Class CAProcessor
- java.lang.Object
-
- com.netscape.cms.servlet.processors.Processor
-
- com.netscape.cms.servlet.processors.CAProcessor
-
- Direct Known Subclasses:
CertProcessor
,KRAConnectorProcessor
,SecurityDomainProcessor
public class CAProcessor extends Processor
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
ACL_INFO
static java.lang.String
ACL_METHOD
protected java.lang.String
aclMethod
static java.lang.String
ARG_ERROR_CODE
static java.lang.String
ARG_ERROR_REASON
static java.lang.String
ARG_OP
static java.lang.String
ARG_OUTPUT_CONSTRAINT
static java.lang.String
ARG_OUTPUT_ID
static java.lang.String
ARG_OUTPUT_LIST
static java.lang.String
ARG_OUTPUT_NAME
static java.lang.String
ARG_OUTPUT_SYNTAX
static java.lang.String
ARG_OUTPUT_VAL
static java.lang.String
ARG_PROFILE
static java.lang.String
ARG_PROFILE_APPROVED_BY
static java.lang.String
ARG_PROFILE_DESC
static java.lang.String
ARG_PROFILE_ENABLED_BY
static java.lang.String
ARG_PROFILE_IS_ENABLED
static java.lang.String
ARG_PROFILE_IS_VISIBLE
static java.lang.String
ARG_PROFILE_NAME
static java.lang.String
ARG_PROFILE_REMOTE_ADDR
static java.lang.String
ARG_PROFILE_REMOTE_HOST
static java.lang.String
ARG_PROFILE_SET_ID
static java.lang.String
ARG_RENEWAL_PROFILE_ID
static java.lang.String
ARG_REQUEST_CREATION_TIME
static java.lang.String
ARG_REQUEST_ID
static java.lang.String
ARG_REQUEST_LIST
static java.lang.String
ARG_REQUEST_MODIFICATION_TIME
static java.lang.String
ARG_REQUEST_NONCE
static java.lang.String
ARG_REQUEST_NOTES
static java.lang.String
ARG_REQUEST_OWNER
static java.lang.String
ARG_REQUEST_STATUS
static java.lang.String
ARG_REQUEST_TYPE
static java.lang.String
ARG_REQUESTS
static java.lang.String
AUTH_ID
static java.lang.String
AUTH_MGR
protected java.lang.String
authMgr
protected ICertificateAuthority
authority
protected IAuthzSubsystem
authz
static java.lang.String
AUTHZ_MGR
static java.lang.String
AUTHZ_RESOURCE_NAME
protected java.lang.String
authzResourceName
static java.lang.String
CERT_ATTR
protected ICertificateRepository
certdb
static java.lang.String
GET_CLIENT_CERT
protected java.lang.String
getClientCert
static java.lang.String
HDR_LANG
static java.lang.String
PROFILE_ID
static java.lang.String
PROFILE_SUB_ID
protected java.lang.String
profileID
protected java.lang.String
profileSubId
protected IProfileSubsystem
ps
protected IRequestQueue
queue
protected java.util.LinkedHashSet<java.lang.String>
statEvents
protected IUGSubsystem
ug
protected ICertUserLocator
ul
-
Constructor Summary
Constructors Constructor Description CAProcessor(java.lang.String id, java.util.Locale locale)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description protected java.lang.String
auditGroupID()
protected java.lang.String
auditGroups(java.lang.String SubjectID)
Signed Audit Groups This method is called to extract all "groups" associated with the "auditSubjectID()".protected java.lang.String
auditRequesterID(IRequest request)
Signed Audit Log Requester ID This method is called to obtain the "RequesterID" for a signed audit log message.protected java.lang.String
auditSubjectID()
IAuthToken
authenticate(IProfileAuthenticator authenticator, javax.servlet.http.HttpServletRequest request, IRequest origReq, SessionContext context, AuthCredentials credentials)
AUTHENTICATION FUNCTIONS (move to Realm?)IAuthToken
authenticate(IProfileAuthenticator authenticator, javax.servlet.http.HttpServletRequest request, AuthCredentials credentials)
IAuthToken
authenticate(javax.servlet.http.HttpServletRequest httpReq)
IAuthToken
authenticate(javax.servlet.http.HttpServletRequest request, IRequest origReq, IProfileAuthenticator authenticator, SessionContext context, boolean isRenewal, AuthCredentials credentials)
IAuthToken
authenticate(javax.servlet.http.HttpServletRequest httpReq, java.lang.String authMgrName)
AuthzToken
authorize(java.lang.String authzMgrName, IAuthToken authToken, java.lang.String resource, java.lang.String operation)
Authorize must occur after Authenticatevoid
authorize(java.lang.String profileId, IProfile profile, IAuthToken authToken)
AuthzToken
authorize(java.lang.String authzMgrName, java.lang.String resource, IAuthToken authToken, java.lang.String exp)
AUTHZ FNCTIONS (to be moved to Realm?)void
endAllEvents()
void
endTiming(java.lang.String event)
protected IRequest
getOriginalRequest(java.math.BigInteger certSerial, ICertRecord rec)
java.lang.String
getProfileID()
IProfileSubsystem
getProfileSubsystem()
IRequest
getRequest(java.lang.String rid)
Utility Functionsstatic java.security.cert.X509Certificate
getSSLClientCertificate(javax.servlet.http.HttpServletRequest httpReq)
get ssl client authenticated certificateprotected void
printParameterValues(java.util.HashMap<java.lang.String,java.lang.String> data)
static void
saveAuthToken(IAuthToken token, IRequest req)
void
startTiming(java.lang.String event)
Stats - to be moved to Stats moduleprotected static java.util.Hashtable<java.lang.String,java.lang.String>
toHashtable(javax.servlet.http.HttpServletRequest req)
void
validateNonce(javax.servlet.http.HttpServletRequest servletRequest, java.lang.String name, java.lang.Object id, java.lang.Long nonce)
-
Methods inherited from class com.netscape.cms.servlet.processors.Processor
getParams, getUserMessage, log
-
-
-
-
Field Detail
-
ARG_REQUEST_OWNER
public static final java.lang.String ARG_REQUEST_OWNER
- See Also:
- Constant Field Values
-
HDR_LANG
public static final java.lang.String HDR_LANG
- See Also:
- Constant Field Values
-
ARG_PROFILE
public static final java.lang.String ARG_PROFILE
- See Also:
- Constant Field Values
-
ARG_REQUEST_NOTES
public static final java.lang.String ARG_REQUEST_NOTES
- See Also:
- Constant Field Values
-
ARG_RENEWAL_PROFILE_ID
public static final java.lang.String ARG_RENEWAL_PROFILE_ID
- See Also:
- Constant Field Values
-
ARG_PROFILE_IS_ENABLED
public static final java.lang.String ARG_PROFILE_IS_ENABLED
- See Also:
- Constant Field Values
-
ARG_PROFILE_IS_VISIBLE
public static final java.lang.String ARG_PROFILE_IS_VISIBLE
- See Also:
- Constant Field Values
-
ARG_PROFILE_ENABLED_BY
public static final java.lang.String ARG_PROFILE_ENABLED_BY
- See Also:
- Constant Field Values
-
ARG_PROFILE_APPROVED_BY
public static final java.lang.String ARG_PROFILE_APPROVED_BY
- See Also:
- Constant Field Values
-
ARG_PROFILE_NAME
public static final java.lang.String ARG_PROFILE_NAME
- See Also:
- Constant Field Values
-
ARG_PROFILE_DESC
public static final java.lang.String ARG_PROFILE_DESC
- See Also:
- Constant Field Values
-
ARG_PROFILE_REMOTE_HOST
public static final java.lang.String ARG_PROFILE_REMOTE_HOST
- See Also:
- Constant Field Values
-
ARG_PROFILE_REMOTE_ADDR
public static final java.lang.String ARG_PROFILE_REMOTE_ADDR
- See Also:
- Constant Field Values
-
ARG_PROFILE_SET_ID
public static final java.lang.String ARG_PROFILE_SET_ID
- See Also:
- Constant Field Values
-
ARG_OUTPUT_LIST
public static final java.lang.String ARG_OUTPUT_LIST
- See Also:
- Constant Field Values
-
ARG_OUTPUT_ID
public static final java.lang.String ARG_OUTPUT_ID
- See Also:
- Constant Field Values
-
ARG_OUTPUT_SYNTAX
public static final java.lang.String ARG_OUTPUT_SYNTAX
- See Also:
- Constant Field Values
-
ARG_OUTPUT_CONSTRAINT
public static final java.lang.String ARG_OUTPUT_CONSTRAINT
- See Also:
- Constant Field Values
-
ARG_OUTPUT_NAME
public static final java.lang.String ARG_OUTPUT_NAME
- See Also:
- Constant Field Values
-
ARG_OUTPUT_VAL
public static final java.lang.String ARG_OUTPUT_VAL
- See Also:
- Constant Field Values
-
ARG_REQUEST_LIST
public static final java.lang.String ARG_REQUEST_LIST
- See Also:
- Constant Field Values
-
ARG_REQUEST_ID
public static final java.lang.String ARG_REQUEST_ID
- See Also:
- Constant Field Values
-
ARG_REQUEST_TYPE
public static final java.lang.String ARG_REQUEST_TYPE
- See Also:
- Constant Field Values
-
ARG_REQUEST_STATUS
public static final java.lang.String ARG_REQUEST_STATUS
- See Also:
- Constant Field Values
-
ARG_REQUEST_CREATION_TIME
public static final java.lang.String ARG_REQUEST_CREATION_TIME
- See Also:
- Constant Field Values
-
ARG_REQUEST_MODIFICATION_TIME
public static final java.lang.String ARG_REQUEST_MODIFICATION_TIME
- See Also:
- Constant Field Values
-
ARG_REQUEST_NONCE
public static final java.lang.String ARG_REQUEST_NONCE
- See Also:
- Constant Field Values
-
ARG_OP
public static final java.lang.String ARG_OP
- See Also:
- Constant Field Values
-
ARG_REQUESTS
public static final java.lang.String ARG_REQUESTS
- See Also:
- Constant Field Values
-
ARG_ERROR_CODE
public static final java.lang.String ARG_ERROR_CODE
- See Also:
- Constant Field Values
-
ARG_ERROR_REASON
public static final java.lang.String ARG_ERROR_REASON
- See Also:
- Constant Field Values
-
CERT_ATTR
public static final java.lang.String CERT_ATTR
- See Also:
- Constant Field Values
-
PROFILE_ID
public static final java.lang.String PROFILE_ID
- See Also:
- Constant Field Values
-
AUTH_ID
public static final java.lang.String AUTH_ID
- See Also:
- Constant Field Values
-
ACL_METHOD
public static final java.lang.String ACL_METHOD
- See Also:
- Constant Field Values
-
AUTHZ_RESOURCE_NAME
public static final java.lang.String AUTHZ_RESOURCE_NAME
- See Also:
- Constant Field Values
-
AUTH_MGR
public static final java.lang.String AUTH_MGR
- See Also:
- Constant Field Values
-
AUTHZ_MGR
public static final java.lang.String AUTHZ_MGR
- See Also:
- Constant Field Values
-
GET_CLIENT_CERT
public static final java.lang.String GET_CLIENT_CERT
- See Also:
- Constant Field Values
-
ACL_INFO
public static final java.lang.String ACL_INFO
- See Also:
- Constant Field Values
-
PROFILE_SUB_ID
public static final java.lang.String PROFILE_SUB_ID
- See Also:
- Constant Field Values
-
profileID
protected java.lang.String profileID
-
profileSubId
protected java.lang.String profileSubId
-
aclMethod
protected java.lang.String aclMethod
-
authzResourceName
protected java.lang.String authzResourceName
-
authMgr
protected java.lang.String authMgr
-
getClientCert
protected java.lang.String getClientCert
-
authority
protected ICertificateAuthority authority
-
authz
protected IAuthzSubsystem authz
-
ug
protected IUGSubsystem ug
-
ul
protected ICertUserLocator ul
-
queue
protected IRequestQueue queue
-
ps
protected IProfileSubsystem ps
-
certdb
protected ICertificateRepository certdb
-
statEvents
protected java.util.LinkedHashSet<java.lang.String> statEvents
-
-
Constructor Detail
-
CAProcessor
public CAProcessor(java.lang.String id, java.util.Locale locale) throws EPropertyNotFound, EBaseException
- Throws:
EPropertyNotFound
EBaseException
-
-
Method Detail
-
getProfileID
public java.lang.String getProfileID()
-
getProfileSubsystem
public IProfileSubsystem getProfileSubsystem()
-
startTiming
public void startTiming(java.lang.String event)
Stats - to be moved to Stats module
-
endTiming
public void endTiming(java.lang.String event)
-
endAllEvents
public void endAllEvents()
-
getRequest
public IRequest getRequest(java.lang.String rid) throws EBaseException
Utility Functions- Throws:
EBaseException
-
getOriginalRequest
protected IRequest getOriginalRequest(java.math.BigInteger certSerial, ICertRecord rec) throws EBaseException
- Throws:
EBaseException
-
printParameterValues
protected void printParameterValues(java.util.HashMap<java.lang.String,java.lang.String> data)
-
getSSLClientCertificate
public static java.security.cert.X509Certificate getSSLClientCertificate(javax.servlet.http.HttpServletRequest httpReq) throws EBaseException
get ssl client authenticated certificate- Throws:
EBaseException
-
toHashtable
protected static java.util.Hashtable<java.lang.String,java.lang.String> toHashtable(javax.servlet.http.HttpServletRequest req)
-
authenticate
public IAuthToken authenticate(IProfileAuthenticator authenticator, javax.servlet.http.HttpServletRequest request, IRequest origReq, SessionContext context, AuthCredentials credentials) throws EBaseException
AUTHENTICATION FUNCTIONS (move to Realm?)- Throws:
EBaseException
-
authenticate
public IAuthToken authenticate(IProfileAuthenticator authenticator, javax.servlet.http.HttpServletRequest request, AuthCredentials credentials) throws EBaseException
- Throws:
EBaseException
-
authenticate
public IAuthToken authenticate(javax.servlet.http.HttpServletRequest request, IRequest origReq, IProfileAuthenticator authenticator, SessionContext context, boolean isRenewal, AuthCredentials credentials) throws EBaseException
- Throws:
EBaseException
-
authenticate
public IAuthToken authenticate(javax.servlet.http.HttpServletRequest httpReq) throws EBaseException
- Throws:
EBaseException
-
saveAuthToken
public static void saveAuthToken(IAuthToken token, IRequest req)
-
authenticate
public IAuthToken authenticate(javax.servlet.http.HttpServletRequest httpReq, java.lang.String authMgrName) throws EBaseException
- Throws:
EBaseException
-
authorize
public AuthzToken authorize(java.lang.String authzMgrName, java.lang.String resource, IAuthToken authToken, java.lang.String exp) throws EBaseException
AUTHZ FNCTIONS (to be moved to Realm?)- Throws:
EBaseException
-
authorize
public AuthzToken authorize(java.lang.String authzMgrName, IAuthToken authToken, java.lang.String resource, java.lang.String operation)
Authorize must occur after Authenticate- signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization has failed
- signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization is successful
- signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a role (in current CS that's when one accesses a role port)
- Parameters:
authzMgrName
- string representing the name of the authorization managerauthToken
- the authentication tokenresource
- a string representing the ACL resource id as defined in the ACL resource listoperation
- a string representing one of the operations as defined within the ACL statement (e. g. - "read" for an ACL statement containing "(read,write)")- Returns:
- the authorization token
- Throws:
EBaseException
- an error has occurred
-
authorize
public void authorize(java.lang.String profileId, IProfile profile, IAuthToken authToken) throws EBaseException
- Throws:
EBaseException
-
auditRequesterID
protected java.lang.String auditRequesterID(IRequest request)
Signed Audit Log Requester ID This method is called to obtain the "RequesterID" for a signed audit log message.- Parameters:
request
- the actual request- Returns:
- id string containing the signed audit log message RequesterID
-
auditSubjectID
protected java.lang.String auditSubjectID()
-
auditGroupID
protected java.lang.String auditGroupID()
-
auditGroups
protected java.lang.String auditGroups(java.lang.String SubjectID)
Signed Audit Groups This method is called to extract all "groups" associated with the "auditSubjectID()".- Parameters:
SubjectID
- string containing the signed audit log message SubjectID- Returns:
- a delimited string of groups associated with the "auditSubjectID()"
-
validateNonce
public void validateNonce(javax.servlet.http.HttpServletRequest servletRequest, java.lang.String name, java.lang.Object id, java.lang.Long nonce) throws EBaseException
- Throws:
EBaseException
-
-