diff options
Diffstat (limited to 'pki')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java | 46 |
1 files changed, 45 insertions, 1 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java index 03ba30648..245054776 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java @@ -158,6 +158,7 @@ public class CRSEnrollment extends HttpServlet try { mProfileSubsystem = (IProfileSubsystem)CMS.getSubsystem("profile"); mProfileId = sc.getInitParameter("profileId"); + CMS.debug("CRSEnrollment: init: mProfileId="+mProfileId); mAuthSubsystem = (IAuthSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); mAuthManagerName = sc.getInitParameter(PROP_CRSAUTHMGR); @@ -473,7 +474,48 @@ public class CRSEnrollment extends HttpServlet // Verify Signature on message (throws exception if sig bad) verifyRequest(req,cx); unwrapPKCS10(req,cx); - + + IProfile profile = mProfileSubsystem.getProfile(mProfileId); + if (profile == null) { + CMS.debug("Profile '" + mProfileId + "' not found."); + throw new ServletException("Profile '" + mProfileId + "' not found."); + } else { + CMS.debug("Found profile '" + mProfileId + "'."); + } + + IProfileAuthenticator authenticator = null; + try { + CMS.debug("Retrieving authenticator"); + authenticator = profile.getAuthenticator(); + if (authenticator == null) { + CMS.debug("Authenticator not found."); + throw new ServletException("Authenticator not found."); + } else { + CMS.debug("Got authenticator=" + authenticator.getClass().getName()); + } + } catch (EProfileException e) { + throw new ServletException("Authenticator not found."); + } + AuthCredentials credentials = new AuthCredentials(); + IAuthToken authToken = null; + // for ssl authentication; pass in servlet for retrieving + // ssl client certificates + SessionContext context = SessionContext.getContext(); + + // insert profile context so that input parameter can be retrieved + context.put("sslClientCertProvider", new SSLClientCertProvider(httpReq)); + + try { + authToken = authenticate(credentials, authenticator, httpReq); + } catch (Exception e) { + CMS.debug("Authentication failure: "+ e.getMessage()); + throw new ServletException("Authentication failure: "+ e.getMessage()); + } + if (authToken == null) { + CMS.debug("Authentication failure."); + throw new ServletException("Authentication failure."); + } + // Deal with Transaction ID String transactionID = req.getTransactionID(); responseData = responseData + @@ -566,6 +608,8 @@ public class CRSEnrollment extends HttpServlet responseData = responseData + "<PKCS10>" + pkcs10Attr + "</PKCS10>"; + } catch (ServletException e) { + throw new ServletException(e.getMessage().toString()); } catch (CRSInvalidSignatureException e) { CMS.debug("handlePKIMessage exception " + e); CMS.debug(e); |