예제 #1
0
  private void check(HttpServletRequest request, HttpServletResponse response) {
    boolean authorizedIP = false;
    String remoteIP = request.getRemoteAddr();
    if ((authIPs != null) && (authIPs.length > 0)) {
      for (int i = 0; i < authIPs.length; i++) {
        if (remoteIP.equals(authIPs[i])) {
          authorizedIP = true;
        }
      }
    } else {
      String iMsg = intres.getLocalizedMessage("healthcheck.allipsauthorized");
      log.info(iMsg);
      authorizedIP = true;
    }

    if (authorizedIP) {
      getHealthResponse().respond(getHealthCheck().checkHealth(request), response);
    } else {
      if ((remoteIP == null) || (remoteIP.length() > 100)) {
        remoteIP = "unknown";
      }
      try {
        response.sendError(
            HttpServletResponse.SC_UNAUTHORIZED,
            "ERROR : Healthcheck request recieved from an non authorized IP: " + remoteIP);
      } catch (IOException e) {
        log.error("Problems generating unauthorized http response.", e);
      }
      String iMsg = intres.getLocalizedMessage("healthcheck.errorauth", remoteIP);
      log.error(iMsg);
    }
  }
예제 #2
0
  /**
   * Handles HTTP GET
   *
   * @param request servlet request
   * @param response servlet response
   * @throws IOException input/output error
   * @throws ServletException on error
   */
  public void doGet(HttpServletRequest request, HttpServletResponse response)
      throws IOException, ServletException {
    log.trace(">doGet()");
    response.setHeader("Allow", "POST");

    ServletDebug debug = new ServletDebug(request, response);
    String iMsg = intres.getLocalizedMessage("certreq.postonly");
    debug.print(iMsg);
    debug.printDebugInfo();
    log.trace("<doGet()");
  }
예제 #3
0
/** @author mikek */
public abstract class AbstractHealthServlet extends HttpServlet {

  private static final Logger log = Logger.getLogger(AbstractHealthServlet.class);
  private static final long serialVersionUID = 1L;

  /** Internal localization of logs and errors */
  private static final InternalResources intres = InternalResources.getInstance();

  private String[] authIPs = null;

  /**
   * Servlet init
   *
   * @param config servlet configuration
   * @throws ServletException on error
   */
  public void init(ServletConfig config) throws ServletException {
    super.init(config);

    // Install BouncyCastle provider
    CryptoProviderTools.installBCProviderIfNotAvailable();

    authIPs = EjbcaConfiguration.getHealthCheckAuthorizedIps().split(";");

    if (config.getInitParameter("CheckPublishers") != null) {
      log.warn(
          "CheckPublishers servlet parameter has been dropped. Use \"healthcheck.publisherconnections\" property instead.");
    }
    initializeServlet();
    getHealthCheck().init();
  }

  public abstract IHealthCheck getHealthCheck();

  public abstract IHealthResponse getHealthResponse();

  /** Override this method to inject members from the concrete servlet into the Health Checker. */
  public abstract void initializeServlet();

  private void check(HttpServletRequest request, HttpServletResponse response) {
    boolean authorizedIP = false;
    String remoteIP = request.getRemoteAddr();
    if ((authIPs != null) && (authIPs.length > 0)) {
      for (int i = 0; i < authIPs.length; i++) {
        if (remoteIP.equals(authIPs[i])) {
          authorizedIP = true;
        }
      }
    } else {
      String iMsg = intres.getLocalizedMessage("healthcheck.allipsauthorized");
      log.info(iMsg);
      authorizedIP = true;
    }

    if (authorizedIP) {
      getHealthResponse().respond(getHealthCheck().checkHealth(request), response);
    } else {
      if ((remoteIP == null) || (remoteIP.length() > 100)) {
        remoteIP = "unknown";
      }
      try {
        response.sendError(
            HttpServletResponse.SC_UNAUTHORIZED,
            "ERROR : Healthcheck request recieved from an non authorized IP: " + remoteIP);
      } catch (IOException e) {
        log.error("Problems generating unauthorized http response.", e);
      }
      String iMsg = intres.getLocalizedMessage("healthcheck.errorauth", remoteIP);
      log.error(iMsg);
    }
  }

  /**
   * Handles HTTP POST
   *
   * @param request servlet request
   * @param response servlet response
   * @throws IOException input/output error
   * @throws ServletException on error
   */
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws IOException, ServletException {
    if (log.isTraceEnabled()) {
      log.trace(">doPost()");
    }
    check(request, response);
    if (log.isTraceEnabled()) {
      log.trace("<doPost()");
    }
  }

  /**
   * Handles HTTP GET
   *
   * @param request servlet request
   * @param response servlet response
   * @throws IOException input/output error
   * @throws ServletException on error
   */
  public void doGet(HttpServletRequest request, HttpServletResponse response)
      throws IOException, ServletException {
    if (log.isTraceEnabled()) {
      log.trace(">doGet()");
    }
    check(request, response);
    if (log.isTraceEnabled()) {
      log.trace("<doGet()");
    }
  }
}
예제 #4
0
/**
 * Servlet used to install a private key with a corresponding certificate in a browser. A new
 * certificate is installed in the browser in following steps:<br>
 * 1. The key pair is generated by the browser. <br>
 * 2. The public part is sent to the servlet in a POST together with user info ("pkcs10|keygen",
 * "inst", "user", "password"). For internet explorer the public key is sent as a PKCS10 certificate
 * request. <br>
 * 3. The new certificate is created by calling the RSASignSession session bean. <br>
 * 4. A page containing the new certificate and a script that installs it is returned to the
 * browser. <br>
 *
 * <p>
 *
 * <p>The following initiation parameters are needed by this servlet: <br>
 * "responseTemplate" file that defines the response to the user (IE). It should have one line with
 * the text "cert =". This line is replaced with the new certificate. "keyStorePass". Password
 * needed to load the key-store. If this parameter is none existing it is assumed that no password
 * is needed. The path could be absolute or relative.<br>
 *
 * @author Original code by Lars Silven
 * @version $Id: CertReqServlet.java 11492 2011-03-09 16:34:38Z netmackan $
 */
public class CertReqServlet extends HttpServlet {

  private static final long serialVersionUID = 1L;
  private static final Logger log = Logger.getLogger(CertReqServlet.class);
  private static final InternalResources intres = InternalResources.getInstance();

  // This injection has been verified on JBoss
  @EJB private AuthenticationSessionLocal authenticationSession;
  @EJB private CAAdminSessionLocal caAdminSession;
  @EJB private CertificateProfileSessionLocal certificateProfileSession;
  @EJB private EndEntityProfileSessionLocal endEntityProfileSession;
  @EJB private KeyRecoverySessionLocal keyRecoverySession;
  @EJB private RaAdminSessionLocal raAdminSession;
  @EJB private SignSessionLocal signSession;
  @EJB private UserAdminSessionLocal userAdminSession;
  @EJB private GlobalConfigurationSessionLocal globalConfigurationSession;

  /**
   * Servlet init
   *
   * @param config servlet configuration
   * @throws ServletException on error
   */
  public void init(ServletConfig config) throws ServletException {
    super.init(config);
    // Install BouncyCastle provider
    CryptoProviderTools.installBCProvider();
  }

  /**
   * Handles HTTP POST
   *
   * @param request servlet request
   * @param response servlet response
   * @throws IOException input/output error
   * @throws ServletException on error
   */
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws IOException, ServletException {
    new RequestInstance(
            getServletContext(),
            getServletConfig(),
            authenticationSession,
            caAdminSession,
            certificateProfileSession,
            endEntityProfileSession,
            keyRecoverySession,
            raAdminSession,
            signSession,
            userAdminSession,
            globalConfigurationSession)
        .doPost(request, response);
  }

  /**
   * Handles HTTP GET
   *
   * @param request servlet request
   * @param response servlet response
   * @throws IOException input/output error
   * @throws ServletException on error
   */
  public void doGet(HttpServletRequest request, HttpServletResponse response)
      throws IOException, ServletException {
    log.trace(">doGet()");
    response.setHeader("Allow", "POST");

    ServletDebug debug = new ServletDebug(request, response);
    String iMsg = intres.getLocalizedMessage("certreq.postonly");
    debug.print(iMsg);
    debug.printDebugInfo();
    log.trace("<doGet()");
  }
}