diff options
author | awnuk <awnuk@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-09-03 22:28:35 +0000 |
---|---|---|
committer | awnuk <awnuk@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-09-03 22:28:35 +0000 |
commit | e083e81d526101349f3208507139573425d5aafd (patch) | |
tree | 9787c6f51647057039ffe0cf64e806df0172e603 /pki | |
parent | cda0cbeb67df52c08fd5b19c4f1b2eb227b6c358 (diff) | |
download | pki-e083e81d526101349f3208507139573425d5aafd.tar.gz pki-e083e81d526101349f3208507139573425d5aafd.tar.xz pki-e083e81d526101349f3208507139573425d5aafd.zip |
Fixed bugzilla bug #621350
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1261 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java | 46 |
1 files changed, 45 insertions, 1 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java index 03ba30648..245054776 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java @@ -158,6 +158,7 @@ public class CRSEnrollment extends HttpServlet try { mProfileSubsystem = (IProfileSubsystem)CMS.getSubsystem("profile"); mProfileId = sc.getInitParameter("profileId"); + CMS.debug("CRSEnrollment: init: mProfileId="+mProfileId); mAuthSubsystem = (IAuthSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); mAuthManagerName = sc.getInitParameter(PROP_CRSAUTHMGR); @@ -473,7 +474,48 @@ public class CRSEnrollment extends HttpServlet // Verify Signature on message (throws exception if sig bad) verifyRequest(req,cx); unwrapPKCS10(req,cx); - + + IProfile profile = mProfileSubsystem.getProfile(mProfileId); + if (profile == null) { + CMS.debug("Profile '" + mProfileId + "' not found."); + throw new ServletException("Profile '" + mProfileId + "' not found."); + } else { + CMS.debug("Found profile '" + mProfileId + "'."); + } + + IProfileAuthenticator authenticator = null; + try { + CMS.debug("Retrieving authenticator"); + authenticator = profile.getAuthenticator(); + if (authenticator == null) { + CMS.debug("Authenticator not found."); + throw new ServletException("Authenticator not found."); + } else { + CMS.debug("Got authenticator=" + authenticator.getClass().getName()); + } + } catch (EProfileException e) { + throw new ServletException("Authenticator not found."); + } + AuthCredentials credentials = new AuthCredentials(); + IAuthToken authToken = null; + // for ssl authentication; pass in servlet for retrieving + // ssl client certificates + SessionContext context = SessionContext.getContext(); + + // insert profile context so that input parameter can be retrieved + context.put("sslClientCertProvider", new SSLClientCertProvider(httpReq)); + + try { + authToken = authenticate(credentials, authenticator, httpReq); + } catch (Exception e) { + CMS.debug("Authentication failure: "+ e.getMessage()); + throw new ServletException("Authentication failure: "+ e.getMessage()); + } + if (authToken == null) { + CMS.debug("Authentication failure."); + throw new ServletException("Authentication failure."); + } + // Deal with Transaction ID String transactionID = req.getTransactionID(); responseData = responseData + @@ -566,6 +608,8 @@ public class CRSEnrollment extends HttpServlet responseData = responseData + "<PKCS10>" + pkcs10Attr + "</PKCS10>"; + } catch (ServletException e) { + throw new ServletException(e.getMessage().toString()); } catch (CRSInvalidSignatureException e) { CMS.debug("handlePKIMessage exception " + e); CMS.debug(e); |