParameterValues(request); - } - CMS.debug("ProfileProcessor: isRenewal true"); - - startTiming("enrollment"); - request.setAttribute("reqType", "renewal"); + public HashMap<String, Object> processRenewal(EnrollmentRequestData data, HttpServletRequest request) + throws EBaseException { + try { + if (CMS.debugOn()) { + printParameterValues(request); + } + CMS.debug("ProfileProcessor: isRenewal true"); - // in case of renew, "profile" is the orig profile - // while "renewProfile" is the current profile used for renewal - String renewProfileId = (this.profileID == null) ? request.getParameter("profileId") : this.profileID; - CMS.debug("processRenewal: renewProfileId " + renewProfileId); + startTiming("enrollment"); + request.setAttribute("reqType", "renewal"); - IProfile renewProfile = getProfile(renewProfileId); - if (renewProfile == null) { - errorExit(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", renewProfileId)); - } + // in case of renew, "profile" is the orig profile + // while "renewProfile" is the current profile used for renewal + String renewProfileId = (this.profileID == null) ? data.getProfileId() : this.profileID; + CMS.debug("processRenewal: renewProfileId " + renewProfileId); - String serial = request.getParameter("serial_num"); - BigInteger certSerial = null; + IProfile renewProfile = ps.getProfile(renewProfileId); + if (renewProfile == null) { + CMS.debug(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", renewProfileId)); + throw new BadRequestDataException(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", renewProfileId)); + } + if (!ps.isProfileEnable(renewProfileId)) { + CMS.debug("ProfileProcessor: Profile " + renewProfileId + " not enabled"); + throw new BadRequestDataException("Profile " + renewProfileId + " not enabled"); + } - if (serial != null) { - // if serial number is sent with request, then the authentication - // method is not ssl client auth. In this case, an alternative - // authentication method is used (default: ldap based) - // usr_origreq evaluator should be used to authorize ownership - // of the cert - CMS.debug("ProfileProcessor: renewal: found serial_num"); - certSerial = new BigInteger(serial); - } else { - // ssl client auth is to be used - // this is not authentication. Just use the cert to search - // for orig request and find the right profile - CMS.debug("ProfileProcessor: renewal: serial_num not found, must do ssl client auth"); - certSerial = getSerialNumberFromCert(request); - if (certSerial == null) { - errorExit(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + String serial = data.getSerialNum(); + BigInteger certSerial = null; + + if (serial != null) { + // if serial number is sent with request, then the authentication + // method is not ssl client auth. In this case, an alternative + // authentication method is used (default: ldap based) + // usr_origreq evaluator should be used to authorize ownership + // of the cert + CMS.debug("ProfileProcessor: renewal: found serial_num"); + certSerial = new BigInteger(serial); + } else { + // ssl client auth is to be used + // this is not authentication. Just use the cert to search + // for orig request and find the right profile + CMS.debug("ProfileProcessor: renewal: serial_num not found, must do ssl client auth"); + certSerial = getSerialNumberFromCert(request); + if (certSerial == null) { + CMS.debug(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + throw new EBaseException(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + } + } + CMS.debug("processRenewal: serial number of cert to renew:" + certSerial.toString()); + ICertRecord rec = certdb.readCertificateRecord(certSerial); + if (rec == null) { + CMS.debug("processRenewal: cert record not found for serial number " + certSerial.toString()); + throw new EBaseException(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); } - } - CMS.debug("processRenewal: serial number of cert to renew:" + certSerial.toString()); - ICertRecord rec = getCertRecord(certSerial); - if (rec == null) { - CMS.debug("processRenewal: cert record not found for serial number " + certSerial.toString()); - errorExit(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); - } + // check to see if the cert is revoked or revoked_expired + if ((rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) + || (rec.getStatus().equals(ICertRecord.STATUS_REVOKED_EXPIRED))) { + CMS.debug("processRenewal: cert found to be revoked. Serial number = " + + certSerial.toString()); + throw new BadRequestDataException(CMS.getUserMessage(locale, "CMS_CA_CANNOT_RENEW_REVOKED_CERT")); + } - // check to see if the cert is revoked or revoked_expired - if ((rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) - || (rec.getStatus().equals(ICertRecord.STATUS_REVOKED_EXPIRED))) { - CMS.debug("processRenewal: cert found to be revoked. Serial number = " - + certSerial.toString()); - errorExit(CMS.getUserMessage(locale, "CMS_CA_CANNOT_RENEW_REVOKED_CERT")); - } + X509CertImpl origCert = rec.getCertificate(); + if (origCert == null) { + CMS.debug("processRenewal: original cert not found in cert record for serial number " + + certSerial.toString()); + throw new EBaseException(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + } - X509CertImpl origCert = rec.getCertificate(); - if (origCert == null) { - CMS.debug("processRenewal: original cert not found in cert record for serial number " - + certSerial.toString()); - errorExit(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); - } + Date origNotAfter = origCert.getNotAfter(); + CMS.debug("processRenewal: origNotAfter =" + origNotAfter.toString()); - Date origNotAfter = origCert.getNotAfter(); - CMS.debug("processRenewal: origNotAfter =" + origNotAfter.toString()); + String origSubjectDN = origCert.getSubjectDN().getName(); + CMS.debug("processRenewal: orig subj dn =" + origSubjectDN); - String origSubjectDN = origCert.getSubjectDN().getName(); - CMS.debug("processRenewal: orig subj dn =" + origSubjectDN); + IRequest origReq = getOriginalRequest(certSerial, rec); + if (origReq == null) { + CMS.debug("processRenewal: original request not found"); + throw new EBaseException(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + } - IRequest origReq = getOriginalRequest(certSerial, rec); - if (origReq == null) { - CMS.debug("processRenewal: original request not found"); - errorExit(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); - } + String profileId = origReq.getExtDataInString("profileId"); + CMS.debug("ProfileProcessor: renewal original profileId=" + profileId); - String profileId = origReq.getExtDataInString("profileId"); - CMS.debug("ProfileProcessor: renewal original profileId=" + profileId); + Integer origSeqNum = origReq.getExtDataInInteger(IEnrollProfile.REQUEST_SEQ_NUM); + IProfile profile = ps.getProfile(profileId); + if (profile == null) { + CMS.debug(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId)); + throw new EBaseException(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId)); + } + if (!ps.isProfileEnable(profileId)) { + CMS.debug("ProfileProcessor: Profile " + profileId + " not enabled"); + throw new BadRequestDataException("Profile " + profileId + " not enabled"); + } - Integer origSeqNum = origReq.getExtDataInInteger(IEnrollProfile.REQUEST_SEQ_NUM); - IProfile profile = getProfile(profileId); - if (profile == null) { - errorExit(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId)); - } + IProfileContext ctx = profile.createContext(); + IProfileAuthenticator authenticator = renewProfile.getAuthenticator(); + IProfileAuthenticator origAuthenticator = profile.getAuthenticator(); - IProfileContext ctx = profile.createContext(); - IProfileAuthenticator authenticator = renewProfile.getAuthenticator(); - IProfileAuthenticator origAuthenticator = profile.getAuthenticator(); + if (authenticator != null) { + CMS.debug("ProfileProcessor: authenticator " + authenticator.getName() + " found"); + setCredentialsIntoContext(request, authenticator, ctx); + } - if (authenticator != null) { - CMS.debug("ProfileProcessor: authenticator " + authenticator.getName() + " found"); - setCredentialsIntoContext(request, authenticator, ctx); - } - - // for renewal, this will override or add auth info to the profile context - if (origAuthenticator != null) { - CMS.debug("ProfileProcessor: for renewal, original authenticator " + - origAuthenticator.getName() + " found"); - setCredentialsIntoContext(request, origAuthenticator, ctx); - } - - // for renewal, input needs to be retrieved from the orig req record - CMS.debug("processRenewal: set original Inputs into profile Context"); - setInputsIntoContext(origReq, profile, ctx, locale); - ctx.set(IEnrollProfile.CTX_RENEWAL, "true"); - ctx.set("renewProfileId", renewProfileId); - ctx.set(IEnrollProfile.CTX_RENEWAL_SEQ_NUM, origSeqNum.toString()); - - // for ssl authentication; pass in servlet for retrieving - // ssl client certificates - SessionContext context = SessionContext.getContext(); - context.put("profileContext", ctx); - context.put("sslClientCertProvider", new SSLClientCertProvider(request)); - CMS.debug("ProfileProcessor: set sslClientCertProvider"); - if (origSubjectDN != null) - context.put("origSubjectDN", origSubjectDN); - - // before creating the request, authenticate the request - IAuthToken authToken = authenticate(request, origReq, authenticator, context, true); - - // authentication success, now authorize - authorize(profileId, renewProfile, authToken); - - /////////////////////////////////////////////// - // create and populate requests - /////////////////////////////////////////////// - startTiming("request_population"); - IRequest[] reqs = profile.createRequests(ctx, locale); - populateRequests(request, true, locale, origNotAfter, origSubjectDN, origReq, profileId, - profile, ctx, authenticator, authToken, reqs); - endTiming("request_population"); - - /////////////////////////////////////////////// - // submit request - /////////////////////////////////////////////// - String errorCode = submitRequests(locale, profile, authToken, reqs); - String errorReason = codeToReason(locale, errorCode); - - HashMap<String, Object> ret = new HashMap<String, Object>(); - ret.put(ARG_REQUESTS, reqs); - ret.put(ARG_ERROR_CODE, errorCode); - ret.put(ARG_ERROR_REASON, errorReason); - - CMS.debug("ProfileProcessor: done serving"); - SessionContext.releaseContext(); - endTiming("enrollment"); + // for renewal, this will override or add auth info to the profile context + if (origAuthenticator != null) { + CMS.debug("ProfileProcessor: for renewal, original authenticator " + + origAuthenticator.getName() + " found"); + setCredentialsIntoContext(request, origAuthenticator, ctx); + } - return ret; + // for renewal, input needs to be retrieved from the orig req record + CMS.debug("processRenewal: set original Inputs into profile Context"); + setInputsIntoContext(origReq, profile, ctx, locale); + ctx.set(IEnrollProfile.CTX_RENEWAL, "true"); + ctx.set("renewProfileId", renewProfileId); + ctx.set(IEnrollProfile.CTX_RENEWAL_SEQ_NUM, origSeqNum.toString()); + + // for ssl authentication; pass in servlet for retrieving + // ssl client certificates + SessionContext context = SessionContext.getContext(); + context.put("profileContext", ctx); + context.put("sslClientCertProvider", new SSLClientCertProvider(request)); + CMS.debug("ProfileProcessor: set sslClientCertProvider"); + if (origSubjectDN != null) + context.put("origSubjectDN", origSubjectDN); + + // before creating the request, authenticate the request + IAuthToken authToken = authenticate(request, origReq, authenticator, context, true); + + // authentication success, now authorize + authorize(profileId, renewProfile, authToken); + + /////////////////////////////////////////////// + // create and populate requests + /////////////////////////////////////////////// + startTiming("request_population"); + IRequest[] reqs = profile.createRequests(ctx, locale); + populateRequests(data, true, locale, origNotAfter, origSubjectDN, origReq, profileId, + profile, ctx, authenticator, authToken, reqs); + endTiming("request_population"); + + /////////////////////////////////////////////// + // submit request + /////////////////////////////////////////////// + String errorCode = submitRequests(locale, profile, authToken, reqs); + String errorReason = codeToReason(locale, errorCode); + + HashMap<String, Object> ret = new HashMap<String, Object>(); + ret.put(ARG_REQUESTS, reqs); + ret.put(ARG_ERROR_CODE, errorCode); + ret.put(ARG_ERROR_REASON, errorReason); + + CMS.debug("ProfileProcessor: done serving"); + endTiming("enrollment"); + + return ret; + } finally { + SessionContext.releaseContext(); + for (String event : statEvents) { + endTiming(event); + } + } } private String codeToReason(Locale locale, String errorCode) { @@ -713,7 +826,7 @@ public class ProfileProcessor { return errorCode; } - private void populateRequests(HttpServletRequest request, boolean isRenewal, + private void populateRequests(EnrollmentRequestData data, boolean isRenewal, Locale locale, Date origNotAfter, String origSubjectDN, IRequest origReq, String profileId, IProfile profile, IProfileContext ctx, IProfileAuthenticator authenticator, IAuthToken authToken, IRequest[] reqs) throws EBaseException { @@ -728,7 +841,7 @@ public class ProfileProcessor { req.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME, origSubjectDN); req.setRequestType("renewal"); } else { - setInputsIntoRequest(request, profile, req); + setInputsIntoRequest(data, profile, req); } // serial auth token into request @@ -765,7 +878,7 @@ public class ProfileProcessor { req.setExtData(ARG_PROFILE, "true"); req.setExtData(ARG_PROFILE_ID, profileId); if (isRenewal) - req.setExtData(ARG_RENEWAL_PROFILE_ID, request.getParameter("profileId")); + req.setExtData(ARG_RENEWAL_PROFILE_ID, data.getProfileId()); req.setExtData(ARG_PROFILE_APPROVED_BY, profile.getApprovedBy()); String setId = profile.getPolicySetId(req); @@ -777,8 +890,8 @@ public class ProfileProcessor { CMS.debug("ProfileProcessor profileSetid=" + setId); req.setExtData(ARG_PROFILE_SET_ID, setId); - req.setExtData(ARG_PROFILE_REMOTE_HOST, request.getRemoteHost()); - req.setExtData(ARG_PROFILE_REMOTE_ADDR, request.getRemoteAddr()); + req.setExtData(ARG_PROFILE_REMOTE_HOST, data.getRemoteHost()); + req.setExtData(ARG_PROFILE_REMOTE_ADDR, data.getRemoteAddr()); CMS.debug("ProfileProcessor: request " + req.getRequestId().toString()); @@ -854,139 +967,203 @@ public class ProfileProcessor { } public void processRequest(CMSRequest cmsReq) throws EBaseException { - HttpServletRequest request = cmsReq.getHttpReq(); - - startTiming("approval"); + HttpServletRequest req = cmsReq.getHttpReq(); + String op = req.getParameter(ARG_OP); + AgentEnrollmentRequestData data = createAgentEnrollmentRequestData(cmsReq); + processRequest(req, data, op); + } - IAuthToken authToken = null; + public AgentEnrollmentRequestData createAgentEnrollmentRequestData(CMSRequest cmsReq) throws EPropertyException, EProfileException { + HttpServletRequest req = cmsReq.getHttpReq(); + IRequest ireq = cmsReq.getIRequest(); + IArgBlock params = cmsReq.getHttpParams(); - printParameterValues(request); + AgentEnrollmentRequestData ret = new AgentEnrollmentRequestData(); + ret.setProfileId(req.getParameter("profile_id")); + ret.setSerialNum(req.getParameter("serial_num")); + ret.setRequestNotes(req.getParameter("requestNotes")); + ret.setRequestId(ireq.getRequestId()); - if (authMgr != null) { - // TODO - remove the try-catch block once we figure out client auth - try { - authToken = authenticate(cmsReq); - } catch (EBaseException e) { - CMS.debug("Authentication error .. continuing anyways"); - //authErrorExit(CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); + if (nonces != null) { + ret.setNonce(req.getParameter("nonces")); + } + + String profileId = req.getParameter("profile_id"); + ret.setProfileId(profileId); + + // populate profile policy values + IProfile profile = ps.getProfile(profileId); + String profileSetId = ireq.getExtDataInString("profileSetId"); + Enumeration<String> policyIds = (profileSetId != null && profileSetId.length() > 0) ? + profile.getProfilePolicyIds(profileSetId) : null; + ProfilePolicySet dataPolicySet = new ProfilePolicySet(); + + if (policyIds != null) { + while (policyIds.hasMoreElements()) { + String id = policyIds.nextElement(); + CMS.debug("policyId:" + id); + IProfilePolicy policy = profile.getProfilePolicy(profileSetId, id); + com.netscape.cms.servlet.profile.model.ProfilePolicy dataPolicy = + new com.netscape.cms.servlet.profile.model.ProfilePolicy(); + + //populate defaults + IPolicyDefault def = policy.getDefault(); + PolicyDefault dataDef = new PolicyDefault(params, locale, def); + dataPolicy.setDef(dataDef); + + dataPolicySet.addPolicy(dataPolicy); + CMS.debug(dataPolicy.toString()); } } - AuthzToken authzToken = authorize(aclMethod, authToken, authzResourceName, "approve"); - if (authzToken == null) { - // TODO - throw exception here - once we go this working - //authzErrorExit(CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR")); - CMS.debug("authToken is null: continuing anyways"); - } - if (nonces != null) { - String requestNonce = request.getParameter(ARG_REQUEST_NONCE); - boolean nonceVerified = false; - if (requestNonce != null) { - long nonce = Long.parseLong(requestNonce.trim()); - X509Certificate cert1 = nonces.getCertificate(nonce); - X509Certificate cert2 = getSSLClientCertificate(request); - if (cert1 == null) { - CMS.debug("ProfileProcessServlet: Unknown nonce"); - } else if (cert1 != null && cert2 != null && cert1.equals(cert2)) { - nonceVerified = true; - nonces.removeNonce(nonce); - } - } else { - CMS.debug("ProfileProcessServlet: Missing nonce"); + ret.addProfilePolicySet(dataPolicySet); + + return ret; + } + + public void processRequest(HttpServletRequest request, AgentEnrollmentRequestData data, String op) throws EBaseException { + try { + + startTiming("approval"); + + IAuthToken authToken = null; + + printParameterValues(request); + + if (authMgr != null) { + authToken = authenticate(request); } - CMS.debug("ProfileProcessServlet: nonceVerified=" + nonceVerified); - if (!nonceVerified) { - CMS.debug("nonce not verified"); - authzErrorExit(CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR")); + + AuthzToken authzToken = authorize(aclMethod, authToken, authzResourceName, "approve"); + if (authzToken == null) { + throw new EAuthzException(CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR")); + } + + if (nonces != null) { + String requestNonce = data.getNonce(); + boolean nonceVerified = false; + if (requestNonce != null) { + long nonce = Long.parseLong(requestNonce.trim()); + X509Certificate cert1 = nonces.getCertificate(nonce); + X509Certificate cert2 = getSSLClientCertificate(request); + if (cert1 == null) { + CMS.debug("ProfileProcessServlet: Unknown nonce"); + } else if (cert1 != null && cert2 != null && cert1.equals(cert2)) { + nonceVerified = true; + nonces.removeNonce(nonce); + } + } else { + CMS.debug("ProfileProcessServlet: Missing nonce"); + } + CMS.debug("ProfileProcessServlet: nonceVerified=" + nonceVerified); + if (!nonceVerified) { + CMS.debug("nonce not verified"); + throw new EAuthzException(CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR")); + } } - } - CMS.debug("ProfileProcessor: processRequest: start serving"); + CMS.debug("ProfileProcessor: processRequest: start serving"); - String requestId = request.getParameter("requestId"); - if (requestId == null || requestId.equals("")) { - badRequestDataErrorExit(CMS.getUserMessage(locale, "CMS_REQUEST_ID_NOT_FOUND")); - } - CMS.debug("ProfileProcessServlet: requestId=" + requestId); + RequestId requestId = data.getRequestId(); + if (requestId == null || requestId.equals("")) { + CMS.debug(CMS.getUserMessage(locale, "CMS_REQUEST_ID_NOT_FOUND")); + throw new BadRequestDataException(CMS.getUserMessage(locale, "CMS_REQUEST_ID_NOT_FOUND")); + } + CMS.debug("ProfileProcessServlet: requestId=" + requestId); - IRequestQueue queue = getRequestQueue(); - IRequest req = getRequest(new RequestId(requestId)); - if (req == null) { - errorExit(CMS.getUserMessage(locale, "CMS_REQUEST_NOT_FOUND", requestId)); - } + IRequest req = queue.findRequest(requestId); + if (req == null) { + CMS.debug(CMS.getUserMessage(locale, "CMS_REQUEST_NOT_FOUND", requestId.toString())); + throw new EBaseException(CMS.getUserMessage(locale, "CMS_REQUEST_NOT_FOUND", requestId.toString())); + } - // check if the request is in one of the terminal states - if (!req.getRequestStatus().equals(RequestStatus.PENDING)) { - badRequestDataErrorExit(CMS.getUserMessage(locale, "CMS_REQUEST_NOT_PENDING", requestId)); - } + // check if the request is in one of the terminal states + if (!req.getRequestStatus().equals(RequestStatus.PENDING)) { + CMS.debug(CMS.getUserMessage(locale, "CMS_REQUEST_NOT_PENDING", requestId.toString())); + throw new BadRequestDataException(CMS.getUserMessage(locale, "CMS_REQUEST_NOT_PENDING", + requestId.toString())); + } - String profileId = req.getExtDataInString("profileId"); - if (profileId == null || profileId.equals("")) { - CMS.debug("ProfileProcessServlet: Profile Id not found in request"); - errorExit(CMS.getUserMessage(locale, "CMS_PROFILE_ID_NOT_FOUND")); - } - CMS.debug("ProfileProcessServlet: profileId=" + profileId); + // save auth token in request + saveAuthToken(authToken, req); - IProfile profile = getProfile(profileId); - if (profile == null) { - errorExit(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId)); - } + String profileId = req.getExtDataInString("profileId"); + if (profileId == null || profileId.equals("")) { + CMS.debug("ProfileProcessServlet: Profile Id not found in request"); + throw new EBaseException(CMS.getUserMessage(locale, "CMS_PROFILE_ID_NOT_FOUND")); + } + CMS.debug("ProfileProcessServlet: profileId=" + profileId); - String op = request.getParameter("op"); - if (op == null) { - badRequestDataErrorExit(CMS.getUserMessage(locale, "CMS_OP_NOT_FOUND")); - } + IProfile profile = ps.getProfile(profileId); + if (profile == null) { + CMS.debug(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId)); + throw new BadRequestDataException(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId)); + } + if (!ps.isProfileEnable(profileId)) { + CMS.debug("ProfileProcessor: Profile " + profileId + " not enabled"); + throw new BadRequestDataException("Profile " + profileId + " not enabled"); + } + + if (op == null) { + CMS.debug(CMS.getUserMessage(locale, "CMS_OP_NOT_FOUND")); + throw new BadRequestDataException(CMS.getUserMessage(locale, "CMS_OP_NOT_FOUND")); + } - if (op.equals("assign")) { - String owner = req.getRequestOwner(); + if (op.equals("assign")) { + String owner = req.getRequestOwner(); - // assigned owner - if (owner != null && owner.length() > 0) { - if (!grantPermission(req, authToken)) { - CMS.debug("ProfileProcessServlet: Permission not granted to assign request."); - authzErrorExit(CMS.getUserMessage(locale, "CMS_PROFILE_DENY_OPERATION")); + // assigned owner + if (owner != null && owner.length() > 0) { + if (!grantPermission(req, authToken)) { + CMS.debug("ProfileProcessServlet: Permission not granted to assign request."); + throw new EAuthzException(CMS.getUserMessage(locale, "CMS_PROFILE_DENY_OPERATION")); + } + } + String id = auditSubjectID(); + req.setRequestOwner(id); + } else { + if (grantPermission(req, authToken)) { + if (op.equals("approve")) { + checkProfileVersion(profile, req); + updateValues(data, req, profile, locale); + updateNotes(data, req); + approveRequest(req, profile, locale); + } else if (op.equals("reject")) { + updateNotes(data, req); + rejectRequest(req); + } else if (op.equals("cancel")) { + updateNotes(data, req); + cancelRequest(req); + } else if (op.equals("update")) { + checkProfileVersion(profile, req); + updateValues(data, req, profile, locale); + updateNotes(data, req); + } else if (op.equals("validate")) { + updateValues(data, req, profile, locale); + } else if (op.equals("unassign")) { + req.setRequestOwner(""); + } + } else { + CMS.debug("ProfileProcessServlet: Permission not granted to approve/reject/cancel/update/validate/unassign request."); + throw new EAuthzException(CMS.getUserMessage(locale, "CMS_PROFILE_DENY_OPERATION")); } } - String id = auditSubjectID(); - req.setRequestOwner(id); - } else { - if (grantPermission(req, authToken)) { + + // commit request to the storage + if (!op.equals("validate")) { if (op.equals("approve")) { - checkProfileVersion(profile, req); - updateValues(request, req, profile, locale); - updateNotes(request, req); - approveRequest(request, req, profile, locale); - } else if (op.equals("reject")) { - updateNotes(request, req); - rejectRequest(req); - } else if (op.equals("cancel")) { - updateNotes(request, req); - cancelRequest(req); - } else if (op.equals("update")) { - checkProfileVersion(profile, req); - updateValues(request, req, profile, locale); - updateNotes(request, req); - } else if (op.equals("validate")) { - updateValues(request, req, profile, locale); - } else if (op.equals("unassign")) { - req.setRequestOwner(""); + queue.markAsServiced(req); + } else { + queue.updateRequest(req); } - } else { - CMS.debug("ProfileProcessServlet: Permission not granted to approve/reject/cancel/update/validate/unassign request."); - authzErrorExit(CMS.getUserMessage(locale, "CMS_PROFILE_DENY_OPERATION")); } - } - - // commit request to the storage - if (!op.equals("validate")) { - if (op.equals("approve")) { - queue.markAsServiced(req); - } else { - queue.updateRequest(req); + endTiming("approval"); + } finally { + for (String event : statEvents) { + endTiming(event); } } - endTiming("approval"); } public boolean grantPermission(IRequest req, IAuthToken token) { @@ -1131,7 +1308,7 @@ public class ProfileProcessor { * @exception EProfileException an error related to this profile has * occurred */ - protected void approveRequest(ServletRequest request, IRequest req, IProfile profile, Locale locale) + protected void approveRequest(IRequest req, IProfile profile, Locale locale) throws EProfileException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1175,9 +1352,22 @@ public class ProfileProcessor { } } - protected void updateValues(ServletRequest request, IRequest req, + protected void updateValues(AgentEnrollmentRequestData data, IRequest req, IProfile profile, Locale locale) throws ERejectException, EDeferException, EPropertyException { + + // put request policy defaults in a local hash + HashMap<String, String> policyData = new HashMap<String,String>(); + for (ProfilePolicySet policySet: data.getPolicySets()) { + for (com.netscape.cms.servlet.profile.model.ProfilePolicy policy: policySet.getPolicies()) { + PolicyDefault def = policy.getDef(); + List<PolicyAttribute> attrs = def.getAttributes(); + for (PolicyAttribute attr: attrs) { + policyData.put(attr.getName(), attr.getValue()); + } + } + } + String profileSetId = req.getExtDataInString("profileSetId"); Enumeration<ProfilePolicy> policies = profile.getProfilePolicies(profileSetId); @@ -1186,7 +1376,7 @@ public class ProfileProcessor { while (policies.hasMoreElements()) { ProfilePolicy policy = policies.nextElement(); - setValue(locale, count, policy, req, request); + setValue(locale, count, policy, req, policyData); count++; } @@ -1201,8 +1391,8 @@ public class ProfileProcessor { } - protected void updateNotes(ServletRequest request, IRequest req) { - String notes = request.getParameter(ARG_REQUEST_NOTES); + protected void updateNotes(AgentEnrollmentRequestData data, IRequest req) { + String notes = data.getRequestNotes(); if (notes != null) { req.setExtData("requestNotes", notes); @@ -1216,15 +1406,15 @@ public class ProfileProcessor { con.validate(req); } - protected void setValue(Locale locale, int count, IProfilePolicy policy, IRequest req, ServletRequest request) - throws EPropertyException { + protected void setValue(Locale locale, int count, IProfilePolicy policy, IRequest req, + HashMap<String, String> data) throws EPropertyException { // handle default policy IPolicyDefault def = policy.getDefault(); Enumeration<String> defNames = def.getValueNames(); while (defNames.hasMoreElements()) { String defName = defNames.nextElement(); - String defValue = request.getParameter(defName); + String defValue = data.get(defName); def.setValue(defName, locale, req, defValue); } @@ -1258,26 +1448,6 @@ public class ProfileProcessor { /****************************************** * Utility Functions ******************************************/ - private IRequestQueue getRequestQueue() throws EBaseException { - IAuthority authority = (IAuthority) CMS.getSubsystem(authorityId); - if (authority == null) { - throw new EBaseException("getRequest: Authority " + authorityId + " not found"); - } - - IRequestQueue queue = authority.getRequestQueue(); - if (queue == null) { - throw new EBaseException( - "getOriginalRequest: Request Queue of " + authorityId + " not found"); - } - return queue; - } - - private IRequest getRequest(RequestId rid) throws EBaseException { - IRequestQueue queue = getRequestQueue(); - IRequest request = queue.findRequest(rid); - return request; - } - private IRequest getOriginalRequest(BigInteger certSerial, ICertRecord rec) throws EBaseException { MetaInfo metaInfo = (MetaInfo) rec.get(ICertRecord.ATTR_META_INFO); if (metaInfo == null) { @@ -1293,7 +1463,7 @@ public class ProfileProcessor { return null; } - IRequest request = getRequest(new RequestId(rid)); + IRequest request = queue.findRequest(new RequestId(rid)); return request; } @@ -1373,75 +1543,6 @@ public class ProfileProcessor { return result; } - protected Locale getLocale(HttpServletRequest req) { - Locale locale = null; - String lang = req.getHeader(HDR_LANG); - - if (lang == null) { - // use server locale - locale = Locale.getDefault(); - } else { - locale = new Locale(UserInfo.getUserLanguage(lang), - UserInfo.getUserCountry(lang)); - } - return locale; - } - - protected ICertRecord getCertRecord(BigInteger serialNo) { - if (authority == null || - !(authority instanceof ICertificateAuthority)) { - CMS.debug(CMS.getLogMessage("CMSGW_NON_CERT_AUTH")); - return null; - } - - ICertificateRepository certdb = authority.getCertificateRepository(); - if (certdb == null) { - CMS.debug(CMS.getLogMessage("CMSGW_CERT_DB_NULL", authority.toString())); - return null; - } - - ICertRecord certRecord = null; - try { - certRecord = certdb.readCertificateRecord(serialNo); - } catch (EBaseException e) { - CMS.debug(CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString())); - return null; - } - return certRecord; - } - - private IProfile getProfile(String profileId) throws EBaseException { - if (profileSubId == null || profileSubId.equals("")) { - profileSubId = IProfileSubsystem.ID; - } - CMS.debug("getProfile: SubId=" + profileSubId); - - IProfileSubsystem ps = (IProfileSubsystem) CMS.getSubsystem(profileSubId); - if (ps == null) { - throw new EBaseException("getProfile: Profile Subsystem not found"); - } - - IProfile profile = null; - - try { - profile = ps.getProfile(profileId); - } catch (EProfileException e) { - if (profile == null) { - CMS.debug("ProfileProcessor: profile not found profileId " + profileId + " " + e.toString()); - } - } - if (profile == null) { - CMS.debug("getProfile: Profile not found: " + profileId); - return null; - } - - if (!ps.isProfileEnable(profileId)) { - CMS.debug("ProfileProcessor: Profile " + profileId + " not enabled"); - return null; - } - return profile; - } - /** * get ssl client authenticated certificate */ @@ -1661,25 +1762,11 @@ public class ProfileProcessor { return authToken; } - public IAuthToken authenticate(CMSRequest req) - throws EBaseException { - return authenticate(req, authMgr); - } - public IAuthToken authenticate(HttpServletRequest httpReq) throws EBaseException { return authenticate(httpReq, authMgr); } - public IAuthToken authenticate(CMSRequest req, String authMgrName) - throws EBaseException { - IAuthToken authToken = authenticate(req.getHttpReq(), - authMgrName); - - saveAuthToken(authToken, req.getIRequest()); - return authToken; - } - public static void saveAuthToken(IAuthToken token, IRequest req) { if (token != null && req != null) req.setExtData(IRequest.AUTH_TOKEN, token); @@ -1731,7 +1818,7 @@ public class ProfileProcessor { ctx.put(SessionContext.AUTH_MANAGER_ID, authMgrName); } // put locale into session context - ctx.put(SessionContext.LOCALE, getLocale(httpReq)); + ctx.put(SessionContext.LOCALE, locale); // // check ssl client authentication if specified. @@ -1844,10 +1931,9 @@ public class ProfileProcessor { } /****************************************** - * AUTHZ FNCTIONS (to be moved to Realm? - * - * @throws EBaseException + * AUTHZ FNCTIONS (to be moved to Realm?) *****************************************/ + public AuthzToken authorize(String authzMgrName, String resource, IAuthToken authToken, String exp) throws EBaseException { AuthzToken authzToken = null; diff --git a/base/common/src/com/netscape/cms/servlet/profile/model/PolicyDefault.java b/base/common/src/com/netscape/cms/servlet/profile/model/PolicyDefault.java index 87c496f5..20872158 100644 --- a/base/common/src/com/netscape/cms/servlet/profile/model/PolicyDefault.java +++ b/base/common/src/com/netscape/cms/servlet/profile/model/PolicyDefault.java @@ -11,6 +11,7 @@ import javax.xml.bind.annotation.XmlAttribute; import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlRootElement; +import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.profile.IPolicyDefault; import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.EPropertyException; @@ -47,6 +48,21 @@ public class PolicyDefault { } } + public PolicyDefault(IArgBlock params, Locale locale, IPolicyDefault def) throws EPropertyException { + this.name = def.getName(locale); + this.text = def.getText(locale); + + Enumeration<String> defNames = def.getValueNames(); + while (defNames.hasMoreElements()) { + String defName = defNames.nextElement(); + PolicyAttribute attr = new PolicyAttribute( + defName, + params.getValueAsString(defName, ""), + (Descriptor) def.getValueDescriptor(locale, defName)); + this.attributes.add(attr); + } + } + public void addAttribute(PolicyAttribute attr) { attributes.add(attr); } diff --git a/base/common/src/com/netscape/cms/servlet/profile/model/ProfileInput.java b/base/common/src/com/netscape/cms/servlet/profile/model/ProfileInput.java index 582e1089..b981c8bd 100644 --- a/base/common/src/com/netscape/cms/servlet/profile/model/ProfileInput.java +++ b/base/common/src/com/netscape/cms/servlet/profile/model/ProfileInput.java @@ -30,6 +30,7 @@ import javax.xml.bind.annotation.XmlValue; import javax.xml.bind.annotation.adapters.XmlAdapter; import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; +import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.profile.EProfileException; import com.netscape.certsrv.profile.IProfileInput; import com.netscape.certsrv.request.IRequest; @@ -52,6 +53,17 @@ public class ProfileInput { } } + public ProfileInput(IProfileInput input, IArgBlock params, Locale locale) throws EProfileException { + this.inputId = input.getName(locale); + Enumeration<String> names = input.getValueNames(); + while (names.hasMoreElements()) { + String name = names.nextElement(); + String value = params.getValueAsString(name, null); + if (value != null) { + InputAttrs.put(name, value); + } + } + } @XmlElement public String getInputId() { return inputId; diff --git a/base/common/src/com/netscape/cms/servlet/request/model/CertRequestDAO.java b/base/common/src/com/netscape/cms/servlet/request/model/CertRequestDAO.java index d68a5ac1..2450a2d1 100644 --- a/base/common/src/com/netscape/cms/servlet/request/model/CertRequestDAO.java +++ b/base/common/src/com/netscape/cms/servlet/request/model/CertRequestDAO.java @@ -24,7 +24,6 @@ import java.util.Enumeration; import java.util.HashMap; import java.util.List; import java.util.Locale; -import java.util.Map; import java.util.Random; import javax.servlet.ServletException; @@ -37,6 +36,7 @@ import netscape.security.x509.X509CertImpl; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.Nonces; import com.netscape.certsrv.ca.ICertificateAuthority; import com.netscape.certsrv.profile.IEnrollProfile; @@ -49,10 +49,7 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.RequestId; import com.netscape.cms.servlet.cert.CertResource; -import com.netscape.cms.servlet.common.CMSRequest; -import com.netscape.cms.servlet.profile.ProfileConfig; import com.netscape.cms.servlet.profile.ProfileProcessor; -import com.netscape.cms.servlet.profile.model.PolicyAttribute; import com.netscape.cms.servlet.profile.model.PolicyConstraint; import com.netscape.cms.servlet.profile.model.PolicyDefault; import com.netscape.cms.servlet.profile.model.ProfileInput; @@ -187,16 +184,13 @@ public class CertRequestDAO extends CMSRequestDAO { */ public CertRequestInfos submitRequest(EnrollmentRequestData data, HttpServletRequest request, UriInfo uriInfo, Locale locale) throws EBaseException { - HttpServletRequest extReq = createServletRequest(request, data); + ProfileProcessor processor = new ProfileProcessor("caProfileSubmit", locale); - ProfileConfig config = new ProfileConfig("caProfileSubmit"); - - ProfileProcessor processor = new ProfileProcessor(config, locale); - HashMap<String, Object> results; + HashMap<String, Object> results = null; if (data.getIsRenewal()) { - results = processor.processRenewal(extReq); + results = processor.processRenewal(data, request); } else { - results = processor.processEnrollment(extReq); + results = processor.processEnrollment(data, request); } CertRequestInfos ret = new CertRequestInfos(); @@ -213,12 +207,13 @@ public class CertRequestDAO extends CMSRequestDAO { return ret; } + /* private HttpServletRequest createServletRequest(HttpServletRequest request, EnrollmentRequestData data) { ExtendableHttpRequest extReq = new ExtendableHttpRequest(request); extReq.addParameter("profileId", data.getProfileId()); extReq.addParameter("serial_num", data.getSerialNum()); - for (ProfileInput input: data.inputs) { + for (ProfileInput input: data.getInputs()) { Map<String, String> attrs = input.getAttributes(); for (Map.Entry<String, String> entry: attrs.entrySet()) { extReq.addParameter(entry.getKey(), entry.getValue()); @@ -228,19 +223,16 @@ public class CertRequestDAO extends CMSRequestDAO { // TODO - add authenticator entries return extReq; } + */ public void changeRequestState(HttpServletRequest request, AgentEnrollmentRequestData data, Locale locale, String op) throws EBaseException { - ProfileConfig config = new ProfileConfig("caProfileProcess"); - ProfileProcessor processor = new ProfileProcessor(config, locale); - CMSRequest cmsReq = createCMSRequest(request, data, op); - - processor.processRequest(cmsReq); - + ProfileProcessor processor = new ProfileProcessor("caProfileProcess", locale); + processor.processRequest(request, data, op); } + /* private CMSRequest createCMSRequest(HttpServletRequest request, AgentEnrollmentRequestData data, String op) { - ExtendableHttpRequest extReq = new ExtendableHttpRequest(request); extReq.addParameter("profileId", data.getProfileId()); extReq.addParameter("serial_num", data.getSerialNum()); @@ -268,6 +260,7 @@ public class CertRequestDAO extends CMSRequestDAO { return ret; } + */ private CertRequestInfo createCertRequestInfo(IRequest request, UriInfo uriInfo) { CertRequestInfo ret = new CertRequestInfo(); @@ -326,11 +319,12 @@ public class CertRequestDAO extends CMSRequestDAO { AgentEnrollmentRequestData ret = new AgentEnrollmentRequestData(); String profileId = request.getExtDataInString("profileId"); - ProfileConfig config = new ProfileConfig("caProfileSubmit"); - IProfileSubsystem ps = (IProfileSubsystem) CMS.getSubsystem(config.getProfileSubId()); + + IConfigStore cs = CMS.getConfigStore().getSubStore("profile.caProfileSubmit"); + String profileSubId = cs.getString("profileSubId", IProfileSubsystem.ID); + IProfileSubsystem ps = (IProfileSubsystem) CMS.getSubsystem(profileSubId); IProfile profile = ps.getProfile(profileId); - ret.setProfileId(request.getExtDataInString("profileId")); if (request.getRequestType().equals("renewal")) { ret.setIsRenewal(true); } else { diff --git a/base/common/src/com/netscape/cms/servlet/request/model/EnrollmentRequestData.java b/base/common/src/com/netscape/cms/servlet/request/model/EnrollmentRequestData.java index 2e10fa8a..3c1e9822 100644 --- a/base/common/src/com/netscape/cms/servlet/request/model/EnrollmentRequestData.java +++ b/base/common/src/com/netscape/cms/servlet/request/model/EnrollmentRequestData.java @@ -61,8 +61,14 @@ public class EnrollmentRequestData { @XmlElement protected String serialNum; // used for one type of renewal + @XmlElement + protected String remoteHost; + + @XmlElement + protected String remoteAddr; + @XmlElement(name = "Input") - protected List<ProfileInput> inputs = new ArrayList<ProfileInput>(); + private List<ProfileInput> inputs = new ArrayList<ProfileInput>(); public EnrollmentRequestData() { // required for jaxb @@ -72,9 +78,7 @@ public class EnrollmentRequestData { profileId = form.getFirst(PROFILE_ID); String renewalStr = form.getFirst(RENEWAL); serialNum = form.getFirst(SERIAL_NUM); - isRenewal = new Boolean(renewalStr); - } /** @@ -103,15 +107,15 @@ public class EnrollmentRequestData { public void addInput(ProfileInput input) { ProfileInput curInput = getInput(input.getInputId()); if (curInput != null) { - inputs.remove(curInput); + getInputs().remove(curInput); } - inputs.add(input); + getInputs().add(input); } public void deleteInput(ProfileInput input) { ProfileInput curInput = getInput(input.getInputId()); if (curInput != null) { - inputs.remove(curInput); + getInputs().remove(curInput); } } @@ -125,7 +129,7 @@ public class EnrollmentRequestData { ProfileInput newInput = new ProfileInput(); newInput.setInputId(name); - inputs.add(newInput); + getInputs().add(newInput); return newInput; } @@ -134,7 +138,7 @@ public class EnrollmentRequestData { ProfileInput input = null; - Iterator<ProfileInput> it = inputs.iterator(); + Iterator<ProfileInput> it = getInputs().iterator(); ProfileInput curInput = null; while (it.hasNext()) { @@ -225,4 +229,28 @@ public class EnrollmentRequestData { this.serialNum = serialNum; } + public List<ProfileInput> getInputs() { + return inputs; + } + + public void setInputs(List<ProfileInput> inputs) { + this.inputs = inputs; + } + + public String getRemoteAddr() { + return remoteAddr; + } + + public void setRemoteAddr(String remoteAddr) { + this.remoteAddr = remoteAddr; + } + + public String getRemoteHost() { + return remoteHost; + } + + public void setRemoteHost(String remoteHost) { + this.remoteHost = remoteHost; + } + } |