Example 1 with OcspServer
use of org.xipki.ocsp.api.OcspServer in project xipki by xipki.
the class HealthCheckServlet method doGet.
@Override
protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
resp.setHeader("Access-Control-Allow-Origin", "*");
OcspServer server = ServletHelper.getServer();
if (server == null) {
LOG.error("ServletHelper.server not configured");
resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
resp.setContentLength(0);
return;
}
try {
String path = StringUtil.getRelativeRequestUri(req.getServletPath(), req.getRequestURI());
ResponderAndPath responderAndPath = server.getResponderForPath(path);
if (responderAndPath == null) {
resp.setStatus(HttpServletResponse.SC_NOT_FOUND);
resp.setContentLength(0);
return;
}
HealthCheckResult healthResult = server.healthCheck(responderAndPath.getResponder());
int status = healthResult.isHealthy() ? HttpServletResponse.SC_OK : HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
byte[] respBytes = healthResult.toJsonMessage(true).getBytes();
resp.setStatus(status);
resp.setContentType(HealthCheckServlet.CT_RESPONSE);
resp.setContentLength(respBytes.length);
resp.getOutputStream().write(respBytes);
} catch (Throwable th) {
if (th instanceof EOFException) {
LogUtil.warn(LOG, th, "connection reset by peer");
} else {
LOG.error("Throwable thrown, this should not happen", th);
}
resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
resp.setContentLength(0);
} finally {
resp.flushBuffer();
}
}
Also used :
EOFException(java.io.EOFException)
HealthCheckResult(org.xipki.common.HealthCheckResult)
ResponderAndPath(org.xipki.ocsp.api.ResponderAndPath)
OcspServer(org.xipki.ocsp.api.OcspServer)
Example 2 with OcspServer
use of org.xipki.ocsp.api.OcspServer in project xipki by xipki.
the class HttpOcspServlet method doGet.
// method servicePost
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
OcspServer server = ServletHelper.getServer();
if (server == null) {
LOG.error("server in servlet not configured");
sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return;
}
String path = StringUtil.getRelativeRequestUri(req.getServletPath(), req.getRequestURI());
ResponderAndPath responderAndPath = server.getResponderForPath(path);
if (responderAndPath == null) {
sendError(resp, HttpServletResponse.SC_NOT_FOUND);
return;
}
String servletPath = responderAndPath.getServletPath();
Responder responder = responderAndPath.getResponder();
if (!responder.supportsHttpGet()) {
sendError(resp, HttpServletResponse.SC_METHOD_NOT_ALLOWED);
return;
}
String b64OcspReq;
int offset = servletPath.length();
// GET URI contains the request and must be much longer than 10.
if (path.length() - offset > 10) {
if (path.charAt(offset) == '/') {
offset++;
}
b64OcspReq = path.substring(offset);
} else {
sendError(resp, HttpServletResponse.SC_BAD_REQUEST);
return;
}
try {
// POST, we support GET for longer requests anyway.
if (b64OcspReq.length() > responder.getMaxRequestSize()) {
sendError(resp, HttpServletResponse.SC_REQUEST_ENTITY_TOO_LARGE);
return;
}
OcspRespWithCacheInfo ocspRespWithCacheInfo = server.answer(responder, Base64.decode(b64OcspReq), true);
if (ocspRespWithCacheInfo == null || ocspRespWithCacheInfo.getResponse() == null) {
sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return;
}
byte[] encodedOcspResp = ocspRespWithCacheInfo.getResponse();
OcspRespWithCacheInfo.ResponseCacheInfo cacheInfo = ocspRespWithCacheInfo.getCacheInfo();
if (cacheInfo != null) {
encodedOcspResp = ocspRespWithCacheInfo.getResponse();
long now = System.currentTimeMillis();
// RFC 5019 6.2: Date: The date and time at which the OCSP server generated
// the HTTP response.
resp.addDateHeader("Date", now);
// RFC 5019 6.2: Last-Modified: date and time at which the OCSP responder
// last modified the response.
resp.addDateHeader("Last-Modified", cacheInfo.getThisUpdate());
// This is overridden by max-age on HTTP/1.1 compatible components
if (cacheInfo.getNextUpdate() != null) {
resp.addDateHeader("Expires", cacheInfo.getNextUpdate());
}
// RFC 5019 6.2: This profile RECOMMENDS that the ETag value be the ASCII
// HEX representation of the SHA1 hash of the OCSPResponse structure.
resp.addHeader("ETag", StringUtil.concat("\\", HashAlgo.SHA1.hexHash(encodedOcspResp), "\\"));
// Max age must be in seconds in the cache-control header
long maxAge;
if (responder.getCacheMaxAge() != null) {
maxAge = responder.getCacheMaxAge().longValue();
} else {
maxAge = DFLT_CACHE_MAX_AGE;
}
if (cacheInfo.getNextUpdate() != null) {
maxAge = Math.min(maxAge, (cacheInfo.getNextUpdate() - cacheInfo.getThisUpdate()) / 1000);
}
resp.addHeader("Cache-Control", StringUtil.concat("max-age=", Long.toString(maxAge), ",public,no-transform,must-revalidate"));
}
// end if (ocspRespWithCacheInfo)
resp.setContentLength(encodedOcspResp.length);
resp.setContentType(CT_RESPONSE);
resp.getOutputStream().write(encodedOcspResp);
} catch (Throwable th) {
if (th instanceof EOFException) {
LogUtil.warn(LOG, th, "Connection reset by peer");
} else {
LOG.error("Throwable thrown, this should not happen!", th);
}
sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
} finally {
resp.flushBuffer();
}
}
Also used :
OcspRespWithCacheInfo(org.xipki.ocsp.api.OcspRespWithCacheInfo)
EOFException(java.io.EOFException)
ResponderAndPath(org.xipki.ocsp.api.ResponderAndPath)
OcspServer(org.xipki.ocsp.api.OcspServer)
Responder(org.xipki.ocsp.api.Responder)
Example 3 with OcspServer
use of org.xipki.ocsp.api.OcspServer in project xipki by xipki.
the class HttpOcspServlet method doPost.
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
OcspServer server = ServletHelper.getServer();
try {
if (server == null) {
LOG.error("ServletHelper.server not configured");
sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return;
}
String path = StringUtil.getRelativeRequestUri(req.getServletPath(), req.getRequestURI());
ResponderAndPath responderAndPath = server.getResponderForPath(path);
if (responderAndPath == null) {
sendError(resp, HttpServletResponse.SC_NOT_FOUND);
return;
}
// accept only "application/ocsp-request" as content type
String reqContentType = req.getHeader("Content-Type");
if (!CT_REQUEST.equalsIgnoreCase(reqContentType)) {
sendError(resp, HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE);
return;
}
Responder responder = responderAndPath.getResponder();
byte[] reqContent = IoUtil.read(req.getInputStream());
// request too long
if (reqContent.length > responder.getMaxRequestSize()) {
sendError(resp, HttpServletResponse.SC_REQUEST_ENTITY_TOO_LARGE);
return;
}
OcspRespWithCacheInfo ocspRespWithCacheInfo = server.answer(responder, reqContent, false);
if (ocspRespWithCacheInfo == null || ocspRespWithCacheInfo.getResponse() == null) {
LOG.error("processRequest returned null, this should not happen");
sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
byte[] encodedOcspResp = ocspRespWithCacheInfo.getResponse();
resp.setStatus(HttpServletResponse.SC_OK);
resp.setContentType(CT_RESPONSE);
resp.setContentLength(encodedOcspResp.length);
resp.getOutputStream().write(encodedOcspResp);
} catch (Throwable th) {
if (th instanceof EOFException) {
LogUtil.warn(LOG, th, "Connection reset by peer");
} else {
LOG.error("Throwable thrown, this should not happen!", th);
}
sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
} finally {
resp.flushBuffer();
}
}
Also used :
OcspRespWithCacheInfo(org.xipki.ocsp.api.OcspRespWithCacheInfo)
EOFException(java.io.EOFException)
ResponderAndPath(org.xipki.ocsp.api.ResponderAndPath)
OcspServer(org.xipki.ocsp.api.OcspServer)
Responder(org.xipki.ocsp.api.Responder)
Aggregations
EOFException (java.io.EOFException)3
OcspServer (org.xipki.ocsp.api.OcspServer)3
ResponderAndPath (org.xipki.ocsp.api.ResponderAndPath)3
OcspRespWithCacheInfo (org.xipki.ocsp.api.OcspRespWithCacheInfo)2
Responder (org.xipki.ocsp.api.Responder)2
HealthCheckResult (org.xipki.common.HealthCheckResult)1
