com.netscape.cms.servlet.cert
Class EnrollServlet

java.lang.Object
  extended by javax.servlet.GenericServlet
      extended by javax.servlet.http.HttpServlet
          extended by com.netscape.cms.servlet.base.CMSServlet
              extended by com.netscape.cms.servlet.cert.EnrollServlet
All Implemented Interfaces:
java.io.Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig

public class EnrollServlet
extends CMSServlet

Submit a Certificate Enrollment request

Version:
$Revision: 1211 $, $Date: 2010-08-18 10:15:37 -0700 (Wed, 18 Aug 2010) $
See Also:
Serialized Form

Field Summary
static java.lang.String ADMIN_ENROLL_SERVLET_ID
           
static java.lang.String CERT_TYPE
           
static java.lang.String CHALLENGE_PASSWORD
           
static java.lang.String CMC_REQUEST
           
static java.lang.String CRMF_REQID
           
static java.lang.String CRMF_REQUEST
           
static java.lang.String ENROLL_SUCCESS_TEMPLATE
           
static java.lang.String OLD_CERT_TYPE
           
static java.lang.String PKCS10_REQUEST
           
static java.lang.String REQUEST_CONTENT
           
static java.lang.String REQUEST_FORMAT
           
static java.lang.String REQUEST_FORMAT_CMC
           
static java.lang.String REQUEST_FORMAT_PKCS10
           
static java.lang.String SUBJECT_KEYGEN_INFO
           
static java.lang.String SUBJECT_NAME
           
 
Fields inherited from class com.netscape.cms.servlet.base.CMSServlet
ADMIN_GROUP, AUTH_FAILURE, AUTHMGR_PARAM, AUTHZ_CONFIG_STORE, AUTHZ_MGR_BASIC, AUTHZ_MGR_LDAP, AUTHZ_SRC_LDAP, AUTHZ_SRC_TYPE, AUTHZ_SRC_XML, CA_AGENT_GROUP, CERT_ATTR, CERT_AUTH_CRED, ERROR_MSG_TOKEN, ERROR_TEMPLATE, EXCEPTION_TEMPLATE, FAILURE, FINAL_ERROR_MSG, FULL_ENROLLMENT_REQUEST, FULL_ENROLLMENT_RESPONSE, FULL_RESPONSE, KRA_AGENT_GROUP, mAclMethod, mAuthMgr, mAuthority, mAuthz, mAuthzResourceName, mConfig, mDontSaveHttpParams, mFinalErrorMsg, mGetClientCert, mId, mLogCategory, mLogger, mOutputTemplatePath, mRenderResult, mRequestQueue, mSaveHttpHeaders, mServletConfig, mServletContext, mSignedAuditLogger, mTemplates, OCSP_AGENT_GROUP, PENDING_TEMPLATE, PFX_AUTH_TOKEN, PFX_HTTP_HEADER, PFX_HTTP_PARAM, PROP_ACL, PROP_AUTHMGR, PROP_AUTHORITY, PROP_AUTHZ_MGR, PROP_CLIENTAUTH, PROP_ERROR_TEMPLATE, PROP_EXCEPTION_TEMPLATE, PROP_FINAL_ERROR_MSG, PROP_ID, PROP_PENDING_TEMPLATE, PROP_REJECTED_TEMPLATE, PROP_RESOURCEID, PROP_SUCCESS_TEMPLATE, PROP_SUCCESS_TEMPLATE_FILLER, PROP_SVC_PENDING_TEMPLATE, PROP_UNAUTHORIZED_TEMPLATE, RA_AGENT_GROUP, REJECTED_TEMPLATE, SIMPLE_ENROLLMENT_REQUEST, SIMPLE_ENROLLMENT_RESPONSE, SUCCESS, SUCCESS_TEMPLATE, SVC_PENDING_TEMPLATE, TEMPLATE_NAME, TRUSTED_RA_GROUP, UNAUTHORIZED_TEMPLATE
 
Constructor Summary
EnrollServlet()
           
 
Method Summary
protected  void addAdminAgent(CMSRequest cmsReq, netscape.security.x509.X509CertImpl[] issuedCerts)
           
protected  void checkAdminEnroll(CMSRequest cmsReq, netscape.security.x509.X509CertImpl[] issuedCerts)
          check if this is first enroll from admin enroll.
 boolean getEnforcePop()
          XXX (SHOULD CHANGE TO READ FROM Servletconfig) Getter method to see if Proof of Posession checking is enabled.
 void init(javax.servlet.ServletConfig sc)
          initialize the servlet.
protected  void process(CMSRequest cmsReq)
          Process the HTTP request.
protected  void processX509(CMSRequest cmsReq)
          Process X509 certificate enrollment request
protected  void renderServerEnrollResult(CMSRequest cmsReq)
           
 
Methods inherited from class com.netscape.cms.servlet.base.CMSServlet
areCertsFromCA, audit, auditGroupID, auditSubjectID, authenticate, authenticate, authenticate, authenticate, authorize, authorize, certIsRevoked, checkImportCertToNav, clientIsMSIE, clientIsNav, connectionIsSSL, doCMMFResponse, doFullResponse, escapeValueRfc1779, formCRLEntry, generateSalt, getAuthCreds, getAuthMgr, getAuthToken, getCertRecord, getDontSaveHttpParams, getId, getLangFile, getLocale, getLocale, getRelPath, getSaveHttpHeaders, getSSLClientCertificate, getTemplate, getX509Certificate, hashPassword, importCertToNav, invalidateSSLSession, isCertFromCA, isClientCertRequired, isSystemCertificate, log, log, newCMSRequest, newFillerObject, outputArgBlockAsXML, outputError, outputError, outputError, outputHttpParameters, outputResult, outputXML, renderException, renderFinalError, renderResult, renderTemplate, saveAuthToken, saveHttpHeaders, saveHttpParams, service, setDefaultTemplates, toHashtable
 
Methods inherited from class javax.servlet.http.HttpServlet
doDelete, doGet, doHead, doOptions, doPost, doPut, doTrace, getLastModified, service
 
Methods inherited from class javax.servlet.GenericServlet
destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, log, log
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ADMIN_ENROLL_SERVLET_ID

public static final java.lang.String ADMIN_ENROLL_SERVLET_ID
See Also:
Constant Field Values

ENROLL_SUCCESS_TEMPLATE

public static final java.lang.String ENROLL_SUCCESS_TEMPLATE
See Also:
Constant Field Values

OLD_CERT_TYPE

public static final java.lang.String OLD_CERT_TYPE
See Also:
Constant Field Values

CERT_TYPE

public static final java.lang.String CERT_TYPE
See Also:
Constant Field Values

REQUEST_FORMAT

public static final java.lang.String REQUEST_FORMAT
See Also:
Constant Field Values

REQUEST_FORMAT_PKCS10

public static final java.lang.String REQUEST_FORMAT_PKCS10
See Also:
Constant Field Values

REQUEST_FORMAT_CMC

public static final java.lang.String REQUEST_FORMAT_CMC
See Also:
Constant Field Values

REQUEST_CONTENT

public static final java.lang.String REQUEST_CONTENT
See Also:
Constant Field Values

SUBJECT_KEYGEN_INFO

public static final java.lang.String SUBJECT_KEYGEN_INFO
See Also:
Constant Field Values

PKCS10_REQUEST

public static final java.lang.String PKCS10_REQUEST
See Also:
Constant Field Values

CMC_REQUEST

public static final java.lang.String CMC_REQUEST
See Also:
Constant Field Values

CRMF_REQUEST

public static final java.lang.String CRMF_REQUEST
See Also:
Constant Field Values

SUBJECT_NAME

public static final java.lang.String SUBJECT_NAME
See Also:
Constant Field Values

CRMF_REQID

public static final java.lang.String CRMF_REQID
See Also:
Constant Field Values

CHALLENGE_PASSWORD

public static final java.lang.String CHALLENGE_PASSWORD
See Also:
Constant Field Values
Constructor Detail

EnrollServlet

public EnrollServlet()
Method Detail

init

public void init(javax.servlet.ServletConfig sc)
          throws javax.servlet.ServletException
initialize the servlet.

the following parameters are read from the servlet config:


getEnforcePop

public boolean getEnforcePop()
XXX (SHOULD CHANGE TO READ FROM Servletconfig) Getter method to see if Proof of Posession checking is enabled. this value is set in the CMS.cfg filem with the parameter "enrollment.enforcePop". It defaults to false

Returns:
true if user is required to Prove that they possess the private key corresponding to the public key in the certificate request they are submitting

process

protected void process(CMSRequest cmsReq)
                throws EBaseException
Process the HTTP request.

Overrides:
process in class CMSServlet
Parameters:
cmsReq - the object holding the request and response information
Throws:
EBaseException - if the servlet was unable to satisfactorily process the request

processX509

protected void processX509(CMSRequest cmsReq)
                    throws EBaseException
Process X509 certificate enrollment request

(Certificate Request - either an "admin" cert request for an admin certificate, an "agent" cert request for "bulk enrollment", or an "EE" standard cert request)

(Certificate Request Processed - either an automated "admin" non-profile based CA admin cert acceptance, an automated "admin" non-profile based CA admin cert rejection, an automated "EE" non-profile based cert acceptance, or an automated "EE" non-profile based cert rejection)

Parameters:
cmsReq - a certificate enrollment request
Throws:
EBaseException - an error has occurred

checkAdminEnroll

protected void checkAdminEnroll(CMSRequest cmsReq,
                                netscape.security.x509.X509CertImpl[] issuedCerts)
                         throws EBaseException
check if this is first enroll from admin enroll. If so disable admin enroll from here on.

Throws:
EBaseException

addAdminAgent

protected void addAdminAgent(CMSRequest cmsReq,
                             netscape.security.x509.X509CertImpl[] issuedCerts)
                      throws EBaseException
Throws:
EBaseException

renderServerEnrollResult

protected void renderServerEnrollResult(CMSRequest cmsReq)
                                 throws java.io.IOException
Throws:
java.io.IOException