summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java123
1 files changed, 60 insertions, 63 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java
index b3809579a..7defeeac9 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.connector;
-
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
@@ -58,12 +57,11 @@ import com.netscape.certsrv.request.RequestStatus;
import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
-
/**
* Clone servlet - part of the Clone Authority (CLA)
* processes Revoked certs from its dependant clone CAs
- * service request and return status.
- *
+ * service request and return status.
+ *
* @version $Revision$, $Date$
*/
public class CloneServlet extends CMSServlet {
@@ -94,8 +92,8 @@ public class CloneServlet extends CMSServlet {
mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
}
- public void service(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException, IOException {
+ public void service(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException {
boolean running_state = CMS.isInRunningState();
if (!running_state)
@@ -134,10 +132,10 @@ public class CloneServlet extends CMSServlet {
// ssl client auth for client auth to work.
// get request method
- method = req.getMethod();
+ method = req.getMethod();
// get content length
- len = req.getContentLength();
+ len = req.getContentLength();
// get content, a base 64 encoded serialized request.
if (len > 0) {
@@ -166,9 +164,9 @@ public class CloneServlet extends CMSServlet {
try {
peerCert = getPeerCert(req);
- }catch (EBaseException e) {
- mAuthority.log(ILogger.LL_SECURITY,
- CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT"));
+ } catch (EBaseException e) {
+ mAuthority.log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT"));
resp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
@@ -203,8 +201,8 @@ public class CloneServlet extends CMSServlet {
return;
}
- mAuthority.log(ILogger.LL_INFO,
- "Clone Certificate Authority authenticated: " + peerCert.getSubjectDN());
+ mAuthority.log(ILogger.LL_INFO,
+ "Clone Certificate Authority authenticated: " + peerCert.getSubjectDN());
// authorize, any authenticated user are authorized
AuthzToken authzToken = null;
@@ -243,13 +241,13 @@ public class CloneServlet extends CMSServlet {
replymsg = processRequest(CCA_Id, CCAUserId, msg, token);
} catch (IOException e) {
e.printStackTrace();
- mAuthority.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
+ mAuthority.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
return;
} catch (EBaseException e) {
- mAuthority.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
+ mAuthority.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return;
}
@@ -273,8 +271,8 @@ public class CloneServlet extends CMSServlet {
//cfu ++change this to just check the subject and signer
protected IAuthToken authenticate(
- X509Certificate peerCert)
- throws EBaseException {
+ X509Certificate peerCert)
+ throws EBaseException {
try {
// XXX using agent authentication now since we're only
// verifying that the cert belongs to a user in the db.
@@ -285,32 +283,32 @@ public class CloneServlet extends CMSServlet {
AuthCredentials creds = new AuthCredentials();
- creds.set(IAuthManager.CRED_SSL_CLIENT_CERT,
- new X509Certificate[] {cert}
- );
+ creds.set(IAuthManager.CRED_SSL_CLIENT_CERT,
+ new X509Certificate[] { cert }
+ );
- IAuthToken token = mAuthSubsystem.authenticate(creds,
+ IAuthToken token = mAuthSubsystem.authenticate(creds,
IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);
return token;
} catch (CertificateException e) {
- mAuthority.log(ILogger.LL_SECURITY,
- CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
+ mAuthority.log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString()));
} catch (EInvalidCredentials e) {
- mAuthority.log(ILogger.LL_SECURITY,
- CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
+ mAuthority.log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
throw e;
} catch (EBaseException e) {
- mAuthority.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
+ mAuthority.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
throw e;
}
}
protected IPKIMessage processRequest(
- String source, String sourceUserId, IPKIMessage msg, IAuthToken token)
- throws EBaseException {
+ String source, String sourceUserId, IPKIMessage msg, IAuthToken token)
+ throws EBaseException {
IPKIMessage replymsg = null;
IRequest r = null;
IRequestQueue queue = mAuthority.getRequestQueue();
@@ -331,8 +329,8 @@ public class CloneServlet extends CMSServlet {
mAuthority.log(ILogger.LL_FAILURE, errormsg);
throw new EBaseException(errormsg);
} else {
- mAuthority.log(ILogger.LL_INFO,
- "Found request " + thisreqid + " for " + srcid);
+ mAuthority.log(ILogger.LL_INFO,
+ "Found request " + thisreqid + " for " + srcid);
replymsg = CMS.getHttpPKIMessage();
replymsg.fromRequest(thisreq);
return replymsg;
@@ -348,7 +346,7 @@ public class CloneServlet extends CMSServlet {
// setting requestor type must come after copy contents. because
// requestor is a regular attribute.
thisreq.setExtData(IRequest.REQUESTOR_TYPE,
- IRequest.REQUESTOR_RA);
+ IRequest.REQUESTOR_RA);
mAuthority.log(ILogger.LL_INFO, "Processing remote request " + srcid);
// Set this so that request's updateBy is recorded
@@ -365,14 +363,14 @@ public class CloneServlet extends CMSServlet {
//for audit log
String agentID = sourceUserId;
String initiative = AuditFormat.FROMRA + " trustedManagerID: " +
- agentID + " remote reqID " + msg.getReqId();
+ agentID + " remote reqID " + msg.getReqId();
String authMgr = AuditFormat.NOAUTH;
if (token != null) {
- authMgr =
+ authMgr =
token.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
}
-
+
// Get the certificate info from the request
X509CertInfo certInfo[] = thisreq.getExtDataInCertInfoArray(IRequest.CERT_INFO);
@@ -380,36 +378,35 @@ public class CloneServlet extends CMSServlet {
if (!thisreq.getRequestStatus().equals(RequestStatus.COMPLETE)) {
if (certInfo != null) {
for (int i = 0; i < certInfo.length; i++) {
- mLogger.log(ILogger.EV_AUDIT,
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] {
+ thisreq.getRequestType(),
+ thisreq.getRequestId(),
+ initiative,
+ authMgr,
+ thisreq.getRequestStatus(),
+ certInfo[i].get(X509CertInfo.SUBJECT),
+ "" }
+ );
+ }
+ } else {
+ mLogger.log(ILogger.EV_AUDIT,
ILogger.S_OTHER,
AuditFormat.LEVEL,
- AuditFormat.FORMAT,
+ AuditFormat.NODNFORMAT,
new Object[] {
- thisreq.getRequestType(),
- thisreq.getRequestId(),
- initiative,
- authMgr,
- thisreq.getRequestStatus(),
- certInfo[i].get(X509CertInfo.SUBJECT),
- ""}
- );
- }
- } else {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.NODNFORMAT,
- new Object[] {
- thisreq.getRequestType(),
- thisreq.getRequestId(),
- initiative,
- authMgr,
- thisreq.getRequestStatus()}
- );
+ thisreq.getRequestType(),
+ thisreq.getRequestId(),
+ initiative,
+ authMgr,
+ thisreq.getRequestStatus() }
+ );
}
} else {
- if
- (thisreq.getRequestType().equals(IRequest.CLA_CERT4CRL_REQUEST)) {
+ if (thisreq.getRequestType().equals(IRequest.CLA_CERT4CRL_REQUEST)) {
Integer result = thisreq.getExtDataInInteger(IRequest.RESULT);
if (result.equals(IRequest.RES_ERROR)) {
@@ -578,7 +575,7 @@ public class CloneServlet extends CMSServlet {
}
protected X509Certificate
- getPeerCert(HttpServletRequest req) throws EBaseException {
+ getPeerCert(HttpServletRequest req) throws EBaseException {
return getSSLClientCertificate(req);
}
generated by cgit (git 2.34.1) at 2024-09-19 03:16:55 +0000