From 747bf98090677e2bc3bcfa3bb70ca15c0a04e80e Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Tue, 7 Feb 2017 10:36:20 +1000 Subject: [PATCH 172/175] Allow arbitrary user data in cert request If a certificate request comes with additional data in the 'cert-request' query param, add that to the request. Profile components can then use this data. This is needed to convey the subject principal name to the ExternalProcessConstraint, when validating FreeIPA certificate requests after we switch to GSS-API authentication. Part of: https://pagure.io/dogtagpki/issue/1359 --- base/common/src/com/netscape/certsrv/profile/IEnrollProfile.java | 5 +++++ base/common/src/com/netscape/certsrv/request/IRequest.java | 5 +++++ .../cms/src/com/netscape/cms/profile/common/EnrollProfile.java | 3 +++ .../cms/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java | 5 +++++ 4 files changed, 18 insertions(+) diff --git a/base/common/src/com/netscape/certsrv/profile/IEnrollProfile.java b/base/common/src/com/netscape/certsrv/profile/IEnrollProfile.java index 12667120e3d87deecb786965b4abcef492ac556d..34543cb72aba426402bdf6dafe4e7b59f8a4b30e 100644 --- a/base/common/src/com/netscape/certsrv/profile/IEnrollProfile.java +++ b/base/common/src/com/netscape/certsrv/profile/IEnrollProfile.java @@ -180,6 +180,11 @@ public interface IEnrollProfile extends IProfile { public static final String REQUEST_AUTHORITY_ID = "req_authority_id"; /** + * Arbitrary user-supplied data. + */ + public static final String REQUEST_USER_DATA = "req_user_data"; + + /** * Set Default X509CertInfo in the request. * * @param request profile-based certificate request. diff --git a/base/common/src/com/netscape/certsrv/request/IRequest.java b/base/common/src/com/netscape/certsrv/request/IRequest.java index 29b1bbb879220a485388cb38af8a8c5508578752..d929ce24b03b9d712d1c9e3a200f3a57e840b440 100644 --- a/base/common/src/com/netscape/certsrv/request/IRequest.java +++ b/base/common/src/com/netscape/certsrv/request/IRequest.java @@ -96,6 +96,11 @@ public interface IRequest extends Serializable { */ public static final String AUTHORITY_ID = "req_authority_id"; + /** + * Arbitrary user-supplied data that will be saved in request. + */ + public static final String USER_DATA = "user_data"; + public static final String RESULT = "Result"; // service result. public static final Integer RES_SUCCESS = Integer.valueOf(1); // result value public static final Integer RES_ERROR = Integer.valueOf(2); // result value diff --git a/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java b/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java index 8d10ec26b3db12f68eb9033473b93615d5a6d824..f03e05d72037c2c997acf6ba08f895d3ece64ddb 100644 --- a/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java +++ b/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java @@ -194,6 +194,9 @@ public abstract class EnrollProfile extends BasicProfile // set requested CA result[i].setExtData(IRequest.AUTHORITY_ID, ctx.get(REQUEST_AUTHORITY_ID)); + + // set user data + result[i].setExtData(IRequest.USER_DATA, ctx.get(REQUEST_USER_DATA)); } return result; } diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java index d394fd30c84a0fb7a0f19b31ba4b6973902ea931..908cbe4aecf96c24e2d356394c7ba1ead2cd3a56 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java +++ b/base/server/cms/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java @@ -147,6 +147,11 @@ public class EnrollmentProcessor extends CertProcessor { IProfileContext ctx = profile.createContext(); + // set arbitrary user data into request, if any + String userData = request.getParameter("user-data"); + if (userData != null) + ctx.set(IEnrollProfile.REQUEST_USER_DATA, userData); + if (aid != null) ctx.set(IEnrollProfile.REQUEST_AUTHORITY_ID, aid.toString()); -- 2.9.3