|
version 1.43, 2004/12/07 22:45:05
|
version 1.44, 2004/12/08 23:07:10
|
|
|
|
| (String::equal(httpMessage->authInfo->getAuthType(), AuthenticationInfoRep::AUTH_TYPE_SSL)) && | (String::equal(httpMessage->authInfo->getAuthType(), AuthenticationInfoRep::AUTH_TYPE_SSL)) && |
| HTTPMessage::lookupHeader(headers, "CIMOperation", cimOperation, true)) | HTTPMessage::lookupHeader(headers, "CIMOperation", cimOperation, true)) |
| { | { |
| PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "HTTPAuthDelegator was authenticated via SSL"); |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL3, "Client was authenticated via trusted SSL certificate."); |
| | |
| //PEP187 | //PEP187 |
| String trustStore = configManager->getCurrentValue("sslTrustStore"); | String trustStore = configManager->getCurrentValue("sslTrustStore"); |
|
|
|
| | |
| if (!clientCertificate) | if (!clientCertificate) |
| { | { |
| PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "HTTPAuthDelegator auth error"); |
MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.BAD_CERTIFICATE", |
| MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.AUTHORIZATION_ERROR","Authorization error"); |
"The certificate used for authentication is not valid."); |
| String msg(MessageLoader::getMessage(msgParms)); | String msg(MessageLoader::getMessage(msgParms)); |
| _sendHttpError(queueId, | _sendHttpError(queueId, |
| HTTP_STATUS_BADREQUEST, |
HTTP_STATUS_UNAUTHORIZED, |
| String::EMPTY, | String::EMPTY, |
| msg); | msg); |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
|
|
|
| PEGASUS_CLASSNAME_CERTIFICATE, | PEGASUS_CLASSNAME_CERTIFICATE, |
| keyBindings); | keyBindings); |
| | |
| PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "Certificate COP: " + cimObjectPath.toString()); |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "Client Certificate COP: " + cimObjectPath.toString()); |
| | |
| CIMInstance cimInstance; | CIMInstance cimInstance; |
| CIMValue value; | CIMValue value; |
|
|
|
| try | try |
| { | { |
| cimInstance = _repository->getInstance(PEGASUS_NAMESPACENAME_CERTIFICATE, cimObjectPath); | cimInstance = _repository->getInstance(PEGASUS_NAMESPACENAME_CERTIFICATE, cimObjectPath); |
| PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "HTTPAuthDelegator gotciminstance"); |
|
| | |
| } catch (CIMException& e) | } catch (CIMException& e) |
| { | { |
| PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "The certificate used for authentication cannot be located in the repository."); |
//this scenario can occur if a certificate cached on the server was deleted |
| MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.BAD_CERTIFICATE","The certificate used for authentication cannot be located in the repository."); |
//openssl would not pick up the deletion but we would pick it up here when we went to look it up |
| |
//in the repository |
| |
Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::TRACE, |
| |
"HTTPAuthenticatorDelegator - Bailing, the certificate used for authentication is not valid."); |
| |
MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.BAD_CERTIFICATE", |
| |
"The certificate used for authentication is not valid."); |
| String msg(MessageLoader::getMessage(msgParms)); | String msg(MessageLoader::getMessage(msgParms)); |
| |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL3, msg); |
| _sendHttpError(queueId, | _sendHttpError(queueId, |
| HTTP_STATUS_BADREQUEST, |
HTTP_STATUS_UNAUTHORIZED, |
| String::EMPTY, | String::EMPTY, |
| msg); | msg); |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
|
|
|
| value.get(userName); | value.get(userName); |
| httpMessage->authInfo->setAuthenticatedUser(userName); | httpMessage->authInfo->setAuthenticatedUser(userName); |
| | |
| PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "User name for certificate is " + userName); |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL3, "User name for certificate is " + userName); |
| Logger::put(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, | Logger::put(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, |
| "HTTPAuthenticatorDelegator - Setting the trusted client certificate to $0", userName); |
"HTTPAuthenticatorDelegator - The trusted client certificate is registered to $0.", userName); |
| } else | } else |
| { | { |
| PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "No username associated with certificate."); |
Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::TRACE, |
| Logger::put(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, |
"HTTPAuthenticatorDelegator - Bailing, no username is registered to this certificate."); |
| "No username associated with certificate."); |
MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.BAD_CERTIFICATE_USERNAME", |
| MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.AUTHORIZATION_ERROR","No username associated with certificate."); |
"No username is registered to this certificate."); |
| String msg(MessageLoader::getMessage(msgParms)); | String msg(MessageLoader::getMessage(msgParms)); |
| |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL3, msg); |
| _sendHttpError(queueId, | _sendHttpError(queueId, |
| HTTP_STATUS_BADREQUEST, |
HTTP_STATUS_UNAUTHORIZED, |
| String::EMPTY, | String::EMPTY, |
| msg); | msg); |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
|
|
|
| //user was already verified as a valid system user during server startup | //user was already verified as a valid system user during server startup |
| String trustStoreUserName = configManager->getCurrentValue("sslTrustStoreUserName"); | String trustStoreUserName = configManager->getCurrentValue("sslTrustStoreUserName"); |
| httpMessage->authInfo->setAuthenticatedUser(trustStoreUserName); | httpMessage->authInfo->setAuthenticatedUser(trustStoreUserName); |
| |
|
| |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL3, "User name for certificate is " + trustStoreUserName); |
| |
Logger::put(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, |
| |
"HTTPAuthenticatorDelegator - The trusted client certificate is registered to $0.", trustStoreUserName); |
| |
|
| } | } |
| } | } |
| | |
Return to
HTTPAuthenticatorDelegator.cpp
CVS log
Up to [Pegasus] / pegasus / src / Pegasus / Server