CMSServlet (pki-javadoc)

java.lang.Object
- javax.servlet.GenericServlet
- - javax.servlet.http.HttpServlet
  - - com.netscape.cms.servlet.base.CMSServlet

All Implemented Interfaces:

java.io.Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig

Direct Known Subclasses:

AddCAServlet, AddCRLServlet, ChallengeRevocationServlet1, CheckCertServlet, CheckIdentity, CheckRequest, CloneRedirect, CloneServlet, CMCRevReqServlet, ConfirmRecoverBySerial, ConnectorServlet, DirAuthServlet, DisableEnrollResult, DisplayBySerial, DisplayBySerial, DisplayBySerialForRecovery, DisplayCRL, DisplayHashUserEnroll, DisplayHtmlServlet, DisplayTransport, DoRevoke, DoRevokeTPS, DoUnrevoke, DoUnrevokeTPS, DownloadPKCS12, DynamicVariablesServlet, EnableEnrollResult, EnrollServlet, ExamineRecovery, GenerateKeyPairServlet, GetApprovalStatus, GetAsyncPk12, GetBySerial, GetCAChain, GetCertChain, GetCertFromRequest, GetConfigEntries, GetCookie, GetCRL, GetDomainXML, GetEnableStatus, GetInfo, GetOCSPInfo, GetPk12, GetStats, GetStatus, GetSubsystemCert, GetTokenInfo, GetTransportCert, GrantAsyncRecovery, GrantRecovery, HashEnrollServlet, ImportTransportCert, IndexServlet, ListCAServlet, ListCerts, MainPageServlet, Monitor, OCSPServlet, PortsServlet, ProcessCertReq, ProcessReq, ProfileServlet, QueryReq, ReasonToRevoke, RecoverBySerial, RegisterUser, RemoteAuthConfig, RemoveCAServlet, RenewalServlet, RevocationServlet, SearchReqs, SrchCerts, SrchKey, SrchKeyForRecovery, TokenAuthenticate, TokenKeyRecoveryServlet, TokenServlet, UpdateConnector, UpdateCRL, UpdateDir, UpdateDomainXML, UpdateNumberRange, UpdateOCSPConfig
```
public abstract class CMSServlet
extends javax.servlet.http.HttpServlet
```
This is the base class of all CS servlet.

Version:

$Revision$, $Date$

See Also:

Serialized Form

Field Summary

Fields
Modifier and Type	Field and Description
`protected static java.lang.String`	`ADMIN_GROUP`
`static java.lang.String`	`AUTH_FAILURE`
`protected static java.lang.String`	`AUTHMGR_PARAM`
`static java.lang.String`	`AUTHZ_CONFIG_STORE`
`static java.lang.String`	`AUTHZ_MGR_BASIC`
`static java.lang.String`	`AUTHZ_MGR_LDAP`
`static java.lang.String`	`AUTHZ_SRC_LDAP`
`static java.lang.String`	`AUTHZ_SRC_TYPE`
`static java.lang.String`	`AUTHZ_SRC_XML`
`protected static java.lang.String`	`CA_AGENT_GROUP`
`static java.lang.String`	`CERT_ATTR`
`protected ICertificateAuthority`	`certAuthority`
`static java.lang.String`	`ERROR_MSG_TOKEN`
`protected static java.lang.String`	`ERROR_TEMPLATE`
`protected static java.lang.String`	`EXCEPTION_TEMPLATE`
`static java.lang.String`	`FAILURE`
`static java.lang.String`	`FINAL_ERROR_MSG`
`static java.lang.String`	`FULL_ENROLLMENT_REQUEST`
`static java.lang.String`	`FULL_ENROLLMENT_RESPONSE`
`static java.lang.String`	`FULL_RESPONSE` handy routine to check if client want full enrollment response
`protected static java.lang.String`	`KRA_AGENT_GROUP`
`protected java.lang.String`	`mAclMethod`
`protected java.lang.String`	`mAuthMgr`
`protected IAuthority`	`mAuthority`
`protected IAuthzSubsystem`	`mAuthz`
`protected java.lang.String`	`mAuthzResourceName`
`protected IConfigStore`	`mConfig`
`protected java.util.Vector<java.lang.String>`	`mDontSaveHttpParams`
`protected java.lang.String`	`mFinalErrorMsg`
`protected java.lang.String`	`mGetClientCert`
`protected java.lang.String`	`mId`
`protected int`	`mLogCategory`
`protected ILogger`	`mLogger`
`protected java.lang.String`	`mOutputTemplatePath`
`protected boolean`	`mRenderResult`
`protected IRequestQueue`	`mRequestQueue`
`protected java.util.Vector<java.lang.String>`	`mSaveHttpHeaders`
`protected javax.servlet.ServletConfig`	`mServletConfig`
`protected javax.servlet.ServletContext`	`mServletContext`
`protected ILogger`	`mSignedAuditLogger`
`protected java.util.Hashtable<java.lang.Integer,CMSLoadTemplate>`	`mTemplates`
`protected static java.lang.String`	`OCSP_AGENT_GROUP`
`protected static java.lang.String`	`PENDING_TEMPLATE`
`static java.lang.String`	`PFX_AUTH_TOKEN`
`static java.lang.String`	`PFX_HTTP_HEADER`
`static java.lang.String`	`PFX_HTTP_PARAM`
`static java.lang.String`	`PROP_ACL`
`static java.lang.String`	`PROP_AUTHMGR`
`static java.lang.String`	`PROP_AUTHORITY`
`static java.lang.String`	`PROP_AUTHORITYID`
`static java.lang.String`	`PROP_AUTHZ_MGR`
`static java.lang.String`	`PROP_CLIENTAUTH`
`protected static java.lang.String`	`PROP_ERROR_TEMPLATE`
`protected static java.lang.String`	`PROP_EXCEPTION_TEMPLATE`
`static java.lang.String`	`PROP_FINAL_ERROR_MSG`
`static java.lang.String`	`PROP_ID`
`protected static java.lang.String`	`PROP_PENDING_TEMPLATE`
`protected static java.lang.String`	`PROP_REJECTED_TEMPLATE`
`static java.lang.String`	`PROP_RESOURCEID`
`protected static java.lang.String`	`PROP_SUCCESS_TEMPLATE`
`protected static java.lang.String`	`PROP_SUCCESS_TEMPLATE_FILLER`
`protected static java.lang.String`	`PROP_SVC_PENDING_TEMPLATE`
`protected static java.lang.String`	`PROP_UNAUTHORIZED_TEMPLATE`
`protected static java.lang.String`	`RA_AGENT_GROUP`
`protected static java.lang.String`	`REJECTED_TEMPLATE`
`protected javax.servlet.ServletConfig`	`servletConfig`
`static java.lang.String`	`SIMPLE_ENROLLMENT_REQUEST`
`static java.lang.String`	`SIMPLE_ENROLLMENT_RESPONSE`
`static java.lang.String`	`SUCCESS`
`protected static java.lang.String`	`SUCCESS_TEMPLATE`
`protected static java.lang.String`	`SVC_PENDING_TEMPLATE`
`static java.lang.String`	`TEMPLATE_NAME`
`protected static java.lang.String`	`TRUSTED_RA_GROUP`
`protected static java.lang.String`	`UNAUTHORIZED_TEMPLATE`

Constructor Summary

Constructors
Constructor and Description

CMSServlet()

Constructors
Constructor and Description
`CMSServlet()`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`protected boolean`	`areCertsFromCA(java.security.cert.X509Certificate[] certs)` handy routine for checking if a list of certs is from this CA.
`protected void`	`audit(java.lang.String msg)` Signed Audit Log This method is inherited by all extended "CMSServlet"s, and is called to store messages to the signed audit log.
`protected java.lang.String`	`auditGroupID()` Signed Audit Log Group ID This method is inherited by all extended "CMSServlet"s, and is called to obtain the "gid" for a signed audit log message.
`protected java.lang.String`	`auditSubjectID()` Signed Audit Log Subject ID This method is inherited by all extended "CMSServlet"s, and is called to obtain the "SubjectID" for a signed audit log message.
`IAuthToken`	`authenticate(CMSRequest req)`
`IAuthToken`	`authenticate(CMSRequest req, java.lang.String authMgrName)`
`IAuthToken`	`authenticate(javax.servlet.http.HttpServletRequest httpReq)`
`IAuthToken`	`authenticate(javax.servlet.http.HttpServletRequest httpReq, java.lang.String authMgrName)` Authentication
`AuthzToken`	`authorize(java.lang.String authzMgrName, IAuthToken authToken, java.lang.String resource, java.lang.String operation)` Authorize must occur after Authenticate
`AuthzToken`	`authorize(java.lang.String authzMgrName, java.lang.String resource, IAuthToken authToken, java.lang.String exp)`
`protected boolean`	`certIsRevoked(java.math.BigInteger serialNum)` check if a certificate (serial number) is revoked on a CA.
`protected boolean`	`checkImportCertToNav(javax.servlet.http.HttpServletResponse httpResp, IArgBlock httpParams, netscape.security.x509.X509CertImpl cert)`
`static boolean`	`clientIsMSIE(javax.servlet.http.HttpServletRequest httpReq)` handy routine to check if client is msie based on user-agent.
`static boolean`	`clientIsNav(javax.servlet.http.HttpServletRequest httpReq)` handy routine to check if client is navigator based on user-agent.
`protected static boolean`	`connectionIsSSL(javax.servlet.http.HttpServletRequest httpReq)`
`static boolean`	`doCMMFResponse(IArgBlock httpParams)`
`static boolean`	`doFullResponse(IArgBlock httpParams)`
`protected netscape.security.x509.RevokedCertImpl`	`formCRLEntry(java.math.BigInteger serialNo, netscape.security.x509.RevocationReason reason)` make a CRL entry from a serial number and revocation reason.
`static java.lang.String`	`generateSalt()`
`static AuthCredentials`	`getAuthCreds(IAuthManager authMgr, IArgBlock argBlock, java.security.cert.X509Certificate clientCert)` construct a authentication credentials to pass into authentication manager.
`java.lang.String`	`getAuthMgr()`
`protected IAuthToken`	`getAuthToken(IRequest req)`
`protected ICertRecord`	`getCertRecord(java.math.BigInteger serialNo)` handy routine for getting a cert record given a serial number.
`protected void`	`getDontSaveHttpParams(javax.servlet.ServletConfig sc)` get http parameters not to save from configuration.
`java.lang.String`	`getId()`
`static java.io.File`	`getLangFile(javax.servlet.http.HttpServletRequest req, java.io.File realpathFile, java.util.Locale[] locale)`
`protected java.util.Locale`	`getLocale(javax.servlet.http.HttpServletRequest req)` Retrieves locale based on the request.
`static java.util.Locale`	`getLocale(java.lang.String lang)`
`protected java.lang.String`	`getRelPath(IAuthority authority)` handy routine for getting agent's relative path
`protected void`	`getSaveHttpHeaders(javax.servlet.ServletConfig sc)` get http headers to save from configuration.
`protected java.security.cert.X509Certificate`	`getSSLClientCertificate(javax.servlet.http.HttpServletRequest httpReq)` get ssl client authenticated certificate
`protected CMSTemplate`	`getTemplate(java.lang.String templateName, javax.servlet.http.HttpServletRequest httpReq, java.util.Locale[] locale)` get a template based on result status.
`protected java.security.cert.X509Certificate`	`getX509Certificate(java.math.BigInteger serialNo)` handy routine for getting a certificate from the certificate repository.
`protected java.lang.String`	`hashPassword(java.lang.String pwd)`
`void`	`importCertToNav(javax.servlet.http.HttpServletResponse httpResp, netscape.security.x509.X509CertImpl cert, java.lang.String contentType, boolean importCAChain)` handy routine to import cert to old navigator in nav mime type.
`void`	`init(javax.servlet.ServletConfig sc)`
`protected static void`	`invalidateSSLSession(javax.servlet.http.HttpServletRequest httpReq)` Invalidates a SSL Session.
`protected boolean`	`isCertFromCA(java.security.cert.X509Certificate cert)` handy routine for validating if a cert is from this CA.
`boolean`	`isClientCertRequired()`
`protected boolean`	`isSystemCertificate(java.math.BigInteger serialNo)` A system certificate such as the CA signing certificate should not be allowed to delete.
`protected void`	`log(int event, int level, java.lang.String msg)` log according to authority category.
`protected void`	`log(int level, java.lang.String msg)`
`protected CMSRequest`	`newCMSRequest()` Create a new CMSRequest object.
`protected ICMSTemplateFiller`	`newFillerObject(java.lang.String fillerClass)` instantiate a new filler from a class name,
`protected void`	`outputArgBlockAsXML(XMLObject xmlObj, org.w3c.dom.Node parent, java.lang.String argBlockName, IArgBlock argBlock)`
`protected void`	`outputError(javax.servlet.http.HttpServletResponse httpResp, java.lang.String errorString)`
`protected void`	`outputError(javax.servlet.http.HttpServletResponse httpResp, java.lang.String errorString, java.lang.String requestId)`
`protected void`	`outputError(javax.servlet.http.HttpServletResponse httpResp, java.lang.String status, java.lang.String errorString, java.lang.String requestId)`
`void`	`outputHttpParameters(javax.servlet.http.HttpServletRequest httpReq)`
`protected void`	`outputResult(javax.servlet.http.HttpServletResponse httpResp, java.lang.String contentType, byte[] content)`
`protected void`	`outputXML(javax.servlet.http.HttpServletResponse httpResp, CMSTemplateParams params)`
`protected void`	`process(CMSRequest cmsRequest)` process an HTTP request.
`protected void`	`renderException(CMSRequest cmsReq, EBaseException e)` Output exception (unexpected error) template This is different from other templates in that if an exception occurs while rendering the exception a message is printed out directly.
`void`	`renderFinalError(CMSRequest cmsReq, java.lang.Exception ex)`
`protected void`	`renderResult(CMSRequest cmsReq)` Output a template.
`protected void`	`renderTemplate(CMSRequest cmsReq, java.lang.String templateName, ICMSTemplateFiller filler)`
`protected static void`	`saveAuthToken(IAuthToken token, IRequest req)`
`protected void`	`saveHttpHeaders(javax.servlet.http.HttpServletRequest httpReq, IRequest req)` save http headers in a IRequest.
`protected void`	`saveHttpParams(IArgBlock httpParams, IRequest req)` save http headers in a IRequest.
`void`	`service(javax.servlet.http.HttpServletRequest httpReq, javax.servlet.http.HttpServletResponse httpResp)`
`protected void`	`setDefaultTemplates(javax.servlet.ServletConfig sc)` set default templates.
`static java.util.Hashtable<java.lang.String,java.lang.String>`	`toHashtable(javax.servlet.http.HttpServletRequest req)`

Methods inherited from class javax.servlet.http.HttpServlet
doDelete, doGet, doHead, doOptions, doPost, doPut, doTrace, getLastModified, service

Methods inherited from class javax.servlet.GenericServlet
destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, log, log

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SUCCESS

public static final java.lang.String SUCCESS

See Also:: Constant Field Values

FAILURE

public static final java.lang.String FAILURE

See Also:: Constant Field Values

AUTH_FAILURE

public static final java.lang.String AUTH_FAILURE

See Also:: Constant Field Values

PROP_ID

public static final java.lang.String PROP_ID

See Also:: Constant Field Values

PROP_AUTHORITY

public static final java.lang.String PROP_AUTHORITY

See Also:: Constant Field Values

PROP_AUTHORITYID

public static final java.lang.String PROP_AUTHORITYID

See Also:: Constant Field Values

PROP_AUTHMGR

public static final java.lang.String PROP_AUTHMGR

See Also:: Constant Field Values

PROP_CLIENTAUTH

public static final java.lang.String PROP_CLIENTAUTH

See Also:: Constant Field Values

PROP_RESOURCEID

public static final java.lang.String PROP_RESOURCEID

See Also:: Constant Field Values

AUTHZ_SRC_LDAP

public static final java.lang.String AUTHZ_SRC_LDAP

See Also:: Constant Field Values

AUTHZ_SRC_TYPE

public static final java.lang.String AUTHZ_SRC_TYPE

See Also:: Constant Field Values

AUTHZ_CONFIG_STORE

public static final java.lang.String AUTHZ_CONFIG_STORE

See Also:: Constant Field Values

AUTHZ_SRC_XML

public static final java.lang.String AUTHZ_SRC_XML

See Also:: Constant Field Values

PROP_AUTHZ_MGR

public static final java.lang.String PROP_AUTHZ_MGR

See Also:: Constant Field Values

PROP_ACL

public static final java.lang.String PROP_ACL

See Also:: Constant Field Values

AUTHZ_MGR_BASIC

public static final java.lang.String AUTHZ_MGR_BASIC

See Also:: Constant Field Values

AUTHZ_MGR_LDAP

public static final java.lang.String AUTHZ_MGR_LDAP

See Also:: Constant Field Values

PROP_FINAL_ERROR_MSG

public static final java.lang.String PROP_FINAL_ERROR_MSG

See Also:: Constant Field Values

ERROR_MSG_TOKEN

public static final java.lang.String ERROR_MSG_TOKEN

See Also:: Constant Field Values

FINAL_ERROR_MSG

public static final java.lang.String FINAL_ERROR_MSG

See Also:: Constant Field Values

PROP_UNAUTHORIZED_TEMPLATE

protected static final java.lang.String PROP_UNAUTHORIZED_TEMPLATE

See Also:: Constant Field Values

UNAUTHORIZED_TEMPLATE

protected static final java.lang.String UNAUTHORIZED_TEMPLATE

See Also:: Constant Field Values

PROP_SUCCESS_TEMPLATE

protected static final java.lang.String PROP_SUCCESS_TEMPLATE

See Also:: Constant Field Values

SUCCESS_TEMPLATE

protected static final java.lang.String SUCCESS_TEMPLATE

See Also:: Constant Field Values

PROP_PENDING_TEMPLATE

protected static final java.lang.String PROP_PENDING_TEMPLATE

See Also:: Constant Field Values

PENDING_TEMPLATE

protected static final java.lang.String PENDING_TEMPLATE

See Also:: Constant Field Values

PROP_SVC_PENDING_TEMPLATE

protected static final java.lang.String PROP_SVC_PENDING_TEMPLATE

See Also:: Constant Field Values

SVC_PENDING_TEMPLATE

protected static final java.lang.String SVC_PENDING_TEMPLATE

See Also:: Constant Field Values

PROP_REJECTED_TEMPLATE

protected static final java.lang.String PROP_REJECTED_TEMPLATE

See Also:: Constant Field Values

REJECTED_TEMPLATE

protected static final java.lang.String REJECTED_TEMPLATE

See Also:: Constant Field Values

PROP_ERROR_TEMPLATE

protected static final java.lang.String PROP_ERROR_TEMPLATE

See Also:: Constant Field Values

ERROR_TEMPLATE

protected static final java.lang.String ERROR_TEMPLATE

See Also:: Constant Field Values

PROP_EXCEPTION_TEMPLATE

protected static final java.lang.String PROP_EXCEPTION_TEMPLATE

See Also:: Constant Field Values

EXCEPTION_TEMPLATE

protected static final java.lang.String EXCEPTION_TEMPLATE

See Also:: Constant Field Values

PROP_SUCCESS_TEMPLATE_FILLER

protected static final java.lang.String PROP_SUCCESS_TEMPLATE_FILLER

See Also:: Constant Field Values

RA_AGENT_GROUP

protected static final java.lang.String RA_AGENT_GROUP

See Also:: Constant Field Values

CA_AGENT_GROUP

protected static final java.lang.String CA_AGENT_GROUP

See Also:: Constant Field Values

KRA_AGENT_GROUP

protected static final java.lang.String KRA_AGENT_GROUP

See Also:: Constant Field Values

OCSP_AGENT_GROUP

protected static final java.lang.String OCSP_AGENT_GROUP

See Also:: Constant Field Values

TRUSTED_RA_GROUP

protected static final java.lang.String TRUSTED_RA_GROUP

See Also:: Constant Field Values

ADMIN_GROUP

protected static final java.lang.String ADMIN_GROUP

See Also:: Constant Field Values

PFX_HTTP_HEADER

public static final java.lang.String PFX_HTTP_HEADER

See Also:: Constant Field Values

PFX_HTTP_PARAM

public static final java.lang.String PFX_HTTP_PARAM

See Also:: Constant Field Values

PFX_AUTH_TOKEN

public static final java.lang.String PFX_AUTH_TOKEN

See Also:: Constant Field Values

AUTHMGR_PARAM

protected static final java.lang.String AUTHMGR_PARAM

See Also:: Constant Field Values

CERT_ATTR

public static final java.lang.String CERT_ATTR

See Also:: Constant Field Values

servletConfig

protected javax.servlet.ServletConfig servletConfig

mRenderResult
```
protected boolean mRenderResult
```

mFinalErrorMsg

protected java.lang.String mFinalErrorMsg

mTemplates

protected java.util.Hashtable<java.lang.Integer,CMSLoadTemplate> mTemplates

mServletConfig

protected javax.servlet.ServletConfig mServletConfig

mServletContext

protected javax.servlet.ServletContext mServletContext

mDontSaveHttpParams

protected java.util.Vector<java.lang.String> mDontSaveHttpParams

mSaveHttpHeaders

protected java.util.Vector<java.lang.String> mSaveHttpHeaders

mId
```
protected java.lang.String mId
```

mConfig
```
protected IConfigStore mConfig
```

mAuthority
```
protected IAuthority mAuthority
```

certAuthority

protected ICertificateAuthority certAuthority

mRequestQueue
```
protected IRequestQueue mRequestQueue
```

mLogger
```
protected ILogger mLogger
```

mLogCategory
```
protected int mLogCategory
```

mGetClientCert

protected java.lang.String mGetClientCert

mAuthMgr
```
protected java.lang.String mAuthMgr
```

mAuthz
```
protected IAuthzSubsystem mAuthz
```

mAclMethod
```
protected java.lang.String mAclMethod
```

mAuthzResourceName

protected java.lang.String mAuthzResourceName

mSignedAuditLogger
```
protected ILogger mSignedAuditLogger
```

mOutputTemplatePath

protected java.lang.String mOutputTemplatePath

TEMPLATE_NAME

public static final java.lang.String TEMPLATE_NAME

See Also:: Constant Field Values

SIMPLE_ENROLLMENT_REQUEST

public static final java.lang.String SIMPLE_ENROLLMENT_REQUEST

See Also:: Constant Field Values

SIMPLE_ENROLLMENT_RESPONSE

public static final java.lang.String SIMPLE_ENROLLMENT_RESPONSE

See Also:: Constant Field Values

FULL_ENROLLMENT_REQUEST

public static final java.lang.String FULL_ENROLLMENT_REQUEST

See Also:: Constant Field Values

FULL_ENROLLMENT_RESPONSE

public static final java.lang.String FULL_ENROLLMENT_RESPONSE

See Also:: Constant Field Values

FULL_RESPONSE
```
public static java.lang.String FULL_RESPONSE
```
handy routine to check if client want full enrollment response

Constructor Detail
- CMSServlet
```
public CMSServlet()
```

Method Detail

toHashtable

public static java.util.Hashtable<java.lang.String,java.lang.String> toHashtable(javax.servlet.http.HttpServletRequest req)

init
```
public void init(javax.servlet.ServletConfig sc)
          throws javax.servlet.ServletException
```
Specified by:

init in interface javax.servlet.Servlet

Overrides:

init in class javax.servlet.GenericServlet

Throws:

javax.servlet.ServletException

getId
```
public java.lang.String getId()
```

getAuthMgr
```
public java.lang.String getAuthMgr()
```

isClientCertRequired
```
public boolean isClientCertRequired()
```

outputHttpParameters

public void outputHttpParameters(javax.servlet.http.HttpServletRequest httpReq)

service

public void service(javax.servlet.http.HttpServletRequest httpReq,
                    javax.servlet.http.HttpServletResponse httpResp)
             throws javax.servlet.ServletException,
                    java.io.IOException

Overrides:: service in class javax.servlet.http.HttpServlet
Throws:: javax.servlet.ServletException; java.io.IOException

newCMSRequest
```
protected CMSRequest newCMSRequest()
```
Create a new CMSRequest object. This should be overriden by servlets implementing different types of request

Returns:

a new CMSRequest object

process
```
protected void process(CMSRequest cmsRequest)
                throws java.lang.Exception
```
process an HTTP request. Servlets must override this with their own implementation

Throws:

EBaseException - if the servlet was unable to satisfactorily process the request

java.lang.Exception

renderResult
```
protected void renderResult(CMSRequest cmsReq)
                     throws java.io.IOException
```
Output a template. If an error occurs while outputing the template the exception template is used to display the error.

Parameters:

cmsReq - the CS request

Throws:

java.io.IOException

outputArgBlockAsXML

protected void outputArgBlockAsXML(XMLObject xmlObj,
                                   org.w3c.dom.Node parent,
                                   java.lang.String argBlockName,
                                   IArgBlock argBlock)

outputXML

protected void outputXML(javax.servlet.http.HttpServletResponse httpResp,
                         CMSTemplateParams params)

renderTemplate

protected void renderTemplate(CMSRequest cmsReq,
                              java.lang.String templateName,
                              ICMSTemplateFiller filler)
                       throws java.io.IOException

Throws:: java.io.IOException

renderException
```
protected void renderException(CMSRequest cmsReq,
                               EBaseException e)
                        throws java.io.IOException
```
Output exception (unexpected error) template This is different from other templates in that if an exception occurs while rendering the exception a message is printed out directly. If the message gets an error an IOException is thrown. In others if an exception occurs while rendering the template the exception template (this) is called.

Parameters:

cmsReq - the CS request to pass to template filler if any.

e - the unexpected exception

Throws:

java.io.IOException

renderFinalError

public void renderFinalError(CMSRequest cmsReq,
                             java.lang.Exception ex)
                      throws java.io.IOException

Throws:: java.io.IOException

invalidateSSLSession

protected static void invalidateSSLSession(javax.servlet.http.HttpServletRequest httpReq)

Invalidates a SSL Session. So client auth will happen again.

getAuthCreds

public static AuthCredentials getAuthCreds(IAuthManager authMgr,
                                           IArgBlock argBlock,
                                           java.security.cert.X509Certificate clientCert)
                                    throws EBaseException

construct a authentication credentials to pass into authentication manager.

Throws:: EBaseException

getSSLClientCertificate

protected java.security.cert.X509Certificate getSSLClientCertificate(javax.servlet.http.HttpServletRequest httpReq)
                                                              throws EBaseException

get ssl client authenticated certificate

Throws:: EBaseException

getTemplate

protected CMSTemplate getTemplate(java.lang.String templateName,
                                  javax.servlet.http.HttpServletRequest httpReq,
                                  java.util.Locale[] locale)
                           throws EBaseException,
                                  java.io.IOException

get a template based on result status.

Throws:: EBaseException; java.io.IOException

log

protected void log(int event,
                   int level,
                   java.lang.String msg)

log according to authority category.

log

protected void log(int level,
                   java.lang.String msg)

getDontSaveHttpParams
```
protected void getDontSaveHttpParams(javax.servlet.ServletConfig sc)
```
get http parameters not to save from configuration.

getSaveHttpHeaders

protected void getSaveHttpHeaders(javax.servlet.ServletConfig sc)

get http headers to save from configuration.

saveHttpHeaders

protected void saveHttpHeaders(javax.servlet.http.HttpServletRequest httpReq,
                               IRequest req)
                        throws EBaseException

save http headers in a IRequest.

Throws:: EBaseException

saveHttpParams

protected void saveHttpParams(IArgBlock httpParams,
                              IRequest req)

save http headers in a IRequest.

getCertRecord
```
protected ICertRecord getCertRecord(java.math.BigInteger serialNo)
```
handy routine for getting a cert record given a serial number.

isCertFromCA
```
protected boolean isCertFromCA(java.security.cert.X509Certificate cert)
```
handy routine for validating if a cert is from this CA. mAuthority must be a CA.

areCertsFromCA
```
protected boolean areCertsFromCA(java.security.cert.X509Certificate[] certs)
```
handy routine for checking if a list of certs is from this CA. mAuthortiy must be a CA.

getX509Certificate
```
protected java.security.cert.X509Certificate getX509Certificate(java.math.BigInteger serialNo)
```
handy routine for getting a certificate from the certificate repository. mAuthority must be a CA.

newFillerObject
```
protected ICMSTemplateFiller newFillerObject(java.lang.String fillerClass)
```
instantiate a new filler from a class name,

Returns:

null if can't be instantiated, new instance otherwise.

setDefaultTemplates
```
protected void setDefaultTemplates(javax.servlet.ServletConfig sc)
```
set default templates. subclasses can override, and should override at least the success template

clientIsNav

public static boolean clientIsNav(javax.servlet.http.HttpServletRequest httpReq)

handy routine to check if client is navigator based on user-agent.

clientIsMSIE

public static boolean clientIsMSIE(javax.servlet.http.HttpServletRequest httpReq)

handy routine to check if client is msie based on user-agent.

doCMMFResponse

public static boolean doCMMFResponse(IArgBlock httpParams)

doFullResponse

public static boolean doFullResponse(IArgBlock httpParams)

checkImportCertToNav

protected boolean checkImportCertToNav(javax.servlet.http.HttpServletResponse httpResp,
                                       IArgBlock httpParams,
                                       netscape.security.x509.X509CertImpl cert)
                                throws EBaseException

Returns:: false if import cert directly set to false.
Throws:: EBaseException

importCertToNav

public void importCertToNav(javax.servlet.http.HttpServletResponse httpResp,
                            netscape.security.x509.X509CertImpl cert,
                            java.lang.String contentType,
                            boolean importCAChain)
                     throws EBaseException

handy routine to import cert to old navigator in nav mime type.

Throws:: EBaseException

saveAuthToken

protected static void saveAuthToken(IAuthToken token,
                                    IRequest req)

getAuthToken

protected IAuthToken getAuthToken(IRequest req)

connectionIsSSL

protected static boolean connectionIsSSL(javax.servlet.http.HttpServletRequest httpReq)

getRelPath

protected java.lang.String getRelPath(IAuthority authority)

handy routine for getting agent's relative path

isSystemCertificate
```
protected boolean isSystemCertificate(java.math.BigInteger serialNo)
                               throws EBaseException
```
A system certificate such as the CA signing certificate should not be allowed to delete. The main purpose is to avoid revoking the self signed CA certificate accidentially.

Throws:

EBaseException

formCRLEntry

protected netscape.security.x509.RevokedCertImpl formCRLEntry(java.math.BigInteger serialNo,
                                                              netscape.security.x509.RevocationReason reason)
                                                       throws EBaseException

make a CRL entry from a serial number and revocation reason.

Returns:: a RevokedCertImpl that can be entered in a CRL.
Throws:: EBaseException

certIsRevoked
```
protected boolean certIsRevoked(java.math.BigInteger serialNum)
                         throws EBaseException
```
check if a certificate (serial number) is revoked on a CA.

Returns:

true if cert is marked revoked in the CA's database.

Throws:

EBaseException

generateSalt

public static java.lang.String generateSalt()

hashPassword

protected java.lang.String hashPassword(java.lang.String pwd)

getLangFile

public static java.io.File getLangFile(javax.servlet.http.HttpServletRequest req,
                                       java.io.File realpathFile,
                                       java.util.Locale[] locale)
                                throws java.io.IOException

Parameters:: req - http servlet request; realpathFile - the file to get.; locale - array of at least one to be filled with locale found.
Throws:: java.io.IOException

getLocale

public static java.util.Locale getLocale(java.lang.String lang)

authenticate

public IAuthToken authenticate(CMSRequest req)
                        throws EBaseException

Throws:: EBaseException

authenticate

public IAuthToken authenticate(javax.servlet.http.HttpServletRequest httpReq)
                        throws EBaseException

Throws:: EBaseException

authenticate

public IAuthToken authenticate(CMSRequest req,
                               java.lang.String authMgrName)
                        throws EBaseException

Throws:: EBaseException

authenticate
```
public IAuthToken authenticate(javax.servlet.http.HttpServletRequest httpReq,
                               java.lang.String authMgrName)
                        throws EBaseException
```
Authentication
- signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication fails (in case of SSL-client auth, only webserver env can pick up the SSL violation; CS authMgr can pick up cert mis-match, so this event is used)
- signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication succeeded
Throws:

EBaseException - an error has occurred

authorize

public AuthzToken authorize(java.lang.String authzMgrName,
                            java.lang.String resource,
                            IAuthToken authToken,
                            java.lang.String exp)
                     throws EBaseException

Throws:: EBaseException

authorize
```
public AuthzToken authorize(java.lang.String authzMgrName,
                            IAuthToken authToken,
                            java.lang.String resource,
                            java.lang.String operation)
                     throws EBaseException
```
Authorize must occur after Authenticate
- signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization has failed
- signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization is successful
- signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a role (in current CS that's when one accesses a role port)
Parameters:

authzMgrName - string representing the name of the authorization manager

authToken - the authentication token

resource - a string representing the ACL resource id as defined in the ACL resource list

operation - a string representing one of the operations as defined within the ACL statement (e. g. - "read" for an ACL statement containing "(read,write)")

Returns:

the authorization token

Throws:

EBaseException - an error has occurred

audit
```
protected void audit(java.lang.String msg)
```
Signed Audit Log This method is inherited by all extended "CMSServlet"s, and is called to store messages to the signed audit log.

Parameters:

msg - signed audit log message

auditSubjectID
```
protected java.lang.String auditSubjectID()
```
Signed Audit Log Subject ID This method is inherited by all extended "CMSServlet"s, and is called to obtain the "SubjectID" for a signed audit log message.

Returns:

id string containing the signed audit log message SubjectID

auditGroupID
```
protected java.lang.String auditGroupID()
```
Signed Audit Log Group ID This method is inherited by all extended "CMSServlet"s, and is called to obtain the "gid" for a signed audit log message.

Returns:

id string containing the signed audit log message SubjectID

getLocale

protected java.util.Locale getLocale(javax.servlet.http.HttpServletRequest req)

Retrieves locale based on the request.

outputResult

protected void outputResult(javax.servlet.http.HttpServletResponse httpResp,
                            java.lang.String contentType,
                            byte[] content)

outputError

protected void outputError(javax.servlet.http.HttpServletResponse httpResp,
                           java.lang.String errorString)

outputError

protected void outputError(javax.servlet.http.HttpServletResponse httpResp,
                           java.lang.String errorString,
                           java.lang.String requestId)

outputError

protected void outputError(javax.servlet.http.HttpServletResponse httpResp,
                           java.lang.String status,
                           java.lang.String errorString,
                           java.lang.String requestId)

Class CMSServlet

Field Summary

Constructor Summary

Method Summary

Methods inherited from class javax.servlet.http.HttpServlet

Methods inherited from class javax.servlet.GenericServlet

Methods inherited from class java.lang.Object

Field Detail

SUCCESS

FAILURE

AUTH_FAILURE

PROP_ID

PROP_AUTHORITY

PROP_AUTHORITYID

PROP_AUTHMGR

PROP_CLIENTAUTH

PROP_RESOURCEID

AUTHZ_SRC_LDAP

AUTHZ_SRC_TYPE

AUTHZ_CONFIG_STORE

AUTHZ_SRC_XML

PROP_AUTHZ_MGR

PROP_ACL

AUTHZ_MGR_BASIC

AUTHZ_MGR_LDAP

PROP_FINAL_ERROR_MSG

ERROR_MSG_TOKEN

FINAL_ERROR_MSG

PROP_UNAUTHORIZED_TEMPLATE

UNAUTHORIZED_TEMPLATE

PROP_SUCCESS_TEMPLATE

SUCCESS_TEMPLATE

PROP_PENDING_TEMPLATE

PENDING_TEMPLATE

PROP_SVC_PENDING_TEMPLATE

SVC_PENDING_TEMPLATE

PROP_REJECTED_TEMPLATE

REJECTED_TEMPLATE

PROP_ERROR_TEMPLATE

ERROR_TEMPLATE

PROP_EXCEPTION_TEMPLATE

EXCEPTION_TEMPLATE

PROP_SUCCESS_TEMPLATE_FILLER

RA_AGENT_GROUP

CA_AGENT_GROUP

KRA_AGENT_GROUP

OCSP_AGENT_GROUP

TRUSTED_RA_GROUP

ADMIN_GROUP

PFX_HTTP_HEADER

PFX_HTTP_PARAM

PFX_AUTH_TOKEN

AUTHMGR_PARAM

CERT_ATTR

servletConfig

mRenderResult

mFinalErrorMsg

mTemplates

mServletConfig

mServletContext

mDontSaveHttpParams

mSaveHttpHeaders

mId

mConfig

mAuthority

certAuthority

mRequestQueue

mLogger

mLogCategory

mGetClientCert

mAuthMgr

mAuthz

mAclMethod

mAuthzResourceName

mSignedAuditLogger

mOutputTemplatePath

TEMPLATE_NAME

SIMPLE_ENROLLMENT_REQUEST

SIMPLE_ENROLLMENT_RESPONSE

FULL_ENROLLMENT_REQUEST