From e083e81d526101349f3208507139573425d5aafd Mon Sep 17 00:00:00 2001
From: awnuk <awnuk@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>
Date: Fri, 3 Sep 2010 22:28:35 +0000
Subject: Fixed bugzilla bug #621350

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1261 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
---
 .../cms/servlet/cert/scep/CRSEnrollment.java       | 46 +++++++++++++++++++++-
 1 file changed, 45 insertions(+), 1 deletion(-)

(limited to 'pki/base/common/src/com/netscape/cms/servlet/cert')

diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java
index 03ba30648..245054776 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java
@@ -158,6 +158,7 @@ public class CRSEnrollment extends HttpServlet
       try {
 	      mProfileSubsystem = (IProfileSubsystem)CMS.getSubsystem("profile");
           mProfileId  = sc.getInitParameter("profileId");
+          CMS.debug("CRSEnrollment: init: mProfileId="+mProfileId);
 
 	      mAuthSubsystem   = (IAuthSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
           mAuthManagerName  = sc.getInitParameter(PROP_CRSAUTHMGR);
@@ -473,7 +474,48 @@ public class CRSEnrollment extends HttpServlet
           // Verify Signature on message (throws exception if sig bad)
           verifyRequest(req,cx);
           unwrapPKCS10(req,cx);
-                
+
+          IProfile profile = mProfileSubsystem.getProfile(mProfileId);
+          if (profile == null) {
+              CMS.debug("Profile '" + mProfileId + "' not found.");
+              throw new ServletException("Profile '" + mProfileId + "' not found.");
+          } else {
+              CMS.debug("Found profile '" + mProfileId + "'.");
+          }
+
+          IProfileAuthenticator authenticator = null;
+          try {
+              CMS.debug("Retrieving authenticator");
+              authenticator = profile.getAuthenticator();
+              if (authenticator == null) {
+                  CMS.debug("Authenticator not found.");
+                  throw new ServletException("Authenticator not found.");
+              } else {
+                  CMS.debug("Got authenticator=" + authenticator.getClass().getName());
+              }
+          } catch (EProfileException e) {
+              throw new ServletException("Authenticator not found.");
+          }
+          AuthCredentials credentials = new AuthCredentials();
+          IAuthToken authToken = null;
+          // for ssl authentication; pass in servlet for retrieving
+          // ssl client certificates
+          SessionContext context = SessionContext.getContext();
+
+          // insert profile context so that input parameter can be retrieved
+          context.put("sslClientCertProvider", new SSLClientCertProvider(httpReq));
+
+          try {
+              authToken = authenticate(credentials, authenticator, httpReq);
+          } catch (Exception e) {
+              CMS.debug("Authentication failure: "+ e.getMessage());
+              throw new ServletException("Authentication failure: "+ e.getMessage());
+          }
+          if (authToken == null) {
+              CMS.debug("Authentication failure.");
+              throw new ServletException("Authentication failure.");
+          }
+
           // Deal with Transaction ID
           String transactionID = req.getTransactionID();
           responseData = responseData + 
@@ -566,6 +608,8 @@ public class CRSEnrollment extends HttpServlet
           responseData = responseData + 
               "<PKCS10>" + pkcs10Attr + "</PKCS10>";
 
+      } catch (ServletException e) {
+          throw new ServletException(e.getMessage().toString());
       } catch (CRSInvalidSignatureException e) {
           CMS.debug("handlePKIMessage exception " + e);
           CMS.debug(e);
-- 
cgit