diff options
| author | Christina Fu <cfu@redhat.com> | 2017-06-14 14:57:10 -0700 |
|---|---|---|
| committer | Christina Fu <cfu@redhat.com> | 2017-06-15 12:03:14 -0700 |
| commit | 63c9582009b3858a6878863b9658d04c9aad45c1 (patch) | |
| tree | 82210aa52c0e4ab00b8f9412767afeaf4010b6d8 /base/common | |
| parent | 1f9db90b4f490f615a67a0f2d26b378345c6ab6a (diff) | |
| download | pki-63c9582009b3858a6878863b9658d04c9aad45c1.tar.gz pki-63c9582009b3858a6878863b9658d04c9aad45c1.tar.xz pki-63c9582009b3858a6878863b9658d04c9aad45c1.zip | |
Ticket#2737 CMC: check HTTPS client authentication cert against CMC signer
This patch adds enforcement in CMCUserSignedAuth to make sure SSL client authentication is performed and the authenticated cert matches that of the CMC signing cert.
Some auditing adjustments are also done.
Diffstat (limited to 'base/common')
| -rw-r--r-- | base/common/src/com/netscape/certsrv/base/SessionContext.java | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/base/common/src/com/netscape/certsrv/base/SessionContext.java b/base/common/src/com/netscape/certsrv/base/SessionContext.java index 8bcb3c11e..9323e6e33 100644 --- a/base/common/src/com/netscape/certsrv/base/SessionContext.java +++ b/base/common/src/com/netscape/certsrv/base/SessionContext.java @@ -56,6 +56,13 @@ public class SessionContext extends Hashtable<Object, Object> { * Principal name object of the signed CMC request */ public static final String CMC_SIGNER_PRINCIPAL = "cmcSignerPrincipal"; + public static final String CMC_SIGNER_INFO = "cmcSignerInfo"; + public static final String CMC_REQUEST_CERT_SUBJECT = "cmcRequestCertSubject"; + + /** + * authenticated SSL client certificate + */ + public static final String SSL_CLIENT_CERT = "sslClientCert"; /** * User object of the authenticated user in the current thread. |