private void check(HttpServletRequest request, HttpServletResponse response) {
boolean authorizedIP = false;
String remoteIP = request.getRemoteAddr();
if ((authIPs != null) && (authIPs.length > 0)) {
for (int i = 0; i < authIPs.length; i++) {
if (remoteIP.equals(authIPs[i])) {
authorizedIP = true;
}
}
} else {
String iMsg = intres.getLocalizedMessage("healthcheck.allipsauthorized");
log.info(iMsg);
authorizedIP = true;
}
if (authorizedIP) {
getHealthResponse().respond(getHealthCheck().checkHealth(request), response);
} else {
if ((remoteIP == null) || (remoteIP.length() > 100)) {
remoteIP = "unknown";
}
try {
response.sendError(
HttpServletResponse.SC_UNAUTHORIZED,
"ERROR : Healthcheck request recieved from an non authorized IP: " + remoteIP);
} catch (IOException e) {
log.error("Problems generating unauthorized http response.", e);
}
String iMsg = intres.getLocalizedMessage("healthcheck.errorauth", remoteIP);
log.error(iMsg);
}
}
/**
* Handles HTTP GET
*
* @param request servlet request
* @param response servlet response
* @throws IOException input/output error
* @throws ServletException on error
*/
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException {
log.trace(">doGet()");
response.setHeader("Allow", "POST");
ServletDebug debug = new ServletDebug(request, response);
String iMsg = intres.getLocalizedMessage("certreq.postonly");
debug.print(iMsg);
debug.printDebugInfo();
log.trace("<doGet()");
}
/** @author mikek */
public abstract class AbstractHealthServlet extends HttpServlet {
private static final Logger log = Logger.getLogger(AbstractHealthServlet.class);
private static final long serialVersionUID = 1L;
/** Internal localization of logs and errors */
private static final InternalResources intres = InternalResources.getInstance();
private String[] authIPs = null;
/**
* Servlet init
*
* @param config servlet configuration
* @throws ServletException on error
*/
public void init(ServletConfig config) throws ServletException {
super.init(config);
// Install BouncyCastle provider
CryptoProviderTools.installBCProviderIfNotAvailable();
authIPs = EjbcaConfiguration.getHealthCheckAuthorizedIps().split(";");
if (config.getInitParameter("CheckPublishers") != null) {
log.warn(
"CheckPublishers servlet parameter has been dropped. Use \"healthcheck.publisherconnections\" property instead.");
}
initializeServlet();
getHealthCheck().init();
}
public abstract IHealthCheck getHealthCheck();
public abstract IHealthResponse getHealthResponse();
/** Override this method to inject members from the concrete servlet into the Health Checker. */
public abstract void initializeServlet();
private void check(HttpServletRequest request, HttpServletResponse response) {
boolean authorizedIP = false;
String remoteIP = request.getRemoteAddr();
if ((authIPs != null) && (authIPs.length > 0)) {
for (int i = 0; i < authIPs.length; i++) {
if (remoteIP.equals(authIPs[i])) {
authorizedIP = true;
}
}
} else {
String iMsg = intres.getLocalizedMessage("healthcheck.allipsauthorized");
log.info(iMsg);
authorizedIP = true;
}
if (authorizedIP) {
getHealthResponse().respond(getHealthCheck().checkHealth(request), response);
} else {
if ((remoteIP == null) || (remoteIP.length() > 100)) {
remoteIP = "unknown";
}
try {
response.sendError(
HttpServletResponse.SC_UNAUTHORIZED,
"ERROR : Healthcheck request recieved from an non authorized IP: " + remoteIP);
} catch (IOException e) {
log.error("Problems generating unauthorized http response.", e);
}
String iMsg = intres.getLocalizedMessage("healthcheck.errorauth", remoteIP);
log.error(iMsg);
}
}
/**
* Handles HTTP POST
*
* @param request servlet request
* @param response servlet response
* @throws IOException input/output error
* @throws ServletException on error
*/
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException {
if (log.isTraceEnabled()) {
log.trace(">doPost()");
}
check(request, response);
if (log.isTraceEnabled()) {
log.trace("<doPost()");
}
}
/**
* Handles HTTP GET
*
* @param request servlet request
* @param response servlet response
* @throws IOException input/output error
* @throws ServletException on error
*/
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException {
if (log.isTraceEnabled()) {
log.trace(">doGet()");
}
check(request, response);
if (log.isTraceEnabled()) {
log.trace("<doGet()");
}
}
}
/**
* Servlet used to install a private key with a corresponding certificate in a browser. A new
* certificate is installed in the browser in following steps:<br>
* 1. The key pair is generated by the browser. <br>
* 2. The public part is sent to the servlet in a POST together with user info ("pkcs10|keygen",
* "inst", "user", "password"). For internet explorer the public key is sent as a PKCS10 certificate
* request. <br>
* 3. The new certificate is created by calling the RSASignSession session bean. <br>
* 4. A page containing the new certificate and a script that installs it is returned to the
* browser. <br>
*
* <p>
*
* <p>The following initiation parameters are needed by this servlet: <br>
* "responseTemplate" file that defines the response to the user (IE). It should have one line with
* the text "cert =". This line is replaced with the new certificate. "keyStorePass". Password
* needed to load the key-store. If this parameter is none existing it is assumed that no password
* is needed. The path could be absolute or relative.<br>
*
* @author Original code by Lars Silven
* @version $Id: CertReqServlet.java 11492 2011-03-09 16:34:38Z netmackan $
*/
public class CertReqServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
private static final Logger log = Logger.getLogger(CertReqServlet.class);
private static final InternalResources intres = InternalResources.getInstance();
// This injection has been verified on JBoss
@EJB private AuthenticationSessionLocal authenticationSession;
@EJB private CAAdminSessionLocal caAdminSession;
@EJB private CertificateProfileSessionLocal certificateProfileSession;
@EJB private EndEntityProfileSessionLocal endEntityProfileSession;
@EJB private KeyRecoverySessionLocal keyRecoverySession;
@EJB private RaAdminSessionLocal raAdminSession;
@EJB private SignSessionLocal signSession;
@EJB private UserAdminSessionLocal userAdminSession;
@EJB private GlobalConfigurationSessionLocal globalConfigurationSession;
/**
* Servlet init
*
* @param config servlet configuration
* @throws ServletException on error
*/
public void init(ServletConfig config) throws ServletException {
super.init(config);
// Install BouncyCastle provider
CryptoProviderTools.installBCProvider();
}
/**
* Handles HTTP POST
*
* @param request servlet request
* @param response servlet response
* @throws IOException input/output error
* @throws ServletException on error
*/
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException {
new RequestInstance(
getServletContext(),
getServletConfig(),
authenticationSession,
caAdminSession,
certificateProfileSession,
endEntityProfileSession,
keyRecoverySession,
raAdminSession,
signSession,
userAdminSession,
globalConfigurationSession)
.doPost(request, response);
}
/**
* Handles HTTP GET
*
* @param request servlet request
* @param response servlet response
* @throws IOException input/output error
* @throws ServletException on error
*/
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException {
log.trace(">doGet()");
response.setHeader("Allow", "POST");
ServletDebug debug = new ServletDebug(request, response);
String iMsg = intres.getLocalizedMessage("certreq.postonly");
debug.print(iMsg);
debug.printDebugInfo();
log.trace("<doGet()");
}
}
