Search in sources :

Example 1 with Responder

use of org.xipki.ocsp.api.Responder in project xipki by xipki.

the class HttpOcspServlet method servicePost.

private FullHttpResponse servicePost(FullHttpRequest request, ServletURI servletUri, SSLSession sslSession, SslReverseProxyMode sslReverseProxyMode) throws Exception {
    HttpVersion version = request.protocolVersion();
    ResponderAndPath responderAndPath = server.getResponderForPath(servletUri.getPath());
    if (responderAndPath == null) {
        return createErrorResponse(version, HttpResponseStatus.NOT_FOUND);
    }
    try {
        // accept only "application/ocsp-request" as content type
        String reqContentType = request.headers().get("Content-Type");
        if (!CT_REQUEST.equalsIgnoreCase(reqContentType)) {
            return createErrorResponse(version, HttpResponseStatus.UNSUPPORTED_MEDIA_TYPE);
        }
        Responder responder = responderAndPath.getResponder();
        int contentLen = request.content().readableBytes();
        // request too long
        if (contentLen > responder.getMaxRequestSize()) {
            return createErrorResponse(version, HttpResponseStatus.REQUEST_ENTITY_TOO_LARGE);
        }
        OcspRespWithCacheInfo ocspRespWithCacheInfo = server.answer(responder, readContent(request), false);
        if (ocspRespWithCacheInfo == null || ocspRespWithCacheInfo.getResponse() == null) {
            LOG.error("processRequest returned null, this should not happen");
            return createErrorResponse(version, HttpResponseStatus.INTERNAL_SERVER_ERROR);
        }
        byte[] encodedOcspResp = ocspRespWithCacheInfo.getResponse();
        return createOKResponse(version, CT_RESPONSE, encodedOcspResp);
    } catch (Throwable th) {
        if (th instanceof EOFException) {
            LogUtil.warn(LOG, th, "Connection reset by peer");
        } else {
            LOG.error("Throwable thrown, this should not happen!", th);
        }
        return createErrorResponse(version, HttpResponseStatus.INTERNAL_SERVER_ERROR);
    }
// end external try
}
Also used : OcspRespWithCacheInfo(org.xipki.ocsp.api.OcspRespWithCacheInfo) EOFException(java.io.EOFException) ResponderAndPath(org.xipki.ocsp.api.ResponderAndPath) HttpVersion(io.netty.handler.codec.http.HttpVersion) Responder(org.xipki.ocsp.api.Responder)

Example 2 with Responder

use of org.xipki.ocsp.api.Responder in project xipki by xipki.

the class HttpOcspServlet method serviceGet.

// method servicePost
private FullHttpResponse serviceGet(FullHttpRequest request, ServletURI servletUri, SSLSession sslSession, SslReverseProxyMode sslReverseProxyMode) throws Exception {
    HttpVersion version = request.protocolVersion();
    ResponderAndPath responderAndPath = server.getResponderForPath(servletUri.getPath());
    if (responderAndPath == null) {
        return createErrorResponse(version, HttpResponseStatus.NOT_FOUND);
    }
    String path = servletUri.getPath();
    String servletPath = responderAndPath.getServletPath();
    Responder responder = responderAndPath.getResponder();
    if (!responder.supportsHttpGet()) {
        return createErrorResponse(version, HttpResponseStatus.METHOD_NOT_ALLOWED);
    }
    String b64OcspReq;
    int offset = servletPath.length();
    // GET URI contains the request and must be much longer than 10.
    if (path.length() - offset > 10) {
        if (path.charAt(offset) == '/') {
            offset++;
        }
        b64OcspReq = servletUri.getPath().substring(offset);
    } else {
        return createErrorResponse(version, HttpResponseStatus.BAD_REQUEST);
    }
    try {
        // POST, we support GET for longer requests anyway.
        if (b64OcspReq.length() > responder.getMaxRequestSize()) {
            return createErrorResponse(version, HttpResponseStatus.REQUEST_ENTITY_TOO_LARGE);
        }
        OcspRespWithCacheInfo ocspRespWithCacheInfo = server.answer(responder, Base64.decode(b64OcspReq), true);
        if (ocspRespWithCacheInfo == null || ocspRespWithCacheInfo.getResponse() == null) {
            return createErrorResponse(version, HttpResponseStatus.INTERNAL_SERVER_ERROR);
        }
        byte[] encodedOcspResp = ocspRespWithCacheInfo.getResponse();
        FullHttpResponse response = createOKResponse(version, CT_RESPONSE, encodedOcspResp);
        OcspRespWithCacheInfo.ResponseCacheInfo cacheInfo = ocspRespWithCacheInfo.getCacheInfo();
        if (cacheInfo != null) {
            encodedOcspResp = ocspRespWithCacheInfo.getResponse();
            HttpHeaders headers = response.headers();
            // RFC 5019 6.2: Date: The date and time at which the OCSP server generated
            // the HTTP response.
            headers.add("Date", new Date());
            // RFC 5019 6.2: Last-Modified: date and time at which the OCSP responder
            // last modified the response.
            headers.add("Last-Modified", new Date(cacheInfo.getThisUpdate()));
            // This is overridden by max-age on HTTP/1.1 compatible components
            if (cacheInfo.getNextUpdate() != null) {
                headers.add("Expires", new Date(cacheInfo.getNextUpdate()));
            }
            // RFC 5019 6.2: This profile RECOMMENDS that the ETag value be the ASCII
            // HEX representation of the SHA1 hash of the OCSPResponse structure.
            headers.add("ETag", StringUtil.concat("\\", HashAlgo.SHA1.hexHash(encodedOcspResp), "\\"));
            // Max age must be in seconds in the cache-control header
            long maxAge;
            if (responder.getCacheMaxAge() != null) {
                maxAge = responder.getCacheMaxAge().longValue();
            } else {
                maxAge = DFLT_CACHE_MAX_AGE;
            }
            if (cacheInfo.getNextUpdate() != null) {
                maxAge = Math.min(maxAge, (cacheInfo.getNextUpdate() - cacheInfo.getThisUpdate()) / 1000);
            }
            headers.add("Cache-Control", StringUtil.concat("max-age=", Long.toString(maxAge), ",public,no-transform,must-revalidate"));
        }
        return response;
    } catch (Throwable th) {
        if (th instanceof EOFException) {
            LogUtil.warn(LOG, th, "Connection reset by peer");
        } else {
            LOG.error("Throwable thrown, this should not happen!", th);
        }
        return createErrorResponse(version, HttpResponseStatus.INTERNAL_SERVER_ERROR);
    }
// end external try
}
Also used : HttpHeaders(io.netty.handler.codec.http.HttpHeaders) ResponderAndPath(org.xipki.ocsp.api.ResponderAndPath) Date(java.util.Date) OcspRespWithCacheInfo(org.xipki.ocsp.api.OcspRespWithCacheInfo) EOFException(java.io.EOFException) FullHttpResponse(io.netty.handler.codec.http.FullHttpResponse) HttpVersion(io.netty.handler.codec.http.HttpVersion) Responder(org.xipki.ocsp.api.Responder)

Example 3 with Responder

use of org.xipki.ocsp.api.Responder in project xipki by xipki.

the class HttpOcspServlet method doGet.

// method servicePost
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    OcspServer server = ServletHelper.getServer();
    if (server == null) {
        LOG.error("server in servlet not configured");
        sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        return;
    }
    String path = StringUtil.getRelativeRequestUri(req.getServletPath(), req.getRequestURI());
    ResponderAndPath responderAndPath = server.getResponderForPath(path);
    if (responderAndPath == null) {
        sendError(resp, HttpServletResponse.SC_NOT_FOUND);
        return;
    }
    String servletPath = responderAndPath.getServletPath();
    Responder responder = responderAndPath.getResponder();
    if (!responder.supportsHttpGet()) {
        sendError(resp, HttpServletResponse.SC_METHOD_NOT_ALLOWED);
        return;
    }
    String b64OcspReq;
    int offset = servletPath.length();
    // GET URI contains the request and must be much longer than 10.
    if (path.length() - offset > 10) {
        if (path.charAt(offset) == '/') {
            offset++;
        }
        b64OcspReq = path.substring(offset);
    } else {
        sendError(resp, HttpServletResponse.SC_BAD_REQUEST);
        return;
    }
    try {
        // POST, we support GET for longer requests anyway.
        if (b64OcspReq.length() > responder.getMaxRequestSize()) {
            sendError(resp, HttpServletResponse.SC_REQUEST_ENTITY_TOO_LARGE);
            return;
        }
        OcspRespWithCacheInfo ocspRespWithCacheInfo = server.answer(responder, Base64.decode(b64OcspReq), true);
        if (ocspRespWithCacheInfo == null || ocspRespWithCacheInfo.getResponse() == null) {
            sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
            return;
        }
        byte[] encodedOcspResp = ocspRespWithCacheInfo.getResponse();
        OcspRespWithCacheInfo.ResponseCacheInfo cacheInfo = ocspRespWithCacheInfo.getCacheInfo();
        if (cacheInfo != null) {
            encodedOcspResp = ocspRespWithCacheInfo.getResponse();
            long now = System.currentTimeMillis();
            // RFC 5019 6.2: Date: The date and time at which the OCSP server generated
            // the HTTP response.
            resp.addDateHeader("Date", now);
            // RFC 5019 6.2: Last-Modified: date and time at which the OCSP responder
            // last modified the response.
            resp.addDateHeader("Last-Modified", cacheInfo.getThisUpdate());
            // This is overridden by max-age on HTTP/1.1 compatible components
            if (cacheInfo.getNextUpdate() != null) {
                resp.addDateHeader("Expires", cacheInfo.getNextUpdate());
            }
            // RFC 5019 6.2: This profile RECOMMENDS that the ETag value be the ASCII
            // HEX representation of the SHA1 hash of the OCSPResponse structure.
            resp.addHeader("ETag", StringUtil.concat("\\", HashAlgo.SHA1.hexHash(encodedOcspResp), "\\"));
            // Max age must be in seconds in the cache-control header
            long maxAge;
            if (responder.getCacheMaxAge() != null) {
                maxAge = responder.getCacheMaxAge().longValue();
            } else {
                maxAge = DFLT_CACHE_MAX_AGE;
            }
            if (cacheInfo.getNextUpdate() != null) {
                maxAge = Math.min(maxAge, (cacheInfo.getNextUpdate() - cacheInfo.getThisUpdate()) / 1000);
            }
            resp.addHeader("Cache-Control", StringUtil.concat("max-age=", Long.toString(maxAge), ",public,no-transform,must-revalidate"));
        }
        // end if (ocspRespWithCacheInfo)
        resp.setContentLength(encodedOcspResp.length);
        resp.setContentType(CT_RESPONSE);
        resp.getOutputStream().write(encodedOcspResp);
    } catch (Throwable th) {
        if (th instanceof EOFException) {
            LogUtil.warn(LOG, th, "Connection reset by peer");
        } else {
            LOG.error("Throwable thrown, this should not happen!", th);
        }
        sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
    } finally {
        resp.flushBuffer();
    }
}
Also used : OcspRespWithCacheInfo(org.xipki.ocsp.api.OcspRespWithCacheInfo) EOFException(java.io.EOFException) ResponderAndPath(org.xipki.ocsp.api.ResponderAndPath) OcspServer(org.xipki.ocsp.api.OcspServer) Responder(org.xipki.ocsp.api.Responder)

Example 4 with Responder

use of org.xipki.ocsp.api.Responder in project xipki by xipki.

the class HttpOcspServlet method doPost.

@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    OcspServer server = ServletHelper.getServer();
    try {
        if (server == null) {
            LOG.error("ServletHelper.server not configured");
            sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
            return;
        }
        String path = StringUtil.getRelativeRequestUri(req.getServletPath(), req.getRequestURI());
        ResponderAndPath responderAndPath = server.getResponderForPath(path);
        if (responderAndPath == null) {
            sendError(resp, HttpServletResponse.SC_NOT_FOUND);
            return;
        }
        // accept only "application/ocsp-request" as content type
        String reqContentType = req.getHeader("Content-Type");
        if (!CT_REQUEST.equalsIgnoreCase(reqContentType)) {
            sendError(resp, HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE);
            return;
        }
        Responder responder = responderAndPath.getResponder();
        byte[] reqContent = IoUtil.read(req.getInputStream());
        // request too long
        if (reqContent.length > responder.getMaxRequestSize()) {
            sendError(resp, HttpServletResponse.SC_REQUEST_ENTITY_TOO_LARGE);
            return;
        }
        OcspRespWithCacheInfo ocspRespWithCacheInfo = server.answer(responder, reqContent, false);
        if (ocspRespWithCacheInfo == null || ocspRespWithCacheInfo.getResponse() == null) {
            LOG.error("processRequest returned null, this should not happen");
            sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        }
        byte[] encodedOcspResp = ocspRespWithCacheInfo.getResponse();
        resp.setStatus(HttpServletResponse.SC_OK);
        resp.setContentType(CT_RESPONSE);
        resp.setContentLength(encodedOcspResp.length);
        resp.getOutputStream().write(encodedOcspResp);
    } catch (Throwable th) {
        if (th instanceof EOFException) {
            LogUtil.warn(LOG, th, "Connection reset by peer");
        } else {
            LOG.error("Throwable thrown, this should not happen!", th);
        }
        sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
    } finally {
        resp.flushBuffer();
    }
}
Also used : OcspRespWithCacheInfo(org.xipki.ocsp.api.OcspRespWithCacheInfo) EOFException(java.io.EOFException) ResponderAndPath(org.xipki.ocsp.api.ResponderAndPath) OcspServer(org.xipki.ocsp.api.OcspServer) Responder(org.xipki.ocsp.api.Responder)

Aggregations

EOFException (java.io.EOFException)4 OcspRespWithCacheInfo (org.xipki.ocsp.api.OcspRespWithCacheInfo)4 Responder (org.xipki.ocsp.api.Responder)4 ResponderAndPath (org.xipki.ocsp.api.ResponderAndPath)4 HttpVersion (io.netty.handler.codec.http.HttpVersion)2 OcspServer (org.xipki.ocsp.api.OcspServer)2 FullHttpResponse (io.netty.handler.codec.http.FullHttpResponse)1 HttpHeaders (io.netty.handler.codec.http.HttpHeaders)1 Date (java.util.Date)1