use of org.xipki.ca.server.api.X509CaCmpResponder in project xipki by xipki.
the class HttpCmpServlet method service.
@Override
public FullHttpResponse service(FullHttpRequest request, ServletURI servletUri, SSLSession sslSession, SslReverseProxyMode sslReverseProxyMode) throws Exception {
HttpVersion httpVersion = request.protocolVersion();
HttpMethod method = request.method();
if (method != HttpMethod.POST) {
return createErrorResponse(httpVersion, HttpResponseStatus.METHOD_NOT_ALLOWED);
}
X509Certificate clientCert = getClientCert(request, sslSession, sslReverseProxyMode);
AuditService auditService = auditServiceRegister.getAuditService();
AuditEvent event = new AuditEvent(new Date());
event.setApplicationName(CaAuditConstants.APPNAME);
event.setName(CaAuditConstants.NAME_PERF);
event.addEventData(CaAuditConstants.NAME_reqType, RequestType.CMP.name());
AuditLevel auditLevel = AuditLevel.INFO;
AuditStatus auditStatus = AuditStatus.SUCCESSFUL;
String auditMessage = null;
try {
if (responderManager == null) {
String message = "responderManager in servlet not configured";
LOG.error(message);
throw new HttpRespAuditException(HttpResponseStatus.INTERNAL_SERVER_ERROR, message, AuditLevel.ERROR, AuditStatus.FAILED);
}
String reqContentType = request.headers().get("Content-Type");
if (!CT_REQUEST.equalsIgnoreCase(reqContentType)) {
String message = "unsupported media type " + reqContentType;
throw new HttpRespAuditException(HttpResponseStatus.UNSUPPORTED_MEDIA_TYPE, message, AuditLevel.INFO, AuditStatus.FAILED);
}
String caName = null;
X509CaCmpResponder responder = null;
if (servletUri.getPath().length() > 1) {
// skip the first char which is always '/'
String caAlias = servletUri.getPath().substring(1);
caName = responderManager.getCaNameForAlias(caAlias);
if (caName == null) {
caName = caAlias.toLowerCase();
}
responder = responderManager.getX509CaResponder(caName);
}
if (caName == null || responder == null || !responder.isOnService()) {
String message;
if (caName == null) {
message = "no CA is specified";
} else if (responder == null) {
message = "unknown CA '" + caName + "'";
} else {
message = "CA '" + caName + "' is out of service";
}
LOG.warn(message);
throw new HttpRespAuditException(HttpResponseStatus.NOT_FOUND, message, AuditLevel.INFO, AuditStatus.FAILED);
}
event.addEventData(CaAuditConstants.NAME_ca, responder.getCaName());
byte[] reqContent = readContent(request);
PKIMessage pkiReq;
try {
pkiReq = PKIMessage.getInstance(reqContent);
} catch (Exception ex) {
LogUtil.error(LOG, ex, "could not parse the request (PKIMessage)");
throw new HttpRespAuditException(HttpResponseStatus.BAD_REQUEST, "bad request", AuditLevel.INFO, AuditStatus.FAILED);
}
PKIMessage pkiResp = responder.processPkiMessage(pkiReq, clientCert, event);
byte[] encodedPkiResp = pkiResp.getEncoded();
return createOKResponse(httpVersion, CT_RESPONSE, encodedPkiResp);
} catch (HttpRespAuditException ex) {
auditStatus = ex.getAuditStatus();
auditLevel = ex.getAuditLevel();
auditMessage = ex.getAuditMessage();
return createErrorResponse(httpVersion, ex.getHttpStatus());
} catch (Throwable th) {
if (th instanceof EOFException) {
LogUtil.warn(LOG, th, "connection reset by peer");
} else {
LOG.error("Throwable thrown, this should not happen!", th);
}
auditLevel = AuditLevel.ERROR;
auditStatus = AuditStatus.FAILED;
auditMessage = "internal error";
return createErrorResponse(httpVersion, HttpResponseStatus.INTERNAL_SERVER_ERROR);
} finally {
audit(auditService, event, auditLevel, auditStatus, auditMessage);
}
}
use of org.xipki.ca.server.api.X509CaCmpResponder in project xipki by xipki.
the class HealthCheckServlet method doGet.
@Override
protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
resp.setHeader("Access-Control-Allow-Origin", "*");
ResponderManager responderManager = ServletHelper.getResponderManager();
if (responderManager == null) {
LOG.error("ServletHelper.responderManager not configured");
sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return;
}
try {
String caName = null;
X509CaCmpResponder responder = null;
String path = StringUtil.getRelativeRequestUri(req.getServletPath(), req.getRequestURI());
if (path.length() > 1) {
// skip the first char which is always '/'
String caAlias = path.substring(1);
caName = responderManager.getCaNameForAlias(caAlias);
if (caName == null) {
caName = caAlias.toLowerCase();
}
responder = responderManager.getX509CaResponder(caName);
}
if (caName == null || responder == null || !responder.isOnService()) {
String auditMessage;
if (caName == null) {
auditMessage = "no CA is specified";
} else if (responder == null) {
auditMessage = "unknown CA '" + caName + "'";
} else {
auditMessage = "CA '" + caName + "' is out of service";
}
LOG.warn(auditMessage);
sendError(resp, HttpServletResponse.SC_NOT_FOUND);
return;
}
HealthCheckResult healthResult = responder.healthCheck();
int status = healthResult.isHealthy() ? HttpServletResponse.SC_OK : HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
byte[] respBytes = healthResult.toJsonMessage(true).getBytes();
resp.setStatus(status);
resp.setContentLength(respBytes.length);
resp.setContentType(CT_RESPONSE);
resp.getOutputStream().write(respBytes);
} catch (Throwable th) {
if (th instanceof EOFException) {
LogUtil.warn(LOG, th, "connection reset by peer");
} else {
LOG.error("Throwable thrown, this should not happen!", th);
}
sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
} finally {
resp.flushBuffer();
}
}
use of org.xipki.ca.server.api.X509CaCmpResponder in project xipki by xipki.
the class HealthCheckServlet method service0.
private FullHttpResponse service0(FullHttpRequest request, ServletURI servletUri, SSLSession sslSession) {
HttpVersion version = request.protocolVersion();
HttpMethod method = request.method();
if (method != HttpMethod.GET) {
return createErrorResponse(version, HttpResponseStatus.METHOD_NOT_ALLOWED);
}
try {
if (responderManager == null) {
LOG.error("responderManager in servlet is not configured");
return createErrorResponse(version, HttpResponseStatus.INTERNAL_SERVER_ERROR);
}
String caName = null;
X509CaCmpResponder responder = null;
if (servletUri.getPath().length() > 1) {
// skip the first char which is always '/'
String caAlias = servletUri.getPath().substring(1);
caName = responderManager.getCaNameForAlias(caAlias);
if (caName == null) {
caName = caAlias.toLowerCase();
}
responder = responderManager.getX509CaResponder(caName);
}
if (caName == null || responder == null || !responder.isOnService()) {
String auditMessage;
if (caName == null) {
auditMessage = "no CA is specified";
} else if (responder == null) {
auditMessage = "unknown CA '" + caName + "'";
} else {
auditMessage = "CA '" + caName + "' is out of service";
}
LOG.warn(auditMessage);
return createErrorResponse(version, HttpResponseStatus.NOT_FOUND);
}
HealthCheckResult healthResult = responder.healthCheck();
HttpResponseStatus status = healthResult.isHealthy() ? HttpResponseStatus.OK : HttpResponseStatus.INTERNAL_SERVER_ERROR;
byte[] respBytes = healthResult.toJsonMessage(true).getBytes();
return createResponse(version, status, HealthCheckServlet.CT_RESPONSE, respBytes);
} catch (Throwable th) {
if (th instanceof EOFException) {
LogUtil.warn(LOG, th, "connection reset by peer");
} else {
LOG.error("Throwable thrown, this should not happen!", th);
}
return createErrorResponse(version, HttpResponseStatus.INTERNAL_SERVER_ERROR);
}
}
use of org.xipki.ca.server.api.X509CaCmpResponder in project xipki by xipki.
the class HttpCmpServlet method doPost.
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
AuditServiceRegister auditServiceRegister = ServletHelper.getAuditServiceRegister();
if (auditServiceRegister == null) {
LOG.error("ServletHelper.auditServiceRegister not configured");
sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return;
}
ResponderManager responderManager = ServletHelper.getResponderManager();
if (responderManager == null) {
LOG.error("ServletHelper.responderManager not configured");
sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return;
}
X509Certificate clientCert = ClientCertCache.getTlsClientCert(req);
AuditService auditService = auditServiceRegister.getAuditService();
AuditEvent event = new AuditEvent(new Date());
event.setApplicationName(CaAuditConstants.APPNAME);
event.setName(CaAuditConstants.NAME_PERF);
event.addEventData(CaAuditConstants.NAME_reqType, RequestType.CMP.name());
AuditLevel auditLevel = AuditLevel.INFO;
AuditStatus auditStatus = AuditStatus.SUCCESSFUL;
String auditMessage = null;
try {
String reqContentType = req.getHeader("Content-Type");
if (!CT_REQUEST.equalsIgnoreCase(reqContentType)) {
String message = "unsupported media type " + reqContentType;
throw new HttpRespAuditException(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE, message, AuditLevel.INFO, AuditStatus.FAILED);
}
String caName = null;
X509CaCmpResponder responder = null;
String path = StringUtil.getRelativeRequestUri(req.getServletPath(), req.getRequestURI());
if (path.length() > 1) {
// skip the first char which is always '/'
String caAlias = path.substring(1);
caName = responderManager.getCaNameForAlias(caAlias);
if (caName == null) {
caName = caAlias.toLowerCase();
}
responder = responderManager.getX509CaResponder(caName);
}
if (caName == null || responder == null || !responder.isOnService()) {
String message;
if (caName == null) {
message = "no CA is specified";
} else if (responder == null) {
message = "unknown CA '" + caName + "'";
} else {
message = "CA '" + caName + "' is out of service";
}
LOG.warn(message);
throw new HttpRespAuditException(HttpServletResponse.SC_NOT_FOUND, message, AuditLevel.INFO, AuditStatus.FAILED);
}
event.addEventData(CaAuditConstants.NAME_ca, responder.getCaName());
byte[] reqContent = IoUtil.read(req.getInputStream());
PKIMessage pkiReq;
try {
pkiReq = PKIMessage.getInstance(reqContent);
} catch (Exception ex) {
LogUtil.error(LOG, ex, "could not parse the request (PKIMessage)");
throw new HttpRespAuditException(HttpServletResponse.SC_BAD_REQUEST, "bad request", AuditLevel.INFO, AuditStatus.FAILED);
}
PKIMessage pkiResp = responder.processPkiMessage(pkiReq, clientCert, event);
byte[] encodedPkiResp = pkiResp.getEncoded();
resp.setContentType(CT_RESPONSE);
resp.setContentLength(encodedPkiResp.length);
resp.getOutputStream().write(encodedPkiResp);
} catch (HttpRespAuditException ex) {
auditStatus = ex.getAuditStatus();
auditLevel = ex.getAuditLevel();
auditMessage = ex.getAuditMessage();
sendError(resp, ex.getHttpStatus());
} catch (Throwable th) {
if (th instanceof EOFException) {
LogUtil.warn(LOG, th, "connection reset by peer");
} else {
LOG.error("Throwable thrown, this should not happen!", th);
}
auditLevel = AuditLevel.ERROR;
auditStatus = AuditStatus.FAILED;
auditMessage = "internal error";
sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
} finally {
resp.flushBuffer();
audit(auditService, event, auditLevel, auditStatus, auditMessage);
}
}
Aggregations