diff options
Diffstat (limited to 'base/common/src/com/netscape/cms/servlet/processors/Processor.java')
-rw-r--r-- | base/common/src/com/netscape/cms/servlet/processors/Processor.java | 36 |
1 files changed, 30 insertions, 6 deletions
diff --git a/base/common/src/com/netscape/cms/servlet/processors/Processor.java b/base/common/src/com/netscape/cms/servlet/processors/Processor.java index 423d1bed5..42e1bca75 100644 --- a/base/common/src/com/netscape/cms/servlet/processors/Processor.java +++ b/base/common/src/com/netscape/cms/servlet/processors/Processor.java @@ -28,6 +28,7 @@ import java.util.Hashtable; import java.util.Iterator; import java.util.LinkedHashSet; import java.util.Locale; +import java.util.Map; import java.util.Map.Entry; import java.util.StringTokenizer; @@ -39,13 +40,14 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.AuthToken; import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.authorization.AuthzToken; +import com.netscape.certsrv.authorization.EAuthzException; import com.netscape.certsrv.authorization.IAuthzSubsystem; +import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.EPropertyNotFound; import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.MetaInfo; -import com.netscape.certsrv.base.Nonces; import com.netscape.certsrv.base.SessionContext; import com.netscape.certsrv.ca.ICertificateAuthority; import com.netscape.certsrv.dbs.certdb.ICertRecord; @@ -138,7 +140,6 @@ public class Processor { protected String authzResourceName; protected String authMgr; protected String getClientCert = "false"; - protected Nonces nonces; protected Locale locale; // subsystems @@ -179,10 +180,6 @@ public class Processor { throw new EBaseException("CertProcessor: authority is null"); } - if (authority.noncesEnabled()) { - nonces = authority.getNonces(); - } - queue = authority.getRequestQueue(); if (queue == null) { throw new EBaseException("CertProcessor: cannot get request queue"); @@ -1237,4 +1234,31 @@ public class Processor { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; } } + + public void validateNonce( + HttpServletRequest servletRequest, + String name, + Object id, + Long nonce) throws EBaseException { + + if (nonce == null) { + throw new BadRequestException("Missing nonce."); + } + + Map<Object, Long> nonces = authority.getNonces(servletRequest, name); + + Long storedNonce = nonces.get(id); + if (storedNonce == null) { + throw new BadRequestException("Nonce for "+name+" "+id+" does not exist."); + } + + if (!nonce.equals(storedNonce)) { + CMS.debug("Processor: Invalid nonce"); + throw new EAuthzException(CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR")); + } + + nonces.remove(id); + + CMS.debug("Processor: Nonce verified"); + } } |