>From fe51c96d04bed3adcdd5a580be00bf597a5ffa24 Mon Sep 17 00:00:00 2001 From: Abhishek Koneru Date: Wed, 21 Nov 2012 18:45:32 -0500 Subject: [PATCH] Ticket 191 - Mapping HTTP Exception to their proper HTTP error codes --- .../com/netscape/certsrv/acls/ACLInterceptor.java | 17 ++-- .../base/ConflictingOperationException.java | 20 +++++ .../netscape/certsrv/base/ForbiddenException.java | 19 +++++ .../netscape/certsrv/base/HTTPGoneException.java | 20 +++++ .../certsrv/base/ResourceNotFoundException.java | 24 ++++++ .../certsrv/base/UserNotFoundException.java | 40 +++++++++ .../certsrv/cert/CertNotFoundException.java | 10 +-- .../certsrv/group/GroupNotFoundException.java | 42 ++++++++++ .../certsrv/profile/ProfileNotFoundException.java | 10 +-- .../certsrv/request/RequestNotFoundException.java | 10 +-- .../cms/servlet/admin/GroupMemberService.java | 24 +++--- .../netscape/cms/servlet/admin/GroupService.java | 12 +-- .../cms/servlet/admin/SystemCertService.java | 11 +-- .../cms/servlet/admin/UserCertService.java | 42 ++++++---- .../netscape/cms/servlet/admin/UserService.java | 22 +++-- .../com/netscape/cms/servlet/cert/CertService.java | 5 +- .../cms/servlet/csadmin/SystemConfigService.java | 88 ++++++++++---------- .../com/netscape/cms/servlet/key/KeyService.java | 24 +++--- .../cms/servlet/request/CertRequestService.java | 19 ++--- .../cms/servlet/request/KeyRequestService.java | 33 ++++---- 20 files changed, 331 insertions(+), 161 deletions(-) create mode 100644 base/common/src/com/netscape/certsrv/base/ConflictingOperationException.java create mode 100644 base/common/src/com/netscape/certsrv/base/ForbiddenException.java create mode 100644 base/common/src/com/netscape/certsrv/base/HTTPGoneException.java create mode 100644 base/common/src/com/netscape/certsrv/base/ResourceNotFoundException.java create mode 100644 base/common/src/com/netscape/certsrv/base/UserNotFoundException.java create mode 100644 base/common/src/com/netscape/certsrv/group/GroupNotFoundException.java diff --git a/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java b/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java index bcb0b80a2fff19db4641c6518a89b937c9490644..c30740260505ffc0223ac55b7658f57f02a53532 100644 --- a/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java +++ b/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java @@ -24,9 +24,7 @@ import java.security.Principal; import java.util.Properties; import javax.servlet.ServletContext; -import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.Context; -import javax.ws.rs.core.Response; import javax.ws.rs.core.SecurityContext; import javax.ws.rs.ext.Provider; @@ -44,6 +42,7 @@ import com.netscape.certsrv.authorization.AuthzToken; import com.netscape.certsrv.authorization.EAuthzAccessDenied; import com.netscape.certsrv.authorization.IAuthzSubsystem; import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.ForbiddenException; import com.netscape.cmscore.realm.PKIPrincipal; @@ -76,7 +75,7 @@ public class ACLInterceptor implements PreProcessInterceptor { public ServerResponse preProcess( HttpRequest request, ResourceMethod resourceMethod - ) throws Failure, WebApplicationException { + ) throws Failure, ForbiddenException { // Get ACL mapping for the method. Method method = resourceMethod.getMethod(); @@ -95,12 +94,12 @@ public class ACLInterceptor implements PreProcessInterceptor { // If unauthenticated, reject request. if (principal == null) { - throw new WebApplicationException(Response.Status.FORBIDDEN); + throw new ForbiddenException("No user principal provided."); } // If unrecognized principal, reject request. if (!(principal instanceof PKIPrincipal)) { - throw new WebApplicationException(Response.Status.FORBIDDEN); + throw new ForbiddenException("Invalid user principal"); } PKIPrincipal pkiPrincipal = (PKIPrincipal)principal; @@ -108,7 +107,7 @@ public class ACLInterceptor implements PreProcessInterceptor { // If missing auth token, reject request. if (authToken == null) { - throw new WebApplicationException(Response.Status.FORBIDDEN); + throw new ForbiddenException("No authorization token present."); } try { @@ -124,7 +123,7 @@ public class ACLInterceptor implements PreProcessInterceptor { // If invalid mapping, reject request. if (values.length != 2) { - throw new WebApplicationException(Response.Status.FORBIDDEN); + throw new ForbiddenException("Invalid ACL mapping."); } // Check authorization. @@ -137,11 +136,11 @@ public class ACLInterceptor implements PreProcessInterceptor { // If not authorized, reject request. if (authzToken == null) { - throw new WebApplicationException(Response.Status.FORBIDDEN); + throw new ForbiddenException("No authorization token present."); } } catch (EAuthzAccessDenied e) { - throw new WebApplicationException(Response.Status.FORBIDDEN); + throw new ForbiddenException(e.toString()); } catch (IOException|EBaseException e) { e.printStackTrace(); diff --git a/base/common/src/com/netscape/certsrv/base/ConflictingOperationException.java b/base/common/src/com/netscape/certsrv/base/ConflictingOperationException.java new file mode 100644 index 0000000000000000000000000000000000000000..8b17caa041c7d6b3c49fff39cd14541d83765909 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/base/ConflictingOperationException.java @@ -0,0 +1,20 @@ +package com.netscape.certsrv.base; + +import javax.ws.rs.core.Response; + +public class ConflictingOperationException extends PKIException { + + private static final long serialVersionUID = -5780172673428115193L; + + public ConflictingOperationException(String message) { + super(Response.Status.CONFLICT, message); + } + + public ConflictingOperationException(String message, Throwable cause) { + super(Response.Status.CONFLICT, message, cause); + } + + public ConflictingOperationException(Data data) { + super(data); + } +} diff --git a/base/common/src/com/netscape/certsrv/base/ForbiddenException.java b/base/common/src/com/netscape/certsrv/base/ForbiddenException.java new file mode 100644 index 0000000000000000000000000000000000000000..218dc9c38061f141e4e0f38cc6641933d47f3aed --- /dev/null +++ b/base/common/src/com/netscape/certsrv/base/ForbiddenException.java @@ -0,0 +1,19 @@ +package com.netscape.certsrv.base; + +import javax.ws.rs.core.Response; + +public class ForbiddenException extends PKIException { + private static final long serialVersionUID = 3199015969025638546L; + + public ForbiddenException(String message) { + super(Response.Status.FORBIDDEN, message); + } + + public ForbiddenException(String message, Throwable cause) { + super(Response.Status.FORBIDDEN, message, cause); + } + + public ForbiddenException(Data data) { + super(data); + } +} diff --git a/base/common/src/com/netscape/certsrv/base/HTTPGoneException.java b/base/common/src/com/netscape/certsrv/base/HTTPGoneException.java new file mode 100644 index 0000000000000000000000000000000000000000..7b8f0d371ff5cb7479703a8aa1b4f0c173b32df5 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/base/HTTPGoneException.java @@ -0,0 +1,20 @@ +package com.netscape.certsrv.base; + +import javax.ws.rs.core.Response; + +public class HTTPGoneException extends PKIException { + + private static final long serialVersionUID = 1256191208802745690L; + + public HTTPGoneException(String message) { + super(Response.Status.GONE, message); + } + + public HTTPGoneException(String message, Throwable cause) { + super(Response.Status.GONE, message, cause); + } + + public HTTPGoneException(Data data) { + super(data); + } +} diff --git a/base/common/src/com/netscape/certsrv/base/ResourceNotFoundException.java b/base/common/src/com/netscape/certsrv/base/ResourceNotFoundException.java new file mode 100644 index 0000000000000000000000000000000000000000..f41e9e6540ec7adec0c7c5ef4683924479df95df --- /dev/null +++ b/base/common/src/com/netscape/certsrv/base/ResourceNotFoundException.java @@ -0,0 +1,24 @@ +package com.netscape.certsrv.base; + +import javax.ws.rs.core.Response; + +public class ResourceNotFoundException extends PKIException { + + private static final long serialVersionUID = 2283994502912462263L; + + public ResourceNotFoundException(String message) { + super(Response.Status.NOT_FOUND, message); + } + + public ResourceNotFoundException(String message, Throwable cause) { + super(Response.Status.NOT_FOUND, message, cause); + } + + public ResourceNotFoundException(Data data) { + super(data); + } + + public Data getData() { + return super.getData(); + } +} diff --git a/base/common/src/com/netscape/certsrv/base/UserNotFoundException.java b/base/common/src/com/netscape/certsrv/base/UserNotFoundException.java new file mode 100644 index 0000000000000000000000000000000000000000..89d83ac44dce774cd8da0cc2e4559140d9061876 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/base/UserNotFoundException.java @@ -0,0 +1,40 @@ +package com.netscape.certsrv.base; + + +public class UserNotFoundException extends ResourceNotFoundException { + private static final long serialVersionUID = -3446066672148673666L; + public String userId; + + public UserNotFoundException(String userId) { + this(userId, "User " + userId + " not found"); + } + + public UserNotFoundException(String userId, String message) { + super(message); + this.userId = userId; + } + + public UserNotFoundException(String userId, String message, Throwable cause) { + super(message, cause); + this.userId = userId; + } + + public UserNotFoundException(Data data) { + super(data); + userId = data.getAttribute("userId"); + } + + public Data getData() { + Data data = super.getData(); + data.setAttribute("userId", userId); + return data; + } + + public String getuserId() { + return userId; + } + + public void setRequestId(String userId) { + this.userId = userId; + } +} diff --git a/base/common/src/com/netscape/certsrv/cert/CertNotFoundException.java b/base/common/src/com/netscape/certsrv/cert/CertNotFoundException.java index ce0962a843861668179e653b9f47e75e3fd67147..171c2763d53b2b0c7dad2577e0b6269b62addfc0 100644 --- a/base/common/src/com/netscape/certsrv/cert/CertNotFoundException.java +++ b/base/common/src/com/netscape/certsrv/cert/CertNotFoundException.java @@ -17,12 +17,10 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.cert; -import javax.ws.rs.core.Response; - -import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.base.ResourceNotFoundException; import com.netscape.certsrv.dbs.certdb.CertId; -public class CertNotFoundException extends PKIException { +public class CertNotFoundException extends ResourceNotFoundException { private static final long serialVersionUID = -4784839378360933483L; @@ -33,12 +31,12 @@ public class CertNotFoundException extends PKIException { } public CertNotFoundException(CertId certId, String message) { - super(Response.Status.NOT_FOUND, message); + super(message); this.certId = certId; } public CertNotFoundException(CertId certId, String message, Throwable cause) { - super(Response.Status.NOT_FOUND, message, cause); + super(message, cause); this.certId = certId; } diff --git a/base/common/src/com/netscape/certsrv/group/GroupNotFoundException.java b/base/common/src/com/netscape/certsrv/group/GroupNotFoundException.java new file mode 100644 index 0000000000000000000000000000000000000000..24808f9261f8804d00e09ebceb936c710a79bda6 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/group/GroupNotFoundException.java @@ -0,0 +1,42 @@ +package com.netscape.certsrv.group; + +import com.netscape.certsrv.base.ResourceNotFoundException; + +public class GroupNotFoundException extends ResourceNotFoundException { + + private static final long serialVersionUID = 2283994502912462263L; + public String groupId; + + public GroupNotFoundException(String groupId) { + this(groupId, "Group ID " + groupId + " not found"); + } + + public GroupNotFoundException(String groupId, String message) { + super(message); + this.groupId = groupId; + } + + public GroupNotFoundException(String groupId, String message, Throwable cause) { + super(message, cause); + this.groupId = groupId; + } + + public GroupNotFoundException(Data data) { + super(data); + groupId = data.getAttribute("groupId"); + } + + public Data getData() { + Data data = super.getData(); + data.setAttribute("groupId", groupId); + return data; + } + + public String getGroupId() { + return groupId; + } + + public void setRequestId(String groupId) { + this.groupId = groupId; + } +} diff --git a/base/common/src/com/netscape/certsrv/profile/ProfileNotFoundException.java b/base/common/src/com/netscape/certsrv/profile/ProfileNotFoundException.java index 7a1c9ea62830b4e5d94812eea6ca3913bf5d9157..c6a549b07e7808c516bf177a1ea87b75fffb9a5b 100644 --- a/base/common/src/com/netscape/certsrv/profile/ProfileNotFoundException.java +++ b/base/common/src/com/netscape/certsrv/profile/ProfileNotFoundException.java @@ -17,11 +17,9 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.profile; -import javax.ws.rs.core.Response; +import com.netscape.certsrv.base.ResourceNotFoundException; -import com.netscape.certsrv.base.PKIException; - -public class ProfileNotFoundException extends PKIException { +public class ProfileNotFoundException extends ResourceNotFoundException { private static final long serialVersionUID = -4784839378360933483L; @@ -32,12 +30,12 @@ public class ProfileNotFoundException extends PKIException { } public ProfileNotFoundException(String profileId, String message) { - super(Response.Status.NOT_FOUND, message); + super(message); this.profileId = profileId; } public ProfileNotFoundException(String profileId, String message, Throwable cause) { - super(Response.Status.NOT_FOUND, message, cause); + super(message, cause); this.profileId = profileId; } diff --git a/base/common/src/com/netscape/certsrv/request/RequestNotFoundException.java b/base/common/src/com/netscape/certsrv/request/RequestNotFoundException.java index 3db10dd3a4c4e5129e37158aa1afa3c56cf0c378..478675ab0d56a3557600bfc53740efd500ea480e 100644 --- a/base/common/src/com/netscape/certsrv/request/RequestNotFoundException.java +++ b/base/common/src/com/netscape/certsrv/request/RequestNotFoundException.java @@ -1,10 +1,8 @@ package com.netscape.certsrv.request; -import javax.ws.rs.core.Response; +import com.netscape.certsrv.base.ResourceNotFoundException; -import com.netscape.certsrv.base.PKIException; - -public class RequestNotFoundException extends PKIException { +public class RequestNotFoundException extends ResourceNotFoundException { private static final long serialVersionUID = -4784839378360933483L; @@ -15,12 +13,12 @@ public class RequestNotFoundException extends PKIException { } public RequestNotFoundException(RequestId requestId, String message) { - super(Response.Status.NOT_FOUND, message); + super(message); this.requestId = requestId; } public RequestNotFoundException(RequestId requestId, String message, Throwable cause) { - super(Response.Status.NOT_FOUND, message, cause); + super(message, cause); this.requestId = requestId; } diff --git a/base/common/src/com/netscape/cms/servlet/admin/GroupMemberService.java b/base/common/src/com/netscape/cms/servlet/admin/GroupMemberService.java index 0854be3aae1e4591aa1b078a35094498ef7177b7..988f8934fa72faa99011b5cbf3ff437475398c58 100644 --- a/base/common/src/com/netscape/cms/servlet/admin/GroupMemberService.java +++ b/base/common/src/com/netscape/cms/servlet/admin/GroupMemberService.java @@ -29,7 +29,8 @@ import javax.ws.rs.core.Response; import org.jboss.resteasy.plugins.providers.atom.Link; import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.BadRequestException; +import com.netscape.certsrv.base.ConflictingOperationException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.PKIException; import com.netscape.certsrv.base.SessionContext; @@ -38,6 +39,7 @@ import com.netscape.certsrv.common.ScopeDef; import com.netscape.certsrv.group.GroupMemberCollection; import com.netscape.certsrv.group.GroupMemberData; import com.netscape.certsrv.group.GroupMemberResource; +import com.netscape.certsrv.group.GroupNotFoundException; import com.netscape.certsrv.logging.AuditFormat; import com.netscape.certsrv.logging.IAuditor; import com.netscape.certsrv.logging.ILogger; @@ -81,13 +83,13 @@ public class GroupMemberService extends PKIService implements GroupMemberResourc if (groupID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IGroup group = userGroupManager.getGroupFromName(groupID); if (group == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST")); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_GROUP_NOT_EXIST")); + throw new GroupNotFoundException(groupID); } GroupMemberCollection response = new GroupMemberCollection(); @@ -141,13 +143,13 @@ public class GroupMemberService extends PKIService implements GroupMemberResourc try { if (groupID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IGroup group = userGroupManager.getGroupFromName(groupID); if (group == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST")); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_GROUP_NOT_EXIST")); + throw new GroupNotFoundException(groupID); } String memberID = groupMemberData.getID(); @@ -171,7 +173,7 @@ public class GroupMemberService extends PKIService implements GroupMemberResourc if (!isDuplicate(groupID, memberID)) { userGroupManager.addUserToGroup(group, memberID); } else { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_DUPLICATE_ROLES", memberID)); + throw new ConflictingOperationException(CMS.getUserMessage("CMS_BASE_DUPLICATE_ROLES", memberID)); } } else { @@ -289,13 +291,13 @@ public class GroupMemberService extends PKIService implements GroupMemberResourc try { if (groupID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IGroup group = userGroupManager.getGroupFromName(groupID); if (group == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST")); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_GROUP_NOT_EXIST")); + throw new GroupNotFoundException(groupID); } Enumeration e = group.getMemberNames(); @@ -307,7 +309,7 @@ public class GroupMemberService extends PKIService implements GroupMemberResourc return groupMemberData; } - throw new PKIException("Group member not found"); + throw new GroupNotFoundException(groupID, "Group member " + memberID + " not found"); } catch (PKIException e) { throw e; @@ -329,13 +331,13 @@ public class GroupMemberService extends PKIService implements GroupMemberResourc try { if (groupID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IGroup group = userGroupManager.getGroupFromName(groupID); if (group == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST")); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_GROUP_NOT_EXIST")); + throw new GroupNotFoundException(groupID); } String member = groupMemberData.getID(); diff --git a/base/common/src/com/netscape/cms/servlet/admin/GroupService.java b/base/common/src/com/netscape/cms/servlet/admin/GroupService.java index b82df9a2fc8d293138ff1920eb4a7c34f7a145d7..012e00c33798ac43480f63ec2054f2b276b95a80 100644 --- a/base/common/src/com/netscape/cms/servlet/admin/GroupService.java +++ b/base/common/src/com/netscape/cms/servlet/admin/GroupService.java @@ -30,12 +30,14 @@ import org.apache.commons.lang.StringUtils; import org.jboss.resteasy.plugins.providers.atom.Link; import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.PKIException; import com.netscape.certsrv.common.OpDef; import com.netscape.certsrv.common.ScopeDef; import com.netscape.certsrv.group.GroupCollection; import com.netscape.certsrv.group.GroupData; +import com.netscape.certsrv.group.GroupNotFoundException; import com.netscape.certsrv.group.GroupResource; import com.netscape.certsrv.logging.IAuditor; import com.netscape.certsrv.logging.ILogger; @@ -131,13 +133,13 @@ public class GroupService extends PKIService implements GroupResource { try { if (groupID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IGroup group = userGroupManager.getGroupFromName(groupID); if (group == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST")); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_GROUP_NOT_EXIST")); + throw new GroupNotFoundException(groupID); } return createGroupData(group); @@ -173,7 +175,7 @@ public class GroupService extends PKIService implements GroupResource { try { if (groupID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IGroup group = userGroupManager.createGroup(groupID); @@ -237,7 +239,7 @@ public class GroupService extends PKIService implements GroupResource { try { if (groupID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IGroup group = userGroupManager.getGroupFromName(groupID); @@ -295,7 +297,7 @@ public class GroupService extends PKIService implements GroupResource { try { if (groupID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } // if fails, let the exception fall through diff --git a/base/common/src/com/netscape/cms/servlet/admin/SystemCertService.java b/base/common/src/com/netscape/cms/servlet/admin/SystemCertService.java index 8c2d8d9b9ead44c236422543532c9136dbeca2e9..2e1277b30f2625f061f13c328d1088e6afd7dce9 100644 --- a/base/common/src/com/netscape/cms/servlet/admin/SystemCertService.java +++ b/base/common/src/com/netscape/cms/servlet/admin/SystemCertService.java @@ -20,10 +20,11 @@ package com.netscape.cms.servlet.admin; import java.security.cert.CertificateEncodingException; -import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.Response; import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.base.ResourceNotFoundException; import com.netscape.certsrv.cert.CertData; import com.netscape.certsrv.kra.IKeyRecoveryAuthority; import com.netscape.certsrv.security.ITransportKeyUnit; @@ -50,25 +51,25 @@ public class SystemCertService extends PKIService implements SystemCertResource kra = (IKeyRecoveryAuthority) CMS.getSubsystem("kra"); if (kra == null) { // no KRA - throw new WebApplicationException(Response.Status.NOT_FOUND); + throw new ResourceNotFoundException("KRA subsystem not found."); } ITransportKeyUnit tu = kra.getTransportKeyUnit(); if (tu == null) { CMS.debug("getTransportCert: transport key unit is null"); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + throw new PKIException("No transport key unit."); } org.mozilla.jss.crypto.X509Certificate transportCert = tu.getCertificate(); if (transportCert == null) { CMS.debug("getTransportCert: transport cert is null"); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + throw new PKIException("Transport cert not found."); } try { cert = createCertificateData(transportCert); } catch (CertificateEncodingException e) { CMS.debug("getTransportCert: certificate encoding exception with transport cert"); e.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + throw new PKIException("Unable to encode transport cert"); } return sendConditionalGetResponse(DEFAULT_LONG_CACHE_LIFETIME, cert); } diff --git a/base/common/src/com/netscape/cms/servlet/admin/UserCertService.java b/base/common/src/com/netscape/cms/servlet/admin/UserCertService.java index 16a584ff8f3f4888e722237096aea393944ca858..57051040aed16888becd9e5fb6ce5b0c88e53dbe 100644 --- a/base/common/src/com/netscape/cms/servlet/admin/UserCertService.java +++ b/base/common/src/com/netscape/cms/servlet/admin/UserCertService.java @@ -39,8 +39,11 @@ import org.mozilla.jss.CryptoManager; import org.mozilla.jss.crypto.InternalCertificate; import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.ICertPrettyPrint; import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.base.ResourceNotFoundException; +import com.netscape.certsrv.base.UserNotFoundException; import com.netscape.certsrv.common.OpDef; import com.netscape.certsrv.common.ScopeDef; import com.netscape.certsrv.dbs.certdb.CertId; @@ -96,7 +99,7 @@ public class UserCertService extends PKIService implements UserCertResource { if (userID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IUser user = null; @@ -109,7 +112,7 @@ public class UserCertService extends PKIService implements UserCertResource { if (user == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST")); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST")); + throw new UserNotFoundException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST")); } UserCertCollection response = new UserCertCollection(); @@ -148,7 +151,7 @@ public class UserCertService extends PKIService implements UserCertResource { if (userID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IUser user = null; @@ -161,13 +164,13 @@ public class UserCertService extends PKIService implements UserCertResource { if (user == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST")); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST")); + throw new UserNotFoundException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST")); } X509Certificate[] certs = user.getX509Certificates(); if (certs == null) { - throw new PKIException("Certificate not found"); + throw new ResourceNotFoundException("No certificates found for " + userID); } try { @@ -192,7 +195,7 @@ public class UserCertService extends PKIService implements UserCertResource { return userCertData; } - throw new PKIException("Certificate not found"); + throw new ResourceNotFoundException("No certificates found for " + userID); } catch (PKIException e) { throw e; @@ -223,7 +226,7 @@ public class UserCertService extends PKIService implements UserCertResource { try { if (userID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IUser user = userGroupManager.createUser(userID); @@ -266,7 +269,7 @@ public class UserCertService extends PKIService implements UserCertResource { X509Certificate p7certs[] = pkcs7.getCertificates(); if (p7certs.length == 0) { - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_CERT_ERROR")); + throw new BadRequestException(getUserMessage("CMS_USRGRP_SRVLT_CERT_ERROR")); } // fix for 370099 - cert ordering can not be assumed @@ -292,7 +295,7 @@ public class UserCertService extends PKIService implements UserCertResource { } else { // not a chain, or in random order CMS.debug("UserCertResourceService: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_BAD_CHAIN")); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_CERT_ERROR")); + throw new BadRequestException(getUserMessage("CMS_USRGRP_SRVLT_CERT_ERROR")); } CMS.debug("UserCertResourceService: " @@ -335,12 +338,15 @@ public class UserCertService extends PKIService implements UserCertResource { } } - /* - } catch (CryptoManager.UserCertConflictException e) { - // got a "user cert" in the chain, most likely the CA - // cert of this instance, which has a private key. Ignore - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_PKS7_IGNORED", e.toString())); - */ + /* + } catch (CryptoManager.UserCertConflictException e) { + // got a "user cert" in the chain, most likely the CA + // cert of this instance, which has a private key. Ignore + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_PKS7_IGNORED", e.toString())); + */ + } catch (PKIException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_ERROR", e.toString())); + throw e; } catch (Exception e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_ERROR", e.toString())); throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_CERT_ERROR")); @@ -375,12 +381,12 @@ public class UserCertService extends PKIService implements UserCertResource { } catch (CertificateExpiredException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_ADD_CERT_EXPIRED", String.valueOf(cert.getSubjectDN()))); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_CERT_EXPIRED")); + throw new BadRequestException(getUserMessage("CMS_USRGRP_SRVLT_CERT_EXPIRED")); } catch (CertificateNotYetValidException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_NOT_YET_VALID", String.valueOf(cert.getSubjectDN()))); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID")); + throw new BadRequestException(getUserMessage("CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID")); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) { @@ -438,7 +444,7 @@ public class UserCertService extends PKIService implements UserCertResource { try { if (userID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IUser user = userGroupManager.createUser(userID); diff --git a/base/common/src/com/netscape/cms/servlet/admin/UserService.java b/base/common/src/com/netscape/cms/servlet/admin/UserService.java index f28a8151f43386df22db0839aafd4ba7f90f8af5..4813d10bec12036682f3eef178f326328a59b112 100644 --- a/base/common/src/com/netscape/cms/servlet/admin/UserService.java +++ b/base/common/src/com/netscape/cms/servlet/admin/UserService.java @@ -32,8 +32,12 @@ import org.apache.commons.lang.StringUtils; import org.jboss.resteasy.plugins.providers.atom.Link; import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.BadRequestDataException; +import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.ForbiddenException; import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.base.UserNotFoundException; import com.netscape.certsrv.common.OpDef; import com.netscape.certsrv.common.ScopeDef; import com.netscape.certsrv.logging.IAuditor; @@ -142,7 +146,7 @@ public class UserService extends PKIService implements UserResource { if (userID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestDataException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IUser user; @@ -156,7 +160,7 @@ public class UserService extends PKIService implements UserResource { if (user == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST")); - throw new PKIException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST")); + throw new UserNotFoundException(getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST")); } UserData userData = createUserData(user); @@ -207,19 +211,19 @@ public class UserService extends PKIService implements UserResource { try { if (userID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestDataException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } if (userID.indexOf(BACK_SLASH) != -1) { // backslashes (BS) are not allowed log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_RS_ID_BS")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_RS_ID_BS")); + throw new BadRequestDataException(getUserMessage("CMS_ADMIN_SRVLT_RS_ID_BS")); } if (userID.equals(SYSTEM_USER)) { // backslashes (BS) are not allowed log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_SPECIAL_ID", userID)); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_SPECIAL_ID", userID)); + throw new ForbiddenException(getUserMessage("CMS_ADMIN_SRVLT_SPECIAL_ID", userID)); } IUser user = userGroupManager.createUser(userID); @@ -229,7 +233,7 @@ public class UserService extends PKIService implements UserResource { String msg = getUserMessage("CMS_USRGRP_USER_ADD_FAILED_1", "full name"); log(ILogger.LL_FAILURE, msg); - throw new PKIException(msg); + throw new BadRequestDataException(msg); } else { user.setFullName(fname); @@ -292,7 +296,7 @@ public class UserService extends PKIService implements UserResource { log(ILogger.LL_FAILURE, e.toString()); if (user.getUserID() == null) { - throw new PKIException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED_1", "uid")); + throw new BadRequestDataException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED_1", "uid")); } else { throw new PKIException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED")); } @@ -337,7 +341,7 @@ public class UserService extends PKIService implements UserResource { try { if (userID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestDataException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } IUser user = userGroupManager.createUser(userID); @@ -425,7 +429,7 @@ public class UserService extends PKIService implements UserResource { try { if (userID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - throw new PKIException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); + throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID")); } // get list of groups, and see if uid belongs to any diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertService.java b/base/common/src/com/netscape/cms/servlet/cert/CertService.java index e4a6fc9944919d5aa14946b5e7dc470de5124b94..2847cb197115b0e3e4349d5286c4ef213a922a53 100644 --- a/base/common/src/com/netscape/cms/servlet/cert/CertService.java +++ b/base/common/src/com/netscape/cms/servlet/cert/CertService.java @@ -30,9 +30,6 @@ import java.util.Date; import java.util.Enumeration; import java.util.List; -import javax.ws.rs.WebApplicationException; -import javax.ws.rs.core.Response; - import netscape.security.pkcs.ContentInfo; import netscape.security.pkcs.PKCS7; import netscape.security.pkcs.SignerInfo; @@ -334,7 +331,7 @@ public class CertService extends PKIService implements CertResource { @Override public CertDataInfos searchCerts(CertSearchRequest data, Integer start, Integer size) { if (data == null) { - throw new WebApplicationException(Response.Status.BAD_REQUEST); + throw new BadRequestException("Search request is null."); } start = start == null ? 0 : start; size = size == null ? DEFAULT_SIZE : size; diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java index 31fcaac9d0f176d395b63560a33b05e9c0f83ca1..2a71ee9b8bcfa84c79f45dbbdc58578c9735c149 100644 --- a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java +++ b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java @@ -29,7 +29,6 @@ import java.util.StringTokenizer; import java.util.Vector; import javax.ws.rs.core.MultivaluedMap; -import javax.ws.rs.core.Response; import netscape.security.x509.X509CertImpl; @@ -41,6 +40,7 @@ import org.mozilla.jss.crypto.TokenException; import org.mozilla.jss.util.IncorrectPasswordException; import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.EPropertyNotFound; import com.netscape.certsrv.base.IConfigStore; @@ -101,7 +101,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou @Override public ConfigurationResponse configure(ConfigurationRequest data){ if (csState.equals("1")) { - throw new PKIException(Response.Status.BAD_REQUEST, "System is already configured"); + throw new BadRequestException("System is already configured"); } String certList; @@ -134,12 +134,12 @@ public class SystemConfigService extends PKIService implements SystemConfigResou } catch (NotInitializedException e) { throw new PKIException("Token is not initialized"); } catch (NoSuchTokenException e) { - throw new PKIException(Response.Status.BAD_REQUEST, "Invalid Token provided. No such token."); + throw new BadRequestException("Invalid Token provided. No such token."); } catch (TokenException e) { e.printStackTrace(); throw new PKIException("Token Exception" + e); } catch (IncorrectPasswordException e) { - throw new PKIException(Response.Status.BAD_REQUEST, "Incorrect Password provided for token."); + throw new BadRequestException("Incorrect Password provided for token."); } } @@ -247,7 +247,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou } if (!validCloneUri) { - throw new PKIException(Response.Status.BAD_REQUEST, + throw new BadRequestException( "Invalid clone URI provided. Does not match the available subsystems in the security domain"); } @@ -297,7 +297,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou cs.putString("preop.hierarchy.select", "join"); cs.putString("hierarchy.select", "Subordinate"); } else { - throw new PKIException(Response.Status.BAD_REQUEST, "Invalid hierarchy provided"); + throw new BadRequestException("Invalid hierarchy provided"); } } @@ -331,12 +331,11 @@ public class SystemConfigService extends PKIService implements SystemConfigResou } if (masterhost.equals(realhostname) && masterport.equals(data.getDsPort())) { - throw new PKIException(Response.Status.BAD_REQUEST, - "Master and clone must not share the same internal database"); + throw new BadRequestException("Master and clone must not share the same internal database"); } if (!masterbasedn.equals(data.getBaseDN())) { - throw new PKIException(Response.Status.BAD_REQUEST, "Master and clone should have the same base DN"); + throw new BadRequestException("Master and clone should have the same base DN"); } String masterReplicationPort = data.getMasterReplicationPort(); @@ -538,7 +537,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou if (cdata.getCertChain() != null) { certObj.setCertChain(cdata.getCertChain()); } else { - throw new PKIException(Response.Status.BAD_REQUEST, "CertChain not provided"); + throw new BadRequestException("CertChain not provided"); } } } @@ -550,10 +549,10 @@ public class SystemConfigService extends PKIService implements SystemConfigResou } catch (NumberFormatException e) { // move these validations to validate()? - throw new PKIException(Response.Status.BAD_REQUEST, "Non-integer value for key size"); + throw new BadRequestException("Non-integer value for key size"); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); - throw new PKIException(Response.Status.BAD_REQUEST, "Invalid algorithm " + e); + throw new BadRequestException("Invalid algorithm " + e); } catch (Exception e) { e.printStackTrace(); throw new PKIException("Error in setting certificate names and key sizes: " + e); @@ -759,70 +758,69 @@ public class SystemConfigService extends PKIService implements SystemConfigResou // get the preop pin and validate it String pin = data.getPin(); if (pin == null) { - throw new PKIException(Response.Status.BAD_REQUEST, "No preop pin provided"); + throw new BadRequestException("No preop pin provided"); } if (!preopPin.equals(pin)) { - throw new PKIException(Response.Status.BAD_REQUEST, "Incorrect pin provided"); + throw new BadRequestException("Incorrect pin provided"); } // validate security domain settings String domainType = data.getSecurityDomainType(); if (domainType == null) { - throw new PKIException(Response.Status.BAD_REQUEST, "Security Domain Type not provided"); + throw new BadRequestException("Security Domain Type not provided"); } if (domainType.equals(ConfigurationRequest.NEW_DOMAIN)) { if (!csType.equals("CA")) { - throw new PKIException(Response.Status.BAD_REQUEST, "New Domain is only valid for CA subsytems"); + throw new BadRequestException("New Domain is only valid for CA subsytems"); } if (data.getSecurityDomainName() == null) { - throw new PKIException(Response.Status.BAD_REQUEST, "Security Domain Name is not provided"); + throw new BadRequestException("Security Domain Name is not provided"); } } else if (domainType.equals(ConfigurationRequest.EXISTING_DOMAIN)) { String domainURI = data.getSecurityDomainUri(); if (domainURI == null) { - throw new PKIException(Response.Status.BAD_REQUEST, - "Existing security domain requested, but no security domain URI provided"); + throw new BadRequestException("Existing security domain requested, but no security domain URI provided"); } try { @SuppressWarnings("unused") URL admin_u = new URL(domainURI); // check for invalid URL } catch (MalformedURLException e) { - throw new PKIException(Response.Status.BAD_REQUEST, "Invalid security domain URI"); + throw new BadRequestException("Invalid security domain URI"); } if ((data.getSecurityDomainUser() == null) || (data.getSecurityDomainPassword() == null)) { - throw new PKIException(Response.Status.BAD_REQUEST, "Security domain user or password not provided"); + throw new BadRequestException("Security domain user or password not provided"); } } else { - throw new PKIException(Response.Status.BAD_REQUEST, "Invalid security domain URI provided"); + throw new BadRequestException("Invalid security domain URI provided"); } if ((data.getSubsystemName() == null) || (data.getSubsystemName().length() ==0)) { - throw new PKIException(Response.Status.BAD_REQUEST, "Invalid or no subsystem name provided"); + throw new BadRequestException("Invalid or no subsystem name provided"); } if ((data.getIsClone() != null) && (data.getIsClone().equals("true"))) { String cloneUri = data.getCloneUri(); if (cloneUri == null) { - throw new PKIException(Response.Status.BAD_REQUEST, "Clone selected, but no clone URI provided"); + throw new BadRequestException("Clone selected, but no clone URI provided"); } try { @SuppressWarnings("unused") URL url = new URL(cloneUri); // check for invalid URL // confirm protocol is https } catch (MalformedURLException e) { - throw new PKIException(Response.Status.BAD_REQUEST, "Invalid clone URI"); + throw new BadRequestException("Invalid clone URI"); } if (data.getToken().equals(ConfigurationRequest.TOKEN_DEFAULT)) { if (data.getP12File() == null) { - throw new PKIException(Response.Status.BAD_REQUEST, "P12 filename not provided"); + throw new BadRequestException("P12 filename not provided"); } if (data.getP12Password() == null) { - throw new PKIException(Response.Status.BAD_REQUEST, "P12 password not provided"); + throw new BadRequestException("P12 password not provided"); } } } else { @@ -831,33 +829,33 @@ public class SystemConfigService extends PKIService implements SystemConfigResou String dsHost = data.getDsHost(); if (dsHost == null || dsHost.length() == 0) { - throw new PKIException(Response.Status.BAD_REQUEST, "Internal database host not provided"); + throw new BadRequestException("Internal database host not provided"); } try { Integer.parseInt(data.getDsPort()); // check for errors } catch (NumberFormatException e) { - throw new PKIException(Response.Status.BAD_REQUEST, "Internal database port is invalid"); + throw new BadRequestException("Internal database port is invalid"); } String basedn = data.getBaseDN(); if (basedn == null || basedn.length() == 0) { - throw new PKIException(Response.Status.BAD_REQUEST, "Internal database basedn not provided"); + throw new BadRequestException("Internal database basedn not provided"); } String binddn = data.getBindDN(); if (binddn == null || binddn.length() == 0) { - throw new PKIException(Response.Status.BAD_REQUEST, "Internal database basedn not provided"); + throw new BadRequestException("Internal database basedn not provided"); } String database = data.getDatabase(); if (database == null || database.length() == 0) { - throw new PKIException(Response.Status.BAD_REQUEST, "Internal database database name not provided"); + throw new BadRequestException("Internal database database name not provided"); } String bindpwd = data.getBindpwd(); if (bindpwd == null || bindpwd.length() == 0) { - throw new PKIException(Response.Status.BAD_REQUEST, "Internal database database name not provided"); + throw new BadRequestException("Internal database database name not provided"); } String masterReplicationPort = data.getMasterReplicationPort(); @@ -865,7 +863,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou try { Integer.parseInt(masterReplicationPort); // check for errors } catch (NumberFormatException e) { - throw new PKIException(Response.Status.BAD_REQUEST, "Master replication port is invalid"); + throw new BadRequestException("Master replication port is invalid"); } } @@ -874,7 +872,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou try { Integer.parseInt(cloneReplicationPort); // check for errors } catch (Exception e) { - throw new PKIException(Response.Status.BAD_REQUEST, "Clone replication port is invalid"); + throw new BadRequestException("Clone replication port is invalid"); } } @@ -887,41 +885,41 @@ public class SystemConfigService extends PKIService implements SystemConfigResou if ((data.getBackupKeys() != null) && data.getBackupKeys().equals("true")) { if ((data.getBackupFile() == null) || (data.getBackupFile().length()<=0)) { //TODO: also check for valid path, perhaps by touching file there - throw new PKIException(Response.Status.BAD_REQUEST, "Invalid key backup file name"); + throw new BadRequestException("Invalid key backup file name"); } if ((data.getBackupPassword() == null) || (data.getBackupPassword().length()<8)) { - throw new PKIException(Response.Status.BAD_REQUEST, "key backup password must be at least 8 characters"); + throw new BadRequestException("key backup password must be at least 8 characters"); } } else { data.setBackupKeys("false"); } if (csType.equals("CA") && (data.getHierarchy() == null)) { - throw new PKIException(Response.Status.BAD_REQUEST, "Hierarchy is requred for CA, not provided"); + throw new BadRequestException("Hierarchy is requred for CA, not provided"); } if (data.getIsClone().equals("false")) { if ((data.getAdminUID() == null) || (data.getAdminUID().length()==0)) { - throw new PKIException(Response.Status.BAD_REQUEST, "Admin UID not provided"); + throw new BadRequestException("Admin UID not provided"); } if ((data.getAdminPassword() == null) || (data.getAdminPassword().length()==0)) { - throw new PKIException(Response.Status.BAD_REQUEST, "Admin Password not provided"); + throw new BadRequestException("Admin Password not provided"); } if ((data.getAdminEmail() == null) || (data.getAdminEmail().length()==0)) { - throw new PKIException(Response.Status.BAD_REQUEST, "Admin UID not provided"); + throw new BadRequestException("Admin UID not provided"); } if ((data.getAdminName() == null) || (data.getAdminName().length()==0)) { - throw new PKIException(Response.Status.BAD_REQUEST, "Admin name not provided"); + throw new BadRequestException("Admin name not provided"); } if ((data.getAdminCertRequest() == null) || (data.getAdminCertRequest().length()==0)) { - throw new PKIException(Response.Status.BAD_REQUEST, "Admin cert request not provided"); + throw new BadRequestException("Admin cert request not provided"); } if ((data.getAdminCertRequestType() == null) || (data.getAdminCertRequestType().length()==0)) { - throw new PKIException(Response.Status.BAD_REQUEST, "Admin cert request type not provided"); + throw new BadRequestException("Admin cert request type not provided"); } if ((data.getAdminSubjectDN() == null) || (data.getAdminSubjectDN().length()==0)) { - throw new PKIException(Response.Status.BAD_REQUEST, "Admin subjectDN not provided"); + throw new BadRequestException("Admin subjectDN not provided"); } } diff --git a/base/common/src/com/netscape/cms/servlet/key/KeyService.java b/base/common/src/com/netscape/cms/servlet/key/KeyService.java index 01c8a0ee922d4428ae716830c6408da800a4349a..4b8a907589ec4deec29e7bd212f459f2681e51de 100644 --- a/base/common/src/com/netscape/cms/servlet/key/KeyService.java +++ b/base/common/src/com/netscape/cms/servlet/key/KeyService.java @@ -24,13 +24,15 @@ import java.util.Enumeration; import java.util.Hashtable; import javax.ws.rs.Path; -import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.MultivaluedMap; -import javax.ws.rs.core.Response; import javax.ws.rs.core.UriBuilder; import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.HTTPGoneException; +import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.base.UnauthorizedException; import com.netscape.certsrv.dbs.keydb.IKeyRecord; import com.netscape.certsrv.dbs.keydb.IKeyRepository; import com.netscape.certsrv.dbs.keydb.KeyId; @@ -80,11 +82,11 @@ public class KeyService extends PKIService implements KeyResource { keyData = getKey(keyId, data); } catch (EBaseException e) { e.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + throw new PKIException(e.getMessage()); } if (keyData == null) { // no key record - throw new WebApplicationException(Response.Status.GONE); + throw new HTTPGoneException("No key record."); } return keyData; } @@ -199,14 +201,14 @@ public class KeyService extends PKIService implements KeyResource { RequestId reqId = data.getRequestId(); if (reqId == null) { // log error - throw new WebApplicationException(Response.Status.BAD_REQUEST); + throw new BadRequestException("Request id not found."); } // confirm that at least one wrapping method exists // There must be at least the wrapped session key method. if ((data.getTransWrappedSessionKey() == null)) { // log error - throw new WebApplicationException(Response.Status.BAD_REQUEST); + throw new BadRequestException("No wrapping method found."); } KeyRequestDAO reqDAO = new KeyRequestDAO(); @@ -216,18 +218,18 @@ public class KeyService extends PKIService implements KeyResource { } catch (EBaseException e1) { // failed to get request e1.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + throw new PKIException(e1.getMessage()); } if (reqInfo == null) { // request not found - throw new WebApplicationException(Response.Status.GONE); + throw new HTTPGoneException("No request information available."); } //confirm request is of the right type String type = reqInfo.getRequestType(); if (!type.equals(IRequest.SECURITY_DATA_RECOVERY_REQUEST)) { // log error - throw new WebApplicationException(Response.Status.BAD_REQUEST); + throw new BadRequestException("Invalid request type"); } //confirm that agent is originator of request, else throw 401 @@ -237,7 +239,7 @@ public class KeyService extends PKIService implements KeyResource { RequestStatus status = reqInfo.getRequestStatus(); if (!status.equals(RequestStatus.APPROVED)) { // log error - throw new WebApplicationException(Response.Status.UNAUTHORIZED); + throw new UnauthorizedException("Unauthorized request."); } return reqInfo.getKeyId(); @@ -274,7 +276,7 @@ public class KeyService extends PKIService implements KeyResource { } catch (EBaseException e) { e.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + throw new PKIException(e.getMessage()); } return infos; } diff --git a/base/common/src/com/netscape/cms/servlet/request/CertRequestService.java b/base/common/src/com/netscape/cms/servlet/request/CertRequestService.java index dba6d9c0143feb81470d3681802c2b34074096c7..eef0576444e700db2c9b9cf5d8d65878f2083313 100644 --- a/base/common/src/com/netscape/cms/servlet/request/CertRequestService.java +++ b/base/common/src/com/netscape/cms/servlet/request/CertRequestService.java @@ -20,7 +20,6 @@ package com.netscape.cms.servlet.request; import javax.ws.rs.PathParam; import javax.ws.rs.core.MultivaluedMap; -import javax.ws.rs.core.Response; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.EAuthException; @@ -29,6 +28,7 @@ import com.netscape.certsrv.base.BadRequestDataException; import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.base.UnauthorizedException; import com.netscape.certsrv.cert.CertEnrollmentRequest; import com.netscape.certsrv.cert.CertRequestInfo; import com.netscape.certsrv.cert.CertRequestInfos; @@ -96,13 +96,13 @@ public class CertRequestService extends PKIService implements CertRequestResourc infos = dao.submitRequest(data, servletRequest, uriInfo, getLocale()); } catch (EAuthException e) { CMS.debug("enrollCert: authentication failed: " + e); - throw new PKIException(Response.Status.UNAUTHORIZED, e.toString()); + throw new UnauthorizedException(e.toString()); } catch (EAuthzException e) { CMS.debug("enrollCert: authorization failed: " + e); - throw new PKIException(Response.Status.UNAUTHORIZED, e.toString()); + throw new UnauthorizedException(e.toString()); } catch (BadRequestDataException e) { CMS.debug("enrollCert: bad request data: " + e); - throw new PKIException(Response.Status.BAD_REQUEST, e.toString()); + throw new BadRequestException(e.toString()); } catch (EBaseException e) { throw new PKIException(e.toString()); } @@ -147,16 +147,14 @@ public class CertRequestService extends PKIService implements CertRequestResourc dao.changeRequestState(id, servletRequest, data, getLocale(), op); } catch (ERejectException e) { CMS.debug("changeRequestState: execution rejected " + e); - throw new PKIException(Response.Status.BAD_REQUEST, - CMS.getUserMessage(getLocale(), "CMS_PROFILE_REJECTED", e.toString())); + throw new BadRequestException(CMS.getUserMessage(getLocale(), "CMS_PROFILE_REJECTED", e.toString())); } catch (EDeferException e) { CMS.debug("changeRequestState: execution defered " + e); // TODO do we throw an exception here? - throw new PKIException(Response.Status.BAD_REQUEST, - CMS.getUserMessage(getLocale(), "CMS_PROFILE_DEFERRED", e.toString())); + throw new BadRequestException(CMS.getUserMessage(getLocale(), "CMS_PROFILE_DEFERRED", e.toString())); } catch (BadRequestDataException e) { CMS.debug("changeRequestState: bad request data: " + e); - throw new PKIException(Response.Status.BAD_REQUEST, e.toString()); + throw new BadRequestException(e.toString()); } catch (EPropertyException e) { CMS.debug("changeRequestState: execution error " + e); throw new PKIException(CMS.getUserMessage(getLocale(), @@ -169,8 +167,7 @@ public class CertRequestService extends PKIService implements CertRequestResourc throw new PKIException("Problem approving request in CertRequestResource.assignRequest! " + e); } catch (RequestNotFoundException e) { CMS.debug(e); - throw new PKIException(Response.Status.BAD_REQUEST, - CMS.getUserMessage(getLocale(), "CMS_REQUEST_NOT_FOUND", id.toString())); + throw new BadRequestException(CMS.getUserMessage(getLocale(), "CMS_REQUEST_NOT_FOUND", id.toString())); } } diff --git a/base/common/src/com/netscape/cms/servlet/request/KeyRequestService.java b/base/common/src/com/netscape/cms/servlet/request/KeyRequestService.java index 12f3bb7eefc5ab42cb98063f443dd12b4ff764c6..433206298741fc798232ced1f8187dc9f749f03c 100644 --- a/base/common/src/com/netscape/cms/servlet/request/KeyRequestService.java +++ b/base/common/src/com/netscape/cms/servlet/request/KeyRequestService.java @@ -18,11 +18,10 @@ package com.netscape.cms.servlet.request; -import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.MultivaluedMap; -import javax.ws.rs.core.Response; import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.PKIException; import com.netscape.certsrv.key.KeyArchivalRequest; @@ -81,7 +80,7 @@ public class KeyRequestService extends PKIService implements KeyRequestResource if (data == null || data.getClientId() == null || data.getWrappedPrivateData() == null || data.getDataType() == null) { - throw new WebApplicationException(Response.Status.BAD_REQUEST); + throw new BadRequestException("Invalid key archival request."); } KeyRequestDAO dao = new KeyRequestDAO(); @@ -91,7 +90,7 @@ public class KeyRequestService extends PKIService implements KeyRequestResource } catch (EBaseException e) { // TODO Auto-generated catch block e.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + throw new PKIException(e.toString()); } return info; } @@ -109,9 +108,13 @@ public class KeyRequestService extends PKIService implements KeyRequestResource //Catch this before the internal server processing has to deal with it //If data has been provided, we need at least the wrapped session key, //or the command is invalid. - if (data == null || (data.getTransWrappedSessionKey() == null - && data.getSessionWrappedPassphrase() != null)) { - throw new WebApplicationException(Response.Status.BAD_REQUEST); + + if (data == null) { + throw new BadRequestException("Invalid request."); + } + if (data.getTransWrappedSessionKey() == null + && data.getSessionWrappedPassphrase() != null) { + throw new BadRequestException("No wrapped session key."); } KeyRequestDAO dao = new KeyRequestDAO(); KeyRequestInfo info; @@ -120,14 +123,14 @@ public class KeyRequestService extends PKIService implements KeyRequestResource } catch (EBaseException e) { // TODO Auto-generated catch block e.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + throw new PKIException(e.toString()); } return info; } public void approveRequest(RequestId id) { if (id == null) { - throw new WebApplicationException(Response.Status.BAD_REQUEST); + throw new BadRequestException("Invalid request id."); } // auth and authz KeyRequestDAO dao = new KeyRequestDAO(); @@ -136,13 +139,13 @@ public class KeyRequestService extends PKIService implements KeyRequestResource } catch (EBaseException e) { // TODO Auto-generated catch block e.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + throw new PKIException(e.toString()); } } public void rejectRequest(RequestId id) { if (id == null) { - throw new WebApplicationException(Response.Status.BAD_REQUEST); + throw new BadRequestException("Invalid request id."); } // auth and authz KeyRequestDAO dao = new KeyRequestDAO(); @@ -151,13 +154,13 @@ public class KeyRequestService extends PKIService implements KeyRequestResource } catch (EBaseException e) { // TODO Auto-generated catch block e.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + throw new PKIException(e.toString()); } } public void cancelRequest(RequestId id) { if (id == null) { - throw new WebApplicationException(Response.Status.BAD_REQUEST); + throw new BadRequestException("Request id is null."); } // auth and authz KeyRequestDAO dao = new KeyRequestDAO(); @@ -166,7 +169,7 @@ public class KeyRequestService extends PKIService implements KeyRequestResource } catch (EBaseException e) { // TODO Auto-generated catch block e.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + throw new PKIException(e.toString()); } } @@ -193,7 +196,7 @@ public class KeyRequestService extends PKIService implements KeyRequestResource } catch (EBaseException e) { CMS.debug("listRequests: error in obtaining request results" + e); e.printStackTrace(); - throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR); + throw new PKIException(e.toString()); } return requests; } -- 1.7.10.2