From a4682ceae6774956461edd03b2485bbacea445f4 Mon Sep 17 00:00:00 2001
From: mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>
Date: Tue, 4 Oct 2011 01:17:41 +0000
Subject: Bugzilla Bug #688225 - (dogtagIPAv2.1) TRACKER: of  the Dogtag fixes
 for freeIPA 2.1

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/tags/IPA_v2_RHEL_6_2_20111003@2252 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
---
 .../netscape/cms/servlet/cert/DirAuthServlet.java  | 242 +++++++++++++++++++++
 1 file changed, 242 insertions(+)
 create mode 100644 pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java

(limited to 'pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java')

diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java
new file mode 100644
index 000000000..5e4309494
--- /dev/null
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java
@@ -0,0 +1,242 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.cms.servlet.cert;
+
+
+import com.netscape.cms.servlet.common.*;
+import com.netscape.cms.servlet.base.*;
+import java.io.*;
+import java.util.*;
+import java.math.*;
+import javax.servlet.*;
+import java.security.cert.*;
+import javax.servlet.http.*;
+import netscape.ldap.*;
+import netscape.security.x509.*;
+import netscape.security.pkcs.*;
+import com.netscape.certsrv.base.*;
+import com.netscape.certsrv.policy.*;
+import com.netscape.certsrv.request.IRequest;
+import com.netscape.certsrv.dbs.*;
+import com.netscape.certsrv.dbs.certdb.*;
+import com.netscape.certsrv.ldap.*;
+import com.netscape.certsrv.authority.*;
+import com.netscape.certsrv.ra.*;
+import com.netscape.certsrv.ca.*;
+import com.netscape.certsrv.dbs.*;
+import com.netscape.certsrv.dbs.crldb.*;
+import com.netscape.certsrv.logging.*;
+import com.netscape.certsrv.apps.*;
+import com.netscape.certsrv.authentication.*;
+import com.netscape.certsrv.authorization.*;
+import com.netscape.cms.authentication.*;
+import com.netscape.cms.servlet.*;
+
+
+/**
+ * 'Face-to-face' certificate enrollment.
+ *
+ * @version $Revision$, $Date$
+ */
+public class DirAuthServlet extends CMSServlet {
+    private final static String TPL_FILE = "/ra/hashEnrollmentSubmit.template";
+    private final static String TPL_ERROR_FILE = "/ra/GenErrorHashDirEnroll.template";
+    private String mFormPath = null;
+
+    public DirAuthServlet() {
+        super();
+    }
+
+	/**
+     * initialize the servlet.
+     * @param sc servlet configuration, read from the web.xml file
+     */
+    public void init(ServletConfig sc) throws ServletException {
+        super.init(sc);
+        try {
+            mFormPath = sc.getInitParameter(
+                        PROP_SUCCESS_TEMPLATE);
+            if (mFormPath == null)
+                mFormPath = TPL_FILE;
+        } catch (Exception e) {
+        }
+
+        mTemplates.remove(CMSRequest.SUCCESS);
+    }
+
+
+	/**
+     * Process the HTTP request. This servlet reads configuration information
+	 * from the hashDirEnrollment configuration substore
+     *
+     * @param cmsReq the object holding the request and response information
+     */
+    protected void process(CMSRequest cmsReq)
+        throws EBaseException {
+        HttpServletRequest httpReq = cmsReq.getHttpReq();
+        HttpServletResponse httpResp = cmsReq.getHttpResp();
+
+        String reqHost = httpReq.getRemoteHost();
+
+        // Construct an ArgBlock
+        IArgBlock args = cmsReq.getHttpParams();
+
+        if (!(mAuthority instanceof IRegistrationAuthority)) {
+            log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_CA_FROM_RA_NOT_IMP"));
+            cmsReq.setError(new ECMSGWException(
+                    CMS.getLogMessage("CMSGW_NOT_YET_IMPLEMENTED")));
+            cmsReq.setStatus(CMSRequest.ERROR);
+            return;
+        }
+
+        CMSTemplate form = null;
+        Locale[] locale = new Locale[1];
+
+        try {
+            form = getTemplate(mFormPath, httpReq, locale);
+        } catch (IOException e) {
+            log(ILogger.LL_FAILURE, 
+                CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+            cmsReq.setError(new ECMSGWException(
+                    CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
+            cmsReq.setStatus(CMSRequest.ERROR);
+            return;
+        }
+
+        IArgBlock header = CMS.createArgBlock();
+        IArgBlock fixed = CMS.createArgBlock();
+
+        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
+        IAuthToken authToken = authenticate(cmsReq);
+
+        AuthzToken authzToken = null;
+
+        try {
+            authzToken = authorize(mAclMethod, authToken,
+                        mAuthzResourceName, "submit");
+        } catch (Exception e) {
+            // do nothing for now
+        }
+
+        if (authzToken == null) {
+            cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
+            return;
+        }
+
+        IConfigStore configStore = CMS.getConfigStore();
+        String val = configStore.getString("hashDirEnrollment.name");
+        IAuthSubsystem authSS = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
+        IAuthManager authMgr = authSS.get(val);
+        HashAuthentication mgr = (HashAuthentication) authMgr;
+
+        Date date = new Date();
+        long currTime = date.getTime();
+        long timeout = mgr.getTimeout(reqHost);
+        long lastlogin = mgr.getLastLogin(reqHost);
+        long diff = currTime - lastlogin;
+
+        boolean enable = mgr.isEnable(reqHost);
+
+        if (!enable) {
+            printError(cmsReq, "0");
+            cmsReq.setStatus(CMSRequest.SUCCESS);
+            return;
+        }
+        if (lastlogin == 0)
+            mgr.setLastLogin(reqHost, currTime);
+        else if (diff > timeout) {
+            mgr.disable(reqHost);
+            printError(cmsReq, "2");
+            cmsReq.setStatus(CMSRequest.SUCCESS);
+            return;
+        }  
+
+        mgr.setLastLogin(reqHost, currTime);
+
+        String uid = args.getValueAsString("uid");
+        long pageid = mgr.getPageID();
+        String pageID = pageid + "";
+
+        mgr.addAuthToken(pageID, authToken);
+
+        header.addStringValue("pageID", pageID); 
+        header.addStringValue("uid", uid);
+        header.addStringValue("fingerprint", mgr.hashFingerprint(reqHost, pageID, uid));
+        header.addStringValue("hostname", reqHost);
+  
+        try {
+            ServletOutputStream out = httpResp.getOutputStream();
+
+            httpResp.setContentType("text/html");
+            form.renderOutput(out, argSet);
+            cmsReq.setStatus(CMSRequest.SUCCESS);
+        } catch (IOException e) {
+            log(ILogger.LL_FAILURE, 
+                CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
+            cmsReq.setError(new ECMSGWException(
+                    CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
+            cmsReq.setStatus(CMSRequest.ERROR);
+        }
+        cmsReq.setStatus(CMSRequest.SUCCESS);
+        return;
+    }
+
+    private void printError(CMSRequest cmsReq, String errorCode)
+        throws EBaseException {
+        IArgBlock httpParams = cmsReq.getHttpParams();
+        HttpServletRequest httpReq = cmsReq.getHttpReq();
+        HttpServletResponse httpResp = cmsReq.getHttpResp();
+        IArgBlock header = CMS.createArgBlock();
+        IArgBlock fixed = CMS.createArgBlock();
+        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
+
+        mTemplates.remove(CMSRequest.SUCCESS);
+        header.addStringValue("authority", "Registration Manager");
+        header.addStringValue("errorCode", errorCode);
+        String formPath = TPL_ERROR_FILE;
+
+        CMSTemplate form = null;
+        Locale[] locale = new Locale[1];
+
+        try {
+            form = getTemplate(formPath, httpReq, locale);
+        } catch (IOException e) {
+            log(ILogger.LL_FAILURE,
+                CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString()));
+            cmsReq.setError(new ECMSGWException(
+                    CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
+            cmsReq.setStatus(CMSRequest.ERROR);
+            return;
+        }
+
+        try {
+            ServletOutputStream out = httpResp.getOutputStream();
+
+            httpResp.setContentType("text/html");
+            form.renderOutput(out, argSet);
+            cmsReq.setStatus(CMSRequest.SUCCESS);
+        } catch (IOException e) {
+            log(ILogger.LL_FAILURE,
+                CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
+            cmsReq.setError(new ECMSGWException(
+                    CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
+            cmsReq.setStatus(CMSRequest.ERROR);
+        }
+    }
+
+}
-- 
cgit