diff options
author | Endi S. Dewata <edewata@redhat.com> | 2013-10-07 11:48:54 -0400 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2013-10-25 17:17:39 -0400 |
commit | 2119f1b218e9d68b13496e7042785d9c68753966 (patch) | |
tree | b8c7cf5692723340d8d56e5d8c401acdee059ca5 /base/common/src/com/netscape/cms/servlet/key | |
parent | 7ca5adf1bd5bc4f9a7c5f2035426b9158007bb28 (diff) | |
download | pki-2119f1b218e9d68b13496e7042785d9c68753966.tar.gz pki-2119f1b218e9d68b13496e7042785d9c68753966.tar.xz pki-2119f1b218e9d68b13496e7042785d9c68753966.zip |
Reorganized server packages.
The tomcat, cms, and cmscore packages have been moved from base/common
into separate folders in base/server so that they can be built separately.
Diffstat (limited to 'base/common/src/com/netscape/cms/servlet/key')
16 files changed, 0 insertions, 4187 deletions
diff --git a/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java b/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java deleted file mode 100644 index e9faca86d..000000000 --- a/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java +++ /dev/null @@ -1,188 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key; - -import java.io.IOException; -import java.math.BigInteger; -import java.util.Locale; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IArgBlock; -import com.netscape.certsrv.common.ICMSRequest; -import com.netscape.certsrv.dbs.keydb.IKeyRecord; -import com.netscape.certsrv.dbs.keydb.IKeyRepository; -import com.netscape.certsrv.kra.IKeyRecoveryAuthority; -import com.netscape.certsrv.kra.IKeyService; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.cms.servlet.base.CMSServlet; -import com.netscape.cms.servlet.common.CMSRequest; -import com.netscape.cms.servlet.common.CMSTemplate; -import com.netscape.cms.servlet.common.CMSTemplateParams; -import com.netscape.cms.servlet.common.ECMSGWException; - -/** - * A class representing a recoverKey servlet. This servlet - * shows key information and presents a list of text boxes - * so that recovery agents can type in their identifiers - * and passwords. - * - * @version $Revision$, $Date$ - */ -public class ConfirmRecoverBySerial extends CMSServlet { - - /** - * - */ - private static final long serialVersionUID = 2221819191344494389L; - private final static String INFO = "recoverBySerial"; - private final static String TPL_FILE = - "confirmRecoverBySerial.template"; - - private final static String IN_SERIALNO = "serialNumber"; - private final static String OUT_SERIALNO = IN_SERIALNO; - private final static String OUT_OP = "op"; - private final static String OUT_SERVICE_URL = "serviceURL"; - private final static String OUT_M = "noOfRequiredAgents"; - private final static String OUT_ERROR = "errorDetails"; - - private IKeyRepository mKeyDB = null; - private IKeyService mRecoveryService = null; - private String mFormPath = null; - - /** - * Constructs ConfirmRecoverBySerial servlet. - */ - public ConfirmRecoverBySerial() { - super(); - } - - /** - * Initializes the servlet. - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; - mRecoveryService = (IKeyService) mAuthority; - mKeyDB = ((IKeyRecoveryAuthority) mAuthority).getKeyRepository(); - - mTemplates.remove(ICMSRequest.SUCCESS); - } - - /** - * Returns serlvet information. - */ - public String getServletInfo() { - return INFO; - } - - /** - * Serves HTTP request. The format of this request is - * as follows: - * confirmRecoverBySerial? - * [serialNumber=<serialno>] - */ - public void process(CMSRequest cmsReq) throws EBaseException { - - // Note that we should try to handle all the exceptions - // instead of passing it up back to the servlet - // framework. - - HttpServletRequest req = cmsReq.getHttpReq(); - HttpServletResponse resp = cmsReq.getHttpResp(); - - authenticate(cmsReq); - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - try { - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - IArgBlock header = CMS.createArgBlock(); - IArgBlock fixed = CMS.createArgBlock(); - CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); - - BigInteger seqNum = BigInteger.ZERO; - - try { - if (req.getParameter(IN_SERIALNO) != null) { - seqNum = new BigInteger(req.getParameter(IN_SERIALNO)); - } - - // make sure this page, which contains password - // information, is not cache. Too bad, this is - // only good for NS browser, not IE specifically. - resp.setHeader("pragma", "no-cache"); - - process(argSet, header, seqNum, req, resp, locale[0]); - } catch (NumberFormatException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); - } - - try { - ServletOutputStream out = resp.getOutputStream(); - - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - cmsReq.setStatus(ICMSRequest.SUCCESS); - } - - /** - * Requests for a list of agent passwords. - */ - private void process(CMSTemplateParams argSet, - IArgBlock header, BigInteger seq, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { - try { - header.addBigIntegerValue(OUT_SERIALNO, seq, 10); - header.addIntegerValue(OUT_M, - mRecoveryService.getNoOfRequiredAgents()); - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); - header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); - - IKeyRecord rec = mKeyDB.readKeyRecord(seq); - - KeyRecordParser.fillRecordIntoArg(rec, header); - } catch (EBaseException e) { - header.addStringValue(OUT_ERROR, e.toString(locale)); - } - } -} diff --git a/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java b/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java deleted file mode 100644 index 03af65c1f..000000000 --- a/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java +++ /dev/null @@ -1,195 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key; - -import java.io.IOException; -import java.math.BigInteger; -import java.util.Locale; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.IAuthToken; -import com.netscape.certsrv.authorization.AuthzToken; -import com.netscape.certsrv.authorization.EAuthzAccessDenied; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IArgBlock; -import com.netscape.certsrv.common.ICMSRequest; -import com.netscape.certsrv.dbs.keydb.IKeyRecord; -import com.netscape.certsrv.dbs.keydb.IKeyRepository; -import com.netscape.certsrv.kra.IKeyRecoveryAuthority; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.cms.servlet.base.CMSServlet; -import com.netscape.cms.servlet.common.CMSRequest; -import com.netscape.cms.servlet.common.CMSTemplate; -import com.netscape.cms.servlet.common.CMSTemplateParams; -import com.netscape.cms.servlet.common.ECMSGWException; - -/** - * Display a specific Key Archival Request - * <P> - * - * @version $Revision$, $Date$ - */ -public class DisplayBySerial extends CMSServlet { - - /** - * - */ - private static final long serialVersionUID = -537957487396615246L; - private final static String INFO = "displayBySerial"; - private final static String TPL_FILE = "displayBySerial.template"; - - private final static String IN_SERIALNO = "serialNumber"; - private final static String OUT_OP = "op"; - private final static String OUT_SERVICE_URL = "serviceURL"; - private final static String OUT_ERROR = "errorDetails"; - - private IKeyRepository mKeyDB = null; - private String mFormPath = null; - - /** - * Constructs displayBySerial servlet. - */ - public DisplayBySerial() { - super(); - } - - /** - * initialize the servlet. This servlet uses the template file - * "displayBySerial.template" to process the response. - * - * @param sc servlet configuration, read from the web.xml file - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; - mKeyDB = ((IKeyRecoveryAuthority) mAuthority).getKeyRepository(); - - mTemplates.remove(ICMSRequest.SUCCESS); - if (mOutputTemplatePath != null) - mFormPath = mOutputTemplatePath; - } - - /** - * Returns serlvet information. - */ - public String getServletInfo() { - return INFO; - } - - /** - * Process the HTTP request. - * <ul> - * <li>http.param serialNumber serial number of the key archival request - * </ul> - * - * @param cmsReq the object holding the request and response information - */ - public void process(CMSRequest cmsReq) throws EBaseException { - - HttpServletRequest req = cmsReq.getHttpReq(); - HttpServletResponse resp = cmsReq.getHttpResp(); - - IAuthToken authToken = authenticate(cmsReq); - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - - if (authzToken == null) { - cmsReq.setStatus(ICMSRequest.UNAUTHORIZED); - return; - } - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - try { - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - // Note that we should try to handle all the exceptions - // instead of passing it up back to the servlet - // framework. - - IArgBlock header = CMS.createArgBlock(); - IArgBlock fixed = CMS.createArgBlock(); - CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); - BigInteger seqNum = BigInteger.ZERO; - - try { - if (req.getParameter(IN_SERIALNO) != null) { - seqNum = new BigInteger(req.getParameter(IN_SERIALNO)); - } - process(argSet, header, seqNum, req, resp, locale[0]); - } catch (NumberFormatException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); - } - - try { - ServletOutputStream out = resp.getOutputStream(); - - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - } - - /** - * Display information about a particular key. - */ - private void process(CMSTemplateParams argSet, - IArgBlock header, BigInteger seq, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { - try { - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); - header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); - IKeyRecord rec = mKeyDB.readKeyRecord(seq); - - KeyRecordParser.fillRecordIntoArg(rec, header); - } catch (EBaseException e) { - header.addStringValue(OUT_ERROR, e.toString(locale)); - } - } -} diff --git a/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java b/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java deleted file mode 100644 index 48cac3785..000000000 --- a/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java +++ /dev/null @@ -1,214 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key; - -import java.io.IOException; -import java.math.BigInteger; -import java.util.Locale; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.IAuthToken; -import com.netscape.certsrv.authorization.AuthzToken; -import com.netscape.certsrv.authorization.EAuthzAccessDenied; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IArgBlock; -import com.netscape.certsrv.common.ICMSRequest; -import com.netscape.certsrv.dbs.keydb.IKeyRecord; -import com.netscape.certsrv.dbs.keydb.IKeyRepository; -import com.netscape.certsrv.kra.IKeyRecoveryAuthority; -import com.netscape.certsrv.kra.IKeyService; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.cms.servlet.base.CMSServlet; -import com.netscape.cms.servlet.common.CMSRequest; -import com.netscape.cms.servlet.common.CMSTemplate; -import com.netscape.cms.servlet.common.CMSTemplateParams; -import com.netscape.cms.servlet.common.ECMSGWException; - -/** - * Display a Specific Key Archival Request, and initiate - * key recovery process - * - * @version $Revision$, $Date$ - */ -public class DisplayBySerialForRecovery extends CMSServlet { - - /** - * - */ - private static final long serialVersionUID = 6876016034084761827L; - private final static String INFO = "displayBySerial"; - private final static String TPL_FILE = "displayBySerialForRecovery.template"; - - private final static String IN_SERIALNO = "serialNumber"; - private final static String OUT_OP = "op"; - private final static String OUT_SERVICE_URL = "serviceURL"; - private final static String OUT_ERROR = "errorDetails"; - - private IKeyRepository mKeyDB = null; - private String mFormPath = null; - private IKeyService mService = null; - - /** - * Constructor - */ - public DisplayBySerialForRecovery() { - super(); - } - - /** - * initialize the servlet. This servlet uses the template file - * "displayBySerialForRecovery.template" to process the response. - * - * @param sc servlet configuration, read from the web.xml file - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - mFormPath = "/agent/" + mAuthority.getId() + "/" + TPL_FILE; - mKeyDB = ((IKeyRecoveryAuthority) mAuthority).getKeyRepository(); - mService = (IKeyService) mAuthority; - - mTemplates.remove(ICMSRequest.SUCCESS); - } - - /** - * Returns serlvet information. - */ - public String getServletInfo() { - return INFO; - } - - /** - * Process the HTTP request. - * <ul> - * <li>http.param serialNumber request ID of key archival request - * <li>http.param publicKeyData - * </ul> - * - * @param cmsReq the object holding the request and response information - */ - public void process(CMSRequest cmsReq) throws EBaseException { - - HttpServletRequest req = cmsReq.getHttpReq(); - HttpServletResponse resp = cmsReq.getHttpResp(); - - IAuthToken authToken = authenticate(cmsReq); - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - - if (authzToken == null) { - cmsReq.setStatus(ICMSRequest.UNAUTHORIZED); - return; - } - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - try { - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - // Note that we should try to handle all the exceptions - // instead of passing it up back to the servlet - // framework. - - IArgBlock header = CMS.createArgBlock(); - IArgBlock fixed = CMS.createArgBlock(); - CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); - - BigInteger seqNum = BigInteger.ZERO; - - try { - if (req.getParameter(IN_SERIALNO) != null) { - seqNum = new BigInteger(req.getParameter(IN_SERIALNO)); - } - process(argSet, header, - req.getParameter("publicKeyData"), - seqNum, req, resp, locale[0]); - } catch (NumberFormatException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); - } catch (Exception e) { - e.printStackTrace(); - System.out.println(e.toString()); - } - try { - ServletOutputStream out = resp.getOutputStream(); - - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - cmsReq.setStatus(ICMSRequest.SUCCESS); - } - - /** - * Display information about a particular key. - */ - private synchronized void process(CMSTemplateParams argSet, - IArgBlock header, String publicKeyData, BigInteger seq, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { - try { - header.addIntegerValue("noOfRequiredAgents", - mService.getNoOfRequiredAgents()); - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); - header.addStringValue("keySplitting", - CMS.getConfigStore().getString("kra.keySplitting")); - header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); - if (publicKeyData != null) { - header.addStringValue("publicKeyData", - publicKeyData); - } - IKeyRecord rec = mKeyDB.readKeyRecord(seq); - - KeyRecordParser.fillRecordIntoArg(rec, header); - - // recovery identifier - header.addStringValue("recoveryID", mService.getRecoveryID()); - } catch (EBaseException e) { - header.addStringValue(OUT_ERROR, e.toString(locale)); - } - } -} diff --git a/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java b/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java deleted file mode 100644 index e59550af3..000000000 --- a/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java +++ /dev/null @@ -1,126 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletResponse; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.IAuthToken; -import com.netscape.certsrv.authorization.AuthzToken; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.common.ICMSRequest; -import com.netscape.certsrv.kra.IKeyRecoveryAuthority; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.certsrv.security.ITransportKeyUnit; -import com.netscape.cms.servlet.base.CMSServlet; -import com.netscape.cms.servlet.common.CMSRequest; -import com.netscape.cms.servlet.common.ECMSGWException; - -/** - * Retrieve Transport Certificate used to - * wrap Private key Archival requests - * - * @version $Revision$, $Date$ - */ -public class DisplayTransport extends CMSServlet { - - /** - * - */ - private static final long serialVersionUID = -6509083753395783705L; - private final static String INFO = "displayTransport"; - - /** - * Constructs displayTransport servlet. - */ - public DisplayTransport() { - super(); - } - - /** - * Initializes the servlet. - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - mTemplates.remove(ICMSRequest.SUCCESS); - } - - /** - * Returns serlvet information. - */ - public String getServletInfo() { - return INFO; - } - - /** - * Process the HTTP request. - * - * @param cmsReq the object holding the request and response information - */ - public void process(CMSRequest cmsReq) throws EBaseException { - - HttpServletResponse resp = cmsReq.getHttpResp(); - - IAuthToken authToken = authenticate(cmsReq); - - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); - } catch (Exception e) { - // do nothing for now - } - - if (authzToken == null) { - cmsReq.setStatus(ICMSRequest.UNAUTHORIZED); - return; - } - - try { - IKeyRecoveryAuthority kra = - (IKeyRecoveryAuthority) mAuthority; - ITransportKeyUnit tu = kra.getTransportKeyUnit(); - org.mozilla.jss.crypto.X509Certificate transportCert = - tu.getCertificate(); - - resp.setStatus(HttpServletResponse.SC_OK); - resp.setContentType("text/html"); - String content = ""; - - content += "<HTML><PRE>"; - String mime64 = - "-----BEGIN CERTIFICATE-----\n" + - CMS.BtoA(transportCert.getEncoded()) + "\n" + - "-----END CERTIFICATE-----\n"; - - content += mime64; - content += "</PRE></HTML>"; - resp.setContentType("text/html"); - resp.getOutputStream().write(content.getBytes()); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - cmsReq.setStatus(ICMSRequest.SUCCESS); - } -} diff --git a/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java b/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java deleted file mode 100644 index cd3988944..000000000 --- a/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java +++ /dev/null @@ -1,240 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key; - -import java.io.IOException; -import java.math.BigInteger; -import java.util.Hashtable; -import java.util.Locale; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.IAuthToken; -import com.netscape.certsrv.authorization.AuthzToken; -import com.netscape.certsrv.authorization.EAuthzAccessDenied; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IArgBlock; -import com.netscape.certsrv.common.ICMSRequest; -import com.netscape.certsrv.dbs.keydb.IKeyRecord; -import com.netscape.certsrv.dbs.keydb.IKeyRepository; -import com.netscape.certsrv.kra.IKeyRecoveryAuthority; -import com.netscape.certsrv.kra.IKeyService; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.cms.servlet.base.CMSServlet; -import com.netscape.cms.servlet.common.CMSRequest; -import com.netscape.cms.servlet.common.CMSTemplate; -import com.netscape.cms.servlet.common.CMSTemplateParams; -import com.netscape.cms.servlet.common.ECMSGWException; - -/** - * View the Key Recovery Request - * - * @version $Revision$, $Date$ - */ -public class ExamineRecovery extends CMSServlet { - - /** - * - */ - private static final long serialVersionUID = -953282265332774966L; - private final static String INFO = "examineRecovery"; - private final static String TPL_FILE = "examineRecovery.template"; - - private final static String OUT_OP = "op"; - private final static String OUT_SERVICE_URL = "serviceURL"; - - private IKeyService mService = null; - private String mFormPath = null; - - /** - * Constructs EA servlet. - */ - public ExamineRecovery() { - super(); - } - - /** - * Initializes the servlet. - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - mService = (IKeyService) mAuthority; - mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; - - mTemplates.remove(ICMSRequest.SUCCESS); - if (mOutputTemplatePath != null) - mFormPath = mOutputTemplatePath; - } - - /** - * Returns serlvet information. - */ - public String getServletInfo() { - return INFO; - } - - /** - * Process the HTTP request. - * <ul> - * <li>http.param recoveryID recovery request ID - * </ul> - * - * @param cmsReq the object holding the request and response information - */ - - public void process(CMSRequest cmsReq) throws EBaseException { - - HttpServletRequest req = cmsReq.getHttpReq(); - HttpServletResponse resp = cmsReq.getHttpResp(); - - IAuthToken authToken = authenticate(cmsReq); - - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - - if (authzToken == null) { - cmsReq.setStatus(ICMSRequest.UNAUTHORIZED); - return; - } - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - try { - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - IArgBlock header = CMS.createArgBlock(); - IArgBlock fixed = CMS.createArgBlock(); - CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); - - EBaseException error = null; - - try { - process(argSet, header, - req.getParameter("recoveryID"), - req, resp, locale[0]); - } catch (EBaseException e) { - error = e; - } catch (Exception e) { - error = new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); - } - - /* - catch (NumberFormatException e) { - error = eBaseException( - - header.addStringValue(OUT_ERROR, - MessageFormatter.getLocalizedString( - locale[0], - BaseResources.class.getName(), - BaseResources.INTERNAL_ERROR_1, - e.toString())); - } - */ - - try { - if (error == null) { - String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - ServletOutputStream out = resp.getOutputStream(); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(ICMSRequest.SUCCESS); - } - } else { - cmsReq.setStatus(ICMSRequest.ERROR); - cmsReq.setError(error); - } - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - } - - /** - * Recovers a key. The p12 will be protected by the password - * provided by the administrator. - */ - private void process(CMSTemplateParams argSet, - IArgBlock header, String recoveryID, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) - throws EBaseException { - try { - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); - header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); - header.addStringValue("keySplitting", - CMS.getConfigStore().getString("kra.keySplitting")); - Hashtable<String, Object> params = mService.getRecoveryParams( - recoveryID); - - if (params == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); - } - String keyID = (String) params.get("keyID"); - header.addStringValue("serialNumber", keyID); - header.addStringValue("recoveryID", recoveryID); - - IKeyRepository mKeyDB = - ((IKeyRecoveryAuthority) mAuthority).getKeyRepository(); - IKeyRecord rec = mKeyDB.readKeyRecord(new - BigInteger(keyID)); - KeyRecordParser.fillRecordIntoArg(rec, header); - - } catch (EBaseException e) { - log(ILogger.LL_FAILURE, "Error e " + e); - throw e; - } - - /* - catch (Exception e) { - header.addStringValue(OUT_ERROR, e.toString()); - } - */ - } -} diff --git a/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java b/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java deleted file mode 100644 index 7d24c7ceb..000000000 --- a/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java +++ /dev/null @@ -1,236 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key; - -import java.io.IOException; -import java.math.BigInteger; -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.Locale; -import java.util.Vector; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.IAuthToken; -import com.netscape.certsrv.authority.IAuthority; -import com.netscape.certsrv.authorization.AuthzToken; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IArgBlock; -import com.netscape.certsrv.common.ICMSRequest; -import com.netscape.certsrv.kra.IKeyRecoveryAuthority; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.certsrv.security.Credential; -import com.netscape.cms.servlet.base.CMSServlet; -import com.netscape.cms.servlet.common.CMSRequest; -import com.netscape.cms.servlet.common.CMSTemplate; -import com.netscape.cms.servlet.common.CMSTemplateParams; -import com.netscape.cms.servlet.common.ECMSGWException; - -/** - * Check to see if a Key Recovery Request has been approved - * - * @version $Revision$, $Date$ - */ -public class GetApprovalStatus extends CMSServlet { - - /** - * - */ - private static final long serialVersionUID = -8257339915430654983L; - private final static String INFO = "getApprovalStatus"; - private final static String TPL_FILE = "getApprovalStatus.template"; - private final static String TPL_FINISH = "finishRecovery.template"; - - private final static String OUT_ERROR = "errorDetails"; - private final static String OUT_STATUS = "status"; - - private com.netscape.certsrv.kra.IKeyService mService = null; - private String mFormPath = null; - - /** - * Constructs getApprovalStatus servlet. - */ - public GetApprovalStatus() { - super(); - } - - /** - * initialize the servlet. This servlet uses the template files - * "getApprovalStatus.template" and "finishRecovery.template" - * to process the response. - * - * @param sc servlet configuration, read from the web.xml file - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - // mFormPath = "/"+authority.getId()+"/"+TPL_FILE; - mService = (com.netscape.certsrv.kra.IKeyService) mAuthority; - - mTemplates.remove(ICMSRequest.SUCCESS); - } - - /** - * Returns serlvet information. - */ - public String getServletInfo() { - return INFO; - } - - /** - * Process the HTTP request. - * <ul> - * <li>http.param recoveryID request ID to check - * </ul> - * - * @param cmsReq the object holding the request and response information - */ - public void process(CMSRequest cmsReq) throws EBaseException { - - HttpServletRequest req = cmsReq.getHttpReq(); - HttpServletResponse resp = cmsReq.getHttpResp(); - - IAuthToken authToken = authenticate(cmsReq); - - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); - } catch (Exception e) { - // do nothing for now - } - - if (authzToken == null) { - cmsReq.setStatus(ICMSRequest.UNAUTHORIZED); - return; - } - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - cmsReq.setStatus(ICMSRequest.SUCCESS); - IArgBlock header = CMS.createArgBlock(); - IArgBlock fixed = CMS.createArgBlock(); - CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); - int rComplete = 0; - - // get status and populate argSet - try { - String recoveryID = req.getParameter("recoveryID"); - - header.addStringValue("recoveryID", recoveryID); - - Hashtable<String, Object> params = mService.getRecoveryParams(recoveryID); - - if (params == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); - } - header.addStringValue("serialNumber", - (String) params.get("keyID")); - header.addStringValue("serialNumberInHex", - new BigInteger((String) params.get("keyID")).toString(16)); - - int requiredNumber = mService.getNoOfRequiredAgents(); - - header.addIntegerValue("noOfRequiredAgents", requiredNumber); - - Vector<Credential> dc = ((IKeyRecoveryAuthority) mService).getAppAgents(recoveryID); - Enumeration<Credential> agents = dc.elements(); - - while (agents.hasMoreElements()) { - IArgBlock rarg = CMS.createArgBlock(); - - rarg.addStringValue("agentName", agents.nextElement().getIdentifier()); - argSet.addRepeatRecord(rarg); - } - if (dc.size() >= requiredNumber) { - // got all approval, return pk12 - byte pkcs12[] = ((IKeyRecoveryAuthority) mService).getPk12(recoveryID); - - if (pkcs12 != null) { - rComplete = 1; - header.addStringValue(OUT_STATUS, "complete"); - - /* - mService.destroyRecoveryParams(recoveryID); - try { - resp.setContentType("application/x-pkcs12"); - resp.getOutputStream().write(pkcs12); - return; - } catch (IOException e) { - header.addStringValue(OUT_ERROR, - MessageFormatter.getLocalizedString( - locale[0], - BaseResources.class.getName(), - BaseResources.INTERNAL_ERROR_1, - e.toString())); - } - */ - } else if (((IKeyRecoveryAuthority) mService).getError(recoveryID) != null) { - // error in recovery process - header.addStringValue(OUT_ERROR, - ((IKeyRecoveryAuthority) mService).getError(recoveryID)); - rComplete = 1; - } else { - // pk12 hasn't been created yet. - } - } - } catch (EBaseException e) { - header.addStringValue(OUT_ERROR, e.toString(locale[0])); - rComplete = 1; - } - - try { - if (rComplete == 1) { - mFormPath = "/" + ((IAuthority) mService).getId() + "/" + TPL_FINISH; - } else { - mFormPath = "/" + ((IAuthority) mService).getId() + "/" + TPL_FILE; - } - if (mOutputTemplatePath != null) - mFormPath = mOutputTemplatePath; - try { - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - ServletOutputStream out = resp.getOutputStream(); - - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - cmsReq.setStatus(ICMSRequest.SUCCESS); - } -} diff --git a/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java b/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java deleted file mode 100644 index 773b91e65..000000000 --- a/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java +++ /dev/null @@ -1,265 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key; - -import java.io.IOException; -import java.util.Locale; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.IAuthToken; -import com.netscape.certsrv.authorization.AuthzToken; -import com.netscape.certsrv.authorization.EAuthzAccessDenied; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IArgBlock; -import com.netscape.certsrv.base.SessionContext; -import com.netscape.certsrv.common.ICMSRequest; -import com.netscape.certsrv.kra.IKeyRecoveryAuthority; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.cms.servlet.base.CMSServlet; -import com.netscape.cms.servlet.common.CMSRequest; -import com.netscape.cms.servlet.common.CMSTemplate; -import com.netscape.cms.servlet.common.CMSTemplateParams; -import com.netscape.cms.servlet.common.ECMSGWException; - -/** - * Get the recovered key in PKCS#12 format - * - for asynchronous key recovery only - * - */ -public class GetAsyncPk12 extends CMSServlet { - - /** - * - */ - private static final long serialVersionUID = 6933634840339605800L; - - private final static String INFO = "getAsyncPk12"; - - private final static String TPL_FILE = "finishAsyncRecovery.template"; - - private final static String IN_PASSWORD = "p12Password"; - private final static String IN_PASSWORD_AGAIN = "p12PasswordAgain"; - private final static String OUT_ERROR = "errorDetails"; - - private com.netscape.certsrv.kra.IKeyService mService = null; - - private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4"; - - private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4"; - - private String mFormPath = null; - - /** - * Constructs getAsyncPk12 servlet. - */ - public GetAsyncPk12() { - super(); - } - - /** - * initialize the servlet. This servlet uses the template file - * "finishAsyncRecovery.template" to process the response. - * - * @param sc servlet configuration, read from the web.xml file - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - mFormPath = "/agent/" + mAuthority.getId() + "/" + TPL_FILE; - mService = (com.netscape.certsrv.kra.IKeyService) mAuthority; - - mTemplates.remove(ICMSRequest.SUCCESS); - if (mOutputTemplatePath != null) - mFormPath = mOutputTemplatePath; - } - - /** - * Returns serlvet information. - */ - public String getServletInfo() { - return INFO; - } - - /** - * Process the HTTP request. - * <ul> - * <li>http.param reqID request id for recovery - * </ul> - * - * @param cmsReq the object holding the request and response information - */ - public void process(CMSRequest cmsReq) throws EBaseException { - - HttpServletRequest req = cmsReq.getHttpReq(); - HttpServletResponse resp = cmsReq.getHttpResp(); - String auditMessage = null; - String agent = null; - String reqID = null; - - IAuthToken authToken = authenticate(cmsReq); - - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "download"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - - if (authzToken == null) { - cmsReq.setStatus(ICMSRequest.UNAUTHORIZED); - return; - } - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - try { - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - cmsReq.setStatus(ICMSRequest.SUCCESS); - IArgBlock header = CMS.createArgBlock(); - IArgBlock fixed = CMS.createArgBlock(); - CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); - - // get status and populate argSet - try { - reqID = req.getParameter("reqID"); - header.addStringValue("reqID", reqID); - - // only the init DRM agent can get the pkcs12 - SessionContext sContext = SessionContext.getContext(); - - if (sContext != null) { - agent = (String) sContext.get(SessionContext.USER_ID); - } - - if (agent == null) { - CMS.debug("GetAsyncPk12::process() - agent is null!"); - throw new EBaseException("agent is null"); - } - - String initAgent = "undefined"; - initAgent = mService.getInitAgentAsyncKeyRecovery(reqID); - - if ((initAgent.equals("undefined")) || !agent.equals(initAgent)) { - log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSGW_INVALID_AGENT_ASYNC_3", - reqID, initAgent)); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_AGENT_ASYNC", - reqID, initAgent)); - } - - // The async recovery request must be in "approved" state - // i.e. all required # of recovery agents approved - if (mService.isApprovedAsyncKeyRecovery(reqID) != true) { - CMS.debug("GetAsyncPk12::process() - # required recovery agents not met"); - throw new EBaseException("# required recovery agents not met"); - } - - String password = req.getParameter(IN_PASSWORD); - String passwordAgain = req.getParameter(IN_PASSWORD_AGAIN); - - if (password == null || password.equals("")) { - header.addStringValue(OUT_ERROR, "PKCS12 password not found"); - throw new EBaseException("PKCS12 password not found"); - } - if (passwordAgain == null || !passwordAgain.equals(password)) { - header.addStringValue(OUT_ERROR, "PKCS12 password not matched"); - throw new EBaseException("PKCS12 password not matched"); - } - - // got all approval, return pk12 - byte pkcs12[] = mService.doKeyRecovery(reqID, password); - - if (pkcs12 != null) { - try { - resp.setContentType("application/x-pkcs12"); - resp.getOutputStream().write(pkcs12); - mRenderResult = false; - - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, - agent, - ILogger.SUCCESS, - reqID, - ""); - - audit(auditMessage); - - return; - } catch (IOException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); - } - } else if (((IKeyRecoveryAuthority) mService).getError(reqID) != null) { - // error in recovery process - header.addStringValue(OUT_ERROR, - ((IKeyRecoveryAuthority) mService).getError(reqID)); - } else { - // pk12 hasn't been created yet. Shouldn't get here - } - } catch (EBaseException e) { - header.addStringValue(OUT_ERROR, e.toString(locale[0])); - } - - if ((agent != null) && (reqID != null)) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, - agent, - ILogger.FAILURE, - reqID, - ""); - - audit(auditMessage); - } - - try { - ServletOutputStream out = resp.getOutputStream(); - - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - cmsReq.setStatus(ICMSRequest.SUCCESS); - } -} diff --git a/base/common/src/com/netscape/cms/servlet/key/GetPk12.java b/base/common/src/com/netscape/cms/servlet/key/GetPk12.java deleted file mode 100644 index c79a82f4d..000000000 --- a/base/common/src/com/netscape/cms/servlet/key/GetPk12.java +++ /dev/null @@ -1,259 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key; - -import java.io.IOException; -import java.util.Hashtable; -import java.util.Locale; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.IAuthToken; -import com.netscape.certsrv.authorization.AuthzToken; -import com.netscape.certsrv.authorization.EAuthzAccessDenied; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IArgBlock; -import com.netscape.certsrv.base.SessionContext; -import com.netscape.certsrv.common.ICMSRequest; -import com.netscape.certsrv.kra.IKeyRecoveryAuthority; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.cms.servlet.base.CMSServlet; -import com.netscape.cms.servlet.common.CMSRequest; -import com.netscape.cms.servlet.common.CMSTemplate; -import com.netscape.cms.servlet.common.CMSTemplateParams; -import com.netscape.cms.servlet.common.ECMSGWException; - -/** - * Get the recovered key in PKCS#12 format - * - * @version $Revision$, $Date$ - */ -public class GetPk12 extends CMSServlet { - - /** - * - */ - private static final long serialVersionUID = 8974964964333880697L; - - private final static String INFO = "getPk12"; - - private final static String TPL_FILE = "finishRecovery.template"; - - private final static String OUT_ERROR = "errorDetails"; - - private com.netscape.certsrv.kra.IKeyService mService = null; - - private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4"; - - private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4"; - - private String mFormPath = null; - - /** - * Constructs getPk12 servlet. - */ - public GetPk12() { - super(); - } - - /** - * initialize the servlet. This servlet uses the template file - * "finishRecovery.template" to process the response. - * - * @param sc servlet configuration, read from the web.xml file - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - mFormPath = "/agent/" + mAuthority.getId() + "/" + TPL_FILE; - mService = (com.netscape.certsrv.kra.IKeyService) mAuthority; - - mTemplates.remove(ICMSRequest.SUCCESS); - if (mOutputTemplatePath != null) - mFormPath = mOutputTemplatePath; - } - - /** - * Returns serlvet information. - */ - public String getServletInfo() { - return INFO; - } - - /** - * Process the HTTP request. - * <ul> - * <li>http.param recoveryID ID of request to recover - * </ul> - * - * @param cmsReq the object holding the request and response information - */ - public void process(CMSRequest cmsReq) throws EBaseException { - - HttpServletRequest req = cmsReq.getHttpReq(); - HttpServletResponse resp = cmsReq.getHttpResp(); - String auditMessage = null; - String recoveryID = null; - String agent = null; - - IAuthToken authToken = authenticate(cmsReq); - - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "download"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - - if (authzToken == null) { - cmsReq.setStatus(ICMSRequest.UNAUTHORIZED); - return; - } - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - try { - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - cmsReq.setStatus(ICMSRequest.SUCCESS); - IArgBlock header = CMS.createArgBlock(); - IArgBlock fixed = CMS.createArgBlock(); - CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); - - // get status and populate argSet - try { - recoveryID = req.getParameter("recoveryID"); - - header.addStringValue("recoveryID", recoveryID); - - Hashtable<String, Object> params = mService.getRecoveryParams(recoveryID); - - if (params == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); - } - - // only the init DRM agent can get the pkcs12 - SessionContext sContext = SessionContext.getContext(); - if (sContext != null) { - agent = (String) sContext.get(SessionContext.USER_ID); - } - - if (agent == null) { - CMS.debug("GetPk12::process() - agent is null!"); - throw new EBaseException("agent is null"); - } - - String initAgent = (String) params.get("agent"); - - if (!agent.equals(initAgent)) { - log(ILogger.LL_SECURITY, - - CMS.getLogMessage("CMSGW_INVALID_AGENT_3", - recoveryID, - initAgent)); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_AGENT", - agent, initAgent, recoveryID)); - } - - header.addStringValue("serialNumber", - (String) params.get("keyID")); - - // got all approval, return pk12 - byte pkcs12[] = ((IKeyRecoveryAuthority) mService).getPk12(recoveryID); - - if (pkcs12 != null) { - mService.destroyRecoveryParams(recoveryID); - try { - resp.setContentType("application/x-pkcs12"); - resp.getOutputStream().write(pkcs12); - mRenderResult = false; - - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, - agent, - ILogger.SUCCESS, - recoveryID, - ""); - - audit(auditMessage); - - return; - } catch (IOException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); - } - } else if (((IKeyRecoveryAuthority) mService).getError(recoveryID) != null) { - // error in recovery process - header.addStringValue(OUT_ERROR, - ((IKeyRecoveryAuthority) mService).getError(recoveryID)); - } else { - // pk12 hasn't been created yet. Shouldn't get here - } - } catch (EBaseException e) { - header.addStringValue(OUT_ERROR, e.toString(locale[0])); - } - - if ((agent != null) && (recoveryID != null)) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, - agent, - ILogger.FAILURE, - recoveryID, - ""); - - audit(auditMessage); - } - - try { - ServletOutputStream out = resp.getOutputStream(); - - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - cmsReq.setStatus(ICMSRequest.SUCCESS); - } -} diff --git a/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java b/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java deleted file mode 100644 index 410039133..000000000 --- a/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java +++ /dev/null @@ -1,274 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2010 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key; - -import java.io.IOException; -import java.util.Locale; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.IAuthToken; -import com.netscape.certsrv.authorization.AuthzToken; -import com.netscape.certsrv.authorization.EAuthzAccessDenied; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IArgBlock; -import com.netscape.certsrv.common.ICMSRequest; -import com.netscape.certsrv.kra.IKeyService; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.cms.servlet.base.CMSServlet; -import com.netscape.cms.servlet.common.CMSRequest; -import com.netscape.cms.servlet.common.CMSTemplate; -import com.netscape.cms.servlet.common.CMSTemplateParams; -import com.netscape.cms.servlet.common.ECMSGWException; - -/** - * Approve an asynchronous key recovery request - * - */ -public class GrantAsyncRecovery extends CMSServlet { - - /** - * - */ - private static final long serialVersionUID = -4200111795169532676L; - private final static String INFO = "grantAsyncRecovery"; - private final static String TPL_FILE = "grantAsyncRecovery.template"; - - private final static String OUT_OP = "op"; - private final static String OUT_SERVICE_URL = "serviceURL"; - private final static String OUT_ERROR = "errorDetails"; - - private IKeyService mService = null; - private String mFormPath = null; - - private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN = - "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4"; - - /** - * Constructs EA servlet. - */ - public GrantAsyncRecovery() { - super(); - } - - /** - * initialize the servlet. This servlet uses the template file - * 'grantAsyncRecovery.template' to process the response. - * - * @param sc servlet configuration, read from the web.xml file - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; - mService = (IKeyService) mAuthority; - - mTemplates.remove(ICMSRequest.SUCCESS); - - if (mOutputTemplatePath != null) - mFormPath = mOutputTemplatePath; - } - - /** - * Returns serlvet information. - */ - public String getServletInfo() { - return INFO; - } - - /** - * Process the HTTP request. - * <ul> - * <li>http.param reqID request ID of the request to approve - * <li>http.param agentID User ID of the agent approving the request - * - * </ul> - * - * @param cmsReq the object holding the request and response information - */ - public void process(CMSRequest cmsReq) throws EBaseException { - - HttpServletRequest req = cmsReq.getHttpReq(); - HttpServletResponse resp = cmsReq.getHttpResp(); - - CMS.debug("GrantAsyncRecovery: process() begins"); - - IAuthToken authToken = authenticate(cmsReq); - - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "recover"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - - if (authzToken == null) { - cmsReq.setStatus(ICMSRequest.UNAUTHORIZED); - return; - } - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - try { - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - IArgBlock header = CMS.createArgBlock(); - IArgBlock fixed = CMS.createArgBlock(); - CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); - - String agentID = authToken.getInString("uid"); - CMS.debug("GrantAsyncRecovery: process() agent uid=" + agentID); - CMS.debug("GrantAsyncRecovery: process() request id=" + req.getParameter("reqID")); - try { - process(argSet, header, - req.getParameter("reqID"), - agentID, - req, resp, locale[0]); - } catch (NumberFormatException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); - } - try { - ServletOutputStream out = resp.getOutputStream(); - - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - cmsReq.setStatus(ICMSRequest.SUCCESS); - } - - /** - * Update agent approval list - * <P> - * - * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used whenever DRM agents login as recovery agents - * to approve key recovery requests - * </ul> - * - * @param argSet CMS template parameters - * @param header argument block - * @param reqID string containing the recovery request ID - * @param agentID string containing the agent ID - * @param req HTTP servlet request - * @param resp HTTP servlet response - * @param locale the system locale - */ - private void process(CMSTemplateParams argSet, - IArgBlock header, String reqID, - String agentID, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { - String auditMessage = null; - String auditSubjectID = auditSubjectID(); - String auditRequestID = reqID; - String auditAgentID = agentID; - - // "normalize" the "reqID" - if (auditRequestID != null) { - auditRequestID = auditRequestID.trim(); - - if (auditRequestID.equals("")) { - auditRequestID = ILogger.UNIDENTIFIED; - } - } else { - auditRequestID = ILogger.UNIDENTIFIED; - } - - // "normalize" the "auditAgentID" - if (auditAgentID != null) { - auditAgentID = auditAgentID.trim(); - - if (auditAgentID.equals("")) { - auditAgentID = ILogger.UNIDENTIFIED; - } - } else { - auditAgentID = ILogger.UNIDENTIFIED; - } - - try { - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); - header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); - - // update approving agent list - mService.addAgentAsyncKeyRecovery(reqID, agentID); - - header.addStringValue("requestID", reqID); - header.addStringValue("agentID", agentID); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, - ILogger.SUCCESS, - auditRequestID, - auditAgentID); - - audit(auditMessage); - - } catch (EBaseException e) { - header.addStringValue(OUT_ERROR, e.toString(locale)); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, - ILogger.FAILURE, - auditRequestID, - auditAgentID); - - audit(auditMessage); - } catch (Exception e) { - header.addStringValue(OUT_ERROR, e.toString()); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, - ILogger.FAILURE, - auditRequestID, - auditAgentID); - - audit(auditMessage); - } - } -} diff --git a/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java b/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java deleted file mode 100644 index 9d57fbe7c..000000000 --- a/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java +++ /dev/null @@ -1,303 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key; - -import java.io.IOException; -import java.math.BigInteger; -import java.util.Hashtable; -import java.util.Locale; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.IAuthToken; -import com.netscape.certsrv.authorization.AuthzToken; -import com.netscape.certsrv.authorization.EAuthzAccessDenied; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IArgBlock; -import com.netscape.certsrv.common.ICMSRequest; -import com.netscape.certsrv.kra.IKeyService; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.cms.servlet.base.CMSServlet; -import com.netscape.cms.servlet.common.CMSRequest; -import com.netscape.cms.servlet.common.CMSTemplate; -import com.netscape.cms.servlet.common.CMSTemplateParams; -import com.netscape.cms.servlet.common.ECMSGWException; - -/** - * Approve a key recovery request - * - * @version $Revision$, $Date$ - */ -public class GrantRecovery extends CMSServlet { - - /** - * - */ - private static final long serialVersionUID = 991970686415492L; - private final static String INFO = "grantRecovery"; - private final static String TPL_FILE = "grantRecovery.template"; - - private final static String OUT_OP = "op"; - private final static String OUT_SERVICE_URL = "serviceURL"; - private final static String OUT_ERROR = "errorDetails"; - - private IKeyService mService = null; - private String mFormPath = null; - - private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN = - "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4"; - - /** - * Constructs EA servlet. - */ - public GrantRecovery() { - super(); - } - - /** - * initialize the servlet. This servlet uses the template file - * 'grantRecovery.template' to process the response. - * - * @param sc servlet configuration, read from the web.xml file - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; - mService = (IKeyService) mAuthority; - - mTemplates.remove(ICMSRequest.SUCCESS); - - if (mOutputTemplatePath != null) - mFormPath = mOutputTemplatePath; - } - - /** - * Returns serlvet information. - */ - public String getServletInfo() { - return INFO; - } - - /** - * Process the HTTP request. - * <ul> - * <li>http.param recoveryID ID of the request to approve - * <li>http.param agentID User ID of the agent approving the request - * <li>http.param agentPWD Password of the agent approving the request - * - * </ul> - * - * @param cmsReq the object holding the request and response information - */ - public void process(CMSRequest cmsReq) throws EBaseException { - - HttpServletRequest req = cmsReq.getHttpReq(); - HttpServletResponse resp = cmsReq.getHttpResp(); - - IAuthToken authToken = authenticate(cmsReq); - - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "recover"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - - if (authzToken == null) { - cmsReq.setStatus(ICMSRequest.UNAUTHORIZED); - return; - } - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - try { - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - IArgBlock header = CMS.createArgBlock(); - IArgBlock fixed = CMS.createArgBlock(); - CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); - - String agentID = authToken.getInString("uid"); - if (CMS.getConfigStore().getBoolean("kra.keySplitting")) { - agentID = req.getParameter("agentID"); - } - try { - process(argSet, header, - req.getParameter("recoveryID"), - agentID, - req.getParameter("agentPWD"), - req, resp, locale[0]); - } catch (NumberFormatException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); - } - try { - ServletOutputStream out = resp.getOutputStream(); - - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - cmsReq.setStatus(ICMSRequest.SUCCESS); - } - - /** - * Recovers a key. The p12 will be protected by the password - * provided by the administrator. - * <P> - * - * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used whenever DRM agents login as recovery agents - * to approve key recovery requests - * </ul> - * - * @param argSet CMS template parameters - * @param header argument block - * @param recoveryID string containing the recovery ID - * @param agentID string containing the agent ID - * @param agentPWD string containing the agent password - * @param req HTTP servlet request - * @param resp HTTP servlet response - * @param locale the system locale - */ - private void process(CMSTemplateParams argSet, - IArgBlock header, String recoveryID, - String agentID, String agentPWD, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { - String auditMessage = null; - String auditSubjectID = auditSubjectID(); - String auditRecoveryID = recoveryID; - String auditAgentID = agentID; - - // "normalize" the "auditRecoveryID" - if (auditRecoveryID != null) { - auditRecoveryID = auditRecoveryID.trim(); - - if (auditRecoveryID.equals("")) { - auditRecoveryID = ILogger.UNIDENTIFIED; - } - } else { - auditRecoveryID = ILogger.UNIDENTIFIED; - } - - // "normalize" the "auditAgentID" - if (auditAgentID != null) { - auditAgentID = auditAgentID.trim(); - - if (auditAgentID.equals("")) { - auditAgentID = ILogger.UNIDENTIFIED; - } - } else { - auditAgentID = ILogger.UNIDENTIFIED; - } - - try { - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); - header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); - - Hashtable<String, Object> h = mService.getRecoveryParams(recoveryID); - - if (h == null) { - header.addStringValue(OUT_ERROR, - "No such token found"); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, - ILogger.FAILURE, - auditRecoveryID, - auditAgentID); - - audit(auditMessage); - - return; - } - header.addStringValue("serialNumber", - (String) h.get("keyID")); - header.addStringValue("serialNumberInHex", - new BigInteger((String) h.get("keyID")).toString(16)); - - mService.addDistributedCredential(recoveryID, agentID, agentPWD); - header.addStringValue("agentID", - agentID); - header.addStringValue("recoveryID", - recoveryID); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, - ILogger.SUCCESS, - auditRecoveryID, - auditAgentID); - - audit(auditMessage); - - } catch (EBaseException e) { - header.addStringValue(OUT_ERROR, e.toString(locale)); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, - ILogger.FAILURE, - auditRecoveryID, - auditAgentID); - - audit(auditMessage); - } catch (Exception e) { - header.addStringValue(OUT_ERROR, e.toString()); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, - ILogger.FAILURE, - auditRecoveryID, - auditAgentID); - - audit(auditMessage); - } - } -} diff --git a/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java b/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java deleted file mode 100644 index 256f72879..000000000 --- a/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java +++ /dev/null @@ -1,102 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key; - -import java.util.Date; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IArgBlock; -import com.netscape.certsrv.base.IPrettyPrintFormat; -import com.netscape.certsrv.base.MetaInfo; -import com.netscape.certsrv.dbs.keydb.IKeyRecord; - -/** - * Output a 'pretty print' of a Key Archival record - * - * @version $Revision$, $Date$ - */ -public class KeyRecordParser { - - public final static String OUT_STATE = "state"; - public final static String OUT_OWNER_NAME = "ownerName"; - public final static String OUT_SERIALNO = "serialNumber"; - public final static String OUT_SERIALNO_IN_HEX = "serialNumberInHex"; - public final static String OUT_KEY_ALGORITHM = "keyAlgorithm"; - public final static String OUT_PUBLIC_KEY = "publicKey"; - public final static String OUT_KEY_LEN = "keyLength"; - public final static String OUT_KEY_EC_CURVE = "EllipticCurve"; - public final static String OUT_ARCHIVED_BY = "archivedBy"; - public final static String OUT_ARCHIVED_ON = "archivedOn"; - public final static String OUT_RECOVERED_BY = "recoveredBy"; - public final static String OUT_RECOVERED_ON = "recoveredOn"; - - /** - * Fills key record into argument block. - */ - public static void fillRecordIntoArg(IKeyRecord rec, IArgBlock rarg) - throws EBaseException { - if (rec == null) - return; - rarg.addStringValue(OUT_STATE, - rec.getState().toString()); - rarg.addStringValue(OUT_OWNER_NAME, - rec.getOwnerName()); - rarg.addBigIntegerValue(OUT_SERIALNO, - rec.getSerialNumber(), 10); - rarg.addBigIntegerValue(OUT_SERIALNO_IN_HEX, - rec.getSerialNumber(), 16); - rarg.addStringValue(OUT_KEY_ALGORITHM, - rec.getAlgorithm()); - // Possible Enhancement: sun's BASE64Encode is not - // fast. We may may to have our native implmenetation. - IPrettyPrintFormat pp = CMS.getPrettyPrintFormat(":"); - - rarg.addStringValue(OUT_PUBLIC_KEY, - pp.toHexString(rec.getPublicKeyData(), 0, 20)); - Integer keySize = rec.getKeySize(); - - if (keySize == null) { - rarg.addIntegerValue(OUT_KEY_LEN, 512); - } else { - rarg.addIntegerValue(OUT_KEY_LEN, keySize.intValue()); - } - - // handles EC - MetaInfo metaInfo = rec.getMetaInfo(); - if (metaInfo != null) { - String curve = (String)metaInfo.get(OUT_KEY_EC_CURVE); - if (curve != null) { - rarg.addStringValue(OUT_KEY_EC_CURVE, curve); - } - } - - rarg.addStringValue(OUT_ARCHIVED_BY, - rec.getArchivedBy()); - rarg.addLongValue(OUT_ARCHIVED_ON, - rec.getCreateTime().getTime() / 1000); - Date dateOfRevocation[] = rec.getDateOfRevocation(); - - if (dateOfRevocation != null) { - rarg.addStringValue(OUT_RECOVERED_BY, - "null"); - rarg.addStringValue(OUT_RECOVERED_ON, - "null"); - } - } -} diff --git a/base/common/src/com/netscape/cms/servlet/key/KeyRequestDAO.java b/base/common/src/com/netscape/cms/servlet/key/KeyRequestDAO.java deleted file mode 100644 index bef0455a9..000000000 --- a/base/common/src/com/netscape/cms/servlet/key/KeyRequestDAO.java +++ /dev/null @@ -1,263 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2011 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key; - -import java.util.Collection; -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.List; - -import javax.ws.rs.Path; -import javax.ws.rs.core.UriBuilder; -import javax.ws.rs.core.UriInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.dbs.keydb.IKeyRecord; -import com.netscape.certsrv.dbs.keydb.IKeyRepository; -import com.netscape.certsrv.dbs.keydb.KeyId; -import com.netscape.certsrv.key.KeyArchivalRequest; -import com.netscape.certsrv.key.KeyRecoveryRequest; -import com.netscape.certsrv.key.KeyRequestInfo; -import com.netscape.certsrv.key.KeyRequestInfos; -import com.netscape.certsrv.key.KeyRequestResource; -import com.netscape.certsrv.key.KeyResource; -import com.netscape.certsrv.kra.IKeyRecoveryAuthority; -import com.netscape.certsrv.profile.IEnrollProfile; -import com.netscape.certsrv.request.CMSRequestInfo; -import com.netscape.certsrv.request.CMSRequestInfos; -import com.netscape.certsrv.request.IRequest; -import com.netscape.certsrv.request.RequestId; -import com.netscape.certsrv.request.RequestStatus; -import com.netscape.cms.servlet.request.CMSRequestDAO; - -/** - * @author alee - * - */ -public class KeyRequestDAO extends CMSRequestDAO { - - private static String REQUEST_ARCHIVE_OPTIONS = IEnrollProfile.REQUEST_ARCHIVE_OPTIONS; - public static final String ATTR_SERIALNO = "serialNumber"; - - private IKeyRepository repo; - private IKeyRecoveryAuthority kra; - - public KeyRequestDAO() { - super("kra"); - kra = ( IKeyRecoveryAuthority ) CMS.getSubsystem( "kra" ); - repo = kra.getKeyRepository(); - } - - /** - * Finds list of requests matching the specified search filter. - * - * If the filter corresponds to a VLV search, then that search is executed and the pageSize - * and start parameters are used. Otherwise, the maxResults and maxTime parameters are - * used in the regularly indexed search. - * - * @param filter - ldap search filter - * @param start - start position for VLV search - * @param pageSize - page size for VLV search - * @param maxResults - max results to be returned in normal search - * @param maxTime - max time for normal search - * @param uriInfo - uri context of request - * @return collection of key request info - * @throws EBaseException - */ - @SuppressWarnings("unchecked") - public KeyRequestInfos listRequests(String filter, RequestId start, int pageSize, int maxResults, int maxTime, - UriInfo uriInfo) throws EBaseException { - - KeyRequestInfos ret = new KeyRequestInfos(); - - CMSRequestInfos cmsInfos = listCMSRequests(filter, start, pageSize, maxResults, maxTime, uriInfo); - - Collection<? extends CMSRequestInfo> cmsList = cmsInfos.getRequests(); - - // We absolutely know 100% that this list is a list - // of KeyRequestInfo objects. This is because the method - // createCMSRequestInfo. Is the only one adding to it - - List<KeyRequestInfo> list = (List<KeyRequestInfo>) cmsList; - ret.setRequests(list); - - ret.setLinks(cmsInfos.getLinks()); - - return ret; - } - - /** - * Gets info for a specific request - * - * @param id - * @return info for specific request - * @throws EBaseException - */ - public KeyRequestInfo getRequest(RequestId id, UriInfo uriInfo) throws EBaseException { - IRequest request = queue.findRequest(id); - if (request == null) { - return null; - } - KeyRequestInfo info = createKeyRequestInfo(request, uriInfo); - return info; - } - - /** - * Submits an archival request and processes it. - * - * @param data - * @return info for the request submitted. - * @throws EBaseException - */ - public KeyRequestInfo submitRequest(KeyArchivalRequest data, UriInfo uriInfo) throws EBaseException { - String clientId = data.getClientId(); - String wrappedSecurityData = data.getWrappedPrivateData(); - String dataType = data.getDataType(); - - boolean keyExists = doesKeyExist(clientId, "active", uriInfo); - - if (keyExists == true) { - throw new EBaseException("Can not archive already active existing key!"); - } - - IRequest request = queue.newRequest(IRequest.SECURITY_DATA_ENROLLMENT_REQUEST); - - request.setExtData(REQUEST_ARCHIVE_OPTIONS, wrappedSecurityData); - request.setExtData(IRequest.SECURITY_DATA_CLIENT_ID, clientId); - request.setExtData(IRequest.SECURITY_DATA_TYPE, dataType); - - queue.processRequest(request); - - queue.markAsServiced(request); - - return createKeyRequestInfo(request, uriInfo); - } - - /** - * Submits a key recovery request. - * - * @param data - * @return info on the recovery request created - * @throws EBaseException - */ - public KeyRequestInfo submitRequest(KeyRecoveryRequest data, UriInfo uriInfo) throws EBaseException { - // set data using request.setExtData(field, data) - - String wrappedSessionKeyStr = data.getTransWrappedSessionKey(); - String wrappedPassPhraseStr = data.getSessionWrappedPassphrase(); - String nonceDataStr = data.getNonceData(); - - IRequest request = queue.newRequest(IRequest.SECURITY_DATA_RECOVERY_REQUEST); - - KeyId keyId = data.getKeyId(); - - Hashtable<String, Object> requestParams; - - requestParams = ((IKeyRecoveryAuthority) authority).createVolatileRequest(request.getRequestId()); - - if (requestParams == null) { - throw new EBaseException("Can not create Volatile params in submitRequest!"); - } - - CMS.debug("Create volatile params for recovery request. " + requestParams); - - if (wrappedPassPhraseStr != null) { - requestParams.put(IRequest.SECURITY_DATA_SESS_PASS_PHRASE, wrappedPassPhraseStr); - } - - if (wrappedSessionKeyStr != null) { - requestParams.put(IRequest.SECURITY_DATA_TRANS_SESS_KEY, wrappedSessionKeyStr); - } - - if (nonceDataStr != null) { - requestParams.put(IRequest.SECURITY_DATA_IV_STRING_IN, nonceDataStr); - } - - request.setExtData(ATTR_SERIALNO, keyId.toString()); - - queue.processRequest(request); - - return createKeyRequestInfo(request, uriInfo); - } - - public void approveRequest(RequestId id) throws EBaseException { - IRequest request = queue.findRequest(id); - request.setRequestStatus(RequestStatus.APPROVED); - queue.updateRequest(request); - } - - public void rejectRequest(RequestId id) throws EBaseException { - IRequest request = queue.findRequest(id); - request.setRequestStatus(RequestStatus.CANCELED); - queue.updateRequest(request); - } - - public void cancelRequest(RequestId id) throws EBaseException { - IRequest request = queue.findRequest(id); - request.setRequestStatus(RequestStatus.REJECTED); - queue.updateRequest(request); - } - - private KeyRequestInfo createKeyRequestInfo(IRequest request, UriInfo uriInfo) { - KeyRequestInfo ret = new KeyRequestInfo(); - - ret.setRequestType(request.getRequestType()); - ret.setRequestStatus(request.getRequestStatus()); - - Path keyRequestPath = KeyRequestResource.class.getAnnotation(Path.class); - RequestId rid = request.getRequestId(); - - UriBuilder reqBuilder = uriInfo.getBaseUriBuilder(); - reqBuilder.path(keyRequestPath.value() + "/" + rid); - ret.setRequestURL(reqBuilder.build().toString()); - - Path keyPath = KeyResource.class.getAnnotation(Path.class); - String kid = request.getExtDataInString("keyrecord"); - - UriBuilder keyBuilder = uriInfo.getBaseUriBuilder(); - keyBuilder.path(keyPath.value() + "/" + kid); - ret.setKeyURL(keyBuilder.build().toString()); - - return ret; - } - - @Override - public KeyRequestInfo createCMSRequestInfo(IRequest request, UriInfo uriInfo) { - return createKeyRequestInfo(request, uriInfo); - } - - //We only care if the key exists or not - private boolean doesKeyExist(String clientId, String keyStatus, UriInfo uriInfo) { - String state = "active"; - String filter = "(&(" + IRequest.SECURITY_DATA_CLIENT_ID + "=" + clientId + ")" - + "(" + IRequest.SECURITY_DATA_STATUS + "=" + state + "))"; - try { - Enumeration<IKeyRecord> existingKeys = null; - - existingKeys = repo.searchKeys(filter, 1, 10); - if (existingKeys != null && existingKeys.hasMoreElements()) { - return true; - } - } catch (EBaseException e) { - return false; - } - - return false; - } -} diff --git a/base/common/src/com/netscape/cms/servlet/key/KeyService.java b/base/common/src/com/netscape/cms/servlet/key/KeyService.java deleted file mode 100644 index f642417e2..000000000 --- a/base/common/src/com/netscape/cms/servlet/key/KeyService.java +++ /dev/null @@ -1,372 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2011 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -package com.netscape.cms.servlet.key; - - -import java.math.BigInteger; -import java.util.Enumeration; -import java.util.Hashtable; - -import javax.servlet.http.HttpServletRequest; -import javax.ws.rs.Path; -import javax.ws.rs.core.Context; -import javax.ws.rs.core.HttpHeaders; -import javax.ws.rs.core.MultivaluedMap; -import javax.ws.rs.core.Request; -import javax.ws.rs.core.UriBuilder; -import javax.ws.rs.core.UriInfo; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.BadRequestException; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.HTTPGoneException; -import com.netscape.certsrv.base.PKIException; -import com.netscape.certsrv.base.UnauthorizedException; -import com.netscape.certsrv.dbs.keydb.IKeyRecord; -import com.netscape.certsrv.dbs.keydb.IKeyRepository; -import com.netscape.certsrv.dbs.keydb.KeyId; -import com.netscape.certsrv.key.KeyData; -import com.netscape.certsrv.key.KeyDataInfo; -import com.netscape.certsrv.key.KeyDataInfos; -import com.netscape.certsrv.key.KeyRecoveryRequest; -import com.netscape.certsrv.key.KeyRequestInfo; -import com.netscape.certsrv.key.KeyResource; -import com.netscape.certsrv.kra.IKeyRecoveryAuthority; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.certsrv.request.IRequest; -import com.netscape.certsrv.request.IRequestQueue; -import com.netscape.certsrv.request.RequestId; -import com.netscape.certsrv.request.RequestStatus; -import com.netscape.cms.servlet.base.PKIService; -import com.netscape.cmsutil.ldap.LDAPUtil; - -/** - * @author alee - * - */ -public class KeyService extends PKIService implements KeyResource { - - @Context - private UriInfo uriInfo; - - @Context - private HttpHeaders headers; - - @Context - private Request request; - - @Context - private HttpServletRequest servletRequest; - - private IKeyRepository repo; - private IKeyRecoveryAuthority kra; - private IRequestQueue queue; - - private final static String LOGGING_SIGNED_AUDIT_SECURITY_DATA_RETRIEVE_KEY = - "LOGGING_SIGNED_AUDIT_SECURITY_DATA_RETRIEVE_KEY_5"; - - public static final int DEFAULT_MAXRESULTS = 100; - public static final int DEFAULT_MAXTIME = 10; - - public KeyService() { - kra = ( IKeyRecoveryAuthority ) CMS.getSubsystem( "kra" ); - repo = kra.getKeyRepository(); - queue = kra.getRequestQueue(); - } - - /** - * Used to retrieve a key - * @param data - * @return - */ - public KeyData retrieveKey(KeyRecoveryRequest data) { - // auth and authz - KeyId keyId = validateRequest(data); - RequestId requestID = data.getRequestId(); - KeyData keyData; - try { - keyData = getKey(keyId, data); - } catch (EBaseException e) { - e.printStackTrace(); - auditRetrieveKey(ILogger.FAILURE, requestID, keyId, e.getMessage()); - throw new PKIException(e.getMessage()); - } - if (keyData == null) { - // no key record - auditRetrieveKey(ILogger.FAILURE, requestID, keyId, "No key record"); - throw new HTTPGoneException("No key record."); - } - auditRetrieveKey(ILogger.SUCCESS, requestID, keyId, "None"); - return keyData; - } - - // retrieval - used to test integration with a browser - public KeyData retrieveKey(MultivaluedMap<String, String> form) { - KeyRecoveryRequest data = new KeyRecoveryRequest(form); - return retrieveKey(data); - } - - public KeyData getKey(KeyId keyId, KeyRecoveryRequest data) throws EBaseException { - KeyData keyData; - - RequestId rId = data.getRequestId(); - - String transWrappedSessionKey; - String sessionWrappedPassphrase; - - IRequest request = queue.findRequest(rId); - - if (request == null) { - return null; - } - - // get wrapped key - IKeyRecord rec = repo.readKeyRecord(keyId.toBigInteger()); - if (rec == null) { - return null; - } - - Hashtable<String, Object> requestParams = kra.getVolatileRequest( - request.getRequestId()); - - if(requestParams == null) { - auditRetrieveKey(ILogger.FAILURE, rId, keyId, "cannot obtain volatile requestParams"); - throw new EBaseException("Can't obtain Volatile requestParams in getKey!"); - } - - String sessWrappedKeyData = (String) requestParams.get(IRequest.SECURITY_DATA_SESS_WRAPPED_DATA); - String passWrappedKeyData = (String) requestParams.get(IRequest.SECURITY_DATA_PASS_WRAPPED_DATA); - String nonceData = (String) requestParams.get(IRequest.SECURITY_DATA_IV_STRING_OUT); - - if (sessWrappedKeyData != null || passWrappedKeyData != null) { - //The recovery process has already placed a valid recovery - //package, either session key wrapped or pass wrapped, into the request. - //Request already has been processed. - keyData = new KeyData(); - - } else { - // The request has not yet been processed, let's see if the RecoveryRequestData contains - // the info now needed to process the recovery request. - - transWrappedSessionKey = data.getTransWrappedSessionKey(); - sessionWrappedPassphrase = data.getSessionWrappedPassphrase(); - nonceData = data.getNonceData(); - - if (transWrappedSessionKey == null) { - //There must be at least a transWrappedSessionKey input provided. - //The command AND the request have provided insufficient data, end of the line. - auditRetrieveKey(ILogger.FAILURE, rId, keyId, "insufficient input data"); - throw new EBaseException("Can't retrieve key, insufficient input data!"); - } - - if (sessionWrappedPassphrase != null) { - requestParams.put(IRequest.SECURITY_DATA_SESS_PASS_PHRASE, sessionWrappedPassphrase); - } - - if (transWrappedSessionKey != null) { - requestParams.put(IRequest.SECURITY_DATA_TRANS_SESS_KEY, transWrappedSessionKey); - } - - if (nonceData != null) { - requestParams.put(IRequest.SECURITY_DATA_IV_STRING_IN, nonceData); - } - - try { - // Has to be in this state or it won't go anywhere. - request.setRequestStatus(RequestStatus.BEGIN); - queue.processRequest(request); - } catch (EBaseException e) { - kra.destroyVolatileRequest(request.getRequestId()); - throw new EBaseException(e.toString()); - } - - nonceData = null; - keyData = new KeyData(); - - sessWrappedKeyData = (String) requestParams.get(IRequest.SECURITY_DATA_SESS_WRAPPED_DATA); - passWrappedKeyData = (String) requestParams.get(IRequest.SECURITY_DATA_PASS_WRAPPED_DATA); - nonceData = (String) requestParams.get(IRequest.SECURITY_DATA_IV_STRING_OUT); - - } - - if (sessWrappedKeyData != null) { - keyData.setWrappedPrivateData(sessWrappedKeyData); - } - if (passWrappedKeyData != null) { - keyData.setWrappedPrivateData(passWrappedKeyData); - } - if (nonceData != null) { - keyData.setNonceData(nonceData); - } - - kra.destroyVolatileRequest(request.getRequestId()); - - queue.markAsServiced(request); - - return keyData; - } - - private KeyId validateRequest(KeyRecoveryRequest data) { - - // confirm request exists - RequestId reqId = data.getRequestId(); - if (reqId == null) { - auditRetrieveKey(ILogger.FAILURE, null, null, "Request id not found"); - // log error - throw new BadRequestException("Request id not found."); - } - - // confirm that at least one wrapping method exists - // There must be at least the wrapped session key method. - if ((data.getTransWrappedSessionKey() == null)) { - auditRetrieveKey(ILogger.FAILURE, reqId, null, "No wrapping method found"); - // log error - throw new BadRequestException("No wrapping method found."); - } - - KeyRequestDAO reqDAO = new KeyRequestDAO(); - KeyRequestInfo reqInfo; - try { - reqInfo = reqDAO.getRequest(reqId, uriInfo); - } catch (EBaseException e1) { - auditRetrieveKey(ILogger.FAILURE, reqId, null, "failed to get request"); - // failed to get request - e1.printStackTrace(); - throw new PKIException(e1.getMessage()); - } - if (reqInfo == null) { - auditRetrieveKey(ILogger.FAILURE, reqId, null, "no request info available"); - // request not found - throw new HTTPGoneException("No request information available."); - } - - //confirm request is of the right type - String type = reqInfo.getRequestType(); - if (!type.equals(IRequest.SECURITY_DATA_RECOVERY_REQUEST)) { - auditRetrieveKey(ILogger.FAILURE, reqId, null, "invalid request type"); - // log error - throw new BadRequestException("Invalid request type"); - } - - //confirm that agent is originator of request, else throw 401 - // TO-DO - - // confirm request is in approved state - RequestStatus status = reqInfo.getRequestStatus(); - if (!status.equals(RequestStatus.APPROVED)) { - auditRetrieveKey(ILogger.FAILURE, reqId, null, "recovery request not approved"); - // log error - throw new UnauthorizedException("Unauthorized request. Recovery request not approved."); - } - - return reqInfo.getKeyId(); - } - - /** - * Used to generate list of key infos based on the search parameters - */ - public KeyDataInfos listKeys(String clientID, String status, Integer maxResults, Integer maxTime) { - // auth and authz - - // get ldap filter - String filter = createSearchFilter(status, clientID); - CMS.debug("listKeys: filter is " + filter); - - maxResults = maxResults == null ? DEFAULT_MAXRESULTS : maxResults; - maxTime = maxTime == null ? DEFAULT_MAXTIME : maxTime; - - KeyDataInfos infos = new KeyDataInfos(); - try { - Enumeration<IKeyRecord> e = null; - - e = repo.searchKeys(filter, maxResults, maxTime); - if (e == null) { - throw new EBaseException("search results are null"); - } - - while (e.hasMoreElements()) { - IKeyRecord rec = e.nextElement(); - if (rec != null) { - infos.addKeyInfo(createKeyDataInfo(rec)); - } - } - - } catch (EBaseException e) { - e.printStackTrace(); - throw new PKIException(e.getMessage()); - } - return infos; - } - - - public KeyDataInfo createKeyDataInfo(IKeyRecord rec) throws EBaseException { - KeyDataInfo ret = new KeyDataInfo(); - ret.setClientID(rec.getClientId()); - ret.setStatus(rec.getKeyStatus()); - ret.setAlgorithm(rec.getAlgorithm()); - ret.setSize(rec.getKeySize()); - ret.setOwnerName(rec.getOwnerName()); - - Path keyPath = KeyResource.class.getAnnotation(Path.class); - BigInteger serial = rec.getSerialNumber(); - - UriBuilder keyBuilder = uriInfo.getBaseUriBuilder(); - keyBuilder.path(keyPath.value() + "/" + serial); - ret.setKeyURL(keyBuilder.build().toString()); - - return ret; - } - - private String createSearchFilter(String status, String clientID) { - String filter = ""; - int matches = 0; - - if ((status == null) && (clientID == null)) { - filter = "(serialno=*)"; - return filter; - } - - if (status != null) { - filter += "(status=" + LDAPUtil.escapeFilter(status) + ")"; - matches ++; - } - - if (clientID != null) { - filter += "(clientID=" + LDAPUtil.escapeFilter(clientID) + ")"; - matches ++; - } - - if (matches > 1) { - filter = "(&" + filter + ")"; - } - - return filter; - } - - public void auditRetrieveKey(String status, RequestId requestID, KeyId keyID, String reason) { - String msg = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SECURITY_DATA_RETRIEVE_KEY, - servletRequest.getUserPrincipal().getName(), - status, - requestID != null ? requestID.toString(): "null", - keyID != null ? keyID.toString(): "null", - reason); - auditor.log(msg); - } -} diff --git a/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java b/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java deleted file mode 100644 index 7b961c0b2..000000000 --- a/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java +++ /dev/null @@ -1,534 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key; - -import java.io.IOException; -import java.math.BigInteger; -import java.util.Hashtable; -import java.util.Locale; -import java.util.Vector; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import netscape.security.x509.X509CertImpl; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.IAuthToken; -import com.netscape.certsrv.authorization.AuthzToken; -import com.netscape.certsrv.authorization.EAuthzAccessDenied; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IArgBlock; -import com.netscape.certsrv.base.SessionContext; -import com.netscape.certsrv.common.ICMSRequest; -import com.netscape.certsrv.kra.IKeyRecoveryAuthority; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.certsrv.security.Credential; -import com.netscape.cms.servlet.base.CMSServlet; -import com.netscape.cms.servlet.common.CMSRequest; -import com.netscape.cms.servlet.common.CMSTemplate; -import com.netscape.cms.servlet.common.CMSTemplateParams; -import com.netscape.cms.servlet.common.ECMSGWException; -import com.netscape.cmsutil.util.Cert; - -/** - * A class representing a recoverBySerial servlet. - * - * @version $Revision$, $Date$ - */ -public class RecoverBySerial extends CMSServlet { - - /** - * - */ - private static final long serialVersionUID = -4544485601409309840L; - private final static String INFO = "recoverBySerial"; - private final static String TPL_FILE = "recoverBySerial.template"; - - private final static String IN_SERIALNO = "serialNumber"; - private final static String IN_UID = "uid"; - private final static String IN_PWD = "pwd"; - private final static String IN_PASSWORD = "p12Password"; - private final static String IN_PASSWORD_AGAIN = "p12PasswordAgain"; - private final static String IN_DELIVERY = "p12Delivery"; - private final static String IN_CERT = "cert"; - private final static String IN_NICKNAME = "nickname"; - - private final static String OUT_OP = "op"; - private final static String OUT_SERIALNO = IN_SERIALNO; - private final static String OUT_SERIALNO_IN_HEX = "serialNumberInHex"; - private final static String OUT_SERVICE_URL = "serviceURL"; - private final static String OUT_ERROR = "errorDetails"; - - private final static String SCHEME = "scheme"; - private final static String HOST = "host"; - private final static String PORT = "port"; - - private com.netscape.certsrv.kra.IKeyService mService = null; - private String mFormPath = null; - - /** - * Constructs EA servlet. - */ - public RecoverBySerial() { - super(); - } - - /** - * Initializes the servlet. - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; - mService = (com.netscape.certsrv.kra.IKeyService) mAuthority; - - mTemplates.remove(ICMSRequest.SUCCESS); - if (mOutputTemplatePath != null) - mFormPath = mOutputTemplatePath; - } - - /** - * Returns serlvet information. - */ - public String getServletInfo() { - return INFO; - } - - /** - * Serves HTTP request. The format of this request is as follows: - * recoverBySerial? - * [serialNumber=<number>] - * [uid#=<uid>] - * [pwd#=<password>] - * [localAgents=yes|null] - * [recoveryID=recoveryID] - * [pkcs12Password=<password of pkcs12>] - * [pkcs12PasswordAgain=<password of pkcs12>] - * [pkcs12Delivery=<delivery mechanism for pkcs12>] - * [cert=<encryption certificate>] - */ - public void process(CMSRequest cmsReq) throws EBaseException { - - HttpServletRequest req = cmsReq.getHttpReq(); - HttpServletResponse resp = cmsReq.getHttpResp(); - - IAuthToken authToken = authenticate(cmsReq); - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "recover"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - - if (authzToken == null) { - cmsReq.setStatus(ICMSRequest.UNAUTHORIZED); - return; - } - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - try { - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - cmsReq.setStatus(ICMSRequest.SUCCESS); - IArgBlock header = CMS.createArgBlock(); - IArgBlock fixed = CMS.createArgBlock(); - CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); - - // set host name and port. - HttpServletRequest httpReq = cmsReq.getHttpReq(); - String host = httpReq.getServerName(); - int port = httpReq.getServerPort(); - String scheme = httpReq.getScheme(); - - fixed.set(HOST, host); - fixed.set(PORT, Integer.valueOf(port)); - fixed.set(SCHEME, scheme); - - SessionContext ctx = null; - - try { - String initAsyncRecovery = req.getParameter("initAsyncRecovery"); - - // this information is needed within the server for - // various signed audit log messages to report - ctx = SessionContext.getContext(); - - /* - When Recovery is first initiated, if it is in asynch mode, - no pkcs#12 password is needed. - The initiating agent uid will be recorded in the recovery - request. - Later, as approving agents submit their approvals, they will - also be listed in the request. - */ - if ((initAsyncRecovery != null) && - initAsyncRecovery.equalsIgnoreCase("ON")) { - process(form, argSet, header, - req.getParameter(IN_SERIALNO), - req.getParameter(IN_CERT), - req, resp, locale[0]); - - int requiredNumber = mService.getNoOfRequiredAgents(); - header.addIntegerValue("noOfRequiredAgents", requiredNumber); - } else { - String recoveryID = req.getParameter("recoveryID"); - - if (recoveryID != null && !recoveryID.equals("")) { - ctx.put(SessionContext.RECOVERY_ID, - req.getParameter("recoveryID")); - } - byte pkcs12[] = process(form, argSet, header, - req.getParameter(IN_SERIALNO), - req.getParameter("localAgents"), - req.getParameter(IN_PASSWORD), - req.getParameter(IN_PASSWORD_AGAIN), - req.getParameter(IN_CERT), - req.getParameter(IN_DELIVERY), - req.getParameter(IN_NICKNAME), - req, resp, locale[0]); - - if (pkcs12 != null) { - //resp.setStatus(HttpServletResponse.SC_OK); - resp.setContentType("application/x-pkcs12"); - //resp.setContentLength(pkcs12.length); - resp.getOutputStream().write(pkcs12); - mRenderResult = false; - return; - } - } - } catch (NumberFormatException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); - } catch (IOException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); - } finally { - SessionContext.releaseContext(); - } - - // return status page - try { - ServletOutputStream out = resp.getOutputStream(); - - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - cmsReq.setStatus(ICMSRequest.SUCCESS); - } - - /** - * Async Key Recovery - request initiation - */ - private void process(CMSTemplate form, CMSTemplateParams argSet, - IArgBlock header, String seq, String cert, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { - - // seq is the key id - if (seq == null) { - header.addStringValue(OUT_ERROR, "sequence number not found"); - return; - } - X509CertImpl x509cert = null; - - if (cert == null || cert.trim().length() == 0) { - header.addStringValue(OUT_ERROR, "certificate not found"); - return; - } else { - try { - x509cert = Cert.mapCert(cert); - } catch (IOException e) { - header.addStringValue(OUT_ERROR, e.toString()); - } - } - if (x509cert == null) { - header.addStringValue(OUT_ERROR, "invalid X.509 certificate"); - return; - } - - SessionContext sContext = SessionContext.getContext(); - - try { - String reqID = mService.initAsyncKeyRecovery( - new BigInteger(seq), x509cert, - (String) sContext.get(SessionContext.USER_ID)); - header.addStringValue(OUT_SERIALNO, req.getParameter(IN_SERIALNO)); - header.addStringValue(OUT_SERIALNO_IN_HEX, - new BigInteger(req.getParameter(IN_SERIALNO)).toString(16)); - header.addStringValue("requestID", reqID); - } catch (EBaseException e) { - String error = - "Failed to recover key for key id " + - seq + ".\nException: " + e.toString(); - - CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, error); - try { - ((IKeyRecoveryAuthority) mService).createError(seq, error); - } catch (EBaseException eb) { - CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); - } - } - return; - } - - /** - * Recovers a key. The p12 will be protected by the password - * provided by the administrator. - */ - private byte[] process(CMSTemplate form, CMSTemplateParams argSet, - IArgBlock header, String seq, String localAgents, - String password, String passwordAgain, - String cert, String delivery, String nickname, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { - if (seq == null) { - header.addStringValue(OUT_ERROR, "sequence number not found"); - return null; - } - if (password == null || password.equals("")) { - header.addStringValue(OUT_ERROR, "PKCS12 password not found"); - return null; - } - if (passwordAgain == null || !passwordAgain.equals(password)) { - header.addStringValue(OUT_ERROR, "PKCS12 password not matched"); - return null; - } - X509CertImpl x509cert = null; - - if (cert == null || cert.trim().length() == 0) { - // perform recovery - header.addStringValue(OUT_ERROR, "certificate not found"); - return null; - } else { - try { - x509cert = Cert.mapCert(cert); - } catch (IOException e) { - header.addStringValue(OUT_ERROR, e.toString()); - } - } - if (x509cert == null) { - header.addStringValue(OUT_ERROR, "invalid X.509 certificate"); - return null; - } - try { - Credential creds[] = null; - - SessionContext sContext = SessionContext.getContext(); - String agent = null; - - if (sContext != null) { - agent = (String) sContext.get(SessionContext.USER_ID); - } - if (CMS.getConfigStore().getBoolean("kra.keySplitting")) { - if (localAgents == null) { - String recoveryID = req.getParameter("recoveryID"); - - if (recoveryID == null || recoveryID.equals("")) { - header.addStringValue(OUT_ERROR, "No recovery ID specified"); - return null; - } - Hashtable<String, Object> params = mService.createRecoveryParams(recoveryID); - - params.put("keyID", req.getParameter(IN_SERIALNO)); - - header.addStringValue("recoveryID", recoveryID); - - params.put("agent", agent); - - // new thread to wait for pk12 - Thread waitThread = new WaitApprovalThread(recoveryID, - seq, password, x509cert, delivery, nickname, - SessionContext.getContext()); - - waitThread.start(); - return null; - } else { - Vector<Credential> v = new Vector<Credential>(); - - for (int i = 0; i < mService.getNoOfRequiredAgents(); i++) { - String uid = req.getParameter(IN_UID + i); - String pwd = req.getParameter(IN_PWD + i); - - if (uid != null && pwd != null && !uid.equals("") && - !pwd.equals("")) { - v.addElement(new Credential(uid, pwd)); - } else { - header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided"); - return null; - } - } - if (v.size() != mService.getNoOfRequiredAgents()) { - header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided"); - return null; - } - creds = new Credential[v.size()]; - v.copyInto(creds); - } - - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); - header.addBigIntegerValue(OUT_SERIALNO, - new BigInteger(seq), 10); - header.addBigIntegerValue(OUT_SERIALNO_IN_HEX, - new BigInteger(seq), 16); - header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); - byte pkcs12[] = mService.doKeyRecovery( - new BigInteger(seq), - creds, password, x509cert, - delivery, nickname, agent); - - return pkcs12; - } else { - String recoveryID = req.getParameter("recoveryID"); - - if (recoveryID == null || recoveryID.equals("")) { - header.addStringValue(OUT_ERROR, "No recovery ID specified"); - return null; - } - Hashtable<String, Object> params = mService.createRecoveryParams(recoveryID); - - params.put("keyID", req.getParameter(IN_SERIALNO)); - - header.addStringValue("recoveryID", recoveryID); - - params.put("agent", agent); - - // new thread to wait for pk12 - Thread waitThread = new WaitApprovalThread(recoveryID, - seq, password, x509cert, delivery, nickname, - SessionContext.getContext()); - - waitThread.start(); - return null; - } - } catch (EBaseException e) { - header.addStringValue(OUT_ERROR, e.toString(locale)); - } catch (Exception e) { - header.addStringValue(OUT_ERROR, e.toString()); - } - return null; - } - - /** - * Wait approval thread. Wait for recovery agents' approval - * exit when required number of approval received - */ - final class WaitApprovalThread extends Thread { - String theRecoveryID = null; - String theSeq = null; - String thePassword = null; - X509CertImpl theCert = null; - String theDelivery = null; - String theNickname = null; - SessionContext theSc = null; - - /** - * Wait approval thread constructor including thread name - */ - public WaitApprovalThread(String recoveryID, String seq, - String password, X509CertImpl cert, - String delivery, String nickname, SessionContext sc) { - super(); - super.setName("waitApproval." + recoveryID + "-" + - (Thread.activeCount() + 1)); - theRecoveryID = recoveryID; - theSeq = seq; - thePassword = password; - theCert = cert; - theDelivery = delivery; - theNickname = nickname; - theSc = sc; - } - - public void run() { - SessionContext.setContext(theSc); - Credential creds[] = null; - - try { - creds = mService.getDistributedCredentials(theRecoveryID); - } catch (EBaseException e) { - String error = - "Failed to get required approvals for recovery id " + - theRecoveryID + ".\nException: " + e.toString(); - - CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, error); - try { - ((IKeyRecoveryAuthority) mService).createError(theRecoveryID, error); - } catch (EBaseException eb) { - CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); - } - return; - } - - SessionContext sContext = SessionContext.getContext(); - - try { - byte pkcs12[] = mService.doKeyRecovery( - new BigInteger(theSeq), - creds, thePassword, theCert, - theDelivery, theNickname, - (String) sContext.get(SessionContext.USER_ID)); - - ((IKeyRecoveryAuthority) mService).createPk12(theRecoveryID, pkcs12); - } catch (EBaseException e) { - String error = - "Failed to recover key for recovery id " + - theRecoveryID + ".\nException: " + e.toString(); - - CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, error); - try { - ((IKeyRecoveryAuthority) mService).createError(theRecoveryID, error); - } catch (EBaseException eb) { - CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); - } - } - return; - } - } - -} diff --git a/base/common/src/com/netscape/cms/servlet/key/SrchKey.java b/base/common/src/com/netscape/cms/servlet/key/SrchKey.java deleted file mode 100644 index 5bedf1f58..000000000 --- a/base/common/src/com/netscape/cms/servlet/key/SrchKey.java +++ /dev/null @@ -1,298 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Locale; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import netscape.security.x509.X500Name; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.IAuthToken; -import com.netscape.certsrv.authorization.AuthzToken; -import com.netscape.certsrv.authorization.EAuthzAccessDenied; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IArgBlock; -import com.netscape.certsrv.common.ICMSRequest; -import com.netscape.certsrv.dbs.keydb.IKeyRecord; -import com.netscape.certsrv.dbs.keydb.IKeyRepository; -import com.netscape.certsrv.kra.IKeyRecoveryAuthority; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.cms.servlet.base.CMSServlet; -import com.netscape.cms.servlet.common.CMSRequest; -import com.netscape.cms.servlet.common.CMSTemplate; -import com.netscape.cms.servlet.common.CMSTemplateParams; -import com.netscape.cms.servlet.common.ECMSGWException; - -/** - * Retrieve archived keys matching search criteria - * - * @version $Revision$, $Date$ - */ -public class SrchKey extends CMSServlet { - - /** - * - */ - private static final long serialVersionUID = -6404955402865756665L; - private final static String TPL_FILE = "srchKey.template"; - private final static String INFO = "srchKey"; - private final static String PROP_MAX_SEARCH_RETURNS = "maxSearchReturns"; - - // input parameters - private final static String IN_MAXCOUNT = "maxCount"; - private final static String IN_FILTER = "queryFilter"; - private final static String IN_SENTINEL = "querySentinel"; - - // output parameters - private final static String OUT_FILTER = IN_FILTER; - private final static String OUT_MAXCOUNT = IN_MAXCOUNT; - private final static String OUT_SENTINEL = IN_SENTINEL; - private final static String OUT_OP = "op"; - private final static String OUT_ERROR = "errorDetails"; - private final static String OUT_ARCHIVER = "archiverName"; - private final static String OUT_SERVICE_URL = "serviceURL"; - private final static String OUT_TOTAL_COUNT = "totalRecordCount"; - private final static String OUT_TEMPLATE = "templateName"; - - private IKeyRepository mKeyDB = null; - private X500Name mAuthName = null; - private String mFormPath = null; - private int mMaxReturns = 100; - private int mTimeLimits = 30; /* in seconds */ - - /** - * Constructs query key servlet. - */ - public SrchKey() { - super(); - } - - /** - * initialize the servlet. This servlet uses the template file - * "srchKey.template" to process the response. - * - * @param sc servlet configuration, read from the web.xml file - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; - - /* maxReturns doesn't seem to do anything useful in this - servlet!!! */ - try { - String tmp = - sc.getInitParameter(PROP_MAX_SEARCH_RETURNS); - - if (tmp == null) - mMaxReturns = 100; - else - mMaxReturns = Integer.parseInt(tmp); - } catch (Exception e) { - // do nothing - } - - mKeyDB = ((IKeyRecoveryAuthority) mAuthority).getKeyRepository(); - mAuthName = ((IKeyRecoveryAuthority) mAuthority).getX500Name(); - - mTemplates.remove(ICMSRequest.SUCCESS); - if (mOutputTemplatePath != null) - mFormPath = mOutputTemplatePath; - - /* Server-Side time limit */ - try { - mTimeLimits = Integer.parseInt(sc.getInitParameter("timeLimits")); - } catch (Exception e) { - /* do nothing, just use the default if integer parsing failed */ - } - } - - /** - * Returns serlvet information. - */ - public String getServletInfo() { - return INFO; - } - - /** - * Process the HTTP request. - * <ul> - * <li>http.param maxCount maximum number of matches to show in result - * <li>http.param maxResults maximum number of matches to run in ldapsearch - * <li>http.param queryFilter ldap-style filter to search with - * <li>http.param querySentinel ID of first request to show - * <li>http.param timeLimit number of seconds to limit ldap search to - * </ul> - * - * @param cmsReq the object holding the request and response information - */ - public void process(CMSRequest cmsReq) throws EBaseException { - - HttpServletRequest req = cmsReq.getHttpReq(); - HttpServletResponse resp = cmsReq.getHttpResp(); - - IAuthToken authToken = authenticate(cmsReq); - - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "list"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - - if (authzToken == null) { - cmsReq.setStatus(ICMSRequest.UNAUTHORIZED); - return; - } - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - try { - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - // process query if authentication is successful - IArgBlock header = CMS.createArgBlock(); - IArgBlock ctx = CMS.createArgBlock(); - CMSTemplateParams argSet = new CMSTemplateParams(header, ctx); - - int maxCount = -1; - int sentinel = 0; - int maxResults = -1; - int timeLimit = -1; - - try { - if (req.getParameter(IN_MAXCOUNT) != null) { - maxCount = Integer.parseInt( - req.getParameter(IN_MAXCOUNT)); - } - if (req.getParameter(IN_SENTINEL) != null) { - sentinel = Integer.parseInt( - req.getParameter(IN_SENTINEL)); - } - String maxResultsStr = req.getParameter("maxResults"); - - if (maxResultsStr != null && maxResultsStr.length() > 0) - maxResults = Integer.parseInt(maxResultsStr); - String timeLimitStr = req.getParameter("timeLimit"); - - if (timeLimitStr != null && timeLimitStr.length() > 0) - timeLimit = Integer.parseInt(timeLimitStr); - process(argSet, header, ctx, maxCount, maxResults, - timeLimit, sentinel, - req.getParameter(IN_FILTER), req, resp, locale[0]); - } catch (NumberFormatException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); - } - - try { - ServletOutputStream out = resp.getOutputStream(); - - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - cmsReq.setStatus(ICMSRequest.SUCCESS); - } - - /** - * Process the key search. - */ - private void process(CMSTemplateParams argSet, - IArgBlock header, IArgBlock ctx, - int maxCount, int maxResults, int timeLimit, int sentinel, String filter, - HttpServletRequest req, HttpServletResponse resp, Locale locale) { - - try { - // Fill header - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); - header.addStringValue(OUT_ARCHIVER, - mAuthName.toString()); - // STRANGE: IE does not like the following: - // header.addStringValue(OUT_SERVICE_URL, - // req.getRequestURI()); - // XXX - header.addStringValue(OUT_SERVICE_URL, - "/kra?"); - header.addStringValue(OUT_TEMPLATE, - TPL_FILE); - header.addStringValue(OUT_FILTER, - filter); - - if (timeLimit == -1 || timeLimit > mTimeLimits) { - CMS.debug("Resetting timelimit from " + timeLimit + " to " + mTimeLimits); - timeLimit = mTimeLimits; - } - CMS.debug("Start searching ... timelimit=" + timeLimit); - Enumeration<IKeyRecord> e = mKeyDB.searchKeys(filter, - maxResults, timeLimit); - int count = 0; - - if (e == null) { - header.addStringValue(OUT_SENTINEL, - null); - } else { - while (e.hasMoreElements()) { - IKeyRecord rec = e.nextElement(); - // rec is null when we specify maxResults - // DS will return an err=4, which triggers - // a LDAPException.SIZE_LIMIT_ExCEEDED - // in DSSearchResults.java - if (rec != null) { - IArgBlock rarg = CMS.createArgBlock(); - - KeyRecordParser.fillRecordIntoArg(rec, rarg); - argSet.addRepeatRecord(rarg); - count++; - } - } - } - - header.addIntegerValue("maxSize", mMaxReturns); - header.addIntegerValue(OUT_TOTAL_COUNT, count); - ctx.addIntegerValue(OUT_MAXCOUNT, maxCount); - } catch (EBaseException e) { - header.addStringValue(OUT_ERROR, e.toString(locale)); - } - } -} diff --git a/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java b/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java deleted file mode 100644 index 897acfc76..000000000 --- a/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java +++ /dev/null @@ -1,318 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.key; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Locale; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import netscape.security.x509.X500Name; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.IAuthToken; -import com.netscape.certsrv.authorization.AuthzToken; -import com.netscape.certsrv.authorization.EAuthzAccessDenied; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IArgBlock; -import com.netscape.certsrv.common.ICMSRequest; -import com.netscape.certsrv.dbs.keydb.IKeyRecord; -import com.netscape.certsrv.dbs.keydb.IKeyRepository; -import com.netscape.certsrv.kra.IKeyRecoveryAuthority; -import com.netscape.certsrv.logging.ILogger; -import com.netscape.cms.servlet.base.CMSServlet; -import com.netscape.cms.servlet.common.CMSRequest; -import com.netscape.cms.servlet.common.CMSTemplate; -import com.netscape.cms.servlet.common.CMSTemplateParams; -import com.netscape.cms.servlet.common.ECMSGWException; - -/** - * Retrieve archived keys matching given public key material - * - * - * @version $Revision$, $Date$ - */ -public class SrchKeyForRecovery extends CMSServlet { - - /** - * - */ - private static final long serialVersionUID = 5426987963811540460L; - private final static String TPL_FILE = "srchKeyForRecovery.template"; - private final static String INFO = "srchKey"; - private final static String PROP_MAX_SEARCH_RETURNS = "maxSearchReturns"; - - // input parameters - private final static String IN_MAXCOUNT = "maxCount"; - private final static String IN_FILTER = "queryFilter"; - private final static String IN_SENTINEL = "querySentinel"; - - // output parameters - private final static String OUT_FILTER = IN_FILTER; - private final static String OUT_MAXCOUNT = IN_MAXCOUNT; - private final static String OUT_SENTINEL = IN_SENTINEL; - private final static String OUT_OP = "op"; - private final static String OUT_ARCHIVER = "archiverName"; - private final static String OUT_SERVICE_URL = "serviceURL"; - private final static String OUT_TOTAL_COUNT = "totalRecordCount"; - private final static String OUT_TEMPLATE = "templateName"; - - private IKeyRepository mKeyDB = null; - private X500Name mAuthName = null; - private String mFormPath = null; - private int mMaxReturns = 100; - private int mTimeLimits = 30; /* in seconds */ - - /** - * Constructs query key servlet. - */ - public SrchKeyForRecovery() { - super(); - } - - /** - * initialize the servlet. This servlet uses the template file - * "srchKeyForRecovery.template" to process the response. - * - * @param sc servlet configuration, read from the web.xml file - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; - - try { - String tmp = - sc.getInitParameter(PROP_MAX_SEARCH_RETURNS); - - if (tmp == null) - mMaxReturns = 100; - else - mMaxReturns = Integer.parseInt(tmp); - } catch (Exception e) { - // do nothing - } - - mKeyDB = ((IKeyRecoveryAuthority) mAuthority).getKeyRepository(); - mAuthName = ((IKeyRecoveryAuthority) mAuthority).getX500Name(); - - mTemplates.remove(ICMSRequest.SUCCESS); - if (mOutputTemplatePath != null) - mFormPath = mOutputTemplatePath; - - /* Server-Side time limit */ - try { - mTimeLimits = Integer.parseInt(sc.getInitParameter("timeLimits")); - } catch (Exception e) { - /* do nothing, just use the default if integer parsing failed */ - } - } - - /** - * Returns serlvet information. - */ - public String getServletInfo() { - return INFO; - } - - /** - * Process the HTTP request. - * <ul> - * <li>http.param maxCount maximum number of matches to show in result - * <li>http.param maxResults maximum number of matches to run in ldapsearch - * <li>http.param publicKeyData public key data to search on - * <li>http.param querySentinel ID of first request to show - * <li>http.param timeLimit number of seconds to limit ldap search to - * </ul> - * - * @param cmsReq the object holding the request and response information - */ - - public void process(CMSRequest cmsReq) throws EBaseException { - - HttpServletRequest req = cmsReq.getHttpReq(); - HttpServletResponse resp = cmsReq.getHttpResp(); - - IAuthToken authToken = authenticate(cmsReq); - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "list"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - - if (authzToken == null) { - cmsReq.setStatus(ICMSRequest.UNAUTHORIZED); - return; - } - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - try { - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - // process query if authentication is successful - IArgBlock header = CMS.createArgBlock(); - IArgBlock ctx = CMS.createArgBlock(); - CMSTemplateParams argSet = new CMSTemplateParams(header, ctx); - EBaseException error = null; - - int maxCount = -1; - int sentinel = 0; - int maxResults = -1; - int timeLimit = -1; - - try { - if (req.getParameter(IN_MAXCOUNT) != null) { - maxCount = Integer.parseInt( - req.getParameter(IN_MAXCOUNT)); - } - if (req.getParameter(IN_SENTINEL) != null) { - sentinel = Integer.parseInt( - req.getParameter(IN_SENTINEL)); - } - String maxResultsStr = req.getParameter("maxResults"); - - if (maxResultsStr != null && maxResultsStr.length() > 0) - maxResults = Integer.parseInt(maxResultsStr); - String timeLimitStr = req.getParameter("timeLimit"); - - if (timeLimitStr != null && timeLimitStr.length() > 0) - timeLimit = Integer.parseInt(timeLimitStr); - process(argSet, header, ctx, maxCount, maxResults, timeLimit, sentinel, - req.getParameter("publicKeyData"), req.getParameter(IN_FILTER), req, resp, locale[0]); - } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); - error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); - } - - /* - catch (Exception e) { - error = new EBaseException(BaseResources.INTERNAL_ERROR_1, e); - } - */ - - try { - if (error == null) { - String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - ServletOutputStream out = resp.getOutputStream(); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(ICMSRequest.SUCCESS); - } - } else { - cmsReq.setStatus(ICMSRequest.ERROR); - cmsReq.setError(error); - } - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - } - - /** - * Process the key search. - */ - private void process(CMSTemplateParams argSet, - IArgBlock header, IArgBlock ctx, - int maxCount, int maxResults, int timeLimit, int sentinel, String publicKeyData, - String filter, - HttpServletRequest req, HttpServletResponse resp, Locale locale) - throws EBaseException { - - try { - // Fill header - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); - header.addStringValue(OUT_ARCHIVER, - mAuthName.toString()); - // STRANGE: IE does not like the following: - // header.addStringValue(OUT_SERVICE_URL, - // req.getRequestURI()); - // XXX - header.addStringValue(OUT_SERVICE_URL, - "/kra?"); - header.addStringValue(OUT_TEMPLATE, - TPL_FILE); - header.addStringValue(OUT_FILTER, - filter); - if (publicKeyData != null) { - header.addStringValue("publicKeyData", - publicKeyData); - } - - if (timeLimit == -1 || timeLimit > mTimeLimits) { - CMS.debug("Resetting timelimit from " + timeLimit + " to " + mTimeLimits); - timeLimit = mTimeLimits; - } - CMS.debug("Start searching ... timelimit=" + timeLimit); - Enumeration<IKeyRecord> e = mKeyDB.searchKeys(filter, maxResults, timeLimit); - int count = 0; - - if (e == null) { - header.addStringValue(OUT_SENTINEL, - null); - } else { - while (e.hasMoreElements()) { - IKeyRecord rec = e.nextElement(); - // rec is null when we specify maxResults - // DS will return an err=4, which triggers - // a LDAPException.SIZE_LIMIT_ExCEEDED - // in DSSearchResults.java - if (rec != null) { - IArgBlock rarg = CMS.createArgBlock(); - - KeyRecordParser.fillRecordIntoArg(rec, rarg); - argSet.addRepeatRecord(rarg); - count++; - } - } - } - - header.addIntegerValue("maxSize", mMaxReturns); - header.addIntegerValue(OUT_TOTAL_COUNT, count); - ctx.addIntegerValue(OUT_MAXCOUNT, maxCount); - } catch (EBaseException e) { - log(ILogger.LL_FAILURE, "Error " + e); - throw e; - } - } -} |