diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java | 260 |
1 files changed, 118 insertions, 142 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java index da24d2c2..4ac119dc 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.util.Enumeration; import java.util.Locale; @@ -46,10 +45,9 @@ import com.netscape.certsrv.template.ArgList; import com.netscape.certsrv.template.ArgSet; import com.netscape.cms.servlet.common.CMSRequest; - /** * Toggle the approval state of a profile - * + * * @version $Revision$, $Date$ */ public class ProfileApproveServlet extends ProfileServlet { @@ -59,10 +57,9 @@ public class ProfileApproveServlet extends ProfileServlet { */ private static final long serialVersionUID = 3956879326742839550L; private static final String PROP_AUTHORITY_ID = "authorityId"; - private String mAuthorityId = null; + private String mAuthorityId = null; - private final static String LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL = - "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4"; + private final static String LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL = "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4"; private final static String OP_APPROVE = "approve"; private final static String OP_DISAPPROVE = "disapprove"; @@ -73,7 +70,7 @@ public class ProfileApproveServlet extends ProfileServlet { /** * initialize the servlet. This servlet uses the template file * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -84,13 +81,14 @@ public class ProfileApproveServlet extends ProfileServlet { /** * Process the HTTP request. * <P> - * + * * <ul> * <li>http.param profileId the id of the profile to change * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL used when an * agent approves/disapproves a cert profile set by the administrator for * automatic approval * </ul> + * * @param cmsReq the object holding the request and response information * @exception EBaseException an error has occurred */ @@ -126,20 +124,18 @@ public class ProfileApproveServlet extends ProfileServlet { auditSubjectID = auditSubjectID(); CMS.debug(e.toString()); log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHENTICATION_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); outputTemplate(request, response, args); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, - ILogger.FAILURE, - auditProfileID, - auditProfileOp); + LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + auditSubjectID, ILogger.FAILURE, auditProfileID, + auditProfileOp); audit(auditMessage); @@ -150,30 +146,28 @@ public class ProfileApproveServlet extends ProfileServlet { try { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "approve"); + mAuthzResourceName, "approve"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } if (authzToken == null) { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHORIZATION_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, - ILogger.FAILURE, - auditProfileID, - auditProfileOp); + LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + auditSubjectID, ILogger.FAILURE, auditProfileID, + auditProfileOp); audit(auditMessage); @@ -193,17 +187,15 @@ public class ProfileApproveServlet extends ProfileServlet { if (ps == null) { CMS.debug("ProfileApproveServlet: ProfileSubsystem not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, - ILogger.FAILURE, - auditProfileID, - auditProfileOp); + LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + auditSubjectID, ILogger.FAILURE, auditProfileID, + auditProfileOp); audit(auditMessage); @@ -214,20 +206,18 @@ public class ProfileApproveServlet extends ProfileServlet { IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId); if (authority == null) { - CMS.debug("ProfileApproveServlet: Authority " + mAuthorityId + - " not found"); + CMS.debug("ProfileApproveServlet: Authority " + mAuthorityId + + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, - ILogger.FAILURE, - auditProfileID, - auditProfileOp); + LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + auditSubjectID, ILogger.FAILURE, auditProfileID, + auditProfileOp); audit(auditMessage); @@ -236,20 +226,18 @@ public class ProfileApproveServlet extends ProfileServlet { IRequestQueue queue = authority.getRequestQueue(); if (queue == null) { - CMS.debug("ProfileApproveServlet: Request Queue of " + - mAuthorityId + " not found"); + CMS.debug("ProfileApproveServlet: Request Queue of " + + mAuthorityId + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, - ILogger.FAILURE, - auditProfileID, - auditProfileOp); + LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + auditSubjectID, ILogger.FAILURE, auditProfileID, + auditProfileOp); audit(auditMessage); @@ -265,60 +253,54 @@ public class ProfileApproveServlet extends ProfileServlet { try { if (ps.isProfileEnable(profileId)) { - if (ps.checkOwner()) { - if (ps.getProfileEnableBy(profileId).equals(userid)) { - ps.disableProfile(profileId); - } else { - // only enableBy can disable profile - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_OWNER")); - outputTemplate(request, response, args); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( + if (ps.checkOwner()) { + if (ps.getProfileEnableBy(profileId).equals(userid)) { + ps.disableProfile(profileId); + } else { + // only enableBy can disable profile + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage( + locale, "CMS_PROFILE_NOT_OWNER")); + outputTemplate(request, response, args); + + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, - ILogger.FAILURE, - auditProfileID, - auditProfileOp); + auditSubjectID, ILogger.FAILURE, + auditProfileID, auditProfileOp); - audit(auditMessage); + audit(auditMessage); - return; + return; + } + } else { + ps.disableProfile(profileId); } - } else { - ps.disableProfile(profileId); - } } else { ps.enableProfile(profileId, userid); } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, - ILogger.SUCCESS, - auditProfileID, - auditProfileOp); + LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + auditSubjectID, ILogger.SUCCESS, auditProfileID, + auditProfileOp); audit(auditMessage); } catch (EProfileException e) { // profile not enabled - CMS.debug("ProfileApproveServlet: profile not error " + - e.toString()); + CMS.debug("ProfileApproveServlet: profile not error " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, - ILogger.FAILURE, - auditProfileID, - auditProfileOp); + LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + auditSubjectID, ILogger.FAILURE, auditProfileID, + auditProfileOp); audit(auditMessage); @@ -327,37 +309,34 @@ public class ProfileApproveServlet extends ProfileServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, - ILogger.FAILURE, - auditProfileID, - auditProfileOp); + LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, auditSubjectID, + ILogger.FAILURE, auditProfileID, auditProfileOp); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - // auditSubjectID, - // ILogger.FAILURE, - // auditProfileID, - // auditProfileOp ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + // auditSubjectID, + // ILogger.FAILURE, + // auditProfileID, + // auditProfileOp ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } try { profile = ps.getProfile(profileId); } catch (EProfileException e) { // profile not found - CMS.debug("ProfileApproveServlet: profile not found " + - e.toString()); + CMS.debug("ProfileApproveServlet: profile not found " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, e.toString()); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, @@ -385,14 +364,13 @@ public class ProfileApproveServlet extends ProfileServlet { while (policyIds.hasMoreElements()) { String id = (String) policyIds.nextElement(); - IProfilePolicy policy = (IProfilePolicy) - profile.getProfilePolicy(setId, id); + IProfilePolicy policy = (IProfilePolicy) profile + .getProfilePolicy(setId, id); // (3) query all the profile policies // (4) default plugins convert request parameters - // into string http parameters - handlePolicy(list, response, locale, - id, policy); + // into string http parameters + handlePolicy(list, response, locale, id, policy); } ArgSet setArg = new ArgSet(); @@ -403,8 +381,8 @@ public class ProfileApproveServlet extends ProfileServlet { args.set(ARG_POLICY_SET_LIST, setlist); args.set(ARG_PROFILE_ID, profileId); - args.set(ARG_PROFILE_IS_ENABLED, - Boolean.toString(ps.isProfileEnable(profileId))); + args.set(ARG_PROFILE_IS_ENABLED, + Boolean.toString(ps.isProfileEnable(profileId))); args.set(ARG_PROFILE_ENABLED_BY, ps.getProfileEnableBy(profileId)); args.set(ARG_PROFILE_NAME, profile.getName(locale)); args.set(ARG_PROFILE_DESC, profile.getDescription(locale)); @@ -413,8 +391,8 @@ public class ProfileApproveServlet extends ProfileServlet { outputTemplate(request, response, args); } - private void handlePolicy(ArgList list, ServletResponse response, - Locale locale, String id, IProfilePolicy policy) { + private void handlePolicy(ArgList list, ServletResponse response, + Locale locale, String id, IProfilePolicy policy) { ArgSet set = new ArgSet(); set.set(ARG_POLICY_ID, id); @@ -434,19 +412,19 @@ public class ProfileApproveServlet extends ProfileServlet { String defName = (String) defNames.nextElement(); IDescriptor defDesc = def.getValueDescriptor(locale, defName); if (defDesc == null) { - CMS.debug("defName=" + defName); + CMS.debug("defName=" + defName); } else { - String defSyntax = defDesc.getSyntax(); - String defConstraint = defDesc.getConstraint(); - String defValueName = defDesc.getDescription(locale); - String defValue = null; - - defset.set(ARG_DEF_ID, defName); - defset.set(ARG_DEF_SYNTAX, defSyntax); - defset.set(ARG_DEF_CONSTRAINT, defConstraint); - defset.set(ARG_DEF_NAME, defValueName); - defset.set(ARG_DEF_VAL, defValue); - deflist.add(defset); + String defSyntax = defDesc.getSyntax(); + String defConstraint = defDesc.getConstraint(); + String defValueName = defDesc.getDescription(locale); + String defValue = null; + + defset.set(ARG_DEF_ID, defName); + defset.set(ARG_DEF_SYNTAX, defSyntax); + defset.set(ARG_DEF_CONSTRAINT, defConstraint); + defset.set(ARG_DEF_NAME, defValueName); + defset.set(ARG_DEF_VAL, defValue); + deflist.add(defset); } } } @@ -463,11 +441,11 @@ public class ProfileApproveServlet extends ProfileServlet { /** * Signed Audit Log Profile ID - * - * This method is called to obtain the "ProfileID" for - * a signed audit log message. + * + * This method is called to obtain the "ProfileID" for a signed audit log + * message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message ProfileID */ @@ -493,14 +471,14 @@ public class ProfileApproveServlet extends ProfileServlet { /** * Signed Audit Log Profile Operation - * - * This method is called to obtain the "Profile Operation" for - * a signed audit log message. + * + * This method is called to obtain the "Profile Operation" for a signed + * audit log message. * <P> - * + * * @param req HTTP request - * @return operation string containing either OP_APPROVE, OP_DISAPPROVE, - * or SIGNED_AUDIT_EMPTY_VALUE + * @return operation string containing either OP_APPROVE, OP_DISAPPROVE, or + * SIGNED_AUDIT_EMPTY_VALUE */ private String auditProfileOp(HttpServletRequest req) { // if no signed audit object exists, bail @@ -508,13 +486,12 @@ public class ProfileApproveServlet extends ProfileServlet { return null; } - if (mProfileSubId == null || - mProfileSubId.equals("")) { + if (mProfileSubId == null || mProfileSubId.equals("")) { mProfileSubId = IProfileSubsystem.ID; } - IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); + IProfileSubsystem ps = (IProfileSubsystem) CMS + .getSubsystem(mProfileSubId); if (ps == null) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -533,4 +510,3 @@ public class ProfileApproveServlet extends ProfileServlet { } } } - |