From 4814dac89057759f929a177141a4658f095dc87c Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Fri, 11 Sep 2015 22:54:56 +0200 Subject: [PATCH] Refactored LDAPSecurityDomainSessionTable. The LDAPSecurityDomainSessionTable has been modified to throw an exception if there is a failure. https://fedorahosted.org/pki/ticket/1633 --- .../certsrv/base/ISecurityDomainSessionTable.java | 18 +- .../com/netscape/cms/servlet/base/CMSServlet.java | 24 +-- .../cms/servlet/csadmin/TokenAuthenticate.java | 5 +- .../session/LDAPSecurityDomainSessionTable.java | 192 +++++++++++---------- .../session/SecurityDomainSessionTable.java | 4 +- .../com/netscape/cmscore/session/SessionTimer.java | 12 +- 6 files changed, 134 insertions(+), 121 deletions(-) diff --git a/base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java b/base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java index 9bf3aa24bb655a146a5c7dedb16960183464f205..1986dc00c0ad0175d15cb70fe22df45acb793d0a 100644 --- a/base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java +++ b/base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java @@ -26,25 +26,25 @@ public interface ISecurityDomainSessionTable { public static final int SUCCESS = 0; public static final int FAILURE = 1; - public int addEntry(String cookieId, String ip, String uid, String group); + public int addEntry(String sessionID, String ip, String uid, String group) throws Exception; - public int removeEntry(String sessionId); + public int removeEntry(String sessionID) throws Exception; - public boolean isSessionIdExist(String sessionId); + public boolean sessionExists(String sessionID) throws Exception; - public String getIP(String sessionId); + public String getIP(String sessionID) throws Exception; - public String getUID(String sessionId); + public String getUID(String sessionID) throws Exception; - public String getGroup(String sessionId); + public String getGroup(String sessionID) throws Exception; - public long getBeginTime(String sessionId); + public long getBeginTime(String sessionID) throws Exception; - public int getSize(); + public int getSize() throws Exception; public long getTimeToLive(); - public Enumeration getSessionIds(); + public Enumeration getSessionIDs() throws Exception; public void shutdown(); } diff --git a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java index 67cc7d163dc1f0623c35b6b4c267f9a35bd82b2a..99b15c77d09d8fec0422403a7ef41e1e8f7b08df 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java @@ -44,17 +44,6 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import netscape.security.pkcs.ContentInfo; -import netscape.security.pkcs.PKCS7; -import netscape.security.pkcs.SignerInfo; -import netscape.security.x509.AlgorithmId; -import netscape.security.x509.CRLExtensions; -import netscape.security.x509.CRLReasonExtension; -import netscape.security.x509.CertificateChain; -import netscape.security.x509.RevocationReason; -import netscape.security.x509.RevokedCertImpl; -import netscape.security.x509.X509CertImpl; - import org.w3c.dom.Node; import com.netscape.certsrv.apps.CMS; @@ -100,6 +89,17 @@ import com.netscape.cms.servlet.common.ServletUtils; import com.netscape.cmsutil.util.Utils; import com.netscape.cmsutil.xml.XMLObject; +import netscape.security.pkcs.ContentInfo; +import netscape.security.pkcs.PKCS7; +import netscape.security.pkcs.SignerInfo; +import netscape.security.x509.AlgorithmId; +import netscape.security.x509.CRLExtensions; +import netscape.security.x509.CRLReasonExtension; +import netscape.security.x509.CertificateChain; +import netscape.security.x509.RevocationReason; +import netscape.security.x509.RevokedCertImpl; +import netscape.security.x509.X509CertImpl; + /** * This is the base class of all CS servlet. * @@ -560,7 +560,7 @@ public abstract class CMSServlet extends HttpServlet { * process the request */ protected void process(CMSRequest cmsRequest) - throws EBaseException { + throws Exception { } /** diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java index 745962c7226973ff72c7b4e8c2fff58365b5b583..27f478235f4bb63ddd0e496af51bd47f20ada5cc 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java @@ -28,7 +28,6 @@ import javax.servlet.http.HttpServletResponse; import org.w3c.dom.Node; import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.ISecurityDomainSessionTable; import com.netscape.cms.servlet.base.CMSServlet; @@ -62,7 +61,7 @@ public class TokenAuthenticate extends CMSServlet { * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) throws EBaseException { + protected void process(CMSRequest cmsReq) throws Exception { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); IConfigStore config = CMS.getConfigStore(); @@ -82,7 +81,7 @@ public class TokenAuthenticate extends CMSServlet { String uid = ""; String gid = ""; CMS.debug("TokenAuthentication: checking session in the session table"); - if (table.isSessionIdExist(sessionId)) { + if (table.sessionExists(sessionId)) { CMS.debug("TokenAuthentication: found session"); if (checkIP) { String hostname = table.getIP(sessionId); diff --git a/base/server/cmscore/src/com/netscape/cmscore/session/LDAPSecurityDomainSessionTable.java b/base/server/cmscore/src/com/netscape/cmscore/session/LDAPSecurityDomainSessionTable.java index bbc9f1a7967510295ffb1f7c6cae30f88b0cf41e..913267df215b6005b2632026f3683cfd8490fac1 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/session/LDAPSecurityDomainSessionTable.java +++ b/base/server/cmscore/src/com/netscape/cmscore/session/LDAPSecurityDomainSessionTable.java @@ -21,6 +21,14 @@ import java.util.Date; import java.util.Enumeration; import java.util.Vector; +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.base.ISecurityDomainSessionTable; +import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.ldap.ELdapException; +import com.netscape.certsrv.ldap.ILdapConnFactory; + import netscape.ldap.LDAPAttribute; import netscape.ldap.LDAPAttributeSet; import netscape.ldap.LDAPConnection; @@ -29,13 +37,6 @@ import netscape.ldap.LDAPException; import netscape.ldap.LDAPSearchResults; import netscape.ldap.LDAPv2; -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.base.ISecurityDomainSessionTable; -import com.netscape.certsrv.ldap.ELdapException; -import com.netscape.certsrv.ldap.ILdapConnFactory; - /** * This object stores the values for IP, uid and group based on the cookie id in LDAP. * Entries are stored under ou=Security Domain, ou=sessions, $basedn @@ -55,48 +56,38 @@ public class LDAPSecurityDomainSessionTable } public int addEntry(String sessionId, String ip, - String uid, String group) { + String uid, String group) throws Exception { IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; - boolean sessions_exists = true; int status = FAILURE; - String basedn = null; - String sessionsdn = null; - try { - basedn = cs.getString("internaldb.basedn"); - sessionsdn = "ou=sessions,ou=Security Domain," + basedn; - } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: addEntry: failed to read basedn" + e); - return status; - } + String basedn = cs.getString("internaldb.basedn"); + String sessionsdn = "ou=sessions,ou=Security Domain," + basedn; try { // create session entry (if it does not exist) conn = mLdapConnFactory.getConn(); - LDAPEntry entry = null; - LDAPAttributeSet attrs = null; - attrs = new LDAPAttributeSet(); + LDAPAttributeSet attrs = new LDAPAttributeSet(); attrs.add(new LDAPAttribute("objectclass", "top")); attrs.add(new LDAPAttribute("objectclass", "organizationalUnit")); attrs.add(new LDAPAttribute("ou", "sessions")); - entry = new LDAPEntry(sessionsdn, attrs); - conn.add(entry); - } catch (Exception e) { - if ((e instanceof LDAPException) - && (((LDAPException) e).getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS)) { - // continue - } else { - CMS.debug("SecurityDomainSessionTable: unable to create ou=sessions:" + e); - sessions_exists = false; + + LDAPEntry entry = new LDAPEntry(sessionsdn, attrs); + + try { + conn.add(entry); + + } catch (LDAPException e) { + if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) { + // continue + } else { + CMS.debug("SecurityDomainSessionTable: Unable to create ou=sessions: " + e); + throw new PKIException("Unable to create ou=sessions", e); + } } - } - // add new entry - try { - LDAPEntry entry = null; - LDAPAttributeSet attrs = null; + // add new entry String entrydn = "cn=" + sessionId + "," + sessionsdn; attrs = new LDAPAttributeSet(); attrs.add(new LDAPAttribute("objectclass", "top")); @@ -108,24 +99,24 @@ public class LDAPSecurityDomainSessionTable attrs.add(new LDAPAttribute("dateOfCreate", Long.toString((new Date()).getTime()))); entry = new LDAPEntry(entrydn, attrs); - if (sessions_exists) { - conn.add(entry); - CMS.debug("SecurityDomainSessionTable: added session entry" + sessionId); - status = SUCCESS; + + conn.add(entry); + + CMS.debug("SecurityDomainSessionTable: added session entry" + sessionId); + status = SUCCESS; + + } finally { + try { + mLdapConnFactory.returnConn(conn); + } catch (Exception e) { + CMS.debug(e); } - } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: unable to create session entry" + sessionId + ": " + e); } - try { - mLdapConnFactory.returnConn(conn); - } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable:addEntry: Error in disconnecting from database: " + e); - } return status; } - public int removeEntry(String sessionId) { + public int removeEntry(String sessionId) throws Exception { IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; int status = FAILURE; @@ -135,26 +126,31 @@ public class LDAPSecurityDomainSessionTable conn = mLdapConnFactory.getConn(); conn.delete(dn); status = SUCCESS; - } catch (Exception e) { - if ((e instanceof LDAPException) - && (((LDAPException) e).getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT)) { + + } catch (LDAPException e) { + if (e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT) { // continue } else { CMS.debug("SecurityDomainSessionTable: unable to delete session " + sessionId + ": " + e); + throw new PKIException("Unable to delete session " + sessionId, e); + } + + } finally { + try { + mLdapConnFactory.returnConn(conn); + } catch (Exception e) { + CMS.debug(e); } } - try { - mLdapConnFactory.returnConn(conn); - } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: removeEntry: Error in disconnecting from database: " + e); - } + return status; } - public boolean isSessionIdExist(String sessionId) { + public boolean sessionExists(String sessionId) throws Exception { IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; boolean ret = false; + try { String basedn = cs.getString("internaldb.basedn"); String sessionsdn = "ou=sessions,ou=Security Domain," + basedn; @@ -165,19 +161,22 @@ public class LDAPSecurityDomainSessionTable LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); if (res.getCount() > 0) ret = true; - } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e); - } - try { - mLdapConnFactory.returnConn(conn); - } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: isSessionIdExist: Error in disconnecting from database: " + e); + } finally { + try { + mLdapConnFactory.returnConn(conn); + } catch (Exception e) { + CMS.debug(e); + } } + return ret; } - public Enumeration getSessionIds() { + public Enumeration getSessionIDs() throws Exception { + + CMS.debug("LDAPSecurityDomainSessionTable: getSessionIds() "); + IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; Vector ret = new Vector(); @@ -188,38 +187,42 @@ public class LDAPSecurityDomainSessionTable String filter = "(objectclass=securityDomainSessionEntry)"; String[] attrs = { "cn" }; + CMS.debug("LDAPSecurityDomainSessionTable: searching " + sessionsdn); + conn = mLdapConnFactory.getConn(); LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); while (res.hasMoreElements()) { LDAPEntry entry = res.next(); LDAPAttribute sid = entry.getAttribute("cn"); if (sid == null) { - throw new Exception("Invalid LDAP Entry." + entry.getDN() + " No session id(cn)."); + CMS.debug("LDAPSecurityDomainSessionTable: Missing session ID: " + entry.getDN()); + throw new Exception("Missing session ID: " + entry.getDN()); } ret.add(sid.getStringValueArray()[0]); } + } catch (LDAPException e) { switch (e.getLDAPResultCode()) { case LDAPException.NO_SUCH_OBJECT: - CMS.debug("SecurityDomainSessionTable: getSessionIds(): no sessions have been created"); + CMS.debug("SecurityDomainSessionTable: No active sessions."); break; default: - CMS.debug("SecurityDomainSessionTable: unable to query sessionIds due to ldap exception: " + e); + CMS.debug("SecurityDomainSessionTable: RC: " + e.getLDAPResultCode()); + throw e; } - } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + e); - } - try { - mLdapConnFactory.returnConn(conn); - } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: getSessionIds: Error in disconnecting from database: " + e); + } finally { + try { + mLdapConnFactory.returnConn(conn); + } catch (Exception e) { + CMS.debug(e); + } } return ret.elements(); } - private String getStringValue(String sessionId, String attr) { + private String getStringValue(String sessionId, String attr) throws Exception { IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; String ret = null; @@ -228,6 +231,7 @@ public class LDAPSecurityDomainSessionTable String sessionsdn = "ou=sessions,ou=Security Domain," + basedn; String filter = "(cn=" + sessionId + ")"; String[] attrs = { attr }; + conn = mLdapConnFactory.getConn(); LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); if (res.getCount() > 0) { @@ -238,31 +242,31 @@ public class LDAPSecurityDomainSessionTable } ret = searchAttribute.getStringValueArray()[0]; } - } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e.getMessage()); - } - try { - mLdapConnFactory.returnConn(conn); - } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: isSessionIdExist: Error in disconnecting from database: " + e); + } finally { + try { + mLdapConnFactory.returnConn(conn); + } catch (Exception e) { + CMS.debug(e); + } } + return ret; } - public String getIP(String sessionId) { + public String getIP(String sessionId) throws Exception { return getStringValue(sessionId, "host"); } - public String getUID(String sessionId) { + public String getUID(String sessionId) throws Exception { return getStringValue(sessionId, "uid"); } - public String getGroup(String sessionId) { + public String getGroup(String sessionId) throws Exception { return getStringValue(sessionId, "cmsUserGroup"); } - public long getBeginTime(String sessionId) { + public long getBeginTime(String sessionId) throws Exception { String beginStr = getStringValue(sessionId, "dateOfCreate"); if (beginStr != null) { return Long.parseLong(beginStr); @@ -274,7 +278,7 @@ public class LDAPSecurityDomainSessionTable return m_timeToLive; } - public int getSize() { + public int getSize() throws Exception { IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; int ret = 0; @@ -288,16 +292,16 @@ public class LDAPSecurityDomainSessionTable conn = mLdapConnFactory.getConn(); LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); ret = res.getCount(); - } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + e); - } - try { - mLdapConnFactory.returnConn(conn); - } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: getSessionIds: Error in disconnecting from database: " + e); + } finally { + try { + mLdapConnFactory.returnConn(conn); + } catch (Exception e) { + CMS.debug(e); + } } + return ret; } diff --git a/base/server/cmscore/src/com/netscape/cmscore/session/SecurityDomainSessionTable.java b/base/server/cmscore/src/com/netscape/cmscore/session/SecurityDomainSessionTable.java index c7fe25599bd07c8d2db5b4529976e873ebe9ea5a..e408a87c959e0661fab0735db8f202da68aef332 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/session/SecurityDomainSessionTable.java +++ b/base/server/cmscore/src/com/netscape/cmscore/session/SecurityDomainSessionTable.java @@ -56,11 +56,11 @@ public class SecurityDomainSessionTable return SUCCESS; } - public boolean isSessionIdExist(String sessionId) { + public boolean sessionExists(String sessionId) { return m_sessions.containsKey(sessionId); } - public Enumeration getSessionIds() { + public Enumeration getSessionIDs() { return m_sessions.keys(); } diff --git a/base/server/cmscore/src/com/netscape/cmscore/session/SessionTimer.java b/base/server/cmscore/src/com/netscape/cmscore/session/SessionTimer.java index 28c06de329997afe83df210653dcadf6bf80e607..0f79fc485daec98af99a2d9f76dd3baadc260672 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/session/SessionTimer.java +++ b/base/server/cmscore/src/com/netscape/cmscore/session/SessionTimer.java @@ -37,7 +37,17 @@ public class SessionTimer extends TimerTask { } public void run() { - Enumeration keys = m_sessiontable.getSessionIds(); + CMS.debug("SessionTimer: run()"); + try { + runImpl(); + } catch (Exception e) { + CMS.debug(e); + } + } + + public void runImpl() throws Exception { + + Enumeration keys = m_sessiontable.getSessionIDs(); while (keys.hasMoreElements()) { String sessionId = keys.nextElement(); long beginTime = m_sessiontable.getBeginTime(sessionId); -- 2.4.3