com.netscape.cms.servlet.processors

Class CAProcessor

java.lang.Object

com.netscape.cms.servlet.processors.Processor

com.netscape.cms.servlet.processors.CAProcessor

Direct Known Subclasses:

CertProcessor, KRAConnectorProcessor, SecurityDomainProcessor

public class CAProcessor
extends Processor

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	ACL_INFO
static java.lang.String	ACL_METHOD
protected java.lang.String	aclMethod
static java.lang.String	ARG_AUTH_TOKEN
static java.lang.String	ARG_ERROR_CODE
static java.lang.String	ARG_ERROR_REASON
static java.lang.String	ARG_OP
static java.lang.String	ARG_OUTPUT_CONSTRAINT
static java.lang.String	ARG_OUTPUT_ID
static java.lang.String	ARG_OUTPUT_LIST
static java.lang.String	ARG_OUTPUT_NAME
static java.lang.String	ARG_OUTPUT_SYNTAX
static java.lang.String	ARG_OUTPUT_VAL
static java.lang.String	ARG_PROFILE
static java.lang.String	ARG_PROFILE_APPROVED_BY
static java.lang.String	ARG_PROFILE_DESC
static java.lang.String	ARG_PROFILE_ENABLED_BY
static java.lang.String	ARG_PROFILE_ID
static java.lang.String	ARG_PROFILE_IS_ENABLED
static java.lang.String	ARG_PROFILE_IS_VISIBLE
static java.lang.String	ARG_PROFILE_NAME
static java.lang.String	ARG_PROFILE_REMOTE_ADDR
static java.lang.String	ARG_PROFILE_REMOTE_HOST
static java.lang.String	ARG_PROFILE_SET_ID
static java.lang.String	ARG_RENEWAL_PROFILE_ID
static java.lang.String	ARG_REQUEST_CREATION_TIME
static java.lang.String	ARG_REQUEST_ID
static java.lang.String	ARG_REQUEST_LIST
static java.lang.String	ARG_REQUEST_MODIFICATION_TIME
static java.lang.String	ARG_REQUEST_NONCE
static java.lang.String	ARG_REQUEST_NOTES
static java.lang.String	ARG_REQUEST_OWNER
static java.lang.String	ARG_REQUEST_STATUS
static java.lang.String	ARG_REQUEST_TYPE
static java.lang.String	ARG_REQUESTS
static java.lang.String	AUTH_ID
static java.lang.String	AUTH_MGR
protected java.lang.String	authMgr
protected ICertificateAuthority	authority
static java.lang.String	AUTHORITY_ID
protected IAuthzSubsystem	authz
static java.lang.String	AUTHZ_MGR
static java.lang.String	AUTHZ_RESOURCE_NAME
protected java.lang.String	authzResourceName
static java.lang.String	CERT_ATTR
protected ICertificateRepository	certdb
static java.lang.String	GET_CLIENT_CERT
protected java.lang.String	getClientCert
static java.lang.String	HDR_LANG
static java.lang.String	LOGGING_SIGNED_AUDIT_AUTH_FAIL
static java.lang.String	LOGGING_SIGNED_AUDIT_AUTH_SUCCESS
static java.lang.String	LOGGING_SIGNED_AUDIT_AUTHZ_FAIL
static java.lang.String	LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS
static java.lang.String	LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED
static java.lang.String	LOGGING_SIGNED_AUDIT_ROLE_ASSUME
static java.lang.String	PROFILE_ID
static java.lang.String	PROFILE_SUB_ID
protected java.lang.String	profileID
protected java.lang.String	profileSubId
protected IProfileSubsystem	ps
protected IRequestQueue	queue
static java.lang.String	SIGNED_AUDIT_CERT_REQUEST_REASON
protected ILogger	signedAuditLogger
protected java.util.LinkedHashSet<java.lang.String>	statEvents
protected IUGSubsystem	ug
protected ICertUserLocator	ul

Fields inherited from class com.netscape.cms.servlet.processors.Processor

auditor, id, locale, logger

Constructor Summary

Constructors

Constructor and Description
CAProcessor(java.lang.String id, java.util.Locale locale)

Method Summary

Modifier and Type	Method and Description
protected void	audit(java.lang.String msg) AUDIT FUNCTIONS (to be moved to Auditor?)
protected java.lang.String	auditGroupID()
protected java.lang.String	auditGroups(java.lang.String SubjectID) Signed Audit Groups This method is called to extract all "groups" associated with the "auditSubjectID()".
protected java.lang.String	auditInfoCertValue(IRequest request) Signed Audit Log Info Certificate Value This method is called to obtain the certificate from the passed in "X509CertImpl" for a signed audit log message.
protected java.lang.String	auditInfoCertValue(netscape.security.x509.X509CertImpl x509cert) Signed Audit Log Info Certificate Value This method is called to obtain the certificate from the passed in "X509CertImpl" for a signed audit log message.
protected java.lang.String	auditInfoValue(IRequest request) Signed Audit Log Info Value This method is called to obtain the "reason" for a signed audit log message.
protected java.lang.String	auditRequesterID(IRequest request) Signed Audit Log Requester ID This method is called to obtain the "RequesterID" for a signed audit log message.
protected java.lang.String	auditSubjectID()
IAuthToken	authenticate(javax.servlet.http.HttpServletRequest httpReq)
IAuthToken	authenticate(javax.servlet.http.HttpServletRequest request, IRequest origReq, IProfileAuthenticator authenticator, SessionContext context, boolean isRenewal, AuthCredentials credentials)
IAuthToken	authenticate(javax.servlet.http.HttpServletRequest httpReq, java.lang.String authMgrName)
IAuthToken	authenticate(IProfileAuthenticator authenticator, javax.servlet.http.HttpServletRequest request, AuthCredentials credentials)
IAuthToken	authenticate(IProfileAuthenticator authenticator, javax.servlet.http.HttpServletRequest request, IRequest origReq, SessionContext context, AuthCredentials credentials) AUTHENTICATION FUNCTIONS (move to Realm?)
AuthzToken	authorize(java.lang.String authzMgrName, IAuthToken authToken, java.lang.String resource, java.lang.String operation) Authorize must occur after Authenticate
void	authorize(java.lang.String profileId, IProfile profile, IAuthToken authToken)
AuthzToken	authorize(java.lang.String authzMgrName, java.lang.String resource, IAuthToken authToken, java.lang.String exp) AUTHZ FNCTIONS (to be moved to Realm?)
void	endAllEvents()
void	endTiming(java.lang.String event)
protected IRequest	getOriginalRequest(java.math.BigInteger certSerial, ICertRecord rec)
java.lang.String	getProfileID()
IProfileSubsystem	getProfileSubsystem()
IRequest	getRequest(java.lang.String rid) Utility Functions
static java.security.cert.X509Certificate	getSSLClientCertificate(javax.servlet.http.HttpServletRequest httpReq) get ssl client authenticated certificate
protected void	printParameterValues(java.util.HashMap<java.lang.String,java.lang.String> data)
static void	saveAuthToken(IAuthToken token, IRequest req)
void	startTiming(java.lang.String event) Stats - to be moved to Stats module
protected static java.util.Hashtable<java.lang.String,java.lang.String>	toHashtable(javax.servlet.http.HttpServletRequest req)
void	validateNonce(javax.servlet.http.HttpServletRequest servletRequest, java.lang.String name, java.lang.Object id, java.lang.Long nonce)

Methods inherited from class com.netscape.cms.servlet.processors.Processor

audit, getParams, getUserMessage, log

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ARG_AUTH_TOKEN

public static final java.lang.String ARG_AUTH_TOKEN

See Also:

Constant Field Values

ARG_REQUEST_OWNER

public static final java.lang.String ARG_REQUEST_OWNER

See Also:

Constant Field Values

HDR_LANG

public static final java.lang.String HDR_LANG

See Also:

Constant Field Values

ARG_PROFILE

public static final java.lang.String ARG_PROFILE

See Also:

Constant Field Values

ARG_REQUEST_NOTES

public static final java.lang.String ARG_REQUEST_NOTES

See Also:

Constant Field Values

ARG_PROFILE_ID

public static final java.lang.String ARG_PROFILE_ID

See Also:

Constant Field Values

ARG_RENEWAL_PROFILE_ID

public static final java.lang.String ARG_RENEWAL_PROFILE_ID

See Also:

Constant Field Values

ARG_PROFILE_IS_ENABLED

public static final java.lang.String ARG_PROFILE_IS_ENABLED

See Also:

Constant Field Values

ARG_PROFILE_IS_VISIBLE

public static final java.lang.String ARG_PROFILE_IS_VISIBLE

See Also:

Constant Field Values

ARG_PROFILE_ENABLED_BY

public static final java.lang.String ARG_PROFILE_ENABLED_BY

See Also:

Constant Field Values

ARG_PROFILE_APPROVED_BY

public static final java.lang.String ARG_PROFILE_APPROVED_BY

See Also:

Constant Field Values

ARG_PROFILE_NAME

public static final java.lang.String ARG_PROFILE_NAME

See Also:

Constant Field Values

ARG_PROFILE_DESC

public static final java.lang.String ARG_PROFILE_DESC

See Also:

Constant Field Values

ARG_PROFILE_REMOTE_HOST

public static final java.lang.String ARG_PROFILE_REMOTE_HOST

See Also:

Constant Field Values

ARG_PROFILE_REMOTE_ADDR

public static final java.lang.String ARG_PROFILE_REMOTE_ADDR

See Also:

Constant Field Values

ARG_PROFILE_SET_ID

public static final java.lang.String ARG_PROFILE_SET_ID

See Also:

Constant Field Values

ARG_OUTPUT_LIST

public static final java.lang.String ARG_OUTPUT_LIST

See Also:

Constant Field Values

ARG_OUTPUT_ID

public static final java.lang.String ARG_OUTPUT_ID

See Also:

Constant Field Values

ARG_OUTPUT_SYNTAX

public static final java.lang.String ARG_OUTPUT_SYNTAX

See Also:

Constant Field Values

ARG_OUTPUT_CONSTRAINT

public static final java.lang.String ARG_OUTPUT_CONSTRAINT

See Also:

Constant Field Values

ARG_OUTPUT_NAME

public static final java.lang.String ARG_OUTPUT_NAME

See Also:

Constant Field Values

ARG_OUTPUT_VAL

public static final java.lang.String ARG_OUTPUT_VAL

See Also:

Constant Field Values

ARG_REQUEST_LIST

public static final java.lang.String ARG_REQUEST_LIST

See Also:

Constant Field Values

ARG_REQUEST_ID

public static final java.lang.String ARG_REQUEST_ID

See Also:

Constant Field Values

ARG_REQUEST_TYPE

public static final java.lang.String ARG_REQUEST_TYPE

See Also:

Constant Field Values

ARG_REQUEST_STATUS

public static final java.lang.String ARG_REQUEST_STATUS

See Also:

Constant Field Values

ARG_REQUEST_CREATION_TIME

public static final java.lang.String ARG_REQUEST_CREATION_TIME

See Also:

Constant Field Values

ARG_REQUEST_MODIFICATION_TIME

public static final java.lang.String ARG_REQUEST_MODIFICATION_TIME

See Also:

Constant Field Values

ARG_REQUEST_NONCE

public static final java.lang.String ARG_REQUEST_NONCE

See Also:

Constant Field Values

ARG_OP

public static final java.lang.String ARG_OP

See Also:

Constant Field Values

ARG_REQUESTS

public static final java.lang.String ARG_REQUESTS

See Also:

Constant Field Values

ARG_ERROR_CODE

public static final java.lang.String ARG_ERROR_CODE

See Also:

Constant Field Values

ARG_ERROR_REASON

public static final java.lang.String ARG_ERROR_REASON

See Also:

Constant Field Values

CERT_ATTR

public static final java.lang.String CERT_ATTR

See Also:

Constant Field Values

PROFILE_ID

public static final java.lang.String PROFILE_ID

See Also:

Constant Field Values

AUTH_ID

public static final java.lang.String AUTH_ID

See Also:

Constant Field Values

ACL_METHOD

public static final java.lang.String ACL_METHOD

See Also:

Constant Field Values

AUTHZ_RESOURCE_NAME

public static final java.lang.String AUTHZ_RESOURCE_NAME

See Also:

Constant Field Values

AUTH_MGR

public static final java.lang.String AUTH_MGR

See Also:

Constant Field Values

AUTHZ_MGR

public static final java.lang.String AUTHZ_MGR

See Also:

Constant Field Values

GET_CLIENT_CERT

public static final java.lang.String GET_CLIENT_CERT

See Also:

Constant Field Values

ACL_INFO

public static final java.lang.String ACL_INFO

See Also:

Constant Field Values

AUTHORITY_ID

public static final java.lang.String AUTHORITY_ID

See Also:

Constant Field Values

PROFILE_SUB_ID

public static final java.lang.String PROFILE_SUB_ID

See Also:

Constant Field Values

LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED

public static final java.lang.String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED

See Also:

Constant Field Values

LOGGING_SIGNED_AUDIT_AUTH_FAIL

public static final java.lang.String LOGGING_SIGNED_AUDIT_AUTH_FAIL

See Also:

Constant Field Values

LOGGING_SIGNED_AUDIT_AUTH_SUCCESS

public static final java.lang.String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS

See Also:

Constant Field Values

LOGGING_SIGNED_AUDIT_AUTHZ_FAIL

public static final java.lang.String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL

See Also:

Constant Field Values

LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS

public static final java.lang.String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS

See Also:

Constant Field Values

LOGGING_SIGNED_AUDIT_ROLE_ASSUME

public static final java.lang.String LOGGING_SIGNED_AUDIT_ROLE_ASSUME

See Also:

Constant Field Values

SIGNED_AUDIT_CERT_REQUEST_REASON

public static final java.lang.String SIGNED_AUDIT_CERT_REQUEST_REASON

See Also:

Constant Field Values

profileID

protected java.lang.String profileID

profileSubId

protected java.lang.String profileSubId

aclMethod

protected java.lang.String aclMethod

authzResourceName

protected java.lang.String authzResourceName

authMgr

protected java.lang.String authMgr

getClientCert

protected java.lang.String getClientCert

authority

protected ICertificateAuthority authority

authz

protected IAuthzSubsystem authz

ug

protected IUGSubsystem ug

ul

protected ICertUserLocator ul

queue

protected IRequestQueue queue

ps

protected IProfileSubsystem ps

certdb

protected ICertificateRepository certdb

signedAuditLogger

protected ILogger signedAuditLogger

statEvents

protected java.util.LinkedHashSet<java.lang.String> statEvents

Constructor Detail

CAProcessor

public CAProcessor(java.lang.String id,
                   java.util.Locale locale)
            throws EPropertyNotFound,
                   EBaseException

Throws:

EPropertyNotFound

EBaseException

Method Detail

getProfileID

public java.lang.String getProfileID()

getProfileSubsystem

public IProfileSubsystem getProfileSubsystem()

startTiming

public void startTiming(java.lang.String event)

Stats - to be moved to Stats module

endTiming

public void endTiming(java.lang.String event)

endAllEvents

public void endAllEvents()

getRequest

public IRequest getRequest(java.lang.String rid)
                    throws EBaseException

Utility Functions

Throws:

EBaseException

getOriginalRequest

protected IRequest getOriginalRequest(java.math.BigInteger certSerial,
                                      ICertRecord rec)
                               throws EBaseException

Throws:

EBaseException

printParameterValues

protected void printParameterValues(java.util.HashMap<java.lang.String,java.lang.String> data)

getSSLClientCertificate

public static java.security.cert.X509Certificate getSSLClientCertificate(javax.servlet.http.HttpServletRequest httpReq)
                                                                  throws EBaseException

get ssl client authenticated certificate

Throws:

EBaseException

toHashtable

protected static java.util.Hashtable<java.lang.String,java.lang.String> toHashtable(javax.servlet.http.HttpServletRequest req)

authenticate

public IAuthToken authenticate(IProfileAuthenticator authenticator,
                               javax.servlet.http.HttpServletRequest request,
                               IRequest origReq,
                               SessionContext context,
                               AuthCredentials credentials)
                        throws EBaseException

AUTHENTICATION FUNCTIONS (move to Realm?)

Throws:

EBaseException

authenticate

public IAuthToken authenticate(IProfileAuthenticator authenticator,
                               javax.servlet.http.HttpServletRequest request,
                               AuthCredentials credentials)
                        throws EBaseException

Throws:

EBaseException

authenticate

public IAuthToken authenticate(javax.servlet.http.HttpServletRequest request,
                               IRequest origReq,
                               IProfileAuthenticator authenticator,
                               SessionContext context,
                               boolean isRenewal,
                               AuthCredentials credentials)
                        throws EBaseException

Throws:

EBaseException

authenticate

public IAuthToken authenticate(javax.servlet.http.HttpServletRequest httpReq)
                        throws EBaseException

Throws:

EBaseException

saveAuthToken

public static void saveAuthToken(IAuthToken token,
                                 IRequest req)

authenticate

public IAuthToken authenticate(javax.servlet.http.HttpServletRequest httpReq,
                               java.lang.String authMgrName)
                        throws EBaseException

Throws:

EBaseException

authorize

public AuthzToken authorize(java.lang.String authzMgrName,
                            java.lang.String resource,
                            IAuthToken authToken,
                            java.lang.String exp)
                     throws EBaseException

AUTHZ FNCTIONS (to be moved to Realm?)

Throws:

EBaseException

authorize

public AuthzToken authorize(java.lang.String authzMgrName,
                            IAuthToken authToken,
                            java.lang.String resource,
                            java.lang.String operation)

Authorize must occur after Authenticate

• signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization has failed
• signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization is successful
• signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a role (in current CS that's when one accesses a role port)

Parameters:

authzMgrName - string representing the name of the authorization manager

authToken - the authentication token

resource - a string representing the ACL resource id as defined in the ACL resource list

operation - a string representing one of the operations as defined within the ACL statement (e. g. - "read" for an ACL statement containing "(read,write)")

Returns:

the authorization token

Throws:

EBaseException - an error has occurred

authorize

public void authorize(java.lang.String profileId,
                      IProfile profile,
                      IAuthToken authToken)
               throws EBaseException

Throws:

EBaseException

audit

protected void audit(java.lang.String msg)

AUDIT FUNCTIONS (to be moved to Auditor?)

auditRequesterID

protected java.lang.String auditRequesterID(IRequest request)

Signed Audit Log Requester ID This method is called to obtain the "RequesterID" for a signed audit log message.

Parameters:

request - the actual request

Returns:

id string containing the signed audit log message RequesterID

auditInfoCertValue

protected java.lang.String auditInfoCertValue(IRequest request)

Signed Audit Log Info Certificate Value This method is called to obtain the certificate from the passed in "X509CertImpl" for a signed audit log message.

Parameters:

request - request containing an X509CertImpl

Returns:

cert string containing the certificate

auditSubjectID

protected java.lang.String auditSubjectID()

auditGroupID

protected java.lang.String auditGroupID()

auditInfoValue

protected java.lang.String auditInfoValue(IRequest request)

Signed Audit Log Info Value This method is called to obtain the "reason" for a signed audit log message.

Parameters:

request - the actual request

Returns:

reason string containing the signed audit log message reason

auditInfoCertValue

protected java.lang.String auditInfoCertValue(netscape.security.x509.X509CertImpl x509cert)

Signed Audit Log Info Certificate Value This method is called to obtain the certificate from the passed in "X509CertImpl" for a signed audit log message.

Parameters:

x509cert - an X509CertImpl

Returns:

cert string containing the certificate

auditGroups

protected java.lang.String auditGroups(java.lang.String SubjectID)

Signed Audit Groups This method is called to extract all "groups" associated with the "auditSubjectID()".

Parameters:

SubjectID - string containing the signed audit log message SubjectID

Returns:

a delimited string of groups associated with the "auditSubjectID()"

validateNonce

public void validateNonce(javax.servlet.http.HttpServletRequest servletRequest,
                          java.lang.String name,
                          java.lang.Object id,
                          java.lang.Long nonce)
                   throws EBaseException

Throws:

EBaseException