diff options
| author | awnuk <awnuk@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-06-12 20:04:58 +0000 |
|---|---|---|
| committer | awnuk <awnuk@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-06-12 20:04:58 +0000 |
| commit | d6b98f654e660b43607d5605b4682a21c837e9a2 (patch) | |
| tree | f445ffd2ecb06f43ed3569f39f2ca46c615e32fe | |
| parent | e8c342b231ad9965d34da0a2660e777151ab9a8d (diff) | |
| download | pki-d6b98f654e660b43607d5605b4682a21c837e9a2.tar.gz pki-d6b98f654e660b43607d5605b4682a21c837e9a2.tar.xz pki-d6b98f654e660b43607d5605b4682a21c837e9a2.zip | |
Bugzilla bug #502694.
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@598 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
| -rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java index f0490adc8..b99a92df4 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java @@ -53,6 +53,7 @@ public class DoRevoke extends CMSServlet { private String mFormPath = null; private IRequestQueue mQueue = null; private IPublisherProcessor mPublisherProcessor = null; + private Nonces mNonces = null; private int mTimeLimits = 30; /* in seconds */ private final static String REVOKE = "revoke"; @@ -80,6 +81,9 @@ public class DoRevoke extends CMSServlet { if (mAuthority instanceof ICertificateAuthority) { mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository(); + if (((ICertificateAuthority) mAuthority).noncesEnabled()) { + mNonces = ((ICertificateAuthority) mAuthority).getNonces(); + } } if (mAuthority instanceof ICertAuthority) { mPublisherProcessor = ((ICertAuthority) mAuthority).getPublisherProcessor(); @@ -169,6 +173,30 @@ public class DoRevoke extends CMSServlet { } } revokeAll = req.getParameter("revokeAll"); + + if (mNonces != null) { + boolean nonceVerified = false; + String nonceStr = req.getParameter("nonce"); + if (nonceStr != null) { + long nonce = Long.parseLong(nonceStr.trim()); + X509Certificate cert1 = mNonces.getCertificate(nonce); + X509Certificate cert2 = getSSLClientCertificate(req); + if (cert1 == null) { + CMS.debug("DoRevoke: Unknown nonce"); + } else if (cert1 != null && cert2 != null && cert1.equals(cert2)) { + nonceVerified = true; + mNonces.removeNonce(nonce); + } + } else { + CMS.debug("DoRevoke: Missing nonce"); + } + CMS.debug("DoRevoke: nonceVerified="+nonceVerified); + if (!nonceVerified) { + cmsReq.setStatus(CMSRequest.UNAUTHORIZED); + return; + } + } + String comments = req.getParameter(IRequest.REQUESTOR_COMMENTS); String eeSubjectDN = null; String eeSerialNumber = null; |