Class CRSEnrollment
- java.lang.Object
-
- javax.servlet.GenericServlet
-
- javax.servlet.http.HttpServlet
-
- com.netscape.cms.servlet.cert.scep.CRSEnrollment
-
- All Implemented Interfaces:
java.io.Serializable
,javax.servlet.Servlet
,javax.servlet.ServletConfig
public class CRSEnrollment extends javax.servlet.http.HttpServlet
This servlet deals with PKCS#10-based certificate requests from CRS, now called SCEP, and defined at: http://search.ietf.org/internet-drafts/draft-nourse-scep-02.txt The router is hardcoded to look for the http://host:80/cgi-bin/pkiclient.exe The HTTP parameters are 'operation' and 'message' operation can be either 'GetCACert' or 'PKIOperation'- Version:
- $Revision$, $Date$
- See Also:
- Serialized Form
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
AUTH_CREDS
static java.lang.String
AUTH_FAILED
static java.lang.String
AUTH_PASSWORD
static java.lang.String
AUTH_TOKEN
static java.lang.String
CERTINFO
protected java.lang.String
mAppendDN
protected ICertAuthority
mAuthority
protected IAuthSubsystem
mAuthSubsystem
protected IConfigStore
mConfig
protected boolean
mCreateEntry
protected java.lang.String
mEntryObjectclass
protected boolean
mFlattenDN
protected Logger
mLogger
protected java.lang.String
mProfileId
protected IProfileSubsystem
mProfileSubsystem
protected java.security.MessageDigest
mSHADigest
static ObjectIdentifier
OID_SERIALNUMBER
static ObjectIdentifier
OID_UNSTRUCTUREDADDRESS
static ObjectIdentifier
OID_UNSTRUCTUREDNAME
static java.lang.String
SANE_DNSNAME
static java.lang.String
SANE_IPADDRESS
static java.lang.String
SUBJECTNAME
-
Constructor Summary
Constructors Constructor Description CRSEnrollment()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description IAuthToken
authenticate(AuthCredentials credentials, IProfileAuthenticator authenticator, javax.servlet.http.HttpServletRequest request)
void
decodePKIMessage(javax.servlet.http.HttpServletRequest httpReq, javax.servlet.http.HttpServletResponse httpResp, java.lang.String msg)
Decodes the PKI message and return information to RA.IRequest
findRequestByTransactionID(java.lang.String txid, boolean ignoreRejected)
finds a request with this transaction ID.java.lang.String
getPasswordFromP10(PKCS10 p10)
void
handleGetCACert(javax.servlet.http.HttpServletRequest httpReq, javax.servlet.http.HttpServletResponse httpResp)
Return the CA certificate back to the requestor.X509CertImpl
handleGetCertInitial(CRSPKIMessage req, CRSPKIMessage resp)
Called if the router is requesting us to send it its certificate Examine request queue for a request matching the transaction ID.X509CertImpl
handlePKCSReq(javax.servlet.http.HttpServletRequest httpReq, IRequest cmsRequest, CRSPKIMessage req, CRSPKIMessage crsResp, com.netscape.cms.servlet.cert.scep.CRSEnrollment.CryptoContext cx)
void
handlePKIOperation(javax.servlet.http.HttpServletRequest httpReq, javax.servlet.http.HttpServletResponse httpResp, java.lang.String msg)
finds a request with this transaction ID.protected java.lang.String
hashPassword(java.lang.String pwd)
void
init(javax.servlet.ServletConfig sc)
java.util.Hashtable<java.lang.String,byte[]>
makeFingerPrints(CRSPKIMessage req)
void
service(javax.servlet.http.HttpServletRequest httpReq, javax.servlet.http.HttpServletResponse httpResp)
Service a CRS Request.static java.util.Hashtable<java.lang.String,java.lang.String>
toHashtable(javax.servlet.http.HttpServletRequest req)
void
unwrapPKCS10(CRSPKIMessage req, com.netscape.cms.servlet.cert.scep.CRSEnrollment.CryptoContext cx)
Here we decrypt the PKCS10 message from the clientvoid
verifyRequest(CRSPKIMessage req, com.netscape.cms.servlet.cert.scep.CRSEnrollment.CryptoContext cx)
-
Methods inherited from class javax.servlet.http.HttpServlet
doDelete, doGet, doHead, doOptions, doPost, doPut, doTrace, getLastModified, service
-
-
-
-
Field Detail
-
mProfileSubsystem
protected IProfileSubsystem mProfileSubsystem
-
mProfileId
protected java.lang.String mProfileId
-
mAuthority
protected ICertAuthority mAuthority
-
mConfig
protected IConfigStore mConfig
-
mAuthSubsystem
protected IAuthSubsystem mAuthSubsystem
-
mAppendDN
protected java.lang.String mAppendDN
-
mEntryObjectclass
protected java.lang.String mEntryObjectclass
-
mCreateEntry
protected boolean mCreateEntry
-
mFlattenDN
protected boolean mFlattenDN
-
mLogger
protected Logger mLogger
-
mSHADigest
protected java.security.MessageDigest mSHADigest
-
AUTH_PASSWORD
public static final java.lang.String AUTH_PASSWORD
- See Also:
- Constant Field Values
-
AUTH_CREDS
public static final java.lang.String AUTH_CREDS
- See Also:
- Constant Field Values
-
AUTH_TOKEN
public static final java.lang.String AUTH_TOKEN
- See Also:
- Constant Field Values
-
AUTH_FAILED
public static final java.lang.String AUTH_FAILED
- See Also:
- Constant Field Values
-
SANE_DNSNAME
public static final java.lang.String SANE_DNSNAME
- See Also:
- Constant Field Values
-
SANE_IPADDRESS
public static final java.lang.String SANE_IPADDRESS
- See Also:
- Constant Field Values
-
CERTINFO
public static final java.lang.String CERTINFO
- See Also:
- Constant Field Values
-
SUBJECTNAME
public static final java.lang.String SUBJECTNAME
- See Also:
- Constant Field Values
-
OID_UNSTRUCTUREDNAME
public static ObjectIdentifier OID_UNSTRUCTUREDNAME
-
OID_UNSTRUCTUREDADDRESS
public static ObjectIdentifier OID_UNSTRUCTUREDADDRESS
-
OID_SERIALNUMBER
public static ObjectIdentifier OID_SERIALNUMBER
-
-
Method Detail
-
toHashtable
public static java.util.Hashtable<java.lang.String,java.lang.String> toHashtable(javax.servlet.http.HttpServletRequest req)
-
init
public void init(javax.servlet.ServletConfig sc)
- Specified by:
init
in interfacejavax.servlet.Servlet
- Overrides:
init
in classjavax.servlet.GenericServlet
-
service
public void service(javax.servlet.http.HttpServletRequest httpReq, javax.servlet.http.HttpServletResponse httpResp) throws javax.servlet.ServletException
Service a CRS Request. It all starts here. This is where the message from the router is processed- Overrides:
service
in classjavax.servlet.http.HttpServlet
- Parameters:
httpReq
- The HttpServletRequest.httpResp
- The HttpServletResponse.- Throws:
javax.servlet.ServletException
-
authenticate
public IAuthToken authenticate(AuthCredentials credentials, IProfileAuthenticator authenticator, javax.servlet.http.HttpServletRequest request) throws EBaseException
- Throws:
EBaseException
-
handleGetCACert
public void handleGetCACert(javax.servlet.http.HttpServletRequest httpReq, javax.servlet.http.HttpServletResponse httpResp) throws javax.servlet.ServletException
Return the CA certificate back to the requestor. This needs to be changed so that if the CA has a certificate chain, the whole thing should get packaged as a PKIMessage (degnerate PKCS7 - no signerInfo)- Throws:
javax.servlet.ServletException
-
getPasswordFromP10
public java.lang.String getPasswordFromP10(PKCS10 p10)
-
decodePKIMessage
public void decodePKIMessage(javax.servlet.http.HttpServletRequest httpReq, javax.servlet.http.HttpServletResponse httpResp, java.lang.String msg) throws javax.servlet.ServletException
Decodes the PKI message and return information to RA.- Throws:
javax.servlet.ServletException
-
handlePKIOperation
public void handlePKIOperation(javax.servlet.http.HttpServletRequest httpReq, javax.servlet.http.HttpServletResponse httpResp, java.lang.String msg) throws javax.servlet.ServletException
finds a request with this transaction ID. If could not find any request - return null If could only find 'rejected' or 'cancelled' requests, return null If found 'pending' or 'completed' request - return that request- Throws:
javax.servlet.ServletException
-
findRequestByTransactionID
public IRequest findRequestByTransactionID(java.lang.String txid, boolean ignoreRejected) throws EBaseException
finds a request with this transaction ID. If could not find any request - return null If could only find 'rejected' or 'cancelled' requests, return null If found 'pending' or 'completed' request - return that request- Throws:
EBaseException
-
handleGetCertInitial
public X509CertImpl handleGetCertInitial(CRSPKIMessage req, CRSPKIMessage resp)
Called if the router is requesting us to send it its certificate Examine request queue for a request matching the transaction ID. Ignore any rejected or cancelled requests. If a request is found in the pending state, the response should be 'pending' If a request is found in the completed state, the response should be to return the certificate If no request is found, the response should be to return null
-
verifyRequest
public void verifyRequest(CRSPKIMessage req, com.netscape.cms.servlet.cert.scep.CRSEnrollment.CryptoContext cx) throws com.netscape.cms.servlet.cert.scep.CRSEnrollment.CRSInvalidSignatureException
- Throws:
com.netscape.cms.servlet.cert.scep.CRSEnrollment.CRSInvalidSignatureException
-
unwrapPKCS10
public void unwrapPKCS10(CRSPKIMessage req, com.netscape.cms.servlet.cert.scep.CRSEnrollment.CryptoContext cx) throws javax.servlet.ServletException, org.mozilla.jss.NotInitializedException, com.netscape.cms.servlet.cert.scep.CRSEnrollment.CryptoContext.CryptoContextException, com.netscape.cms.servlet.cert.scep.CRSEnrollment.CRSFailureException
Here we decrypt the PKCS10 message from the client- Throws:
javax.servlet.ServletException
org.mozilla.jss.NotInitializedException
com.netscape.cms.servlet.cert.scep.CRSEnrollment.CryptoContext.CryptoContextException
com.netscape.cms.servlet.cert.scep.CRSEnrollment.CRSFailureException
-
handlePKCSReq
public X509CertImpl handlePKCSReq(javax.servlet.http.HttpServletRequest httpReq, IRequest cmsRequest, CRSPKIMessage req, CRSPKIMessage crsResp, com.netscape.cms.servlet.cert.scep.CRSEnrollment.CryptoContext cx) throws javax.servlet.ServletException, org.mozilla.jss.NotInitializedException, com.netscape.cms.servlet.cert.scep.CRSEnrollment.CRSFailureException
- Throws:
javax.servlet.ServletException
org.mozilla.jss.NotInitializedException
com.netscape.cms.servlet.cert.scep.CRSEnrollment.CRSFailureException
-
makeFingerPrints
public java.util.Hashtable<java.lang.String,byte[]> makeFingerPrints(CRSPKIMessage req)
-
hashPassword
protected java.lang.String hashPassword(java.lang.String pwd)
-
-