diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java | 123 |
1 files changed, 60 insertions, 63 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java index b3809579a..7defeeac9 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.connector; - import java.io.BufferedReader; import java.io.IOException; import java.io.InputStream; @@ -58,12 +57,11 @@ import com.netscape.certsrv.request.RequestStatus; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; - /** * Clone servlet - part of the Clone Authority (CLA) * processes Revoked certs from its dependant clone CAs - * service request and return status. - * + * service request and return status. + * * @version $Revision$, $Date$ */ public class CloneServlet extends CMSServlet { @@ -94,8 +92,8 @@ public class CloneServlet extends CMSServlet { mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); } - public void service(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + public void service(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException { boolean running_state = CMS.isInRunningState(); if (!running_state) @@ -134,10 +132,10 @@ public class CloneServlet extends CMSServlet { // ssl client auth for client auth to work. // get request method - method = req.getMethod(); + method = req.getMethod(); // get content length - len = req.getContentLength(); + len = req.getContentLength(); // get content, a base 64 encoded serialized request. if (len > 0) { @@ -166,9 +164,9 @@ public class CloneServlet extends CMSServlet { try { peerCert = getPeerCert(req); - }catch (EBaseException e) { - mAuthority.log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT")); + } catch (EBaseException e) { + mAuthority.log(ILogger.LL_SECURITY, + CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT")); resp.sendError(HttpServletResponse.SC_UNAUTHORIZED); return; } @@ -203,8 +201,8 @@ public class CloneServlet extends CMSServlet { return; } - mAuthority.log(ILogger.LL_INFO, - "Clone Certificate Authority authenticated: " + peerCert.getSubjectDN()); + mAuthority.log(ILogger.LL_INFO, + "Clone Certificate Authority authenticated: " + peerCert.getSubjectDN()); // authorize, any authenticated user are authorized AuthzToken authzToken = null; @@ -243,13 +241,13 @@ public class CloneServlet extends CMSServlet { replymsg = processRequest(CCA_Id, CCAUserId, msg, token); } catch (IOException e) { e.printStackTrace(); - mAuthority.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); + mAuthority.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); resp.sendError(HttpServletResponse.SC_BAD_REQUEST); return; } catch (EBaseException e) { - mAuthority.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); + mAuthority.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); return; } @@ -273,8 +271,8 @@ public class CloneServlet extends CMSServlet { //cfu ++change this to just check the subject and signer protected IAuthToken authenticate( - X509Certificate peerCert) - throws EBaseException { + X509Certificate peerCert) + throws EBaseException { try { // XXX using agent authentication now since we're only // verifying that the cert belongs to a user in the db. @@ -285,32 +283,32 @@ public class CloneServlet extends CMSServlet { AuthCredentials creds = new AuthCredentials(); - creds.set(IAuthManager.CRED_SSL_CLIENT_CERT, - new X509Certificate[] {cert} - ); + creds.set(IAuthManager.CRED_SSL_CLIENT_CERT, + new X509Certificate[] { cert } + ); - IAuthToken token = mAuthSubsystem.authenticate(creds, + IAuthToken token = mAuthSubsystem.authenticate(creds, IAuthSubsystem.CERTUSERDB_AUTHMGR_ID); return token; } catch (CertificateException e) { - mAuthority.log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString())); + mAuthority.log(ILogger.LL_SECURITY, + CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (EInvalidCredentials e) { - mAuthority.log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString())); + mAuthority.log(ILogger.LL_SECURITY, + CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString())); throw e; } catch (EBaseException e) { - mAuthority.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString())); + mAuthority.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString())); throw e; } } protected IPKIMessage processRequest( - String source, String sourceUserId, IPKIMessage msg, IAuthToken token) - throws EBaseException { + String source, String sourceUserId, IPKIMessage msg, IAuthToken token) + throws EBaseException { IPKIMessage replymsg = null; IRequest r = null; IRequestQueue queue = mAuthority.getRequestQueue(); @@ -331,8 +329,8 @@ public class CloneServlet extends CMSServlet { mAuthority.log(ILogger.LL_FAILURE, errormsg); throw new EBaseException(errormsg); } else { - mAuthority.log(ILogger.LL_INFO, - "Found request " + thisreqid + " for " + srcid); + mAuthority.log(ILogger.LL_INFO, + "Found request " + thisreqid + " for " + srcid); replymsg = CMS.getHttpPKIMessage(); replymsg.fromRequest(thisreq); return replymsg; @@ -348,7 +346,7 @@ public class CloneServlet extends CMSServlet { // setting requestor type must come after copy contents. because // requestor is a regular attribute. thisreq.setExtData(IRequest.REQUESTOR_TYPE, - IRequest.REQUESTOR_RA); + IRequest.REQUESTOR_RA); mAuthority.log(ILogger.LL_INFO, "Processing remote request " + srcid); // Set this so that request's updateBy is recorded @@ -365,14 +363,14 @@ public class CloneServlet extends CMSServlet { //for audit log String agentID = sourceUserId; String initiative = AuditFormat.FROMRA + " trustedManagerID: " + - agentID + " remote reqID " + msg.getReqId(); + agentID + " remote reqID " + msg.getReqId(); String authMgr = AuditFormat.NOAUTH; if (token != null) { - authMgr = + authMgr = token.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); } - + // Get the certificate info from the request X509CertInfo certInfo[] = thisreq.getExtDataInCertInfoArray(IRequest.CERT_INFO); @@ -380,36 +378,35 @@ public class CloneServlet extends CMSServlet { if (!thisreq.getRequestStatus().equals(RequestStatus.COMPLETE)) { if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log(ILogger.EV_AUDIT, + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + thisreq.getRequestStatus(), + certInfo[i].get(X509CertInfo.SUBJECT), + "" } + ); + } + } else { + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, - AuditFormat.FORMAT, + AuditFormat.NODNFORMAT, new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - thisreq.getRequestStatus(), - certInfo[i].get(X509CertInfo.SUBJECT), - ""} - ); - } - } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - thisreq.getRequestStatus()} - ); + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + thisreq.getRequestStatus() } + ); } } else { - if - (thisreq.getRequestType().equals(IRequest.CLA_CERT4CRL_REQUEST)) { + if (thisreq.getRequestType().equals(IRequest.CLA_CERT4CRL_REQUEST)) { Integer result = thisreq.getExtDataInInteger(IRequest.RESULT); if (result.equals(IRequest.RES_ERROR)) { @@ -578,7 +575,7 @@ public class CloneServlet extends CMSServlet { } protected X509Certificate - getPeerCert(HttpServletRequest req) throws EBaseException { + getPeerCert(HttpServletRequest req) throws EBaseException { return getSSLClientCertificate(req); } |