diff options
Diffstat (limited to 'base/tps/src/org/dogtagpki/server/tps/cms/CARemoteRequestHandler.java')
-rw-r--r-- | base/tps/src/org/dogtagpki/server/tps/cms/CARemoteRequestHandler.java | 110 |
1 files changed, 92 insertions, 18 deletions
diff --git a/base/tps/src/org/dogtagpki/server/tps/cms/CARemoteRequestHandler.java b/base/tps/src/org/dogtagpki/server/tps/cms/CARemoteRequestHandler.java index 5851d2f69..5e2bfc724 100644 --- a/base/tps/src/org/dogtagpki/server/tps/cms/CARemoteRequestHandler.java +++ b/base/tps/src/org/dogtagpki/server/tps/cms/CARemoteRequestHandler.java @@ -77,6 +77,21 @@ public class CARemoteRequestHandler extends RemoteRequestHandler String tokenType, String keyType) throws EBaseException { + return enrollCertificate(pubKeybuf, uid, null /*subjectdn*/, + 0/*sanNum*/, null /*urlSANext*/, + cuid, tokenType, keyType); + } + + public CAEnrollCertResponse enrollCertificate( + TPSBuffer pubKeybuf, + String uid, + String subjectdn, + int sanNum, + String urlSANext, + String cuid, + String tokenType, + String keyType) + throws EBaseException { CMS.debug("CARemoteRequestHandler: enrollCertificate(): begins."); if (pubKeybuf == null || uid == null || cuid == null) { @@ -101,18 +116,82 @@ public class CARemoteRequestHandler extends RemoteRequestHandler CMS.debug("CARemoteRequestHandler: enrollCertificate(): uriEncode of pubkey failed: " + e); throw new EBaseException("CARemoteRequestHandler: enrollCertificate(): uriEncode of pubkey failed: " + e); } + String sendMsg = null; + if (subjectdn == null) + CMS.debug("CARemoteRequestHandler: enrollCertificate():subjectdn null"); + if (sanNum == 0) + CMS.debug("CARemoteRequestHandler: enrollCertificate():sanNum 0"); + if (subjectdn == null && sanNum == 0) { + sendMsg = IRemoteRequest.GET_XML + "=" + + true + + "&" + IRemoteRequest.TOKEN_CUID + "=" + + cuid + + "&" + IRemoteRequest.CA_ENROLL_screenname + "=" + + uid + + "&" + IRemoteRequest.CA_ENROLL_publickey + "=" + + encodedPubKey + + "&" + IRemoteRequest.CA_ProfileId + "=" + + profileId; + } else { + CMS.debug("CARemoteRequestHandler: enrollCertificate(): before send() with subjectdn and/or url_SAN_ext"); + if (subjectdn != null && sanNum == 0) { + try { + String urlSubjectdn = Util.uriEncode(subjectdn); + sendMsg = IRemoteRequest.GET_XML + "=" + + true + + "&" + IRemoteRequest.TOKEN_CUID + "=" + + cuid + + "&" + IRemoteRequest.CA_ENROLL_screenname + "=" + + uid + + "&" + IRemoteRequest.CA_ENROLL_publickey + "=" + + encodedPubKey + + "&" + IRemoteRequest.CA_ProfileId + "=" + + profileId + + "&" + IRemoteRequest.CA_ENROLL_subjectdn + "=" + + urlSubjectdn; + } catch (Exception e) { + CMS.debug("CARemoteRequestHandler: enrollCertificate(): uriEncode of pubkey failed: " + e); + throw new EBaseException( + "CARemoteRequestHandler: enrollCertificate(): uriEncode of subjectdn failed: " + e); + } + } else if (subjectdn == null && sanNum != 0) { + sendMsg = IRemoteRequest.GET_XML + "=" + + true + + "&" + IRemoteRequest.TOKEN_CUID + "=" + + cuid + + "&" + IRemoteRequest.CA_ENROLL_screenname + "=" + + uid + + "&" + IRemoteRequest.CA_ENROLL_publickey + "=" + + encodedPubKey + + "&" + IRemoteRequest.CA_ProfileId + "=" + + profileId + + "&" + urlSANext; + } else if (subjectdn != null && sanNum != 0) { + try { + String urlSubjectdn = Util.uriEncode(subjectdn); + sendMsg = IRemoteRequest.GET_XML + "=" + + true + + "&" + IRemoteRequest.TOKEN_CUID + "=" + + cuid + + "&" + IRemoteRequest.CA_ENROLL_screenname + "=" + + uid + + "&" + IRemoteRequest.CA_ENROLL_publickey + "=" + + encodedPubKey + + "&" + IRemoteRequest.CA_ProfileId + "=" + + profileId + + "&" + IRemoteRequest.CA_ENROLL_subjectdn + "=" + + urlSubjectdn + + "&" + urlSANext; + } catch (Exception e) { + CMS.debug("CARemoteRequestHandler: enrollCertificate(): uriEncode of pubkey failed: " + e); + throw new EBaseException( + "CARemoteRequestHandler: enrollCertificate(): uriEncode of subjectdn failed: " + e); + } + } + } + CMS.debug("CARemoteRequestHandler: enrollCertificate(): sendMsg =" + sendMsg); HttpResponse resp = - conn.send("enrollment", - IRemoteRequest.GET_XML + "=" + - true + - "&" + IRemoteRequest.TOKEN_CUID + "=" + - cuid + - "&" + IRemoteRequest.CA_ENROLL_screenname + "=" + - uid + - "&" + IRemoteRequest.CA_ENROLL_publickey + "=" + - encodedPubKey + - "&" + IRemoteRequest.CA_ProfileId + "=" + - profileId); + conn.send("enrollment", sendMsg); String content = resp.getContent(); @@ -215,7 +294,6 @@ public class CARemoteRequestHandler extends RemoteRequestHandler String servlet = conf.getString(configName, "/ca/ee/ca/displayBySerial"); */ - TPSSubsystem subsystem = (TPSSubsystem) CMS.getSubsystem(TPSSubsystem.ID); HttpConnector conn = @@ -404,7 +482,7 @@ public class CARemoteRequestHandler extends RemoteRequestHandler RevocationReason reason) throws EBaseException { - CMS.debug("CARemoteRequestHandler: revokeCertificate(): begins on serial#:"+ serialno); + CMS.debug("CARemoteRequestHandler: revokeCertificate(): begins on serial#:" + serialno); if (serialno == null || reason == null) { throw new EBaseException("CARemoteRequestHandler: revokeCertificate(): input parameter null."); } @@ -473,7 +551,7 @@ public class CARemoteRequestHandler extends RemoteRequestHandler String serialno) throws EBaseException { - CMS.debug("CARemoteRequestHandler: unrevokeCertificate(): begins on serial#:"+ serialno); + CMS.debug("CARemoteRequestHandler: unrevokeCertificate(): begins on serial#:" + serialno); if (serialno == null) { throw new EBaseException("CARemoteRequestHandler: unrevokeCertificate(): input parameter null."); } @@ -554,7 +632,6 @@ public class CARemoteRequestHandler extends RemoteRequestHandler return revokeFromOtherCA(revoke, cert.getSerialNumber().toString(), certAkiString, reason); } - private CARevokeCertResponse revokeFromOtherCA( boolean revoke, // true==revoke; false==unrevoke String serialno, @@ -562,7 +639,6 @@ public class CARemoteRequestHandler extends RemoteRequestHandler RevocationReason reason) throws EBaseException { - CMS.debug("CARemoteRequestHandler: revokeFromOtherCA: begins"); TPSSubsystem subsystem = @@ -673,8 +749,6 @@ public class CARemoteRequestHandler extends RemoteRequestHandler return caSkiString; } - - /** * revokeCertificate() supports revocation routing by providing * CA discovery. When needed, it searchs through all listed ca |