Ticket #2717 CMC user-signed enrollment request

This patch provides implementation that allows user-signed CMC requests
to be processed; The resulting certificate will bear the same subjectDN
as that of the signing cert;
The new uri to access is /ca/ee/ca/profileSubmitUserSignedCMCFull
where the new profile is to be used: caFullCMCUserSignedCert.cfg
which utilizes the new authentication plugin: CMCUserSignedAuth
and new profile default plugin: CMCUserSignedSubjectNameDefault
and new profile constraint plugin: CMCUserSignedSubjectNameConstraint

1 files changed, 27 insertions, 1 deletions

diff --git a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java
index 26ca2a4cc..1e128d0a2 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java
@@ -39,6 +39,7 @@ import org.mozilla.jss.pkix.cmc.OtherInfo;
 import org.mozilla.jss.pkix.cmc.TaggedAttribute;
 
 import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.authentication.IAuthManager;
 import com.netscape.certsrv.authentication.IAuthToken;
 import com.netscape.certsrv.authorization.AuthzToken;
 import com.netscape.certsrv.base.EBaseException;
@@ -443,6 +444,18 @@ public class ProfileSubmitCMCServlet extends ProfileServlet {
         ///////////////////////////////////////////////
         // create request
         ///////////////////////////////////////////////
+        String tmpCertSerialS = ctx.get(IAuthManager.CRED_CMC_SIGNING_CERT);
+        if (tmpCertSerialS != null) {
+            // unlikely to happenm, but do this just in case
+            CMS.debug("ProfileSubmitCMCServlet: found existing CRED_CMC_SIGNING_CERT in ctx for CMCUserSignedAuth:" + tmpCertSerialS);
+            CMS.debug("ProfileSubmitCMCServlet: null it out");
+            ctx.set(IAuthManager.CRED_CMC_SIGNING_CERT, "");
+        }
+        String signingCertSerialS = (String) authToken.get(IAuthManager.CRED_CMC_SIGNING_CERT);
+        if (signingCertSerialS != null) {
+            CMS.debug("ProfileSubmitCMCServlet: setting CRED_CMC_SIGNING_CERT in ctx for CMCUserSignedAuth");
+            ctx.set(IAuthManager.CRED_CMC_SIGNING_CERT, signingCertSerialS);
+        }
         try {
             reqs = profile.createRequests(ctx, locale);
         } catch (EProfileException e) {
@@ -512,7 +525,7 @@ public class ProfileSubmitCMCServlet extends ProfileServlet {
         IRequest provedReq = null;
         if (reqs == null) {
             // handling DecryptedPOP request here
-            Integer reqID = (Integer) context.get("decryptedPopReqId");
+            Integer reqID = (Integer) context.get("cmcDecryptedPopReqId");
             provedReq = profile.getRequestQueue().findRequest(new RequestId(reqID.toString()));
             if (provedReq == null) {
 
@@ -568,6 +581,19 @@ public class ProfileSubmitCMCServlet extends ProfileServlet {
                         }
                     }
                 }
+
+                tmpCertSerialS = reqs[k].getExtDataInString(IAuthManager.CRED_CMC_SIGNING_CERT);
+                if (tmpCertSerialS != null) {
+                    // unlikely to happenm, but do this just in case
+                    CMS.debug("ProfileSubmitCMCServlet: found existing CRED_CMC_SIGNING_CERT in request for CMCUserSignedAuth:" + tmpCertSerialS);
+                    CMS.debug("ProfileSubmitCMCServlet: null it out");
+                    reqs[k].setExtData(IAuthManager.CRED_CMC_SIGNING_CERT, "");
+                }
+                // put CMCUserSignedAuth authToken in request
+                if (signingCertSerialS != null) {
+                    CMS.debug("ProfileSubmitCMCServlet: setting CRED_CMC_SIGNING_CERT in request for CMCUserSignedAuth");
+                    reqs[k].setExtData(IAuthManager.CRED_CMC_SIGNING_CERT, signingCertSerialS);
+                }
             }
 
             // put profile framework parameters into the request