com.netscape.cms.servlet.cert

Class EnrollServlet

java.lang.Object

javax.servlet.GenericServlet

javax.servlet.http.HttpServlet

com.netscape.cms.servlet.base.CMSServlet

com.netscape.cms.servlet.cert.EnrollServlet

All Implemented Interfaces:

java.io.Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig

public class EnrollServlet
extends CMSServlet

Submit a Certificate Enrollment request

Version:

$Revision$, $Date$

See Also:

Serialized Form

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	ADMIN_ENROLL_SERVLET_ID
static java.lang.String	CERT_TYPE
static java.lang.String	CHALLENGE_PASSWORD
static java.lang.String	CMC_REQUEST
static java.lang.String	CRMF_REQID
static java.lang.String	CRMF_REQUEST
static java.lang.String	ENROLL_SUCCESS_TEMPLATE
static java.lang.String	OLD_CERT_TYPE
static java.lang.String	PKCS10_REQUEST
static java.lang.String	REQUEST_CONTENT
static java.lang.String	REQUEST_FORMAT
static java.lang.String	REQUEST_FORMAT_CMC
static java.lang.String	REQUEST_FORMAT_PKCS10
static java.lang.String	SUBJECT_KEYGEN_INFO
static java.lang.String	SUBJECT_NAME

Fields inherited from class com.netscape.cms.servlet.base.CMSServlet

ADMIN_GROUP, AUTH_FAILURE, AUTHMGR_PARAM, AUTHZ_CONFIG_STORE, AUTHZ_MGR_BASIC, AUTHZ_MGR_LDAP, AUTHZ_SRC_LDAP, AUTHZ_SRC_TYPE, AUTHZ_SRC_XML, CA_AGENT_GROUP, CERT_ATTR, certAuthority, ERROR_MSG_TOKEN, ERROR_TEMPLATE, EXCEPTION_TEMPLATE, FAILURE, FINAL_ERROR_MSG, FULL_ENROLLMENT_REQUEST, FULL_ENROLLMENT_RESPONSE, FULL_RESPONSE, KRA_AGENT_GROUP, mAclMethod, mAuthMgr, mAuthority, mAuthz, mAuthzResourceName, mConfig, mDontSaveHttpParams, mFinalErrorMsg, mGetClientCert, mId, mLogCategory, mLogger, mOutputTemplatePath, mRenderResult, mRequestQueue, mSaveHttpHeaders, mServletConfig, mServletContext, mSignedAuditLogger, mTemplates, OCSP_AGENT_GROUP, PENDING_TEMPLATE, PFX_AUTH_TOKEN, PFX_HTTP_HEADER, PFX_HTTP_PARAM, PROP_ACL, PROP_AUTHMGR, PROP_AUTHORITY, PROP_AUTHORITYID, PROP_AUTHZ_MGR, PROP_CLIENTAUTH, PROP_ERROR_TEMPLATE, PROP_EXCEPTION_TEMPLATE, PROP_FINAL_ERROR_MSG, PROP_ID, PROP_PENDING_TEMPLATE, PROP_REJECTED_TEMPLATE, PROP_RESOURCEID, PROP_SUCCESS_TEMPLATE, PROP_SUCCESS_TEMPLATE_FILLER, PROP_SVC_PENDING_TEMPLATE, PROP_UNAUTHORIZED_TEMPLATE, RA_AGENT_GROUP, REJECTED_TEMPLATE, servletConfig, SIMPLE_ENROLLMENT_REQUEST, SIMPLE_ENROLLMENT_RESPONSE, SUCCESS, SUCCESS_TEMPLATE, SVC_PENDING_TEMPLATE, TEMPLATE_NAME, TRUSTED_RA_GROUP, UNAUTHORIZED_TEMPLATE

Constructor Summary

Constructors

Constructor and Description
EnrollServlet()

Method Summary

Modifier and Type	Method and Description
protected void	addAdminAgent(CMSRequest cmsReq, netscape.security.x509.X509CertImpl[] issuedCerts)
protected void	checkAdminEnroll(CMSRequest cmsReq, netscape.security.x509.X509CertImpl[] issuedCerts) check if this is first enroll from admin enroll.
boolean	getEnforcePop() XXX (SHOULD CHANGE TO READ FROM Servletconfig) Getter method to see if Proof of Posession checking is enabled.
void	init(javax.servlet.ServletConfig sc) initialize the servlet.
protected void	process(CMSRequest cmsReq) Process the HTTP request.
protected void	processX509(CMSRequest cmsReq) Process X509 certificate enrollment request
protected void	renderServerEnrollResult(CMSRequest cmsReq)

Methods inherited from class com.netscape.cms.servlet.base.CMSServlet

areCertsFromCA, audit, auditGroupID, auditSubjectID, authenticate, authenticate, authenticate, authenticate, authorize, authorize, certIsRevoked, checkImportCertToNav, clientIsMSIE, clientIsNav, connectionIsSSL, doCMMFResponse, doFullResponse, formCRLEntry, generateSalt, getAuthCreds, getAuthMgr, getAuthToken, getCertRecord, getDontSaveHttpParams, getId, getLangFile, getLocale, getLocale, getRelPath, getSaveHttpHeaders, getSSLClientCertificate, getTemplate, getX509Certificate, hashPassword, importCertToNav, invalidateSSLSession, isCertFromCA, isClientCertRequired, isSystemCertificate, log, log, newCMSRequest, newFillerObject, outputArgBlockAsXML, outputError, outputError, outputError, outputHttpParameters, outputResult, outputXML, renderException, renderFinalError, renderResult, renderTemplate, saveAuthToken, saveHttpHeaders, saveHttpParams, service, setDefaultTemplates, toHashtable

Methods inherited from class javax.servlet.http.HttpServlet

doDelete, doGet, doHead, doOptions, doPost, doPut, doTrace, getLastModified, service

Methods inherited from class javax.servlet.GenericServlet

destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, log, log

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ADMIN_ENROLL_SERVLET_ID

public static final java.lang.String ADMIN_ENROLL_SERVLET_ID

See Also:

Constant Field Values

ENROLL_SUCCESS_TEMPLATE

public static final java.lang.String ENROLL_SUCCESS_TEMPLATE

See Also:

Constant Field Values

OLD_CERT_TYPE

public static final java.lang.String OLD_CERT_TYPE

See Also:

Constant Field Values

CERT_TYPE

public static final java.lang.String CERT_TYPE

See Also:

Constant Field Values

REQUEST_FORMAT

public static final java.lang.String REQUEST_FORMAT

See Also:

Constant Field Values

REQUEST_FORMAT_PKCS10

public static final java.lang.String REQUEST_FORMAT_PKCS10

See Also:

Constant Field Values

REQUEST_FORMAT_CMC

public static final java.lang.String REQUEST_FORMAT_CMC

See Also:

Constant Field Values

REQUEST_CONTENT

public static final java.lang.String REQUEST_CONTENT

See Also:

Constant Field Values

SUBJECT_KEYGEN_INFO

public static final java.lang.String SUBJECT_KEYGEN_INFO

See Also:

Constant Field Values

PKCS10_REQUEST

public static final java.lang.String PKCS10_REQUEST

See Also:

Constant Field Values

CMC_REQUEST

public static final java.lang.String CMC_REQUEST

See Also:

Constant Field Values

CRMF_REQUEST

public static final java.lang.String CRMF_REQUEST

See Also:

Constant Field Values

SUBJECT_NAME

public static final java.lang.String SUBJECT_NAME

See Also:

Constant Field Values

CRMF_REQID

public static final java.lang.String CRMF_REQID

See Also:

Constant Field Values

CHALLENGE_PASSWORD

public static final java.lang.String CHALLENGE_PASSWORD

See Also:

Constant Field Values

Constructor Detail

EnrollServlet

public EnrollServlet()

Method Detail

init

public void init(javax.servlet.ServletConfig sc)
          throws javax.servlet.ServletException

initialize the servlet.

the following parameters are read from the servlet config:

• CMSServlet.PROP_ID - ID for signed audit log messages
• CMSServlet.PROP_SUCCESS_TEMPLATE - success template file

Specified by:

init in interface javax.servlet.Servlet

Overrides:

init in class CMSServlet

Parameters:

sc - servlet configuration, read from the web.xml file

Throws:

javax.servlet.ServletException

getEnforcePop

public boolean getEnforcePop()

XXX (SHOULD CHANGE TO READ FROM Servletconfig) Getter method to see if Proof of Posession checking is enabled. this value is set in the CMS.cfg filem with the parameter "enrollment.enforcePop". It defaults to false

Returns:

true if user is required to Prove that they possess the private key corresponding to the public key in the certificate request they are submitting

process

protected void process(CMSRequest cmsReq)
                throws EBaseException

Process the HTTP request.

• If the request is coming through the admin port, it is only allowed to continue if 'admin enrollment' is enabled in the CMS.cfg file
• If the CMS.cfg parameter useThreadNaming is true, the current thread is renamed with more information about the current request ID
• The request is preprocessed, then processed further in one of the cert request processor classes: KeyGenProcessor, PKCS10Processor, CMCProcessor, CRMFProcessor

Overrides:

process in class CMSServlet

Parameters:

cmsReq - the object holding the request and response information

Throws:

EBaseException - if the servlet was unable to satisfactorily process the request

processX509

protected void processX509(CMSRequest cmsReq)
                    throws EBaseException

Process X509 certificate enrollment request

(Certificate Request - either an "admin" cert request for an admin certificate, an "agent" cert request for "bulk enrollment", or an "EE" standard cert request)

(Certificate Request Processed - either an automated "admin" non-profile based CA admin cert acceptance, an automated "admin" non-profile based CA admin cert rejection, an automated "EE" non-profile based cert acceptance, or an automated "EE" non-profile based cert rejection)

• signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when a non-profile cert request is made (before approval process)
• signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process

Parameters:

cmsReq - a certificate enrollment request

Throws:

EBaseException - an error has occurred

checkAdminEnroll

protected void checkAdminEnroll(CMSRequest cmsReq,
                                netscape.security.x509.X509CertImpl[] issuedCerts)
                         throws EBaseException

check if this is first enroll from admin enroll. If so disable admin enroll from here on.

Throws:

EBaseException

addAdminAgent

protected void addAdminAgent(CMSRequest cmsReq,
                             netscape.security.x509.X509CertImpl[] issuedCerts)
                      throws EBaseException

Throws:

EBaseException

renderServerEnrollResult

protected void renderServerEnrollResult(CMSRequest cmsReq)
                                 throws java.io.IOException

Throws:

java.io.IOException