diff options
author | Christina Fu <cfu@redhat.com> | 2017-04-28 17:55:17 -0700 |
---|---|---|
committer | Christina Fu <cfu@redhat.com> | 2017-04-28 19:56:09 -0700 |
commit | 3ff9de6a517d7fdcdee6c4a8c884eff052f8f824 (patch) | |
tree | 7ce6931f2bdec5413796d9e22b243542ef635239 /base/server/cms/src/com/netscape/cms/servlet | |
parent | 9590944d5726ff32d94c6a2b2909175eae946466 (diff) | |
download | pki-3ff9de6a517d7fdcdee6c4a8c884eff052f8f824.tar.gz pki-3ff9de6a517d7fdcdee6c4a8c884eff052f8f824.tar.xz pki-3ff9de6a517d7fdcdee6c4a8c884eff052f8f824.zip |
Ticket #2717 CMC user-signed enrollment request
This patch provides implementation that allows user-signed CMC requests
to be processed; The resulting certificate will bear the same subjectDN
as that of the signing cert;
The new uri to access is /ca/ee/ca/profileSubmitUserSignedCMCFull
where the new profile is to be used: caFullCMCUserSignedCert.cfg
which utilizes the new authentication plugin: CMCUserSignedAuth
and new profile default plugin: CMCUserSignedSubjectNameDefault
and new profile constraint plugin: CMCUserSignedSubjectNameConstraint
Diffstat (limited to 'base/server/cms/src/com/netscape/cms/servlet')
-rw-r--r-- | base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java index 26ca2a4cc..1e128d0a2 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java @@ -39,6 +39,7 @@ import org.mozilla.jss.pkix.cmc.OtherInfo; import org.mozilla.jss.pkix.cmc.TaggedAttribute; import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.authentication.IAuthManager; import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.authorization.AuthzToken; import com.netscape.certsrv.base.EBaseException; @@ -443,6 +444,18 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { /////////////////////////////////////////////// // create request /////////////////////////////////////////////// + String tmpCertSerialS = ctx.get(IAuthManager.CRED_CMC_SIGNING_CERT); + if (tmpCertSerialS != null) { + // unlikely to happenm, but do this just in case + CMS.debug("ProfileSubmitCMCServlet: found existing CRED_CMC_SIGNING_CERT in ctx for CMCUserSignedAuth:" + tmpCertSerialS); + CMS.debug("ProfileSubmitCMCServlet: null it out"); + ctx.set(IAuthManager.CRED_CMC_SIGNING_CERT, ""); + } + String signingCertSerialS = (String) authToken.get(IAuthManager.CRED_CMC_SIGNING_CERT); + if (signingCertSerialS != null) { + CMS.debug("ProfileSubmitCMCServlet: setting CRED_CMC_SIGNING_CERT in ctx for CMCUserSignedAuth"); + ctx.set(IAuthManager.CRED_CMC_SIGNING_CERT, signingCertSerialS); + } try { reqs = profile.createRequests(ctx, locale); } catch (EProfileException e) { @@ -512,7 +525,7 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { IRequest provedReq = null; if (reqs == null) { // handling DecryptedPOP request here - Integer reqID = (Integer) context.get("decryptedPopReqId"); + Integer reqID = (Integer) context.get("cmcDecryptedPopReqId"); provedReq = profile.getRequestQueue().findRequest(new RequestId(reqID.toString())); if (provedReq == null) { @@ -568,6 +581,19 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { } } } + + tmpCertSerialS = reqs[k].getExtDataInString(IAuthManager.CRED_CMC_SIGNING_CERT); + if (tmpCertSerialS != null) { + // unlikely to happenm, but do this just in case + CMS.debug("ProfileSubmitCMCServlet: found existing CRED_CMC_SIGNING_CERT in request for CMCUserSignedAuth:" + tmpCertSerialS); + CMS.debug("ProfileSubmitCMCServlet: null it out"); + reqs[k].setExtData(IAuthManager.CRED_CMC_SIGNING_CERT, ""); + } + // put CMCUserSignedAuth authToken in request + if (signingCertSerialS != null) { + CMS.debug("ProfileSubmitCMCServlet: setting CRED_CMC_SIGNING_CERT in request for CMCUserSignedAuth"); + reqs[k].setExtData(IAuthManager.CRED_CMC_SIGNING_CERT, signingCertSerialS); + } } // put profile framework parameters into the request |