Package com.netscape.cms.servlet.base
Class CMSServlet
java.lang.Object
javax.servlet.GenericServlet
javax.servlet.http.HttpServlet
com.netscape.cms.servlet.base.CMSServlet
- All Implemented Interfaces:
Serializable
,javax.servlet.Servlet
,javax.servlet.ServletConfig
- Direct Known Subclasses:
CheckIdentity
,CloneRedirect
,CloneServlet
,ConnectorServlet
,DirAuthServlet
,DisableEnrollResult
,DisplayHashUserEnroll
,DisplayHtmlServlet
,DownloadPKCS12
,DynamicVariablesServlet
,EnableEnrollResult
,GetConfigEntries
,GetCookie
,GetDomainXML
,GetOCSPInfo
,GetStats
,GetStatus
,IndexServlet
,MainPageServlet
,OCSPServlet
,PortsServlet
,ProcessReq
,QueryReq
,RegisterUser
,RemoteAuthConfig
,SearchReqs
,TokenAuthenticate
,UpdateDomainXML
,UpdateNumberRange
public abstract class CMSServlet
extends javax.servlet.http.HttpServlet
This is the base class of all CS servlet.
- Version:
- $Revision$, $Date$
- See Also:
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected static final String
static final String
protected static final String
static final String
static final String
static final String
static final String
static final String
protected static final String
static final String
protected ICertificateAuthority
protected CMSEngine
static final String
protected static final String
protected static final String
static final String
static final String
static final String
static final String
static String
handy routine to check if client want full enrollment responseprotected static final String
static org.slf4j.Logger
protected String
protected String
protected IAuthority
protected AuthzSubsystem
protected String
protected ConfigStore
protected String
protected String
protected String
protected LogSource
protected String
protected boolean
protected RequestQueue
protected javax.servlet.ServletConfig
protected javax.servlet.ServletContext
protected Hashtable<Integer,
CMSLoadTemplate> protected static final String
protected static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
protected static final String
protected static final String
static final String
static final String
protected static final String
protected static final String
static final String
protected static final String
protected static final String
protected static final String
protected static final String
protected static final String
protected static final String
protected RequestRepository
protected javax.servlet.ServletConfig
protected static Logger
static final String
static final String
static final String
protected static final String
protected static final String
static final String
protected static final String
protected static final String
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected boolean
areCertsFromCA
(X509Certificate[] certs) handy routine for checking if a list of certs is from this CA.protected void
protected void
Signed Audit Log This method is inherited by all extended "CMSServlet"s, and is called to store messages to the signed audit log.protected String
Signed Audit Log Group ID This method is inherited by all extended "CMSServlet"s, and is called to obtain the "gid" for a signed audit log message.protected String
Signed Audit Log Subject ID This method is inherited by all extended "CMSServlet"s, and is called to obtain the "SubjectID" for a signed audit log message.authenticate
(CMSRequest req) authenticate
(CMSRequest req, String authMgrName) authenticate
(javax.servlet.http.HttpServletRequest httpReq) authenticate
(javax.servlet.http.HttpServletRequest httpReq, String authMgrName) Authenticationauthorize
(String authzMgrName, IAuthToken authToken, String resource, String operation) Authorize must occur after Authenticateauthorize
(String authzMgrName, String resource, IAuthToken authToken, String exp) protected boolean
certIsRevoked
(BigInteger serialNum) check if a certificate (serial number) is revoked on a CA.protected boolean
checkImportCertToNav
(javax.servlet.http.HttpServletResponse httpResp, IArgBlock httpParams, org.mozilla.jss.netscape.security.x509.X509CertImpl cert) static boolean
clientIsMSIE
(javax.servlet.http.HttpServletRequest httpReq) handy routine to check if client is msie based on user-agent.static boolean
clientIsNav
(javax.servlet.http.HttpServletRequest httpReq) handy routine to check if client is navigator based on user-agent.protected static boolean
connectionIsSSL
(javax.servlet.http.HttpServletRequest httpReq) static boolean
doCMMFResponse
(IArgBlock httpParams) static boolean
doFullResponse
(IArgBlock httpParams) protected org.mozilla.jss.netscape.security.x509.RevokedCertImpl
formCRLEntry
(BigInteger serialNo, org.mozilla.jss.netscape.security.x509.RevocationReason reason) make a CRL entry from a serial number and revocation reason.static String
static AuthCredentials
getAuthCreds
(AuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert) construct a authentication credentials to pass into authentication manager.protected IAuthToken
getAuthToken
(Request req) protected CertRecord
getCertRecord
(BigInteger serialNo) handy routine for getting a cert record given a serial number.protected void
getDontSaveHttpParams
(javax.servlet.ServletConfig sc) get http parameters not to save from configuration.getId()
static File
getLangFile
(javax.servlet.http.HttpServletRequest req, File realpathFile, Locale[] locale) static Locale
protected Locale
getLocale
(javax.servlet.http.HttpServletRequest req) Retrieves locale based on the request.protected String
getRelPath
(IAuthority authority) handy routine for getting agent's relative pathprotected void
getSaveHttpHeaders
(javax.servlet.ServletConfig sc) get http headers to save from configuration.protected X509Certificate
getSSLClientCertificate
(javax.servlet.http.HttpServletRequest httpReq) get ssl client authenticated certificateprotected X509Certificate
getSSLClientCertificate
(javax.servlet.http.HttpServletRequest httpReq, boolean clientCertRequired) protected CMSTemplate
getTemplate
(String templateName, javax.servlet.http.HttpServletRequest httpReq, Locale[] locale) get a template based on result status.protected X509Certificate
getX509Certificate
(BigInteger serialNo) handy routine for getting a certificate from the certificate repository.protected String
hashPassword
(String pwd) void
importCertToNav
(javax.servlet.http.HttpServletResponse httpResp, org.mozilla.jss.netscape.security.x509.X509CertImpl cert, String contentType, boolean importCAChain) handy routine to import cert to old navigator in nav mime type.void
init
(javax.servlet.ServletConfig sc) protected static void
invalidateSSLSession
(javax.servlet.http.HttpServletRequest httpReq) Invalidates a SSL Session.protected boolean
isCertFromCA
(X509Certificate cert) handy routine for validating if a cert is from this CA.boolean
protected boolean
isSystemCertificate
(BigInteger serialNo) A system certificate such as the CA signing certificate should not be allowed to delete.protected CMSRequest
Create a new CMSRequest object.protected ICMSTemplateFiller
newFillerObject
(String fillerClass) instantiate a new filler from a class name,protected void
outputArgBlockAsXML
(XMLObject xmlObj, Node parent, String argBlockName, IArgBlock argBlock) protected void
outputError
(javax.servlet.http.HttpServletResponse httpResp, String errorString) protected void
outputError
(javax.servlet.http.HttpServletResponse httpResp, String errorString, String requestId) protected void
outputError
(javax.servlet.http.HttpServletResponse httpResp, String status, String errorString, String requestId) void
outputHttpParameters
(javax.servlet.http.HttpServletRequest httpReq) protected void
outputResult
(javax.servlet.http.HttpServletResponse httpResp, String contentType, byte[] content) protected void
outputXML
(javax.servlet.http.HttpServletResponse httpResp, CMSTemplateParams params) protected void
process
(CMSRequest cmsRequest) process an HTTP request.protected void
renderException
(CMSRequest cmsReq, EBaseException e) Output exception (unexpected error) template This is different from other templates in that if an exception occurs while rendering the exception a message is printed out directly.void
renderFinalError
(CMSRequest cmsReq, Exception ex) protected void
renderResult
(CMSRequest cmsReq) Output a template.protected void
renderTemplate
(CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) protected static void
saveAuthToken
(IAuthToken token, Request req) protected void
saveHttpHeaders
(javax.servlet.http.HttpServletRequest httpReq, Request req) save http headers in a Request.protected void
saveHttpParams
(IArgBlock httpParams, Request req) save http headers in a Request.void
service
(javax.servlet.http.HttpServletRequest httpReq, javax.servlet.http.HttpServletResponse httpResp) protected void
setDefaultTemplates
(javax.servlet.ServletConfig sc) set default templates.toHashtable
(javax.servlet.http.HttpServletRequest req) Methods inherited from class javax.servlet.http.HttpServlet
doDelete, doGet, doHead, doOptions, doPost, doPut, doTrace, getLastModified, service
Methods inherited from class javax.servlet.GenericServlet
destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, log, log
-
Field Details
-
logger
public static org.slf4j.Logger logger -
signedAuditLogger
-
SUCCESS
- See Also:
-
FAILURE
- See Also:
-
AUTH_FAILURE
- See Also:
-
PROP_ID
- See Also:
-
PROP_AUTHORITY
- See Also:
-
PROP_AUTHORITYID
- See Also:
-
PROP_AUTHMGR
- See Also:
-
PROP_CLIENTAUTH
- See Also:
-
PROP_RESOURCEID
- See Also:
-
AUTHZ_SRC_LDAP
- See Also:
-
AUTHZ_SRC_TYPE
- See Also:
-
AUTHZ_SRC_XML
- See Also:
-
PROP_AUTHZ_MGR
- See Also:
-
PROP_ACL
- See Also:
-
AUTHZ_MGR_BASIC
- See Also:
-
AUTHZ_MGR_LDAP
- See Also:
-
PROP_FINAL_ERROR_MSG
- See Also:
-
ERROR_MSG_TOKEN
- See Also:
-
FINAL_ERROR_MSG
- See Also:
-
PROP_UNAUTHORIZED_TEMPLATE
- See Also:
-
UNAUTHORIZED_TEMPLATE
- See Also:
-
PROP_SUCCESS_TEMPLATE
- See Also:
-
SUCCESS_TEMPLATE
- See Also:
-
PROP_PENDING_TEMPLATE
- See Also:
-
PENDING_TEMPLATE
- See Also:
-
PROP_SVC_PENDING_TEMPLATE
- See Also:
-
SVC_PENDING_TEMPLATE
- See Also:
-
PROP_REJECTED_TEMPLATE
- See Also:
-
REJECTED_TEMPLATE
- See Also:
-
PROP_ERROR_TEMPLATE
- See Also:
-
ERROR_TEMPLATE
- See Also:
-
PROP_EXCEPTION_TEMPLATE
- See Also:
-
EXCEPTION_TEMPLATE
- See Also:
-
PROP_SUCCESS_TEMPLATE_FILLER
- See Also:
-
RA_AGENT_GROUP
- See Also:
-
CA_AGENT_GROUP
- See Also:
-
KRA_AGENT_GROUP
- See Also:
-
OCSP_AGENT_GROUP
- See Also:
-
TRUSTED_RA_GROUP
- See Also:
-
ADMIN_GROUP
- See Also:
-
PFX_HTTP_HEADER
- See Also:
-
PFX_HTTP_PARAM
- See Also:
-
PFX_AUTH_TOKEN
- See Also:
-
AUTHMGR_PARAM
- See Also:
-
CERT_ATTR
- See Also:
-
servletConfig
protected javax.servlet.ServletConfig servletConfig -
mRenderResult
protected boolean mRenderResult -
mFinalErrorMsg
-
mTemplates
-
mServletConfig
protected javax.servlet.ServletConfig mServletConfig -
mServletContext
protected javax.servlet.ServletContext mServletContext -
mDontSaveHttpParams
-
mSaveHttpHeaders
-
mId
-
mConfig
-
mAuthority
-
certAuthority
-
requestRepository
-
mRequestQueue
-
mLogCategory
-
mGetClientCert
-
mAuthMgr
-
mAuthz
-
mAclMethod
-
mAuthzResourceName
-
mOutputTemplatePath
-
engine
-
TEMPLATE_NAME
- See Also:
-
SIMPLE_ENROLLMENT_REQUEST
- See Also:
-
SIMPLE_ENROLLMENT_RESPONSE
- See Also:
-
FULL_ENROLLMENT_REQUEST
- See Also:
-
FULL_ENROLLMENT_RESPONSE
- See Also:
-
FULL_RESPONSE
handy routine to check if client want full enrollment response
-
-
Constructor Details
-
CMSServlet
public CMSServlet()
-
-
Method Details
-
toHashtable
-
init
public void init(javax.servlet.ServletConfig sc) throws javax.servlet.ServletException - Specified by:
init
in interfacejavax.servlet.Servlet
- Overrides:
init
in classjavax.servlet.GenericServlet
- Throws:
javax.servlet.ServletException
-
getId
-
getAuthMgr
-
isClientCertRequired
public boolean isClientCertRequired() -
outputHttpParameters
public void outputHttpParameters(javax.servlet.http.HttpServletRequest httpReq) -
service
public void service(javax.servlet.http.HttpServletRequest httpReq, javax.servlet.http.HttpServletResponse httpResp) throws javax.servlet.ServletException, IOException - Overrides:
service
in classjavax.servlet.http.HttpServlet
- Throws:
javax.servlet.ServletException
IOException
-
newCMSRequest
Create a new CMSRequest object. This should be overriden by servlets implementing different types of request- Returns:
- a new CMSRequest object
-
process
process an HTTP request. Servlets must override this with their own implementation- Throws:
EBaseException
- if the servlet was unable to satisfactorily process the requestException
-
renderResult
Output a template. If an error occurs while outputing the template the exception template is used to display the error.- Parameters:
cmsReq
- the CS request- Throws:
IOException
-
outputArgBlockAsXML
-
outputXML
-
renderTemplate
protected void renderTemplate(CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) throws IOException - Throws:
IOException
-
renderException
Output exception (unexpected error) template This is different from other templates in that if an exception occurs while rendering the exception a message is printed out directly. If the message gets an error an IOException is thrown. In others if an exception occurs while rendering the template the exception template (this) is called.- Parameters:
cmsReq
- the CS request to pass to template filler if any.e
- the unexpected exception- Throws:
IOException
-
renderFinalError
- Throws:
IOException
-
invalidateSSLSession
protected static void invalidateSSLSession(javax.servlet.http.HttpServletRequest httpReq) Invalidates a SSL Session. So client auth will happen again. -
getAuthCreds
public static AuthCredentials getAuthCreds(AuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert) throws EBaseException construct a authentication credentials to pass into authentication manager.- Throws:
EBaseException
-
getSSLClientCertificate
protected X509Certificate getSSLClientCertificate(javax.servlet.http.HttpServletRequest httpReq) throws EBaseException get ssl client authenticated certificate- Throws:
EBaseException
-
getSSLClientCertificate
protected X509Certificate getSSLClientCertificate(javax.servlet.http.HttpServletRequest httpReq, boolean clientCertRequired) throws EBaseException - Throws:
EBaseException
-
getTemplate
protected CMSTemplate getTemplate(String templateName, javax.servlet.http.HttpServletRequest httpReq, Locale[] locale) throws EBaseException, IOException get a template based on result status.- Throws:
EBaseException
IOException
-
getDontSaveHttpParams
protected void getDontSaveHttpParams(javax.servlet.ServletConfig sc) get http parameters not to save from configuration. -
getSaveHttpHeaders
protected void getSaveHttpHeaders(javax.servlet.ServletConfig sc) get http headers to save from configuration. -
saveHttpHeaders
protected void saveHttpHeaders(javax.servlet.http.HttpServletRequest httpReq, Request req) throws EBaseException save http headers in a Request.- Throws:
EBaseException
-
saveHttpParams
save http headers in a Request. -
getCertRecord
handy routine for getting a cert record given a serial number. -
isCertFromCA
handy routine for validating if a cert is from this CA. mAuthority must be a CA. -
areCertsFromCA
handy routine for checking if a list of certs is from this CA. mAuthortiy must be a CA. -
getX509Certificate
handy routine for getting a certificate from the certificate repository. mAuthority must be a CA. -
newFillerObject
instantiate a new filler from a class name,- Returns:
- null if can't be instantiated, new instance otherwise.
-
setDefaultTemplates
protected void setDefaultTemplates(javax.servlet.ServletConfig sc) set default templates. subclasses can override, and should override at least the success template -
clientIsMSIE
public static boolean clientIsMSIE(javax.servlet.http.HttpServletRequest httpReq) handy routine to check if client is msie based on user-agent. -
doCMMFResponse
-
doFullResponse
-
saveAuthToken
-
getAuthToken
-
connectionIsSSL
protected static boolean connectionIsSSL(javax.servlet.http.HttpServletRequest httpReq) -
getRelPath
handy routine for getting agent's relative path -
isSystemCertificate
A system certificate such as the CA signing certificate should not be allowed to delete. The main purpose is to avoid revoking the self signed CA certificate accidentially.- Throws:
EBaseException
-
formCRLEntry
protected org.mozilla.jss.netscape.security.x509.RevokedCertImpl formCRLEntry(BigInteger serialNo, org.mozilla.jss.netscape.security.x509.RevocationReason reason) throws EBaseException make a CRL entry from a serial number and revocation reason.- Returns:
- a RevokedCertImpl that can be entered in a CRL.
- Throws:
EBaseException
-
certIsRevoked
check if a certificate (serial number) is revoked on a CA.- Returns:
- true if cert is marked revoked in the CA's database.
- Throws:
EBaseException
-
generateSalt
-
hashPassword
-
getLangFile
public static File getLangFile(javax.servlet.http.HttpServletRequest req, File realpathFile, Locale[] locale) throws IOException - Parameters:
req
- http servlet requestrealpathFile
- the file to get.locale
- array of at least one to be filled with locale found.- Throws:
IOException
-
getLocale
-
authenticate
- Throws:
EBaseException
-
authenticate
- Throws:
EBaseException
-
authenticate
- Throws:
EBaseException
-
authenticate
public IAuthToken authenticate(javax.servlet.http.HttpServletRequest httpReq, String authMgrName) throws EBaseException Authentication- signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication fails (in case of SSL-client auth, only webserver env can pick up the SSL violation; CS authMgr can pick up cert mis-match, so this event is used)
- signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication succeeded
- Throws:
EBaseException
- an error has occurred
-
authorize
public AuthzToken authorize(String authzMgrName, String resource, IAuthToken authToken, String exp) throws EBaseException - Throws:
EBaseException
-
authorize
public AuthzToken authorize(String authzMgrName, IAuthToken authToken, String resource, String operation) throws EBaseException Authorize must occur after Authenticate- signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization has failed
- signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization is successful
- signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a role (in current CS that's when one accesses a role port)
- Parameters:
authzMgrName
- string representing the name of the authorization managerauthToken
- the authentication tokenresource
- a string representing the ACL resource id as defined in the ACL resource listoperation
- a string representing one of the operations as defined within the ACL statement (e. g. - "read" for an ACL statement containing "(read,write)")- Returns:
- the authorization token
- Throws:
EBaseException
- an error has occurred
-
audit
Signed Audit Log This method is inherited by all extended "CMSServlet"s, and is called to store messages to the signed audit log.- Parameters:
msg
- signed audit log message
-
audit
-
auditSubjectID
Signed Audit Log Subject ID This method is inherited by all extended "CMSServlet"s, and is called to obtain the "SubjectID" for a signed audit log message.- Returns:
- id string containing the signed audit log message SubjectID
-
auditGroupID
Signed Audit Log Group ID This method is inherited by all extended "CMSServlet"s, and is called to obtain the "gid" for a signed audit log message.- Returns:
- id string containing the signed audit log message SubjectID
-
getLocale
Retrieves locale based on the request. -
outputResult
protected void outputResult(javax.servlet.http.HttpServletResponse httpResp, String contentType, byte[] content) -
outputError
-
outputError
-
outputError
-