diff options
author | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-07-27 19:03:40 +0000 |
---|---|---|
committer | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-07-27 19:03:40 +0000 |
commit | 2eb3243de06f1589991da47bfde6271e0d80abe6 (patch) | |
tree | 8168ed24525ffd35989d54bd6dd81471d5df0b08 /pki/base/common/src/com/netscape/cms/publish | |
parent | 9f8b12b0400f654f8b3f10ddbd731735c1d45607 (diff) | |
download | pki-2eb3243de06f1589991da47bfde6271e0d80abe6.tar.gz pki-2eb3243de06f1589991da47bfde6271e0d80abe6.tar.xz pki-2eb3243de06f1589991da47bfde6271e0d80abe6.zip |
merge 8.1 -> tip, multiple bugs (base)
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1134 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/publish')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java | 62 |
1 files changed, 49 insertions, 13 deletions
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java index 4ae744e43..6a4a2b9ae 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java @@ -44,11 +44,15 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { private static final String PROP_HOST = "host"; private static final String PROP_PORT = "port"; private static final String PROP_PATH = "path"; + private static final String PROP_NICK = "nickName"; + private static final String PROP_CLIENT_AUTH_ENABLE = "enableClientAuth"; private IConfigStore mConfig = null; private String mHost = null; private String mPort = null; private String mPath = null; + private String mNickname = null; + private boolean mClientAuthEnabled = true; private ILogger mLogger = CMS.getLogger(); /** @@ -67,9 +71,11 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { public String[] getExtendedPluginInfo(Locale locale) { String[] params = { - PROP_HOST + ";string;Host of CMS's OCSP Secure EE service", - PROP_PORT + ";string;Port of CMS's OCSP Secure EE service", - PROP_PATH + ";string;URI of CMS's OCSP Secure EE service", + PROP_HOST + ";string;Host of CMS's OCSP Secure agent service", + PROP_PORT + ";string;Port of CMS's OCSP Secure agent service", + PROP_PATH + ";string;URI of CMS's OCSP Secure agent service", + PROP_NICK + ";string;Nickname of cert used for client authentication", + PROP_CLIENT_AUTH_ENABLE + ";boolean;Client Authentication enabled", IExtendedPluginInfo.HELP_TOKEN + ";configuration-ldappublish-publisher-ocsppublisher", IExtendedPluginInfo.HELP_TEXT + @@ -87,6 +93,8 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { String host = ""; String port = ""; String path = ""; + String nickname = ""; + String clientAuthEnabled = ""; try { host = mConfig.getString(PROP_HOST); @@ -103,6 +111,16 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { } catch (EBaseException e) { } v.addElement(PROP_PATH + "=" + path); + try { + nickname = mConfig.getString(PROP_NICK); + } catch (EBaseException e) { + } + v.addElement(PROP_NICK + "=" + nickname); + try { + clientAuthEnabled = mConfig.getString(PROP_CLIENT_AUTH_ENABLE); + } catch (EBaseException e) { + } + v.addElement(PROP_CLIENT_AUTH_ENABLE + "=" + clientAuthEnabled); return v; } @@ -112,9 +130,23 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { public Vector getDefaultParams() { Vector v = new Vector(); + IConfigStore config = CMS.getConfigStore(); + String nickname = ""; + // get subsystem cert nickname as default for client auth + try { + nickname = config.getString("ca.subsystem.nickname", ""); + String tokenname = config.getString("ca.subsystem.tokenname", ""); + if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) + nickname = tokenname+":"+nickname; + } catch (Exception e) { + } + + v.addElement(PROP_HOST + "="); v.addElement(PROP_PORT + "="); - v.addElement(PROP_PATH + "=/ocsp/ee/ocsp/addCRL"); + v.addElement(PROP_PATH + "=/ocsp/agent/ocsp/addCRL"); + v.addElement(PROP_CLIENT_AUTH_ENABLE + "=true"); + v.addElement(PROP_NICK + "=" + nickname); return v; } @@ -127,6 +159,8 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { mHost = mConfig.getString(PROP_HOST, ""); mPort = mConfig.getString(PROP_PORT, ""); mPath = mConfig.getString(PROP_PATH, ""); + mNickname = mConfig.getString(PROP_NICK, ""); + mClientAuthEnabled = mConfig.getBoolean(PROP_CLIENT_AUTH_ENABLE, true); } catch (EBaseException e) { } } @@ -135,7 +169,7 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { return mConfig; } - protected Socket Connect(String host, boolean secure) + protected Socket Connect(String host, boolean secure, JssSSLSocketFactory factory) { Socket socket = null; StringTokenizer st = new StringTokenizer(host, " "); @@ -146,9 +180,7 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { int p = Integer.parseInt(st1.nextToken()); try { if (secure) { - SSLSocket sec_socket = new SSLSocket(h, p); - sec_socket.setUseClientMode(true); - socket = sec_socket; + socket = factory.makeSocket(h, p); } else { socket = new Socket(h, p); } @@ -206,20 +238,24 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo { query.append("&noui=true"); Socket socket = null; + JssSSLSocketFactory factory; + + if (mClientAuthEnabled) { + factory = new JssSSLSocketFactory(mNickname); + } else { + factory = new JssSSLSocketFactory(); + } if (mHost != null && mHost.indexOf(' ') != -1) { // support failover hosts configuration // host parameter can be // "directory.knowledge.com:1050 people.catalog.com 199.254.1.2" do { - socket = Connect(mHost, secure); + socket = Connect(mHost, secure, factory); } while (socket == null); } else { if (secure) { - SSLSocket sec_socket = new SSLSocket(host, port); - - sec_socket.setUseClientMode(true); - socket = sec_socket; + socket = factory.makeSocket(host, port); } else { socket = new Socket(host, port); } |