summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEndi S. Dewata <edewata@redhat.com>2016-04-12 21:06:33 +0200
committerEndi S. Dewata <edewata@redhat.com>2016-04-13 00:36:06 +0200
commitcb914005c86cee3e4345cae62376713afe5284c1 (patch)
tree40ea12709d548e4ce10fe256d124370395cf74eb
parent8e291fba835f6640a262e01333aa58cf9bd5220f (diff)
downloadpki-ticket-2226-1.tar.gz
pki-ticket-2226-1.tar.xz
pki-ticket-2226-1.zip
-rw-r--r--.classpath1
-rw-r--r--base/common/share/etc/pki.conf2
-rw-r--r--base/server/cms/src/com/netscape/cms/realm/PKIRealm.java10
-rw-r--r--base/server/cmscore/src/com/netscape/cmscore/ldapconn/LdapBoundConnFactory.java22
-rw-r--r--base/server/tomcat7/src/com/netscape/cms/tomcat/ProxyRealm.java12
-rw-r--r--base/server/tomcat8/src/com/netscape/cms/tomcat/ProxyRealm.java14
6 files changed, 53 insertions, 8 deletions
diff --git a/.classpath b/.classpath
index 9fd5144bf..593679215 100644
--- a/.classpath
+++ b/.classpath
@@ -20,6 +20,7 @@
<classpathentry excluding="**/CMakeLists.txt" kind="src" path="base/ocsp/src"/>
<classpathentry excluding="**/CMakeLists.txt" kind="src" path="base/tks/src"/>
<classpathentry excluding="**/CMakeLists.txt" kind="src" path="base/tps/src"/>
+ <classpathentry kind="src" path="base/server/tomcat8/src"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
<classpathentry kind="lib" path="/usr/share/java/apache-commons-cli.jar"/>
<classpathentry kind="lib" path="/usr/share/java/apache-commons-logging.jar"/>
diff --git a/base/common/share/etc/pki.conf b/base/common/share/etc/pki.conf
index 57cb83e5a..05a30b11e 100644
--- a/base/common/share/etc/pki.conf
+++ b/base/common/share/etc/pki.conf
@@ -3,3 +3,5 @@ JNI_JAR_DIR=/usr/lib/java
# logging configuration location
LOGGING_CONFIG=/usr/share/pki/etc/logging.properties
+
+# test
diff --git a/base/server/cms/src/com/netscape/cms/realm/PKIRealm.java b/base/server/cms/src/com/netscape/cms/realm/PKIRealm.java
index 1933601db..8e94e26c9 100644
--- a/base/server/cms/src/com/netscape/cms/realm/PKIRealm.java
+++ b/base/server/cms/src/com/netscape/cms/realm/PKIRealm.java
@@ -47,6 +47,11 @@ public class PKIRealm extends RealmBase {
@Override
public Principal authenticate(String username, String password) {
+
+ if (CMS.isPreOpMode()) {
+ return null;
+ }
+
CMS.debug("PKIRealm: Authenticating user " + username + " with password.");
String auditMessage = null;
String auditSubjectID = ILogger.UNIDENTIFIED;
@@ -91,6 +96,11 @@ public class PKIRealm extends RealmBase {
@Override
public Principal authenticate(final X509Certificate certs[]) {
+
+ if (CMS.isPreOpMode()) {
+ return null;
+ }
+
CMS.debug("PKIRealm: Authenticating certificate chain:");
String auditMessage = null;
diff --git a/base/server/cmscore/src/com/netscape/cmscore/ldapconn/LdapBoundConnFactory.java b/base/server/cmscore/src/com/netscape/cmscore/ldapconn/LdapBoundConnFactory.java
index 2ac4085c7..07f4ca003 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/ldapconn/LdapBoundConnFactory.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/ldapconn/LdapBoundConnFactory.java
@@ -17,18 +17,19 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.ldapconn;
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPException;
-import netscape.ldap.LDAPSocketFactory;
-
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.ldap.ELdapException;
import com.netscape.certsrv.ldap.ELdapServerDownException;
+import com.netscape.certsrv.ldap.ILdapAuthInfo;
import com.netscape.certsrv.ldap.ILdapBoundConnFactory;
import com.netscape.certsrv.logging.ILogger;
+import netscape.ldap.LDAPConnection;
+import netscape.ldap.LDAPException;
+import netscape.ldap.LDAPSocketFactory;
+
/**
* Factory for getting LDAP Connections to a LDAP server with the same
* LDAP authentication.
@@ -119,8 +120,14 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
throws ELdapException, EBaseException {
CMS.debug("LdapBoundConnFactory: init ");
- LdapConnInfo connInfo =
- new LdapConnInfo(config.getSubStore(PROP_LDAPCONNINFO));
+
+ LdapConnInfo connInfo = new LdapConnInfo(
+ config.getSubStore(PROP_LDAPCONNINFO));
+
+ LdapAuthInfo authInfo = new LdapAuthInfo(
+ config.getSubStore(PROP_LDAPAUTHINFO),
+ connInfo.getHost(), connInfo.getPort(), connInfo.getSecure());
+ CMS.debug("Auth type: " + (authInfo.getAuthType() == ILdapAuthInfo.LDAP_AUTHTYPE_BASICAUTH ? "basic" : "client cert"));
mErrorIfDown = config.getBoolean(PROP_ERROR_IF_DOWN, mDefErrorIfDown);
@@ -130,8 +137,7 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
init(config.getInteger(PROP_MINCONNS, mMinConns),
config.getInteger(PROP_MAXCONNS, mMaxConns),
connInfo,
- new LdapAuthInfo(config.getSubStore(PROP_LDAPAUTHINFO),
- connInfo.getHost(), connInfo.getPort(), connInfo.getSecure()));
+ authInfo);
}
/**
diff --git a/base/server/tomcat7/src/com/netscape/cms/tomcat/ProxyRealm.java b/base/server/tomcat7/src/com/netscape/cms/tomcat/ProxyRealm.java
index 094c0561f..c089794af 100644
--- a/base/server/tomcat7/src/com/netscape/cms/tomcat/ProxyRealm.java
+++ b/base/server/tomcat7/src/com/netscape/cms/tomcat/ProxyRealm.java
@@ -61,11 +61,13 @@ public class ProxyRealm implements Realm {
@Override
public Principal authenticate(String username, String password) {
+ if (realm == null) return null;
return realm.authenticate(username, password);
}
@Override
public Principal authenticate(X509Certificate certs[]) {
+ if (realm == null) return null;
return realm.authenticate(certs);
}
@@ -80,11 +82,13 @@ public class ProxyRealm implements Realm {
String realmName,
String md5a2
) {
+ if (realm == null) return null;
return realm.authenticate(username, digest, nonce, nc, cnonce, qop, realmName, md5a2);
}
@Override
public Principal authenticate(GSSContext gssContext, boolean storeCreds) {
+ if (realm == null) return null;
return realm.authenticate(gssContext, storeCreds);
}
@@ -95,26 +99,31 @@ public class ProxyRealm implements Realm {
SecurityConstraint[] constraints,
Context context
) throws IOException {
+ if (realm == null) return false;
return realm.hasResourcePermission(request, response, constraints, context);
}
@Override
public String getInfo() {
+ if (realm == null) return null;
return realm.getInfo();
}
@Override
public void backgroundProcess() {
+ if (realm == null) return;
realm.backgroundProcess();
}
@Override
public SecurityConstraint[] findSecurityConstraints(Request request, Context context) {
+ if (realm == null) return null;
return realm.findSecurityConstraints(request, context);
}
@Override
public boolean hasRole(Wrapper wrapper, Principal principal, String role) {
+ if (realm == null) return false;
return realm.hasRole(wrapper, principal, role);
}
@@ -124,16 +133,19 @@ public class ProxyRealm implements Realm {
Response response,
SecurityConstraint[] constraint
) throws IOException {
+ if (realm == null) return false;
return realm.hasUserDataPermission(request, response, constraint);
}
@Override
public void addPropertyChangeListener(PropertyChangeListener listener) {
+ if (realm == null) return;
realm.addPropertyChangeListener(listener);
}
@Override
public void removePropertyChangeListener(PropertyChangeListener listener) {
+ if (realm == null) return;
realm.removePropertyChangeListener(listener);
}
}
diff --git a/base/server/tomcat8/src/com/netscape/cms/tomcat/ProxyRealm.java b/base/server/tomcat8/src/com/netscape/cms/tomcat/ProxyRealm.java
index bcedd52dc..72876a4ed 100644
--- a/base/server/tomcat8/src/com/netscape/cms/tomcat/ProxyRealm.java
+++ b/base/server/tomcat8/src/com/netscape/cms/tomcat/ProxyRealm.java
@@ -62,16 +62,19 @@ public class ProxyRealm implements Realm {
@Override
public Principal authenticate(String username) {
+ if (realm == null) return null;
return realm.authenticate(username);
}
@Override
public Principal authenticate(String username, String password) {
+ if (realm == null) return null;
return realm.authenticate(username, password);
}
@Override
public Principal authenticate(X509Certificate certs[]) {
+ if (realm == null) return null;
return realm.authenticate(certs);
}
@@ -86,11 +89,13 @@ public class ProxyRealm implements Realm {
String realmName,
String md5a2
) {
+ if (realm == null) return null;
return realm.authenticate(username, digest, nonce, nc, cnonce, qop, realmName, md5a2);
}
@Override
public Principal authenticate(GSSContext gssContext, boolean storeCreds) {
+ if (realm == null) return null;
return realm.authenticate(gssContext, storeCreds);
}
@@ -101,21 +106,25 @@ public class ProxyRealm implements Realm {
SecurityConstraint[] constraints,
Context context
) throws IOException {
+ if (realm == null) return false;
return realm.hasResourcePermission(request, response, constraints, context);
}
@Override
public void backgroundProcess() {
+ if (realm == null) return;
realm.backgroundProcess();
}
@Override
public SecurityConstraint[] findSecurityConstraints(Request request, Context context) {
+ if (realm == null) return null;
return realm.findSecurityConstraints(request, context);
}
@Override
public boolean hasRole(Wrapper wrapper, Principal principal, String role) {
+ if (realm == null) return false;
return realm.hasRole(wrapper, principal, role);
}
@@ -125,26 +134,31 @@ public class ProxyRealm implements Realm {
Response response,
SecurityConstraint[] constraint
) throws IOException {
+ if (realm == null) return false;
return realm.hasUserDataPermission(request, response, constraint);
}
@Override
public void addPropertyChangeListener(PropertyChangeListener listener) {
+ if (realm == null) return;
realm.addPropertyChangeListener(listener);
}
@Override
public void removePropertyChangeListener(PropertyChangeListener listener) {
+ if (realm == null) return;
realm.removePropertyChangeListener(listener);
}
@Override
public CredentialHandler getCredentialHandler() {
+ if (realm == null) return null;
return realm.getCredentialHandler();
}
@Override
public void setCredentialHandler(CredentialHandler handler) {
+ if (realm == null) return;
realm.setCredentialHandler(handler);
}
}