version 1.43, 2004/12/07 22:45:05
|
version 1.44, 2004/12/08 23:07:10
|
|
|
(String::equal(httpMessage->authInfo->getAuthType(), AuthenticationInfoRep::AUTH_TYPE_SSL)) && | (String::equal(httpMessage->authInfo->getAuthType(), AuthenticationInfoRep::AUTH_TYPE_SSL)) && |
HTTPMessage::lookupHeader(headers, "CIMOperation", cimOperation, true)) | HTTPMessage::lookupHeader(headers, "CIMOperation", cimOperation, true)) |
{ | { |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "HTTPAuthDelegator was authenticated via SSL"); |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL3, "Client was authenticated via trusted SSL certificate."); |
| |
//PEP187 | //PEP187 |
String trustStore = configManager->getCurrentValue("sslTrustStore"); | String trustStore = configManager->getCurrentValue("sslTrustStore"); |
|
|
| |
if (!clientCertificate) | if (!clientCertificate) |
{ | { |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "HTTPAuthDelegator auth error"); |
MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.BAD_CERTIFICATE", |
MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.AUTHORIZATION_ERROR","Authorization error"); |
"The certificate used for authentication is not valid."); |
String msg(MessageLoader::getMessage(msgParms)); | String msg(MessageLoader::getMessage(msgParms)); |
_sendHttpError(queueId, | _sendHttpError(queueId, |
HTTP_STATUS_BADREQUEST, |
HTTP_STATUS_UNAUTHORIZED, |
String::EMPTY, | String::EMPTY, |
msg); | msg); |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
|
|
PEGASUS_CLASSNAME_CERTIFICATE, | PEGASUS_CLASSNAME_CERTIFICATE, |
keyBindings); | keyBindings); |
| |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "Certificate COP: " + cimObjectPath.toString()); |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "Client Certificate COP: " + cimObjectPath.toString()); |
| |
CIMInstance cimInstance; | CIMInstance cimInstance; |
CIMValue value; | CIMValue value; |
|
|
try | try |
{ | { |
cimInstance = _repository->getInstance(PEGASUS_NAMESPACENAME_CERTIFICATE, cimObjectPath); | cimInstance = _repository->getInstance(PEGASUS_NAMESPACENAME_CERTIFICATE, cimObjectPath); |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "HTTPAuthDelegator gotciminstance"); |
|
| |
} catch (CIMException& e) | } catch (CIMException& e) |
{ | { |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "The certificate used for authentication cannot be located in the repository."); |
//this scenario can occur if a certificate cached on the server was deleted |
MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.BAD_CERTIFICATE","The certificate used for authentication cannot be located in the repository."); |
//openssl would not pick up the deletion but we would pick it up here when we went to look it up |
|
//in the repository |
|
Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::TRACE, |
|
"HTTPAuthenticatorDelegator - Bailing, the certificate used for authentication is not valid."); |
|
MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.BAD_CERTIFICATE", |
|
"The certificate used for authentication is not valid."); |
String msg(MessageLoader::getMessage(msgParms)); | String msg(MessageLoader::getMessage(msgParms)); |
|
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL3, msg); |
_sendHttpError(queueId, | _sendHttpError(queueId, |
HTTP_STATUS_BADREQUEST, |
HTTP_STATUS_UNAUTHORIZED, |
String::EMPTY, | String::EMPTY, |
msg); | msg); |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
|
|
value.get(userName); | value.get(userName); |
httpMessage->authInfo->setAuthenticatedUser(userName); | httpMessage->authInfo->setAuthenticatedUser(userName); |
| |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "User name for certificate is " + userName); |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL3, "User name for certificate is " + userName); |
Logger::put(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, | Logger::put(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, |
"HTTPAuthenticatorDelegator - Setting the trusted client certificate to $0", userName); |
"HTTPAuthenticatorDelegator - The trusted client certificate is registered to $0.", userName); |
} else | } else |
{ | { |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "No username associated with certificate."); |
Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::TRACE, |
Logger::put(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, |
"HTTPAuthenticatorDelegator - Bailing, no username is registered to this certificate."); |
"No username associated with certificate."); |
MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.BAD_CERTIFICATE_USERNAME", |
MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.AUTHORIZATION_ERROR","No username associated with certificate."); |
"No username is registered to this certificate."); |
String msg(MessageLoader::getMessage(msgParms)); | String msg(MessageLoader::getMessage(msgParms)); |
|
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL3, msg); |
_sendHttpError(queueId, | _sendHttpError(queueId, |
HTTP_STATUS_BADREQUEST, |
HTTP_STATUS_UNAUTHORIZED, |
String::EMPTY, | String::EMPTY, |
msg); | msg); |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
|
|
//user was already verified as a valid system user during server startup | //user was already verified as a valid system user during server startup |
String trustStoreUserName = configManager->getCurrentValue("sslTrustStoreUserName"); | String trustStoreUserName = configManager->getCurrentValue("sslTrustStoreUserName"); |
httpMessage->authInfo->setAuthenticatedUser(trustStoreUserName); | httpMessage->authInfo->setAuthenticatedUser(trustStoreUserName); |
|
|
|
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL3, "User name for certificate is " + trustStoreUserName); |
|
Logger::put(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, |
|
"HTTPAuthenticatorDelegator - The trusted client certificate is registered to $0.", trustStoreUserName); |
|
|
} | } |
} | } |
| |