Refactor installation servlets to use common code in ConfigurationUtils

Ticket #156
author: Ade Lee <alee@redhat.com> 2012-04-26 23:48:43 -0400
committer: Ade Lee <alee@redhat.com> 2012-05-02 16:47:27 -0400
commit: 9aea1e939f6357eadf777c72ae3ef43275829427 (patch)
tree: 07cfa655fcfd462c5217df8c8fe19cccc7e2e97f /base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java
parent: fbf472de7a4eb3d141c32821a417ec5331b53c97 (diff)
download: pki-9aea1e939f6357eadf777c72ae3ef43275829427.tar.gz
pki-9aea1e939f6357eadf777c72ae3ef43275829427.tar.xz
pki-9aea1e939f6357eadf777c72ae3ef43275829427.zip
1 files changed, 18 insertions, 253 deletions
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java
index d216a9212..f29b22ae7 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java
@@ -17,14 +17,7 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-import java.io.ByteArrayOutputStream;
-import java.io.CharConversionException;
 import java.io.IOException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.security.cert.CertificateEncodingException;
-import java.util.StringTokenizer;
 
 import javax.servlet.ServletConfig;
 import javax.servlet.ServletException;
@@ -32,33 +25,6 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.velocity.context.Context;
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.asn1.ASN1Util;
-import org.mozilla.jss.asn1.ASN1Value;
-import org.mozilla.jss.asn1.BMPString;
-import org.mozilla.jss.asn1.OCTET_STRING;
-import org.mozilla.jss.asn1.SEQUENCE;
-import org.mozilla.jss.asn1.SET;
-import org.mozilla.jss.crypto.Cipher;
-import org.mozilla.jss.crypto.CryptoToken;
-import org.mozilla.jss.crypto.EncryptionAlgorithm;
-import org.mozilla.jss.crypto.IVParameterSpec;
-import org.mozilla.jss.crypto.KeyGenAlgorithm;
-import org.mozilla.jss.crypto.KeyGenerator;
-import org.mozilla.jss.crypto.KeyWrapAlgorithm;
-import org.mozilla.jss.crypto.KeyWrapper;
-import org.mozilla.jss.crypto.PBEAlgorithm;
-import org.mozilla.jss.crypto.PrivateKey;
-import org.mozilla.jss.crypto.SymmetricKey;
-import org.mozilla.jss.crypto.X509Certificate;
-import org.mozilla.jss.pkcs12.AuthenticatedSafes;
-import org.mozilla.jss.pkcs12.CertBag;
-import org.mozilla.jss.pkcs12.PFX;
-import org.mozilla.jss.pkcs12.PasswordConverter;
-import org.mozilla.jss.pkcs12.SafeBag;
-import org.mozilla.jss.pkix.primitive.EncryptedPrivateKeyInfo;
-import org.mozilla.jss.pkix.primitive.PrivateKeyInfo;
-import org.mozilla.jss.util.Password;
 
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.EBaseException;
@@ -66,7 +32,6 @@ import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.property.PropertySet;
 import com.netscape.certsrv.util.HttpInput;
 import com.netscape.cms.servlet.wizard.WizardServlet;
-import com.netscape.cmsutil.crypto.CryptoUtil;
 
 public class BackupKeyCertPanel extends WizardPanelBase {
 
@@ -199,20 +164,25 @@ public class BackupKeyCertPanel extends WizardPanelBase {
             Context context) throws IOException {
         IConfigStore config = CMS.getConfigStore();
 
-        String select = HttpInput.getID(request, "choice");
-        if (select.equals("backupkey")) {
-            CMS.debug("BackupKeyCertPanel update: backup");
-            config.putBoolean("preop.backupkeys.enable", true);
-            backupKeysCerts(request);
-        } else {
-            CMS.debug("BackupKeyCertPanel update: no backup");
-            config.putBoolean("preop.backupkeys.enable", false);
-        }
-
-        config.putBoolean("preop.backupkeycert.done", true);
         try {
-            config.commit(false);
-        } catch (EBaseException e) {
+            String select = HttpInput.getID(request, "choice");
+            String pwd = request.getParameter("__pwd");
+            if (select.equals("backupkey")) {
+                CMS.debug("BackupKeyCertPanel update: backup");
+                config.putBoolean("preop.backupkeys.enable", true);
+                ConfigurationUtils.backupKeys(pwd, null);
+            } else {
+                CMS.debug("BackupKeyCertPanel update: no backup");
+                config.putBoolean("preop.backupkeys.enable", false);
+            }
+
+            config.putBoolean("preop.backupkeycert.done", true);
+                config.commit(false);
+        } catch (Exception e) {
+            CMS.debug("BackupKeyertPanel: update(): Exception thrown " + e);
+            e.printStackTrace();
+            context.put("updateStatus", "failure");
+            throw new IOException(e);
         }
         context.put("updateStatus", "success");
     }
@@ -242,209 +212,4 @@ public class BackupKeyCertPanel extends WizardPanelBase {
         context.put("title", "Export Keys and Certificates");
         context.put("panel", "admin/console/config/backupkeycertpanel.vm");
     }
-
-    public void backupKeysCerts(HttpServletRequest request)
-            throws IOException {
-        CMS.debug("BackupKeyCertPanel backupKeysCerts: start");
-        IConfigStore cs = CMS.getConfigStore();
-        String certlist = "";
-        try {
-            certlist = cs.getString("preop.cert.list");
-        } catch (Exception e) {
-        }
-
-        StringTokenizer st = new StringTokenizer(certlist, ",");
-        CryptoManager cm = null;
-        try {
-            cm = CryptoManager.getInstance();
-        } catch (Exception e) {
-            CMS.debug("BackupKeyCertPanel::backupKeysCerts() - "
-                     + "Exception=" + e.toString());
-            throw new IOException(e.toString());
-        }
-
-        String pwd = request.getParameter("__pwd");
-        Password pass = new org.mozilla.jss.util.Password(pwd.toCharArray());
-        SEQUENCE encSafeContents = new SEQUENCE();
-        SEQUENCE safeContents = new SEQUENCE();
-        while (st.hasMoreTokens()) {
-            String t = st.nextToken();
-            if (t.equals("sslserver"))
-                continue;
-            String nickname = "";
-            String modname = "";
-            try {
-                nickname = cs.getString("preop.cert." + t + ".nickname");
-                modname = cs.getString("preop.module.token");
-            } catch (Exception e) {
-            }
-            if (!modname.equals("Internal Key Storage Token"))
-                nickname = modname + ":" + nickname;
-
-            X509Certificate x509cert = null;
-            byte localKeyId[] = null;
-            try {
-                x509cert = cm.findCertByNickname(nickname);
-                localKeyId = addCertBag(x509cert, nickname, safeContents);
-            } catch (IOException e) {
-                throw e;
-            } catch (Exception e) {
-                CMS.debug("BackupKeyCertPanel: Exception=" + e.toString());
-                throw new IOException("Failed to create pkcs12 file.");
-            }
-
-            try {
-                PrivateKey pkey = cm.findPrivKeyByCert(x509cert);
-                addKeyBag(pkey, x509cert, pass, localKeyId, encSafeContents);
-            } catch (Exception e) {
-                CMS.debug("BackupKeyCertPanel: Exception=" + e.toString());
-                throw new IOException("Failed to create pkcs12 file.");
-            }
-        } //while loop
-
-        X509Certificate[] cacerts = cm.getCACerts();
-
-        for (int i = 0; i < cacerts.length; i++) {
-            //String nickname = cacerts[i].getSubjectDN().toString();
-            String nickname = null;
-            try {
-                addCertBag(cacerts[i], nickname, safeContents);
-            } catch (IOException e) {
-                throw e;
-            } catch (Exception e) {
-                CMS.debug("BackupKeyCertPanel backKeysCerts: Exception=" + e.toString());
-                throw new IOException("Failed to create pkcs12 file.");
-            }
-        }
-
-        try {
-            AuthenticatedSafes authSafes = new AuthenticatedSafes();
-            authSafes.addSafeContents(safeContents);
-            authSafes.addSafeContents(encSafeContents);
-            PFX pfx = new PFX(authSafes);
-            pfx.computeMacData(pass, null, 5);
-            ByteArrayOutputStream bos = new ByteArrayOutputStream();
-            pfx.encode(bos);
-            byte[] output = bos.toByteArray();
-            cs.putString("preop.pkcs12", CryptoUtil.byte2string(output));
-            pass.clear();
-            cs.commit(false);
-        } catch (Exception e) {
-            CMS.debug("BackupKeyCertPanel backupKeysCerts: Exception=" + e.toString());
-        }
-    }
-
-    private void addKeyBag(PrivateKey pkey, X509Certificate x509cert,
-            Password pass, byte[] localKeyId, SEQUENCE safeContents)
-            throws IOException {
-        try {
-            PasswordConverter passConverter = new PasswordConverter();
-
-            SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
-            byte salt[] = random.generateSeed(4); // 4 bytes salt
-            byte[] priData = getEncodedKey(pkey);
-
-            PrivateKeyInfo pki = (PrivateKeyInfo)
-                    ASN1Util.decode(PrivateKeyInfo.getTemplate(), priData);
-            ASN1Value key = EncryptedPrivateKeyInfo.createPBE(
-                    PBEAlgorithm.PBE_SHA1_DES3_CBC,
-                    pass, salt, 1, passConverter, pki);
-            SET keyAttrs = createBagAttrs(
-                    x509cert.getSubjectDN().toString(), localKeyId);
-            SafeBag keyBag = new SafeBag(SafeBag.PKCS8_SHROUDED_KEY_BAG,
-                    key, keyAttrs);
-            safeContents.addElement(keyBag);
-        } catch (Exception e) {
-            CMS.debug("BackupKeyCertPanel getKeyBag: Exception=" + e.toString());
-            throw new IOException("Failed to create pk12 file.");
-        }
-    }
-
-    private byte[] addCertBag(X509Certificate x509cert, String nickname,
-            SEQUENCE safeContents) throws IOException {
-        byte[] localKeyId = null;
-        try {
-            ASN1Value cert = new OCTET_STRING(x509cert.getEncoded());
-            localKeyId = createLocalKeyId(x509cert);
-            SET certAttrs = null;
-            if (nickname != null)
-                certAttrs = createBagAttrs(nickname, localKeyId);
-            SafeBag certBag = new SafeBag(SafeBag.CERT_BAG,
-                    new CertBag(CertBag.X509_CERT_TYPE, cert), certAttrs);
-            safeContents.addElement(certBag);
-        } catch (Exception e) {
-            CMS.debug("BackupKeyCertPanel addCertBag: " + e.toString());
-            throw new IOException("Failed to create pk12 file.");
-        }
-
-        return localKeyId;
-    }
-
-    private byte[] getEncodedKey(PrivateKey pkey) {
-        try {
-            CryptoManager cm = CryptoManager.getInstance();
-            CryptoToken token = cm.getInternalKeyStorageToken();
-            KeyGenerator kg = token.getKeyGenerator(KeyGenAlgorithm.DES3);
-            SymmetricKey sk = kg.generate();
-            KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD);
-            byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 };
-            IVParameterSpec param = new IVParameterSpec(iv);
-            wrapper.initWrap(sk, param);
-            byte[] enckey = wrapper.wrap(pkey);
-            Cipher c = token.getCipherContext(EncryptionAlgorithm.DES3_CBC_PAD);
-            c.initDecrypt(sk, param);
-            byte[] recovered = c.doFinal(enckey);
-            return recovered;
-        } catch (Exception e) {
-            CMS.debug("BackupKeyCertPanel getEncodedKey: Exception=" + e.toString());
-        }
-
-        return null;
-    }
-
-    private byte[] createLocalKeyId(X509Certificate cert)
-            throws IOException {
-        try {
-            // SHA1 hash of the X509Cert der encoding
-            byte certDer[] = cert.getEncoded();
-
-            MessageDigest md = MessageDigest.getInstance("SHA");
-
-            md.update(certDer);
-            return md.digest();
-        } catch (CertificateEncodingException e) {
-            CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: " + e.toString());
-            throw new IOException("Failed to encode certificate.");
-        } catch (NoSuchAlgorithmException e) {
-            CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: " + e.toString());
-            throw new IOException("No such algorithm supported.");
-        }
-    }
-
-    private SET createBagAttrs(String nickName, byte localKeyId[])
-            throws IOException {
-        try {
-            SET attrs = new SET();
-            SEQUENCE nickNameAttr = new SEQUENCE();
-
-            nickNameAttr.addElement(SafeBag.FRIENDLY_NAME);
-            SET nickNameSet = new SET();
-
-            nickNameSet.addElement(new BMPString(nickName));
-            nickNameAttr.addElement(nickNameSet);
-            attrs.addElement(nickNameAttr);
-            SEQUENCE localKeyAttr = new SEQUENCE();
-
-            localKeyAttr.addElement(SafeBag.LOCAL_KEY_ID);
-            SET localKeySet = new SET();
-
-            localKeySet.addElement(new OCTET_STRING(localKeyId));
-            localKeyAttr.addElement(localKeySet);
-            attrs.addElement(localKeyAttr);
-            return attrs;
-        } catch (CharConversionException e) {
-            CMS.debug("BackupKeyCertPanel createBagAttrs: Exception=" + e.toString());
-            throw new IOException("Failed to create PKCS12 file.");
-        }
-    }
 }
author	Ade Lee <alee@redhat.com>	2012-04-26 23:48:43 -0400
committer	Ade Lee <alee@redhat.com>	2012-05-02 16:47:27 -0400
commit	9aea1e939f6357eadf777c72ae3ef43275829427 (patch)
tree	07cfa655fcfd462c5217df8c8fe19cccc7e2e97f /base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java
parent	fbf472de7a4eb3d141c32821a417ec5331b53c97 (diff)
download	pki-9aea1e939f6357eadf777c72ae3ef43275829427.tar.gz pki-9aea1e939f6357eadf777c72ae3ef43275829427.tar.xz pki-9aea1e939f6357eadf777c72ae3ef43275829427.zip