summaryrefslogtreecommitdiffstats
path: root/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java
diff options
context:
space:
mode:
Diffstat (limited to 'base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java')
-rw-r--r--base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java18
1 files changed, 16 insertions, 2 deletions
diff --git a/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java b/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java
index cfb84a5bf..9f33b1ba7 100644
--- a/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java
+++ b/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java
@@ -314,8 +314,22 @@ public class KeyService extends PKIService implements KeyResource {
throw new BadRequestException("Invalid request type");
}
- //confirm that agent is originator of request, else throw 401
- // TO-DO
+ //confirm that retriever is originator of request, else throw 401
+ String retriever = servletRequest.getUserPrincipal().getName();
+ IRequest request;
+ try {
+ request = queue.findRequest(reqId);
+ } catch (EBaseException e) {
+ e.printStackTrace();
+ auditRetrieveKey(ILogger.FAILURE, reqId, null, "unable to retrieve recovery request");
+ throw new PKIException(e.getMessage());
+ }
+ String originator = request.getExtDataInString(IRequest.ATTR_REQUEST_OWNER);
+ if (! originator.equals(retriever)) {
+ auditRetrieveKey(ILogger.FAILURE, reqId, null, "recovery request not approved. originator does not match retriever");
+ throw new UnauthorizedException(
+ "Data for recovery requests can only be retrieved by the originators of the request");
+ }
// confirm request is in approved state
RequestStatus status = reqInfo.getRequestStatus();
generated by cgit (git 2.34.1) at 2024-06-28 08:10:25 +0000