Search in sources :

Example 1 with OcspServer

use of org.xipki.ocsp.api.OcspServer in project xipki by xipki.

the class HealthCheckServlet method doGet.

@Override
protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
    resp.setHeader("Access-Control-Allow-Origin", "*");
    OcspServer server = ServletHelper.getServer();
    if (server == null) {
        LOG.error("ServletHelper.server not configured");
        resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        resp.setContentLength(0);
        return;
    }
    try {
        String path = StringUtil.getRelativeRequestUri(req.getServletPath(), req.getRequestURI());
        ResponderAndPath responderAndPath = server.getResponderForPath(path);
        if (responderAndPath == null) {
            resp.setStatus(HttpServletResponse.SC_NOT_FOUND);
            resp.setContentLength(0);
            return;
        }
        HealthCheckResult healthResult = server.healthCheck(responderAndPath.getResponder());
        int status = healthResult.isHealthy() ? HttpServletResponse.SC_OK : HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
        byte[] respBytes = healthResult.toJsonMessage(true).getBytes();
        resp.setStatus(status);
        resp.setContentType(HealthCheckServlet.CT_RESPONSE);
        resp.setContentLength(respBytes.length);
        resp.getOutputStream().write(respBytes);
    } catch (Throwable th) {
        if (th instanceof EOFException) {
            LogUtil.warn(LOG, th, "connection reset by peer");
        } else {
            LOG.error("Throwable thrown, this should not happen", th);
        }
        resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        resp.setContentLength(0);
    } finally {
        resp.flushBuffer();
    }
}
Also used : EOFException(java.io.EOFException) HealthCheckResult(org.xipki.common.HealthCheckResult) ResponderAndPath(org.xipki.ocsp.api.ResponderAndPath) OcspServer(org.xipki.ocsp.api.OcspServer)

Example 2 with OcspServer

use of org.xipki.ocsp.api.OcspServer in project xipki by xipki.

the class HttpOcspServlet method doGet.

// method servicePost
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    OcspServer server = ServletHelper.getServer();
    if (server == null) {
        LOG.error("server in servlet not configured");
        sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        return;
    }
    String path = StringUtil.getRelativeRequestUri(req.getServletPath(), req.getRequestURI());
    ResponderAndPath responderAndPath = server.getResponderForPath(path);
    if (responderAndPath == null) {
        sendError(resp, HttpServletResponse.SC_NOT_FOUND);
        return;
    }
    String servletPath = responderAndPath.getServletPath();
    Responder responder = responderAndPath.getResponder();
    if (!responder.supportsHttpGet()) {
        sendError(resp, HttpServletResponse.SC_METHOD_NOT_ALLOWED);
        return;
    }
    String b64OcspReq;
    int offset = servletPath.length();
    // GET URI contains the request and must be much longer than 10.
    if (path.length() - offset > 10) {
        if (path.charAt(offset) == '/') {
            offset++;
        }
        b64OcspReq = path.substring(offset);
    } else {
        sendError(resp, HttpServletResponse.SC_BAD_REQUEST);
        return;
    }
    try {
        // POST, we support GET for longer requests anyway.
        if (b64OcspReq.length() > responder.getMaxRequestSize()) {
            sendError(resp, HttpServletResponse.SC_REQUEST_ENTITY_TOO_LARGE);
            return;
        }
        OcspRespWithCacheInfo ocspRespWithCacheInfo = server.answer(responder, Base64.decode(b64OcspReq), true);
        if (ocspRespWithCacheInfo == null || ocspRespWithCacheInfo.getResponse() == null) {
            sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
            return;
        }
        byte[] encodedOcspResp = ocspRespWithCacheInfo.getResponse();
        OcspRespWithCacheInfo.ResponseCacheInfo cacheInfo = ocspRespWithCacheInfo.getCacheInfo();
        if (cacheInfo != null) {
            encodedOcspResp = ocspRespWithCacheInfo.getResponse();
            long now = System.currentTimeMillis();
            // RFC 5019 6.2: Date: The date and time at which the OCSP server generated
            // the HTTP response.
            resp.addDateHeader("Date", now);
            // RFC 5019 6.2: Last-Modified: date and time at which the OCSP responder
            // last modified the response.
            resp.addDateHeader("Last-Modified", cacheInfo.getThisUpdate());
            // This is overridden by max-age on HTTP/1.1 compatible components
            if (cacheInfo.getNextUpdate() != null) {
                resp.addDateHeader("Expires", cacheInfo.getNextUpdate());
            }
            // RFC 5019 6.2: This profile RECOMMENDS that the ETag value be the ASCII
            // HEX representation of the SHA1 hash of the OCSPResponse structure.
            resp.addHeader("ETag", StringUtil.concat("\\", HashAlgo.SHA1.hexHash(encodedOcspResp), "\\"));
            // Max age must be in seconds in the cache-control header
            long maxAge;
            if (responder.getCacheMaxAge() != null) {
                maxAge = responder.getCacheMaxAge().longValue();
            } else {
                maxAge = DFLT_CACHE_MAX_AGE;
            }
            if (cacheInfo.getNextUpdate() != null) {
                maxAge = Math.min(maxAge, (cacheInfo.getNextUpdate() - cacheInfo.getThisUpdate()) / 1000);
            }
            resp.addHeader("Cache-Control", StringUtil.concat("max-age=", Long.toString(maxAge), ",public,no-transform,must-revalidate"));
        }
        // end if (ocspRespWithCacheInfo)
        resp.setContentLength(encodedOcspResp.length);
        resp.setContentType(CT_RESPONSE);
        resp.getOutputStream().write(encodedOcspResp);
    } catch (Throwable th) {
        if (th instanceof EOFException) {
            LogUtil.warn(LOG, th, "Connection reset by peer");
        } else {
            LOG.error("Throwable thrown, this should not happen!", th);
        }
        sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
    } finally {
        resp.flushBuffer();
    }
}
Also used : OcspRespWithCacheInfo(org.xipki.ocsp.api.OcspRespWithCacheInfo) EOFException(java.io.EOFException) ResponderAndPath(org.xipki.ocsp.api.ResponderAndPath) OcspServer(org.xipki.ocsp.api.OcspServer) Responder(org.xipki.ocsp.api.Responder)

Example 3 with OcspServer

use of org.xipki.ocsp.api.OcspServer in project xipki by xipki.

the class HttpOcspServlet method doPost.

@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    OcspServer server = ServletHelper.getServer();
    try {
        if (server == null) {
            LOG.error("ServletHelper.server not configured");
            sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
            return;
        }
        String path = StringUtil.getRelativeRequestUri(req.getServletPath(), req.getRequestURI());
        ResponderAndPath responderAndPath = server.getResponderForPath(path);
        if (responderAndPath == null) {
            sendError(resp, HttpServletResponse.SC_NOT_FOUND);
            return;
        }
        // accept only "application/ocsp-request" as content type
        String reqContentType = req.getHeader("Content-Type");
        if (!CT_REQUEST.equalsIgnoreCase(reqContentType)) {
            sendError(resp, HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE);
            return;
        }
        Responder responder = responderAndPath.getResponder();
        byte[] reqContent = IoUtil.read(req.getInputStream());
        // request too long
        if (reqContent.length > responder.getMaxRequestSize()) {
            sendError(resp, HttpServletResponse.SC_REQUEST_ENTITY_TOO_LARGE);
            return;
        }
        OcspRespWithCacheInfo ocspRespWithCacheInfo = server.answer(responder, reqContent, false);
        if (ocspRespWithCacheInfo == null || ocspRespWithCacheInfo.getResponse() == null) {
            LOG.error("processRequest returned null, this should not happen");
            sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        }
        byte[] encodedOcspResp = ocspRespWithCacheInfo.getResponse();
        resp.setStatus(HttpServletResponse.SC_OK);
        resp.setContentType(CT_RESPONSE);
        resp.setContentLength(encodedOcspResp.length);
        resp.getOutputStream().write(encodedOcspResp);
    } catch (Throwable th) {
        if (th instanceof EOFException) {
            LogUtil.warn(LOG, th, "Connection reset by peer");
        } else {
            LOG.error("Throwable thrown, this should not happen!", th);
        }
        sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
    } finally {
        resp.flushBuffer();
    }
}
Also used : OcspRespWithCacheInfo(org.xipki.ocsp.api.OcspRespWithCacheInfo) EOFException(java.io.EOFException) ResponderAndPath(org.xipki.ocsp.api.ResponderAndPath) OcspServer(org.xipki.ocsp.api.OcspServer) Responder(org.xipki.ocsp.api.Responder)

Aggregations

EOFException (java.io.EOFException)3 OcspServer (org.xipki.ocsp.api.OcspServer)3 ResponderAndPath (org.xipki.ocsp.api.ResponderAndPath)3 OcspRespWithCacheInfo (org.xipki.ocsp.api.OcspRespWithCacheInfo)2 Responder (org.xipki.ocsp.api.Responder)2 HealthCheckResult (org.xipki.common.HealthCheckResult)1