[Pki-devel] [PATCH] 564 Fixed problem with TPS profile status.

Endi Sukma Dewata edewata at redhat.com
Wed Apr 8 19:18:42 UTC 2015


On 4/8/2015 9:50 AM, Endi Sukma Dewata wrote:
> The base class of ProfileDatabase (i.e. CSCfgDatabase) has been
> modified to return the correct default value (i.e. Enabled) if the
> status parameter doesn't exist. The TPSProcessor has been modified
> to use ProfileDatabase, and other TPS codes have also been changed
> to use constants instead of string literals to ensure consistency.
>
> https://fedorahosted.org/pki/ticket/1270

New patch attached to clarify the patch description.

-- 
Endi S. Dewata
-------------- next part --------------
>From 3c81ad38ba264455f1d3b7cad4a8eb7a7507b35e Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata at redhat.com>
Date: Wed, 8 Apr 2015 02:21:56 -0400
Subject: [PATCH] Fixed problem with TPS profile default status.

The base class of ProfileDatabase (i.e. CSCfgDatabase) has been
modified to return the correct default value (i.e. Enabled) if the
status parameter doesn't exist. The TPSProcessor has been modified
to use ProfileDatabase and other TPS codes have also been changed
to use constants instead of string literals to ensure consistency.

https://fedorahosted.org/pki/ticket/1270
---
 .../src/com/netscape/certsrv/common/Constants.java |  5 ++++
 .../com/netscape/cmscore/dbs/CSCfgDatabase.java    |  3 ++-
 .../server/tps/config/ConnectorDatabase.java       |  7 +++---
 .../org/dogtagpki/server/tps/engine/TPSEngine.java |  1 -
 .../server/tps/processor/TPSProcessor.java         | 14 +++++------
 .../server/tps/rest/AuthenticatorService.java      | 27 +++++++++++-----------
 .../server/tps/rest/ConnectorService.java          | 27 +++++++++++-----------
 .../server/tps/rest/ProfileMappingService.java     | 27 +++++++++++-----------
 .../dogtagpki/server/tps/rest/ProfileService.java  | 27 +++++++++++-----------
 9 files changed, 74 insertions(+), 64 deletions(-)

diff --git a/base/common/src/com/netscape/certsrv/common/Constants.java b/base/common/src/com/netscape/certsrv/common/Constants.java
index d91fded2e02fa39d176e8a1e622aac11749ce594..100b91110cc3d1f77da3cb1d5c8a19b7057f232b 100644
--- a/base/common/src/com/netscape/certsrv/common/Constants.java
+++ b/base/common/src/com/netscape/certsrv/common/Constants.java
@@ -733,4 +733,9 @@ public interface Constants {
     public final static String PR_REPLICATION_PORT_2 = "replication.master2.port";
     public final static String PR_REPLICATION_BINDDN_2 = "replication.master2.binddn";
     public final static String PR_REPLICATION_CHANGELOGDB_2 = "replication.master2.changelogdb";
+
+    //Config
+    public final static String CFG_ENABLED = "Enabled";
+    public final static String CFG_DISABLED = "Disabled";
+    public final static String CFG_PENDING_APPROVAL = "Pending_Approval";
 }
diff --git a/base/server/cmscore/src/com/netscape/cmscore/dbs/CSCfgDatabase.java b/base/server/cmscore/src/com/netscape/cmscore/dbs/CSCfgDatabase.java
index 4dee392e28dfd6420f5eaddb88da2713e906fa97..38f542ffb879ed8ed87f8673c810da05ebed9917 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/dbs/CSCfgDatabase.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/dbs/CSCfgDatabase.java
@@ -26,6 +26,7 @@ import org.apache.commons.lang.StringUtils;
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
+import com.netscape.certsrv.common.Constants;
 import com.netscape.cms.realm.PKIPrincipal;
 
 
@@ -59,7 +60,7 @@ public class CSCfgDatabase<E extends CSCfgRecord> extends Database<E> {
     }
 
     public String getRecordStatus(String recordID) throws EBaseException {
-        return configStore.getString("config." + substoreName + "." + recordID + ".state", "Disabled");
+        return configStore.getString("config." + substoreName + "." + recordID + ".state", Constants.CFG_ENABLED);
     }
 
     public void setRecordStatus(String recordID, String status) throws EBaseException {
diff --git a/base/tps/src/org/dogtagpki/server/tps/config/ConnectorDatabase.java b/base/tps/src/org/dogtagpki/server/tps/config/ConnectorDatabase.java
index 4b1589797fcda602859d512e2e93003bdbcaa160..f1f34412917a9eb4755d8646ef4ec547ca319240 100644
--- a/base/tps/src/org/dogtagpki/server/tps/config/ConnectorDatabase.java
+++ b/base/tps/src/org/dogtagpki/server/tps/config/ConnectorDatabase.java
@@ -24,6 +24,7 @@ import java.util.Map;
 
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.common.Constants;
 import com.netscape.cmscore.dbs.CSCfgDatabase;
 
 /**
@@ -174,7 +175,7 @@ public class ConnectorDatabase extends CSCfgDatabase<ConnectorRecord> {
 
         ConnectorRecord record = new ConnectorRecord();
         record.setID(id);
-        record.setStatus("Enabled");
+        record.setStatus(Constants.CFG_ENABLED);
 
         record.setProperty(prefix + "." + id + ".enable", "true");
         record.setProperty(prefix + "." + id + ".host", hostname);
@@ -198,7 +199,7 @@ public class ConnectorDatabase extends CSCfgDatabase<ConnectorRecord> {
 
         ConnectorRecord record = new ConnectorRecord();
         record.setID(id);
-        record.setStatus("Enabled");
+        record.setStatus(Constants.CFG_ENABLED);
 
         record.setProperty(prefix + "." + id + ".enable", "true");
         record.setProperty(prefix + "." + id + ".host", hostname);
@@ -219,7 +220,7 @@ public class ConnectorDatabase extends CSCfgDatabase<ConnectorRecord> {
 
         ConnectorRecord record = new ConnectorRecord();
         record.setID(id);
-        record.setStatus("Enabled");
+        record.setStatus(Constants.CFG_ENABLED);
 
         record.setProperty(prefix + "." + id + ".enable", "true");
         record.setProperty(prefix + "." + id + ".host", hostname);
diff --git a/base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java b/base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java
index 609fc0367d596bc145015837957183eaea098708..4580b46ca027108acae1fe53367e490a1c227698 100644
--- a/base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java
+++ b/base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java
@@ -127,7 +127,6 @@ public class TPSEngine {
     public static final String CFG_DEF_NETKEY_OLD_INSTANCE_AID = "A00000000101";
     public static final String CFG_DEF_NETKEY_OLD_FILE_AID = "A000000001";
     public static final String CFG_DEF_APPLET_SO_PIN = "000000000000";
-    public static final String CFG_ENABLED = "Enabled";
 
     public static final int CFG_CHANNEL_DEF_BLOCK_SIZE = 242;
     public static final int CFG_CHANNEL_DEF_INSTANCE_SIZE = 18000;
diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
index f9a0445d6cc05331a4e6e0bf7086009d624df070..500dad412edba075915799deb427a6f8736adb0b 100644
--- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
+++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
@@ -47,6 +47,7 @@ import org.dogtagpki.server.tps.cms.TKSComputeRandomDataResponse;
 import org.dogtagpki.server.tps.cms.TKSComputeSessionKeyResponse;
 import org.dogtagpki.server.tps.cms.TKSEncryptDataResponse;
 import org.dogtagpki.server.tps.cms.TKSRemoteRequestHandler;
+import org.dogtagpki.server.tps.config.ProfileDatabase;
 import org.dogtagpki.server.tps.dbs.ActivityDatabase;
 import org.dogtagpki.server.tps.dbs.TPSCertRecord;
 import org.dogtagpki.server.tps.dbs.TokenRecord;
@@ -88,6 +89,7 @@ import com.netscape.certsrv.authentication.IAuthToken;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.EPropertyNotFound;
 import com.netscape.certsrv.base.IConfigStore;
+import com.netscape.certsrv.common.Constants;
 import com.netscape.certsrv.tps.token.TokenStatus;
 import com.netscape.symkey.SessionKey;
 
@@ -125,6 +127,8 @@ public class TPSProcessor {
     protected BeginOpMsg beginMsg;
     private PlatformAndSecChannelProtoInfo platProtInfo;
 
+    ProfileDatabase profileDatabase = new ProfileDatabase();
+
     public TPSProcessor(TPSSession session) {
         setSession(session);
     }
@@ -2110,22 +2114,18 @@ public class TPSProcessor {
 
     void checkProfileStateOK() throws TPSException {
 
-        IConfigStore configStore = CMS.getConfigStore();
+        CMS.debug("TPSProcessor.checkProfileStateOK()");
 
-        String profileConfig = "config.Profiles." + selectedTokenType + ".state";
         String profileState = null;
-
-        CMS.debug("TPSProcessor.checkProfileStateOK: config value to check: " + profileConfig);
-
         try {
-            profileState = configStore.getString(profileConfig, TPSEngine.CFG_ENABLED);
+            profileState = profileDatabase.getRecordStatus(selectedTokenType);
         } catch (EBaseException e) {
             //Default TPSException will return a "contact admin" error code.
             throw new TPSException(
                     "TPSProcessor.checkProfileStateOK: internal error in getting profile state from config.");
         }
 
-        if (!profileState.equals(TPSEngine.CFG_ENABLED)) {
+        if (!profileState.equals(Constants.CFG_ENABLED)) {
             CMS.debug("TPSProcessor.checkProfileStateOK: profile specifically disabled.");
             throw new TPSException("TPSProcessor.checkProfileStateOK: profile disabled!");
         }
diff --git a/base/tps/src/org/dogtagpki/server/tps/rest/AuthenticatorService.java b/base/tps/src/org/dogtagpki/server/tps/rest/AuthenticatorService.java
index d862e261dc9938d83133490ceccc2b9a28fbecc8..ce240ebe53e3fd23f0853f3606f1634866797866 100644
--- a/base/tps/src/org/dogtagpki/server/tps/rest/AuthenticatorService.java
+++ b/base/tps/src/org/dogtagpki/server/tps/rest/AuthenticatorService.java
@@ -41,6 +41,7 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.BadRequestException;
 import com.netscape.certsrv.base.ForbiddenException;
 import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.common.Constants;
 import com.netscape.certsrv.tps.authenticator.AuthenticatorCollection;
 import com.netscape.certsrv.tps.authenticator.AuthenticatorData;
 import com.netscape.certsrv.tps.authenticator.AuthenticatorResource;
@@ -185,7 +186,7 @@ public class AuthenticatorService extends PKIService implements AuthenticatorRes
 
             if (status == null || database.requiresApproval() && !database.canApprove(principal)) {
                 // if status is unspecified or user doesn't have rights to approve, the entry is disabled
-                authenticatorData.setStatus("Disabled");
+                authenticatorData.setStatus(Constants.CFG_DISABLED);
             }
 
             database.addRecord(authenticatorData.getID(), createAuthenticatorRecord(authenticatorData));
@@ -217,21 +218,21 @@ public class AuthenticatorService extends PKIService implements AuthenticatorRes
             AuthenticatorRecord record = database.getRecord(authenticatorID);
 
             // only disabled authenticator can be updated
-            if (!"Disabled".equals(record.getStatus())) {
+            if (!Constants.CFG_DISABLED.equals(record.getStatus())) {
                 throw new ForbiddenException("Unable to update authenticator " + authenticatorID);
             }
 
             // update status if specified
             String status = authenticatorData.getStatus();
-            if (status != null && !"Disabled".equals(status)) {
-                if (!"Enabled".equals(status)) {
+            if (status != null && !Constants.CFG_DISABLED.equals(status)) {
+                if (!Constants.CFG_ENABLED.equals(status)) {
                     throw new ForbiddenException("Invalid authenticator status: " + status);
                 }
 
                 // if user doesn't have rights, set to pending
                 Principal principal = servletRequest.getUserPrincipal();
                 if (database.requiresApproval() && !database.canApprove(principal)) {
-                    status = "Pending_Approval";
+                    status = Constants.CFG_PENDING_APPROVAL;
                 }
 
                 // enable authenticator
@@ -274,25 +275,25 @@ public class AuthenticatorService extends PKIService implements AuthenticatorRes
             AuthenticatorRecord record = database.getRecord(authenticatorID);
             String status = record.getStatus();
 
-            if ("Disabled".equals(status)) {
+            if (Constants.CFG_DISABLED.equals(status)) {
                 if ("enable".equals(action)) {
-                    status = "Enabled";
+                    status = Constants.CFG_ENABLED;
                 } else {
                     throw new BadRequestException("Invalid action: " + action);
                 }
 
-            } else if ("Enabled".equals(status)) {
+            } else if (Constants.CFG_ENABLED.equals(status)) {
                 if ("disable".equals(action)) {
-                    status = "Disabled";
+                    status = Constants.CFG_DISABLED;
                 } else {
                     throw new BadRequestException("Invalid action: " + action);
                 }
 
-            } else if ("Pending_Approval".equals(status)) {
+            } else if (Constants.CFG_PENDING_APPROVAL.equals(status)) {
                 if ("approve".equals(action)) {
-                    status = "Enabled";
+                    status = Constants.CFG_ENABLED;
                 } else if ("reject".equals(action)) {
-                    status = "Disabled";
+                    status = Constants.CFG_DISABLED;
                 } else {
                     throw new BadRequestException("Invalid action: " + action);
                 }
@@ -331,7 +332,7 @@ public class AuthenticatorService extends PKIService implements AuthenticatorRes
             AuthenticatorRecord record = database.getRecord(authenticatorID);
             String status = record.getStatus();
 
-            if (!"Disabled".equals(status)) {
+            if (!Constants.CFG_DISABLED.equals(status)) {
                 throw new ForbiddenException("Unable to delete authenticator " + authenticatorID);
             }
 
diff --git a/base/tps/src/org/dogtagpki/server/tps/rest/ConnectorService.java b/base/tps/src/org/dogtagpki/server/tps/rest/ConnectorService.java
index c281265effa3602aa357a623fcd3891727f74eee..d81b508f2b896245915e82f6ca8927613e80f601 100644
--- a/base/tps/src/org/dogtagpki/server/tps/rest/ConnectorService.java
+++ b/base/tps/src/org/dogtagpki/server/tps/rest/ConnectorService.java
@@ -41,6 +41,7 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.BadRequestException;
 import com.netscape.certsrv.base.ForbiddenException;
 import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.common.Constants;
 import com.netscape.certsrv.tps.connector.ConnectorCollection;
 import com.netscape.certsrv.tps.connector.ConnectorData;
 import com.netscape.certsrv.tps.connector.ConnectorResource;
@@ -185,7 +186,7 @@ public class ConnectorService extends PKIService implements ConnectorResource {
 
             if (status == null || database.requiresApproval() && !database.canApprove(principal)) {
                 // if status is unspecified or user doesn't have rights to approve, the entry is disabled
-                connectorData.setStatus("Disabled");
+                connectorData.setStatus(Constants.CFG_DISABLED);
             }
 
             database.addRecord(connectorData.getID(), createConnectorRecord(connectorData));
@@ -217,21 +218,21 @@ public class ConnectorService extends PKIService implements ConnectorResource {
             ConnectorRecord record = database.getRecord(connectorID);
 
             // only disabled connector can be updated
-            if (!"Disabled".equals(record.getStatus())) {
+            if (!Constants.CFG_DISABLED.equals(record.getStatus())) {
                 throw new ForbiddenException("Unable to update connector " + connectorID);
             }
 
             // update status if specified
             String status = connectorData.getStatus();
-            if (status != null && !"Disabled".equals(status)) {
-                if (!"Enabled".equals(status)) {
+            if (status != null && !Constants.CFG_DISABLED.equals(status)) {
+                if (!Constants.CFG_ENABLED.equals(status)) {
                     throw new ForbiddenException("Invalid connector status: " + status);
                 }
 
                 // if user doesn't have rights, set to pending
                 Principal principal = servletRequest.getUserPrincipal();
                 if (database.requiresApproval() && !database.canApprove(principal)) {
-                    status = "Pending_Approval";
+                    status = Constants.CFG_PENDING_APPROVAL;
                 }
 
                 // enable connector
@@ -274,25 +275,25 @@ public class ConnectorService extends PKIService implements ConnectorResource {
             ConnectorRecord record = database.getRecord(connectorID);
             String status = record.getStatus();
 
-            if ("Disabled".equals(status)) {
+            if (Constants.CFG_DISABLED.equals(status)) {
                 if ("enable".equals(action)) {
-                    status = "Enabled";
+                    status = Constants.CFG_ENABLED;
                 } else {
                     throw new BadRequestException("Invalid action: " + action);
                 }
 
-            } else if ("Enabled".equals(status)) {
+            } else if (Constants.CFG_ENABLED.equals(status)) {
                 if ("disable".equals(action)) {
-                    status = "Disabled";
+                    status = Constants.CFG_DISABLED;
                 } else {
                     throw new BadRequestException("Invalid action: " + action);
                 }
 
-            } else if ("Pending_Approval".equals(status)) {
+            } else if (Constants.CFG_PENDING_APPROVAL.equals(status)) {
                 if ("approve".equals(action)) {
-                    status = "Enabled";
+                    status = Constants.CFG_ENABLED;
                 } else if ("reject".equals(action)) {
-                    status = "Disabled";
+                    status = Constants.CFG_DISABLED;
                 } else {
                     throw new BadRequestException("Invalid action: " + action);
                 }
@@ -331,7 +332,7 @@ public class ConnectorService extends PKIService implements ConnectorResource {
             ConnectorRecord record = database.getRecord(connectorID);
             String status = record.getStatus();
 
-            if (!"Disabled".equals(status)) {
+            if (!Constants.CFG_DISABLED.equals(status)) {
                 throw new ForbiddenException("Unable to delete connector " + connectorID);
             }
 
diff --git a/base/tps/src/org/dogtagpki/server/tps/rest/ProfileMappingService.java b/base/tps/src/org/dogtagpki/server/tps/rest/ProfileMappingService.java
index f3a6f2e38ce14f74001cdb9fecf2c1880c2f8c4d..98f5f098684ba41b05d859065a861368f74d5e21 100644
--- a/base/tps/src/org/dogtagpki/server/tps/rest/ProfileMappingService.java
+++ b/base/tps/src/org/dogtagpki/server/tps/rest/ProfileMappingService.java
@@ -41,6 +41,7 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.BadRequestException;
 import com.netscape.certsrv.base.ForbiddenException;
 import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.common.Constants;
 import com.netscape.certsrv.tps.profile.ProfileMappingCollection;
 import com.netscape.certsrv.tps.profile.ProfileMappingData;
 import com.netscape.certsrv.tps.profile.ProfileMappingResource;
@@ -181,7 +182,7 @@ public class ProfileMappingService extends PKIService implements ProfileMappingR
 
             if (status == null || database.requiresApproval() && !database.canApprove(principal)) {
                 // if status is unspecified or user doesn't have rights to approve, the entry is disabled
-                profileMappingData.setStatus("Disabled");
+                profileMappingData.setStatus(Constants.CFG_DISABLED);
             }
 
             database.addRecord(profileMappingData.getID(), createProfileMappingRecord(profileMappingData));
@@ -210,21 +211,21 @@ public class ProfileMappingService extends PKIService implements ProfileMappingR
             ProfileMappingRecord record = database.getRecord(profileMappingID);
 
             // only disabled profile mapping can be updated
-            if (!"Disabled".equals(record.getStatus())) {
+            if (!Constants.CFG_DISABLED.equals(record.getStatus())) {
                 throw new ForbiddenException("Unable to update profile mapping " + profileMappingID);
             }
 
             // update status if specified
             String status = profileMappingData.getStatus();
-            if (status != null && !"Disabled".equals(status)) {
-                if (!"Enabled".equals(status)) {
+            if (status != null && !Constants.CFG_DISABLED.equals(status)) {
+                if (!Constants.CFG_ENABLED.equals(status)) {
                     throw new ForbiddenException("Invalid profile mapping status: " + status);
                 }
 
                 // if user doesn't have rights, set to pending
                 Principal principal = servletRequest.getUserPrincipal();
                 if (database.requiresApproval() && !database.canApprove(principal)) {
-                    status = "Pending_Approval";
+                    status = Constants.CFG_PENDING_APPROVAL;
                 }
 
                 // enable profile mapping
@@ -267,25 +268,25 @@ public class ProfileMappingService extends PKIService implements ProfileMappingR
             ProfileMappingRecord record = database.getRecord(profileMappingID);
             String status = record.getStatus();
 
-            if ("Disabled".equals(status)) {
+            if (Constants.CFG_DISABLED.equals(status)) {
                 if ("enable".equals(action)) {
-                    status = "Enabled";
+                    status = Constants.CFG_ENABLED;
                 } else {
                     throw new BadRequestException("Invalid action: " + action);
                 }
 
-            } else if ("Enabled".equals(status)) {
+            } else if (Constants.CFG_ENABLED.equals(status)) {
                 if ("disable".equals(action)) {
-                    status = "Disabled";
+                    status = Constants.CFG_DISABLED;
                 } else {
                     throw new BadRequestException("Invalid action: " + action);
                 }
 
-            } else if ("Pending_Approval".equals(status)) {
+            } else if (Constants.CFG_PENDING_APPROVAL.equals(status)) {
                 if ("approve".equals(action)) {
-                    status = "Enabled";
+                    status = Constants.CFG_ENABLED;
                 } else if ("reject".equals(action)) {
-                    status = "Disabled";
+                    status = Constants.CFG_DISABLED;
                 } else {
                     throw new BadRequestException("Invalid action: " + action);
                 }
@@ -322,7 +323,7 @@ public class ProfileMappingService extends PKIService implements ProfileMappingR
             ProfileMappingRecord record = database.getRecord(profileMappingID);
             String status = record.getStatus();
 
-            if (!"Disabled".equals(status)) {
+            if (!Constants.CFG_DISABLED.equals(status)) {
                 throw new ForbiddenException("Unable to delete profile mapping " + profileMappingID);
             }
 
diff --git a/base/tps/src/org/dogtagpki/server/tps/rest/ProfileService.java b/base/tps/src/org/dogtagpki/server/tps/rest/ProfileService.java
index e5bfd4663827e7bded285c5c11b3ab0426abe40b..9505ad208fbd8dbdc7339fb10e7c7ccc5c4e14fb 100644
--- a/base/tps/src/org/dogtagpki/server/tps/rest/ProfileService.java
+++ b/base/tps/src/org/dogtagpki/server/tps/rest/ProfileService.java
@@ -41,6 +41,7 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.BadRequestException;
 import com.netscape.certsrv.base.ForbiddenException;
 import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.common.Constants;
 import com.netscape.certsrv.tps.profile.ProfileCollection;
 import com.netscape.certsrv.tps.profile.ProfileData;
 import com.netscape.certsrv.tps.profile.ProfileResource;
@@ -185,7 +186,7 @@ public class ProfileService extends PKIService implements ProfileResource {
 
             if (status == null || database.requiresApproval() && !database.canApprove(principal)) {
                 // if status is unspecified or user doesn't have rights to approve, the entry is disabled
-                profileData.setStatus("Disabled");
+                profileData.setStatus(Constants.CFG_DISABLED);
             }
 
             database.addRecord(profileData.getID(), createProfileRecord(profileData));
@@ -218,21 +219,21 @@ public class ProfileService extends PKIService implements ProfileResource {
             ProfileRecord record = database.getRecord(profileID);
 
             // only disabled profile can be updated
-            if (!"Disabled".equals(record.getStatus())) {
+            if (!Constants.CFG_DISABLED.equals(record.getStatus())) {
                 throw new ForbiddenException("Unable to update profile " + profileID);
             }
 
             // update status if specified
             String status = profileData.getStatus();
-            if (status != null && !"Disabled".equals(status)) {
-                if (!"Enabled".equals(status)) {
+            if (status != null && !Constants.CFG_DISABLED.equals(status)) {
+                if (!Constants.CFG_ENABLED.equals(status)) {
                     throw new ForbiddenException("Invalid profile status: " + status);
                 }
 
                 // if user doesn't have rights, set to pending
                 Principal principal = servletRequest.getUserPrincipal();
                 if (database.requiresApproval() && !database.canApprove(principal)) {
-                    status = "Pending_Approval";
+                    status = Constants.CFG_PENDING_APPROVAL;
                 }
 
                 // enable profile
@@ -275,25 +276,25 @@ public class ProfileService extends PKIService implements ProfileResource {
             ProfileRecord record = database.getRecord(profileID);
             String status = record.getStatus();
 
-            if ("Disabled".equals(status)) {
+            if (Constants.CFG_DISABLED.equals(status)) {
                 if ("enable".equals(action)) {
-                    status = "Enabled";
+                    status = Constants.CFG_ENABLED;
                 } else {
                     throw new BadRequestException("Invalid action: " + action);
                 }
 
-            } else if ("Enabled".equals(status)) {
+            } else if (Constants.CFG_ENABLED.equals(status)) {
                 if ("disable".equals(action)) {
-                    status = "Disabled";
+                    status = Constants.CFG_DISABLED;
                 } else {
                     throw new BadRequestException("Invalid action: " + action);
                 }
 
-            } else if ("Pending_Approval".equals(status)) {
+            } else if (Constants.CFG_PENDING_APPROVAL.equals(status)) {
                 if ("approve".equals(action)) {
-                    status = "Enabled";
+                    status = Constants.CFG_ENABLED;
                 } else if ("reject".equals(action)) {
-                    status = "Disabled";
+                    status = Constants.CFG_DISABLED;
                 } else {
                     throw new BadRequestException("Invalid action: " + action);
                 }
@@ -332,7 +333,7 @@ public class ProfileService extends PKIService implements ProfileResource {
             ProfileRecord record = database.getRecord(profileID);
             String status = record.getStatus();
 
-            if (!"Disabled".equals(status)) {
+            if (!Constants.CFG_DISABLED.equals(status)) {
                 throw new ForbiddenException("Unable to delete profile " + profileID);
             }
 
-- 
1.9.3



More information about the Pki-devel mailing list