|
|
3fd438 |
From 384cd35c5298010386047b62d6db64916dd6689c Mon Sep 17 00:00:00 2001
|
|
|
3fd438 |
From: "Endi S. Dewata" <edewata@redhat.com>
|
|
|
3fd438 |
Date: Fri, 18 Aug 2017 23:05:24 +0200
|
|
|
3fd438 |
Subject: [PATCH] Added banner validation in InfoService.
|
|
|
3fd438 |
|
|
|
3fd438 |
Previously banner was only validated during server startup. Since
|
|
|
3fd438 |
banner can be modified anytime, the InfoService has been changed
|
|
|
3fd438 |
such that it validates the banner on each banner retrieval.
|
|
|
3fd438 |
|
|
|
3fd438 |
https://pagure.io/dogtagpki/issue/2671
|
|
|
3fd438 |
|
|
|
3fd438 |
Change-Id: I208f4c5b4ce2ce594e92acd4792aa03c729fa2cf
|
|
|
3fd438 |
(cherry picked from commit 889a9c9efce62488f098fb96fcf4a1454c0b3bc2)
|
|
|
3fd438 |
---
|
|
|
3fd438 |
.../src/org/dogtagpki/server/rest/InfoService.java | 27 +++++++++++++++++++++-
|
|
|
3fd438 |
1 file changed, 26 insertions(+), 1 deletion(-)
|
|
|
3fd438 |
|
|
|
3fd438 |
diff --git a/base/server/cms/src/org/dogtagpki/server/rest/InfoService.java b/base/server/cms/src/org/dogtagpki/server/rest/InfoService.java
|
|
|
3fd438 |
index 13581dd..5467bda 100644
|
|
|
3fd438 |
--- a/base/server/cms/src/org/dogtagpki/server/rest/InfoService.java
|
|
|
3fd438 |
+++ b/base/server/cms/src/org/dogtagpki/server/rest/InfoService.java
|
|
|
3fd438 |
@@ -20,12 +20,15 @@ package org.dogtagpki.server.rest;
|
|
|
3fd438 |
|
|
|
3fd438 |
import javax.servlet.http.HttpSession;
|
|
|
3fd438 |
import javax.ws.rs.core.Response;
|
|
|
3fd438 |
+import javax.xml.bind.UnmarshalException;
|
|
|
3fd438 |
|
|
|
3fd438 |
import org.dogtagpki.common.Info;
|
|
|
3fd438 |
import org.dogtagpki.common.InfoResource;
|
|
|
3fd438 |
import org.slf4j.Logger;
|
|
|
3fd438 |
import org.slf4j.LoggerFactory;
|
|
|
3fd438 |
+import org.xml.sax.SAXParseException;
|
|
|
3fd438 |
|
|
|
3fd438 |
+import com.netscape.certsrv.base.PKIException;
|
|
|
3fd438 |
import com.netscape.cms.servlet.base.PKIService;
|
|
|
3fd438 |
|
|
|
3fd438 |
/**
|
|
|
3fd438 |
@@ -42,17 +45,39 @@ public class InfoService extends PKIService implements InfoResource {
|
|
|
3fd438 |
logger.debug("InfoService.getInfo(): session: " + session.getId());
|
|
|
3fd438 |
|
|
|
3fd438 |
Info info = new Info();
|
|
|
3fd438 |
- info.setVersion(getVersion());
|
|
|
3fd438 |
|
|
|
3fd438 |
boolean bannerDisplayed = session.getAttribute("bannerDisplayed") != null;
|
|
|
3fd438 |
boolean bannerEnabled = isBannerEnabled();
|
|
|
3fd438 |
|
|
|
3fd438 |
// if banner not yet displayed in this session and it's enabled, return banner
|
|
|
3fd438 |
if (!bannerDisplayed && bannerEnabled) {
|
|
|
3fd438 |
+
|
|
|
3fd438 |
String banner = getBanner();
|
|
|
3fd438 |
info.setBanner(banner);
|
|
|
3fd438 |
+
|
|
|
3fd438 |
+ // validate banner
|
|
|
3fd438 |
+ try {
|
|
|
3fd438 |
+ // converting Info object into XML
|
|
|
3fd438 |
+ String xmlInfo = info.toString();
|
|
|
3fd438 |
+
|
|
|
3fd438 |
+ // and parse it back into Info object
|
|
|
3fd438 |
+ info = Info.valueOf(xmlInfo);
|
|
|
3fd438 |
+
|
|
|
3fd438 |
+ } catch (UnmarshalException e) {
|
|
|
3fd438 |
+ Throwable cause = e.getCause();
|
|
|
3fd438 |
+ logger.error("InfoService: Invalid access banner: " + cause, e);
|
|
|
3fd438 |
+
|
|
|
3fd438 |
+ if (cause instanceof SAXParseException) {
|
|
|
3fd438 |
+ throw new PKIException("Banner contains invalid character(s)", e);
|
|
|
3fd438 |
+ } else {
|
|
|
3fd438 |
+ throw new PKIException("Invalid access banner: " + cause, e);
|
|
|
3fd438 |
+ }
|
|
|
3fd438 |
+ }
|
|
|
3fd438 |
}
|
|
|
3fd438 |
|
|
|
3fd438 |
+ // add other info attributes after banner validation
|
|
|
3fd438 |
+ info.setVersion(getVersion());
|
|
|
3fd438 |
+
|
|
|
3fd438 |
return createOKResponse(info);
|
|
|
3fd438 |
}
|
|
|
3fd438 |
}
|
|
|
3fd438 |
--
|
|
|
3fd438 |
1.8.3.1
|
|
|
3fd438 |
|