Class CMSServlet

    • Field Detail

      • signedAuditLogger

        protected static Logger signedAuditLogger
      • PROP_AUTHORITYID

        public static final java.lang.String PROP_AUTHORITYID
        See Also:
        Constant Field Values
      • AUTHZ_CONFIG_STORE

        public static final java.lang.String AUTHZ_CONFIG_STORE
        See Also:
        Constant Field Values
      • PROP_FINAL_ERROR_MSG

        public static final java.lang.String PROP_FINAL_ERROR_MSG
        See Also:
        Constant Field Values
      • PROP_UNAUTHORIZED_TEMPLATE

        protected static final java.lang.String PROP_UNAUTHORIZED_TEMPLATE
        See Also:
        Constant Field Values
      • UNAUTHORIZED_TEMPLATE

        protected static final java.lang.String UNAUTHORIZED_TEMPLATE
        See Also:
        Constant Field Values
      • PROP_SUCCESS_TEMPLATE

        protected static final java.lang.String PROP_SUCCESS_TEMPLATE
        See Also:
        Constant Field Values
      • SUCCESS_TEMPLATE

        protected static final java.lang.String SUCCESS_TEMPLATE
        See Also:
        Constant Field Values
      • PROP_PENDING_TEMPLATE

        protected static final java.lang.String PROP_PENDING_TEMPLATE
        See Also:
        Constant Field Values
      • PENDING_TEMPLATE

        protected static final java.lang.String PENDING_TEMPLATE
        See Also:
        Constant Field Values
      • PROP_SVC_PENDING_TEMPLATE

        protected static final java.lang.String PROP_SVC_PENDING_TEMPLATE
        See Also:
        Constant Field Values
      • SVC_PENDING_TEMPLATE

        protected static final java.lang.String SVC_PENDING_TEMPLATE
        See Also:
        Constant Field Values
      • PROP_REJECTED_TEMPLATE

        protected static final java.lang.String PROP_REJECTED_TEMPLATE
        See Also:
        Constant Field Values
      • REJECTED_TEMPLATE

        protected static final java.lang.String REJECTED_TEMPLATE
        See Also:
        Constant Field Values
      • PROP_ERROR_TEMPLATE

        protected static final java.lang.String PROP_ERROR_TEMPLATE
        See Also:
        Constant Field Values
      • PROP_EXCEPTION_TEMPLATE

        protected static final java.lang.String PROP_EXCEPTION_TEMPLATE
        See Also:
        Constant Field Values
      • EXCEPTION_TEMPLATE

        protected static final java.lang.String EXCEPTION_TEMPLATE
        See Also:
        Constant Field Values
      • PROP_SUCCESS_TEMPLATE_FILLER

        protected static final java.lang.String PROP_SUCCESS_TEMPLATE_FILLER
        See Also:
        Constant Field Values
      • KRA_AGENT_GROUP

        protected static final java.lang.String KRA_AGENT_GROUP
        See Also:
        Constant Field Values
      • OCSP_AGENT_GROUP

        protected static final java.lang.String OCSP_AGENT_GROUP
        See Also:
        Constant Field Values
      • TRUSTED_RA_GROUP

        protected static final java.lang.String TRUSTED_RA_GROUP
        See Also:
        Constant Field Values
      • servletConfig

        protected javax.servlet.ServletConfig servletConfig
      • mRenderResult

        protected boolean mRenderResult
      • mFinalErrorMsg

        protected java.lang.String mFinalErrorMsg
      • mTemplates

        protected java.util.Hashtable<java.lang.Integer,​CMSLoadTemplate> mTemplates
      • mServletConfig

        protected javax.servlet.ServletConfig mServletConfig
      • mServletContext

        protected javax.servlet.ServletContext mServletContext
      • mDontSaveHttpParams

        protected java.util.Vector<java.lang.String> mDontSaveHttpParams
      • mSaveHttpHeaders

        protected java.util.Vector<java.lang.String> mSaveHttpHeaders
      • mId

        protected java.lang.String mId
      • mLogger

        protected Logger mLogger
      • mLogCategory

        protected LogSource mLogCategory
      • mGetClientCert

        protected java.lang.String mGetClientCert
      • mAuthMgr

        protected java.lang.String mAuthMgr
      • mAclMethod

        protected java.lang.String mAclMethod
      • mAuthzResourceName

        protected java.lang.String mAuthzResourceName
      • mOutputTemplatePath

        protected java.lang.String mOutputTemplatePath
      • SIMPLE_ENROLLMENT_REQUEST

        public static final java.lang.String SIMPLE_ENROLLMENT_REQUEST
        See Also:
        Constant Field Values
      • SIMPLE_ENROLLMENT_RESPONSE

        public static final java.lang.String SIMPLE_ENROLLMENT_RESPONSE
        See Also:
        Constant Field Values
      • FULL_ENROLLMENT_REQUEST

        public static final java.lang.String FULL_ENROLLMENT_REQUEST
        See Also:
        Constant Field Values
      • FULL_ENROLLMENT_RESPONSE

        public static final java.lang.String FULL_ENROLLMENT_RESPONSE
        See Also:
        Constant Field Values
      • FULL_RESPONSE

        public static java.lang.String FULL_RESPONSE
        handy routine to check if client want full enrollment response
    • Constructor Detail

      • CMSServlet

        public CMSServlet()
    • Method Detail

      • toHashtable

        public static java.util.Hashtable<java.lang.String,​java.lang.String> toHashtable​(javax.servlet.http.HttpServletRequest req)
      • init

        public void init​(javax.servlet.ServletConfig sc)
                  throws javax.servlet.ServletException
        Specified by:
        init in interface javax.servlet.Servlet
        Overrides:
        init in class javax.servlet.GenericServlet
        Throws:
        javax.servlet.ServletException
      • getId

        public java.lang.String getId()
      • getAuthMgr

        public java.lang.String getAuthMgr()
      • isClientCertRequired

        public boolean isClientCertRequired()
      • outputHttpParameters

        public void outputHttpParameters​(javax.servlet.http.HttpServletRequest httpReq)
      • service

        public void service​(javax.servlet.http.HttpServletRequest httpReq,
                            javax.servlet.http.HttpServletResponse httpResp)
                     throws javax.servlet.ServletException,
                            java.io.IOException
        Overrides:
        service in class javax.servlet.http.HttpServlet
        Throws:
        javax.servlet.ServletException
        java.io.IOException
      • newCMSRequest

        protected CMSRequest newCMSRequest()
        Create a new CMSRequest object. This should be overriden by servlets implementing different types of request
        Returns:
        a new CMSRequest object
      • process

        protected void process​(CMSRequest cmsRequest)
                        throws java.lang.Exception
        process an HTTP request. Servlets must override this with their own implementation
        Throws:
        EBaseException - if the servlet was unable to satisfactorily process the request
        java.lang.Exception
      • renderResult

        protected void renderResult​(CMSRequest cmsReq)
                             throws java.io.IOException
        Output a template. If an error occurs while outputing the template the exception template is used to display the error.
        Parameters:
        cmsReq - the CS request
        Throws:
        java.io.IOException
      • outputArgBlockAsXML

        protected void outputArgBlockAsXML​(XMLObject xmlObj,
                                           org.w3c.dom.Node parent,
                                           java.lang.String argBlockName,
                                           IArgBlock argBlock)
      • outputXML

        protected void outputXML​(javax.servlet.http.HttpServletResponse httpResp,
                                 CMSTemplateParams params)
      • renderTemplate

        protected void renderTemplate​(CMSRequest cmsReq,
                                      java.lang.String templateName,
                                      ICMSTemplateFiller filler)
                               throws java.io.IOException
        Throws:
        java.io.IOException
      • renderException

        protected void renderException​(CMSRequest cmsReq,
                                       EBaseException e)
                                throws java.io.IOException
        Output exception (unexpected error) template This is different from other templates in that if an exception occurs while rendering the exception a message is printed out directly. If the message gets an error an IOException is thrown. In others if an exception occurs while rendering the template the exception template (this) is called.

        Parameters:
        cmsReq - the CS request to pass to template filler if any.
        e - the unexpected exception
        Throws:
        java.io.IOException
      • renderFinalError

        public void renderFinalError​(CMSRequest cmsReq,
                                     java.lang.Exception ex)
                              throws java.io.IOException
        Throws:
        java.io.IOException
      • invalidateSSLSession

        protected static void invalidateSSLSession​(javax.servlet.http.HttpServletRequest httpReq)
        Invalidates a SSL Session. So client auth will happen again.
      • getSSLClientCertificate

        protected java.security.cert.X509Certificate getSSLClientCertificate​(javax.servlet.http.HttpServletRequest httpReq)
                                                                      throws EBaseException
        get ssl client authenticated certificate
        Throws:
        EBaseException
      • getSSLClientCertificate

        protected java.security.cert.X509Certificate getSSLClientCertificate​(javax.servlet.http.HttpServletRequest httpReq,
                                                                             boolean clientCertRequired)
                                                                      throws EBaseException
        Throws:
        EBaseException
      • getTemplate

        protected CMSTemplate getTemplate​(java.lang.String templateName,
                                          javax.servlet.http.HttpServletRequest httpReq,
                                          java.util.Locale[] locale)
                                   throws EBaseException,
                                          java.io.IOException
        get a template based on result status.
        Throws:
        EBaseException
        java.io.IOException
      • log

        protected void log​(LogCategory event,
                           int level,
                           java.lang.String msg)
        log according to authority category.
      • log

        protected void log​(int level,
                           java.lang.String msg)
      • getDontSaveHttpParams

        protected void getDontSaveHttpParams​(javax.servlet.ServletConfig sc)
        get http parameters not to save from configuration.
      • getSaveHttpHeaders

        protected void getSaveHttpHeaders​(javax.servlet.ServletConfig sc)
        get http headers to save from configuration.
      • saveHttpHeaders

        protected void saveHttpHeaders​(javax.servlet.http.HttpServletRequest httpReq,
                                       IRequest req)
                                throws EBaseException
        save http headers in a IRequest.
        Throws:
        EBaseException
      • saveHttpParams

        protected void saveHttpParams​(IArgBlock httpParams,
                                      IRequest req)
        save http headers in a IRequest.
      • getCertRecord

        protected ICertRecord getCertRecord​(java.math.BigInteger serialNo)
        handy routine for getting a cert record given a serial number.
      • isCertFromCA

        protected boolean isCertFromCA​(java.security.cert.X509Certificate cert)
        handy routine for validating if a cert is from this CA. mAuthority must be a CA.
      • areCertsFromCA

        protected boolean areCertsFromCA​(java.security.cert.X509Certificate[] certs)
        handy routine for checking if a list of certs is from this CA. mAuthortiy must be a CA.
      • getX509Certificate

        protected java.security.cert.X509Certificate getX509Certificate​(java.math.BigInteger serialNo)
        handy routine for getting a certificate from the certificate repository. mAuthority must be a CA.
      • newFillerObject

        protected ICMSTemplateFiller newFillerObject​(java.lang.String fillerClass)
        instantiate a new filler from a class name,
        Returns:
        null if can't be instantiated, new instance otherwise.
      • setDefaultTemplates

        protected void setDefaultTemplates​(javax.servlet.ServletConfig sc)
        set default templates. subclasses can override, and should override at least the success template
      • clientIsNav

        public static boolean clientIsNav​(javax.servlet.http.HttpServletRequest httpReq)
        handy routine to check if client is navigator based on user-agent.
      • clientIsMSIE

        public static boolean clientIsMSIE​(javax.servlet.http.HttpServletRequest httpReq)
        handy routine to check if client is msie based on user-agent.
      • doCMMFResponse

        public static boolean doCMMFResponse​(IArgBlock httpParams)
      • doFullResponse

        public static boolean doFullResponse​(IArgBlock httpParams)
      • checkImportCertToNav

        protected boolean checkImportCertToNav​(javax.servlet.http.HttpServletResponse httpResp,
                                               IArgBlock httpParams,
                                               X509CertImpl cert)
                                        throws EBaseException
        Returns:
        false if import cert directly set to false.
        Throws:
        EBaseException
      • importCertToNav

        public void importCertToNav​(javax.servlet.http.HttpServletResponse httpResp,
                                    X509CertImpl cert,
                                    java.lang.String contentType,
                                    boolean importCAChain)
                             throws EBaseException
        handy routine to import cert to old navigator in nav mime type.
        Throws:
        EBaseException
      • saveAuthToken

        protected static void saveAuthToken​(IAuthToken token,
                                            IRequest req)
      • connectionIsSSL

        protected static boolean connectionIsSSL​(javax.servlet.http.HttpServletRequest httpReq)
      • getRelPath

        protected java.lang.String getRelPath​(IAuthority authority)
        handy routine for getting agent's relative path
      • isSystemCertificate

        protected boolean isSystemCertificate​(java.math.BigInteger serialNo)
                                       throws EBaseException
        A system certificate such as the CA signing certificate should not be allowed to delete. The main purpose is to avoid revoking the self signed CA certificate accidentially.
        Throws:
        EBaseException
      • certIsRevoked

        protected boolean certIsRevoked​(java.math.BigInteger serialNum)
                                 throws EBaseException
        check if a certificate (serial number) is revoked on a CA.
        Returns:
        true if cert is marked revoked in the CA's database.
        Throws:
        EBaseException
      • generateSalt

        public static java.lang.String generateSalt()
      • hashPassword

        protected java.lang.String hashPassword​(java.lang.String pwd)
      • getLangFile

        public static java.io.File getLangFile​(javax.servlet.http.HttpServletRequest req,
                                               java.io.File realpathFile,
                                               java.util.Locale[] locale)
                                        throws java.io.IOException
        Parameters:
        req - http servlet request
        realpathFile - the file to get.
        locale - array of at least one to be filled with locale found.
        Throws:
        java.io.IOException
      • getLocale

        public static java.util.Locale getLocale​(java.lang.String lang)
      • authenticate

        public IAuthToken authenticate​(javax.servlet.http.HttpServletRequest httpReq,
                                       java.lang.String authMgrName)
                                throws EBaseException
        Authentication

        • signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication fails (in case of SSL-client auth, only webserver env can pick up the SSL violation; CS authMgr can pick up cert mis-match, so this event is used)
        • signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication succeeded
        Throws:
        EBaseException - an error has occurred
      • authorize

        public AuthzToken authorize​(java.lang.String authzMgrName,
                                    IAuthToken authToken,
                                    java.lang.String resource,
                                    java.lang.String operation)
                             throws EBaseException
        Authorize must occur after Authenticate

        • signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization has failed
        • signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization is successful
        • signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a role (in current CS that's when one accesses a role port)
        Parameters:
        authzMgrName - string representing the name of the authorization manager
        authToken - the authentication token
        resource - a string representing the ACL resource id as defined in the ACL resource list
        operation - a string representing one of the operations as defined within the ACL statement (e. g. - "read" for an ACL statement containing "(read,write)")
        Returns:
        the authorization token
        Throws:
        EBaseException - an error has occurred
      • audit

        protected void audit​(java.lang.String msg)
        Signed Audit Log This method is inherited by all extended "CMSServlet"s, and is called to store messages to the signed audit log.

        Parameters:
        msg - signed audit log message
      • audit

        protected void audit​(LogEvent event)
      • auditSubjectID

        protected java.lang.String auditSubjectID()
        Signed Audit Log Subject ID This method is inherited by all extended "CMSServlet"s, and is called to obtain the "SubjectID" for a signed audit log message.

        Returns:
        id string containing the signed audit log message SubjectID
      • auditGroupID

        protected java.lang.String auditGroupID()
        Signed Audit Log Group ID This method is inherited by all extended "CMSServlet"s, and is called to obtain the "gid" for a signed audit log message.

        Returns:
        id string containing the signed audit log message SubjectID
      • getLocale

        protected java.util.Locale getLocale​(javax.servlet.http.HttpServletRequest req)
        Retrieves locale based on the request.
      • outputResult

        protected void outputResult​(javax.servlet.http.HttpServletResponse httpResp,
                                    java.lang.String contentType,
                                    byte[] content)
      • outputError

        protected void outputError​(javax.servlet.http.HttpServletResponse httpResp,
                                   java.lang.String errorString)
      • outputError

        protected void outputError​(javax.servlet.http.HttpServletResponse httpResp,
                                   java.lang.String errorString,
                                   java.lang.String requestId)
      • outputError

        protected void outputError​(javax.servlet.http.HttpServletResponse httpResp,
                                   java.lang.String status,
                                   java.lang.String errorString,
                                   java.lang.String requestId)