summaryrefslogtreecommitdiffstats
path: root/base/common/src/com/netscape/cms/servlet/processors/Processor.java
diff options
context:
space:
mode:
Diffstat (limited to 'base/common/src/com/netscape/cms/servlet/processors/Processor.java')
-rw-r--r--base/common/src/com/netscape/cms/servlet/processors/Processor.java35
1 files changed, 29 insertions, 6 deletions
diff --git a/base/common/src/com/netscape/cms/servlet/processors/Processor.java b/base/common/src/com/netscape/cms/servlet/processors/Processor.java
index 423d1bed5..2349b48ea 100644
--- a/base/common/src/com/netscape/cms/servlet/processors/Processor.java
+++ b/base/common/src/com/netscape/cms/servlet/processors/Processor.java
@@ -28,6 +28,7 @@ import java.util.Hashtable;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Locale;
+import java.util.Map;
import java.util.Map.Entry;
import java.util.StringTokenizer;
@@ -40,12 +41,13 @@ import com.netscape.certsrv.authentication.AuthToken;
import com.netscape.certsrv.authentication.IAuthToken;
import com.netscape.certsrv.authorization.AuthzToken;
import com.netscape.certsrv.authorization.IAuthzSubsystem;
+import com.netscape.certsrv.base.BadRequestException;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.EPropertyNotFound;
+import com.netscape.certsrv.base.ForbiddenException;
import com.netscape.certsrv.base.IArgBlock;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.base.MetaInfo;
-import com.netscape.certsrv.base.Nonces;
import com.netscape.certsrv.base.SessionContext;
import com.netscape.certsrv.ca.ICertificateAuthority;
import com.netscape.certsrv.dbs.certdb.ICertRecord;
@@ -138,7 +140,6 @@ public class Processor {
protected String authzResourceName;
protected String authMgr;
protected String getClientCert = "false";
- protected Nonces nonces;
protected Locale locale;
// subsystems
@@ -179,10 +180,6 @@ public class Processor {
throw new EBaseException("CertProcessor: authority is null");
}
- if (authority.noncesEnabled()) {
- nonces = authority.getNonces();
- }
-
queue = authority.getRequestQueue();
if (queue == null) {
throw new EBaseException("CertProcessor: cannot get request queue");
@@ -1237,4 +1234,30 @@ public class Processor {
return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
}
}
+
+ public void validateNonce(
+ HttpServletRequest servletRequest,
+ String name,
+ Object id,
+ Long nonce) throws EBaseException {
+
+ if (nonce == null) {
+ throw new BadRequestException("Missing nonce.");
+ }
+
+ Map<Object, Long> nonces = authority.getNonces(servletRequest, name);
+
+ Long storedNonce = nonces.get(id);
+ if (storedNonce == null) {
+ throw new BadRequestException("Nonce for "+name+" "+id+" does not exist.");
+ }
+
+ if (!nonce.equals(storedNonce)) {
+ throw new ForbiddenException("Invalid nonce");
+ }
+
+ nonces.remove(id);
+
+ CMS.debug("Processor: Nonce verified");
+ }
}