private static URI getDummyServiceAddress(URI[] addresses) throws Exception {
if (!SystemProperties.isSslEnabled()) {
// In non-ssl mode we just connect to the first address
return addresses[0];
}
final int port = SystemProperties.getServerProxyPort();
return new URI("https", null, "localhost", port, "/", null, null);
}
protected void verifyClientAuthentication() throws Exception {
if (!SystemProperties.shouldVerifyClientCert()) {
return;
}
log.trace("verifyClientAuthentication()");
ClientId sender = requestSoap.getClient();
IsAuthentication.verifyClientAuthentication(sender, clientCert);
}
private static void startCommandLoop() throws IOException {
String prompt = "signer@" + SystemProperties.getSignerPort();
String description = "Enter '?list' to get list of available commands\n";
description += "Enter '?help <command>' to get command description\n";
description +=
"\nNOTE: Member identifier is entered as " + "\"<INSTANCE> <CLASS> <CODE>\" (in quotes)\n";
getShell(prompt, description).commandLoop();
}
private static URI[] getServiceAddresses(ServiceId serviceProvider, SecurityServerId serverId)
throws Exception {
log.trace("getServiceAddresses({})", serviceProvider);
Collection<String> hostNames = GlobalConf.getProviderAddress(serviceProvider.getClientId());
if (hostNames == null || hostNames.isEmpty()) {
throw new CodedException(
X_UNKNOWN_MEMBER,
"Could not find addresses for service provider \"%s\"",
serviceProvider);
}
if (serverId != null) {
final String securityServerAddress = GlobalConf.getSecurityServerAddress(serverId);
if (securityServerAddress == null) {
throw new CodedException(
X_INVALID_SECURITY_SERVER, "Could not find security server \"%s\"", serverId);
}
if (!hostNames.contains(securityServerAddress)) {
throw new CodedException(
X_INVALID_SECURITY_SERVER, "Invalid security server \"%s\"", serviceProvider);
}
hostNames = Collections.singleton(securityServerAddress);
}
String protocol = SystemProperties.isSslEnabled() ? "https" : "http";
int port = SystemProperties.getServerProxyPort();
List<URI> addresses = new ArrayList<>(hostNames.size());
for (String host : hostNames) {
addresses.add(new URI(protocol, null, host, port, "/", null, null));
}
return addresses.toArray(new URI[] {});
}
private void sendRequest(HttpSender httpSender) throws Exception {
log.trace("sendRequest()");
try {
// If we're using SSL, we need to include the provider name in
// the HTTP request so that server proxy could verify the SSL
// certificate properly.
if (SystemProperties.isSslEnabled()) {
httpSender.setAttribute(AuthTrustVerifier.ID_PROVIDERNAME, requestServiceId);
}
// Start sending the request to server proxies. The underlying
// SSLConnectionSocketFactory will select the fastest address
// (socket that connects first) from the provided addresses.
// Dummy service address is only needed so that host name resolving
// could do its thing and start the ssl connection.
URI[] addresses = getServiceAddresses(requestServiceId, requestSoap.getSecurityServer());
httpSender.setAttribute(ID_TARGETS, addresses);
httpSender.setTimeout(SystemProperties.getClientProxyTimeout());
httpSender.addHeader(HEADER_HASH_ALGO_ID, getHashAlgoId());
httpSender.addHeader(HEADER_PROXY_VERSION, ProxyMain.getVersion());
try {
httpSender.doPost(
getDummyServiceAddress(addresses), reqIns, CHUNKED_LENGTH, outputContentType);
} catch (Exception e) {
// Failed to connect to server proxy
MonitorAgent.serverProxyFailed(createRequestMessageInfo());
// Rethrow
throw e;
}
} finally {
if (reqIns != null) {
reqIns.close();
}
}
}
@Override
public void soap(SoapMessage message) throws Exception {
if (request == null) {
request = new ProxyMessageEncoder(reqOuts, getHashAlgoId());
outputContentType = request.getContentType();
}
// We have the request SOAP message, we can start sending the
// request to server proxy.
continueProcessing();
// In SSL mode, we need to send the OCSP response of our SSL cert.
if (SystemProperties.isSslEnabled()) {
writeOcspResponses();
}
request.soap(requestSoap);
}
/**
* Creates a new content signer using default algorithm.
*
* @param key the private key
* @return a new content signer instance
* @throws OperatorCreationException if the content signer cannot be created
*/
public static ContentSigner createDefaultContentSigner(PrivateKey key)
throws OperatorCreationException {
return createContentSigner(SystemProperties.getDefaultSignatureAlgorithm(), key);
}
