diff options
Diffstat (limited to 'base/common/src/com/netscape/cms/servlet/processors/Processor.java')
-rw-r--r-- | base/common/src/com/netscape/cms/servlet/processors/Processor.java | 35 |
1 files changed, 29 insertions, 6 deletions
diff --git a/base/common/src/com/netscape/cms/servlet/processors/Processor.java b/base/common/src/com/netscape/cms/servlet/processors/Processor.java index 423d1bed5..2349b48ea 100644 --- a/base/common/src/com/netscape/cms/servlet/processors/Processor.java +++ b/base/common/src/com/netscape/cms/servlet/processors/Processor.java @@ -28,6 +28,7 @@ import java.util.Hashtable; import java.util.Iterator; import java.util.LinkedHashSet; import java.util.Locale; +import java.util.Map; import java.util.Map.Entry; import java.util.StringTokenizer; @@ -40,12 +41,13 @@ import com.netscape.certsrv.authentication.AuthToken; import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.authorization.AuthzToken; import com.netscape.certsrv.authorization.IAuthzSubsystem; +import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.EPropertyNotFound; +import com.netscape.certsrv.base.ForbiddenException; import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.MetaInfo; -import com.netscape.certsrv.base.Nonces; import com.netscape.certsrv.base.SessionContext; import com.netscape.certsrv.ca.ICertificateAuthority; import com.netscape.certsrv.dbs.certdb.ICertRecord; @@ -138,7 +140,6 @@ public class Processor { protected String authzResourceName; protected String authMgr; protected String getClientCert = "false"; - protected Nonces nonces; protected Locale locale; // subsystems @@ -179,10 +180,6 @@ public class Processor { throw new EBaseException("CertProcessor: authority is null"); } - if (authority.noncesEnabled()) { - nonces = authority.getNonces(); - } - queue = authority.getRequestQueue(); if (queue == null) { throw new EBaseException("CertProcessor: cannot get request queue"); @@ -1237,4 +1234,30 @@ public class Processor { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; } } + + public void validateNonce( + HttpServletRequest servletRequest, + String name, + Object id, + Long nonce) throws EBaseException { + + if (nonce == null) { + throw new BadRequestException("Missing nonce."); + } + + Map<Object, Long> nonces = authority.getNonces(servletRequest, name); + + Long storedNonce = nonces.get(id); + if (storedNonce == null) { + throw new BadRequestException("Nonce for "+name+" "+id+" does not exist."); + } + + if (!nonce.equals(storedNonce)) { + throw new ForbiddenException("Invalid nonce"); + } + + nonces.remove(id); + + CMS.debug("Processor: Nonce verified"); + } } |