Revision 9721
Added by Jing Tao over 8 years ago
| src/edu/ucsb/nceas/metacat/replication/ReplicationServlet.java | ||
|---|---|---|
| 117 | 117 |
|
| 118 | 118 |
// verify the client certificate on the request |
| 119 | 119 |
boolean isValid = false; |
| 120 |
String msg = "Metacat received the replication request. So the client certificate is trusted by the server's Apache/Tomcat. However, Metacat can't find the enity of the client certificate or the server parameter on the request url is registered in the xml_replication table. ";
|
|
| 120 |
String msg = "Metacat received the replication request. However, Metacat can't find the enity of the client certificate or the server parameter on the request url is registered in the xml_replication table. "; |
|
| 121 | 121 |
try {
|
| 122 | 122 |
isValid = hasValidCertificate(request, server); |
| 123 | 123 |
} catch (Exception e) {
|
| ... | ... | |
| 220 | 220 |
X509Certificate certificate = CertificateManager.getInstance().getCertificate(request); |
| 221 | 221 |
if (certificate != null) {
|
| 222 | 222 |
String givenSubject = CertificateManager.getInstance().getSubjectDN(certificate); |
| 223 |
logMetacat.debug("Given certificate subject: " + givenSubject);
|
|
| 223 |
logMetacat.info("Given client's certificate subject: " + givenSubject);
|
|
| 224 | 224 |
|
| 225 | 225 |
// get the CN from the DN: |
| 226 | 226 |
String givenServerCN = null; |
| ... | ... | |
| 245 | 245 |
// match (ends with) same certificate name (domain)? |
| 246 | 246 |
return serverHost.endsWith(givenServerCN); |
| 247 | 247 |
} |
| 248 |
} else {
|
|
| 249 |
String error = "ReplicationServlet.hasValidCertifcate - the client certificate is null. This means somehow the client certificate wasn't passed to Metacat!"; |
|
| 250 |
logMetacat.error(error); |
|
| 251 |
throw new ServiceException(error); |
|
| 248 | 252 |
} |
| 249 | 253 |
return false; |
| 250 | 254 |
} |
Also available in: Unified diff
If the client certificate is null, Metacat will throw an exception.