diff options
Diffstat (limited to 'base/common/src/com/netscape/cmscore/notification/ReqCertSANameEmailResolver.java')
-rw-r--r-- | base/common/src/com/netscape/cmscore/notification/ReqCertSANameEmailResolver.java | 276 |
1 files changed, 276 insertions, 0 deletions
diff --git a/base/common/src/com/netscape/cmscore/notification/ReqCertSANameEmailResolver.java b/base/common/src/com/netscape/cmscore/notification/ReqCertSANameEmailResolver.java new file mode 100644 index 000000000..68556dfc0 --- /dev/null +++ b/base/common/src/com/netscape/cmscore/notification/ReqCertSANameEmailResolver.java @@ -0,0 +1,276 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cmscore.notification; + +import java.io.IOException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateParsingException; +import java.security.cert.X509Certificate; +import java.util.Enumeration; + +import netscape.security.x509.CertificateExtensions; +import netscape.security.x509.GeneralNameInterface; +import netscape.security.x509.GeneralNames; +import netscape.security.x509.RevokedCertImpl; +import netscape.security.x509.SubjectAlternativeNameExtension; +import netscape.security.x509.X500Name; +import netscape.security.x509.X509CertImpl; +import netscape.security.x509.X509CertInfo; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.ca.ICertificateAuthority; +import com.netscape.certsrv.dbs.certdb.ICertificateRepository; +import com.netscape.certsrv.logging.ILogger; +import com.netscape.certsrv.notification.ENotificationException; +import com.netscape.certsrv.notification.IEmailResolver; +import com.netscape.certsrv.notification.IEmailResolverKeys; +import com.netscape.certsrv.request.IRequest; + +/** + * An email resolver that first checks the request email, if none, + * then follows by checking the subjectDN of the certificate, if none, + * then follows by checking the subjectalternatename extension + * <p> + * + * @author cfu + * @version $Revision$, $Date$ + */ +public class ReqCertSANameEmailResolver implements IEmailResolver { + private ILogger mLogger = CMS.getLogger(); + + public static final String KEY_REQUEST = IEmailResolverKeys.KEY_REQUEST; + public static final String KEY_CERT = IEmailResolverKeys.KEY_CERT; + + // required keys for this resolver to figure out the email address + // protected static String[] mRequiredKeys = {KEY_REQUEST, KEY_CERT}; + + public ReqCertSANameEmailResolver() { + } + + /** + * returns an email address by using the resolver keys. The + * return value can possibly be null + * + * @param keys list of keys used for resolving the email address + */ + public String getEmail(IEmailResolverKeys keys) + throws EBaseException, ENotificationException { + IRequest req = (IRequest) keys.get(KEY_REQUEST); + + String mEmail = null; + + if (req != null) { + mEmail = req.getExtDataInString(IRequest.HTTP_PARAMS, + IRequest.REQUESTOR_EMAIL); + if (mEmail == null) { + String mail = req.getExtDataInString("requestor_email"); + log(ILogger.LL_INFO, "REQUESTOR_EMAIL = " + mail); + if (mail != null && !mail.equals("")) + return mail; + } else { + if (!mEmail.equals("")) { + log(ILogger.LL_INFO, "REQUESTOR_EMAIL = " + mEmail); + return mEmail; + } + log(ILogger.LL_INFO, "REQUESTOR_EMAIL is null "); + } + } else { + log(ILogger.LL_INFO, "request null in keys"); + } + Object request = keys.get(KEY_CERT); + X509Certificate cert = null; + + if (request instanceof RevokedCertImpl) { + RevokedCertImpl revCert = (RevokedCertImpl) request; + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateRepository certDB = ca.getCertificateRepository(); + + cert = certDB.getX509Certificate(revCert.getSerialNumber()); + } else + cert = (X509Certificate) request; + + X500Name subjectDN = null; + + if (cert != null) { + subjectDN = + (X500Name) cert.getSubjectDN(); + + try { + mEmail = subjectDN.getEmail(); + if (mEmail != null) { + if (!mEmail.equals("")) { + log(ILogger.LL_INFO, "cert subjectDN E=" + + mEmail); + } + } else { + log(ILogger.LL_INFO, "no E component in subjectDN "); + } + } catch (IOException e) { + System.out.println("X500Name getEmail failed"); + throw new ENotificationException( + CMS.getUserMessage("CMS_NOTIFICATION_EMAIL_RESOLVE_FAILED", + subjectDN.toString())); + } + + // try subjectalternatename + if (mEmail == null) { + X509CertInfo certInfo = null; + + CMS.debug("about to try subjectalternatename"); + try { + certInfo = (X509CertInfo) + ((X509CertImpl) cert).get( + X509CertImpl.NAME + "." + X509CertImpl.INFO); + } catch (CertificateParsingException ex) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_NOTIFY_NO_CERTINFO")); + throw new ENotificationException( + CMS.getUserMessage("CMS_NOTIFICATION_EMAIL_RESOLVE_FAILED", + "subjectDN= " + subjectDN.toString())); + } + + CertificateExtensions exts; + + try { + exts = (CertificateExtensions) + certInfo.get(CertificateExtensions.NAME); + } catch (IOException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_NOTIFY_GET_EXT", e.toString())); + throw new ENotificationException( + CMS.getUserMessage("CMS_NOTIFICATION_EMAIL_RESOLVE_FAILED", + "subjectDN= " + subjectDN.toString())); + + } catch (CertificateException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_NOTIFY_GET_EXT", e.toString())); + throw new ENotificationException( + CMS.getUserMessage("CMS_NOTIFICATION_EMAIL_RESOLVE_FAILED", + "subjectDN= " + subjectDN.toString())); + } + + if (exts != null) { + SubjectAlternativeNameExtension ext; + + try { + ext = + (SubjectAlternativeNameExtension) + exts.get(SubjectAlternativeNameExtension.NAME); + } catch (IOException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_NOTIFY_GET_EXT", e.toString())); + throw new ENotificationException( + CMS.getUserMessage("CMS_NOTIFICATION_EMAIL_RESOLVE_FAILED", + "subjectDN= " + subjectDN.toString())); + + } + + try { + if (ext != null) { + GeneralNames gn = + (GeneralNames) ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME); + + Enumeration<GeneralNameInterface> e = gn.elements(); + + while (e.hasMoreElements()) { + GeneralNameInterface gni = e.nextElement(); + + if (gni.getType() == GeneralNameInterface.NAME_RFC822) { + CMS.debug("got an subjectalternatename email"); + + String nameString = gni.toString(); + + // "RFC822Name: " + name + mEmail = + nameString.substring(nameString.indexOf(' ') + 1); + log(ILogger.LL_INFO, + "subjectalternatename email used:" + + mEmail); + + break; + } else { + CMS.debug("not an subjectalternatename email"); + } + } + } + } catch (IOException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_NOTIFY_SUBJECTALTNAME")); + } + } + } + } else { + log(ILogger.LL_INFO, "cert null in keys"); + } + + // log it + if (mEmail == null) { + if (cert != null) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_NOTIFY_NO_EMAIL", subjectDN.toString())); + CMS.debug( + "no email resolved, throwing NotificationResources.EMAIL_RESOLVE_FAILED_1 for " + + subjectDN.toString()); + throw new ENotificationException( + CMS.getUserMessage("CMS_NOTIFICATION_EMAIL_RESOLVE_FAILED", + "subjectDN= " + subjectDN.toString())); + } else if (req != null) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_NOTIFY_NO_EMAIL_ID", + req.getRequestId().toString())); + CMS.debug( + "no email resolved, throwing NotificationResources.EMAIL_RESOLVE_FAILED_1 for request id =" + + req.getRequestId().toString()); + throw new ENotificationException( + CMS.getUserMessage("CMS_NOTIFICATION_EMAIL_RESOLVE_FAILED", + "requestId= " + req.getRequestId().toString())); + } else { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_NOTIFY_NO_EMAIL_REQUEST")); + CMS.debug( + "no email resolved, throwing NotificationResources.EMAIL_RESOLVE_FAILED_1. No request id or cert info found"); + throw new ENotificationException( + CMS.getUserMessage("CMS_NOTIFICATION_EMAIL_RESOLVE_FAILED", + ": No request id or cert info found")); + } + } else { + log(ILogger.LL_INFO, "email resolved: " + mEmail); + } + + return mEmail; + } + + /** + * Returns array of required keys for this email resolver + * + * @return Array of required keys. + */ + + /* public String[] getRequiredKeys() { + return mRequiredKeys; + }*/ + + private void log(int level, String msg) { + if (mLogger == null) + return; + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, + level, "ReqCertSANameEmailResolver: " + msg); + } + +} |