summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java260
1 files changed, 118 insertions, 142 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java
index da24d2c2..4ac119dc 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.profile;
-
import java.util.Enumeration;
import java.util.Locale;
@@ -46,10 +45,9 @@ import com.netscape.certsrv.template.ArgList;
import com.netscape.certsrv.template.ArgSet;
import com.netscape.cms.servlet.common.CMSRequest;
-
/**
* Toggle the approval state of a profile
- *
+ *
* @version $Revision$, $Date$
*/
public class ProfileApproveServlet extends ProfileServlet {
@@ -59,10 +57,9 @@ public class ProfileApproveServlet extends ProfileServlet {
*/
private static final long serialVersionUID = 3956879326742839550L;
private static final String PROP_AUTHORITY_ID = "authorityId";
- private String mAuthorityId = null;
+ private String mAuthorityId = null;
- private final static String LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL =
- "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4";
+ private final static String LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL = "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4";
private final static String OP_APPROVE = "approve";
private final static String OP_DISAPPROVE = "disapprove";
@@ -73,7 +70,7 @@ public class ProfileApproveServlet extends ProfileServlet {
/**
* initialize the servlet. This servlet uses the template file
* "ImportCert.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -84,13 +81,14 @@ public class ProfileApproveServlet extends ProfileServlet {
/**
* Process the HTTP request.
* <P>
- *
+ *
* <ul>
* <li>http.param profileId the id of the profile to change
* <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL used when an
* agent approves/disapproves a cert profile set by the administrator for
* automatic approval
* </ul>
+ *
* @param cmsReq the object holding the request and response information
* @exception EBaseException an error has occurred
*/
@@ -126,20 +124,18 @@ public class ProfileApproveServlet extends ProfileServlet {
auditSubjectID = auditSubjectID();
CMS.debug(e.toString());
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
- e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_AUTHENTICATION_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR"));
outputTemplate(request, response, args);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
- auditSubjectID,
- ILogger.FAILURE,
- auditProfileID,
- auditProfileOp);
+ LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
+ auditSubjectID, ILogger.FAILURE, auditProfileID,
+ auditProfileOp);
audit(auditMessage);
@@ -150,30 +146,28 @@ public class ProfileApproveServlet extends ProfileServlet {
try {
authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "approve");
+ mAuthzResourceName, "approve");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
- e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
- e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
}
if (authzToken == null) {
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_AUTHORIZATION_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR"));
outputTemplate(request, response, args);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
- auditSubjectID,
- ILogger.FAILURE,
- auditProfileID,
- auditProfileOp);
+ LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
+ auditSubjectID, ILogger.FAILURE, auditProfileID,
+ auditProfileOp);
audit(auditMessage);
@@ -193,17 +187,15 @@ public class ProfileApproveServlet extends ProfileServlet {
if (ps == null) {
CMS.debug("ProfileApproveServlet: ProfileSubsystem not found");
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
- auditSubjectID,
- ILogger.FAILURE,
- auditProfileID,
- auditProfileOp);
+ LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
+ auditSubjectID, ILogger.FAILURE, auditProfileID,
+ auditProfileOp);
audit(auditMessage);
@@ -214,20 +206,18 @@ public class ProfileApproveServlet extends ProfileServlet {
IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId);
if (authority == null) {
- CMS.debug("ProfileApproveServlet: Authority " + mAuthorityId +
- " not found");
+ CMS.debug("ProfileApproveServlet: Authority " + mAuthorityId
+ + " not found");
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
- auditSubjectID,
- ILogger.FAILURE,
- auditProfileID,
- auditProfileOp);
+ LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
+ auditSubjectID, ILogger.FAILURE, auditProfileID,
+ auditProfileOp);
audit(auditMessage);
@@ -236,20 +226,18 @@ public class ProfileApproveServlet extends ProfileServlet {
IRequestQueue queue = authority.getRequestQueue();
if (queue == null) {
- CMS.debug("ProfileApproveServlet: Request Queue of " +
- mAuthorityId + " not found");
+ CMS.debug("ProfileApproveServlet: Request Queue of "
+ + mAuthorityId + " not found");
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
- auditSubjectID,
- ILogger.FAILURE,
- auditProfileID,
- auditProfileOp);
+ LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
+ auditSubjectID, ILogger.FAILURE, auditProfileID,
+ auditProfileOp);
audit(auditMessage);
@@ -265,60 +253,54 @@ public class ProfileApproveServlet extends ProfileServlet {
try {
if (ps.isProfileEnable(profileId)) {
- if (ps.checkOwner()) {
- if (ps.getProfileEnableBy(profileId).equals(userid)) {
- ps.disableProfile(profileId);
- } else {
- // only enableBy can disable profile
- args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_PROFILE_NOT_OWNER"));
- outputTemplate(request, response, args);
-
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
+ if (ps.checkOwner()) {
+ if (ps.getProfileEnableBy(profileId).equals(userid)) {
+ ps.disableProfile(profileId);
+ } else {
+ // only enableBy can disable profile
+ args.set(ARG_ERROR_CODE, "1");
+ args.set(ARG_ERROR_REASON, CMS.getUserMessage(
+ locale, "CMS_PROFILE_NOT_OWNER"));
+ outputTemplate(request, response, args);
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
- auditSubjectID,
- ILogger.FAILURE,
- auditProfileID,
- auditProfileOp);
+ auditSubjectID, ILogger.FAILURE,
+ auditProfileID, auditProfileOp);
- audit(auditMessage);
+ audit(auditMessage);
- return;
+ return;
+ }
+ } else {
+ ps.disableProfile(profileId);
}
- } else {
- ps.disableProfile(profileId);
- }
} else {
ps.enableProfile(profileId, userid);
}
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
- auditSubjectID,
- ILogger.SUCCESS,
- auditProfileID,
- auditProfileOp);
+ LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
+ auditSubjectID, ILogger.SUCCESS, auditProfileID,
+ auditProfileOp);
audit(auditMessage);
} catch (EProfileException e) {
// profile not enabled
- CMS.debug("ProfileApproveServlet: profile not error " +
- e.toString());
+ CMS.debug("ProfileApproveServlet: profile not error "
+ + e.toString());
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
- auditSubjectID,
- ILogger.FAILURE,
- auditProfileID,
- auditProfileOp);
+ LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
+ auditSubjectID, ILogger.FAILURE, auditProfileID,
+ auditProfileOp);
audit(auditMessage);
@@ -327,37 +309,34 @@ public class ProfileApproveServlet extends ProfileServlet {
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
- auditSubjectID,
- ILogger.FAILURE,
- auditProfileID,
- auditProfileOp);
+ LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, auditSubjectID,
+ ILogger.FAILURE, auditProfileID, auditProfileOp);
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit1;
// } catch( ServletException eAudit2 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditProfileID,
- // auditProfileOp );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditProfileID,
+ // auditProfileOp );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit2;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
}
try {
profile = ps.getProfile(profileId);
} catch (EProfileException e) {
// profile not found
- CMS.debug("ProfileApproveServlet: profile not found " +
- e.toString());
+ CMS.debug("ProfileApproveServlet: profile not found "
+ + e.toString());
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, e.toString());
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
@@ -385,14 +364,13 @@ public class ProfileApproveServlet extends ProfileServlet {
while (policyIds.hasMoreElements()) {
String id = (String) policyIds.nextElement();
- IProfilePolicy policy = (IProfilePolicy)
- profile.getProfilePolicy(setId, id);
+ IProfilePolicy policy = (IProfilePolicy) profile
+ .getProfilePolicy(setId, id);
// (3) query all the profile policies
// (4) default plugins convert request parameters
- // into string http parameters
- handlePolicy(list, response, locale,
- id, policy);
+ // into string http parameters
+ handlePolicy(list, response, locale, id, policy);
}
ArgSet setArg = new ArgSet();
@@ -403,8 +381,8 @@ public class ProfileApproveServlet extends ProfileServlet {
args.set(ARG_POLICY_SET_LIST, setlist);
args.set(ARG_PROFILE_ID, profileId);
- args.set(ARG_PROFILE_IS_ENABLED,
- Boolean.toString(ps.isProfileEnable(profileId)));
+ args.set(ARG_PROFILE_IS_ENABLED,
+ Boolean.toString(ps.isProfileEnable(profileId)));
args.set(ARG_PROFILE_ENABLED_BY, ps.getProfileEnableBy(profileId));
args.set(ARG_PROFILE_NAME, profile.getName(locale));
args.set(ARG_PROFILE_DESC, profile.getDescription(locale));
@@ -413,8 +391,8 @@ public class ProfileApproveServlet extends ProfileServlet {
outputTemplate(request, response, args);
}
- private void handlePolicy(ArgList list, ServletResponse response,
- Locale locale, String id, IProfilePolicy policy) {
+ private void handlePolicy(ArgList list, ServletResponse response,
+ Locale locale, String id, IProfilePolicy policy) {
ArgSet set = new ArgSet();
set.set(ARG_POLICY_ID, id);
@@ -434,19 +412,19 @@ public class ProfileApproveServlet extends ProfileServlet {
String defName = (String) defNames.nextElement();
IDescriptor defDesc = def.getValueDescriptor(locale, defName);
if (defDesc == null) {
- CMS.debug("defName=" + defName);
+ CMS.debug("defName=" + defName);
} else {
- String defSyntax = defDesc.getSyntax();
- String defConstraint = defDesc.getConstraint();
- String defValueName = defDesc.getDescription(locale);
- String defValue = null;
-
- defset.set(ARG_DEF_ID, defName);
- defset.set(ARG_DEF_SYNTAX, defSyntax);
- defset.set(ARG_DEF_CONSTRAINT, defConstraint);
- defset.set(ARG_DEF_NAME, defValueName);
- defset.set(ARG_DEF_VAL, defValue);
- deflist.add(defset);
+ String defSyntax = defDesc.getSyntax();
+ String defConstraint = defDesc.getConstraint();
+ String defValueName = defDesc.getDescription(locale);
+ String defValue = null;
+
+ defset.set(ARG_DEF_ID, defName);
+ defset.set(ARG_DEF_SYNTAX, defSyntax);
+ defset.set(ARG_DEF_CONSTRAINT, defConstraint);
+ defset.set(ARG_DEF_NAME, defValueName);
+ defset.set(ARG_DEF_VAL, defValue);
+ deflist.add(defset);
}
}
}
@@ -463,11 +441,11 @@ public class ProfileApproveServlet extends ProfileServlet {
/**
* Signed Audit Log Profile ID
- *
- * This method is called to obtain the "ProfileID" for
- * a signed audit log message.
+ *
+ * This method is called to obtain the "ProfileID" for a signed audit log
+ * message.
* <P>
- *
+ *
* @param req HTTP request
* @return id string containing the signed audit log message ProfileID
*/
@@ -493,14 +471,14 @@ public class ProfileApproveServlet extends ProfileServlet {
/**
* Signed Audit Log Profile Operation
- *
- * This method is called to obtain the "Profile Operation" for
- * a signed audit log message.
+ *
+ * This method is called to obtain the "Profile Operation" for a signed
+ * audit log message.
* <P>
- *
+ *
* @param req HTTP request
- * @return operation string containing either OP_APPROVE, OP_DISAPPROVE,
- * or SIGNED_AUDIT_EMPTY_VALUE
+ * @return operation string containing either OP_APPROVE, OP_DISAPPROVE, or
+ * SIGNED_AUDIT_EMPTY_VALUE
*/
private String auditProfileOp(HttpServletRequest req) {
// if no signed audit object exists, bail
@@ -508,13 +486,12 @@ public class ProfileApproveServlet extends ProfileServlet {
return null;
}
- if (mProfileSubId == null ||
- mProfileSubId.equals("")) {
+ if (mProfileSubId == null || mProfileSubId.equals("")) {
mProfileSubId = IProfileSubsystem.ID;
}
- IProfileSubsystem ps = (IProfileSubsystem)
- CMS.getSubsystem(mProfileSubId);
+ IProfileSubsystem ps = (IProfileSubsystem) CMS
+ .getSubsystem(mProfileSubId);
if (ps == null) {
return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
@@ -533,4 +510,3 @@ public class ProfileApproveServlet extends ProfileServlet {
}
}
}
-
generated by cgit (git 2.34.1) at 2024-05-05 10:09:23 +0000