use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.
the class ServerMessageProcessor method verifySslClientCert.
private void verifySslClientCert() throws Exception {
log.trace("verifySslClientCert()");
if (requestMessage.getOcspResponses().isEmpty()) {
throw new CodedException(X_SSL_AUTH_FAILED, "Cannot verify TLS certificate, corresponding OCSP response is missing");
}
String instanceIdentifier = requestMessage.getSoap().getClient().getXRoadInstance();
X509Certificate trustAnchor = GlobalConf.getCaCert(instanceIdentifier, clientSslCerts[clientSslCerts.length - 1]);
if (trustAnchor == null) {
throw new Exception("Unable to find trust anchor");
}
try {
CertChain chain = CertChain.create(instanceIdentifier, (X509Certificate[]) ArrayUtils.add(clientSslCerts, trustAnchor));
CertHelper.verifyAuthCert(chain, requestMessage.getOcspResponses(), requestMessage.getSoap().getClient());
} catch (Exception e) {
throw new CodedException(X_SSL_AUTH_FAILED, e);
}
}
use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.
the class ServerMessageProcessor method verifyAccess.
private void verifyAccess() throws Exception {
log.trace("verifyAccess()");
if (!ServerConf.serviceExists(requestServiceId)) {
throw new CodedException(X_UNKNOWN_SERVICE, "Unknown service: %s", requestServiceId);
}
DescriptionType descriptionType = ServerConf.getDescriptionType(requestServiceId);
if (descriptionType != null && descriptionType != DescriptionType.WSDL) {
throw new CodedException(X_INVALID_SERVICE_TYPE, "Service is a REST service and cannot be called using SOAP interface");
}
verifySecurityCategory(requestServiceId);
if (!ServerConf.isQueryAllowed(requestMessage.getSoap().getClient(), requestServiceId)) {
throw new CodedException(X_ACCESS_DENIED, "Request is not allowed: %s", requestServiceId);
}
String disabledNotice = ServerConf.getDisabledNotice(requestServiceId);
if (disabledNotice != null) {
throw new CodedException(X_SERVICE_DISABLED, "Service %s is disabled: %s", requestServiceId, disabledNotice);
}
}
use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.
the class ServerMessageProcessor method readMessage.
private void readMessage() throws Exception {
log.trace("readMessage()");
originalSoapAction = validateSoapActionHeader(servletRequest.getHeader(HEADER_ORIGINAL_SOAP_ACTION));
requestMessage = new ProxyMessage(servletRequest.getHeader(HEADER_ORIGINAL_CONTENT_TYPE)) {
@Override
public void soap(SoapMessageImpl soapMessage, Map<String, String> additionalHeaders) throws Exception {
super.soap(soapMessage, additionalHeaders);
updateOpMonitoringDataBySoapMessage(opMonitoringData, soapMessage);
requestServiceId = soapMessage.getService();
verifySecurityServer();
verifyClientStatus();
responseSigningCtx = KeyConf.getSigningCtx(requestServiceId.getClientId());
if (SystemProperties.isSslEnabled()) {
verifySslClientCert();
}
}
};
decoder = new ProxyMessageDecoder(requestMessage, servletRequest.getContentType(), false, getHashAlgoId(servletRequest));
try {
decoder.parse(servletRequest.getInputStream());
} catch (CodedException e) {
throw e.withPrefix(X_SERVICE_FAILED_X);
}
updateOpMonitoringDataByRequest();
// Check if the input contained all the required bits.
checkRequest();
}
use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.
the class ServerProxyHandler method handle.
@Override
public void handle(String target, Request baseRequest, final HttpServletRequest request, final HttpServletResponse response) throws IOException, ServletException {
OpMonitoringData opMonitoringData = new OpMonitoringData(PRODUCER, getEpochMillisecond());
long start = PerformanceLogger.log(log, "Received request from " + request.getRemoteAddr());
if (!SystemProperties.isServerProxySupportClientsPooledConnections()) {
// if the header is added, the connections are closed and cannot be reused on the client side
response.addHeader("Connection", "close");
}
try {
if (!request.getMethod().equalsIgnoreCase("POST")) {
throw new CodedException(X_INVALID_HTTP_METHOD, "Must use POST request method instead of %s", request.getMethod());
}
GlobalConf.verifyValidity();
logProxyVersion(request);
baseRequest.getHttpChannel().setIdleTimeout(idleTimeout);
final MessageProcessorBase processor = createRequestProcessor(request, response, opMonitoringData);
processor.process();
final MessageInfo messageInfo = processor.createRequestMessageInfo();
if (processor.verifyMessageExchangeSucceeded()) {
MonitorAgent.success(messageInfo, new Date(start), new Date());
} else {
MonitorAgent.failure(messageInfo, null, null);
}
} catch (Throwable e) {
// We want to catch serious errors as well
CodedException cex = translateWithPrefix(SERVER_SERVERPROXY_X, e);
log.error("Request processing error ({})", cex.getFaultDetail(), e);
opMonitoringData.setFaultCodeAndString(cex);
opMonitoringData.setResponseOutTs(getEpochMillisecond(), false);
failure(request, response, cex);
} finally {
baseRequest.setHandled(true);
opMonitoringData.setResponseOutTs(getEpochMillisecond(), false);
OpMonitoring.store(opMonitoringData);
PerformanceLogger.log(log, start, "Request handled");
}
}
use of ee.ria.xroad.common.CodedException in project X-Road by nordic-institute.
the class ServerRestMessageProcessor method readMessage.
private void readMessage() throws Exception {
log.trace("readMessage()");
requestMessage = new ProxyMessage(servletRequest.getHeader(HEADER_ORIGINAL_CONTENT_TYPE)) {
@Override
public void rest(RestRequest message) throws Exception {
super.rest(message);
requestServiceId = message.getServiceId();
verifyClientStatus();
responseSigningCtx = KeyConf.getSigningCtx(requestServiceId.getClientId());
if (SystemProperties.isSslEnabled()) {
verifySslClientCert();
}
}
};
decoder = new ProxyMessageDecoder(requestMessage, servletRequest.getContentType(), false, getHashAlgoId(servletRequest));
try {
decoder.parse(servletRequest.getInputStream());
} catch (CodedException e) {
throw e.withPrefix(X_SERVICE_FAILED_X);
}
updateOpMonitoringDataByRequest();
// Check if the input contained all the required bits.
checkRequest();
}
Aggregations