Examples with X509CaCmpResponder org.xipki.ca.server.api.X509CaCmpResponder used on opensource projects

Search in sources :

Example 1 with X509CaCmpResponder

use of org.xipki.ca.server.api.X509CaCmpResponder in project xipki by xipki.

the class HttpCmpServlet method service.

@Override
public FullHttpResponse service(FullHttpRequest request, ServletURI servletUri, SSLSession sslSession, SslReverseProxyMode sslReverseProxyMode) throws Exception {
    HttpVersion httpVersion = request.protocolVersion();
    HttpMethod method = request.method();
    if (method != HttpMethod.POST) {
        return createErrorResponse(httpVersion, HttpResponseStatus.METHOD_NOT_ALLOWED);
    }
    X509Certificate clientCert = getClientCert(request, sslSession, sslReverseProxyMode);
    AuditService auditService = auditServiceRegister.getAuditService();
    AuditEvent event = new AuditEvent(new Date());
    event.setApplicationName(CaAuditConstants.APPNAME);
    event.setName(CaAuditConstants.NAME_PERF);
    event.addEventData(CaAuditConstants.NAME_reqType, RequestType.CMP.name());
    AuditLevel auditLevel = AuditLevel.INFO;
    AuditStatus auditStatus = AuditStatus.SUCCESSFUL;
    String auditMessage = null;
    try {
        if (responderManager == null) {
            String message = "responderManager in servlet not configured";
            LOG.error(message);
            throw new HttpRespAuditException(HttpResponseStatus.INTERNAL_SERVER_ERROR, message, AuditLevel.ERROR, AuditStatus.FAILED);
        }
        String reqContentType = request.headers().get("Content-Type");
        if (!CT_REQUEST.equalsIgnoreCase(reqContentType)) {
            String message = "unsupported media type " + reqContentType;
            throw new HttpRespAuditException(HttpResponseStatus.UNSUPPORTED_MEDIA_TYPE, message, AuditLevel.INFO, AuditStatus.FAILED);
        }
        String caName = null;
        X509CaCmpResponder responder = null;
        if (servletUri.getPath().length() > 1) {
            // skip the first char which is always '/'
            String caAlias = servletUri.getPath().substring(1);
            caName = responderManager.getCaNameForAlias(caAlias);
            if (caName == null) {
                caName = caAlias.toLowerCase();
            }
            responder = responderManager.getX509CaResponder(caName);
        }
        if (caName == null || responder == null || !responder.isOnService()) {
            String message;
            if (caName == null) {
                message = "no CA is specified";
            } else if (responder == null) {
                message = "unknown CA '" + caName + "'";
            } else {
                message = "CA '" + caName + "' is out of service";
            }
            LOG.warn(message);
            throw new HttpRespAuditException(HttpResponseStatus.NOT_FOUND, message, AuditLevel.INFO, AuditStatus.FAILED);
        }
        event.addEventData(CaAuditConstants.NAME_ca, responder.getCaName());
        byte[] reqContent = readContent(request);
        PKIMessage pkiReq;
        try {
            pkiReq = PKIMessage.getInstance(reqContent);
        } catch (Exception ex) {
            LogUtil.error(LOG, ex, "could not parse the request (PKIMessage)");
            throw new HttpRespAuditException(HttpResponseStatus.BAD_REQUEST, "bad request", AuditLevel.INFO, AuditStatus.FAILED);
        }
        PKIMessage pkiResp = responder.processPkiMessage(pkiReq, clientCert, event);
        byte[] encodedPkiResp = pkiResp.getEncoded();
        return createOKResponse(httpVersion, CT_RESPONSE, encodedPkiResp);
    } catch (HttpRespAuditException ex) {
        auditStatus = ex.getAuditStatus();
        auditLevel = ex.getAuditLevel();
        auditMessage = ex.getAuditMessage();
        return createErrorResponse(httpVersion, ex.getHttpStatus());
    } catch (Throwable th) {
        if (th instanceof EOFException) {
            LogUtil.warn(LOG, th, "connection reset by peer");
        } else {
            LOG.error("Throwable thrown, this should not happen!", th);
        }
        auditLevel = AuditLevel.ERROR;
        auditStatus = AuditStatus.FAILED;
        auditMessage = "internal error";
        return createErrorResponse(httpVersion, HttpResponseStatus.INTERNAL_SERVER_ERROR);
    } finally {
        audit(auditService, event, auditLevel, auditStatus, auditMessage);
    }
}
Also used : PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage) AuditLevel(org.xipki.audit.AuditLevel) X509Certificate(java.security.cert.X509Certificate) Date(java.util.Date) EOFException(java.io.EOFException) AuditStatus(org.xipki.audit.AuditStatus) X509CaCmpResponder(org.xipki.ca.server.api.X509CaCmpResponder) EOFException(java.io.EOFException) AuditEvent(org.xipki.audit.AuditEvent) HttpVersion(io.netty.handler.codec.http.HttpVersion) AuditService(org.xipki.audit.AuditService) HttpMethod(io.netty.handler.codec.http.HttpMethod)

Example 2 with X509CaCmpResponder

use of org.xipki.ca.server.api.X509CaCmpResponder in project xipki by xipki.

the class HealthCheckServlet method doGet.

@Override
protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
    resp.setHeader("Access-Control-Allow-Origin", "*");
    ResponderManager responderManager = ServletHelper.getResponderManager();
    if (responderManager == null) {
        LOG.error("ServletHelper.responderManager not configured");
        sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        return;
    }
    try {
        String caName = null;
        X509CaCmpResponder responder = null;
        String path = StringUtil.getRelativeRequestUri(req.getServletPath(), req.getRequestURI());
        if (path.length() > 1) {
            // skip the first char which is always '/'
            String caAlias = path.substring(1);
            caName = responderManager.getCaNameForAlias(caAlias);
            if (caName == null) {
                caName = caAlias.toLowerCase();
            }
            responder = responderManager.getX509CaResponder(caName);
        }
        if (caName == null || responder == null || !responder.isOnService()) {
            String auditMessage;
            if (caName == null) {
                auditMessage = "no CA is specified";
            } else if (responder == null) {
                auditMessage = "unknown CA '" + caName + "'";
            } else {
                auditMessage = "CA '" + caName + "' is out of service";
            }
            LOG.warn(auditMessage);
            sendError(resp, HttpServletResponse.SC_NOT_FOUND);
            return;
        }
        HealthCheckResult healthResult = responder.healthCheck();
        int status = healthResult.isHealthy() ? HttpServletResponse.SC_OK : HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
        byte[] respBytes = healthResult.toJsonMessage(true).getBytes();
        resp.setStatus(status);
        resp.setContentLength(respBytes.length);
        resp.setContentType(CT_RESPONSE);
        resp.getOutputStream().write(respBytes);
    } catch (Throwable th) {
        if (th instanceof EOFException) {
            LogUtil.warn(LOG, th, "connection reset by peer");
        } else {
            LOG.error("Throwable thrown, this should not happen!", th);
        }
        sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
    } finally {
        resp.flushBuffer();
    }
}
Also used : X509CaCmpResponder(org.xipki.ca.server.api.X509CaCmpResponder) EOFException(java.io.EOFException) ResponderManager(org.xipki.ca.server.api.ResponderManager) HealthCheckResult(org.xipki.common.HealthCheckResult)

Example 3 with X509CaCmpResponder

use of org.xipki.ca.server.api.X509CaCmpResponder in project xipki by xipki.

the class HealthCheckServlet method service0.

private FullHttpResponse service0(FullHttpRequest request, ServletURI servletUri, SSLSession sslSession) {
    HttpVersion version = request.protocolVersion();
    HttpMethod method = request.method();
    if (method != HttpMethod.GET) {
        return createErrorResponse(version, HttpResponseStatus.METHOD_NOT_ALLOWED);
    }
    try {
        if (responderManager == null) {
            LOG.error("responderManager in servlet is not configured");
            return createErrorResponse(version, HttpResponseStatus.INTERNAL_SERVER_ERROR);
        }
        String caName = null;
        X509CaCmpResponder responder = null;
        if (servletUri.getPath().length() > 1) {
            // skip the first char which is always '/'
            String caAlias = servletUri.getPath().substring(1);
            caName = responderManager.getCaNameForAlias(caAlias);
            if (caName == null) {
                caName = caAlias.toLowerCase();
            }
            responder = responderManager.getX509CaResponder(caName);
        }
        if (caName == null || responder == null || !responder.isOnService()) {
            String auditMessage;
            if (caName == null) {
                auditMessage = "no CA is specified";
            } else if (responder == null) {
                auditMessage = "unknown CA '" + caName + "'";
            } else {
                auditMessage = "CA '" + caName + "' is out of service";
            }
            LOG.warn(auditMessage);
            return createErrorResponse(version, HttpResponseStatus.NOT_FOUND);
        }
        HealthCheckResult healthResult = responder.healthCheck();
        HttpResponseStatus status = healthResult.isHealthy() ? HttpResponseStatus.OK : HttpResponseStatus.INTERNAL_SERVER_ERROR;
        byte[] respBytes = healthResult.toJsonMessage(true).getBytes();
        return createResponse(version, status, HealthCheckServlet.CT_RESPONSE, respBytes);
    } catch (Throwable th) {
        if (th instanceof EOFException) {
            LogUtil.warn(LOG, th, "connection reset by peer");
        } else {
            LOG.error("Throwable thrown, this should not happen!", th);
        }
        return createErrorResponse(version, HttpResponseStatus.INTERNAL_SERVER_ERROR);
    }
}
Also used : X509CaCmpResponder(org.xipki.ca.server.api.X509CaCmpResponder) HttpResponseStatus(io.netty.handler.codec.http.HttpResponseStatus) EOFException(java.io.EOFException) HealthCheckResult(org.xipki.common.HealthCheckResult) HttpVersion(io.netty.handler.codec.http.HttpVersion) HttpMethod(io.netty.handler.codec.http.HttpMethod)

Example 4 with X509CaCmpResponder

use of org.xipki.ca.server.api.X509CaCmpResponder in project xipki by xipki.

the class HttpCmpServlet method doPost.

@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    AuditServiceRegister auditServiceRegister = ServletHelper.getAuditServiceRegister();
    if (auditServiceRegister == null) {
        LOG.error("ServletHelper.auditServiceRegister not configured");
        sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        return;
    }
    ResponderManager responderManager = ServletHelper.getResponderManager();
    if (responderManager == null) {
        LOG.error("ServletHelper.responderManager not configured");
        sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        return;
    }
    X509Certificate clientCert = ClientCertCache.getTlsClientCert(req);
    AuditService auditService = auditServiceRegister.getAuditService();
    AuditEvent event = new AuditEvent(new Date());
    event.setApplicationName(CaAuditConstants.APPNAME);
    event.setName(CaAuditConstants.NAME_PERF);
    event.addEventData(CaAuditConstants.NAME_reqType, RequestType.CMP.name());
    AuditLevel auditLevel = AuditLevel.INFO;
    AuditStatus auditStatus = AuditStatus.SUCCESSFUL;
    String auditMessage = null;
    try {
        String reqContentType = req.getHeader("Content-Type");
        if (!CT_REQUEST.equalsIgnoreCase(reqContentType)) {
            String message = "unsupported media type " + reqContentType;
            throw new HttpRespAuditException(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE, message, AuditLevel.INFO, AuditStatus.FAILED);
        }
        String caName = null;
        X509CaCmpResponder responder = null;
        String path = StringUtil.getRelativeRequestUri(req.getServletPath(), req.getRequestURI());
        if (path.length() > 1) {
            // skip the first char which is always '/'
            String caAlias = path.substring(1);
            caName = responderManager.getCaNameForAlias(caAlias);
            if (caName == null) {
                caName = caAlias.toLowerCase();
            }
            responder = responderManager.getX509CaResponder(caName);
        }
        if (caName == null || responder == null || !responder.isOnService()) {
            String message;
            if (caName == null) {
                message = "no CA is specified";
            } else if (responder == null) {
                message = "unknown CA '" + caName + "'";
            } else {
                message = "CA '" + caName + "' is out of service";
            }
            LOG.warn(message);
            throw new HttpRespAuditException(HttpServletResponse.SC_NOT_FOUND, message, AuditLevel.INFO, AuditStatus.FAILED);
        }
        event.addEventData(CaAuditConstants.NAME_ca, responder.getCaName());
        byte[] reqContent = IoUtil.read(req.getInputStream());
        PKIMessage pkiReq;
        try {
            pkiReq = PKIMessage.getInstance(reqContent);
        } catch (Exception ex) {
            LogUtil.error(LOG, ex, "could not parse the request (PKIMessage)");
            throw new HttpRespAuditException(HttpServletResponse.SC_BAD_REQUEST, "bad request", AuditLevel.INFO, AuditStatus.FAILED);
        }
        PKIMessage pkiResp = responder.processPkiMessage(pkiReq, clientCert, event);
        byte[] encodedPkiResp = pkiResp.getEncoded();
        resp.setContentType(CT_RESPONSE);
        resp.setContentLength(encodedPkiResp.length);
        resp.getOutputStream().write(encodedPkiResp);
    } catch (HttpRespAuditException ex) {
        auditStatus = ex.getAuditStatus();
        auditLevel = ex.getAuditLevel();
        auditMessage = ex.getAuditMessage();
        sendError(resp, ex.getHttpStatus());
    } catch (Throwable th) {
        if (th instanceof EOFException) {
            LogUtil.warn(LOG, th, "connection reset by peer");
        } else {
            LOG.error("Throwable thrown, this should not happen!", th);
        }
        auditLevel = AuditLevel.ERROR;
        auditStatus = AuditStatus.FAILED;
        auditMessage = "internal error";
        sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
    } finally {
        resp.flushBuffer();
        audit(auditService, event, auditLevel, auditStatus, auditMessage);
    }
}
Also used : PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage) AuditLevel(org.xipki.audit.AuditLevel) ResponderManager(org.xipki.ca.server.api.ResponderManager) X509Certificate(java.security.cert.X509Certificate) Date(java.util.Date) ServletException(javax.servlet.ServletException) IOException(java.io.IOException) EOFException(java.io.EOFException) AuditStatus(org.xipki.audit.AuditStatus) X509CaCmpResponder(org.xipki.ca.server.api.X509CaCmpResponder) EOFException(java.io.EOFException) AuditEvent(org.xipki.audit.AuditEvent) AuditServiceRegister(org.xipki.audit.AuditServiceRegister) AuditService(org.xipki.audit.AuditService)

Aggregations

EOFException (java.io.EOFException)4 X509CaCmpResponder (org.xipki.ca.server.api.X509CaCmpResponder)4 HttpMethod (io.netty.handler.codec.http.HttpMethod)2 HttpVersion (io.netty.handler.codec.http.HttpVersion)2 X509Certificate (java.security.cert.X509Certificate)2 Date (java.util.Date)2 PKIMessage (org.bouncycastle.asn1.cmp.PKIMessage)2 AuditEvent (org.xipki.audit.AuditEvent)2 AuditLevel (org.xipki.audit.AuditLevel)2 AuditService (org.xipki.audit.AuditService)2 AuditStatus (org.xipki.audit.AuditStatus)2 ResponderManager (org.xipki.ca.server.api.ResponderManager)2 HealthCheckResult (org.xipki.common.HealthCheckResult)2 HttpResponseStatus (io.netty.handler.codec.http.HttpResponseStatus)1 IOException (java.io.IOException)1 ServletException (javax.servlet.ServletException)1 AuditServiceRegister (org.xipki.audit.AuditServiceRegister)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial