]> WPIA git - gigi.git/blobdiff - src/org/cacert/gigi/api/APIPoint.java
projects / gigi.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
fix: restrict access to CATS-API even more
[gigi.git] / src / org / cacert / gigi / api / APIPoint.java
diff --git a/src/org/cacert/gigi/api/APIPoint.java b/src/org/cacert/gigi/api/APIPoint.java
index 8987afdb4bf5f628e61c49c4448cdbfaebb7d32c..72a555b1539a5a89ba51f2bb564c9d1453877f68 100644 (file)
--- a/src/org/cacert/gigi/api/APIPoint.java
+++ b/src/org/cacert/gigi/api/APIPoint.java
@@ -6,6 +6,7 @@ import java.security.cert.X509Certificate;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.cacert.gigi.dbObjects.Certificate;
 import org.cacert.gigi.dbObjects.CertificateOwner;
 import org.cacert.gigi.dbObjects.User;
 import org.cacert.gigi.pages.LoginPage;
 import org.cacert.gigi.dbObjects.CertificateOwner;
 import org.cacert.gigi.dbObjects.User;
 import org.cacert.gigi.pages.LoginPage;
@@ -19,8 +20,9 @@ public abstract class APIPoint {
             return;
         }
         String serial = LoginPage.extractSerialFormCert(cert);
             return;
         }
         String serial = LoginPage.extractSerialFormCert(cert);
+        Certificate clientCert = Certificate.getBySerial(serial);
         CertificateOwner u = CertificateOwner.getByEnabledSerial(serial);
         CertificateOwner u = CertificateOwner.getByEnabledSerial(serial);
-        if (u == null) {
+        if (u == null || clientCert == null) {
             resp.sendError(403, "Error, cert authing required. Serial not found: " + serial);
             return;
         }
             resp.sendError(403, "Error, cert authing required. Serial not found: " + serial);
             return;
         }
@@ -42,6 +44,10 @@ public abstract class APIPoint {
             resp.sendError(500, "Error, no query String allowed.");
             return;
         }
             resp.sendError(500, "Error, no query String allowed.");
             return;
         }
+        process(req, resp, u, clientCert);
+    }
+
+    protected void process(HttpServletRequest req, HttpServletResponse resp, CertificateOwner u, Certificate clientCert) throws IOException {
         process(req, resp, u);
     }
 
         process(req, resp, u);
     }
 
WPIA Certificate Web Issuance Platform