Skip to content

Commit

Permalink
Move callback reference from CMS to CMSEngine
Browse files Browse the repository at this point in the history 
Socket callback moved to CMSEngine to avoid dependencies on global
variables.
  • Loading branch information
@fmarco76
fmarco76 committed Jul 31, 2023
1 parent 7ad255e commit 59b9851
Show file tree
Hide file tree
Showing 6 changed files with 21 additions and 21 deletions.
8 changes: 4 additions & 4 deletions base/ocsp/src/main/java/com/netscape/cms/ocsp/CRLLdapValidator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ public CRLLdapValidator(LDAPStore crlStore) {

@Override
public boolean approve(X509Certificate certificate, ValidityStatus currentStatus) {
logger.info("CRLLdapValidator: validate of peer's certificate for the connection " + certificate.getSubjectDN().toString());
logger.info("CRLLdapValidator: validate of peer's certificate for the connection " + certificate.getSubjectDN());
ICRLIssuingPointRecord pt = null;
try {
Enumeration<ICRLIssuingPointRecord> eCRL = crlStore.searchAllCRLIssuingPointRecord(-1);
Expand All @@ -55,11 +55,11 @@ public boolean approve(X509Certificate certificate, ValidityStatus currentStatus
}
}
} catch (EBaseException e) {
logger.error("CRLLdapValidator: problem find CRL issuing point for " + certificate.getIssuerDN().toString());
logger.error("CRLLdapValidator: problem find CRL issuing point. " + e.getMessage(), e);
return false;
}
if (pt == null) {
logger.error("CRLLdapValidator: CRL issuing point not found for " + certificate.getIssuerDN().toString());
logger.error("CRLLdapValidator: CRL issuing point not found for " + certificate.getIssuerDN());
return false;
}
try {
Expand All @@ -72,7 +72,7 @@ public boolean approve(X509Certificate certificate, ValidityStatus currentStatus
}
}
} catch (Exception e) {
logger.error("CRLLdapValidator: crl check error. " + e.getMessage());
logger.error("CRLLdapValidator: crl check error. " + e.getMessage(), e);
}
logger.info("CRLLdapValidator: peer certificate not valid");
return false;
Expand Down
2 changes: 1 addition & 1 deletion base/ocsp/src/main/java/com/netscape/cms/ocsp/LDAPStore.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -242,7 +242,7 @@ public void startup() throws EBaseException {
updater.start();
}
if(mCheckConnection) {
CMS.setApprovalCallbask(new CRLLdapValidator(this));
CMS.getCMSEngine().setApprovalCallback(new CRLLdapValidator(this));
}
}

Expand Down
6 changes: 3 additions & 3 deletions base/ocsp/src/main/java/org/dogtagpki/server/ocsp/OCSPEngine.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,11 +142,11 @@ public boolean isRevoked(X509Certificate[] certificates) {
}

for (X509Certificate cert: certificates) {
if(crlCertValid(crlStore, cert, null)) {
return false;
if(!crlCertValid(crlStore, cert, null)) {
return true;
}
}
return true;
return false;

}

Expand Down
11 changes: 0 additions & 11 deletions base/server/src/main/java/com/netscape/cmscore/apps/CMS.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,6 @@
import java.util.Locale;
import java.util.ResourceBundle;

import org.mozilla.jss.ssl.SSLCertificateApprovalCallback;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

Expand Down Expand Up @@ -54,8 +53,6 @@ public final class CMS {

private static CMSEngine engine;

private static SSLCertificateApprovalCallback approvalCallback;

public static CMSEngine getCMSEngine() {
return engine;
}
Expand All @@ -64,14 +61,6 @@ public static void setCMSEngine(CMSEngine engine) {
CMS.engine = engine;
}

public static SSLCertificateApprovalCallback getApprovalCallback() {
return approvalCallback;
}

public static void setApprovalCallbask(SSLCertificateApprovalCallback approvalCallback) {
CMS.approvalCallback = approvalCallback;
}

/**
* Return the product name from /usr/share/pki/CS_SERVER_VERSION
* which is provided by the server theme package.
Expand Down
11 changes: 11 additions & 0 deletions base/server/src/main/java/com/netscape/cmscore/apps/CMSEngine.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@
import org.mozilla.jss.crypto.SignatureAlgorithm;
import org.mozilla.jss.netscape.security.util.Cert;
import org.mozilla.jss.netscape.security.x509.X509CertImpl;
import org.mozilla.jss.ssl.SSLCertificateApprovalCallback;

import com.netscape.certsrv.authentication.ISharedToken;
import com.netscape.certsrv.base.EBaseException;
Expand Down Expand Up @@ -151,6 +152,8 @@ public class CMSEngine implements ServletContextListener {
protected LogSubsystem logSubsystem = LogSubsystem.getInstance();
protected JssSubsystem jssSubsystem = JssSubsystem.getInstance();
protected DBSubsystem dbSubsystem = new DBSubsystem();
protected SSLCertificateApprovalCallback approvalCallback;



protected RequestRepository requestRepository;
Expand Down Expand Up @@ -301,6 +304,14 @@ public void registerPendingListener(String name, IRequestListener listener) {
pendingNotifier.registerListener(name, listener);
}

public SSLCertificateApprovalCallback getApprovalCallback() {
return approvalCallback;
}

public void setApprovalCallback(SSLCertificateApprovalCallback approvalCallback) {
this.approvalCallback = approvalCallback;
}

public void loadConfig(String path) throws Exception {
ConfigStorage storage = new FileConfigStore(path);
config = createConfig(storage);
Expand Down
4 changes: 2 additions & 2 deletions base/server/src/main/java/com/netscape/cmscore/ldapconn/PKISocketFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,7 @@ public SSLSocket makeSSLSocket(String host, int port) throws UnknownHostExceptio
SSLSocket s;

if (mClientAuthCertNickname == null) {
s = new SSLSocket(host, port, null, 0, CMS.getApprovalCallback(), null);
s = new SSLSocket(host, port, null, 0, CMS.getCMSEngine().getApprovalCallback(), null);

} else {
// Let's create a selection callback in the case the client auth
Expand All @@ -161,7 +161,7 @@ public SSLSocket makeSSLSocket(String host, int port) throws UnknownHostExceptio

Socket js = new Socket(InetAddress.getByName(host), port);
s = new SSLSocket(js, host,
CMS.getApprovalCallback(),
CMS.getCMSEngine().getApprovalCallback(),
new SSLClientCertificateSelectionCB(mClientAuthCertNickname));
}

Expand Down

0 comments on commit 59b9851

Please sign in to comment.