com.netscape.cms.servlet.base
Class CMSServlet

java.lang.Object
  extended by javax.servlet.GenericServlet
      extended by javax.servlet.http.HttpServlet
          extended by com.netscape.cms.servlet.base.CMSServlet
All Implemented Interfaces:
java.io.Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig
Direct Known Subclasses:
AddCAServlet, AddCRLServlet, ChallengeRevocationServlet1, CheckCertServlet, CheckIdentity, CheckRequest, CloneRedirect, CloneServlet, CMCRevReqServlet, ConfirmRecoverBySerial, ConnectorServlet, DirAuthServlet, DisableEnrollResult, DisplayBySerial, DisplayBySerial, DisplayBySerialForRecovery, DisplayCRL, DisplayHashUserEnroll, DisplayHtmlServlet, DisplayTransport, DoRevoke, DoRevokeTPS, DoUnrevoke, DoUnrevokeTPS, DownloadPKCS12, DynamicVariablesServlet, EnableEnrollResult, EnrollServlet, ExamineRecovery, GenerateKeyPairServlet, GetApprovalStatus, GetAsyncPk12, GetBySerial, GetCAChain, GetCertChain, GetCertFromRequest, GetConfigEntries, GetCookie, GetCRL, GetDomainXML, GetEnableStatus, GetInfo, GetOCSPInfo, GetPk12, GetStats, GetStatus, GetSubsystemCert, GetTokenInfo, GetTransportCert, GrantAsyncRecovery, GrantRecovery, HashEnrollServlet, ImportTransportCert, IndexServlet, ListCAServlet, ListCerts, MainPageServlet, Monitor, OCSPServlet, PortsServlet, ProcessCertReq, ProcessReq, ProfileServlet, QueryReq, ReasonToRevoke, RecoverBySerial, RegisterUser, RemoteAuthConfig, RemoveCAServlet, RenewalServlet, RevocationServlet, SearchReqs, SrchCerts, SrchKey, SrchKeyForRecovery, TokenAuthenticate, TokenKeyRecoveryServlet, TokenServlet, UpdateConnector, UpdateCRL, UpdateDir, UpdateDomainXML, UpdateNumberRange, UpdateOCSPConfig

public abstract class CMSServlet
extends javax.servlet.http.HttpServlet

This is the base class of all CS servlet.

Version:
$Revision: 1275 $, $Date: 2010-09-07 22:26:21 -0700 (Tue, 07 Sep 2010) $
See Also:
Serialized Form

Field Summary
protected static java.lang.String ADMIN_GROUP
           
static java.lang.String AUTH_FAILURE
           
protected static java.lang.String AUTHMGR_PARAM
           
static java.lang.String AUTHZ_CONFIG_STORE
           
static java.lang.String AUTHZ_MGR_BASIC
           
static java.lang.String AUTHZ_MGR_LDAP
           
static java.lang.String AUTHZ_SRC_LDAP
           
static java.lang.String AUTHZ_SRC_TYPE
           
static java.lang.String AUTHZ_SRC_XML
           
protected static java.lang.String CA_AGENT_GROUP
           
static java.lang.String CERT_ATTR
           
protected static java.lang.String CERT_AUTH_CRED
           
static java.lang.String ERROR_MSG_TOKEN
           
protected static java.lang.String ERROR_TEMPLATE
           
protected static java.lang.String EXCEPTION_TEMPLATE
           
static java.lang.String FAILURE
           
static java.lang.String FINAL_ERROR_MSG
           
static java.lang.String FULL_ENROLLMENT_REQUEST
           
static java.lang.String FULL_ENROLLMENT_RESPONSE
           
static java.lang.String FULL_RESPONSE
          handy routine to check if client want full enrollment response
protected static java.lang.String KRA_AGENT_GROUP
           
protected  java.lang.String mAclMethod
           
protected  java.lang.String mAuthMgr
           
protected  IAuthority mAuthority
           
protected  IAuthzSubsystem mAuthz
           
protected  java.lang.String mAuthzResourceName
           
protected  IConfigStore mConfig
           
protected  java.util.Vector mDontSaveHttpParams
           
protected  java.lang.String mFinalErrorMsg
           
protected  java.lang.String mGetClientCert
           
protected  java.lang.String mId
           
protected  int mLogCategory
           
protected  ILogger mLogger
           
protected  java.lang.String mOutputTemplatePath
           
protected  boolean mRenderResult
           
protected  IRequestQueue mRequestQueue
           
protected  java.util.Vector mSaveHttpHeaders
           
protected  javax.servlet.ServletConfig mServletConfig
           
protected  javax.servlet.ServletContext mServletContext
           
protected  ILogger mSignedAuditLogger
           
protected  java.util.Hashtable mTemplates
           
protected static java.lang.String OCSP_AGENT_GROUP
           
protected static java.lang.String PENDING_TEMPLATE
           
static java.lang.String PFX_AUTH_TOKEN
           
static java.lang.String PFX_HTTP_HEADER
           
static java.lang.String PFX_HTTP_PARAM
           
static java.lang.String PROP_ACL
           
static java.lang.String PROP_AUTHMGR
           
static java.lang.String PROP_AUTHORITY
           
static java.lang.String PROP_AUTHZ_MGR
           
static java.lang.String PROP_CLIENTAUTH
           
protected static java.lang.String PROP_ERROR_TEMPLATE
           
protected static java.lang.String PROP_EXCEPTION_TEMPLATE
           
static java.lang.String PROP_FINAL_ERROR_MSG
           
static java.lang.String PROP_ID
           
protected static java.lang.String PROP_PENDING_TEMPLATE
           
protected static java.lang.String PROP_REJECTED_TEMPLATE
           
static java.lang.String PROP_RESOURCEID
           
protected static java.lang.String PROP_SUCCESS_TEMPLATE
           
protected static java.lang.String PROP_SUCCESS_TEMPLATE_FILLER
           
protected static java.lang.String PROP_SVC_PENDING_TEMPLATE
           
protected static java.lang.String PROP_UNAUTHORIZED_TEMPLATE
           
protected static java.lang.String RA_AGENT_GROUP
           
protected static java.lang.String REJECTED_TEMPLATE
           
static java.lang.String SIMPLE_ENROLLMENT_REQUEST
           
static java.lang.String SIMPLE_ENROLLMENT_RESPONSE
           
static java.lang.String SUCCESS
           
protected static java.lang.String SUCCESS_TEMPLATE
           
protected static java.lang.String SVC_PENDING_TEMPLATE
           
static java.lang.String TEMPLATE_NAME
           
protected static java.lang.String TRUSTED_RA_GROUP
           
protected static java.lang.String UNAUTHORIZED_TEMPLATE
           
 
Constructor Summary
CMSServlet()
           
 
Method Summary
protected  boolean areCertsFromCA(java.security.cert.X509Certificate[] certs)
          handy routine for checking if a list of certs is from this CA.
protected  void audit(java.lang.String msg)
          Signed Audit Log This method is inherited by all extended "CMSServlet"s, and is called to store messages to the signed audit log.
protected  java.lang.String auditGroupID()
          Signed Audit Log Group ID This method is inherited by all extended "CMSServlet"s, and is called to obtain the "gid" for a signed audit log message.
protected  java.lang.String auditSubjectID()
          Signed Audit Log Subject ID This method is inherited by all extended "CMSServlet"s, and is called to obtain the "SubjectID" for a signed audit log message.
 IAuthToken authenticate(CMSRequest req)
           
 IAuthToken authenticate(CMSRequest req, java.lang.String authMgrName)
           
 IAuthToken authenticate(javax.servlet.http.HttpServletRequest httpReq)
           
 IAuthToken authenticate(javax.servlet.http.HttpServletRequest httpReq, java.lang.String authMgrName)
          Authentication
 AuthzToken authorize(java.lang.String authzMgrName, IAuthToken authToken, java.lang.String exp)
           
 AuthzToken authorize(java.lang.String authzMgrName, IAuthToken authToken, java.lang.String resource, java.lang.String operation)
          Authorize must occur after Authenticate
protected  boolean certIsRevoked(java.math.BigInteger serialNum)
          check if a certificate (serial number) is revoked on a CA.
protected  boolean checkImportCertToNav(javax.servlet.http.HttpServletResponse httpResp, IArgBlock httpParams, netscape.security.x509.X509CertImpl cert)
           
static boolean clientIsMSIE(javax.servlet.http.HttpServletRequest httpReq)
          handy routine to check if client is msie based on user-agent.
static boolean clientIsNav(javax.servlet.http.HttpServletRequest httpReq)
          handy routine to check if client is navigator based on user-agent.
protected static boolean connectionIsSSL(javax.servlet.http.HttpServletRequest httpReq)
           
static boolean doCMMFResponse(IArgBlock httpParams)
           
static boolean doFullResponse(IArgBlock httpParams)
           
protected  java.lang.StringBuffer escapeValueRfc1779(java.lang.String v, boolean doubleEscape)
           
protected  netscape.security.x509.RevokedCertImpl formCRLEntry(java.math.BigInteger serialNo, netscape.security.x509.RevocationReason reason)
          make a CRL entry from a serial number and revocation reason.
static java.lang.String generateSalt()
           
static AuthCredentials getAuthCreds(IAuthManager authMgr, IArgBlock argBlock, java.security.cert.X509Certificate clientCert)
          construct a authentication credentials to pass into authentication manager.
 java.lang.String getAuthMgr()
           
protected  IAuthToken getAuthToken(IRequest req)
           
protected  ICertRecord getCertRecord(java.math.BigInteger serialNo)
          handy routine for getting a cert record given a serial number.
protected  void getDontSaveHttpParams(javax.servlet.ServletConfig sc)
          get http parameters not to save from configuration.
 java.lang.String getId()
           
static java.io.File getLangFile(javax.servlet.http.HttpServletRequest req, java.io.File realpathFile, java.util.Locale[] locale)
           
protected  java.util.Locale getLocale(javax.servlet.http.HttpServletRequest req)
          Retrieves locale based on the request.
static java.util.Locale getLocale(java.lang.String lang)
           
protected  java.lang.String getRelPath(IAuthority authority)
          handy routine for getting agent's relative path
protected  void getSaveHttpHeaders(javax.servlet.ServletConfig sc)
          get http headers to save from configuration.
protected  java.security.cert.X509Certificate getSSLClientCertificate(javax.servlet.http.HttpServletRequest httpReq)
          get ssl client authenticated certificate
protected  CMSTemplate getTemplate(java.lang.String templateName, javax.servlet.http.HttpServletRequest httpReq, java.util.Locale[] locale)
          get a template based on result status.
protected  java.security.cert.X509Certificate getX509Certificate(java.math.BigInteger serialNo)
          handy routine for getting a certificate from the certificate repository.
protected  java.lang.String hashPassword(java.lang.String pwd)
           
 void importCertToNav(javax.servlet.http.HttpServletResponse httpResp, netscape.security.x509.X509CertImpl cert, java.lang.String contentType, boolean importCAChain)
          handy routine to import cert to old navigator in nav mime type.
 void init(javax.servlet.ServletConfig sc)
           
protected static void invalidateSSLSession(javax.servlet.http.HttpServletRequest httpReq)
          Invalidates a SSL Session.
protected  boolean isCertFromCA(java.security.cert.X509Certificate cert)
          handy routine for validating if a cert is from this CA.
 boolean isClientCertRequired()
           
protected  boolean isSystemCertificate(java.math.BigInteger serialNo)
          A system certificate such as the CA signing certificate should not be allowed to delete.
protected  void log(int event, int level, java.lang.String msg)
          log according to authority category.
protected  void log(int level, java.lang.String msg)
           
protected  CMSRequest newCMSRequest()
          Create a new CMSRequest object.
protected  ICMSTemplateFiller newFillerObject(java.lang.String fillerClass)
          instantiate a new filler from a class name,
protected  void outputArgBlockAsXML(com.netscape.cmsutil.xml.XMLObject xmlObj, org.w3c.dom.Node parent, java.lang.String argBlockName, IArgBlock argBlock)
           
protected  void outputError(javax.servlet.http.HttpServletResponse httpResp, java.lang.String errorString)
           
protected  void outputError(javax.servlet.http.HttpServletResponse httpResp, java.lang.String errorString, java.lang.String requestId)
           
protected  void outputError(javax.servlet.http.HttpServletResponse httpResp, java.lang.String status, java.lang.String errorString, java.lang.String requestId)
           
 void outputHttpParameters(javax.servlet.http.HttpServletRequest httpReq)
           
protected  void outputResult(javax.servlet.http.HttpServletResponse httpResp, java.lang.String contentType, byte[] content)
           
protected  void outputXML(javax.servlet.http.HttpServletResponse httpResp, CMSTemplateParams params)
           
protected  void process(CMSRequest cmsRequest)
          process an HTTP request.
protected  void renderException(CMSRequest cmsReq, EBaseException e)
          Output exception (unexpected error) template This is different from other templates in that if an exception occurs while rendering the exception a message is printed out directly.
 void renderFinalError(CMSRequest cmsReq, java.lang.Exception ex)
           
protected  void renderResult(CMSRequest cmsReq)
          Output a template.
protected  void renderTemplate(CMSRequest cmsReq, java.lang.String templateName, ICMSTemplateFiller filler)
           
protected static void saveAuthToken(IAuthToken token, IRequest req)
           
protected  void saveHttpHeaders(javax.servlet.http.HttpServletRequest httpReq, IRequest req)
          save http headers in a IRequest.
protected  void saveHttpParams(IArgBlock httpParams, IRequest req)
          save http headers in a IRequest.
 void service(javax.servlet.http.HttpServletRequest httpReq, javax.servlet.http.HttpServletResponse httpResp)
           
protected  void setDefaultTemplates(javax.servlet.ServletConfig sc)
          set default templates.
static java.util.Hashtable toHashtable(javax.servlet.http.HttpServletRequest req)
           
 
Methods inherited from class javax.servlet.http.HttpServlet
doDelete, doGet, doHead, doOptions, doPost, doPut, doTrace, getLastModified, service
 
Methods inherited from class javax.servlet.GenericServlet
destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, log, log
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

SUCCESS

public static final java.lang.String SUCCESS
See Also:
Constant Field Values

FAILURE

public static final java.lang.String FAILURE
See Also:
Constant Field Values

AUTH_FAILURE

public static final java.lang.String AUTH_FAILURE
See Also:
Constant Field Values

PROP_ID

public static final java.lang.String PROP_ID
See Also:
Constant Field Values

PROP_AUTHORITY

public static final java.lang.String PROP_AUTHORITY
See Also:
Constant Field Values

PROP_AUTHMGR

public static final java.lang.String PROP_AUTHMGR
See Also:
Constant Field Values

PROP_CLIENTAUTH

public static final java.lang.String PROP_CLIENTAUTH
See Also:
Constant Field Values

PROP_RESOURCEID

public static final java.lang.String PROP_RESOURCEID
See Also:
Constant Field Values

AUTHZ_SRC_LDAP

public static final java.lang.String AUTHZ_SRC_LDAP
See Also:
Constant Field Values

AUTHZ_SRC_TYPE

public static final java.lang.String AUTHZ_SRC_TYPE
See Also:
Constant Field Values

AUTHZ_CONFIG_STORE

public static final java.lang.String AUTHZ_CONFIG_STORE
See Also:
Constant Field Values

AUTHZ_SRC_XML

public static final java.lang.String AUTHZ_SRC_XML
See Also:
Constant Field Values

PROP_AUTHZ_MGR

public static final java.lang.String PROP_AUTHZ_MGR
See Also:
Constant Field Values

PROP_ACL

public static final java.lang.String PROP_ACL
See Also:
Constant Field Values

AUTHZ_MGR_BASIC

public static final java.lang.String AUTHZ_MGR_BASIC
See Also:
Constant Field Values

AUTHZ_MGR_LDAP

public static final java.lang.String AUTHZ_MGR_LDAP
See Also:
Constant Field Values

PROP_FINAL_ERROR_MSG

public static final java.lang.String PROP_FINAL_ERROR_MSG
See Also:
Constant Field Values

ERROR_MSG_TOKEN

public static final java.lang.String ERROR_MSG_TOKEN
See Also:
Constant Field Values

FINAL_ERROR_MSG

public static final java.lang.String FINAL_ERROR_MSG
See Also:
Constant Field Values

PROP_UNAUTHORIZED_TEMPLATE

protected static final java.lang.String PROP_UNAUTHORIZED_TEMPLATE
See Also:
Constant Field Values

UNAUTHORIZED_TEMPLATE

protected static final java.lang.String UNAUTHORIZED_TEMPLATE
See Also:
Constant Field Values

PROP_SUCCESS_TEMPLATE

protected static final java.lang.String PROP_SUCCESS_TEMPLATE
See Also:
Constant Field Values

SUCCESS_TEMPLATE

protected static final java.lang.String SUCCESS_TEMPLATE
See Also:
Constant Field Values

PROP_PENDING_TEMPLATE

protected static final java.lang.String PROP_PENDING_TEMPLATE
See Also:
Constant Field Values

PENDING_TEMPLATE

protected static final java.lang.String PENDING_TEMPLATE
See Also:
Constant Field Values

PROP_SVC_PENDING_TEMPLATE

protected static final java.lang.String PROP_SVC_PENDING_TEMPLATE
See Also:
Constant Field Values

SVC_PENDING_TEMPLATE

protected static final java.lang.String SVC_PENDING_TEMPLATE
See Also:
Constant Field Values

PROP_REJECTED_TEMPLATE

protected static final java.lang.String PROP_REJECTED_TEMPLATE
See Also:
Constant Field Values

REJECTED_TEMPLATE

protected static final java.lang.String REJECTED_TEMPLATE
See Also:
Constant Field Values

PROP_ERROR_TEMPLATE

protected static final java.lang.String PROP_ERROR_TEMPLATE
See Also:
Constant Field Values

ERROR_TEMPLATE

protected static final java.lang.String ERROR_TEMPLATE
See Also:
Constant Field Values

PROP_EXCEPTION_TEMPLATE

protected static final java.lang.String PROP_EXCEPTION_TEMPLATE
See Also:
Constant Field Values

EXCEPTION_TEMPLATE

protected static final java.lang.String EXCEPTION_TEMPLATE
See Also:
Constant Field Values

PROP_SUCCESS_TEMPLATE_FILLER

protected static final java.lang.String PROP_SUCCESS_TEMPLATE_FILLER
See Also:
Constant Field Values

RA_AGENT_GROUP

protected static final java.lang.String RA_AGENT_GROUP
See Also:
Constant Field Values

CA_AGENT_GROUP

protected static final java.lang.String CA_AGENT_GROUP
See Also:
Constant Field Values

KRA_AGENT_GROUP

protected static final java.lang.String KRA_AGENT_GROUP
See Also:
Constant Field Values

OCSP_AGENT_GROUP

protected static final java.lang.String OCSP_AGENT_GROUP
See Also:
Constant Field Values

TRUSTED_RA_GROUP

protected static final java.lang.String TRUSTED_RA_GROUP
See Also:
Constant Field Values

ADMIN_GROUP

protected static final java.lang.String ADMIN_GROUP
See Also:
Constant Field Values

PFX_HTTP_HEADER

public static final java.lang.String PFX_HTTP_HEADER
See Also:
Constant Field Values

PFX_HTTP_PARAM

public static final java.lang.String PFX_HTTP_PARAM
See Also:
Constant Field Values

PFX_AUTH_TOKEN

public static final java.lang.String PFX_AUTH_TOKEN
See Also:
Constant Field Values

AUTHMGR_PARAM

protected static final java.lang.String AUTHMGR_PARAM
See Also:
Constant Field Values

CERT_AUTH_CRED

protected static final java.lang.String CERT_AUTH_CRED
See Also:
Constant Field Values

CERT_ATTR

public static final java.lang.String CERT_ATTR
See Also:
Constant Field Values

mRenderResult

protected boolean mRenderResult

mFinalErrorMsg

protected java.lang.String mFinalErrorMsg

mTemplates

protected java.util.Hashtable mTemplates

mServletConfig

protected javax.servlet.ServletConfig mServletConfig

mServletContext

protected javax.servlet.ServletContext mServletContext

mDontSaveHttpParams

protected java.util.Vector mDontSaveHttpParams

mSaveHttpHeaders

protected java.util.Vector mSaveHttpHeaders

mId

protected java.lang.String mId

mConfig

protected IConfigStore mConfig

mAuthority

protected IAuthority mAuthority

mRequestQueue

protected IRequestQueue mRequestQueue

mLogger

protected ILogger mLogger

mLogCategory

protected int mLogCategory

mGetClientCert

protected java.lang.String mGetClientCert

mAuthMgr

protected java.lang.String mAuthMgr

mAuthz

protected IAuthzSubsystem mAuthz

mAclMethod

protected java.lang.String mAclMethod

mAuthzResourceName

protected java.lang.String mAuthzResourceName

mSignedAuditLogger

protected ILogger mSignedAuditLogger

mOutputTemplatePath

protected java.lang.String mOutputTemplatePath

TEMPLATE_NAME

public static final java.lang.String TEMPLATE_NAME
See Also:
Constant Field Values

SIMPLE_ENROLLMENT_REQUEST

public static final java.lang.String SIMPLE_ENROLLMENT_REQUEST
See Also:
Constant Field Values

SIMPLE_ENROLLMENT_RESPONSE

public static final java.lang.String SIMPLE_ENROLLMENT_RESPONSE
See Also:
Constant Field Values

FULL_ENROLLMENT_REQUEST

public static final java.lang.String FULL_ENROLLMENT_REQUEST
See Also:
Constant Field Values

FULL_ENROLLMENT_RESPONSE

public static final java.lang.String FULL_ENROLLMENT_RESPONSE
See Also:
Constant Field Values

FULL_RESPONSE

public static java.lang.String FULL_RESPONSE
handy routine to check if client want full enrollment response

Constructor Detail

CMSServlet

public CMSServlet()
Method Detail

toHashtable

public static java.util.Hashtable toHashtable(javax.servlet.http.HttpServletRequest req)

init

public void init(javax.servlet.ServletConfig sc)
          throws javax.servlet.ServletException
Specified by:
init in interface javax.servlet.Servlet
Overrides:
init in class javax.servlet.GenericServlet
Throws:
javax.servlet.ServletException

getId

public java.lang.String getId()

getAuthMgr

public java.lang.String getAuthMgr()

isClientCertRequired

public boolean isClientCertRequired()

outputHttpParameters

public void outputHttpParameters(javax.servlet.http.HttpServletRequest httpReq)

service

public void service(javax.servlet.http.HttpServletRequest httpReq,
                    javax.servlet.http.HttpServletResponse httpResp)
             throws javax.servlet.ServletException,
                    java.io.IOException
Overrides:
service in class javax.servlet.http.HttpServlet
Throws:
javax.servlet.ServletException
java.io.IOException

newCMSRequest

protected CMSRequest newCMSRequest()
Create a new CMSRequest object. This should be overriden by servlets implementing different types of request

Returns:
a new CMSRequest object

process

protected void process(CMSRequest cmsRequest)
                throws EBaseException
process an HTTP request. Servlets must override this with their own implementation

Throws:
EBaseException - if the servlet was unable to satisfactorily process the request

renderResult

protected void renderResult(CMSRequest cmsReq)
                     throws java.io.IOException
Output a template. If an error occurs while outputing the template the exception template is used to display the error.

Parameters:
cmsReq - the CS request
Throws:
java.io.IOException

outputArgBlockAsXML

protected void outputArgBlockAsXML(com.netscape.cmsutil.xml.XMLObject xmlObj,
                                   org.w3c.dom.Node parent,
                                   java.lang.String argBlockName,
                                   IArgBlock argBlock)

outputXML

protected void outputXML(javax.servlet.http.HttpServletResponse httpResp,
                         CMSTemplateParams params)

renderTemplate

protected void renderTemplate(CMSRequest cmsReq,
                              java.lang.String templateName,
                              ICMSTemplateFiller filler)
                       throws java.io.IOException
Throws:
java.io.IOException

renderException

protected void renderException(CMSRequest cmsReq,
                               EBaseException e)
                        throws java.io.IOException
Output exception (unexpected error) template This is different from other templates in that if an exception occurs while rendering the exception a message is printed out directly. If the message gets an error an IOException is thrown. In others if an exception occurs while rendering the template the exception template (this) is called.

Parameters:
cmsReq - the CS request to pass to template filler if any.
e - the unexpected exception
Throws:
java.io.IOException

renderFinalError

public void renderFinalError(CMSRequest cmsReq,
                             java.lang.Exception ex)
                      throws java.io.IOException
Throws:
java.io.IOException

invalidateSSLSession

protected static void invalidateSSLSession(javax.servlet.http.HttpServletRequest httpReq)
Invalidates a SSL Session. So client auth will happen again.


getAuthCreds

public static AuthCredentials getAuthCreds(IAuthManager authMgr,
                                           IArgBlock argBlock,
                                           java.security.cert.X509Certificate clientCert)
                                    throws EBaseException
construct a authentication credentials to pass into authentication manager.

Throws:
EBaseException

getSSLClientCertificate

protected java.security.cert.X509Certificate getSSLClientCertificate(javax.servlet.http.HttpServletRequest httpReq)
                                                              throws EBaseException
get ssl client authenticated certificate

Throws:
EBaseException

getTemplate

protected CMSTemplate getTemplate(java.lang.String templateName,
                                  javax.servlet.http.HttpServletRequest httpReq,
                                  java.util.Locale[] locale)
                           throws EBaseException,
                                  java.io.IOException
get a template based on result status.

Throws:
EBaseException
java.io.IOException

log

protected void log(int event,
                   int level,
                   java.lang.String msg)
log according to authority category.


log

protected void log(int level,
                   java.lang.String msg)

getDontSaveHttpParams

protected void getDontSaveHttpParams(javax.servlet.ServletConfig sc)
get http parameters not to save from configuration.


getSaveHttpHeaders

protected void getSaveHttpHeaders(javax.servlet.ServletConfig sc)
get http headers to save from configuration.


saveHttpHeaders

protected void saveHttpHeaders(javax.servlet.http.HttpServletRequest httpReq,
                               IRequest req)
                        throws EBaseException
save http headers in a IRequest.

Throws:
EBaseException

saveHttpParams

protected void saveHttpParams(IArgBlock httpParams,
                              IRequest req)
save http headers in a IRequest.


getCertRecord

protected ICertRecord getCertRecord(java.math.BigInteger serialNo)
handy routine for getting a cert record given a serial number.


isCertFromCA

protected boolean isCertFromCA(java.security.cert.X509Certificate cert)
handy routine for validating if a cert is from this CA. mAuthority must be a CA.


areCertsFromCA

protected boolean areCertsFromCA(java.security.cert.X509Certificate[] certs)
handy routine for checking if a list of certs is from this CA. mAuthortiy must be a CA.


getX509Certificate

protected java.security.cert.X509Certificate getX509Certificate(java.math.BigInteger serialNo)
handy routine for getting a certificate from the certificate repository. mAuthority must be a CA.


newFillerObject

protected ICMSTemplateFiller newFillerObject(java.lang.String fillerClass)
instantiate a new filler from a class name,

Returns:
null if can't be instantiated, new instance otherwise.

setDefaultTemplates

protected void setDefaultTemplates(javax.servlet.ServletConfig sc)
set default templates. subclasses can override, and should override at least the success template


clientIsNav

public static boolean clientIsNav(javax.servlet.http.HttpServletRequest httpReq)
handy routine to check if client is navigator based on user-agent.


clientIsMSIE

public static boolean clientIsMSIE(javax.servlet.http.HttpServletRequest httpReq)
handy routine to check if client is msie based on user-agent.


doCMMFResponse

public static boolean doCMMFResponse(IArgBlock httpParams)

doFullResponse

public static boolean doFullResponse(IArgBlock httpParams)

checkImportCertToNav

protected boolean checkImportCertToNav(javax.servlet.http.HttpServletResponse httpResp,
                                       IArgBlock httpParams,
                                       netscape.security.x509.X509CertImpl cert)
                                throws EBaseException
Returns:
false if import cert directly set to false.
Throws:
EBaseException

importCertToNav

public void importCertToNav(javax.servlet.http.HttpServletResponse httpResp,
                            netscape.security.x509.X509CertImpl cert,
                            java.lang.String contentType,
                            boolean importCAChain)
                     throws EBaseException
handy routine to import cert to old navigator in nav mime type.

Throws:
EBaseException

saveAuthToken

protected static void saveAuthToken(IAuthToken token,
                                    IRequest req)

getAuthToken

protected IAuthToken getAuthToken(IRequest req)

connectionIsSSL

protected static boolean connectionIsSSL(javax.servlet.http.HttpServletRequest httpReq)

getRelPath

protected java.lang.String getRelPath(IAuthority authority)
handy routine for getting agent's relative path


isSystemCertificate

protected boolean isSystemCertificate(java.math.BigInteger serialNo)
A system certificate such as the CA signing certificate should not be allowed to delete. The main purpose is to avoid revoking the self signed CA certificate accidentially.


formCRLEntry

protected netscape.security.x509.RevokedCertImpl formCRLEntry(java.math.BigInteger serialNo,
                                                              netscape.security.x509.RevocationReason reason)
                                                       throws EBaseException
make a CRL entry from a serial number and revocation reason.

Returns:
a RevokedCertImpl that can be entered in a CRL.
Throws:
EBaseException

certIsRevoked

protected boolean certIsRevoked(java.math.BigInteger serialNum)
                         throws EBaseException
check if a certificate (serial number) is revoked on a CA.

Returns:
true if cert is marked revoked in the CA's database.
Throws:
EBaseException

generateSalt

public static java.lang.String generateSalt()

hashPassword

protected java.lang.String hashPassword(java.lang.String pwd)

getLangFile

public static java.io.File getLangFile(javax.servlet.http.HttpServletRequest req,
                                       java.io.File realpathFile,
                                       java.util.Locale[] locale)
                                throws java.io.IOException
Parameters:
req - http servlet request
realpathFile - the file to get.
locale - array of at least one to be filled with locale found.
Throws:
java.io.IOException

getLocale

public static java.util.Locale getLocale(java.lang.String lang)

authenticate

public IAuthToken authenticate(CMSRequest req)
                        throws EBaseException
Throws:
EBaseException

authenticate

public IAuthToken authenticate(javax.servlet.http.HttpServletRequest httpReq)
                        throws EBaseException
Throws:
EBaseException

authenticate

public IAuthToken authenticate(CMSRequest req,
                               java.lang.String authMgrName)
                        throws EBaseException
Throws:
EBaseException

authenticate

public IAuthToken authenticate(javax.servlet.http.HttpServletRequest httpReq,
                               java.lang.String authMgrName)
                        throws EBaseException
Authentication

Throws:
EBaseException - an error has occurred

authorize

public AuthzToken authorize(java.lang.String authzMgrName,
                            IAuthToken authToken,
                            java.lang.String exp)
                     throws EBaseException
Throws:
EBaseException

authorize

public AuthzToken authorize(java.lang.String authzMgrName,
                            IAuthToken authToken,
                            java.lang.String resource,
                            java.lang.String operation)
                     throws EBaseException
Authorize must occur after Authenticate

Parameters:
authzMgrName - string representing the name of the authorization manager
authToken - the authentication token
resource - a string representing the ACL resource id as defined in the ACL resource list
operation - a string representing one of the operations as defined within the ACL statement (e. g. - "read" for an ACL statement containing "(read,write)")
Returns:
the authorization token
Throws:
EBaseException - an error has occurred

audit

protected void audit(java.lang.String msg)
Signed Audit Log This method is inherited by all extended "CMSServlet"s, and is called to store messages to the signed audit log.

Parameters:
msg - signed audit log message

auditSubjectID

protected java.lang.String auditSubjectID()
Signed Audit Log Subject ID This method is inherited by all extended "CMSServlet"s, and is called to obtain the "SubjectID" for a signed audit log message.

Returns:
id string containing the signed audit log message SubjectID

auditGroupID

protected java.lang.String auditGroupID()
Signed Audit Log Group ID This method is inherited by all extended "CMSServlet"s, and is called to obtain the "gid" for a signed audit log message.

Returns:
id string containing the signed audit log message SubjectID

getLocale

protected java.util.Locale getLocale(javax.servlet.http.HttpServletRequest req)
Retrieves locale based on the request.


outputResult

protected void outputResult(javax.servlet.http.HttpServletResponse httpResp,
                            java.lang.String contentType,
                            byte[] content)

outputError

protected void outputError(javax.servlet.http.HttpServletResponse httpResp,
                           java.lang.String errorString)

outputError

protected void outputError(javax.servlet.http.HttpServletResponse httpResp,
                           java.lang.String errorString,
                           java.lang.String requestId)

outputError

protected void outputError(javax.servlet.http.HttpServletResponse httpResp,
                           java.lang.String status,
                           java.lang.String errorString,
                           java.lang.String requestId)

escapeValueRfc1779

protected java.lang.StringBuffer escapeValueRfc1779(java.lang.String v,
                                                    boolean doubleEscape)