[Pki-devel] [PATCH] 638 Fixed missing cert request hostname and address.
Endi Sukma Dewata
edewata at redhat.com
Wed Aug 5 17:42:36 UTC 2015
The CA services have been modified to inject request hostname and
address into the certificate request object such that they will be
stored in the database. This fixes the problem with requests
submitted either via the UI or the CLI.
An unused method in CertRequestResource has been removed. Some
debug messages have been cleaned as well.
https://fedorahosted.org/pki/ticket/1535
--
Endi S. Dewata
-------------- next part --------------
From c1c4cfd8a6815a88123956a45fa10e3446dae01e Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata at redhat.com>
Date: Wed, 5 Aug 2015 19:10:19 +0200
Subject: [PATCH] Fixed missing cert request hostname and address.
The CA services have been modified to inject request hostname and
address into the certificate request object such that they will be
stored in the database. This fixes the problem with requests
submitted either via the UI or the CLI.
An unused method in CertRequestResource has been removed. Some
debug messages have been cleaned as well.
https://fedorahosted.org/pki/ticket/1535
---
.../server/ca/rest/CertRequestService.java | 15 +++++--------
.../certsrv/cert/CertEnrollmentRequest.java | 8 +++++++
.../netscape/certsrv/cert/CertRequestResource.java | 10 ---------
.../servlet/cert/CertEnrollmentRequestFactory.java | 14 ++++++++----
.../netscape/cms/servlet/cert/CertProcessor.java | 25 +++++++++++-----------
.../cms/servlet/cert/EnrollmentProcessor.java | 12 +++++------
.../cms/servlet/processors/CAProcessor.java | 9 ++++----
7 files changed, 46 insertions(+), 47 deletions(-)
diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/CertRequestService.java b/base/ca/src/org/dogtagpki/server/ca/rest/CertRequestService.java
index a11cb470b21240127b405a694c92fc665dd9ed69..95f1f4c20086ddb45846f65b1db157bff238708a 100644
--- a/base/ca/src/org/dogtagpki/server/ca/rest/CertRequestService.java
+++ b/base/ca/src/org/dogtagpki/server/ca/rest/CertRequestService.java
@@ -27,7 +27,6 @@ import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.PathParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Request;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
@@ -113,13 +112,6 @@ public class CertRequestService extends PKIService implements CertRequestResourc
return createOKResponse(info);
}
- // Enrollment - used to test integration with a browser
- @Override
- public Response enrollCert(MultivaluedMap<String, String> form) {
- CertEnrollmentRequest data = new CertEnrollmentRequest(form);
- return enrollCert(data);
- }
-
@Override
public Response enrollCert(CertEnrollmentRequest data) {
@@ -128,6 +120,9 @@ public class CertRequestService extends PKIService implements CertRequestResourc
throw new BadRequestException("Unable to create enrollment reequest: Invalid input data");
}
+ data.setRemoteHost(servletRequest.getRemoteHost());
+ data.setRemoteAddr(servletRequest.getRemoteAddr());
+
CertRequestDAO dao = new CertRequestDAO();
CertRequestInfos infos;
@@ -143,10 +138,10 @@ public class CertRequestService extends PKIService implements CertRequestResourc
CMS.debug("enrollCert: bad request data: " + e);
throw new BadRequestException(e.toString());
} catch (EBaseException e) {
- throw new PKIException(e.toString());
+ throw new PKIException(e);
} catch (Exception e) {
CMS.debug(e);
- throw new PKIException(e.toString());
+ throw new PKIException(e);
}
// this will return an error code of 200, instead of 201
diff --git a/base/common/src/com/netscape/certsrv/cert/CertEnrollmentRequest.java b/base/common/src/com/netscape/certsrv/cert/CertEnrollmentRequest.java
index 72aad330fecc63290c9e6d82e576971df499028e..d55b5b4e1007516fef8fa6f9820c44d522f4bde4 100644
--- a/base/common/src/com/netscape/certsrv/cert/CertEnrollmentRequest.java
+++ b/base/common/src/com/netscape/certsrv/cert/CertEnrollmentRequest.java
@@ -275,6 +275,14 @@ public class CertEnrollmentRequest {
return sw.toString();
}
+ public String toString() {
+ try {
+ return toXML();
+ } catch (JAXBException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
@Override
public int hashCode() {
final int prime = 31;
diff --git a/base/common/src/com/netscape/certsrv/cert/CertRequestResource.java b/base/common/src/com/netscape/certsrv/cert/CertRequestResource.java
index b9ae1f1fe0592bbcc4a7b64baa2ef4fecbe52749..7f08b4af392e3e56419abdad7cb66bd191688222 100644
--- a/base/common/src/com/netscape/certsrv/cert/CertRequestResource.java
+++ b/base/common/src/com/netscape/certsrv/cert/CertRequestResource.java
@@ -17,14 +17,11 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.certsrv.cert;
-import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.QueryParam;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import org.jboss.resteasy.annotations.ClientResponseType;
@@ -37,13 +34,6 @@ import com.netscape.certsrv.request.RequestId;
@Path("")
public interface CertRequestResource {
- // Enrollment - used to test integration with a browser
- @POST
- @Path("certrequests")
- @ClientResponseType(entityType=CertRequestInfos.class)
- @Consumes({ MediaType.APPLICATION_FORM_URLENCODED })
- public Response enrollCert(MultivaluedMap<String, String> form);
-
@POST
@Path("certrequests")
@ClientResponseType(entityType=CertRequestInfos.class)
diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/CertEnrollmentRequestFactory.java b/base/server/cms/src/com/netscape/cms/servlet/cert/CertEnrollmentRequestFactory.java
index 7a26e8e21482bc066184305d56eb953e25903696..d74a285f391ecf4fdbafe219d02f20e86ccf1848 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/cert/CertEnrollmentRequestFactory.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/cert/CertEnrollmentRequestFactory.java
@@ -20,6 +20,8 @@ package com.netscape.cms.servlet.cert;
import java.util.Enumeration;
import java.util.Locale;
+import javax.servlet.http.HttpServletRequest;
+
import com.netscape.certsrv.base.IArgBlock;
import com.netscape.certsrv.cert.CertEnrollmentRequest;
import com.netscape.certsrv.profile.EProfileException;
@@ -35,18 +37,22 @@ public class CertEnrollmentRequestFactory {
throws EProfileException {
IArgBlock params = cmsReq.getHttpParams();
- CertEnrollmentRequest ret = new CertEnrollmentRequest();
- ret.setProfileId(profile.getId());
+ CertEnrollmentRequest request = new CertEnrollmentRequest();
+ request.setProfileId(profile.getId());
// populate profile inputs
Enumeration<String> inputIds = profile.getProfileInputIds();
while (inputIds.hasMoreElements()) {
IProfileInput input = profile.getProfileInput(inputIds.nextElement());
ProfileInput addInput = ProfileInputFactory.create(input, params, locale);
- ret.addInput(addInput);
+ request.addInput(addInput);
}
- return ret;
+ HttpServletRequest httpRequest = cmsReq.getHttpReq();
+ request.setRemoteHost(httpRequest.getRemoteHost());
+ request.setRemoteAddr(httpRequest.getRemoteAddr());
+
+ return request;
}
}
diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/CertProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/cert/CertProcessor.java
index 4cd54a25719bcd82728ef803f225bac481211584..f1a147eb475a8a1378cac829dcaee765ab2c3e70 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/cert/CertProcessor.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/cert/CertProcessor.java
@@ -172,13 +172,14 @@ public class CertProcessor extends CAProcessor {
auditRequesterID = auditRequesterID(req);
// print request debug
+ CMS.debug("CertProcessor: Request:");
if (req != null) {
Enumeration<String> reqKeys = req.getExtDataKeys();
while (reqKeys.hasMoreElements()) {
String reqKey = reqKeys.nextElement();
String reqVal = req.getExtDataInString(reqKey);
if (reqVal != null) {
- CMS.debug("CertRequestSubmitter: key=$request." + reqKey + "$ value=" + reqVal);
+ CMS.debug("CertProcessor: - " + reqKey + ": " + reqVal);
}
}
}
@@ -213,7 +214,7 @@ public class CertProcessor extends CAProcessor {
notify.notify(req);
}
- CMS.debug("CertRequestSubmitter: submit " + e.toString());
+ CMS.debug("CertProcessor: submit " + e);
errorCode = "2";
errorReason = CMS.getUserMessage(locale, "CMS_PROFILE_DEFERRED", e.toString());
@@ -223,7 +224,7 @@ public class CertProcessor extends CAProcessor {
} catch (ERejectException e) {
// return error to the user
req.setRequestStatus(RequestStatus.REJECTED);
- CMS.debug("CertRequestSubmitter: submit " + e.toString());
+ CMS.debug("CertProcessor: submit " + e);
errorCode = "3";
errorReason = CMS.getUserMessage(locale, "CMS_PROFILE_REJECTED", e.toString());
@@ -239,8 +240,8 @@ public class CertProcessor extends CAProcessor {
audit(auditMessage);
} catch (Throwable e) {
// return error to the user
- e.printStackTrace();
- CMS.debug("CertRequestSubmitter: submit " + e.toString());
+ CMS.debug(e);
+ CMS.debug("CertProcessor: submit " + e);
errorCode = "1";
errorReason = CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR");
auditMessage = CMS.getLogMessage(
@@ -261,8 +262,8 @@ public class CertProcessor extends CAProcessor {
profile.getRequestQueue().updateRequest(req);
}
} catch (EBaseException e) {
- e.printStackTrace();
- CMS.debug("CertRequestSubmitter: updateRequest " + e.toString());
+ CMS.debug(e);
+ CMS.debug("CertProcessor: updateRequest " + e);
}
}
return errorCode;
@@ -312,7 +313,7 @@ public class CertProcessor extends CAProcessor {
}
if (fromRA) {
- CMS.debug("CertRequestSubmitter: request from RA: " + uid);
+ CMS.debug("CertProcessor: request from RA: " + uid);
req.setExtData(ARG_REQUEST_OWNER, uid);
}
@@ -326,18 +327,18 @@ public class CertProcessor extends CAProcessor {
if (setId == null) {
// no profile set found
- CMS.debug("CertRequestSubmitter: no profile policy set found");
+ CMS.debug("CertProcessor: no profile policy set found");
throw new EBaseException(CMS.getUserMessage(locale, "CMS_PROFILE_NO_POLICY_SET_FOUND"));
}
- CMS.debug("CertRequestSubmitter profileSetid=" + setId);
+ CMS.debug("CertProcessor: profileSetid=" + setId);
req.setExtData(ARG_PROFILE_SET_ID, setId);
req.setExtData(ARG_PROFILE_REMOTE_HOST, data.getRemoteHost());
req.setExtData(ARG_PROFILE_REMOTE_ADDR, data.getRemoteAddr());
- CMS.debug("CertRequestSubmitter: request " + req.getRequestId().toString());
+ CMS.debug("CertProcessor: request " + req.getRequestId());
- CMS.debug("CertRequestSubmitter: populating request inputs");
+ CMS.debug("CertProcessor: populating request inputs");
// give authenticator a chance to populate the request
if (authenticator != null) {
authenticator.populate(authToken, req);
diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java
index 8d9d05cb7676f012eed8ef199f4e65f34d5e6ebe..960f997cd4badd18bdd25393e9175fc935d52edb 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java
@@ -127,13 +127,13 @@ public class EnrollmentProcessor extends CertProcessor {
printParameterValues(params);
}
- CMS.debug("EnrollmentSubmitter: isRenewal false");
+ CMS.debug("EnrollmentProcessor: isRenewal false");
startTiming("enrollment");
// if we did not configure profileId in xml file,
// then accept the user-provided one
String profileId = (this.profileID == null) ? data.getProfileId() : this.profileID;
- CMS.debug("EnrollmentSubmitter: profileId " + profileId);
+ CMS.debug("EnrollmentProcessor: profileId " + profileId);
IProfile profile = ps.getProfile(profileId);
if (profile == null) {
@@ -141,17 +141,17 @@ public class EnrollmentProcessor extends CertProcessor {
throw new BadRequestDataException(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", CMSTemplate.escapeJavaScriptStringHTML(profileId)));
}
if (!ps.isProfileEnable(profileId)) {
- CMS.debug("EnrollmentSubmitter: Profile " + profileId + " not enabled");
+ CMS.debug("EnrollmentProcessor: Profile " + profileId + " not enabled");
throw new BadRequestDataException("Profile " + profileId + " not enabled");
}
IProfileContext ctx = profile.createContext();
- CMS.debug("EnrollmentSubmitter: set Inputs into profile Context");
+ CMS.debug("EnrollmentProcessor: set Inputs into profile Context");
setInputsIntoContext(data, profile, ctx);
IProfileAuthenticator authenticator = profile.getAuthenticator();
if (authenticator != null) {
- CMS.debug("EnrollmentSubmitter: authenticator " + authenticator.getName() + " found");
+ CMS.debug("EnrollmentProcessor: authenticator " + authenticator.getName() + " found");
setCredentialsIntoContext(request, authenticator, ctx);
}
@@ -160,7 +160,7 @@ public class EnrollmentProcessor extends CertProcessor {
SessionContext context = SessionContext.getContext();
context.put("profileContext", ctx);
context.put("sslClientCertProvider", new SSLClientCertProvider(request));
- CMS.debug("EnrollmentSubmitter: set sslClientCertProvider");
+ CMS.debug("EnrollmentProcessor: set sslClientCertProvider");
// before creating the request, authenticate the request
IAuthToken authToken = authenticate(request, null, authenticator, context, false);
diff --git a/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java
index 28b1b5130901297ad6eac199f32f5de588bee94d..b9af84bc9b5b878f895707c266b1df1fa5b1e26f 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java
@@ -257,7 +257,8 @@ public class CAProcessor extends Processor {
}
protected void printParameterValues(HashMap<String, String> data) {
- CMS.debug("Start of CertProcessor Input Parameters");
+
+ CMS.debug("CAProcessor: Input Parameters:");
for (Entry<String, String> entry : data.entrySet()) {
String paramName = entry.getKey();
@@ -280,13 +281,11 @@ public class CAProcessor extends Processor {
paramName.equalsIgnoreCase("pwd") ||
paramName.equalsIgnoreCase("pwdagain") ||
paramName.equalsIgnoreCase("uPasswd")) {
- CMS.debug("CertProcessor Input Parameter " + paramName + "='(sensitive)'");
+ CMS.debug("CAProcessor: - " + paramName + ": (sensitive)");
} else {
- CMS.debug("CertProcessor Input Parameter " + paramName + "='" + entry.getValue() + "'");
+ CMS.debug("CAProcessor: - " + paramName + ": " + entry.getValue());
}
}
-
- CMS.debug("End of CertProcessor Input Parameters");
}
/**
--
2.4.3
More information about the Pki-devel
mailing list