summaryrefslogtreecommitdiffstats
path: root/base/common
diff options
context:
space:
mode:
authorAde Lee <alee@redhat.com>2012-04-26 23:48:43 -0400
committerAde Lee <alee@redhat.com>2012-05-02 16:47:27 -0400
commit9aea1e939f6357eadf777c72ae3ef43275829427 (patch)
tree07cfa655fcfd462c5217df8c8fe19cccc7e2e97f /base/common
parentfbf472de7a4eb3d141c32821a417ec5331b53c97 (diff)
downloadpki-9aea1e939f6357eadf777c72ae3ef43275829427.tar.gz
pki-9aea1e939f6357eadf777c72ae3ef43275829427.tar.xz
pki-9aea1e939f6357eadf777c72ae3ef43275829427.zip
Refactor installation servlets to use common code in ConfigurationUtils
Ticket #156
Diffstat (limited to 'base/common')
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java2
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java444
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java271
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java121
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java482
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationRESTClient.java21
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java227
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java209
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java1137
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java106
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java768
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java29
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java537
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java543
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java2
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java111
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java230
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigurationResourceService.java2
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java1133
19 files changed, 771 insertions, 5604 deletions
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java
index 585d444d4..7921fc114 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java
@@ -167,7 +167,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
cstype = config.getString("cs.type", "");
} catch (Exception e) {
}
- cstype = toLowerCaseSubsystemType(cstype);
+ cstype = cstype.toLowerCase();
if (subsystemtype.equals("clone")) {
CMS.debug("AdminAuthenticatePanel: this is the clone subsystem");
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java
index cc9d5f35a..579c54df0 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java
@@ -17,57 +17,29 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.File;
-import java.io.FileOutputStream;
import java.io.IOException;
-import java.io.PrintStream;
-import java.net.URLEncoder;
-import java.security.cert.X509Certificate;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import netscape.ldap.LDAPException;
-import netscape.security.pkcs.ContentInfo;
-import netscape.security.pkcs.PKCS10;
-import netscape.security.pkcs.PKCS7;
-import netscape.security.pkcs.SignerInfo;
-import netscape.security.x509.AlgorithmId;
-import netscape.security.x509.CertificateChain;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509Key;
-
import org.apache.velocity.context.Context;
-import org.mozilla.jss.asn1.SEQUENCE;
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.base.ISubsystem;
-import com.netscape.certsrv.ca.ICertificateAuthority;
import com.netscape.certsrv.property.Descriptor;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.property.PropertySet;
-import com.netscape.certsrv.usrgrp.IGroup;
import com.netscape.certsrv.usrgrp.IUGSubsystem;
-import com.netscape.certsrv.usrgrp.IUser;
import com.netscape.certsrv.util.HttpInput;
import com.netscape.cms.servlet.wizard.WizardServlet;
-import com.netscape.cmsutil.crypto.CryptoUtil;
-import com.netscape.cmsutil.http.HttpClient;
-import com.netscape.cmsutil.http.HttpRequest;
-import com.netscape.cmsutil.http.HttpResponse;
-import com.netscape.cmsutil.http.JssSSLSocketFactory;
-import com.netscape.cmsutil.xml.XMLObject;
public class AdminPanel extends WizardPanelBase {
private static final String ADMIN_UID = "admin";
- private final static String CERT_TAG = "admin";
public AdminPanel() {
}
@@ -243,383 +215,80 @@ public class AdminPanel extends WizardPanelBase {
/**
* Commit parameter changes
*/
- public void update(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ public void update(HttpServletRequest request, HttpServletResponse response, Context context) throws IOException {
IConfigStore config = CMS.getConfigStore();
context.put("info", "");
context.put("import", "true");
- String type = "";
- String subsystemtype = "";
- String selected_hierarchy = "";
- try {
- type = config.getString(PRE_CA_TYPE, "");
- subsystemtype = config.getString("cs.type", "");
- selected_hierarchy = config.getString("preop.hierarchy.select", "");
- } catch (Exception e) {
- }
-
- ISubsystem ca = CMS.getSubsystem("ca");
-
- if (ca == null) {
- context.put("ca", "false");
- } else {
- context.put("ca", "true");
- }
- context.put("caType", type);
String uid = HttpInput.getUID(request, "uid");
String email = HttpInput.getEmail(request, "email");
String name = HttpInput.getName(request, "name");
+ String pwd = HttpInput.getPassword(request, "__pwd");
+ String cert_request_type = HttpInput.getID(request, "cert_request_type");
+ String subject = request.getParameter("subject");
+ String cert_request = HttpInput.getCertRequest(request, "cert_request");
+ String profileId = HttpInput.getID(request, "profileId");
- CMS.debug("AdminPanel update: email address = " + email);
-
- config.putString("preop.admin.uid", uid);
- config.putString("preop.admin.email", email);
- config.putString("preop.admin.name", name);
try {
- createAdmin(request);
- } catch (IOException e) {
- context.put("errorString", "Failed to create administrator.");
- context.put("updateStatus", "failure");
- throw e;
- }
+ String type = config.getString(PRE_CA_TYPE, "");
+ String subsystemtype = config.getString("cs.type", "");
+ String selected_hierarchy = config.getString("preop.hierarchy.select", "");
+
+ ISubsystem ca = CMS.getSubsystem("ca");
- // REMINDER: This panel is NOT used by "clones"
- if (ca != null) {
- if (selected_hierarchy.equals("root")) {
- CMS.debug("AdminPanel update: "
- + "Root CA subsystem");
+ if (ca == null) {
+ context.put("ca", "false");
} else {
- CMS.debug("AdminPanel update: "
- + "Subordinate CA subsystem");
+ context.put("ca", "true");
}
+ context.put("caType", type);
- try {
- createAdminCertificate(request, response, context);
- } catch (IOException e) {
- CMS.debug("AdminPanel update: Exception: " + e.toString());
- context.put("errorString",
- "Failed to create administrator certificate.");
- context.put("updateStatus", "failure");
- throw e;
- }
- } else {
- String ca_hostname = null;
- int ca_port = -1;
+ config.putString("preop.admin.uid", uid);
+ config.putString("preop.admin.email", email);
+ config.putString("preop.admin.name", name);
+ ConfigurationUtils.createAdmin(uid, email, name, pwd);
+
+ if (ca != null) {
+ if (selected_hierarchy.equals("root")) {
+ CMS.debug("AdminPanel update: " + "Root CA subsystem");
+ } else {
+ CMS.debug("AdminPanel update: " + "Subordinate CA subsystem");
+ }
+
+ ConfigurationUtils.createAdminCertificate(cert_request,
+ cert_request_type, subject);
+ } else {
+ String ca_hostname = null;
+ int ca_port = -1;
- // REMINDER: This panel is NOT used by "clones"
- CMS.debug("AdminPanel update: "
- + subsystemtype
- + " subsystem");
+ CMS.debug("AdminPanel update: " + subsystemtype + " subsystem");
- if (type.equals("sdca")) {
- try {
+ if (type.equals("sdca")) {
ca_hostname = config.getString("preop.ca.hostname");
ca_port = config.getInteger("preop.ca.httpsport");
- } catch (Exception e) {
- }
- } else {
- try {
+ } else {
ca_hostname = config.getString("securitydomain.host", "");
ca_port = config.getInteger("securitydomain.httpseeport");
- } catch (Exception e) {
}
- }
- submitRequest(ca_hostname, ca_port, request, response, context);
- }
+ ConfigurationUtils.submitAdminCertRequest(ca_hostname, ca_port,
+ profileId, cert_request_type, cert_request, subject);
+ }
- try {
CMS.reinit(IUGSubsystem.ID);
- } catch (Exception e) {
- CMS.debug("AdminPanel update: " + e.toString());
- }
-
- try {
config.commit(false);
} catch (Exception e) {
+ CMS.debug("AdminPanel update(): Exception thrown " + e);
+ e.printStackTrace();
+ context.put("updateStatus", "failure");
+ throw new IOException("Error when adding admin user" + e);
}
context.put("updateStatus", "success");
-
- }
-
- private void createAdmin(HttpServletRequest request) throws IOException {
- IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
- IConfigStore config = CMS.getConfigStore();
- String groupName = null;
-
- try {
- groupName = config.getString(PRE_CONF_AGENT_GROUP,
- "Certificate Manager Agents");
- } catch (Exception e) {
- CMS.debug("AdminPanel createAdmin: " + e.toString());
- }
-
- IUser user = null;
- String uid = HttpInput.getUID(request, "uid");
-
- try {
- user = system.createUser(uid);
- String email = HttpInput.getEmail(request, "email");
- String name = HttpInput.getName(request, "name");
- String pwd = HttpInput.getPassword(request, "__pwd");
-
- user.setEmail(email);
- user.setPassword(pwd);
- user.setFullName(name);
- user.setUserType("adminType");
- user.setState("1");
- user.setPhone("");
- system.addUser(user);
- } catch (LDAPException e) {
- CMS.debug("AdminPanel createAdmin: addUser " + e.toString());
- if (e.getLDAPResultCode() != LDAPException.ENTRY_ALREADY_EXISTS) {
- throw new IOException(e.toString());
- }
- } catch (Exception e) {
- CMS.debug("AdminPanel createAdmin: addUser " + e.toString());
- throw new IOException(e.toString());
- }
-
- IGroup group = null;
-
- try {
- group = system.getGroupFromName(groupName);
- if (!group.isMember(uid)) {
- group.addMemberName(uid);
- system.modifyGroup(group);
- }
- group = system.getGroupFromName("Administrators");
- if (!group.isMember(uid)) {
- group.addMemberName(uid);
- system.modifyGroup(group);
- }
-
- String select = config.getString("securitydomain.select", "");
- if (select.equals("new")) {
- group = system.getGroupFromName("Security Domain Administrators");
- if (!group.isMember(uid)) {
- group.addMemberName(uid);
- system.modifyGroup(group);
- }
-
- group = system.getGroupFromName("Enterprise CA Administrators");
- if (!group.isMember(uid)) {
- group.addMemberName(uid);
- system.modifyGroup(group);
- }
-
- group = system.getGroupFromName("Enterprise KRA Administrators");
- if (!group.isMember(uid)) {
- group.addMemberName(uid);
- system.modifyGroup(group);
- }
-
- group = system.getGroupFromName("Enterprise RA Administrators");
- if (!group.isMember(uid)) {
- group.addMemberName(uid);
- system.modifyGroup(group);
- }
-
- group = system.getGroupFromName("Enterprise TKS Administrators");
- if (!group.isMember(uid)) {
- group.addMemberName(uid);
- system.modifyGroup(group);
- }
-
- group = system.getGroupFromName("Enterprise OCSP Administrators");
- if (!group.isMember(uid)) {
- group.addMemberName(uid);
- system.modifyGroup(group);
- }
-
- group = system.getGroupFromName("Enterprise TPS Administrators");
- if (!group.isMember(uid)) {
- group.addMemberName(uid);
- system.modifyGroup(group);
- }
- }
- } catch (Exception e) {
- CMS.debug("AdminPanel createAdmin: modifyGroup " + e.toString());
- throw new IOException(e.toString());
- }
- }
-
- private void submitRequest(String ca_hostname, int ca_port, HttpServletRequest request,
- HttpServletResponse response, Context context) throws IOException {
- IConfigStore config = CMS.getConfigStore();
-
- String profileId = HttpInput.getID(request, "profileId");
- if (profileId == null) {
- try {
- profileId = config.getString("preop.admincert.profile", "caAdminCert");
- } catch (Exception e) {
- }
- }
-
- String cert_request_type = HttpInput.getID(request, "cert_request_type");
- String cert_request = HttpInput.getCertRequest(request, "cert_request");
- cert_request = URLEncoder.encode(cert_request, "UTF-8");
- String session_id = CMS.getConfigSDSessionId();
- String subjectDN = HttpInput.getString(request, "subject");
-
- String content =
- "profileId="
- + profileId + "&cert_request_type=" + cert_request_type + "&cert_request=" + cert_request
- + "&xmlOutput=true&sessionID=" + session_id + "&subject=" + subjectDN;
-
- HttpClient httpclient = new HttpClient();
- String c = null;
-
- try {
- JssSSLSocketFactory factory = new JssSSLSocketFactory();
-
- httpclient = new HttpClient(factory);
- httpclient.connect(ca_hostname, ca_port);
- HttpRequest httprequest = new HttpRequest();
- httprequest.setMethod(HttpRequest.POST);
- httprequest.setURI("/ca/ee/ca/profileSubmit");
- httprequest.setHeader("user-agent", "HTTPTool/1.0");
-
- httprequest.setHeader("content-length", "" + content.length());
- httprequest.setHeader("content-type",
- "application/x-www-form-urlencoded");
- httprequest.setContent(content);
- HttpResponse httpresponse = httpclient.send(httprequest);
-
- c = httpresponse.getContent();
- CMS.debug("AdminPanel submitRequest: content=" + c);
-
- // retrieve the request Id ad admin certificate
- if (c != null) {
- try {
- ByteArrayInputStream bis = new ByteArrayInputStream(
- c.getBytes());
- XMLObject parser = null;
-
- try {
- parser = new XMLObject(bis);
- } catch (Exception e) {
- CMS.debug("AdminPanel::submitRequest() - "
- + "Exception=" + e.toString());
- throw new IOException(e.toString());
- }
- String status = parser.getValue("Status");
-
- CMS.debug("AdminPanel update: status=" + status);
- if (status.equals("2")) {
- //relogin to the security domain
- reloginSecurityDomain(response);
- return;
- } else if (!status.equals("0")) {
- String error = parser.getValue("Error");
-
- context.put("errorString", error);
- throw new IOException(error);
- }
-
- IConfigStore cs = CMS.getConfigStore();
- String id = parser.getValue("Id");
-
- cs.putString("preop.admincert.requestId.0", id);
- String serial = parser.getValue("serialno");
-
- cs.putString("preop.admincert.serialno.0", serial);
- String b64 = parser.getValue("b64");
- String instanceRoot = cs.getString("instanceRoot", "");
- String dir = instanceRoot + File.separator + "conf"
- + File.separator + "admin.b64";
-
- cs.putString("preop.admincert.b64", dir);
- PrintStream ps = new PrintStream(new FileOutputStream(dir));
-
- ps.println(b64);
- ps.flush();
- ps.close();
- } catch (IOException ee) {
- context.put("errorString", ee.toString());
- throw ee;
- } catch (Exception ee) {
- context.put("errorString", ee.toString());
- throw new IOException(ee.toString());
- }
- }
- } catch (Exception e) {
- CMS.debug("AdminPanel submitRequest: " + e.toString());
- }
- }
-
- private void createAdminCertificate(HttpServletRequest request,
- HttpServletResponse response, Context context) throws IOException {
- String cert_request = HttpInput.getCertRequest(request, "cert_request");
-
- String cert_request_type = HttpInput.getID(request, "cert_request_type");
- IConfigStore cs = CMS.getConfigStore();
-
- if (cs == null) {
- CMS.debug("AdminPanel::createAdminCertificate() - cs is null!");
- throw new IOException("cs is null");
- }
-
- String subject = "";
- X509Key x509key = null;
- if (cert_request_type.equals("crmf")) {
- try {
- byte[] b = CMS.AtoB(cert_request);
- SEQUENCE crmfMsgs = CryptoUtil.parseCRMFMsgs(b);
- subject = CryptoUtil.getSubjectName(crmfMsgs);
- x509key = CryptoUtil.getX509KeyFromCRMFMsgs(crmfMsgs);
- } catch (Exception e) {
- CMS.debug(
- "AdminPanel createAdminCertificate: Exception="
- + e.toString());
- }
- // this request is from IE. The VBScript has problem of generating
- // certificate request if the subject name has E and UID components.
- // For now, we always hardcoded the subject DN to be cn=NAME in
- // the IE browser.
- } else if (cert_request_type.equals("pkcs10")) {
- try {
- byte[] b = CMS.AtoB(cert_request);
- PKCS10 pkcs10 = new PKCS10(b);
- subject = request.getParameter("subject");
- x509key = pkcs10.getSubjectPublicKeyInfo();
- } catch (Exception e) {
- CMS.debug("AdminPanel createAdminCertificate: Exception="
- + e.toString());
- }
- }
-
- if (x509key == null) {
- CMS.debug("AdminPanel::createAdminCertificate() - x509key is null!");
- throw new IOException("x509key is null");
- }
-
- try {
- cs.putString(PCERT_PREFIX + CERT_TAG + ".dn", subject);
- String caType = cs.getString(PCERT_PREFIX + CERT_TAG + ".type", "local");
- X509CertImpl impl = CertUtil.createLocalCert(cs, x509key,
- PCERT_PREFIX, CERT_TAG, caType, context);
-
- // update the locally created request for renewal
- CertUtil.updateLocalRequest(cs, CERT_TAG, cert_request, cert_request_type, subject);
-
- ISubsystem ca = CMS.getSubsystem("ca");
- if (ca != null) {
- createPKCS7(impl);
- }
- cs.putString("preop.admincert.serialno.0",
- impl.getSerialNumber().toString(16));
- } catch (Exception e) {
- CMS.debug("AdminPanel createAdminCertificate: Exception="
- + e.toString());
- }
}
/**
- * If validiate() returns false, this method will be called.
+ * If validate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
HttpServletResponse response,
@@ -660,31 +329,4 @@ public class AdminPanel extends WizardPanelBase {
return false;
}
-
- private void createPKCS7(X509CertImpl cert) {
- try {
- IConfigStore cs = CMS.getConfigStore();
- ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
- CertificateChain cachain = ca.getCACertChain();
- X509Certificate[] cacerts = cachain.getChain();
- X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1];
- int m = 1, n = 0;
-
- for (; n < cacerts.length; m++, n++) {
- userChain[m] = (X509CertImpl) cacerts[n];
- }
-
- userChain[0] = cert;
- PKCS7 p7 = new PKCS7(new AlgorithmId[0],
- new ContentInfo(new byte[0]), userChain, new SignerInfo[0]);
- ByteArrayOutputStream bos = new ByteArrayOutputStream();
-
- p7.encodeSignedData(bos);
- byte[] p7Bytes = bos.toByteArray();
- String p7Str = CMS.BtoA(p7Bytes);
- cs.putString("preop.admincert.pkcs7", CryptoUtil.normalizeCertStr(p7Str));
- } catch (Exception e) {
- CMS.debug("AdminPanel createPKCS7: Failed to create pkcs7 file. Exception: " + e.toString());
- }
- }
}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java
index d216a9212..f29b22ae7 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java
@@ -17,14 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-import java.io.ByteArrayOutputStream;
-import java.io.CharConversionException;
import java.io.IOException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.security.cert.CertificateEncodingException;
-import java.util.StringTokenizer;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
@@ -32,33 +25,6 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.velocity.context.Context;
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.asn1.ASN1Util;
-import org.mozilla.jss.asn1.ASN1Value;
-import org.mozilla.jss.asn1.BMPString;
-import org.mozilla.jss.asn1.OCTET_STRING;
-import org.mozilla.jss.asn1.SEQUENCE;
-import org.mozilla.jss.asn1.SET;
-import org.mozilla.jss.crypto.Cipher;
-import org.mozilla.jss.crypto.CryptoToken;
-import org.mozilla.jss.crypto.EncryptionAlgorithm;
-import org.mozilla.jss.crypto.IVParameterSpec;
-import org.mozilla.jss.crypto.KeyGenAlgorithm;
-import org.mozilla.jss.crypto.KeyGenerator;
-import org.mozilla.jss.crypto.KeyWrapAlgorithm;
-import org.mozilla.jss.crypto.KeyWrapper;
-import org.mozilla.jss.crypto.PBEAlgorithm;
-import org.mozilla.jss.crypto.PrivateKey;
-import org.mozilla.jss.crypto.SymmetricKey;
-import org.mozilla.jss.crypto.X509Certificate;
-import org.mozilla.jss.pkcs12.AuthenticatedSafes;
-import org.mozilla.jss.pkcs12.CertBag;
-import org.mozilla.jss.pkcs12.PFX;
-import org.mozilla.jss.pkcs12.PasswordConverter;
-import org.mozilla.jss.pkcs12.SafeBag;
-import org.mozilla.jss.pkix.primitive.EncryptedPrivateKeyInfo;
-import org.mozilla.jss.pkix.primitive.PrivateKeyInfo;
-import org.mozilla.jss.util.Password;
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.EBaseException;
@@ -66,7 +32,6 @@ import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.property.PropertySet;
import com.netscape.certsrv.util.HttpInput;
import com.netscape.cms.servlet.wizard.WizardServlet;
-import com.netscape.cmsutil.crypto.CryptoUtil;
public class BackupKeyCertPanel extends WizardPanelBase {
@@ -199,20 +164,25 @@ public class BackupKeyCertPanel extends WizardPanelBase {
Context context) throws IOException {
IConfigStore config = CMS.getConfigStore();
- String select = HttpInput.getID(request, "choice");
- if (select.equals("backupkey")) {
- CMS.debug("BackupKeyCertPanel update: backup");
- config.putBoolean("preop.backupkeys.enable", true);
- backupKeysCerts(request);
- } else {
- CMS.debug("BackupKeyCertPanel update: no backup");
- config.putBoolean("preop.backupkeys.enable", false);
- }
-
- config.putBoolean("preop.backupkeycert.done", true);
try {
- config.commit(false);
- } catch (EBaseException e) {
+ String select = HttpInput.getID(request, "choice");
+ String pwd = request.getParameter("__pwd");
+ if (select.equals("backupkey")) {
+ CMS.debug("BackupKeyCertPanel update: backup");
+ config.putBoolean("preop.backupkeys.enable", true);
+ ConfigurationUtils.backupKeys(pwd, null);
+ } else {
+ CMS.debug("BackupKeyCertPanel update: no backup");
+ config.putBoolean("preop.backupkeys.enable", false);
+ }
+
+ config.putBoolean("preop.backupkeycert.done", true);
+ config.commit(false);
+ } catch (Exception e) {
+ CMS.debug("BackupKeyertPanel: update(): Exception thrown " + e);
+ e.printStackTrace();
+ context.put("updateStatus", "failure");
+ throw new IOException(e);
}
context.put("updateStatus", "success");
}
@@ -242,209 +212,4 @@ public class BackupKeyCertPanel extends WizardPanelBase {
context.put("title", "Export Keys and Certificates");
context.put("panel", "admin/console/config/backupkeycertpanel.vm");
}
-
- public void backupKeysCerts(HttpServletRequest request)
- throws IOException {
- CMS.debug("BackupKeyCertPanel backupKeysCerts: start");
- IConfigStore cs = CMS.getConfigStore();
- String certlist = "";
- try {
- certlist = cs.getString("preop.cert.list");
- } catch (Exception e) {
- }
-
- StringTokenizer st = new StringTokenizer(certlist, ",");
- CryptoManager cm = null;
- try {
- cm = CryptoManager.getInstance();
- } catch (Exception e) {
- CMS.debug("BackupKeyCertPanel::backupKeysCerts() - "
- + "Exception=" + e.toString());
- throw new IOException(e.toString());
- }
-
- String pwd = request.getParameter("__pwd");
- Password pass = new org.mozilla.jss.util.Password(pwd.toCharArray());
- SEQUENCE encSafeContents = new SEQUENCE();
- SEQUENCE safeContents = new SEQUENCE();
- while (st.hasMoreTokens()) {
- String t = st.nextToken();
- if (t.equals("sslserver"))
- continue;
- String nickname = "";
- String modname = "";
- try {
- nickname = cs.getString("preop.cert." + t + ".nickname");
- modname = cs.getString("preop.module.token");
- } catch (Exception e) {
- }
- if (!modname.equals("Internal Key Storage Token"))
- nickname = modname + ":" + nickname;
-
- X509Certificate x509cert = null;
- byte localKeyId[] = null;
- try {
- x509cert = cm.findCertByNickname(nickname);
- localKeyId = addCertBag(x509cert, nickname, safeContents);
- } catch (IOException e) {
- throw e;
- } catch (Exception e) {
- CMS.debug("BackupKeyCertPanel: Exception=" + e.toString());
- throw new IOException("Failed to create pkcs12 file.");
- }
-
- try {
- PrivateKey pkey = cm.findPrivKeyByCert(x509cert);
- addKeyBag(pkey, x509cert, pass, localKeyId, encSafeContents);
- } catch (Exception e) {
- CMS.debug("BackupKeyCertPanel: Exception=" + e.toString());
- throw new IOException("Failed to create pkcs12 file.");
- }
- } //while loop
-
- X509Certificate[] cacerts = cm.getCACerts();
-
- for (int i = 0; i < cacerts.length; i++) {
- //String nickname = cacerts[i].getSubjectDN().toString();
- String nickname = null;
- try {
- addCertBag(cacerts[i], nickname, safeContents);
- } catch (IOException e) {
- throw e;
- } catch (Exception e) {
- CMS.debug("BackupKeyCertPanel backKeysCerts: Exception=" + e.toString());
- throw new IOException("Failed to create pkcs12 file.");
- }
- }
-
- try {
- AuthenticatedSafes authSafes = new AuthenticatedSafes();
- authSafes.addSafeContents(safeContents);
- authSafes.addSafeContents(encSafeContents);
- PFX pfx = new PFX(authSafes);
- pfx.computeMacData(pass, null, 5);
- ByteArrayOutputStream bos = new ByteArrayOutputStream();
- pfx.encode(bos);
- byte[] output = bos.toByteArray();
- cs.putString("preop.pkcs12", CryptoUtil.byte2string(output));
- pass.clear();
- cs.commit(false);
- } catch (Exception e) {
- CMS.debug("BackupKeyCertPanel backupKeysCerts: Exception=" + e.toString());
- }
- }
-
- private void addKeyBag(PrivateKey pkey, X509Certificate x509cert,
- Password pass, byte[] localKeyId, SEQUENCE safeContents)
- throws IOException {
- try {
- PasswordConverter passConverter = new PasswordConverter();
-
- SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
- byte salt[] = random.generateSeed(4); // 4 bytes salt
- byte[] priData = getEncodedKey(pkey);
-
- PrivateKeyInfo pki = (PrivateKeyInfo)
- ASN1Util.decode(PrivateKeyInfo.getTemplate(), priData);
- ASN1Value key = EncryptedPrivateKeyInfo.createPBE(
- PBEAlgorithm.PBE_SHA1_DES3_CBC,
- pass, salt, 1, passConverter, pki);
- SET keyAttrs = createBagAttrs(
- x509cert.getSubjectDN().toString(), localKeyId);
- SafeBag keyBag = new SafeBag(SafeBag.PKCS8_SHROUDED_KEY_BAG,
- key, keyAttrs);
- safeContents.addElement(keyBag);
- } catch (Exception e) {
- CMS.debug("BackupKeyCertPanel getKeyBag: Exception=" + e.toString());
- throw new IOException("Failed to create pk12 file.");
- }
- }
-
- private byte[] addCertBag(X509Certificate x509cert, String nickname,
- SEQUENCE safeContents) throws IOException {
- byte[] localKeyId = null;
- try {
- ASN1Value cert = new OCTET_STRING(x509cert.getEncoded());
- localKeyId = createLocalKeyId(x509cert);
- SET certAttrs = null;
- if (nickname != null)
- certAttrs = createBagAttrs(nickname, localKeyId);
- SafeBag certBag = new SafeBag(SafeBag.CERT_BAG,
- new CertBag(CertBag.X509_CERT_TYPE, cert), certAttrs);
- safeContents.addElement(certBag);
- } catch (Exception e) {
- CMS.debug("BackupKeyCertPanel addCertBag: " + e.toString());
- throw new IOException("Failed to create pk12 file.");
- }
-
- return localKeyId;
- }
-
- private byte[] getEncodedKey(PrivateKey pkey) {
- try {
- CryptoManager cm = CryptoManager.getInstance();
- CryptoToken token = cm.getInternalKeyStorageToken();
- KeyGenerator kg = token.getKeyGenerator(KeyGenAlgorithm.DES3);
- SymmetricKey sk = kg.generate();
- KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD);
- byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 };
- IVParameterSpec param = new IVParameterSpec(iv);
- wrapper.initWrap(sk, param);
- byte[] enckey = wrapper.wrap(pkey);
- Cipher c = token.getCipherContext(EncryptionAlgorithm.DES3_CBC_PAD);
- c.initDecrypt(sk, param);
- byte[] recovered = c.doFinal(enckey);
- return recovered;
- } catch (Exception e) {
- CMS.debug("BackupKeyCertPanel getEncodedKey: Exception=" + e.toString());
- }
-
- return null;
- }
-
- private byte[] createLocalKeyId(X509Certificate cert)
- throws IOException {
- try {
- // SHA1 hash of the X509Cert der encoding
- byte certDer[] = cert.getEncoded();
-
- MessageDigest md = MessageDigest.getInstance("SHA");
-
- md.update(certDer);
- return md.digest();
- } catch (CertificateEncodingException e) {
- CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: " + e.toString());
- throw new IOException("Failed to encode certificate.");
- } catch (NoSuchAlgorithmException e) {
- CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: " + e.toString());
- throw new IOException("No such algorithm supported.");
- }
- }
-
- private SET createBagAttrs(String nickName, byte localKeyId[])
- throws IOException {
- try {
- SET attrs = new SET();
- SEQUENCE nickNameAttr = new SEQUENCE();
-
- nickNameAttr.addElement(SafeBag.FRIENDLY_NAME);
- SET nickNameSet = new SET();
-
- nickNameSet.addElement(new BMPString(nickName));
- nickNameAttr.addElement(nickNameSet);
- attrs.addElement(nickNameAttr);
- SEQUENCE localKeyAttr = new SEQUENCE();
-
- localKeyAttr.addElement(SafeBag.LOCAL_KEY_ID);
- SET localKeySet = new SET();
-
- localKeySet.addElement(new OCTET_STRING(localKeyId));
- localKeyAttr.addElement(localKeySet);
- attrs.addElement(localKeyAttr);
- return attrs;
- } catch (CharConversionException e) {
- CMS.debug("BackupKeyCertPanel createBagAttrs: Exception=" + e.toString());
- throw new IOException("Failed to create PKCS12 file.");
- }
- }
}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java
index 827f0ce92..ab284f3c6 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java
@@ -19,6 +19,7 @@ package com.netscape.cms.servlet.csadmin;
import java.io.IOException;
import java.net.URL;
+import java.security.cert.CertificateEncodingException;
import java.util.StringTokenizer;
import java.util.Vector;
@@ -30,6 +31,7 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.velocity.context.Context;
import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.base.ISubsystem;
import com.netscape.certsrv.ca.ICertificateAuthority;
@@ -147,14 +149,18 @@ public class CAInfoPanel extends WizardPanelBase {
String cstype = "CA";
String portType = "SecurePort";
- /*
- try {
- cstype = cs.getString("cs.type", "");
- } catch (EBaseException e) {}
- */
-
CMS.debug("CAInfoPanel: Ready to get url");
- Vector<String> v = getUrlListFromSecurityDomain(cs, cstype, portType);
+ Vector<String> v = null;
+ try {
+ v = ConfigurationUtils.getUrlListFromSecurityDomain(cs, cstype, portType);
+ } catch (Exception e) {
+ CMS.debug("CAInfoPanel display(): errors in getting URL list from security domain" + e);
+ e.printStackTrace();
+ }
+ if (v == null) {
+ v = new Vector<String>();
+ }
+
v.addElement("External CA");
StringBuffer list = new StringBuffer();
int size = v.size();
@@ -198,31 +204,20 @@ public class CAInfoPanel extends WizardPanelBase {
public void update(HttpServletRequest request,
HttpServletResponse response,
Context context) throws IOException {
-
- /*
- String select = request.getParameter("choice");
- if (select == null) {
- CMS.debug("CAInfoPanel: choice not found");
- throw new IOException("choice not found");
- }
- */
IConfigStore config = CMS.getConfigStore();
try {
String subsystemselect = config.getString("preop.subsystem.select", "");
if (subsystemselect.equals("clone"))
return;
- } catch (Exception e) {
- }
- String select = null;
- String index = request.getParameter("urls");
- String url = "";
- if (index.startsWith("http")) {
- // user may submit url directlry
- url = index;
- } else {
- try {
+ String select = null;
+ String index = request.getParameter("urls");
+ String url = "";
+ if (index.startsWith("http")) {
+ // user may submit url directly
+ url = index;
+ } else {
int x = Integer.parseInt(index);
String list = config.getString("preop.ca.list", "");
StringTokenizer tokenizer = new StringTokenizer(list, ",");
@@ -235,54 +230,55 @@ public class CAInfoPanel extends WizardPanelBase {
}
counter++;
}
- } catch (Exception e) {
}
- }
- URL urlx = null;
+ URL urlx = null;
- if (url.equals("External CA")) {
- select = "otherca";
- config.putString("preop.ca.pkcs7", "");
- config.putInteger("preop.ca.certchain.size", 0);
- } else {
- select = "sdca";
+ if (url.equals("External CA")) {
+ select = "otherca";
+ config.putString("preop.ca.pkcs7", "");
+ config.putInteger("preop.ca.certchain.size", 0);
+ } else {
+ select = "sdca";
- // parse URL (CA1 - https://...)
- url = url.substring(url.indexOf("https"));
- urlx = new URL(url);
- }
+ // parse URL (CA1 - https://...)
+ url = url.substring(url.indexOf("https"));
+ urlx = new URL(url);
+ }
- ISubsystem subsystem = CMS.getSubsystem(ICertificateAuthority.ID);
+ ISubsystem subsystem = CMS.getSubsystem(ICertificateAuthority.ID);
- if (select.equals("sdca")) {
- config.putString("preop.ca.type", "sdca");
- CMS.debug("CAInfoPanel update: this is the CA in the security domain.");
- context.put("check_sdca", "checked");
- sdca(request, context, urlx.getHost(),
- Integer.toString(urlx.getPort()));
- if (subsystem != null) {
- config.putString(PCERT_PREFIX + "signing.type", "remote");
- config.putString(PCERT_PREFIX + "signing.profile",
- "caInstallCACert");
- }
- } else if (select.equals("otherca")) {
- config.putString("preop.ca.type", "otherca");
- context.put("check_otherca", "checked");
- if (subsystem != null) {
- config.putString(PCERT_PREFIX + "signing.type", "remote");
+ if (select.equals("sdca")) {
+ config.putString("preop.ca.type", "sdca");
+ CMS.debug("CAInfoPanel update: this is the CA in the security domain.");
+ context.put("check_sdca", "checked");
+ sdca(request, context, urlx.getHost(),
+ Integer.toString(urlx.getPort()));
+ if (subsystem != null) {
+ config.putString(PCERT_PREFIX + "signing.type", "remote");
+ config.putString(PCERT_PREFIX + "signing.profile",
+ "caInstallCACert");
+ }
+ } else if (select.equals("otherca")) {
+ config.putString("preop.ca.type", "otherca");
+ context.put("check_otherca", "checked");
+ if (subsystem != null) {
+ config.putString(PCERT_PREFIX + "signing.type", "remote");
+ }
+ CMS.debug("CAInfoPanel update: this is the other CA.");
}
- CMS.debug("CAInfoPanel update: this is the other CA.");
- }
- try {
config.commit(false);
} catch (Exception e) {
+ CMS.debug("CAInfoPanel update(): Exception thrown " + e);
+ e.printStackTrace();
+ context.put("updateStatus", "failure");
}
+ context.put("updateStatus", "success");
}
private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr)
- throws IOException {
+ throws IOException, CertificateEncodingException, EBaseException {
CMS.debug("CAInfoPanel update: this is the CA in the security domain.");
IConfigStore config = CMS.getConfigStore();
@@ -295,13 +291,10 @@ public class CAInfoPanel extends WizardPanelBase {
}
int httpsport = -1;
-
try {
httpsport = Integer.parseInt(httpsPortStr);
} catch (Exception e) {
- CMS.debug(
- "CAInfoPanel update: Https port is not valid. Exception: "
- + e.toString());
+ CMS.debug("CAInfoPanel update: Https port is not valid. Exception: " + e.toString());
throw new IOException("Http Port is not valid.");
}
@@ -314,7 +307,7 @@ public class CAInfoPanel extends WizardPanelBase {
}
/**
- * If validiate() returns false, this method will be called.
+ * If validate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
HttpServletResponse response,
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java
index 74d1069eb..4f9f1e905 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java
@@ -19,7 +19,6 @@ package com.netscape.cms.servlet.csadmin;
import java.io.IOException;
import java.math.BigInteger;
-import java.security.Principal;
import java.util.Enumeration;
import java.util.Locale;
import java.util.StringTokenizer;
@@ -30,16 +29,9 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import netscape.security.pkcs.PKCS10;
import netscape.security.util.CertPrettyPrint;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509Key;
import org.apache.velocity.context.Context;
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.crypto.InternalCertificate;
-import org.mozilla.jss.crypto.PrivateKey;
-import org.mozilla.jss.crypto.X509Certificate;
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.EBaseException;
@@ -102,49 +94,6 @@ public class CertRequestPanel extends WizardPanelBase {
return true;
}
- private boolean findCertificate(String tokenname, String nickname)
- throws IOException {
- IConfigStore cs = CMS.getConfigStore();
- CryptoManager cm = null;
- try {
- cm = CryptoManager.getInstance();
- } catch (Exception e) {
- }
-
- String fullnickname = nickname;
-
- boolean hardware = false;
- if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) {
- hardware = true;
- fullnickname = tokenname + ":" + nickname;
- }
-
- try {
- X509Certificate cert = cm.findCertByNickname(fullnickname);
- if (cert == null)
- return false;
- try {
- @SuppressWarnings("unused")
- boolean done = cs.getBoolean("preop.CertRequestPanel.done"); // check for errors
- return true;
- } catch (Exception ee) {
- if (hardware) {
- CMS.debug("CertRequestPanel findCertificate: The certificate with the same nickname: "
- + fullnickname + " has been found on HSM. Please remove it before proceeding.");
- throw new IOException("The certificate with the same nickname: "
- + fullnickname + " has been found on HSM. Please remove it before proceeding.");
- }
- return true;
- }
- } catch (IOException e) {
- CMS.debug("CertRequestPanel findCertificate: throw exception:" + e.toString());
- throw e;
- } catch (Exception e) {
- CMS.debug("CertRequestPanel findCertificate: Exception=" + e.toString());
- return false;
- }
- }
-
public void cleanUp() throws IOException {
IConfigStore cs = CMS.getConfigStore();
String list = "";
@@ -208,14 +157,14 @@ public class CertRequestPanel extends WizardPanelBase {
if (t.equals("sslserver"))
continue;
- if (findCertificate(tokenname, nickname)) {
- try {
+ try {
+ if (ConfigurationUtils.findCertificate(tokenname, nickname)) {
CMS.debug("CertRequestPanel cleanup: deleting certificate (" + nickname + ").");
- deleteCert(tokenname, nickname);
- } catch (Exception e) {
- CMS.debug("CertRequestPanel cleanup: failed to delete certificate ("
- + nickname + "). Exception: " + e.toString());
+ ConfigurationUtils.deleteCert(tokenname, nickname);
}
+ } catch (Exception e) {
+ CMS.debug("CertRequestPanel cleanup: failed to delete certificate ("
+ + nickname + "). Exception: " + e.toString());
}
}
@@ -249,17 +198,14 @@ public class CertRequestPanel extends WizardPanelBase {
Context context, String certTag, Cert cert) {
try {
- String subsystem = config.getString(
- PCERT_PREFIX + certTag + ".subsystem");
-
+ String subsystem = config.getString(PCERT_PREFIX + certTag + ".subsystem");
String certs = config.getString(subsystem + "." + certTag + ".cert", "");
if (cert != null) {
String certf = certs;
- CMS.debug(
- "CertRequestPanel getCert: certTag=" + certTag
- + " cert=" + certs);
+ CMS.debug("CertRequestPanel getCert: certTag=" + certTag + " cert=" + certs);
+
//get and set formated cert
if (!certs.startsWith("...")) {
certf = CryptoUtil.certFormat(certs);
@@ -289,94 +235,6 @@ public class CertRequestPanel extends WizardPanelBase {
} // try
}
- public X509Key getECCX509Key(IConfigStore config, String certTag)
- throws Exception {
- X509Key pubk = null;
- String pubKeyEncoded = config.getString(
- PCERT_PREFIX + certTag + ".pubkey.encoded");
- pubk = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded));
- return pubk;
- }
-
- public X509Key getRSAX509Key(IConfigStore config, String certTag)
- throws Exception {
- X509Key pubk = null;
-
- String pubKeyModulus = config.getString(
- PCERT_PREFIX + certTag + ".pubkey.modulus");
- String pubKeyPublicExponent = config.getString(
- PCERT_PREFIX + certTag + ".pubkey.exponent");
- pubk = CryptoUtil.getPublicX509Key(
- CryptoUtil.string2byte(pubKeyModulus),
- CryptoUtil.string2byte(pubKeyPublicExponent));
- return pubk;
- }
-
- public void handleCertRequest(IConfigStore config,
- Context context, String certTag, Cert cert) {
- try {
- // get public key
- String pubKeyType = config.getString(
- PCERT_PREFIX + certTag + ".keytype");
- String algorithm = config.getString(
- PCERT_PREFIX + certTag + ".keyalgorithm");
- X509Key pubk = null;
- if (pubKeyType.equals("rsa")) {
- pubk = getRSAX509Key(config, certTag);
- } else if (pubKeyType.equals("ecc")) {
- pubk = getECCX509Key(config, certTag);
- } else {
- CMS.debug("CertRequestPanel::handleCertRequest() - "
- + "pubKeyType " + pubKeyType + " is unsupported!");
- return;
- }
-
- CMS.debug("CertRequestPanel: tag=" + certTag);
- if (pubk != null) {
- CMS.debug("CertRequestPanel: got public key");
- } else {
- CMS.debug("CertRequestPanel: error getting public key null");
- return;
- }
-
- // get private key
- String privKeyID = config.getString(
- PCERT_PREFIX + certTag + ".privkey.id");
- CMS.debug("CertRequestPanel: privKeyID=" + privKeyID);
- byte[] keyIDb = CryptoUtil.string2byte(privKeyID);
-
- PrivateKey privk = CryptoUtil.findPrivateKeyFromID(keyIDb);
-
- if (privk != null) {
- CMS.debug("CertRequestPanel: got private key");
- } else {
- CMS.debug("CertRequestPanel: error getting private key null");
- }
-
- // construct cert request
- String caDN = config.getString(PCERT_PREFIX + certTag + ".dn");
-
- cert.setDN(caDN);
- PKCS10 certReq = CryptoUtil.createCertificationRequest(caDN, pubk,
- privk, algorithm);
-
- CMS.debug("CertRequestPanel: created cert request");
- byte[] certReqb = certReq.toByteArray();
- String certReqs = CryptoUtil.base64Encode(certReqb);
- String certReqf = CryptoUtil.reqFormat(certReqs);
-
- String subsystem = config.getString(
- PCERT_PREFIX + certTag + ".subsystem");
- config.putString(subsystem + "." + certTag + ".certreq", certReqs);
- config.commit(false);
- cert.setRequest(certReqf);
- } catch (Exception e) {
- CMS.debug("CertRequestPanel::handleCertRequest" + e.toString());
- CMS.debug(e);
- } // try
-
- }
-
/**
* Display the panel.
*/
@@ -399,20 +257,16 @@ public class CertRequestPanel extends WizardPanelBase {
String certTag = st.nextToken();
try {
- String subsystem = config.getString(
- PCERT_PREFIX + certTag + ".subsystem");
- String nickname = config.getString(
- subsystem + "." + certTag + ".nickname");
- String tokenname = config.getString(
- subsystem + "." + certTag + ".tokenname");
- Cert c = new Cert(tokenname, nickname, certTag);
-
- handleCertRequest(config, context, certTag, c);
+ String subsystem = config.getString(PCERT_PREFIX + certTag + ".subsystem");
+ String nickname = config.getString(subsystem + "." + certTag + ".nickname");
+ String tokenname = config.getString(subsystem + "." + certTag + ".tokenname");
- String type = config.getString(
- PCERT_PREFIX + certTag + ".type");
+ Cert c = new Cert(tokenname, nickname, certTag);
+ ConfigurationUtils.handleCertRequest(config, certTag, c);
+ String type = config.getString(PCERT_PREFIX + certTag + ".type");
c.setType(type);
+
boolean enable = config.getBoolean(PCERT_PREFIX + certTag + ".enable", true);
c.setEnable(enable);
getCert(config, context, certTag, c);
@@ -420,15 +274,12 @@ public class CertRequestPanel extends WizardPanelBase {
c.setSubsystem(subsystem);
mCerts.addElement(c);
} catch (Exception e) {
- CMS.debug(
- "CertRequestPanel:display() Exception caught: "
- + e.toString() + " for certTag " + certTag);
+ CMS.debug("CertRequestPanel:display() Exception caught: " + e.toString() +
+ " for certTag " + certTag);
}
}
} catch (Exception e) {
- CMS.debug(
- "CertRequestPanel:display() Exception caught: "
- + e.toString());
+ CMS.debug("CertRequestPanel:display() Exception caught: " + e.toString());
System.err.println("Exception caught: " + e.toString());
} // try
@@ -448,37 +299,6 @@ public class CertRequestPanel extends WizardPanelBase {
Context context) throws IOException {
}
- private boolean findBootstrapServerCert() {
- IConfigStore cs = CMS.getConfigStore();
- try {
- String instanceID = cs.getString("instanceId", "");
- String nickname = "Server-Cert cert-" + instanceID;
-
- CryptoManager cm = CryptoManager.getInstance();
- X509Certificate cert = cm.findCertByNickname(nickname);
- Principal issuerDN = cert.getIssuerDN();
- Principal subjectDN = cert.getSubjectDN();
- if (issuerDN.equals(subjectDN))
- return true;
- } catch (Exception e) {
- CMS.debug("CertRequestPanel findBootstrapServerCert Exception=" + e.toString());
- }
-
- return false;
- }
-
- private void deleteBootstrapServerCert() {
- IConfigStore cs = CMS.getConfigStore();
- try {
- String instanceID = cs.getString("instanceId", "");
- String nickname = "Server-Cert cert-" + instanceID;
-
- deleteCert("Internal Key Storage Token", nickname);
- } catch (Exception e) {
- CMS.debug("CertRequestPanel deleteBootstrapServerCert Exception=" + e.toString());
- }
- }
-
/**
* Commit parameter changes
*/
@@ -494,253 +314,37 @@ public class CertRequestPanel extends WizardPanelBase {
return;
}
- try {
- Enumeration<Cert> c = mCerts.elements();
+ Enumeration<Cert> c = mCerts.elements();
+ while (c.hasMoreElements()) {
+ Cert cert = c.nextElement();
+ if (hasErr) continue;
- String tokenname = "";
+ int ret=0;
try {
- tokenname = config.getString("preop.module.token", "");
+ cert.setCert(HttpInput.getCert(request, cert.getCertTag()));
+ cert.setCertChain(HttpInput.getCertChain(request, cert.getCertTag() + "_cc"));
+
+ ret = ConfigurationUtils.handleCerts(cert);
+ ConfigurationUtils.setCertPermissions(cert.getCertTag());
} catch (Exception e) {
+ CMS.debug("Exception in configuring system certificate " + cert.getCertTag() + ": " + e);
+ e.printStackTrace();
+ hasErr = true;
}
-
- while (c.hasMoreElements()) {
- Cert cert = c.nextElement();
- String certTag = cert.getCertTag();
- String subsystem = cert.getSubsystem();
- boolean enable = config.getBoolean(PCERT_PREFIX + certTag + ".enable", true);
- if (!enable)
- continue;
-
- if (hasErr)
- continue;
-
- String nickname = cert.getNickname();
-
- CMS.debug(
- "CertRequestPanel: update() for cert tag "
- + cert.getCertTag());
- // String b64 = config.getString(CERT_PREFIX+ certTag +".cert", "");
- String b64 = HttpInput.getCert(request, certTag);
-
- if (cert.getType().equals("local")
- && b64.equals(
- "...certificate be generated internally...")) {
-
- String pubKeyType = config.getString(
- PCERT_PREFIX + certTag + ".keytype");
- X509Key x509key = null;
- if (pubKeyType.equals("rsa")) {
- x509key = getRSAX509Key(config, certTag);
- } else if (pubKeyType.equals("ecc")) {
- x509key = getECCX509Key(config, certTag);
- }
-
- if (findCertificate(tokenname, nickname)) {
- if (!certTag.equals("sslserver"))
- continue;
- }
- X509CertImpl impl = CertUtil.createLocalCert(config, x509key,
- PCERT_PREFIX, certTag, cert.getType(), context);
-
- if (impl != null) {
- byte[] certb = impl.getEncoded();
- String certs = CryptoUtil.base64Encode(certb);
-
- cert.setCert(certs);
- config.putString(subsystem + "." + certTag + ".cert", certs);
- /* import certificate */
- CMS.debug(
- "CertRequestPanel configCert: nickname="
- + nickname);
-
- try {
- if (certTag.equals("sslserver") && findBootstrapServerCert())
- deleteBootstrapServerCert();
- if (findCertificate(tokenname, nickname))
- deleteCert(tokenname, nickname);
- if (certTag.equals("signing") && subsystem.equals("ca"))
- CryptoUtil.importUserCertificate(impl, nickname);
- else
- CryptoUtil.importUserCertificate(impl, nickname, false);
- CMS.debug(
- "CertRequestPanel configCert: cert imported for certTag "
- + certTag);
- } catch (Exception ee) {
- CMS.debug(
- "CertRequestPanel configCert: import certificate for certTag="
- + certTag + " Exception: "
- + ee.toString());
- CMS.debug("ok");
- // hasErr = true;
- }
- }
- } else if (cert.getType().equals("remote")) {
- if (b64 != null && b64.length() > 0
- && !b64.startsWith("...")) {
- String b64chain = HttpInput.getCertChain(request, certTag + "_cc");
- CMS.debug(
- "CertRequestPanel: in update() process remote...import cert");
-
- String input = HttpInput.getCert(request, cert.getCertTag());
-
- if (input != null) {
- try {
- if (certTag.equals("sslserver") && findBootstrapServerCert())
- deleteBootstrapServerCert();
- if (findCertificate(tokenname, nickname)) {
- deleteCert(tokenname, nickname);
- }
- } catch (Exception e) {
- CMS.debug("CertRequestPanel update (remote): deleteCert Exception=" + e.toString());
- }
- input = CryptoUtil.stripCertBrackets(input.trim());
- String certs = CryptoUtil.normalizeCertStr(input);
- byte[] certb = CryptoUtil.base64Decode(certs);
-
- config.putString(subsystem + "." + certTag + ".cert",
- certs);
- try {
- CryptoManager cm = CryptoManager.getInstance();
- X509Certificate x509cert = cm.importCertPackage(
- certb, nickname);
-
- CryptoUtil.trustCertByNickname(nickname);
- X509Certificate[] certchains = cm.buildCertificateChain(
- x509cert);
- X509Certificate leaf = null;
-
- if (certchains != null) {
- CMS.debug(
- "CertRequestPanel certchains length="
- + certchains.length);
- leaf = certchains[certchains.length - 1];
- }
-
- if (leaf == null) {
- CMS.debug("CertRequestPanel::update() - "
- + "leaf is null!");
- throw new IOException("leaf is null");
- }
-
- if (/*(certchains.length <= 1) &&*/
- (b64chain != null && b64chain.length() != 0)) {
- CMS.debug("CertRequestPanel: cert might not have contained chain...calling importCertificateChain: "
- + b64chain);
- try {
- CryptoUtil.importCertificateChain(
- CryptoUtil.normalizeCertAndReq(b64chain));
- } catch (Exception e) {
- CMS.debug("CertRequestPanel: importCertChain: Exception: " + e.toString());
- }
- }
-
- InternalCertificate icert = (InternalCertificate) leaf;
-
- icert.setSSLTrust(
- InternalCertificate.TRUSTED_CA
- | InternalCertificate.TRUSTED_CLIENT_CA
- | InternalCertificate.VALID_CA);
- CMS.debug(
- "CertRequestPanel configCert: import certificate successfully, certTag="
- + certTag);
- } catch (Exception ee) {
- CMS.debug(
- "CertRequestPanel configCert: import certificate for certTag="
- + certTag + " Exception: "
- + ee.toString());
- CMS.debug("ok");
- // hasErr=true;
- }
- } else {
- CMS.debug("CertRequestPanel: in update() input null");
- hasErr = true;
- }
- } else {
- CMS.debug("CertRequestPanel: in update() b64 not set");
- hasErr = true;
- }
-
- } else {
- b64 = CryptoUtil.stripCertBrackets(b64.trim());
- String certs = CryptoUtil.normalizeCertStr(b64);
- byte[] certb = CryptoUtil.base64Decode(certs);
- X509CertImpl impl = new X509CertImpl(certb);
- try {
- if (certTag.equals("sslserver") && findBootstrapServerCert())
- deleteBootstrapServerCert();
- if (findCertificate(tokenname, nickname)) {
- deleteCert(tokenname, nickname);
- }
- } catch (Exception ee) {
- CMS.debug("CertRequestPanel update: deleteCert Exception=" + ee.toString());
- }
-
- try {
- if (certTag.equals("signing") && subsystem.equals("ca"))
- CryptoUtil.importUserCertificate(impl, nickname);
- else
- CryptoUtil.importUserCertificate(impl, nickname, false);
- } catch (Exception ee) {
- CMS.debug("CertRequestPanel: Failed to import user certificate." + ee.toString());
- hasErr = true;
- }
- }
-
- //update requests in request queue for local certs to allow renewal
- if ((cert.getType().equals("local")) || (cert.getType().equals("selfsign"))) {
- CertUtil.updateLocalRequest(config, certTag, cert.getRequest(), "pkcs10", null);
- }
-
- if (certTag.equals("signing") && subsystem.equals("ca")) {
- String NickName = nickname;
- if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token"))
- NickName = tokenname + ":" + nickname;
-
- CMS.debug("CertRequestPanel update: set trust on CA signing cert " + NickName);
- CryptoUtil.trustCertByNickname(NickName);
- CMS.reinit(ICertificateAuthority.ID);
- }
- } //while loop
-
- if (hasErr == false) {
- config.putBoolean("preop.CertRequestPanel.done", true);
+ if (ret != 0) {
+ CMS.debug("System certificates not configured " + cert.getCertTag());
}
- config.commit(false);
- } catch (Exception e) {
- CMS.debug("CertRequestPanel: Exception caught: " + e.toString());
- System.err.println("Exception caught: " + e.toString());
}
+ // end new
- //reset the attribute of the user certificate to u,u,u
- String certlist = "";
- try {
- certlist = config.getString("preop.cert.list", "");
- StringTokenizer tokenizer = new StringTokenizer(certlist, ",");
- CryptoManager cm = CryptoManager.getInstance();
- while (tokenizer.hasMoreTokens()) {
- String tag = tokenizer.nextToken();
- if (tag.equals("signing"))
- continue;
- String nickname = config.getString("preop.cert." + tag + ".nickname", "");
- String tokenname = config.getString("preop.module.token", "");
- if (!tokenname.equals("Internal Key Storage Token"))
- nickname = tokenname + ":" + nickname;
- X509Certificate c = cm.findCertByNickname(nickname);
- if (c instanceof InternalCertificate) {
- InternalCertificate ic = (InternalCertificate) c;
- ic.setSSLTrust(InternalCertificate.USER);
- ic.setEmailTrust(InternalCertificate.USER);
- if (tag.equals("audit_signing")) {
- ic.setObjectSigningTrust(InternalCertificate.USER
- | InternalCertificate.VALID_PEER | InternalCertificate.TRUSTED_PEER);
- } else {
- ic.setObjectSigningTrust(InternalCertificate.USER);
- }
- }
- }
- } catch (Exception e) {
- }
if (!hasErr) {
+ try {
+ config.putBoolean("preop.CertRequestPanel.done", true);
+ config.commit(false);
+ } catch (EBaseException e) {
+ e.printStackTrace();
+ CMS.debug("Unable to commit changes to CS,cfg: " +e);
+ }
context.put("updateStatus", "success");
} else {
context.put("updateStatus", "failure");
@@ -748,7 +352,7 @@ public class CertRequestPanel extends WizardPanelBase {
}
/**
- * If validiate() returns false, this method will be called.
+ * If validate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
HttpServletResponse response,
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationRESTClient.java b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationRESTClient.java
index 330cdf19d..59bb1caf9 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationRESTClient.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationRESTClient.java
@@ -25,6 +25,7 @@ import java.net.URI;
import java.net.URISyntaxException;
import java.net.UnknownHostException;
import java.util.Enumeration;
+
import org.apache.http.client.HttpClient;
import org.apache.http.conn.scheme.LayeredSchemeSocketFactory;
import org.apache.http.conn.scheme.Scheme;
@@ -94,7 +95,7 @@ public class ConfigurationRESTClient {
return false;
}
}
-
+
private class JSSProtocolSocketFactory implements SchemeSocketFactory, LayeredSchemeSocketFactory {
@Override
public Socket createSocket(HttpParams params)
@@ -158,32 +159,32 @@ public class ConfigurationRESTClient {
URI uri = new URI(baseUri);
-
+
String protocol = uri.getScheme();
int port = uri.getPort();
-
+
clientCertNickname = null;
HttpClient httpclient = new DefaultHttpClient();
if(protocol != null && protocol.equals("https")) {
if (clientCertNick != null) {
clientCertNickname = clientCertNick;
}
-
+
Scheme scheme = new Scheme("https",port, new JSSProtocolSocketFactory());
-
+
// Register for port 443 our SSLSocketFactory to the ConnectionManager
httpclient.getConnectionManager().getSchemeRegistry().register(scheme);
-
+
}
-
-
+
+
ClientExecutor executor = new ApacheHttpClient4Executor(httpclient);
-
+
ResteasyProviderFactory providerFactory = ResteasyProviderFactory.getInstance();
providerFactory.addClientErrorInterceptor(new ConfigurationErrorInterceptor());
configClient = ProxyFactory.create(SystemConfigurationResource.class, uri, executor, providerFactory);
}
-
+
public ConfigurationResponseData configure(ConfigurationData data) {
ConfigurationResponseData response = configClient.configure(data);
return response;
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
index d4bcfd661..490911353 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
@@ -14,7 +14,7 @@
//
// (C) 2012 Red Hat, Inc.
// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
+// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
import java.io.BufferedReader;
@@ -142,6 +142,8 @@ import com.netscape.certsrv.ocsp.IOCSPAuthority;
import com.netscape.certsrv.usrgrp.IGroup;
import com.netscape.certsrv.usrgrp.IUGSubsystem;
import com.netscape.certsrv.usrgrp.IUser;
+import com.netscape.cms.servlet.csadmin.model.InstallToken;
+import com.netscape.cms.servlet.csadmin.model.InstallTokenRequest;
import com.netscape.cmsutil.crypto.CryptoUtil;
import com.netscape.cmsutil.http.HttpClient;
import com.netscape.cmsutil.http.HttpRequest;
@@ -150,25 +152,22 @@ import com.netscape.cmsutil.http.JssSSLSocketFactory;
import com.netscape.cmsutil.ldap.LDAPUtil;
import com.netscape.cmsutil.xml.XMLObject;
-import com.netscape.cms.servlet.csadmin.model.InstallToken;
-import com.netscape.cms.servlet.csadmin.model.InstallTokenRequest;
-
/**
* Utility class for functions to be used both by the RESTful installer
* and the UI Panels.
- *
+ *
* @author alee
*
*/
public class ConfigurationUtils {
-
+
private static final String PCERT_PREFIX = "preop.cert.";
public static String SUCCESS = "0";
public static String FAILURE = "1";
public static String AUTH_FAILURE = "2";
public static final BigInteger BIG_ZERO = new BigInteger("0");
public static final Long MINUS_ONE = Long.valueOf(-1);
-
+
public static boolean loginToken(CryptoToken token, String tokPwd) throws TokenException,
IncorrectPasswordException {
boolean rv = true;
@@ -190,6 +189,11 @@ public class ConfigurationUtils {
return rv;
}
+ public static String getHttpResponse(String hostname, int port, boolean secure,
+ String uri, String content, String clientnickname) throws IOException {
+ return getHttpResponse(hostname, port, secure, uri, content, clientnickname, null);
+ }
+
//TODO - replace with Jack's connector code
// or as we replace calls with restful calls, remove altogether
public static String getHttpResponse(String hostname, int port, boolean secure,
@@ -241,10 +245,10 @@ public class ConfigurationUtils {
return c;
}
-
+
public static void importCertChain(String host, int port, String serverPath, String tag)
throws IOException, SAXException, ParserConfigurationException, CertificateEncodingException,
- CertificateException, NotInitializedException, TokenException {
+ CertificateException, NotInitializedException, TokenException, EBaseException {
IConfigStore cs = CMS.getConfigStore();
ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
XMLObject parser = null;
@@ -255,7 +259,25 @@ public class ConfigurationUtils {
parser = new XMLObject(bis);
String certchain = parser.getValue("ChainBase64");
if ((certchain != null) && (certchain.length() > 0)) {
+ certchain = CryptoUtil.normalizeCertStr(certchain);
cs.putString("preop." + tag + ".pkcs7", certchain);
+
+ // separate individual certs in chain for display
+ byte[] decoded = CryptoUtil.base64Decode(certchain);
+ java.security.cert.X509Certificate[] b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded);
+ int size = 0;
+
+ if (b_certchain != null) {
+ size = b_certchain.length;
+ }
+ cs.putInteger("preop." + tag + ".certchain.size", size);
+ for (int i = 0; i < size; i++) {
+ byte[] bb = b_certchain[i].getEncoded();
+ cs.putString("preop." + tag + ".certchain." + i,
+ CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb)));
+ }
+
+ cs.commit(false);
CryptoUtil.importCertificateChain(certchain);
} else {
throw new IOException("importCertChain: Security Domain response does not contain certificate chain");
@@ -264,7 +286,7 @@ public class ConfigurationUtils {
throw new IOException("importCertChain: Failed to get response from security domain");
}
}
-
+
public static String getInstallToken(String sdhost, int sdport, String user, String passwd)
throws EPropertyNotFound, EBaseException, URISyntaxException {
IConfigStore cs = CMS.getConfigStore();
@@ -278,7 +300,7 @@ public class ConfigurationUtils {
return token.getToken();
}
-
+
public static String getGroupName(String uid, String subsystemname) {
IUGSubsystem subsystem = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
if (subsystem.isMemberOf(uid, "Enterprise CA Administrators") && subsystemname.equals("CA")) {
@@ -296,7 +318,7 @@ public class ConfigurationUtils {
}
return null;
}
-
+
public static String getDomainXML(String hostname, int https_admin_port, boolean https)
throws IOException, SAXException, ParserConfigurationException {
CMS.debug("getDomainXML start");
@@ -304,7 +326,7 @@ public class ConfigurationUtils {
if (c != null) {
ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
XMLObject parser = null;
-
+
parser = new XMLObject(bis);
String status = parser.getValue("Status");
CMS.debug("getDomainXML: status=" + status);
@@ -321,7 +343,7 @@ public class ConfigurationUtils {
}
return null;
}
-
+
public static void getSecurityDomainPorts(String domainXML, String host, int port) throws SAXException,
IOException, ParserConfigurationException {
ByteArrayInputStream bis = new ByteArrayInputStream(domainXML.getBytes());
@@ -351,7 +373,7 @@ public class ConfigurationUtils {
}
}
}
-
+
public static Vector<String> getUrlListFromSecurityDomain(IConfigStore config,
String type, String portType)
throws EPropertyNotFound, EBaseException, IOException, SAXException, ParserConfigurationException {
@@ -401,7 +423,7 @@ public class ConfigurationUtils {
return v;
}
-
+
public static boolean isValidCloneURI(String domainXML, String cloneHost, int clonePort) throws EPropertyNotFound,
EBaseException, SAXException, IOException, ParserConfigurationException {
IConfigStore cs = CMS.getConfigStore();
@@ -514,7 +536,7 @@ public class ConfigurationUtils {
config.commit(false);
}
-
+
public static void updateNumberRange(String hostname, int port, boolean https, String content, String type)
throws IOException, EBaseException, SAXException, ParserConfigurationException {
CMS.debug("updateNumberRange start host=" + hostname + " port=" + port);
@@ -562,9 +584,9 @@ public class ConfigurationUtils {
}
}
}
-
+
public static boolean updateConfigEntries(String hostname, int port, boolean https,
- String servlet, String uri, IConfigStore config)
+ String servlet, String uri, IConfigStore config)
throws IOException, EBaseException, SAXException, ParserConfigurationException {
CMS.debug("updateConfigEntries start");
String c = getHttpResponse(hostname, port, https, servlet, uri, null, null);
@@ -682,7 +704,7 @@ public class ConfigurationUtils {
return false;
}
-
+
public static void restoreCertsFromP12(String p12File, String p12Pass) throws EPropertyNotFound, EBaseException,
InvalidKeyException, CertificateException, NoSuchAlgorithmException,
InvalidAlgorithmParameterException, IllegalStateException, TokenException, IllegalBlockSizeException,
@@ -769,7 +791,7 @@ public class ConfigurationUtils {
}
}
-
+
public static boolean isCertdbCloned() {
IConfigStore cs = CMS.getConfigStore();
try {
@@ -790,11 +812,11 @@ public class ConfigurationUtils {
nickname = tokenname + ":" + nickname;
CMS.debug("isCertdbCloned: " + nickname);
-
+
// TODO : remove this when we eliminate the extraneous nicknames
- // needed for self tests
+ // needed for self tests
cs.putString(cstype + ".cert." + tag + ".nickname", nickname);
-
+
X509Certificate cert = cm.findCertByNickname(nickname);
if (cert == null)
return false;
@@ -805,14 +827,14 @@ public class ConfigurationUtils {
return true;
}
-
+
public static void importkeycert(Vector<Vector<Object>> pkeyinfo_collection,
Vector<Vector<Object>> cert_collection) throws IOException, CertificateException, TokenException,
NoSuchAlgorithmException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalStateException,
IllegalBlockSizeException, BadPaddingException, NotInitializedException, NicknameConflictException,
UserCertConflictException, NoSuchItemOnTokenException, EPropertyNotFound, EBaseException {
CryptoManager cm = CryptoManager.getInstance();
-
+
// delete all existing certificates first
deleteExistingCerts();
@@ -909,7 +931,7 @@ public class ConfigurationUtils {
}
return null;
}
-
+
public static org.mozilla.jss.crypto.PrivateKey.Type getPrivateKeyType(PublicKey pubkey) {
CMS.debug("Key Algorithm '" + pubkey.getAlgorithm() + "'");
if (pubkey.getAlgorithm().equals("EC")) {
@@ -917,7 +939,7 @@ public class ConfigurationUtils {
}
return org.mozilla.jss.crypto.PrivateKey.Type.RSA;
}
-
+
public static boolean isCASigningCert(String name) {
IConfigStore cs = CMS.getConfigStore();
try {
@@ -926,17 +948,17 @@ public class ConfigurationUtils {
} catch(Exception e) {
// nickname may not exist if this is not cloning a CA
};
-
+
return false;
}
-
+
public static boolean isAuditSigningCert(String name) throws EPropertyNotFound, EBaseException {
IConfigStore cs = CMS.getConfigStore();
String nickname = cs.getString("preop.master.audit_signing.nickname");
if (nickname.equals(name)) return true;
return false;
}
-
+
public static void deleteExistingCerts() {
IConfigStore cs = CMS.getConfigStore();
try {
@@ -967,7 +989,7 @@ public class ConfigurationUtils {
CMS.debug("deleteExistingCerts: Exception=" + e.toString());
}
}
-
+
public static byte[] getX509Cert(String nickname, Vector<Vector<Object>> cert_collection)
throws CertificateException {
for (int i = 0; i < cert_collection.size(); i++) {
@@ -980,7 +1002,7 @@ public class ConfigurationUtils {
}
return null;
}
-
+
public static void releaseConnection(LDAPConnection conn) {
try {
if (conn != null) conn.disconnect();
@@ -989,14 +1011,14 @@ public class ConfigurationUtils {
CMS.debug("releaseConnection: " + e);
}
}
-
+
public static void populateDB() throws IOException, EBaseException {
IConfigStore cs = CMS.getConfigStore();
-
+
String baseDN = cs.getString("internaldb.basedn");
String database = cs.getString("internaldb.database", "");
String remove = cs.getString("preop.database.removeData", "false");
-
+
IConfigStore dbCfg = cs.getSubStore("internaldb");
ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory();
dbFactory.init(dbCfg);
@@ -1159,7 +1181,7 @@ public class ConfigurationUtils {
releaseConnection(conn);
throw new IOException("Failed to import ldif files");
}
-
+
releaseConnection(conn);
}
@@ -1246,7 +1268,7 @@ public class ConfigurationUtils {
}
}
}
-
+
public static void cleanupDB(LDAPConnection conn, String baseDN, String database) {
String[] entries = {};
String filter = "objectclass=*";
@@ -1301,7 +1323,7 @@ public class ConfigurationUtils {
CMS.debug("cleanupDB: ldapexception thrown" + e);
}
}
-
+
public static void deleteEntries(LDAPSearchResults res, LDAPConnection conn,
String dn, String[] entries) {
String[] attrs = null;
@@ -1340,13 +1362,13 @@ public class ConfigurationUtils {
CMS.debug("deleteEntry: Exception=" + e.toString());
}
}
-
+
public static String getInstanceDir(LDAPConnection conn) throws LDAPException {
String instancedir = "";
String filter = "(objectclass=*)";
String[] attrs = { "nsslapd-directory" };
- LDAPSearchResults results = conn.search("cn=config,cn=ldbm database,cn=plugins,cn=config",
+ LDAPSearchResults results = conn.search("cn=config,cn=ldbm database,cn=plugins,cn=config",
LDAPv3.SCOPE_SUB, filter, attrs, false);
while (results.hasMoreElements()) {
@@ -1354,7 +1376,7 @@ public class ConfigurationUtils {
String dn = entry.getDN();
CMS.debug("getInstanceDir: DN for storing nsslapd-directory: " + dn);
LDAPAttributeSet entryAttrs = entry.getAttributeSet();
-
+
@SuppressWarnings("unchecked")
Enumeration<LDAPAttribute> attrsInSet = entryAttrs.getAttributes();
while (attrsInSet.hasMoreElements()) {
@@ -1375,7 +1397,7 @@ public class ConfigurationUtils {
return instancedir;
}
-
+
public static boolean deleteDir(File dir) {
if (dir.isDirectory()) {
String[] children = dir.list();
@@ -1388,7 +1410,7 @@ public class ConfigurationUtils {
}
return dir.delete();
}
-
+
public static void populateIndexes() throws EPropertyNotFound, EBaseException, IOException, LDAPException {
CMS.debug("populateIndexes(): start");
IConfigStore cs = CMS.getConfigStore();
@@ -1401,7 +1423,7 @@ public class ConfigurationUtils {
try {
importLDIFS("preop.internaldb.post_ldif", conn);
- /* For vlvtask, we need to check if the task has
+ /* For vlvtask, we need to check if the task has
been completed or not. Presence of nsTaskExitCode means task is complete
*/
String wait_dn = cs.getString("preop.internaldb.wait_dn", "");
@@ -1416,7 +1438,7 @@ public class ConfigurationUtils {
// restore the interrupted status
Thread.currentThread().interrupt();
}
-
+
try {
task = conn.read(wait_dn, (String[]) null);
if (task != null) {
@@ -1431,8 +1453,8 @@ public class ConfigurationUtils {
}
} catch (Exception le) {
CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + le.toString() + ")");
- }
- } while (!taskComplete);
+ }
+ } while (!taskComplete);
}
} catch (Exception e) {
CMS.debug("populateIndexes(): Exception thrown: " + e);
@@ -1441,7 +1463,7 @@ public class ConfigurationUtils {
releaseConnection(conn);
}
}
-
+
public static void setupReplication() throws EBaseException, IOException {
IConfigStore cs = CMS.getConfigStore();
@@ -1451,7 +1473,7 @@ public class ConfigurationUtils {
String replicationSecurity = cs.getString("internaldb.ldapconn.replicationSecurity");
int masterReplicationPort = cs.getInteger("internaldb.ldapconn.masterReplicationPort");
int cloneReplicationPort = cs.getInteger("internaldb.ldapconn.cloneReplicationPort");
-
+
//setup replication agreement
String masterAgreementName = "masterAgreement1-" + machinename + "-" + instanceId;
cs.putString("internaldb.replication.master", masterAgreementName);
@@ -1496,9 +1518,9 @@ public class ConfigurationUtils {
String master_replicationpwd = cs.getString("preop.internaldb.master.replication.password", "");
String replica_hostname = cs.getString("internaldb.ldapconn.host", "");
String replica_replicationpwd = cs.getString("preop.internaldb.replicationpwd", "");
- String basedn = cs.getString("internaldb.basedn");
+ String basedn = cs.getString("internaldb.basedn");
String suffix = cs.getString("internaldb.basedn", "");
-
+
String replicadn = "cn=replica,cn=\"" + suffix + "\",cn=mapping tree,cn=config";
CMS.debug("DatabasePanel setupReplication: replicadn=" + replicadn);
@@ -1563,7 +1585,7 @@ public class ConfigurationUtils {
releaseConnection(replicaConn);
}
}
-
+
public static void createReplicationManager(LDAPConnection conn, String bindUser, String pwd)
throws LDAPException {
LDAPAttributeSet attrs = null;
@@ -1646,7 +1668,7 @@ public class ConfigurationUtils {
conn.add(entry);
} catch (LDAPException e) {
if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) {
- /* BZ 470918 -we cant just add the new dn. We need to do a replace instead
+ /* BZ 470918 -we cant just add the new dn. We need to do a replace instead
* until the DS code is fixed */
CMS.debug("enableReplication: " + replicadn + " has already been used");
@@ -1672,8 +1694,8 @@ public class ConfigurationUtils {
return id + 1;
}
- public static void createReplicationAgreement(String replicadn, LDAPConnection conn, String name,
- String replicahost, int replicaport, String replicapwd, String basedn, String bindUser,
+ public static void createReplicationAgreement(String replicadn, LDAPConnection conn, String name,
+ String replicahost, int replicaport, String replicapwd, String basedn, String bindUser,
String secure, String replicationSecurity) throws LDAPException {
String dn = "cn=" + name + "," + replicadn;
CMS.debug("createReplicationAgreement: dn: " + dn);
@@ -1794,7 +1816,7 @@ public class ConfigurationUtils {
throw new IOException("nsDS5ReplicaLastInitStatus is null.");
}
}
-
+
public static void reInitSubsystem(String csType) throws EBaseException {
CMS.reinit(IDBSubsystem.SUB_ID);
if (csType.equals("CA"))
@@ -1803,7 +1825,7 @@ public class ConfigurationUtils {
CMS.reinit(IAuthzSubsystem.ID);
CMS.reinit(IUGSubsystem.ID);
}
-
+
public static void createECCKeyPair(String token, String curveName, IConfigStore config, String ct)
throws NoSuchAlgorithmException, NoSuchTokenException, TokenException,
CryptoManager.NotInitializedException, EPropertyNotFound, EBaseException {
@@ -1839,7 +1861,7 @@ public class ConfigurationUtils {
do {
if (ct.equals("sslserver") && sslType.equalsIgnoreCase("ECDH")) {
- CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set " +
+ CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set " +
"properly with -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
pair = CryptoUtil.generateECCKeyPair(token, curveName, null, ECDH_usages_mask);
} else {
@@ -1903,7 +1925,7 @@ public class ConfigurationUtils {
}
public static void setSigningAlgorithm(String ct, String keyAlgo, IConfigStore config) throws EPropertyNotFound, EBaseException {
- String systemType = config.getString("cs.type");
+ String systemType = config.getString("cs.type");
if (systemType.equalsIgnoreCase("CA")) {
if (ct.equals("signing")) {
config.putString("ca.signing.defaultSigningAlgorithm", keyAlgo);
@@ -1921,7 +1943,7 @@ public class ConfigurationUtils {
}
}
}
-
+
public static void configCert(HttpServletRequest request, HttpServletResponse response,
Context context, Cert certObj, WizardPanelBase panel) throws IOException {
@@ -2091,7 +2113,7 @@ public class ConfigurationUtils {
CMS.debug("configCert() exception caught:" + e.toString());
}
}
-
+
public static void updateConfig(IConfigStore config, String certTag)
throws EBaseException, IOException {
String token = config.getString("preop.module.token");
@@ -2147,7 +2169,7 @@ public class ConfigurationUtils {
nickname);
}
}
-
+
// for system certs verification
if (!token.equals("Internal Key Storage Token") && !token.equals("")) {
config.putString(subsystem + ".cert." + certTag + ".nickname",
@@ -2159,17 +2181,17 @@ public class ConfigurationUtils {
config.commit(false);
CMS.debug("updateConfig() done");
}
-
+
public static String getNickname(IConfigStore config, String certTag) throws EBaseException {
String instanceID = config.getString("instanceId", "");
-
+
String nickname = certTag + "Cert cert-" + instanceID;
String preferredNickname = null;
try {
preferredNickname = config.getString(PCERT_PREFIX + certTag + ".nickname", null);
} catch (EBaseException e) {
}
-
+
if (preferredNickname != null) {
return preferredNickname;
}
@@ -2203,7 +2225,7 @@ public class ConfigurationUtils {
return 0;
}
-
+
public static void updateCloneConfig()
throws EBaseException, IOException {
IConfigStore config = CMS.getConfigStore();
@@ -2237,7 +2259,7 @@ public class ConfigurationUtils {
audit_nn);
}
}
-
+
public static void handleCertRequest(IConfigStore config, String certTag, Cert cert) throws EPropertyNotFound,
EBaseException, InvalidKeyException, NotInitializedException, TokenException, NoSuchAlgorithmException,
NoSuchProviderException, CertificateException, SignatureException, IOException {
@@ -2288,7 +2310,7 @@ public class ConfigurationUtils {
cert.setRequest(certReqf);
}
-
+
public static X509Key getECCX509Key(IConfigStore config, String certTag) throws EPropertyNotFound, EBaseException,
InvalidKeyException {
X509Key pubk = null;
@@ -2357,6 +2379,7 @@ public class ConfigurationUtils {
CryptoUtil.importUserCertificate(impl, nickname, false);
CMS.debug("handleCerts(): cert imported for certTag " + certTag);
} catch (Exception ee) {
+ ee.printStackTrace();
CMS.debug("handleCerts(): import certificate for certTag=" + certTag + " Exception: " + ee.toString());
}
}
@@ -2364,7 +2387,7 @@ public class ConfigurationUtils {
if (b64 != null && b64.length() > 0 && !b64.startsWith("...")) {
CMS.debug("handleCert(): process remote...import cert");
String b64chain = cert.getCertChain();
-
+
try {
if (certTag.equals("sslserver") && findBootstrapServerCert())
deleteBootstrapServerCert();
@@ -2374,14 +2397,17 @@ public class ConfigurationUtils {
} catch (Exception e) {
CMS.debug("CertRequestPanel update (remote): deleteCert Exception=" + e.toString());
}
- byte[] certb = CryptoUtil.base64Decode(b64);
- config.putString(subsystem + "." + certTag + ".cert", b64);
+ b64 = CryptoUtil.stripCertBrackets(b64.trim());
+ String certs = CryptoUtil.normalizeCertStr(b64);
+ byte[] certb = CryptoUtil.base64Decode(certs);
+
+ config.putString(subsystem + "." + certTag + ".cert", certs);
try {
CryptoManager cm = CryptoManager.getInstance();
X509Certificate x509cert = cm.importCertPackage(certb, nickname);
CryptoUtil.trustCertByNickname(nickname);
-
+
X509Certificate[] certchains = cm.buildCertificateChain(x509cert);
X509Certificate leaf = null;
@@ -2413,6 +2439,7 @@ public class ConfigurationUtils {
| InternalCertificate.VALID_CA);
CMS.debug("handleCerts(): import certificate successfully, certTag=" + certTag);
} catch (Exception ee) {
+ ee.printStackTrace();
CMS.debug("handleCerts: import certificate for certTag=" + certTag + " Exception: "+ ee.toString());
}
@@ -2462,7 +2489,7 @@ public class ConfigurationUtils {
}
return 0;
}
-
+
public static void setCertPermissions(String tag) throws EBaseException, NotInitializedException,
ObjectNotFoundException, TokenException {
if (tag.equals("signing")) return;
@@ -2488,7 +2515,7 @@ public class ConfigurationUtils {
}
}
}
-
+
public static boolean findCertificate(String tokenname, String nickname) throws NotInitializedException,
TokenException, IOException {
IConfigStore cs = CMS.getConfigStore();
@@ -2552,7 +2579,7 @@ public class ConfigurationUtils {
String nickname = "Server-Cert cert-" + instanceID;
deleteCert("Internal Key Storage Token", nickname);
}
-
+
public static void deleteCert(String tokenname, String nickname) throws NotInitializedException,
NoSuchTokenException, TokenException {
@@ -2583,7 +2610,7 @@ public class ConfigurationUtils {
CMS.debug("deleteCert: cert deleted successfully");
}
}
-
+
public static void backupKeys(String pwd, String fname) throws EPropertyNotFound, EBaseException,
NotInitializedException, ObjectNotFoundException, TokenException, DigestException,
InvalidKeyException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidBERException,
@@ -2743,7 +2770,7 @@ public class ConfigurationUtils {
return attrs;
}
-
+
public static void createAdminCertificate(String certRequest, String certRequestType, String subject)
throws InvalidBERException, IOException, InvalidKeyException, InvalidKeyFormatException,
NoSuchAlgorithmException, SignatureException, NoSuchProviderException, EBaseException {
@@ -2778,7 +2805,7 @@ public class ConfigurationUtils {
}
cs.putString("preop.admincert.serialno.0", impl.getSerialNumber().toString(16));
}
-
+
public static void createPKCS7(X509CertImpl cert) throws IOException {
IConfigStore cs = CMS.getConfigStore();
ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
@@ -2801,7 +2828,7 @@ public class ConfigurationUtils {
String p7Str = CMS.BtoA(p7Bytes);
cs.putString("preop.admincert.pkcs7", CryptoUtil.normalizeCertStr(p7Str));
}
-
+
public static void createAdmin(String uid, String email, String name, String pwd) throws IOException,
EBaseException {
IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
@@ -2887,7 +2914,7 @@ public class ConfigurationUtils {
}
}
}
-
+
public static String submitAdminCertRequest(String ca_hostname, int ca_port, String profileId,
String certRequestType, String certRequest, String subjectDN) throws IOException, EBaseException,
SAXException, ParserConfigurationException {
@@ -2925,23 +2952,23 @@ public class ConfigurationUtils {
cs.putString("preop.admincert.serialno.0", serial);
String b64 = parser.getValue("b64");
-
+
// save in a file for access by ImportAdminCertPanel
String instanceRoot = cs.getString("instanceRoot", "");
String dir = instanceRoot + File.separator + "conf" + File.separator + "admin.b64";
cs.putString("preop.admincert.b64", dir);
-
+
PrintStream ps = new PrintStream(new FileOutputStream(dir));
ps.println(b64);
ps.flush();
ps.close();
-
+
return b64;
} else {
throw new IOException("submitAdminCertRequest: Failed to get response from ca");
}
}
-
+
public static void createSecurityDomain() throws EBaseException, LDAPException, NumberFormatException, IOException,
SAXException, ParserConfigurationException {
IConfigStore cs = CMS.getConfigStore();
@@ -3007,7 +3034,7 @@ public class ConfigurationUtils {
// @SuppressWarnings("unused")
// String c = getDomainXML(CMS.getEESSLHost(), Integer.parseInt(CMS.getAdminPort()), true);
}
-
+
public static void updateSecurityDomain() throws IOException, SAXException, ParserConfigurationException,
EPropertyNotFound, EBaseException {
IConfigStore cs = CMS.getConfigStore();
@@ -3050,7 +3077,7 @@ public class ConfigurationUtils {
@SuppressWarnings("unused")
String c = getDomainXML(sd_host, sd_admin_port, true);
}
-
+
public static boolean isSDHostDomainMaster(IConfigStore config) throws EPropertyNotFound, EBaseException,
IOException, SAXException, ParserConfigurationException {
String dm = "false";
@@ -3080,7 +3107,7 @@ public class ConfigurationUtils {
}
return dm.equalsIgnoreCase("true");
}
-
+
public static void updateDomainXML(String hostname, int port, boolean https,
String servlet, String uri) throws IOException, EBaseException, SAXException, ParserConfigurationException {
CMS.debug("WizardPanelBase updateDomainXML start hostname=" + hostname + " port=" + port);
@@ -3110,7 +3137,7 @@ public class ConfigurationUtils {
}
}
}
-
+
public static void updateConnectorInfo(String ownagenthost, String ownagentsport)
throws IOException, EBaseException, SAXException, ParserConfigurationException {
IConfigStore cs = CMS.getConfigStore();
@@ -3157,7 +3184,7 @@ public class ConfigurationUtils {
}
}
}
-
+
public static void setupClientAuthUser() throws EBaseException, CertificateException, IOException, SAXException,
ParserConfigurationException, LDAPException {
IConfigStore cs = CMS.getConfigStore();
@@ -3208,7 +3235,7 @@ public class ConfigurationUtils {
}
}
-
+
public static String getSubsystemCert(String host, int port, boolean https)
throws IOException, SAXException, ParserConfigurationException {
CMS.debug("getSubsystemCert() start");
@@ -3227,7 +3254,7 @@ public class ConfigurationUtils {
}
return null;
}
-
+
public static void importCACertToOCSP() throws IOException, EBaseException, CertificateEncodingException {
IConfigStore config = CMS.getConfigStore();
@@ -3264,7 +3291,7 @@ public class ConfigurationUtils {
CMS.debug("importCACertToOCSP(): Added CA certificate.");
}
}
-
+
public static void updateOCSPConfig()
throws IOException, EBaseException, SAXException, ParserConfigurationException {
IConfigStore config = CMS.getConfigStore();
@@ -3282,7 +3309,7 @@ public class ConfigurationUtils {
} else {
ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
XMLObject parser = new XMLObject(bis);
-
+
String status = parser.getValue("Status");
CMS.debug("WizardPanelBase updateOCSPConfig: status=" + status);
@@ -3296,7 +3323,7 @@ public class ConfigurationUtils {
}
}
}
-
+
public static void setupDBUser(String dbuser) throws CertificateException, LDAPException, EBaseException,
NotInitializedException, ObjectNotFoundException, TokenException, IOException {
IUGSubsystem system =
@@ -3347,15 +3374,15 @@ public class ConfigurationUtils {
String s = CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bytes));
return s;
}
-
+
public static void updateNextRanges() throws EBaseException, LDAPException {
IConfigStore cs = CMS.getConfigStore();
-
+
String endRequestNumStr = cs.getString("dbs.endRequestNumber", "");
String endSerialNumStr = cs.getString("dbs.endSerialNumber", "");
String type = cs.getString("cs.type");
String basedn = cs.getString("internaldb.basedn");
-
+
BigInteger endRequestNum = new BigInteger(endRequestNumStr);
BigInteger endSerialNum = new BigInteger(endSerialNumStr);
BigInteger oneNum = new BigInteger("1");
@@ -3385,10 +3412,10 @@ public class ConfigurationUtils {
conn.disconnect();
}
-
+
/**
* save variables needed for cloning and remove preops
- * @throws EBaseException
+ * @throws EBaseException
*/
public static void removePreopConfigEntries() throws EBaseException {
IConfigStore cs = CMS.getConfigStore();
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java
index 9e430e2fd..7ecbb0c8c 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java
@@ -93,18 +93,16 @@ public class CreateSubsystemPanel extends WizardPanelBase {
Context context) {
context.put("title", "Subsystem Type");
IConfigStore config = CMS.getConfigStore();
- String session_id = request.getParameter("session_id");
- if (session_id != null) {
- CMS.debug("CreateSubsystemPanel setting session id.");
- CMS.setConfigSDSessionId(session_id);
- }
- String errorString = "";
+ try {
+ String session_id = request.getParameter("session_id");
+ if (session_id != null) {
+ CMS.debug("CreateSubsystemPanel setting session id.");
+ CMS.setConfigSDSessionId(session_id);
+ }
- if (isPanelDone()) {
- try {
+ if (isPanelDone()) {
String s = config.getString("preop.subsystem.select");
-
if (s.equals("new")) {
context.put("check_newsubsystem", "checked");
context.put("check_clonesubsystem", "");
@@ -112,26 +110,14 @@ public class CreateSubsystemPanel extends WizardPanelBase {
context.put("check_newsubsystem", "");
context.put("check_clonesubsystem", "checked");
}
- context.put("subsystemName",
- config.getString("preop.subsystem.name"));
- } catch (Exception e) {
- CMS.debug(e.toString());
- }
- } else {
- context.put("check_newsubsystem", "checked");
- context.put("check_clonesubsystem", "");
- try {
- context.put("subsystemName",
- config.getString("preop.system.fullname"));
- } catch (Exception e) {
- CMS.debug(e.toString());
+ context.put("subsystemName", config.getString("preop.subsystem.name"));
+ } else {
+ context.put("check_newsubsystem", "checked");
+ context.put("check_clonesubsystem", "");
+ context.put("subsystemName", config.getString("preop.system.fullname"));
}
- }
-
- String cstype = "";
- try {
- cstype = config.getString("cs.type", "");
+ String cstype = config.getString("cs.type", "");
context.put("cstype", cstype);
context.put("wizardname", config.getString("preop.wizard.name"));
context.put("systemname", config.getString("preop.system.name"));
@@ -141,35 +127,48 @@ public class CreateSubsystemPanel extends WizardPanelBase {
context.put("https_agent_port", CMS.getAgentPort());
context.put("https_ee_port", CMS.getEESSLPort());
context.put("https_admin_port", CMS.getAdminPort());
- } catch (EBaseException e) {
- }
- Vector<String> v = getUrlListFromSecurityDomain(config, cstype, "SecurePort");
+ String domainType = config.getString("preop.securitydomain.select");
+ Vector<String> v = null;
+ if (!domainType.equals("new")) {
+ try {
+ v = ConfigurationUtils.getUrlListFromSecurityDomain(config, cstype, "SecurePort");
+ } catch (Exception e) {
+ // note: this is OK for a new master ca in a new domain
+ CMS.debug("Exception thrown when obtaining URL List from security domain:" + e);
+ e.printStackTrace();
+ }
+ }
- StringBuffer list = new StringBuffer();
- int size = v.size();
- for (int i = 0; i < size; i++) {
- if (i == size - 1) {
- list.append(v.elementAt(i));
- } else {
- list.append(v.elementAt(i));
- list.append(",");
+ if (v == null) {
+ v = new Vector<String>();
+ }
+
+ StringBuffer list = new StringBuffer();
+ int size = v.size();
+ for (int i = 0; i < size; i++) {
+ if (i == size - 1) {
+ list.append(v.elementAt(i));
+ } else {
+ list.append(v.elementAt(i));
+ list.append(",");
+ }
}
- }
- try {
config.putString("preop.master.list", list.toString());
config.commit(false);
- } catch (Exception e) {
- errorString = "Internal error, cs.type is missing from CS.cfg";
- }
- if (list.length() == 0)
- context.put("disableClone", "true");
+ if (list.length() == 0)
+ context.put("disableClone", "true");
- context.put("panel", "admin/console/config/createsubsystempanel.vm");
- context.put("errorString", errorString);
- context.put("urls", v);
+ context.put("panel", "admin/console/config/createsubsystempanel.vm");
+ context.put("urls", v);
+ context.put("errorString", "");
+ } catch (Exception e) {
+ e.printStackTrace();
+ context.put("errorString", e.toString());
+ CMS.debug("CreateSubsystemPanel: Exception thrown: " + e);
+ }
}
/**
@@ -186,7 +185,6 @@ public class CreateSubsystemPanel extends WizardPanelBase {
public void update(HttpServletRequest request,
HttpServletResponse response,
Context context) throws IOException {
- String errorString = "";
IConfigStore config = CMS.getConfigStore();
String select = HttpInput.getID(request, "choice");
@@ -196,43 +194,30 @@ public class CreateSubsystemPanel extends WizardPanelBase {
throw new IOException("choice not found");
}
- config.putString("preop.subsystem.name",
- HttpInput.getName(request, "subsystemName"));
- if (select.equals("newsubsystem")) {
- config.putString("preop.subsystem.select", "new");
- config.putString("subsystem.select", "New");
- } else if (select.equals("clonesubsystem")) {
- String cstype = "";
- try {
- cstype = config.getString("cs.type", "");
- } catch (Exception e) {
- }
-
- cstype = toLowerCaseSubsystemType(cstype);
-
- config.putString("preop.subsystem.select", "clone");
- config.putString("subsystem.select", "Clone");
-
- String lists = "";
- try {
- lists = config.getString("preop.cert.list", "");
- } catch (Exception ee) {
- }
-
- StringTokenizer t = new StringTokenizer(lists, ",");
- while (t.hasMoreTokens()) {
- String tag = t.nextToken();
- if (tag.equals("sslserver"))
- config.putBoolean(PCERT_PREFIX + tag + ".enable", true);
- else
- config.putBoolean(PCERT_PREFIX + tag + ".enable", false);
- }
+ try {
+ config.putString("preop.subsystem.name", HttpInput.getName(request, "subsystemName"));
+
+ if (select.equals("newsubsystem")) {
+ config.putString("preop.subsystem.select", "new");
+ config.putString("subsystem.select", "New");
+ } else if (select.equals("clonesubsystem")) {
+ config.putString("preop.subsystem.select", "clone");
+ config.putString("subsystem.select", "Clone");
+
+ String lists = config.getString("preop.cert.list", "");
+ StringTokenizer t = new StringTokenizer(lists, ",");
+ while (t.hasMoreTokens()) {
+ String tag = t.nextToken();
+ if (tag.equals("sslserver"))
+ config.putBoolean(PCERT_PREFIX + tag + ".enable", true);
+ else
+ config.putBoolean(PCERT_PREFIX + tag + ".enable", false);
+ }
- // get the master CA
- String index = request.getParameter("urls");
- String url = "";
+ // get the master CA
+ String index = request.getParameter("urls");
+ String url = "";
- try {
int x = Integer.parseInt(index);
String list = config.getString("preop.master.list", "");
StringTokenizer tokenizer = new StringTokenizer(list, ",");
@@ -240,55 +225,45 @@ public class CreateSubsystemPanel extends WizardPanelBase {
while (tokenizer.hasMoreTokens()) {
url = tokenizer.nextToken();
- if (counter == x) {
- break;
- }
+ if (counter == x) break;
counter++;
}
- } catch (Exception e) {
- }
- url = url.substring(url.indexOf("http"));
+ url = url.substring(url.indexOf("http"));
- URL u = new URL(url);
- String host = u.getHost();
- int https_ee_port = u.getPort();
+ URL u = new URL(url);
+ String host = u.getHost();
+ int https_ee_port = u.getPort();
- String https_admin_port = getSecurityDomainAdminPort(config,
- host,
- String.valueOf(https_ee_port),
- cstype);
+ String domainXML = config.getString("preop.domainXML");
- config.putString("preop.master.hostname", host);
- config.putInteger("preop.master.httpsport", https_ee_port);
- config.putString("preop.master.httpsadminport", https_admin_port);
+ // check URI and update preop.master port entries
+ boolean validUri = ConfigurationUtils.isValidCloneURI(domainXML, host, https_ee_port);
+ if (!validUri) {
+ throw new IOException("Invalid clone URI provided. Does not match the available subsystems in " +
+ "the security domain");
+ }
- ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
- if (cstype.equals("ca")) {
- updateCertChainUsingSecureEEPort(config, "clone", host, https_ee_port,
- true, context, certApprovalCallback);
+ ConfigurationUtils.importCertChain(host, https_ee_port, "/ca/ee/ca/getCertChain", "clone");
+ } else {
+ CMS.debug("CreateSubsystemPanel: invalid choice " + select);
+ context.put("updateStatus", "failure");
+ throw new IOException("invalid choice " + select);
}
- getTokenInfo(config, cstype, host, https_ee_port, true, context,
- certApprovalCallback);
- } else {
- CMS.debug("CreateSubsystemPanel: invalid choice " + select);
- errorString = "Invalid choice";
- context.put("updateStatus", "failure");
- throw new IOException("invalid choice " + select);
- }
-
- try {
config.commit(false);
- } catch (EBaseException e) {
+ } catch (Exception e) {
+ CMS.debug("CreateSubsystemPanel: Exception thrown : " + e);
+ context.put("errorString", e.toString());
+ context.put("updateStatus", "failure");
+ throw new IOException(e);
}
- context.put("errorString", errorString);
context.put("updateStatus", "success");
}
/**
- * If validiate() returns false, this method will be called.
+ * If validate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
HttpServletResponse response,
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
index ed2e4a22c..89f01e01c 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
@@ -17,50 +17,24 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.FileOutputStream;
-import java.io.FileReader;
import java.io.IOException;
-import java.io.PrintStream;
-import java.util.ArrayList;
-import java.util.Enumeration;
import java.util.Random;
-import java.util.StringTokenizer;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import netscape.ldap.LDAPAttribute;
-import netscape.ldap.LDAPAttributeSet;
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPDN;
-import netscape.ldap.LDAPEntry;
-import netscape.ldap.LDAPException;
-import netscape.ldap.LDAPModification;
-import netscape.ldap.LDAPSearchConstraints;
-import netscape.ldap.LDAPSearchResults;
-import netscape.ldap.LDAPv3;
-
import org.apache.velocity.context.Context;
import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.authentication.IAuthSubsystem;
-import com.netscape.certsrv.authorization.IAuthzSubsystem;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.dbs.IDBSubsystem;
-import com.netscape.certsrv.ldap.ILdapConnFactory;
import com.netscape.certsrv.property.Descriptor;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.property.PropertySet;
-import com.netscape.certsrv.usrgrp.IUGSubsystem;
import com.netscape.certsrv.util.HttpInput;
import com.netscape.cms.servlet.wizard.WizardServlet;
-import com.netscape.cmsutil.ldap.LDAPUtil;
public class DatabasePanel extends WizardPanelBase {
@@ -115,34 +89,22 @@ public class DatabasePanel extends WizardPanelBase {
public PropertySet getUsage() {
PropertySet set = new PropertySet();
- Descriptor hostDesc = new Descriptor(IDescriptor.STRING, null, null,
- "Host name");
-
+ Descriptor hostDesc = new Descriptor(IDescriptor.STRING, null, null, "Host name");
set.add("hostname", hostDesc);
- Descriptor portDesc = new Descriptor(IDescriptor.INTEGER, null, null,
- "Port");
-
+ Descriptor portDesc = new Descriptor(IDescriptor.INTEGER, null, null, "Port");
set.add("portStr", portDesc);
- Descriptor basednDesc = new Descriptor(IDescriptor.STRING, null, null,
- "Base DN");
-
+ Descriptor basednDesc = new Descriptor(IDescriptor.STRING, null, null, "Base DN");
set.add("basedn", basednDesc);
- Descriptor binddnDesc = new Descriptor(IDescriptor.STRING, null, null,
- "Bind DN");
-
+ Descriptor binddnDesc = new Descriptor(IDescriptor.STRING, null, null, "Bind DN");
set.add("binddn", binddnDesc);
- Descriptor bindpwdDesc = new Descriptor(IDescriptor.PASSWORD, null, null,
- "Bind Password");
-
+ Descriptor bindpwdDesc = new Descriptor(IDescriptor.PASSWORD, null, null, "Bind Password");
set.add("bindpwd", bindpwdDesc);
- Descriptor databaseDesc = new Descriptor(IDescriptor.STRING, null, null,
- "Database");
-
+ Descriptor databaseDesc = new Descriptor(IDescriptor.STRING, null, null, "Database");
set.add("database", databaseDesc);
return set;
@@ -408,495 +370,6 @@ public class DatabasePanel extends WizardPanelBase {
cs.putString("preop.database.errorString", "");
}
- private LDAPConnection getLocalLDAPConn(Context context, String secure)
- throws IOException {
- IConfigStore cs = CMS.getConfigStore();
-
- String host = "";
- String port = "";
- String pwd = "";
- String binddn = "";
- String security = "";
-
- try {
- host = cs.getString("internaldb.ldapconn.host");
- port = cs.getString("internaldb.ldapconn.port");
- binddn = cs.getString("internaldb.ldapauth.bindDN");
- pwd = (String) context.get("bindpwd");
- security = cs.getString("internaldb.ldapconn.secureConn");
- } catch (Exception e) {
- CMS.debug("DatabasePanel populateDB: " + e.toString());
- throw new IOException(
- "Failed to retrieve LDAP information from CS.cfg.");
- }
-
- int p = -1;
-
- try {
- p = Integer.parseInt(port);
- } catch (Exception e) {
- CMS.debug("DatabasePanel populateDB: " + e.toString());
- throw new IOException("Port is not valid");
- }
-
- LDAPConnection conn = null;
- if (security.equals("true")) {
- CMS.debug("DatabasePanel populateDB: creating secure (SSL) connection for internal ldap");
- conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
- } else {
- CMS.debug("DatabasePanel populateDB: creating non-secure (non-SSL) connection for internal ldap");
- conn = new LDAPConnection();
- }
-
- CMS.debug("DatabasePanel connecting to " + host + ":" + p);
- try {
- conn.connect(host, p, binddn, pwd);
- } catch (LDAPException e) {
- CMS.debug("DatabasePanel populateDB: " + e.toString());
- throw new IOException("Failed to connect to the internal database.");
- }
-
- return conn;
- }
-
- private boolean deleteDir(File dir) {
- if (dir.isDirectory()) {
- String[] children = dir.list();
- for (int i = 0; i < children.length; i++) {
- boolean success = deleteDir(new File(dir, children[i]));
- if (!success) {
- return false;
- }
- }
- }
-
- // The directory is now empty so delete it
- return dir.delete();
- }
-
- private void cleanupDB(LDAPConnection conn, String baseDN, String database) {
- String[] entries = {};
- String filter = "objectclass=*";
- LDAPSearchConstraints cons = null;
- String[] attrs = null;
- String dn = "";
- try {
- CMS.debug("Deleting baseDN: " + baseDN);
- LDAPSearchResults res = conn.search(baseDN, LDAPConnection.SCOPE_BASE, filter,
- attrs, true, cons);
- if (res != null)
- deleteEntries(res, conn, baseDN, entries);
- } catch (LDAPException e) {
- }
-
- try {
- dn = "cn=mapping tree, cn=config";
- filter = "nsslapd-backend=" + database;
- LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter,
- attrs, true, cons);
- if (res != null) {
- while (res.hasMoreElements()) {
- dn = res.next().getDN();
- filter = "objectclass=*";
- LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_BASE, filter,
- attrs, true, cons);
- if (res2 != null)
- deleteEntries(res2, conn, dn, entries);
- }
- }
- } catch (LDAPException e) {
- }
-
- try {
- dn = "cn=" + database + ",cn=ldbm database, cn=plugins, cn=config";
- LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_BASE, filter,
- attrs, true, cons);
- if (res != null) {
- deleteEntries(res, conn, dn, entries);
- String dbdir = getInstanceDir(conn) + "/db/" + database;
- if (dbdir != null) {
- CMS.debug(" Deleting dbdir " + dbdir);
- boolean success = deleteDir(new File(dbdir));
- if (!success) {
- CMS.debug("Unable to delete database directory " + dbdir);
- }
- }
- }
- } catch (LDAPException e) {
- }
- }
-
- private void populateDB(HttpServletRequest request, Context context, String secure)
- throws IOException {
- IConfigStore cs = CMS.getConfigStore();
-
- String baseDN = "";
- String database = "";
- String dn = "";
-
- try {
- baseDN = cs.getString("internaldb.basedn");
- database = cs.getString("internaldb.database", "");
- } catch (Exception e) {
- CMS.debug("DatabasePanel populateDB: " + e.toString());
- throw new IOException(
- "Failed to retrieve LDAP information from CS.cfg.");
- }
-
- String remove = HttpInput.getID(request, "removeData");
- LDAPConnection conn = getLocalLDAPConn(context, secure);
-
- // check that the database and baseDN do not exist
-
- boolean foundBaseDN = false;
- boolean foundDatabase = false;
- try {
- LDAPEntry entry = conn.read(baseDN);
- if (entry != null)
- foundBaseDN = true;
- } catch (LDAPException e) {
- switch (e.getLDAPResultCode()) {
- case LDAPException.NO_SUCH_OBJECT:
- break;
- default:
- CMS.debug("DatabasePanel update: LDAPException " + e.toString());
- throw new IOException("Failed to create the database");
- }
- }
-
- try {
- dn = "cn=" + database + ",cn=ldbm database, cn=plugins, cn=config";
- LDAPEntry entry = conn.read(dn);
- if (entry != null)
- foundDatabase = true;
- } catch (LDAPException e) {
- switch (e.getLDAPResultCode()) {
- case LDAPException.NO_SUCH_OBJECT:
- break;
- default:
- CMS.debug("DatabasePanel update: LDAPException " + e.toString());
- throw new IOException("Failed to create the database");
- }
- }
- try {
- dn = "cn=\"" + baseDN + "\",cn=mapping tree, cn=config";
- LDAPEntry entry = conn.read(dn);
- if (entry != null)
- foundDatabase = true;
- } catch (LDAPException e) {
- switch (e.getLDAPResultCode()) {
- case LDAPException.NO_SUCH_OBJECT:
- break;
- default:
- CMS.debug("DatabasePanel update: LDAPException " + e.toString());
- throw new IOException("Failed to create the database");
- }
- }
-
- if (foundDatabase) {
- CMS.debug("DatabasePanel update: This database has already been used.");
- if (remove == null) {
- throw new IOException(
- "This database has already been used. Select the checkbox below to remove all data and reuse this database");
- } else {
- CMS.debug("DatabasePanel update: Deleting existing DB and reusing base DN");
- cleanupDB(conn, baseDN, database);
- foundBaseDN = false;
- foundDatabase = false;
- }
- }
-
- if (foundBaseDN) {
- CMS.debug("DatabasePanel update: This base DN has already been used.");
- if (remove == null) {
- throw new IOException(
- "This base DN ("
- + baseDN
- + ") has already been used. Select the checkbox below to remove all data and reuse this base DN");
- } else {
- CMS.debug("DatabasePanel update: Deleting existing DB and reusing base DN");
- cleanupDB(conn, baseDN, database);
- foundBaseDN = false;
- foundDatabase = false;
- }
- }
-
- // create database
- try {
- LDAPAttributeSet attrs = new LDAPAttributeSet();
- String oc[] = { "top", "extensibleObject", "nsBackendInstance" };
- attrs.add(new LDAPAttribute("objectClass", oc));
- attrs.add(new LDAPAttribute("cn", database));
- attrs.add(new LDAPAttribute("nsslapd-suffix", baseDN));
- dn = "cn=" + database + ",cn=ldbm database, cn=plugins, cn=config";
- LDAPEntry entry = new LDAPEntry(dn, attrs);
- conn.add(entry);
- } catch (Exception e) {
- CMS.debug("Warning: database creation error - " + e.toString());
- throw new IOException("Failed to create the database.");
- }
-
- try {
- LDAPAttributeSet attrs = new LDAPAttributeSet();
- String oc2[] = { "top", "extensibleObject", "nsMappingTree" };
- attrs.add(new LDAPAttribute("objectClass", oc2));
- attrs.add(new LDAPAttribute("cn", baseDN));
- attrs.add(new LDAPAttribute("nsslapd-backend", database));
- attrs.add(new LDAPAttribute("nsslapd-state", "Backend"));
- dn = "cn=\"" + baseDN + "\",cn=mapping tree, cn=config";
- LDAPEntry entry = new LDAPEntry(dn, attrs);
- conn.add(entry);
- } catch (Exception e) {
- CMS.debug("Warning: database mapping tree creation error - " + e.toString());
- throw new IOException("Failed to create the database.");
- }
-
- try {
- // create base dn
- CMS.debug("Creating base DN: " + baseDN);
- String dns3[] = LDAPDN.explodeDN(baseDN, false);
- StringTokenizer st = new StringTokenizer(dns3[0], "=");
- String n = st.nextToken();
- String v = st.nextToken();
- LDAPAttributeSet attrs = new LDAPAttributeSet();
- String oc3[] = { "top", "domain" };
- if (n.equals("o")) {
- oc3[1] = "organization";
- } else if (n.equals("ou")) {
- oc3[1] = "organizationalUnit";
- }
- attrs.add(new LDAPAttribute("objectClass", oc3));
- attrs.add(new LDAPAttribute(n, v));
-
- LDAPEntry entry = new LDAPEntry(baseDN, attrs);
- conn.add(entry);
- } catch (Exception e) {
- CMS.debug("Warning: suffix creation error - " + e.toString());
- throw new IOException("Failed to create the base DN: " + baseDN);
- }
-
- // check to see if the base dn exists
- CMS.debug("DatabasePanel checking existing " + baseDN);
-
- try {
- LDAPEntry entry = conn.read(baseDN);
-
- if (entry != null) {
- foundBaseDN = true;
- }
- } catch (LDAPException e) {
- }
- boolean createBaseDN = true;
-
- boolean testing = false;
- try {
- testing = cs.getBoolean("internaldb.multipleSuffix.enable", false);
- } catch (Exception e) {
- }
-
- if (!foundBaseDN) {
- if (!testing) {
- context.put("errorString",
- "Base DN was not found. Please make sure to create the suffix in the internal database.");
- throw new IOException("Base DN not found");
- }
-
- if (createBaseDN) {
- // only auto create if it is an ou entry
- String dns1[] = LDAPDN.explodeDN(baseDN, false);
-
- if (dns1 == null) {
- throw new IOException("Invalid base DN");
- }
- if (!dns1[0].startsWith("ou")) {
- throw new IOException(
- "Failed to find base DN, and failed to create non ou entry.");
- }
- String dns2[] = LDAPDN.explodeDN(baseDN, true);
- // support only one level creation - create new entry
- // right under the suffix
- LDAPAttributeSet attrs = new LDAPAttributeSet();
- String oc[] = { "top", "organizationalUnit" };
-
- attrs.add(new LDAPAttribute("objectClass", oc));
- attrs.add(new LDAPAttribute("ou", dns2[0]));
- LDAPEntry entry = new LDAPEntry(baseDN, attrs);
-
- try {
- conn.add(entry);
- foundBaseDN = true;
- CMS.debug("DatabasePanel added " + baseDN);
- } catch (LDAPException e) {
- throw new IOException("Failed to create " + baseDN);
- }
- }
- }
- if (!foundBaseDN) {
- throw new IOException("Failed to find base DN");
- }
-
- String select = "";
- try {
- select = cs.getString("preop.subsystem.select", "");
- } catch (Exception e) {
- }
-
- if (select.equals("clone")) {
- // if this is clone, add index before replication
- // don't put in the schema or bad things will happen
- importLDIFS("preop.internaldb.ldif", conn);
- importLDIFS("preop.internaldb.index_ldif", conn);
- importLDIFS("preop.internaldb.manager_ldif", conn);
- } else {
- // data will be replicated from the master to the clone
- // so clone does not need the data
- importLDIFS("preop.internaldb.schema.ldif", conn);
- importLDIFS("preop.internaldb.ldif", conn);
- importLDIFS("preop.internaldb.data_ldif", conn);
- importLDIFS("preop.internaldb.index_ldif", conn);
- importLDIFS("preop.internaldb.manager_ldif", conn);
- }
-
- try {
- conn.disconnect();
- } catch (LDAPException e) {
- }
- }
-
- private void importLDIFS(String param, LDAPConnection conn) throws IOException {
- IConfigStore cs = CMS.getConfigStore();
- String v = null;
-
- CMS.debug("DatabasePanel populateDB param=" + param);
- try {
- v = cs.getString(param);
- } catch (EBaseException e) {
- CMS.debug("DatabasePanel populateDB: " + e.toString());
- throw new IOException("Cant find ldif files.");
- }
-
- StringTokenizer tokenizer = new StringTokenizer(v, ",");
- String baseDN = null;
- String database = null;
-
- try {
- baseDN = cs.getString("internaldb.basedn");
- } catch (EBaseException e) {
- throw new IOException("internaldb.basedn is missing.");
- }
-
- try {
- database = cs.getString("internaldb.database");
- CMS.debug("DatabasePanel update: database=" + database);
- } catch (EBaseException e) {
- CMS.debug(
- "DatabasePanel update: Failed to get database name. Exception: "
- + e.toString());
- database = "userRoot";
- }
-
- String instancePath = null;
-
- try {
- instancePath = cs.getString("instanceRoot");
- } catch (EBaseException e) {
- throw new IOException("instanceRoot is missing");
- }
-
- String instanceId = null;
-
- try {
- instanceId = cs.getString("instanceId");
- } catch (EBaseException e) {
- throw new IOException("instanceId is missing");
- }
-
- String dbuser = null;
- try {
- dbuser = "uid=" + cs.getString("cs.type") + "-" + cs.getString("machineName") + "-"
- + cs.getString("service.securePort") + ",ou=people," + baseDN;
- } catch (EBaseException e) {
- CMS.debug("Unable to construct dbuser" + e.toString());
- e.printStackTrace();
- throw new IOException("unable to construct dbuser");
- }
-
- String configDir = instancePath + File.separator + "conf";
-
- while (tokenizer.hasMoreTokens()) {
- String token = tokenizer.nextToken().trim();
- int index = token.lastIndexOf("/");
- String name = token;
-
- if (index != -1) {
- name = token.substring(index + 1);
- }
-
- CMS.debug("DatabasePanel importLDIFS: ldif file = " + token);
- String filename = configDir + File.separator + name;
-
- CMS.debug("DatabasePanel importLDIFS: ldif file copy to " + filename);
- PrintStream ps = null;
- BufferedReader in = null;
-
- try {
- in = new BufferedReader(new FileReader(token));
- ps = new PrintStream(new FileOutputStream(filename, false));
- while (in.ready()) {
- String s = in.readLine();
- int n = s.indexOf("{");
-
- if (n == -1) {
- ps.println(s);
- } else {
- boolean endOfline = false;
-
- while (n != -1) {
- ps.print(s.substring(0, n));
- int n1 = s.indexOf("}");
- String tok = s.substring(n + 1, n1);
-
- if (tok.equals("instanceId")) {
- ps.print(instanceId);
- } else if (tok.equals("rootSuffix")) {
- ps.print(baseDN);
- } else if (tok.equals("database")) {
- ps.print(database);
- } else if (tok.equals("dbuser")) {
- ps.print(dbuser);
- }
- if ((s.length() + 1) == n1) {
- endOfline = true;
- break;
- }
- s = s.substring(n1 + 1);
- n = s.indexOf("{");
- }
-
- if (!endOfline) {
- ps.println(s);
- }
- }
- }
- in.close();
- ps.close();
- } catch (Exception e) {
- CMS.debug("DBSubsystem popuateDB: " + e.toString());
- throw new IOException(
- "Problem of copying ldif file: " + filename);
- }
- ArrayList<String> errors = new ArrayList<String>();
- LDAPUtil.importLDIF(conn, filename, errors);
- if (! errors.isEmpty()) {
- CMS.debug("DatabasePanel: importLDIFS: LDAP Errors in importing " + filename);
- for (String error: errors) {
- CMS.debug(error);
- }
- }
- }
- }
-
-
/**
* Commit parameter changes
*/
@@ -904,7 +377,6 @@ public class DatabasePanel extends WizardPanelBase {
HttpServletResponse response,
Context context) throws IOException {
IConfigStore cs = CMS.getConfigStore();
- boolean hasErr = false;
context.put("firsttime", "false");
try {
@@ -918,12 +390,16 @@ public class DatabasePanel extends WizardPanelBase {
String portStr1 = "";
String database1 = "";
String masterPortStr = "";
+ String csType = "";
+ String select = "";
try {
hostname1 = cs.getString("internaldb.ldapconn.host", "");
portStr1 = cs.getString("internaldb.ldapconn.port", "");
database1 = cs.getString("internaldb.database", "");
masterPortStr = cs.getString("preop.internaldb.master.ldapconn.port", "0");
+ csType = cs.getString("cs.type");
+ select = cs.getString("preop.subsystem.select", "");
} catch (Exception e) {
}
@@ -952,11 +428,9 @@ public class DatabasePanel extends WizardPanelBase {
cs.putString("internaldb.ldapauth.bindDN", binddn);
cs.putString("internaldb.ldapconn.secureConn", (secure.equals("on") ? "true" : "false"));
- int masterReplicationPort = 0;
if ((masterReplicationPortStr == null) || (masterReplicationPortStr.length() == 0)) {
masterReplicationPortStr = masterPortStr;
}
- masterReplicationPort = Integer.parseInt(masterReplicationPortStr);
cs.putString("internaldb.ldapconn.masterReplicationPort", masterReplicationPortStr);
int cloneReplicationPort = 0;
@@ -976,6 +450,9 @@ public class DatabasePanel extends WizardPanelBase {
cs.putString("internaldb.ldapconn.replicationSecurity", replicationSecurity);
String remove = HttpInput.getID(request, "removeData");
+ cs.putString("preop.database.removeData", ((remove != null) && (!remove.equals(""))) ?
+ "true" : "false");
+
if (isPanelDone() && (remove == null || remove.equals(""))) {
/* if user submits the same data, they just want to skip
to the next panel, no database population is required. */
@@ -990,283 +467,47 @@ public class DatabasePanel extends WizardPanelBase {
mServlet.cleanUpFromPanel(mServlet.getPanelNo(request));
try {
- populateDB(request, context, (secure.equals("on") ? "true" : "false"));
- } catch (IOException e) {
- CMS.debug("DatabasePanel update: populateDB Exception: " + e.toString());
- context.put("updateStatus", "failure");
- throw e;
- } catch (Exception e) {
- CMS.debug("DatabasePanel update: populateDB Exception: " + e.toString());
- context.put("errorString", e.toString());
- cs.putString("preop.database.errorString", e.toString());
- context.put("updateStatus", "failure");
- throw new IOException(e.toString());
- }
-
- String bindpwd = HttpInput.getPassword(request, "__bindpwd");
-
- /* BZ 430745 create password for replication manager */
- String replicationpwd = Integer.toString(new Random().nextInt());
+ /* BZ 430745 create password for replication manager */
+ String replicationpwd = Integer.toString(new Random().nextInt());
- IConfigStore psStore = null;
- String passwordFile = null;
-
- try {
+ IConfigStore psStore = null;
+ String passwordFile = null;
passwordFile = cs.getString("passwordFile");
psStore = CMS.createFileConfigStore(passwordFile);
- } catch (Exception e) {
- CMS.debug("ConfigDatabaseServlet update: " + e.toString());
- context.put("updateStatus", "failure");
- throw new IOException(e.toString());
- }
- psStore.putString("internaldb", bindpwd);
- psStore.putString("replicationdb", replicationpwd);
- cs.putString("preop.internaldb.replicationpwd", replicationpwd);
- cs.putString("preop.database.removeData", "false");
-
- try {
- cs.commit(false);
+ psStore.putString("internaldb", HttpInput.getPassword(request, "__bindpwd"));
+ psStore.putString("replicationdb", replicationpwd);
psStore.commit(false);
- CMS.reinit(IDBSubsystem.SUB_ID);
- String type = cs.getString("cs.type", "");
- if (type.equals("CA"))
- CMS.reinit(ICertificateAuthority.ID);
- CMS.reinit(IAuthSubsystem.ID);
- CMS.reinit(IAuthzSubsystem.ID);
- CMS.reinit(IUGSubsystem.ID);
- } catch (Exception e) {
- CMS.debug("DatabasePanel update: " + e.toString());
- context.put("errorString", e.toString());
- cs.putString("preop.database.errorString", e.toString());
- context.put("updateStatus", "failure");
- throw new IOException(e.toString());
- }
- String select = "";
- try {
- select = cs.getString("preop.subsystem.select", "");
- } catch (Exception e) {
- }
+ ConfigurationUtils.populateDB();
- // always populate the index the last
- try {
- CMS.debug("Populating local indexes");
- LDAPConnection conn = getLocalLDAPConn(context,
- (secure.equals("on") ? "true" : "false"));
- importLDIFS("preop.internaldb.post_ldif", conn);
-
- /* For vlvtask, we need to check if the task has
- been completed or not. Presence of nsTaskExitCode means task is complete
- */
- String wait_dn = cs.getString("preop.internaldb.wait_dn", "");
- if (!wait_dn.equals("")) {
- int i = 0;
- LDAPEntry task = null;
- boolean taskComplete = false;
- CMS.debug("Checking wait_dn " + wait_dn);
- do {
- Thread.sleep(1000);
- try {
- task = conn.read(wait_dn, (String[]) null);
- if (task != null) {
- LDAPAttribute attr = task.getAttribute("nsTaskExitCode");
- if (attr != null) {
- taskComplete = true;
- String val = (String) attr.getStringValues().nextElement();
- if (val.compareTo("0") != 0) {
- CMS.debug("Error in populating local indexes: nsTaskExitCode=" + val);
- }
- }
- }
- } catch (LDAPException le) {
- CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + le.toString() + ")");
- } catch (Exception e) {
- CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + e.toString() + ").");
- }
- } while ((!taskComplete) && (i < 20));
- if (i < 20) {
- CMS.debug("Done checking wait_dn " + wait_dn);
- } else {
- CMS.debug("Done checking wait_dn " + wait_dn + " due to timeout.");
- }
- }
+ cs.putString("preop.internaldb.replicationpwd", replicationpwd);
+ cs.putString("preop.database.removeData", "false");
- conn.disconnect();
- CMS.debug("Done populating local indexes");
- } catch (Exception e) {
- CMS.debug("Populating index failure - " + e);
- }
-
- // setup replication after indexes have been created
- if (select.equals("clone")) {
- CMS.debug("Start setting up replication.");
- setupReplication(request, context, (secure.equals("on") ? "true" : "false"),
- replicationSecurity, masterReplicationPort, cloneReplicationPort);
- CMS.debug("Finish setting up replication.");
+ ConfigurationUtils.reInitSubsystem(csType);
+ ConfigurationUtils.populateIndexes();
- try {
- CMS.reinit(IDBSubsystem.SUB_ID);
- String type = cs.getString("cs.type", "");
- if (type.equals("CA"))
- CMS.reinit(ICertificateAuthority.ID);
- CMS.reinit(IAuthSubsystem.ID);
- CMS.reinit(IAuthzSubsystem.ID);
- CMS.reinit(IUGSubsystem.ID);
- } catch (Exception e) {
+ if (select.equals("clone")) {
+ CMS.debug("Start setting up replication.");
+ ConfigurationUtils.setupReplication();
+ ConfigurationUtils.reInitSubsystem(csType);
}
- }
- if (hasErr == false) {
cs.putBoolean("preop.Database.done", true);
- try {
- cs.commit(false);
- } catch (EBaseException e) {
- CMS.debug(
- "DatabasePanel: update() Exception caught at config commit: "
- + e.toString());
- }
- }
- context.put("updateStatus", "success");
- }
-
- private void setupReplication(HttpServletRequest request,
- Context context, String secure, String replicationSecurity,
- int masterReplicationPort, int cloneReplicationPort)
- throws IOException {
- IConfigStore cs = CMS.getConfigStore();
-
- String cstype = "";
- String machinename = "";
- String instanceId = "";
- try {
- cstype = cs.getString("cs.type");
- cstype = toLowerCaseSubsystemType(cstype);
- machinename = cs.getString("machineName", "");
- instanceId = cs.getString("instanceId", "");
- } catch (Exception e) {
- }
-
- //setup replication agreement
- String masterAgreementName = "masterAgreement1-" + machinename + "-" + instanceId;
- cs.putString("internaldb.replication.master", masterAgreementName);
- String cloneAgreementName = "cloneAgreement1-" + machinename + "-" + instanceId;
- cs.putString("internaldb.replication.consumer", cloneAgreementName);
-
- try {
cs.commit(false);
} catch (Exception e) {
- }
-
- // get connection to master
- LDAPConnection masterConn = null;
- ILdapConnFactory masterFactory = null;
- try {
- IConfigStore masterCfg = cs.getSubStore("preop.internaldb.master");
- masterFactory = CMS.getLdapBoundConnFactory();
- masterFactory.init(masterCfg);
- masterConn = masterFactory.getConn();
- } catch (Exception e) {
- CMS.debug("Failed to set up connection to master:" + e.toString());
- e.printStackTrace();
- throw new IOException("Failed to set up replication: No connection to master");
- }
-
- // get connection to replica
- LDAPConnection replicaConn = null;
- ILdapConnFactory replicaFactory = null;
- try {
- IConfigStore replicaCfg = cs.getSubStore("internaldb");
- replicaFactory = CMS.getLdapBoundConnFactory();
- replicaFactory.init(replicaCfg);
- replicaConn = replicaFactory.getConn();
- } catch (Exception e) {
- CMS.debug("Failed to set up connection to replica:" + e.toString());
e.printStackTrace();
- throw new IOException("Failed to set up replication: No connection to replica");
- }
-
- String master_hostname = "";
- String master_replicationpwd = "";
- String replica_hostname = "";
- String replica_replicationpwd = "";
-
- try {
- master_hostname = cs.getString("preop.internaldb.master.ldapconn.host", "");
- master_replicationpwd = cs.getString("preop.internaldb.master.replication.password", "");
- replica_hostname = cs.getString("internaldb.ldapconn.host", "");
- replica_replicationpwd = cs.getString("preop.internaldb.replicationpwd", "");
- } catch (Exception e) {
- }
-
- String basedn = "";
- try {
- basedn = cs.getString("internaldb.basedn");
- } catch (Exception e) {
+ CMS.debug("DatabasePanel update: error in populating database " + e.toString());
+ context.put("errorString", e.toString());
+ cs.putString("preop.database.errorString", e.toString());
+ context.put("updateStatus", "failure");
+ throw new IOException(e.toString());
}
- try {
- String suffix = cs.getString("internaldb.basedn", "");
-
- String replicadn = "cn=replica,cn=\"" + suffix + "\",cn=mapping tree,cn=config";
- CMS.debug("DatabasePanel setupReplication: replicadn=" + replicadn);
-
- String masterBindUser = "Replication Manager " + masterAgreementName;
- String cloneBindUser = "Replication Manager " + cloneAgreementName;
-
- createReplicationManager(masterConn, masterBindUser, master_replicationpwd);
- createReplicationManager(replicaConn, cloneBindUser, replica_replicationpwd);
-
- String dir1 = getInstanceDir(masterConn);
- createChangeLog(masterConn, dir1 + "/changelogs");
-
- String dir2 = getInstanceDir(replicaConn);
- createChangeLog(replicaConn, dir2 + "/changelogs");
-
- int replicaId = cs.getInteger("dbs.beginReplicaNumber", 1);
-
- replicaId = enableReplication(replicadn, masterConn, masterBindUser, basedn, replicaId);
- replicaId = enableReplication(replicadn, replicaConn, cloneBindUser, basedn, replicaId);
- cs.putString("dbs.beginReplicaNumber", Integer.toString(replicaId));
-
- CMS.debug("DatabasePanel setupReplication: Finished enabling replication");
-
- createReplicationAgreement(replicadn, masterConn, masterAgreementName,
- replica_hostname, cloneReplicationPort, replica_replicationpwd, basedn,
- cloneBindUser, secure, replicationSecurity);
-
- createReplicationAgreement(replicadn, replicaConn, cloneAgreementName,
- master_hostname, masterReplicationPort, master_replicationpwd, basedn,
- masterBindUser, secure, replicationSecurity);
-
- // initialize consumer
- initializeConsumer(replicadn, masterConn, masterAgreementName);
-
- while (!replicationDone(replicadn, masterConn, masterAgreementName)) {
- CMS.debug("DatabasePanel setupReplication: Waiting for replication to complete");
- Thread.sleep(1000);
- }
-
- String status = replicationStatus(replicadn, masterConn, masterAgreementName);
- if (!status.startsWith("0 ")) {
- CMS.debug("DatabasePanel setupReplication: consumer initialization failed. " +
- status);
- throw new IOException("consumer initialization failed. " + status);
- }
-
- // remove master ldap password from password.conf (if present)
- String passwordFile = cs.getString("passwordFile");
- IConfigStore psStore = CMS.createFileConfigStore(passwordFile);
- psStore.remove("master_internaldb");
- psStore.commit(false);
-
- } catch (Exception e) {
- CMS.debug("DatabasePanel setupReplication: " + e.toString());
- throw new IOException("Failed to setup the replication for cloning.");
- }
+ context.put("updateStatus", "success");
}
/**
- * If validiate() returns false, this method will be called.
+ * If validate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
HttpServletResponse response,
@@ -1280,312 +521,4 @@ public class DatabasePanel extends WizardPanelBase {
context.put("panel", "admin/console/config/databasepanel.vm");
}
- private void createReplicationManager(LDAPConnection conn, String bindUser, String pwd)
- throws LDAPException {
- LDAPAttributeSet attrs = null;
- LDAPEntry entry = null;
- String dn = "cn=" + bindUser + ",ou=csusers,cn=config";
- try {
- attrs = new LDAPAttributeSet();
- attrs.add(new LDAPAttribute("objectclass", "top"));
- attrs.add(new LDAPAttribute("objectclass", "person"));
- attrs.add(new LDAPAttribute("userpassword", pwd));
- attrs.add(new LDAPAttribute("cn", bindUser));
- attrs.add(new LDAPAttribute("sn", "manager"));
- entry = new LDAPEntry(dn, attrs);
- conn.add(entry);
- } catch (LDAPException e) {
- if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) {
- CMS.debug("DatabasePanel createReplicationManager: Replication Manager has already used");
- try {
- conn.delete(dn);
- conn.add(entry);
- } catch (LDAPException ee) {
- CMS.debug("DatabasePanel createReplicationManager: " + ee.toString());
- }
- return;
- } else {
- CMS.debug("DatabasePanel createReplicationManager: Failed to create replication manager. Exception: "
- + e.toString());
- throw e;
- }
- }
-
- CMS.debug("DatabasePanel createReplicationManager: Successfully created Replication Manager");
- }
-
- private void createChangeLog(LDAPConnection conn, String dir)
- throws LDAPException {
- LDAPAttributeSet attrs = null;
- LDAPEntry entry = null;
- String dn = "cn=changelog5,cn=config";
- try {
- attrs = new LDAPAttributeSet();
- attrs.add(new LDAPAttribute("objectclass", "top"));
- attrs.add(new LDAPAttribute("objectclass", "extensibleObject"));
- attrs.add(new LDAPAttribute("cn", "changelog5"));
- attrs.add(new LDAPAttribute("nsslapd-changelogdir", dir));
- entry = new LDAPEntry(dn, attrs);
- conn.add(entry);
- } catch (LDAPException e) {
- if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) {
- CMS.debug("DatabasePanel createChangeLog: Changelog entry has already used");
- /* leave it, dont delete it because it will have operation error
- try {
- conn.delete(dn);
- conn.add(entry);
- } catch (LDAPException ee) {
- CMS.debug("DatabasePanel createChangeLog: "+ee.toString());
- }
- */
- return;
- } else {
- CMS.debug("DatabasePanel createChangeLog: Failed to create changelog entry. Exception: " + e.toString());
- throw e;
- }
- }
-
- CMS.debug("DatabasePanel createChangeLog: Successfully create change log entry");
- }
-
- private int enableReplication(String replicadn, LDAPConnection conn, String bindUser, String basedn, int id)
- throws LDAPException {
- CMS.debug("DatabasePanel enableReplication: replicadn: " + replicadn);
- LDAPAttributeSet attrs = null;
- LDAPEntry entry = null;
- try {
- attrs = new LDAPAttributeSet();
- attrs.add(new LDAPAttribute("objectclass", "top"));
- attrs.add(new LDAPAttribute("objectclass", "nsDS5Replica"));
- attrs.add(new LDAPAttribute("objectclass", "extensibleobject"));
- attrs.add(new LDAPAttribute("nsDS5ReplicaRoot", basedn));
- attrs.add(new LDAPAttribute("nsDS5ReplicaType", "3"));
- attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN",
- "cn=" + bindUser + ",ou=csusers,cn=config"));
- attrs.add(new LDAPAttribute("cn", "replica"));
- attrs.add(new LDAPAttribute("nsDS5ReplicaId", Integer.toString(id)));
- attrs.add(new LDAPAttribute("nsds5flags", "1"));
- entry = new LDAPEntry(replicadn, attrs);
- conn.add(entry);
- } catch (LDAPException e) {
- if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) {
- /* BZ 470918 -we cant just add the new dn. We need to do a replace instead
- * until the DS code is fixed */
- CMS.debug("DatabasePanel enableReplication: " + replicadn + " has already been used");
-
- try {
- entry = conn.read(replicadn);
- LDAPAttribute attr = entry.getAttribute("nsDS5ReplicaBindDN");
- attr.addValue("cn=" + bindUser + ",ou=csusers,cn=config");
- LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, attr);
- conn.modify(replicadn, mod);
- } catch (LDAPException ee) {
- CMS.debug("DatabasePanel enableReplication: Failed to modify "
- + replicadn + " entry. Exception: " + e.toString());
- }
- return id;
- } else {
- CMS.debug("DatabasePanel enableReplication: Failed to create "
- + replicadn + " entry. Exception: " + e.toString());
- return id;
- }
- }
-
- CMS.debug("DatabasePanel enableReplication: Successfully create " + replicadn + " entry.");
- return id + 1;
- }
-
- private void createReplicationAgreement(String replicadn,
- LDAPConnection conn, String name, String replicahost, int replicaport,
- String replicapwd, String basedn, String bindUser, String secure, String replicationSecurity)
- throws LDAPException {
- String dn = "cn=" + name + "," + replicadn;
- CMS.debug("DatabasePanel createReplicationAgreement: dn: " + dn);
- LDAPEntry entry = null;
- LDAPAttributeSet attrs = null;
- try {
- attrs = new LDAPAttributeSet();
- attrs.add(new LDAPAttribute("objectclass", "top"));
- attrs.add(new LDAPAttribute("objectclass",
- "nsds5replicationagreement"));
- attrs.add(new LDAPAttribute("cn", name));
- attrs.add(new LDAPAttribute("nsDS5ReplicaRoot", basedn));
- attrs.add(new LDAPAttribute("nsDS5ReplicaHost", replicahost));
-
- attrs.add(new LDAPAttribute("nsDS5ReplicaPort", "" + replicaport));
- attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN",
- "cn=" + bindUser + ",ou=csusers,cn=config"));
- attrs.add(new LDAPAttribute("nsDS5ReplicaBindMethod", "Simple"));
- attrs.add(new LDAPAttribute("nsds5replicacredentials", replicapwd));
-
- if (replicationSecurity.equals("SSL")) {
- attrs.add(new LDAPAttribute("nsDS5ReplicaTransportInfo", "SSL"));
- } else if (replicationSecurity.equals("TLS")) {
- attrs.add(new LDAPAttribute("nsDS5ReplicaTransportInfo", "TLS"));
- }
-
- CMS.debug("About to set description attr to " + name);
- attrs.add(new LDAPAttribute("description", name));
-
- entry = new LDAPEntry(dn, attrs);
- conn.add(entry);
- } catch (LDAPException e) {
- if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) {
- CMS.debug("DatabasePanel createReplicationAgreement: " + dn + " has already used");
- try {
- conn.delete(dn);
- } catch (LDAPException ee) {
- CMS.debug("DatabasePanel createReplicationAgreement: " + ee.toString());
- throw ee;
- }
-
- try {
- conn.add(entry);
- } catch (LDAPException ee) {
- CMS.debug("DatabasePanel createReplicationAgreement: " + ee.toString());
- throw ee;
- }
- } else {
- CMS.debug("DatabasePanel createReplicationAgreement: Failed to create "
- + dn + " entry. Exception: " + e.toString());
- throw e;
- }
- }
-
- CMS.debug("DatabasePanel createReplicationAgreement: Successfully create replication agreement " + name);
- }
-
- private void initializeConsumer(String replicadn, LDAPConnection conn,
- String name) {
- String dn = "cn=" + name + "," + replicadn;
- CMS.debug("DatabasePanel initializeConsumer: initializeConsumer dn: " + dn);
- CMS.debug("DatabasePanel initializeConsumer: initializeConsumer host: "
- + conn.getHost() + " port: " + conn.getPort());
- try {
- LDAPAttribute attr = new LDAPAttribute("nsds5beginreplicarefresh",
- "start");
- LDAPModification mod = new LDAPModification(
- LDAPModification.REPLACE, attr);
- CMS.debug("DatabasePanel initializeConsumer: start modifying");
- conn.modify(dn, mod);
- CMS.debug("DatabasePanel initializeConsumer: Finish modification.");
- } catch (LDAPException e) {
- CMS.debug("DatabasePanel initializeConsumer: Failed to modify " + dn + " entry. Exception: " + e.toString());
- return;
- } catch (Exception e) {
- CMS.debug("DatabasePanel initializeConsumer: exception " + e);
- }
-
- try {
- CMS.debug("DatabasePanel initializeConsumer: thread sleeping for 5 seconds.");
- Thread.sleep(5000);
- CMS.debug("DatabasePanel initializeConsumer: finish sleeping.");
- } catch (InterruptedException ee) {
- CMS.debug("DatabasePanel initializeConsumer: exception: " + ee.toString());
- }
-
- CMS.debug("DatabasePanel initializeConsumer: Successfully initialize consumer");
- }
-
- private boolean replicationDone(String replicadn, LDAPConnection conn, String name)
- throws IOException {
- String dn = "cn=" + name + "," + replicadn;
- String filter = "(objectclass=*)";
- String[] attrs = { "nsds5beginreplicarefresh" };
-
- CMS.debug("DatabasePanel replicationDone: dn: " + dn);
- try {
- LDAPSearchResults results = conn.search(dn, LDAPConnection.SCOPE_BASE, filter,
- attrs, true);
-
- int count = results.getCount();
- if (count < 1) {
- throw new IOException("Replication entry not found");
- }
-
- LDAPEntry entry = results.next();
- LDAPAttribute refresh = entry.getAttribute("nsds5beginreplicarefresh");
- if (refresh == null) {
- return true;
- }
- return false;
- } catch (Exception e) {
- CMS.debug("DatabasePanel replicationDone: exception " + e);
- throw new IOException("Exception in replicationDone: " + e);
- }
- }
-
- private String replicationStatus(String replicadn, LDAPConnection conn, String name)
- throws IOException {
- String dn = "cn=" + name + "," + replicadn;
- String filter = "(objectclass=*)";
- String[] attrs = { "nsds5replicalastinitstatus" };
-
- CMS.debug("DatabasePanel replicationStatus: dn: " + dn);
- try {
- LDAPSearchResults results = conn.search(dn, LDAPConnection.SCOPE_BASE, filter,
- attrs, false);
-
- int count = results.getCount();
- if (count < 1) {
- throw new IOException("Replication entry not found");
- }
-
- LDAPEntry entry = results.next();
- LDAPAttribute attr = entry.getAttribute("nsds5replicalastinitstatus");
- if (attr != null) {
- @SuppressWarnings("unchecked")
- Enumeration<String> valsInAttr = attr.getStringValues();
- if (valsInAttr.hasMoreElements()) {
- return valsInAttr.nextElement();
- } else {
- throw new IOException("No value returned for nsds5replicalastinitstatus");
- }
- } else {
- throw new IOException("nsDS5ReplicaLastInitStatus is null.");
- }
- } catch (Exception e) {
- CMS.debug("DatabasePanel replicationStatus: exception " + e);
- throw new IOException("Exception in replicationStatus: " + e);
- }
- }
-
- private String getInstanceDir(LDAPConnection conn) {
- String instancedir = "";
- try {
- String filter = "(objectclass=*)";
- String[] attrs = { "nsslapd-directory" };
- LDAPSearchResults results =
- conn.search("cn=config,cn=ldbm database,cn=plugins,cn=config", LDAPv3.SCOPE_SUB,
- filter, attrs, false);
-
- while (results.hasMoreElements()) {
- LDAPEntry entry = results.next();
- String dn = entry.getDN();
- CMS.debug("DatabasePanel getInstanceDir: DN for storing nsslapd-directory: " + dn);
- LDAPAttributeSet entryAttrs = entry.getAttributeSet();
- @SuppressWarnings("unchecked")
- Enumeration<LDAPAttribute> attrsInSet = entryAttrs.getAttributes();
- while (attrsInSet.hasMoreElements()) {
- LDAPAttribute nextAttr = attrsInSet.nextElement();
- String attrName = nextAttr.getName();
- CMS.debug("DatabasePanel getInstanceDir: attribute name: " + attrName);
- @SuppressWarnings("unchecked")
- Enumeration<String> valsInAttr = nextAttr.getStringValues();
- while (valsInAttr.hasMoreElements()) {
- String nextValue = valsInAttr.nextElement();
- if (attrName.equalsIgnoreCase("nsslapd-directory")) {
- CMS.debug("DatabasePanel getInstanceDir: instanceDir=" + nextValue);
- return nextValue.substring(0, nextValue.lastIndexOf("/db"));
- }
- }
- }
- }
- } catch (LDAPException e) {
- CMS.debug("DatabasePanel getInstanceDir: Error in retrieving the instance directory. Exception: "
- + e.toString());
- }
-
- return instancedir;
- }
}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java
index 19edff7ba..702c5aa92 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java
@@ -115,59 +115,51 @@ public class DisplayCertChainPanel extends WizardPanelBase {
public void display(HttpServletRequest request,
HttpServletResponse response,
Context context) {
- CMS.debug("DisplayCertChainPanel: display");
-
- // update session id
- String session_id = request.getParameter("session_id");
- if (session_id != null) {
- CMS.debug("DisplayCertChainPanel setting session id.");
- CMS.setConfigSDSessionId(session_id);
- }
-
- String type = getId();
-
- IConfigStore cs = CMS.getConfigStore();
- String certChainConfigName = "preop." + type + ".certchain.size";
- String certchain_size = "";
-
try {
- certchain_size = cs.getString(certChainConfigName, "");
- } catch (Exception e) {
- }
+ CMS.debug("DisplayCertChainPanel: display");
- int size = 0;
- Vector<String> v = new Vector<String>();
+ // update session id
+ String session_id = request.getParameter("session_id");
+ if (session_id != null) {
+ CMS.debug("DisplayCertChainPanel setting session id.");
+ CMS.setConfigSDSessionId(session_id);
+ }
- if (!certchain_size.equals("")) {
- try {
+ String type = getId();
+ IConfigStore cs = CMS.getConfigStore();
+ String certChainConfigName = "preop." + type + ".certchain.size";
+ String certchain_size = cs.getString(certChainConfigName, "");
+ int size = 0;
+ Vector<String> v = new Vector<String>();
+
+ if (!certchain_size.equals("")) {
size = Integer.parseInt(certchain_size);
- } catch (Exception e) {
- }
- for (int i = 0; i < size; i++) {
- certChainConfigName = "preop." + type + ".certchain." + i;
- try {
+ for (int i = 0; i < size; i++) {
+ certChainConfigName = "preop." + type + ".certchain." + i;
String c = cs.getString(certChainConfigName, "");
byte[] b_c = CryptoUtil.base64Decode(c);
- CertPrettyPrint pp = new CertPrettyPrint(
- new X509CertImpl(b_c));
+ CertPrettyPrint pp = new CertPrettyPrint(new X509CertImpl(b_c));
v.addElement(pp.toString(Locale.getDefault()));
- } catch (Exception e) {
}
}
- }
- if (getId().equals("securitydomain")) {
- context.put("panelid", "securitydomain");
- context.put("panelname", "Security Domain Trust Verification");
- } else {
- context.put("panelid", "other");
- context.put("panelname", "Subsystem Trust Verification");
+ if (getId().equals("securitydomain")) {
+ context.put("panelid", "securitydomain");
+ context.put("panelname", "Security Domain Trust Verification");
+ } else {
+ context.put("panelid", "other");
+ context.put("panelname", "Subsystem Trust Verification");
+ }
+ context.put("title", "Display Certificate Chain");
+ context.put("panel", "admin/console/config/displaycertchainpanel.vm");
+ context.put("errorString", "");
+ context.put("certchain", v);
+ } catch (Exception e) {
+ CMS.debug("DisplayCertPanel: Exception thrown: " + e.toString());
+ e.printStackTrace();
+ context.put("errorString", e.toString());
}
- context.put("title", "Display Certificate Chain");
- context.put("panel", "admin/console/config/displaycertchainpanel.vm");
- context.put("errorString", "");
- context.put("certchain", v);
}
/**
@@ -184,7 +176,6 @@ public class DisplayCertChainPanel extends WizardPanelBase {
public void update(HttpServletRequest request,
HttpServletResponse response,
Context context) throws IOException {
- importCertChain(getId());
if (getId().equals("securitydomain")) {
int panel = getPanelNo() + 1;
@@ -195,35 +186,34 @@ public class DisplayCertChainPanel extends WizardPanelBase {
String cs_hostname = cs.getString("machineName", "");
int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1);
String subsystem = cs.getString("cs.type", "");
- String urlVal =
- "https://"
- + cs_hostname + ":" + cs_port + "/" + toLowerCaseSubsystemType(subsystem)
- + "/admin/console/config/wizard?p=" + panel + "&subsystem=" + subsystem;
+ String urlVal = "https://" + cs_hostname + ":" + cs_port + "/" + subsystem.toLowerCase()
+ + "/admin/console/config/wizard?p=" + panel + "&subsystem=" + subsystem;
String encodedValue = URLEncoder.encode(urlVal, "UTF-8");
- String sdurl =
- "https://"
- + sd_hostname + ":" + sd_port + "/ca/admin/ca/securityDomainLogin?url=" + encodedValue;
+ String sdurl = "https://" + sd_hostname + ":" + sd_port + "/ca/admin/ca/securityDomainLogin?url="
+ + encodedValue;
response.sendRedirect(sdurl);
// The user previously specified the CA Security Domain's
// SSL Admin port in the "Security Domain Panel";
// now retrieve this specified CA Security Domain's
// non-SSL EE, SSL Agent, and SSL EE ports:
- cs.putString("securitydomain.httpport",
- getSecurityDomainPort(cs, "UnSecurePort"));
- cs.putString("securitydomain.httpsagentport",
- getSecurityDomainPort(cs, "SecureAgentPort"));
- cs.putString("securitydomain.httpseeport",
- getSecurityDomainPort(cs, "SecurePort"));
- } catch (Exception ee) {
- CMS.debug("DisplayCertChainPanel Exception=" + ee.toString());
+ String domainXML = ConfigurationUtils.getDomainXML(sd_hostname, sd_port, true);
+ ConfigurationUtils.getSecurityDomainPorts(domainXML, sd_hostname, sd_port);
+ cs.putString("preop.domainXML", domainXML);
+ cs.commit(false);
+ } catch (Exception e) {
+ CMS.debug("DisplayCertChainPanel Exception=" + e.toString());
+ e.printStackTrace();
+ context.put("errorString", e.toString());
+ context.put("updateStatus", "failure");
+ throw new IOException(e);
}
}
context.put("updateStatus", "success");
}
/**
- * If validiate() returns false, this method will be called.
+ * If validate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
HttpServletResponse response,
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
index 7729ea40e..f514a59f0 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
@@ -19,41 +19,21 @@ package com.netscape.cms.servlet.csadmin;
import java.io.IOException;
import java.math.BigInteger;
-import java.net.URLEncoder;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import java.util.StringTokenizer;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import netscape.ldap.LDAPAttribute;
-import netscape.ldap.LDAPAttributeSet;
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPEntry;
-import netscape.ldap.LDAPException;
-import netscape.ldap.LDAPModification;
-import netscape.security.x509.X509CertImpl;
-
import org.apache.velocity.context.Context;
-import org.mozilla.jss.CryptoManager;
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord;
-import com.netscape.certsrv.ocsp.IDefStore;
import com.netscape.certsrv.ocsp.IOCSPAuthority;
import com.netscape.certsrv.property.PropertySet;
-import com.netscape.certsrv.usrgrp.EUsrGrpException;
-import com.netscape.certsrv.usrgrp.IGroup;
import com.netscape.certsrv.usrgrp.IUGSubsystem;
import com.netscape.certsrv.usrgrp.IUser;
import com.netscape.cms.servlet.wizard.WizardServlet;
-import com.netscape.cmsutil.crypto.CryptoUtil;
-import com.netscape.cmsutil.password.IPasswordStore;
-import com.netscape.cmsutil.util.Cert;
import com.netscape.cmsutil.util.Utils;
public class DonePanel extends WizardPanelBase {
@@ -98,73 +78,10 @@ public class DonePanel extends WizardPanelBase {
return set;
}
- private LDAPConnection getLDAPConn(Context context)
- throws IOException {
- IConfigStore cs = CMS.getConfigStore();
-
- String host = "";
- String port = "";
- String pwd = null;
- String binddn = "";
- String security = "";
-
- IPasswordStore pwdStore = CMS.getPasswordStore();
-
- if (pwdStore != null) {
- CMS.debug("DonePanel: getLDAPConn: password store available");
- pwd = pwdStore.getPassword("internaldb");
- }
-
- if (pwd == null) {
- throw new IOException("DonePanel: Failed to obtain password from password store");
- }
-
- try {
- host = cs.getString("internaldb.ldapconn.host");
- port = cs.getString("internaldb.ldapconn.port");
- binddn = cs.getString("internaldb.ldapauth.bindDN");
- security = cs.getString("internaldb.ldapconn.secureConn");
- } catch (Exception e) {
- CMS.debug("DonePanel: getLDAPConn" + e.toString());
- throw new IOException(
- "Failed to retrieve LDAP information from CS.cfg.");
- }
-
- int p = -1;
-
- try {
- p = Integer.parseInt(port);
- } catch (Exception e) {
- CMS.debug("DonePanel getLDAPConn: " + e.toString());
- throw new IOException("Port is not valid");
- }
-
- LDAPConnection conn = null;
- if (security.equals("true")) {
- CMS.debug("DonePanel getLDAPConn: creating secure (SSL) connection for internal ldap");
- conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
- } else {
- CMS.debug("DonePanel getLDAPConn: creating non-secure (non-SSL) connection for internal ldap");
- conn = new LDAPConnection();
- }
-
- CMS.debug("DonePanel connecting to " + host + ":" + p);
- try {
- conn.connect(host, p, binddn, pwd);
- } catch (LDAPException e) {
- CMS.debug("DonePanel getLDAPConn: " + e.toString());
- throw new IOException("Failed to connect to the internal database.");
- }
-
- return conn;
- }
-
/**
* Display the panel.
*/
- public void display(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ public void display(HttpServletRequest request, HttpServletResponse response, Context context) {
CMS.debug("DonePanel: display()");
// update session id
@@ -175,26 +92,24 @@ public class DonePanel extends WizardPanelBase {
}
IConfigStore cs = CMS.getConfigStore();
- String ownport = CMS.getEENonSSLPort();
- String ownsport = CMS.getEESSLPort();
- String owneeclientauthsport = CMS.getEEClientAuthSSLPort();
- String ownhost = CMS.getEESSLHost();
- String ownagentsport = CMS.getAgentPort();
- String ownagenthost = CMS.getAgentHost();
- String ownadminsport = CMS.getAdminPort();
- String ownadminhost = CMS.getAdminHost();
- String select = "";
+ String select = "";
String type = "";
String instanceId = "";
String instanceRoot = "";
String systemdService = "";
+ String ca_host = "";
+ String sdtype = "";
+ int state = 0;
try {
type = cs.getString("cs.type", "");
instanceId = cs.getString("instanceId");
instanceRoot = cs.getString("instanceRoot");
select = cs.getString("preop.subsystem.select", "");
systemdService = cs.getString("pkicreate.systemd.servicename", "");
+ ca_host = cs.getString("preop.ca.hostname", "");
+ sdtype = cs.getString("securitydomain.select", "");
+ state = cs.getInteger("cs.state");
} catch (Exception e) {
}
@@ -224,651 +139,124 @@ public class DonePanel extends WizardPanelBase {
}
context.put("title", "Done");
context.put("panel", "admin/console/config/donepanel.vm");
- context.put("host", ownadminhost);
- context.put("port", ownadminsport);
- String subsystemType = toLowerCaseSubsystemType(type);
- context.put("systemType", subsystemType);
-
- try {
- int state = cs.getInteger("cs.state");
- if (state == 1) {
- context.put("csstate", "1");
- return;
- } else
- context.put("csstate", "0");
+ context.put("host", CMS.getAdminHost());
+ context.put("port", CMS.getAdminPort());
+ context.put("systemType", type.toLowerCase());
- } catch (Exception e) {
- }
-
- String sd_agent_port = "";
- String sd_admin_port = "";
- String sd_host = "";
- String ca_host = "";
- try {
- sd_host = cs.getString("securitydomain.host", "");
- sd_agent_port = cs.getString("securitydomain.httpsagentport", "");
- sd_admin_port = cs.getString("securitydomain.httpsadminport", "");
- ca_host = cs.getString("preop.ca.hostname", "");
- } catch (Exception e) {
- }
+ if (state == 1) {
+ context.put("csstate", "1");
+ return;
+ } else
+ context.put("csstate", "0");
if (ca_host.equals(""))
context.put("externalCA", "true");
else
context.put("externalCA", "false");
- // update security domain
- String sdtype = "";
- String subsystemName = "";
- try {
- sdtype = cs.getString("securitydomain.select", "");
- subsystemName = cs.getString("preop.subsystem.name", "");
- } catch (Exception e) {
- }
-
- boolean cloneMaster = false;
-
- if (select.equals("clone") && type.equalsIgnoreCase("CA") && isSDHostDomainMaster(cs)) {
- cloneMaster = true;
- CMS.debug("Cloning a domain master");
- }
-
- String s = getSubsystemNodeName(type);
- if (sdtype.equals("new")) {
- try {
- LDAPConnection conn = getLDAPConn(context);
-
- String basedn = cs.getString("internaldb.basedn");
- String secdomain = cs.getString("securitydomain.name");
-
- try {
- // Create security domain ldap entry
- String dn = "ou=Security Domain," + basedn;
- CMS.debug("DonePanel: creating ldap entry : " + dn);
-
- LDAPEntry entry = null;
- LDAPAttributeSet attrs = null;
- attrs = new LDAPAttributeSet();
- attrs.add(new LDAPAttribute("objectclass", "top"));
- attrs.add(new LDAPAttribute("objectclass", "pkiSecurityDomain"));
- if (secdomain.equals("")) {
- // this should not happen - just in case
- CMS.debug("DonePanel display(): Security domain is an empty string!");
- throw new IOException("Security domain is an empty string!");
- } else {
- attrs.add(new LDAPAttribute("name", secdomain));
- }
- attrs.add(new LDAPAttribute("ou", "Security Domain"));
- entry = new LDAPEntry(dn, attrs);
- conn.add(entry);
- } catch (Exception e) {
- CMS.debug("Unable to create security domain");
- throw e;
- }
-
- try {
- // create list containers
- String clist[] = { "CAList", "OCSPList", "KRAList", "RAList", "TKSList", "TPSList" };
- for (int i = 0; i < clist.length; i++) {
- LDAPEntry entry = null;
- LDAPAttributeSet attrs = null;
- String dn = "cn=" + clist[i] + ",ou=Security Domain," + basedn;
- attrs = new LDAPAttributeSet();
- attrs.add(new LDAPAttribute("objectclass", "top"));
- attrs.add(new LDAPAttribute("objectclass", "pkiSecurityGroup"));
- attrs.add(new LDAPAttribute("cn", clist[i]));
- entry = new LDAPEntry(dn, attrs);
- conn.add(entry);
- }
- } catch (Exception e) {
- CMS.debug("Unable to create security domain list groups");
- throw e;
- }
+ // Create or update security domain
- try {
- // Add this host (only CA can create new domain)
- String cn = ownhost + ":" + ownadminsport;
- String dn = "cn=" + cn + ",cn=CAList,ou=Security Domain," + basedn;
- LDAPEntry entry = null;
- LDAPAttributeSet attrs = null;
- attrs = new LDAPAttributeSet();
- attrs.add(new LDAPAttribute("objectclass", "top"));
- attrs.add(new LDAPAttribute("objectclass", "pkiSubsystem"));
- attrs.add(new LDAPAttribute("Host", ownhost));
- attrs.add(new LDAPAttribute("SecurePort", ownsport));
- attrs.add(new LDAPAttribute("SecureAgentPort",
- ownagentsport));
- attrs.add(new LDAPAttribute("SecureAdminPort",
- ownadminsport));
- if (owneeclientauthsport != null) {
- attrs.add(new LDAPAttribute("SecureEEClientAuthPort",
- owneeclientauthsport));
- }
- attrs.add(new LDAPAttribute("UnSecurePort", ownport));
- attrs.add(new LDAPAttribute("Clone", "FALSE"));
- attrs.add(new LDAPAttribute("SubsystemName", subsystemName));
- attrs.add(new LDAPAttribute("cn", cn));
- attrs.add(new LDAPAttribute("DomainManager", "TRUE"));
- entry = new LDAPEntry(dn, attrs);
- conn.add(entry);
- } catch (Exception e) {
- CMS.debug("Unable to create host entry in security domain");
- throw e;
- }
- CMS.debug("DonePanel display: finish updating domain info");
- conn.disconnect();
- } catch (Exception e) {
- CMS.debug("DonePanel display: " + e.toString());
- }
-
- int sd_admin_port_int = -1;
- try {
- sd_admin_port_int = Integer.parseInt(sd_admin_port);
- } catch (Exception e) {
- }
-
- try {
- // Fetch the "new" security domain and display it
- CMS.debug("Dump contents of new Security Domain . . .");
- @SuppressWarnings("unused")
- String c = getDomainXML(sd_host, sd_admin_port_int, true);
- } catch (Exception e) {
- }
-
- // Since this instance is a new Security Domain,
- // create an empty file to designate this fact.
- String security_domain = instanceRoot + "/conf/"
- + PKI_SECURITY_DOMAIN;
- if (!Utils.isNT()) {
- Utils.exec("touch " + security_domain);
- Utils.exec("chmod 00660 " + security_domain);
- }
-
- } else { //existing domain
- int sd_agent_port_int = -1;
- int sd_admin_port_int = -1;
- try {
- sd_agent_port_int = Integer.parseInt(sd_agent_port);
- sd_admin_port_int = Integer.parseInt(sd_admin_port);
- } catch (Exception e) {
- }
-
- try {
- String cloneStr = "";
- if (select.equals("clone"))
- cloneStr = "&clone=true";
- else
- cloneStr = "&clone=false";
-
- String domainMasterStr = "";
- if (cloneMaster)
- domainMasterStr = "&dm=true";
- else
- domainMasterStr = "&dm=false";
- String eecaStr = "";
- if (owneeclientauthsport != null)
- eecaStr = "&eeclientauthsport=" + owneeclientauthsport;
-
- updateDomainXML(sd_host, sd_agent_port_int, true,
- "/ca/agent/ca/updateDomainXML",
- "list=" + s
- + "&type=" + type
- + "&host=" + ownhost
- + "&name=" + subsystemName
- + "&sport=" + ownsport
- + domainMasterStr
- + cloneStr
- + "&agentsport=" + ownagentsport
- + "&adminsport=" + ownadminsport
- + eecaStr
- + "&httpport=" + ownport);
-
- // Fetch the "updated" security domain and display it
- CMS.debug("Dump contents of updated Security Domain . . .");
- @SuppressWarnings("unused")
- String c = getDomainXML(sd_host, sd_admin_port_int, true);
- } catch (Exception e) {
- context.put("errorString", "Failed to update the security domain on the domain master.");
- //return;
+ try {
+ if (sdtype.equals("new")) {
+ ConfigurationUtils.createSecurityDomain();
+ } else { //existing domain
+ ConfigurationUtils.updateSecurityDomain();
}
- }
- // add service.securityDomainPort to CS.cfg in case pkiremove
- // needs to remove system reference from the security domain
- try {
- cs.putString("service.securityDomainPort", ownagentsport);
+ cs.putString("service.securityDomainPort", CMS.getAgentPort());
cs.putString("securitydomain.store", "ldap");
cs.commit(false);
} catch (Exception e) {
- CMS.debug("DonePanel: exception in adding service.securityDomainPort to CS.cfg" + e);
- }
-
- // need to push connector information to the CA
- if (type.equals("KRA") && !ca_host.equals("")) {
- try {
- updateConnectorInfo(ownagenthost, ownagentsport);
- } catch (IOException e) {
- context.put("errorString", "Failed to update connector information.");
- return;
- }
- setupClientAuthUser();
- } // if KRA
-
- // import the CA certificate into the OCSP
- // configure the CRL Publishing to OCSP in CA
- if (type.equals("OCSP") && !ca_host.equals("")) {
- try {
- CMS.reinit(IOCSPAuthority.ID);
- importCACertToOCSP();
- } catch (Exception e) {
- CMS.debug("DonePanel display: Failed to import the CA certificate into OCSP.");
- }
-
- try {
- updateOCSPConfig(response);
- } catch (Exception e) {
- CMS.debug("DonePanel display: Failed to update OCSP information in CA.");
- }
-
- setupClientAuthUser();
- }
-
- if (!select.equals("clone")) {
- if (type.equals("CA") || type.equals("KRA")) {
- String endRequestNumStr = "";
- String endSerialNumStr = "";
-
- try {
- endRequestNumStr = cs.getString("dbs.endRequestNumber", "");
- endSerialNumStr = cs.getString("dbs.endSerialNumber", "");
- BigInteger endRequestNum = new BigInteger(endRequestNumStr);
- BigInteger endSerialNum = new BigInteger(endSerialNumStr);
- BigInteger oneNum = new BigInteger("1");
-
- // update global next range entries
- LDAPConnection conn = getLDAPConn(context);
- String basedn = cs.getString("internaldb.basedn");
-
- String serialdn = "";
- if (type.equals("CA")) {
- serialdn = "ou=certificateRepository,ou=" + type.toLowerCase() + "," + basedn;
- } else {
- serialdn = "ou=keyRepository,ou=" + type.toLowerCase() + "," + basedn;
- }
- LDAPAttribute attrSerialNextRange =
- new LDAPAttribute("nextRange", endSerialNum.add(oneNum).toString());
- LDAPModification serialmod = new LDAPModification(LDAPModification.REPLACE, attrSerialNextRange);
- conn.modify(serialdn, serialmod);
-
- String requestdn = "ou=" + type.toLowerCase() + ",ou=requests," + basedn;
- LDAPAttribute attrRequestNextRange =
- new LDAPAttribute("nextRange", endRequestNum.add(oneNum).toString());
- LDAPModification requestmod = new LDAPModification(LDAPModification.REPLACE, attrRequestNextRange);
- conn.modify(requestdn, requestmod);
-
- conn.disconnect();
- } catch (Exception e) {
- CMS.debug("Unable to update global next range numbers: " + e);
- }
- }
- }
-
- if (cloneMaster) {
- // cloning a domain master CA, the clone is also master of its domain
- try {
- cs.putString("securitydomain.host", ownhost);
- cs.putString("securitydomain.httpport", ownport);
- cs.putString("securitydomain.httpsadminport", ownadminsport);
- cs.putString("securitydomain.httpsagentport", ownagentsport);
- cs.putString("securitydomain.httpseeport", ownsport);
- cs.putString("securitydomain.select", "new");
- } catch (Exception e) {
- CMS.debug("Caught exception trying to save security domain parameters for clone of a domain master");
- }
+ CMS.debug("DonePanel - update(): Error while updating security domain: " + e);
+ e.printStackTrace();
}
- String dbuser = null;
+ // push connector information to the CA
try {
- dbuser = cs.getString("cs.type") + "-" + cs.getString("machineName") + "-" + cs.getString("service.securePort");
- if (! sdtype.equals("new")) {
- setupDBUser(dbuser);
+ if (type.equals("KRA") && !ca_host.equals("")) {
+ ConfigurationUtils.updateConnectorInfo(CMS.getAgentHost(), CMS.getAgentPort());
+ ConfigurationUtils.setupClientAuthUser();
}
- IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
- IUser user = system.getUser(dbuser);
- system.addCertSubjectDN(user);
} catch (Exception e) {
+ CMS.debug("DonePanel - update(): Error while pushing KRA connectot information to the CA: " + e);
e.printStackTrace();
- CMS.debug("Unable to create or update dbuser" + e);
}
- cs.putInteger("cs.state", 1);
+ // import the CA certificate into the OCSP
+ // configure the CRL Publishing to OCSP in CA
try {
- // save variables needed for cloning and remove preop
- String list = cs.getString("preop.cert.list", "");
- StringTokenizer st = new StringTokenizer(list, ",");
-
- while (st.hasMoreTokens()) {
- String ss = st.nextToken();
- if (ss.equals("sslserver"))
- continue;
- cs.putString("cloning." + ss + ".nickname", cs.getString("preop.cert." + ss + ".nickname", ""));
- cs.putString("cloning." + ss + ".dn", cs.getString("preop.cert." + ss + ".dn", ""));
- cs.putString("cloning." + ss + ".keytype", cs.getString("preop.cert." + ss + ".keytype", ""));
- cs.putString("cloning." + ss + ".keyalgorithm", cs.getString("preop.cert." + ss + ".keyalgorithm", ""));
- cs.putString("cloning." + ss + ".privkey.id", cs.getString("preop.cert." + ss + ".privkey.id", ""));
- cs.putString("cloning." + ss + ".pubkey.exponent",
- cs.getString("preop.cert." + ss + ".pubkey.exponent", ""));
- cs.putString("cloning." + ss + ".pubkey.modulus",
- cs.getString("preop.cert." + ss + ".pubkey.modulus", ""));
- cs.putString("cloning." + ss + ".pubkey.encoded",
- cs.getString("preop.cert." + ss + ".pubkey.encoded", ""));
- }
- cs.putString("cloning.module.token", cs.getString("preop.module.token", ""));
- cs.putString("cloning.list", list);
-
- // more cloning variables needed for non-ca clones
-
- if (!type.equals("CA")) {
- String val = cs.getString("preop.ca.hostname", "");
- if (val.compareTo("") != 0)
- cs.putString("cloning.ca.hostname", val);
-
- val = cs.getString("preop.ca.httpport", "");
- if (val.compareTo("") != 0)
- cs.putString("cloning.ca.httpport", val);
-
- val = cs.getString("preop.ca.httpsport", "");
- if (val.compareTo("") != 0)
- cs.putString("cloning.ca.httpsport", val);
-
- val = cs.getString("preop.ca.list", "");
- if (val.compareTo("") != 0)
- cs.putString("cloning.ca.list", val);
-
- val = cs.getString("preop.ca.pkcs7", "");
- if (val.compareTo("") != 0)
- cs.putString("cloning.ca.pkcs7", val);
-
- val = cs.getString("preop.ca.type", "");
- if (val.compareTo("") != 0)
- cs.putString("cloning.ca.type", val);
- }
-
- // save EC type for sslserver cert (if present)
- cs.putString("jss.ssl.sslserver.ectype", cs.getString("preop.cert.sslserver.ec.type", "ECDHE"));
-
- cs.removeSubStore("preop");
- cs.commit(false);
-
- // Create an empty file that designates the fact that although
- // this server instance has been configured, it has NOT yet
- // been restarted!
- String restart_server = instanceRoot + "/conf/"
- + RESTART_SERVER_AFTER_CONFIGURATION;
- if (!Utils.isNT()) {
- Utils.exec("touch " + restart_server);
- Utils.exec("chmod 00660 " + restart_server);
+ if (type.equals("OCSP") && !ca_host.equals("")) {
+ CMS.reinit(IOCSPAuthority.ID);
+ ConfigurationUtils.importCACertToOCSP();
+ ConfigurationUtils.updateOCSPConfig();
+ ConfigurationUtils.setupClientAuthUser();
}
-
} catch (Exception e) {
- CMS.debug("Caught exception saving preop variables: " + e);
+ CMS.debug("DonePanel - update(): Error while configuring OCSP publishing on the CA: " + e);
+ e.printStackTrace();
}
- context.put("csstate", "1");
- }
-
- private void setupClientAuthUser() {
- IConfigStore cs = CMS.getConfigStore();
-
- // retrieve CA subsystem certificate from the CA
- IUGSubsystem system =
- (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
- String id = "";
try {
- String b64 = getCASubsystemCert();
- if (b64 != null) {
- int num = cs.getInteger("preop.subsystem.count", 0);
- id = getCAUserId();
- num++;
- cs.putInteger("preop.subsystem.count", num);
- cs.putInteger("subsystem.count", num);
- IUser user = system.createUser(id);
- user.setFullName(id);
- user.setEmail("");
- user.setPassword("");
- user.setUserType("agentType");
- user.setState("1");
- user.setPhone("");
- X509CertImpl[] certs = new X509CertImpl[1];
- certs[0] = new X509CertImpl(CMS.AtoB(b64));
- user.setX509Certificates(certs);
- system.addUser(user);
- CMS.debug("DonePanel display: successfully add the user");
- system.addUserCert(user);
- CMS.debug("DonePanel display: successfully add the user certificate");
- cs.commit(false);
- }
- } catch (Exception e) {
- }
+ if (!select.equals("clone")) {
+ if (type.equals("CA") || type.equals("KRA")) {
+ ConfigurationUtils.updateNextRanges();
- try {
- String groupName = "Trusted Managers";
- IGroup group = system.getGroupFromName(groupName);
- if (!group.isMember(id)) {
- group.addMemberName(id);
- system.modifyGroup(group);
- CMS.debug("DonePanel display: successfully added the user to the group.");
+ }
}
} catch (Exception e) {
- }
- }
-
- private void setupDBUser(String dbuser) throws CertificateException, EUsrGrpException, LDAPException {
- IUGSubsystem system =
- (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
-
- String b64 = getSubsystemCert();
- if (b64 == null) {
- CMS.debug("DonePanel setupDBUser: failed to fetch subsystem cert");
- return;
- }
-
- IUser user = system.createUser(dbuser);
- user.setFullName(dbuser);
- user.setEmail("");
- user.setPassword("");
- user.setUserType("agentType");
- user.setState("1");
- user.setPhone("");
- X509CertImpl[] certs = new X509CertImpl[1];
- certs[0] = new X509CertImpl(CMS.AtoB(b64));
- user.setX509Certificates(certs);
- system.addUser(user);
- CMS.debug("DonePanel setupDBUser: successfully add the user");
- system.addUserCert(user);
- CMS.debug("DonePanel setupDBUser: successfully add the user certificate");
- }
-
- private String getSubsystemCert() {
- IConfigStore cs = CMS.getConfigStore();
- String nickname = "";
- try {
- nickname = cs.getString("preop.cert.subsystem.nickname", "");
- String tokenname = cs.getString("preop.module.token", "");
- if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")
- && !tokenname.equals(""))
- nickname = tokenname + ":" + nickname;
- } catch (Exception e) {
+ CMS.debug("DonePanel - update(): Error while updating serial number next ranges: " + e);
+ e.printStackTrace();
}
- CMS.debug("DonePanel getSubsystemCert: nickname=" + nickname);
- String s = null;
try {
- CryptoManager cm = CryptoManager.getInstance();
- org.mozilla.jss.crypto.X509Certificate cert = cm.findCertByNickname(nickname);
-
- if (cert == null) {
- CMS.debug("DonePanel getSubsystemCert: subsystem cert is null");
- return null;
+ if (select.equals("clone") && type.equalsIgnoreCase("CA") && ConfigurationUtils.isSDHostDomainMaster(cs)) {
+ // cloning a domain master CA, the clone is also master of its domain
+ CMS.debug("Cloning a domain master");
+ cs.putString("securitydomain.host", CMS.getEESSLHost());
+ cs.putString("securitydomain.httpport", CMS.getEENonSSLPort());
+ cs.putString("securitydomain.httpsadminport", CMS.getAdminPort());
+ cs.putString("securitydomain.httpsagentport", CMS.getAgentPort());
+ cs.putString("securitydomain.httpseeport", CMS.getEESSLPort());
+ cs.putString("securitydomain.select", "new");
}
-
- byte[] bytes = cert.getEncoded();
- s = CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bytes));
- } catch (Exception e) {
- CMS.debug("DonePanel getSubsystemCert: exception: " + e.toString());
- }
- return s;
- }
-
- private void updateOCSPConfig(HttpServletResponse response)
- throws IOException {
- IConfigStore config = CMS.getConfigStore();
- String cahost = "";
- int caport = -1;
-
- try {
- cahost = config.getString("preop.ca.hostname", "");
- caport = config.getInteger("preop.ca.httpsport", -1);
} catch (Exception e) {
+ CMS.debug("DonePanel - update(): Error in determining if security domain host is a master CA: " + e);
+ e.printStackTrace();
}
- String ocsphost = CMS.getAgentHost();
- int ocspport = Integer.parseInt(CMS.getAgentPort());
- String session_id = CMS.getConfigSDSessionId();
- String content = "xmlOutput=true&sessionID=" + session_id + "&ocsp_host=" + ocsphost + "&ocsp_port=" + ocspport;
-
- updateOCSPConfig(cahost, caport, true, content, response);
- }
-
- private void importCACertToOCSP() throws IOException {
- IConfigStore config = CMS.getConfigStore();
-
- // get certificate chain from CA
+ String dbuser = null;
try {
- String b64 = config.getString("preop.ca.pkcs7", "");
-
- if (b64.equals(""))
- throw new IOException("Failed to get certificate chain.");
-
- try {
- // this could be a chain
- X509Certificate[] certs = Cert.mapCertFromPKCS7(b64);
- X509Certificate leafCert = null;
- if (certs != null && certs.length > 0) {
- if (certs[0].getSubjectDN().getName().equals(certs[0].getIssuerDN().getName())) {
- leafCert = certs[certs.length - 1];
- } else {
- leafCert = certs[0];
- }
-
- IOCSPAuthority ocsp =
- (IOCSPAuthority) CMS.getSubsystem(IOCSPAuthority.ID);
- IDefStore defStore = ocsp.getDefaultStore();
-
- // (1) need to normalize (sort) the chain
-
- // (2) store certificate (and certificate chain) into
- // database
- ICRLIssuingPointRecord rec = defStore.createCRLIssuingPointRecord(
- leafCert.getSubjectDN().getName(),
- BIG_ZERO,
- MINUS_ONE, null, null);
-
- try {
- rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT, leafCert.getEncoded());
- } catch (Exception e) {
- // error
- }
- defStore.addCRLIssuingPoint(leafCert.getSubjectDN().getName(), rec);
- //log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CA certificate " + leafCert.getSubjectDN().getName());
-
- CMS.debug("DonePanel importCACertToOCSP: Added CA certificate.");
- }
- } catch (Exception e) {
- throw new IOException("Failed to encode the certificate chain");
+ dbuser = cs.getString("cs.type") + "-" + cs.getString("machineName") + "-"
+ + cs.getString("service.securePort");
+ if (!sdtype.equals("new")) {
+ ConfigurationUtils.setupDBUser(dbuser);
}
- } catch (IOException e) {
- throw e;
- } catch (Exception e) {
- CMS.debug("DonePanel importCACertToOCSP: Failed to import the certificate chain into the OCSP");
- throw new IOException("Failed to import the certificate chain into the OCSP");
- }
- }
-
- private String getCASubsystemCert() throws IOException {
- IConfigStore cs = CMS.getConfigStore();
- String host = "";
- int port = -1;
- try {
- host = cs.getString("preop.ca.hostname", "");
- port = cs.getInteger("preop.ca.httpsadminport", -1);
- } catch (Exception e) {
- }
-
- return getSubsystemCert(host, port, true);
- }
-
- private String getCAUserId() throws IOException {
- IConfigStore cs = CMS.getConfigStore();
- String host = "";
- int port = -1;
- try {
- host = cs.getString("preop.ca.hostname", "");
- port = cs.getInteger("preop.ca.httpsport", -1);
+ IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
+ IUser user = system.getUser(dbuser);
+ system.addCertSubjectDN(user);
} catch (Exception e) {
+ e.printStackTrace();
+ CMS.debug("DonePanel - update(): Unable to create or update dbuser" + e);
}
- return "CA-" + host + "-" + port;
- }
-
- private void updateConnectorInfo(String ownagenthost, String ownagentsport)
- throws IOException {
- IConfigStore cs = CMS.getConfigStore();
- int port = -1;
- String url = "";
- String host = null;
- String transportCert = "";
+ cs.putInteger("cs.state", 1);
try {
- url = cs.getString("preop.ca.url", "");
- if (!url.equals("")) {
- host = cs.getString("preop.ca.hostname", "");
- port = cs.getInteger("preop.ca.httpsadminport", -1);
- transportCert = cs.getString("kra.transport.cert", "");
- }
+ ConfigurationUtils.removePreopConfigEntries();
} catch (Exception e) {
+ CMS.debug("DonePanel - update(): Caught exception saving preop variables: " + e);
}
- if (host == null) {
- CMS.debug("DonePanel: preop.ca.url is not defined. External CA selected. No transport certificate setup is required");
- } else {
- CMS.debug("DonePanel: Transport certificate is being setup in " + url);
- String session_id = CMS.getConfigSDSessionId();
- String content =
- "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host="
- + ownagenthost
- + "&ca.connector.KRA.port="
- + ownagentsport
- + "&ca.connector.KRA.transportCert="
- + URLEncoder.encode(transportCert, "UTF-8")
- + "&sessionID="
- + session_id;
-
- updateConnectorInfo(host, port, true, content);
+ // Create an empty file that designates the fact that although
+ // this server instance has been configured, it has NOT yet
+ // been restarted!
+ String restart_server = instanceRoot + "/conf/"
+ + RESTART_SERVER_AFTER_CONFIGURATION;
+ if (!Utils.isNT()) {
+ Utils.exec("touch " + restart_server);
+ Utils.exec("chmod 00660 " + restart_server);
}
- }
- private String getSubsystemNodeName(String type) {
- if (type.equals("CA")) {
- return "CAList";
- } else if (type.equals("KRA")) {
- return "KRAList";
- } else if (type.equals("TKS")) {
- return "TKSList";
- } else if (type.equals("OCSP")) {
- return "OCSPList";
- }
-
- return "";
+ context.put("csstate", "1");
}
/**
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java b/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java
index c0a57c3d7..082c43b42 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java
@@ -37,7 +37,6 @@ import com.netscape.certsrv.base.IArgBlock;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.base.ISecurityDomainSessionTable;
import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.usrgrp.IUGSubsystem;
import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.base.UserInfo;
import com.netscape.cms.servlet.common.CMSRequest;
@@ -177,7 +176,7 @@ public class GetCookie extends CMSServlet {
if (authToken != null) {
String uid = authToken.getInString("uid");
- String groupname = getGroupName(uid, subsystem);
+ String groupname = ConfigurationUtils.getGroupName(uid, subsystem);
if (groupname != null) {
@@ -269,32 +268,6 @@ public class GetCookie extends CMSServlet {
}
}
- private String getGroupName(String uid, String subsystemname) {
- IUGSubsystem subsystem =
- (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
- if (subsystem.isMemberOf(uid, "Enterprise CA Administrators") &&
- subsystemname.equals("CA")) {
- return "Enterprise CA Administrators";
- } else if (subsystem.isMemberOf(uid, "Enterprise KRA Administrators") &&
- subsystemname.equals("KRA")) {
- return "Enterprise KRA Administrators";
- } else if (subsystem.isMemberOf(uid, "Enterprise OCSP Administrators") &&
- subsystemname.equals("OCSP")) {
- return "Enterprise OCSP Administrators";
- } else if (subsystem.isMemberOf(uid, "Enterprise TKS Administrators") &&
- subsystemname.equals("TKS")) {
- return "Enterprise TKS Administrators";
- } else if (subsystem.isMemberOf(uid, "Enterprise RA Administrators") &&
- subsystemname.equals("RA")) {
- return "Enterprise RA Administrators";
- } else if (subsystem.isMemberOf(uid, "Enterprise TPS Administrators") &&
- subsystemname.equals("TPS")) {
- return "Enterprise TPS Administrators";
- }
-
- return null;
- }
-
/**
* Retrieves locale based on the request.
*/
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java
index cb37ef76d..8d69997bb 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java
@@ -17,11 +17,8 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-import java.io.FileOutputStream;
import java.io.IOException;
-import java.io.PrintStream;
import java.net.URL;
-import java.net.URLEncoder;
import java.util.Enumeration;
import java.util.StringTokenizer;
import java.util.Vector;
@@ -30,14 +27,14 @@ import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509Key;
+import javax.xml.parsers.ParserConfigurationException;
import org.apache.velocity.context.Context;
+import org.xml.sax.SAXException;
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.EPropertyNotFound;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.base.ISubsystem;
import com.netscape.certsrv.ca.ICertificateAuthority;
@@ -46,7 +43,6 @@ import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.property.PropertySet;
import com.netscape.certsrv.util.HttpInput;
import com.netscape.cms.servlet.wizard.WizardServlet;
-import com.netscape.cmsutil.crypto.CryptoUtil;
public class NamePanel extends WizardPanelBase {
private Vector<Cert> mCerts = null;
@@ -148,14 +144,6 @@ public class NamePanel extends WizardPanelBase {
return false;
}
- public String capitalize(String s) {
- if (s.length() == 0) {
- return s;
- } else {
- return s.substring(0, 1).toUpperCase() + s.substring(1);
- }
- }
-
/**
* Display the panel.
*/
@@ -179,11 +167,13 @@ public class NamePanel extends WizardPanelBase {
String select = "";
String hselect = "";
String cstype = "";
+ String domainType = "";
try {
//if CA, at the hierarchy panel, was it root or subord?
hselect = config.getString("preop.hierarchy.select", "");
select = config.getString("preop.subsystem.select", "");
cstype = config.getString("cs.type", "");
+ domainType = config.getString("preop.securitydomain.select", "");
context.put("select", select);
if (cstype.equals("CA") && hselect.equals("root")) {
CMS.debug("NamePanel ca is root");
@@ -287,8 +277,20 @@ public class NamePanel extends WizardPanelBase {
}
CMS.debug("NamePanel: Ready to get SSL EE HTTPS urls");
- Vector<String> v = getUrlListFromSecurityDomain(config, "CA", "SecurePort");
+ Vector<String> v = null;
+ if (!domainType.equals("new")) {
+ try {
+ v = ConfigurationUtils.getUrlListFromSecurityDomain(config, "CA", "SecurePort");
+ } catch (Exception e) {
+ CMS.debug("NamePanel: display(): Exception thrown in getUrlListFromSecurityDomain " + e);
+ e.printStackTrace();
+ }
+ }
+ if (v == null) {
+ v = new Vector<String>();
+ }
v.addElement("External CA");
+
StringBuffer list = new StringBuffer();
int size = v.size();
@@ -337,297 +339,6 @@ public class NamePanel extends WizardPanelBase {
} // while
}
- /*
- * update some parameters for clones
- */
- public void updateCloneConfig(IConfigStore config)
- throws EBaseException, IOException {
- String cstype = config.getString("cs.type", null);
- cstype = toLowerCaseSubsystemType(cstype);
- if (cstype.equals("kra")) {
- String token = config.getString(PRE_CONF_CA_TOKEN);
- if (!token.equals("Internal Key Storage Token")) {
- CMS.debug("NamePanel: updating configuration for KRA clone with hardware token");
- String subsystem = config.getString(PCERT_PREFIX + "storage.subsystem");
- String storageNickname = getNickname(config, "storage");
- String transportNickname = getNickname(config, "transport");
-
- config.putString(subsystem + ".storageUnit.hardware", token);
- config.putString(subsystem + ".storageUnit.nickName", token + ":" + storageNickname);
- config.putString(subsystem + ".transportUnit.nickName", token + ":" + transportNickname);
- config.commit(false);
- } else { // software token
- // parameters already set
- }
- }
-
- // audit signing cert
- String audit_nn = config.getString(cstype + ".audit_signing" + ".nickname", "");
- String audit_tk = config.getString(cstype + ".audit_signing" + ".tokenname", "");
- if (!audit_tk.equals("Internal Key Storage Token") && !audit_tk.equals("")) {
- config.putString("log.instance.SignedAudit.signedAuditCertNickname",
- audit_tk + ":" + audit_nn);
- } else {
- config.putString("log.instance.SignedAudit.signedAuditCertNickname",
- audit_nn);
- }
- }
-
- /*
- * get some of the "preop" parameters to persisting parameters
- */
- public void updateConfig(IConfigStore config, String certTag)
- throws EBaseException, IOException {
- String token = config.getString(PRE_CONF_CA_TOKEN);
- String subsystem = config.getString(PCERT_PREFIX + certTag + ".subsystem");
- CMS.debug("NamePanel: subsystem " + subsystem);
- String nickname = getNickname(config, certTag);
-
- CMS.debug("NamePanel: updateConfig() for certTag " + certTag);
- // XXX these two are used throughout the CA so have to write them
- // should change the entire system to use the uniformed names later
- if (certTag.equals("signing") || certTag.equals("ocsp_signing")) {
- CMS.debug("NamePanel: setting signing nickname=" + nickname);
- config.putString(subsystem + "." + certTag + ".cacertnickname", nickname);
- config.putString(subsystem + "." + certTag + ".certnickname", nickname);
- }
-
- // if KRA, hardware token needs param "kra.storageUnit.hardware" in CS.cfg
- String cstype = config.getString("cs.type", null);
- cstype = toLowerCaseSubsystemType(cstype);
- if (cstype.equals("kra")) {
- if (!token.equals("Internal Key Storage Token")) {
- if (certTag.equals("storage")) {
- config.putString(subsystem + ".storageUnit.hardware", token);
- config.putString(subsystem + ".storageUnit.nickName", token + ":" + nickname);
- } else if (certTag.equals("transport")) {
- config.putString(subsystem + ".transportUnit.nickName", token + ":" + nickname);
- }
- } else { // software token
- if (certTag.equals("storage")) {
- config.putString(subsystem + ".storageUnit.nickName", nickname);
- } else if (certTag.equals("transport")) {
- config.putString(subsystem + ".transportUnit.nickName", nickname);
- }
- }
- }
-
- String serverCertNickname = nickname;
- String path = CMS.getConfigStore().getString("instanceRoot", "");
- if (certTag.equals("sslserver")) {
- if (!token.equals("Internal Key Storage Token")) {
- serverCertNickname = token + ":" + nickname;
- }
- PrintStream ps = new PrintStream(new FileOutputStream(path + "/conf/serverCertNick.conf"));
- ps.println(serverCertNickname);
- ps.close();
- }
-
- config.putString(subsystem + "." + certTag + ".nickname", nickname);
- config.putString(subsystem + "." + certTag + ".tokenname", token);
- if (certTag.equals("audit_signing")) {
- if (!token.equals("Internal Key Storage Token") && !token.equals("")) {
- config.putString("log.instance.SignedAudit.signedAuditCertNickname",
- token + ":" + nickname);
- } else {
- config.putString("log.instance.SignedAudit.signedAuditCertNickname",
- nickname);
- }
- }
- /*
- config.putString(CERT_PREFIX + certTag + ".defaultSigningAlgorithm",
- "SHA1withRSA");
- */
-
- // for system certs verification
- if (!token.equals("Internal Key Storage Token") && !token.equals("")) {
- config.putString(subsystem + ".cert." + certTag + ".nickname",
- token + ":" + nickname);
- } else {
- config.putString(subsystem + ".cert." + certTag + ".nickname", nickname);
- }
-
- config.commit(false);
- CMS.debug("NamePanel: updateConfig() done");
- }
-
- /**
- * create and sign a cert locally (handles both "selfsign" and "local")
- */
- public void configCert(HttpServletRequest request,
- HttpServletResponse response,
- Context context, Cert certObj) throws IOException {
- CMS.debug("NamePanel: configCert called");
-
- IConfigStore config = CMS.getConfigStore();
- String caType = certObj.getType();
- CMS.debug("NamePanel: in configCert caType is " + caType);
- X509CertImpl cert = null;
- String certTag = certObj.getCertTag();
-
- try {
- updateConfig(config, certTag);
- if (caType.equals("remote")) {
- String v = config.getString("preop.ca.type", "");
-
- CMS.debug("NamePanel configCert: remote CA");
- String pkcs10 = CertUtil.getPKCS10(config, PCERT_PREFIX,
- certObj, context);
- certObj.setRequest(pkcs10);
- String subsystem = config.getString(
- PCERT_PREFIX + certTag + ".subsystem");
- config.putString(subsystem + "." + certTag + ".certreq", pkcs10);
- String profileId = config.getString(PCERT_PREFIX + certTag + ".profile");
- String session_id = CMS.getConfigSDSessionId();
- String sd_hostname = "";
- int sd_ee_port = -1;
- try {
- sd_hostname = config.getString("securitydomain.host", "");
- sd_ee_port = config.getInteger("securitydomain.httpseeport", -1);
- } catch (Exception ee) {
- CMS.debug("NamePanel: configCert() exception caught:" + ee.toString());
- }
- String sysType = config.getString("cs.type", "");
- String machineName = config.getString("machineName", "");
- String securePort = config.getString("service.securePort", "");
- if (certTag.equals("subsystem")) {
- String content =
- "requestor_name="
- + sysType + "-" + machineName + "-" + securePort + "&profileId=" + profileId
- + "&cert_request_type=pkcs10&cert_request=" + URLEncoder.encode(pkcs10, "UTF-8")
- + "&xmlOutput=true&sessionID=" + session_id;
- cert = CertUtil.createRemoteCert(sd_hostname, sd_ee_port,
- content, response, this);
- if (cert == null) {
- throw new IOException("Error: remote certificate is null");
- }
- } else if (v.equals("sdca")) {
- String ca_hostname = "";
- int ca_port = -1;
- try {
- ca_hostname = config.getString("preop.ca.hostname", "");
- ca_port = config.getInteger("preop.ca.httpsport", -1);
- } catch (Exception ee) {
- }
-
- String content =
- "requestor_name="
- + sysType + "-" + machineName + "-" + securePort + "&profileId=" + profileId
- + "&cert_request_type=pkcs10&cert_request=" + URLEncoder.encode(pkcs10, "UTF-8")
- + "&xmlOutput=true&sessionID=" + session_id;
- cert = CertUtil.createRemoteCert(ca_hostname, ca_port,
- content, response, this);
- if (cert == null) {
- throw new IOException("Error: remote certificate is null");
- }
- } else if (v.equals("otherca")) {
- config.putString(subsystem + "." + certTag + ".cert",
- "...paste certificate here...");
- } else {
- CMS.debug("NamePanel: no preop.ca.type is provided");
- }
- } else { // not remote CA, ie, self-signed or local
- ISubsystem ca = CMS.getSubsystem(ICertificateAuthority.ID);
-
- if (ca == null) {
- String s = PCERT_PREFIX + certTag + ".type";
-
- CMS.debug(
- "The value for " + s
- + " should be remote, nothing else.");
- throw new IOException(
- "The value for " + s + " should be remote");
- }
-
- String pubKeyType = config.getString(
- PCERT_PREFIX + certTag + ".keytype");
- if (pubKeyType.equals("rsa")) {
-
- String pubKeyModulus = config.getString(
- PCERT_PREFIX + certTag + ".pubkey.modulus");
- String pubKeyPublicExponent = config.getString(
- PCERT_PREFIX + certTag + ".pubkey.exponent");
- String subsystem = config.getString(
- PCERT_PREFIX + certTag + ".subsystem");
-
- if (certTag.equals("signing")) {
- X509Key x509key = CryptoUtil.getPublicX509Key(
- CryptoUtil.string2byte(pubKeyModulus),
- CryptoUtil.string2byte(pubKeyPublicExponent));
-
- cert = CertUtil.createLocalCert(config, x509key,
- PCERT_PREFIX, certTag, caType, context);
- } else {
- String cacert = config.getString("ca.signing.cert", "");
-
- if (cacert.equals("") || cacert.startsWith("...")) {
- certObj.setCert(
- "...certificate be generated internally...");
- config.putString(subsystem + "." + certTag + ".cert",
- "...certificate be generated internally...");
- } else {
- X509Key x509key = CryptoUtil.getPublicX509Key(
- CryptoUtil.string2byte(pubKeyModulus),
- CryptoUtil.string2byte(pubKeyPublicExponent));
-
- cert = CertUtil.createLocalCert(config, x509key,
- PCERT_PREFIX, certTag, caType, context);
- }
- }
- } else if (pubKeyType.equals("ecc")) {
- String pubKeyEncoded = config.getString(
- PCERT_PREFIX + certTag + ".pubkey.encoded");
- String subsystem = config.getString(
- PCERT_PREFIX + certTag + ".subsystem");
-
- if (certTag.equals("signing")) {
-
- X509Key x509key = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded));
- cert = CertUtil.createLocalCert(config, x509key,
- PCERT_PREFIX, certTag, caType, context);
- } else {
- String cacert = config.getString("ca.signing.cert", "");
-
- if (cacert.equals("") || cacert.startsWith("...")) {
- certObj.setCert(
- "...certificate be generated internally...");
- config.putString(subsystem + "." + certTag + ".cert",
- "...certificate be generated internally...");
- } else {
- X509Key x509key = CryptoUtil.getPublicX509ECCKey(
- CryptoUtil.string2byte(pubKeyEncoded));
-
- cert = CertUtil.createLocalCert(config, x509key,
- PCERT_PREFIX, certTag, caType, context);
- }
- }
- } else {
- // invalid key type
- CMS.debug("Invalid key type " + pubKeyType);
- }
- if (cert != null) {
- if (certTag.equals("subsystem"))
- CertUtil.addUserCertificate(cert);
- }
- } // done self-signed or local
-
- if (cert != null) {
- byte[] certb = cert.getEncoded();
- String certs = CryptoUtil.base64Encode(certb);
-
- // certObj.setCert(certs);
- String subsystem = config.getString(
- PCERT_PREFIX + certTag + ".subsystem");
- config.putString(subsystem + "." + certTag + ".cert", certs);
- }
- config.commit(false);
- } catch (IOException e) {
- throw e;
- } catch (Exception e) {
- CMS.debug("NamePanel configCert() exception caught:" + e.toString());
- }
- }
-
public void configCertWithTag(HttpServletRequest request,
HttpServletResponse response,
Context context, String tag) throws IOException {
@@ -638,8 +349,7 @@ public class NamePanel extends WizardPanelBase {
while (c.hasMoreElements()) {
Cert cert = c.nextElement();
String ct = cert.getCertTag();
- CMS.debug("NamePanel: configCertWithTag ct=" + ct +
- " tag=" + tag);
+ CMS.debug("NamePanel: configCertWithTag ct=" + ct + " tag=" + tag);
if (ct.equals(tag)) {
try {
String nickname = HttpInput.getNickname(request, ct + "_nick");
@@ -659,7 +369,7 @@ public class NamePanel extends WizardPanelBase {
+ ct + ": " + e.toString());
}
- configCert(request, response, context, cert);
+ ConfigurationUtils.configCert(request, response, context, cert, this);
CMS.debug("NamePanel: configCertWithTag done with tag=" + tag);
return;
}
@@ -737,7 +447,6 @@ public class NamePanel extends WizardPanelBase {
HttpServletResponse response,
Context context) throws IOException {
CMS.debug("NamePanel: in update()");
- boolean hasErr = false;
if (inputChanged(request)) {
mServlet.cleanUpFromPanel(mServlet.getPanelNo(request));
@@ -747,12 +456,11 @@ public class NamePanel extends WizardPanelBase {
}
IConfigStore config = CMS.getConfigStore();
-
- String hselect = "";
ISubsystem subsystem = CMS.getSubsystem(ICertificateAuthority.ID);
+
try {
//if CA, at the hierarchy panel, was it root or subord?
- hselect = config.getString("preop.hierarchy.select", "");
+ String hselect = config.getString("preop.hierarchy.select", "");
String cstype = config.getString("preop.subsystem.select", "");
if (cstype.equals("clone")) {
CMS.debug("NamePanel: clone configuration detected");
@@ -765,65 +473,63 @@ public class NamePanel extends WizardPanelBase {
config.putString("preop.ca.url", url);
URL urlx = new URL(url);
- updateCloneSDCAInfo(request, context, urlx.getHost(),
- Integer.toString(urlx.getPort()));
+ updateCloneSDCAInfo(request, context, urlx.getHost(), urlx.getPort());
}
- updateCloneConfig(config);
+ ConfigurationUtils.updateCloneConfig();
CMS.debug("NamePanel: clone configuration done");
context.put("updateStatus", "success");
return;
}
- } catch (Exception e) {
- CMS.debug("NamePanel: configCertWithTag failure - " + e);
- context.put("updateStatus", "failure");
- return;
- }
- //if no hselect, then not CA
- if (hselect.equals("") || hselect.equals("join")) {
- String url = getURL(request, config);
+ //if no hselect, then not CA
+ if (hselect.equals("") || hselect.equals("join")) {
+ String url = getURL(request, config);
- URL urlx = null;
+ URL urlx = null;
- if (url.equals("External CA")) {
- CMS.debug("NamePanel: external CA selected");
- config.putString("preop.ca.type", "otherca");
- if (subsystem != null) {
- config.putString(PCERT_PREFIX + "signing.type", "remote");
- }
+ if (url.equals("External CA")) {
+ CMS.debug("NamePanel: external CA selected");
+ config.putString("preop.ca.type", "otherca");
+ if (subsystem != null) {
+ config.putString(PCERT_PREFIX + "signing.type", "remote");
+ }
- config.putString("preop.ca.pkcs7", "");
- config.putInteger("preop.ca.certchain.size", 0);
- context.put("check_otherca", "checked");
- CMS.debug("NamePanel: update: this is the external CA.");
- } else {
- CMS.debug("NamePanel: local CA selected");
- // parse URL (CA1 - https://...)
- url = url.substring(url.indexOf("https"));
- config.putString("preop.ca.url", url);
-
- urlx = new URL(url);
- config.putString("preop.ca.type", "sdca");
- CMS.debug("NamePanel: update: this is a CA in the security domain.");
- context.put("check_sdca", "checked");
- sdca(request, context, urlx.getHost(),
- Integer.toString(urlx.getPort()));
- if (subsystem != null) {
- config.putString(PCERT_PREFIX + "signing.type", "remote");
- config.putString(PCERT_PREFIX + "signing.profile",
- "caInstallCACert");
- }
- }
+ config.putString("preop.ca.pkcs7", "");
+ config.putInteger("preop.ca.certchain.size", 0);
+ context.put("check_otherca", "checked");
+ CMS.debug("NamePanel: update: this is the external CA.");
+ } else {
+ CMS.debug("NamePanel: local CA selected");
+ url = url.substring(url.indexOf("https"));
+ config.putString("preop.ca.url", url);
- try {
- config.commit(false);
- } catch (Exception e) {
- }
+ urlx = new URL(url);
+ String host = urlx.getHost();
+ int port = urlx.getPort();
+ String domainXML = config.getString("preop.domainXML");
+ int admin_port = ConfigurationUtils.getPortFromSecurityDomain(domainXML,
+ host, port, "CA", "SecurePort", "SecureAdminPort");
- }
+ config.putString("preop.ca.type", "sdca");
+ config.putString("preop.ca.hostname", host);
+ config.putInteger("preop.ca.httpsport", port);
+ config.putInteger("preop.ca.httpsadminport", admin_port);
- try {
+ context.put("check_sdca", "checked");
+ context.put("sdcaHostname", host);
+ context.put("sdHttpPort", port);
+
+ ConfigurationUtils.importCertChain(host, admin_port, "/ca/admin/ca/getCertChain", "ca");
+
+ if (subsystem != null) {
+ config.putString(PCERT_PREFIX + "signing.type", "remote");
+ config.putString(PCERT_PREFIX + "signing.profile", "caInstallCACert");
+ }
+ }
+ config.commit(false);
+
+ }
Enumeration<Cert> c = mCerts.elements();
@@ -855,85 +561,30 @@ public class NamePanel extends WizardPanelBase {
// commit here in case it changes
config.commit(false);
- try {
- configCert(request, response, context, cert);
- config.putBoolean("preop.cert." + cert.getCertTag() + ".done",
- true);
- config.commit(false);
- } catch (Exception e) {
- CMS.debug(
- "NamePanel: update() exception caught:"
- + e.toString());
- hasErr = true;
- System.err.println("Exception caught: " + e.toString());
- }
-
- } // while
- if (hasErr == false) {
- config.putBoolean("preop.NamePanel.done", true);
+ ConfigurationUtils.configCert(request, response, context, cert, this);
+ config.putBoolean("preop.cert." + cert.getCertTag() + ".done", true);
config.commit(false);
- }
- } catch (Exception e) {
- CMS.debug("NamePanel: Exception caught: " + e.toString());
- System.err.println("Exception caught: " + e.toString());
- }// try
+ } // while
- try {
+ config.putBoolean("preop.NamePanel.done", true);
config.commit(false);
} catch (Exception e) {
- }
-
- if (!hasErr) {
- context.put("updateStatus", "success");
- } else {
+ CMS.debug("NamPanel - update(): Exception thrown : " + e);
+ e.printStackTrace();
context.put("updateStatus", "failure");
+ throw new IOException(e);
}
- CMS.debug("NamePanel: update() done");
- }
-
- private void updateCloneSDCAInfo(HttpServletRequest request, Context context, String hostname, String httpsPortStr)
- throws IOException {
- CMS.debug("NamePanel updateCloneSDCAInfo: selected CA hostname=" + hostname + " port=" + httpsPortStr);
- String https_admin_port = "";
- IConfigStore config = CMS.getConfigStore();
-
- if (hostname == null || hostname.length() == 0) {
- context.put("errorString", "Hostname is null");
- throw new IOException("Hostname is null");
- }
-
- // Retrieve the associated HTTPS Admin port so that it
- // may be stored for use with ImportAdminCertPanel
- https_admin_port = getSecurityDomainAdminPort(config,
- hostname,
- httpsPortStr,
- "CA");
-
- try {
- Integer.parseInt(httpsPortStr); // check for errors
- } catch (Exception e) {
- CMS.debug(
- "NamePanel update: Https port is not valid. Exception: "
- + e.toString());
- throw new IOException("Https Port is not valid.");
- }
+ context.put("updateStatus", "success");
- config.putString("preop.ca.hostname", hostname);
- config.putString("preop.ca.httpsport", httpsPortStr);
- config.putString("preop.ca.httpsadminport", https_admin_port);
+ CMS.debug("NamePanel: update() done");
}
- private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr)
- throws IOException {
- CMS.debug("NamePanel update: this is the CA in the security domain.");
- CMS.debug("NamePanel update: selected CA hostname=" + hostname + " port=" + httpsPortStr);
- String https_admin_port = "";
+ private void updateCloneSDCAInfo(HttpServletRequest request, Context context, String hostname, int httpsPort)
+ throws IOException, EPropertyNotFound, EBaseException, SAXException, ParserConfigurationException {
+ CMS.debug("NamePanel updateCloneSDCAInfo: selected CA hostname=" + hostname + " port=" + httpsPort);
IConfigStore config = CMS.getConfigStore();
- context.put("sdcaHostname", hostname);
- context.put("sdHttpPort", httpsPortStr);
-
if (hostname == null || hostname.length() == 0) {
context.put("errorString", "Hostname is null");
throw new IOException("Hostname is null");
@@ -941,35 +592,13 @@ public class NamePanel extends WizardPanelBase {
// Retrieve the associated HTTPS Admin port so that it
// may be stored for use with ImportAdminCertPanel
- https_admin_port = getSecurityDomainAdminPort(config,
- hostname,
- httpsPortStr,
- "CA");
-
- int httpsport = -1;
-
- try {
- httpsport = Integer.parseInt(httpsPortStr);
- } catch (Exception e) {
- CMS.debug(
- "NamePanel update: Https port is not valid. Exception: "
- + e.toString());
- throw new IOException("Https Port is not valid.");
- }
+ String domainXML = config.getString("preop.domainXML");
+ int https_admin_port = ConfigurationUtils.getPortFromSecurityDomain(domainXML,
+ hostname, httpsPort, "CA", "SecurePort", "SecureAdminPort");
config.putString("preop.ca.hostname", hostname);
- config.putString("preop.ca.httpsport", httpsPortStr);
- config.putString("preop.ca.httpsadminport", https_admin_port);
- ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
- updateCertChainUsingSecureEEPort(config, "ca", hostname,
- httpsport, true, context,
- certApprovalCallback);
- try {
- CMS.debug("Importing CA chain");
- importCertChain("ca");
- } catch (Exception e1) {
- CMS.debug("Failed in importing CA chain");
- }
+ config.putInteger("preop.ca.httpsport", httpsPort);
+ config.putInteger("preop.ca.httpsadminport", https_admin_port);
}
public void initParams(HttpServletRequest request, Context context)
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java
index 506abdd70..7ace274a7 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java
@@ -17,54 +17,14 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.FileInputStream;
import java.io.IOException;
-import java.math.BigInteger;
-import java.security.Principal;
-import java.security.PublicKey;
-import java.util.StringTokenizer;
-import java.util.Vector;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import netscape.ldap.LDAPDN;
-import netscape.security.x509.X509CertImpl;
-
import org.apache.velocity.context.Context;
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.asn1.ANY;
-import org.mozilla.jss.asn1.BMPString;
-import org.mozilla.jss.asn1.OBJECT_IDENTIFIER;
-import org.mozilla.jss.asn1.OCTET_STRING;
-import org.mozilla.jss.asn1.SEQUENCE;
-import org.mozilla.jss.asn1.SET;
-import org.mozilla.jss.crypto.Cipher;
-import org.mozilla.jss.crypto.CryptoStore;
-import org.mozilla.jss.crypto.CryptoToken;
-import org.mozilla.jss.crypto.EncryptionAlgorithm;
-import org.mozilla.jss.crypto.IVParameterSpec;
-import org.mozilla.jss.crypto.InternalCertificate;
-import org.mozilla.jss.crypto.KeyGenAlgorithm;
-import org.mozilla.jss.crypto.KeyGenerator;
-import org.mozilla.jss.crypto.KeyWrapAlgorithm;
-import org.mozilla.jss.crypto.KeyWrapper;
-import org.mozilla.jss.crypto.SymmetricKey;
-import org.mozilla.jss.crypto.X509Certificate;
-import org.mozilla.jss.pkcs11.PK11Store;
-import org.mozilla.jss.pkcs12.AuthenticatedSafes;
-import org.mozilla.jss.pkcs12.CertBag;
-import org.mozilla.jss.pkcs12.PFX;
-import org.mozilla.jss.pkcs12.PasswordConverter;
-import org.mozilla.jss.pkcs12.SafeBag;
-import org.mozilla.jss.pkix.primitive.Attribute;
-import org.mozilla.jss.pkix.primitive.EncryptedPrivateKeyInfo;
-import org.mozilla.jss.pkix.primitive.PrivateKeyInfo;
-import org.mozilla.jss.util.Password;
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.EBaseException;
@@ -197,10 +157,6 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
// Path can be empty. If this case, we just want to
// get to the next panel. Customer has HSM.
String s = HttpInput.getString(request, "path");
- // if (s == null || s.equals("")) {
- // CMS.debug("RestoreKeyCertPanel validate: path is empty");
- // throw new IOException("Path is empty");
- // }
if (s != null && !s.equals("")) {
s = HttpInput.getPassword(request, "__password");
@@ -219,460 +175,50 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
HttpServletResponse response,
Context context) throws IOException {
IConfigStore config = CMS.getConfigStore();
- String path = HttpInput.getString(request, "path");
- if (path == null || path.equals("")) {
- // skip to next panel
- config.putBoolean("preop.restorekeycert.done", true);
- try {
- config.commit(false);
- } catch (EBaseException e) {
- }
- getConfigEntriesFromMaster(request, response, context);
- context.put("updateStatus", "success");
- return;
- }
- String pwd = HttpInput.getPassword(request, "__password");
-
- String tokenn = "";
- String instanceRoot = "";
-
- try {
- tokenn = config.getString("preop.module.token");
- instanceRoot = config.getString("instanceRoot");
- } catch (Exception e) {
- }
-
- if (tokenn.equals("Internal Key Storage Token")) {
- byte b[] = new byte[1000000];
- FileInputStream fis = new FileInputStream(instanceRoot + "/alias/" + path);
- while (fis.available() > 0)
- fis.read(b);
- fis.close();
-
- ByteArrayInputStream bis = new ByteArrayInputStream(b);
- StringBuffer reason = new StringBuffer();
- Password password = new Password(pwd.toCharArray());
- PFX pfx = null;
- boolean verifypfx = false;
- try {
- pfx = (PFX) (new PFX.Template()).decode(bis);
- verifypfx = pfx.verifyAuthSafes(password, reason);
- } catch (Exception e) {
- CMS.debug("RestoreKeyCertPanel update: Exception=" + e.toString());
- }
-
- if (verifypfx) {
- CMS.debug("RestoreKeyCertPanel verify the PFX.");
- AuthenticatedSafes safes = pfx.getAuthSafes();
- Vector<Vector<Object>> pkeyinfo_collection = new Vector<Vector<Object>>();
- Vector<Vector<Object>> cert_collection = new Vector<Vector<Object>>();
- for (int i = 0; i < safes.getSize(); i++) {
- try {
- SEQUENCE scontent = safes.getSafeContentsAt(null, i);
- for (int j = 0; j < scontent.size(); j++) {
- SafeBag bag = (SafeBag) scontent.elementAt(j);
- OBJECT_IDENTIFIER oid = bag.getBagType();
- if (oid.equals(SafeBag.PKCS8_SHROUDED_KEY_BAG)) {
- EncryptedPrivateKeyInfo privkeyinfo =
- (EncryptedPrivateKeyInfo) bag.getInterpretedBagContent();
- PrivateKeyInfo pkeyinfo = privkeyinfo.decrypt(password, new PasswordConverter());
- Vector<Object> pkeyinfo_v = new Vector<Object>();
- pkeyinfo_v.addElement(pkeyinfo);
- SET bagAttrs = bag.getBagAttributes();
- for (int k = 0; k < bagAttrs.size(); k++) {
- Attribute attrs = (Attribute) bagAttrs.elementAt(k);
- OBJECT_IDENTIFIER aoid = attrs.getType();
- if (aoid.equals(SafeBag.FRIENDLY_NAME)) {
- SET val = attrs.getValues();
- ANY ss = (ANY) val.elementAt(0);
- ByteArrayInputStream bbis = new ByteArrayInputStream(ss.getEncoded());
- BMPString sss = (BMPString) new BMPString.Template().decode(bbis);
- String s = sss.toString();
- pkeyinfo_v.addElement(s);
- }
- }
- pkeyinfo_collection.addElement(pkeyinfo_v);
- } else if (oid.equals(SafeBag.CERT_BAG)) {
- CertBag cbag = (CertBag) bag.getInterpretedBagContent();
- OCTET_STRING str = (OCTET_STRING) cbag.getInterpretedCert();
- byte[] x509cert = str.toByteArray();
- Vector<Object> cert_v = new Vector<Object>();
- cert_v.addElement(x509cert);
- SET bagAttrs = bag.getBagAttributes();
-
- if (bagAttrs != null) {
- for (int k = 0; k < bagAttrs.size(); k++) {
- Attribute attrs = (Attribute) bagAttrs.elementAt(k);
- OBJECT_IDENTIFIER aoid = attrs.getType();
- if (aoid.equals(SafeBag.FRIENDLY_NAME)) {
- SET val = attrs.getValues();
- ANY ss = (ANY) val.elementAt(0);
- ByteArrayInputStream bbis = new ByteArrayInputStream(ss.getEncoded());
- BMPString sss = (BMPString) (new BMPString.Template()).decode(bbis);
- String s = sss.toString();
- cert_v.addElement(s);
- }
- }
- }
-
- cert_collection.addElement(cert_v);
- }
- }
- } catch (Exception e) {
- CMS.debug("RestoreKeyCertPanel update: Exception=" + e.toString());
- }
- }
-
- importkeycert(pkeyinfo_collection, cert_collection);
- } else {
- context.put("updateStatus", "failure");
- throw new IOException("The pkcs12 file is not correct.");
- }
- }
-
- String subsystemtype = "";
- String cstype = "";
try {
- subsystemtype = config.getString("preop.subsystem.select", "");
- cstype = config.getString("cs.type", "");
- } catch (Exception e) {
- }
- cstype = toLowerCaseSubsystemType(cstype);
-
- if (subsystemtype.equals("clone")) {
- CMS.debug("RestoreKeyCertPanel: this is the clone subsystem");
- boolean cloneReady = isCertdbCloned(request, context);
- if (!cloneReady) {
- CMS.debug("RestoreKeyCertPanel update: clone does not have all the certificates.");
- context.put("errorString", "Make sure you have copied the certificate database over to the clone");
- context.put("updateStatus", "failure");
- throw new IOException("Clone is not ready");
- }
- }
+ ConfigurationUtils.getConfigEntriesFromMaster();
- config.putBoolean("preop.restorekeycert.done", true);
- try {
- config.commit(false);
- } catch (EBaseException e) {
- }
-
- getConfigEntriesFromMaster(request, response, context);
- context.put("updateStatus", "success");
- }
-
- private void getConfigEntriesFromMaster(HttpServletRequest request,
- HttpServletResponse response, Context context) throws IOException {
- try {
- IConfigStore config = CMS.getConfigStore();
- String cstype = "";
- try {
- cstype = config.getString("cs.type", "");
- } catch (Exception e) {
- }
- cstype = toLowerCaseSubsystemType(cstype);
-
- String session_id = CMS.getConfigSDSessionId();
- String master_hostname = "";
- int master_port = -1;
- int master_ee_port = -1;
- try {
- master_hostname = config.getString("preop.master.hostname", "");
- master_port = config.getInteger("preop.master.httpsadminport", -1);
- master_ee_port = config.getInteger("preop.master.httpsport", -1);
-
- String content = "";
- if (cstype.equals("ca") || cstype.equals("kra")) {
- content = "type=request&xmlOutput=true&sessionID=" + session_id;
- CMS.debug("http content=" + content);
- updateNumberRange(master_hostname, master_ee_port, true, content, "request", response);
-
- content = "type=serialNo&xmlOutput=true&sessionID=" + session_id;
- updateNumberRange(master_hostname, master_ee_port, true, content, "serialNo", response);
-
- content = "type=replicaId&xmlOutput=true&sessionID=" + session_id;
- updateNumberRange(master_hostname, master_ee_port, true, content, "replicaId", response);
- }
-
- String list = "";
- try {
- list = config.getString("preop.cert.list", "");
- } catch (Exception e) {
- }
-
- StringBuffer c1 = new StringBuffer();
- StringBuffer s1 = new StringBuffer();
- StringTokenizer tok = new StringTokenizer(list, ",");
- while (tok.hasMoreTokens()) {
- String t1 = tok.nextToken();
- if (t1.equals("sslserver"))
- continue;
- c1.append(",");
- c1.append("cloning.");
- c1.append(t1);
- c1.append(".nickname,");
- c1.append("cloning.");
- c1.append(t1);
- c1.append(".dn,");
- c1.append("cloning.");
- c1.append(t1);
- c1.append(".keytype,");
- c1.append("cloning.");
- c1.append(t1);
- c1.append(".keyalgorithm,");
- c1.append("cloning.");
- c1.append(t1);
- c1.append(".privkey.id,");
- c1.append("cloning.");
- c1.append(t1);
- c1.append(".pubkey.exponent,");
- c1.append("cloning.");
- c1.append(t1);
- c1.append(".pubkey.modulus,");
- c1.append("cloning.");
- c1.append(t1);
- c1.append(".pubkey.encoded");
-
- if (s1.length() != 0)
- s1.append(",");
-
- s1.append(cstype);
- s1.append(".");
- s1.append(t1);
- }
-
- if (!cstype.equals("ca")) {
- c1.append(",cloning.ca.hostname,cloning.ca.httpport,cloning.ca.httpsport,cloning.ca.list,cloning.ca.pkcs7,cloning.ca.type");
- }
-
- if (cstype.equals("ca")) {
- /* get ca connector details */
- if (s1.length() != 0)
- s1.append(",");
- s1.append("ca.connector.KRA");
- }
-
- s1.append(",internaldb,internaldb.ldapauth,internaldb.ldapconn");
-
- content =
- "op=get&names=cloning.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,"
- + "internaldb.replication.password" + c1.toString()
- + "&substores=" + s1.toString()
- + "&xmlOutput=true&sessionID="
- + session_id;
- boolean success = updateConfigEntries(master_hostname, master_port, true,
- "/" + cstype + "/admin/" + cstype + "/getConfigEntries", content, config, response);
- if (!success) {
- context.put("errorString", "Failed to get configuration entries from the master");
- throw new IOException("Failed to get configuration entries from the master");
- }
- config.putString("preop.clone.configuration", "true");
- try {
- config.commit(false);
- } catch (Exception ee) {
- }
- } catch (IOException eee) {
- throw eee;
- } catch (Exception eee) {
- CMS.debug("RestoreKeyCertPanel: update exception caught:" + eee.toString());
+ String path = HttpInput.getString(request, "path");
+ if (path == null || path.equals("")) {
+ // skip to next panel
+ config.putBoolean("preop.restorekeycert.done", true);
+ config.commit(false);
+ context.put("updateStatus", "success");
+ return;
}
- } catch (IOException ee) {
- throw ee;
- } catch (Exception ee) {
- }
- }
+ String pwd = HttpInput.getPassword(request, "__password");
- private void deleteExistingCerts() {
- IConfigStore cs = CMS.getConfigStore();
- try {
- String list = cs.getString("preop.cert.list", "");
- StringTokenizer st = new StringTokenizer(list, ",");
- while (st.hasMoreTokens()) {
- String s = st.nextToken();
- if (s.equals("sslserver"))
- continue;
- String name = "preop.master." + s + ".nickname";
- String nickname = cs.getString(name, "");
- CryptoManager cm = CryptoManager.getInstance();
- X509Certificate xcert = null;
- try {
- xcert = cm.findCertByNickname(nickname);
- } catch (Exception ee) {
- CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" + ee.toString());
- }
- CryptoToken ct = cm.getInternalKeyStorageToken();
- CryptoStore store = ct.getCryptoStore();
- try {
- store.deleteCert(xcert);
- } catch (Exception ee) {
- CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" + ee.toString());
- }
+ String tokenn = config.getString("preop.module.token");
+ if (tokenn.equals("Internal Key Storage Token")) {
+ ConfigurationUtils.restoreCertsFromP12(path, pwd);
}
- } catch (Exception e) {
- CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" + e.toString());
- }
- }
-
- private org.mozilla.jss.crypto.PrivateKey.Type getPrivateKeyType(PublicKey pubkey) {
- CMS.debug("Key Algorithm '" + pubkey.getAlgorithm() + "'");
- if (pubkey.getAlgorithm().equals("EC")) {
- return org.mozilla.jss.crypto.PrivateKey.Type.EC;
- }
- return org.mozilla.jss.crypto.PrivateKey.Type.RSA;
- }
-
- private void importkeycert(Vector<Vector<Object>> pkeyinfo_collection,
- Vector<Vector<Object>> cert_collection) throws IOException {
- CryptoManager cm = null;
- try {
- cm = CryptoManager.getInstance();
- } catch (Exception e) {
- }
-
- // delete all existing certificates first
- deleteExistingCerts();
- for (int i = 0; i < pkeyinfo_collection.size(); i++) {
- try {
- Vector<Object> pkeyinfo_v = pkeyinfo_collection.elementAt(i);
- PrivateKeyInfo pkeyinfo = (PrivateKeyInfo) pkeyinfo_v.elementAt(0);
- String nickname = (String) pkeyinfo_v.elementAt(1);
- byte[] x509cert = getX509Cert(nickname, cert_collection);
- X509Certificate cert = cm.importCACertPackage(x509cert);
- ByteArrayOutputStream bos = new ByteArrayOutputStream();
- pkeyinfo.encode(bos);
- byte[] pkey = bos.toByteArray();
-
- PublicKey publickey = cert.getPublicKey();
- CryptoToken token = cm.getInternalKeyStorageToken();
- CryptoStore store = token.getCryptoStore();
- CMS.debug("RestoreKeyCertPanel deleteCert: this is pk11store");
- try {
- store.deleteCert(cert);
- } catch (Exception ee) {
- CMS.debug("RestoreKeyCertPanel importKeyCert: Exception=" + ee.toString());
+ String subsystemtype = config.getString("preop.subsystem.select", "");
+ if (subsystemtype.equals("clone")) {
+ CMS.debug("RestoreKeyCertPanel: this is the clone subsystem");
+ boolean cloneReady = ConfigurationUtils.isCertdbCloned();
+ if (!cloneReady) {
+ CMS.debug("RestoreKeyCertPanel update: clone does not have all the certificates.");
+ throw new IOException("Clone is not ready");
}
-
- KeyGenerator kg = token.getKeyGenerator(KeyGenAlgorithm.DES3);
- SymmetricKey sk = kg.generate();
- byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 };
- IVParameterSpec param = new IVParameterSpec(iv);
- Cipher c = token.getCipherContext(EncryptionAlgorithm.DES3_CBC_PAD);
- c.initEncrypt(sk, param);
- byte[] encpkey = c.doFinal(pkey);
-
- KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD);
- wrapper.initUnwrap(sk, param);
- wrapper.unwrapPrivate(encpkey, getPrivateKeyType(publickey), publickey);
-
- } catch (Exception e) {
- CMS.debug("RestoreKeyCertPanel importkeycert: Exception=" + e.toString());
}
- }
- for (int i = 0; i < cert_collection.size(); i++) {
- try {
- Vector<Object> cert_v = cert_collection.elementAt(i);
- byte[] cert = (byte[]) cert_v.elementAt(0);
- if (cert_v.size() > 1) {
- String name = (String) cert_v.elementAt(1);
- // we need to delete the trusted CA certificate if it is
- // the same as the ca signing certificate
- if (isCASigningCert(name)) {
- X509Certificate certchain = getX509CertFromToken(cert);
- if (certchain != null) {
- CryptoToken token = cm.getInternalKeyStorageToken();
- CryptoStore store = token.getCryptoStore();
- CMS.debug("RestoreKeyCertPanel deleteCert: this is pk11store");
- if (store instanceof PK11Store) {
- try {
- PK11Store pk11store = (PK11Store) store;
- pk11store.deleteCertOnly(certchain);
- } catch (Exception ee) {
- CMS.debug("RestoreKeyCertPanel importKeyCert: Exception=" + ee.toString());
- }
- }
- }
- }
-
- X509Certificate xcert = cm.importUserCACertPackage(cert, name);
- if (name.startsWith("caSigningCert")) {
- // we need to change the trust attribute to CT
- InternalCertificate icert = (InternalCertificate) xcert;
- icert.setSSLTrust(InternalCertificate.TRUSTED_CA
- | InternalCertificate.TRUSTED_CLIENT_CA
- | InternalCertificate.VALID_CA);
- } else if (name.startsWith("auditSigningCert")) {
- InternalCertificate icert = (InternalCertificate) xcert;
- icert.setObjectSigningTrust(InternalCertificate.USER
- | InternalCertificate.VALID_PEER | InternalCertificate.TRUSTED_PEER);
- }
- } else
- cm.importCACertPackage(cert);
- } catch (Exception e) {
- CMS.debug("RestoreKeyCertPanel importkeycert: Exception=" + e.toString());
- }
- }
- }
-
- private boolean isCASigningCert(String name) {
- String n = "preop.master.signing.nickname";
- IConfigStore cs = CMS.getConfigStore();
- try {
- String nickname = cs.getString(n);
- if (nickname.equals(name))
- return true;
- } catch (Exception e) {
- return false;
- }
-
- return false;
- }
-
- private X509Certificate getX509CertFromToken(byte[] cert)
- throws IOException {
- try {
- X509CertImpl impl = new X509CertImpl(cert);
- String issuer_impl = impl.getIssuerDN().toString();
- BigInteger serial_impl = impl.getSerialNumber();
- CryptoManager cm = CryptoManager.getInstance();
- X509Certificate[] permcerts = cm.getPermCerts();
- for (int i = 0; i < permcerts.length; i++) {
- String issuer_p = permcerts[i].getSubjectDN().toString();
- BigInteger serial_p = permcerts[i].getSerialNumber();
- if (issuer_p.equals(issuer_impl) && serial_p.compareTo(serial_impl) == 0) {
- return permcerts[i];
- }
- }
+ config.putBoolean("preop.restorekeycert.done", true);
+ config.commit(false);
} catch (Exception e) {
- CMS.debug("RestoreKeyCertPanel getX509CertFromToken: Exception=" + e.toString());
+ CMS.debug("RestoreKeyCertPanel update: exception thrown:" + e);
+ e.printStackTrace();
+ context.put("errorString", e.toString());
+ context.put("updateStatus", "failure");
+ throw new IOException(e);
}
- return null;
- }
-
- private byte[] getX509Cert(String nickname, Vector<Vector<Object>> cert_collection)
- throws IOException {
- for (int i = 0; i < cert_collection.size(); i++) {
- Vector<Object> v = cert_collection.elementAt(i);
- byte[] b = (byte[]) v.elementAt(0);
- X509CertImpl impl = null;
- try {
- impl = new X509CertImpl(b);
- } catch (Exception e) {
- CMS.debug("RestoreKeyCertPanel getX509Cert: Exception=" + e.toString());
- throw new IOException(e.toString());
- }
- Principal subjectdn = impl.getSubjectDN();
- if (LDAPDN.equals(subjectdn.toString(), nickname))
- return b;
- }
-
- return null;
+ context.put("updateStatus", "success");
}
/**
- * If validiate() returns false, this method will be called.
+ * If validate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
HttpServletResponse response,
@@ -682,37 +228,4 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
context.put("path", "");
context.put("panel", "admin/console/config/restorekeycertpanel.vm");
}
-
- private boolean isCertdbCloned(HttpServletRequest request,
- Context context) {
- IConfigStore config = CMS.getConfigStore();
- String certList = "";
- try {
- CryptoManager cm = CryptoManager.getInstance();
- certList = config.getString("preop.cert.list");
- StringTokenizer st = new StringTokenizer(certList, ",");
- while (st.hasMoreTokens()) {
- String token = st.nextToken();
- if (token.equals("sslserver"))
- continue;
- String tokenname = config.getString("preop.module.token", "");
- cm.getTokenByName(tokenname); // throw exception if token doesn't exist
- String name1 = "preop.master." + token + ".nickname";
- String nickname = config.getString(name1, "");
- if (!tokenname.equals("Internal Key Storage Token") &&
- !tokenname.equals("internal"))
- nickname = tokenname + ":" + nickname;
-
- CMS.debug("RestoreKeyCertPanel isCertdbCloned: " + nickname);
- X509Certificate cert = cm.findCertByNickname(nickname);
- if (cert == null)
- return false;
- }
- } catch (Exception e) {
- context.put("errorString", "Check your CS.cfg for cloning");
- return false;
- }
-
- return true;
- }
}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java b/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java
index 0c066268d..cdcefbfe7 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java
@@ -107,7 +107,7 @@ public class SavePKCS12Panel extends WizardPanelBase {
} catch (Exception e) {
}
- subsystemtype = toLowerCaseSubsystemType(subsystemtype);
+ subsystemtype = subsystemtype.toLowerCase();
context.put("panel", "admin/console/config/savepkcs12panel.vm");
context.put("subsystemtype", subsystemtype);
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java
index a36db6439..1ae4c3397 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java
@@ -324,7 +324,6 @@ public class SecurityDomainPanel extends WizardPanelBase {
public void update(HttpServletRequest request,
HttpServletResponse response,
Context context) throws IOException {
- String errorString = "";
String select = HttpInput.getID(request, "choice");
if (select == null) {
@@ -334,94 +333,65 @@ public class SecurityDomainPanel extends WizardPanelBase {
}
IConfigStore config = CMS.getConfigStore();
- if (select.equals("newdomain")) {
- config.putString("preop.securitydomain.select", "new");
- config.putString("securitydomain.select", "new");
- config.putString("preop.securitydomain.name",
- HttpInput.getDomainName(request, "sdomainName"));
- config.putString("securitydomain.name",
- HttpInput.getDomainName(request, "sdomainName"));
- config.putString("securitydomain.host",
- CMS.getEENonSSLHost());
- config.putString("securitydomain.httpport",
- CMS.getEENonSSLPort());
- config.putString("securitydomain.httpsagentport",
- CMS.getAgentPort());
- config.putString("securitydomain.httpseeport",
- CMS.getEESSLPort());
- config.putString("securitydomain.httpsadminport",
- CMS.getAdminPort());
-
- // make sure the subsystem certificate is issued by the security
- // domain
- config.putString("preop.cert.subsystem.type", "local");
- config.putString("preop.cert.subsystem.profile", "subsystemCert.profile");
+ try {
+ if (select.equals("newdomain")) {
+ config.putString("preop.securitydomain.select", "new");
+ config.putString("securitydomain.select", "new");
+ config.putString("preop.securitydomain.name", HttpInput.getDomainName(request, "sdomainName"));
+ config.putString("securitydomain.name", HttpInput.getDomainName(request, "sdomainName"));
+ config.putString("securitydomain.host", CMS.getEENonSSLHost());
+ config.putString("securitydomain.httpport", CMS.getEENonSSLPort());
+ config.putString("securitydomain.httpsagentport", CMS.getAgentPort());
+ config.putString("securitydomain.httpseeport", CMS.getEESSLPort());
+ config.putString("securitydomain.httpsadminport", CMS.getAdminPort());
+
+ // make sure the subsystem certificate is issued locallly
+ config.putString("preop.cert.subsystem.type", "local");
+ config.putString("preop.cert.subsystem.profile", "subsystemCert.profile");
- try {
config.commit(false);
- } catch (EBaseException e) {
- }
-
- } else if (select.equals("existingdomain")) {
- config.putString("preop.securitydomain.select", "existing");
- config.putString("securitydomain.select", "existing");
+ } else if (select.equals("existingdomain")) {
+ config.putString("preop.securitydomain.select", "existing");
+ config.putString("securitydomain.select", "existing");
- // make sure the subsystem certificate is issued by the security
- // domain
- config.putString("preop.cert.subsystem.type", "remote");
- config.putString("preop.cert.subsystem.profile", "caInternalAuthSubsystemCert");
+ // make sure the subsystem certificate is issued by the security domain
+ config.putString("preop.cert.subsystem.type", "remote");
+ config.putString("preop.cert.subsystem.profile", "caInternalAuthSubsystemCert");
- String admin_url = HttpInput.getURL(request, "sdomainURL");
- String hostname = "";
- int admin_port = -1;
+ String admin_url = HttpInput.getURL(request, "sdomainURL");
+ String hostname = "";
+ int admin_port = -1;
- if (admin_url != null) {
- try {
+ if (admin_url != null) {
URL admin_u = new URL(admin_url);
-
hostname = admin_u.getHost();
admin_port = admin_u.getPort();
- } catch (MalformedURLException e) {
- errorString = "Malformed SSL Admin HTTPS URL";
- context.put("updateStatus", "failure");
- throw new IOException(errorString);
+ context.put("sdomainURL", admin_url);
+ config.putString("securitydomain.host", hostname);
+ config.putInteger("securitydomain.httpsadminport", admin_port);
}
-
- context.put("sdomainURL", admin_url);
- config.putString("securitydomain.host", hostname);
- config.putInteger("securitydomain.httpsadminport",
- admin_port);
- }
-
- try {
config.commit(false);
- } catch (EBaseException e) {
- }
- ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
- updateCertChain(config, "securitydomain", hostname, admin_port,
- true, context, certApprovalCallback);
- } else {
- CMS.debug("SecurityDomainPanel: invalid choice " + select);
- errorString = "Invalid choice";
- context.put("updateStatus", "failure");
- throw new IOException("invalid choice " + select);
- }
+ ConfigurationUtils.importCertChain(hostname, admin_port, "/ca/admin/ca/getCertChain", "securitydomain");
+ } else {
+ CMS.debug("SecurityDomainPanel: invalid choice " + select);
+ throw new IOException("invalid choice " + select);
+ }
- try {
config.commit(false);
- } catch (EBaseException e) {
- }
- try {
context.put("cstype", config.getString("cs.type"));
context.put("wizardname", config.getString("preop.wizard.name"));
context.put("panelname", "Security Domain Configuration");
context.put("systemname", config.getString("preop.system.name"));
- } catch (EBaseException e) {
+ } catch (Exception e) {
+ CMS.debug("SecurityDomainPanel update(): Exception thrown:" + e);
+ e.printStackTrace();
+ context.put("errorString", e.toString());
+ context.put("updateStatus", "failure");
+ throw new IOException(e);
}
- context.put("errorString", errorString);
context.put("updateStatus", "success");
}
@@ -447,8 +417,7 @@ public class SecurityDomainPanel extends WizardPanelBase {
String r = null;
try {
- // check to see if "default" security domain exists
- // on local machine
+ // check to see if "default" security domain exists on local machine
URL u = new URL(default_admin_url);
String hostname = u.getHost();
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
index e1217a460..45a4fe106 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
@@ -18,9 +18,6 @@
package com.netscape.cms.servlet.csadmin;
import java.io.IOException;
-import java.security.KeyPair;
-import java.security.NoSuchAlgorithmException;
-import java.security.interfaces.RSAPublicKey;
import java.util.Enumeration;
import java.util.StringTokenizer;
import java.util.Vector;
@@ -31,9 +28,6 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.velocity.context.Context;
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.NoSuchTokenException;
-import org.mozilla.jss.crypto.TokenException;
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.EBaseException;
@@ -43,7 +37,6 @@ import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.property.PropertySet;
import com.netscape.certsrv.util.HttpInput;
import com.netscape.cms.servlet.wizard.WizardServlet;
-import com.netscape.cmsutil.crypto.CryptoUtil;
public class SizePanel extends WizardPanelBase {
private Vector<Cert> mCerts = null;
@@ -160,12 +153,10 @@ public class SizePanel extends WizardPanelBase {
while (st.hasMoreTokens()) {
String certTag = st.nextToken();
- String nn = config.getString(
- PCERT_PREFIX + certTag + ".nickname");
+ String nn = config.getString(PCERT_PREFIX + certTag + ".nickname");
Cert c = new Cert(token, nn, certTag);
- String s = config.getString(
- PCERT_PREFIX + certTag + ".keysize.select", "default");
+ String s = config.getString(PCERT_PREFIX + certTag + ".keysize.select", "default");
if (s.equals("default")) {
c.setKeyOption("default");
@@ -174,13 +165,11 @@ public class SizePanel extends WizardPanelBase {
c.setKeyOption("custom");
}
- s = config.getString(
- PCERT_PREFIX + certTag + ".keysize.custom_size",
+ s = config.getString(PCERT_PREFIX + certTag + ".keysize.custom_size",
default_rsa_key_size);
c.setCustomKeysize(s);
- s = config.getString(
- PCERT_PREFIX + certTag + ".curvename.custom_name",
+ s = config.getString(PCERT_PREFIX + certTag + ".curvename.custom_name",
default_ecc_curve_name);
c.setCustomCurvename(s);
@@ -287,47 +276,36 @@ public class SizePanel extends WizardPanelBase {
throw new IOException(
"SizePanel: " + ct + "_choice not found");
}
- CMS.debug(
- "SizePanel: update() keysize choice selected:" + select);
- String oldkeysize =
- config.getString(PCERT_PREFIX + ct + ".keysize.size", "");
- String oldkeytype =
- config.getString(PCERT_PREFIX + ct + ".keytype", "");
- String oldkeyalgorithm =
- config.getString(PCERT_PREFIX + ct + ".keyalgorithm", "");
- String oldsigningalgorithm =
- config.getString(PCERT_PREFIX + ct + ".signingalgorithm", "");
- String oldcurvename =
- config.getString(PCERT_PREFIX + ct + ".curvename.name", "");
+ CMS.debug("SizePanel: update() keysize choice selected:" + select);
+ String oldkeysize = config.getString(PCERT_PREFIX + ct + ".keysize.size", "");
+ String oldkeytype = config.getString(PCERT_PREFIX + ct + ".keytype", "");
+ String oldkeyalgorithm = config.getString(PCERT_PREFIX + ct + ".keyalgorithm", "");
+ String oldsigningalgorithm = config.getString(PCERT_PREFIX + ct + ".signingalgorithm", "");
+ String oldcurvename = config.getString(PCERT_PREFIX + ct + ".curvename.name", "");
if (select.equals("default")) {
// XXXrenaming these...keep for now just in case
config.putString("preop.keysize.select", "default");
if (keytype != null && keytype.equals("ecc")) {
- config.putString("preop.curvename.custom_name",
- default_ecc_curve_name);
+ config.putString("preop.curvename.custom_name", default_ecc_curve_name);
config.putString("preop.curvename.name", default_ecc_curve_name);
} else {
- config.putString("preop.keysize.custom_size",
- default_rsa_key_size);
+ config.putString("preop.keysize.custom_size", default_rsa_key_size);
config.putString("preop.keysize.size", default_rsa_key_size);
}
config.putString(PCERT_PREFIX + ct + ".keytype", keytype);
config.putString(PCERT_PREFIX + ct + ".keyalgorithm", keyalgorithm);
config.putString(PCERT_PREFIX + ct + ".signingalgorithm", signingalgorithm);
- config.putString(PCERT_PREFIX + ct + ".keysize.select",
- "default");
+ config.putString(PCERT_PREFIX + ct + ".keysize.select", "default");
if (keytype != null && keytype.equals("ecc")) {
- config.putString(PCERT_PREFIX + ct +
- ".curvename.custom_name",
+ config.putString(PCERT_PREFIX + ct +".curvename.custom_name",
default_ecc_curve_name);
config.putString(PCERT_PREFIX + ct + ".curvename.name",
default_ecc_curve_name);
} else {
- config.putString(PCERT_PREFIX + ct +
- ".keysize.custom_size",
+ config.putString(PCERT_PREFIX + ct + ".keysize.custom_size",
default_rsa_key_size);
config.putString(PCERT_PREFIX + ct + ".keysize.size",
default_rsa_key_size);
@@ -350,8 +328,7 @@ public class SizePanel extends WizardPanelBase {
config.putString(PCERT_PREFIX + ct + ".keytype", keytype);
config.putString(PCERT_PREFIX + ct + ".keyalgorithm", keyalgorithm);
config.putString(PCERT_PREFIX + ct + ".signingalgorithm", signingalgorithm);
- config.putString(PCERT_PREFIX + ct + ".keysize.select",
- "custom");
+ config.putString(PCERT_PREFIX + ct + ".keysize.select", "custom");
if (keytype != null && keytype.equals("ecc")) {
config.putString(PCERT_PREFIX + ct + ".curvename.custom_name",
@@ -369,16 +346,11 @@ public class SizePanel extends WizardPanelBase {
throw new IOException("invalid choice " + select);
}
- String newkeysize =
- config.getString(PCERT_PREFIX + ct + ".keysize.size", "");
- String newkeytype =
- config.getString(PCERT_PREFIX + ct + ".keytype", "");
- String newkeyalgorithm =
- config.getString(PCERT_PREFIX + ct + ".keyalgorithm", "");
- String newsigningalgorithm =
- config.getString(PCERT_PREFIX + ct + ".signingalgorithm", "");
- String newcurvename =
- config.getString(PCERT_PREFIX + ct + ".curvename.name", "");
+ String newkeysize = config.getString(PCERT_PREFIX + ct + ".keysize.size", "");
+ String newkeytype = config.getString(PCERT_PREFIX + ct + ".keytype", "");
+ String newkeyalgorithm = config.getString(PCERT_PREFIX + ct + ".keyalgorithm", "");
+ String newsigningalgorithm = config.getString(PCERT_PREFIX + ct + ".signingalgorithm", "");
+ String newcurvename = config.getString(PCERT_PREFIX + ct + ".curvename.name", "");
if (!oldkeysize.equals(newkeysize) ||
!oldkeytype.equals(newkeytype) ||
@@ -435,14 +407,11 @@ public class SizePanel extends WizardPanelBase {
String keytype = config.getString(PCERT_PREFIX + ct + ".keytype");
if (keytype.equals("rsa")) {
- int keysize = config.getInteger(
- PCERT_PREFIX + ct + ".keysize.size");
-
- createRSAKeyPair(token, keysize, config, ct);
+ int keysize = config.getInteger(PCERT_PREFIX + ct + ".keysize.size");
+ ConfigurationUtils.createRSAKeyPair(token, keysize, config, ct);
} else {
- String curveName = config.getString(
- PCERT_PREFIX + ct + ".curvename.name", default_ecc_curve_name);
- createECCKeyPair(token, curveName, config, ct);
+ String curveName = config.getString(PCERT_PREFIX + ct + ".curvename.name", default_ecc_curve_name);
+ ConfigurationUtils.createECCKeyPair(token, curveName, config, ct);
}
config.commit(false);
} catch (Exception e) {
@@ -459,158 +428,11 @@ public class SizePanel extends WizardPanelBase {
try {
config.commit(false);
} catch (EBaseException e) {
- CMS.debug(
- "SizePanel: update() Exception caught at config commit: "
- + e.toString());
+ CMS.debug("SizePanel: update() Exception caught at config commit: "+ e.toString());
}
}
CMS.debug("SizePanel: update() done");
context.put("updateStatus", "success");
-
- }
-
- public void createECCKeyPair(String token, String curveName, IConfigStore config, String ct)
- throws NoSuchAlgorithmException, NoSuchTokenException, TokenException,
- CryptoManager.NotInitializedException {
- CMS.debug("Generating ECC key pair with curvename=" + curveName +
- ", token=" + token);
- KeyPair pair = null;
- /*
- * default ssl server cert to ECDHE unless stated otherwise
- * note: IE only supports "ECDHE", but "ECDH" is more efficient
- *
- * for "ECDHE", server.xml should have the following for ciphers:
- * +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
- * -TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
- *
- * for "ECDH", server.xml should have the following for ciphers:
- * -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
- * +TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
- */
- String sslType = "ECDHE";
- try {
- sslType = config.getString(PCERT_PREFIX + ct + "ec.type", "ECDHE");
- } catch (Exception e) {
- CMS.debug("SizePanel: createECCKeyPair() Exception caught at config.getString for ec type");
- }
-
- // ECDHE needs "SIGN" but no "DERIVE"
- org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = {
- org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE
- };
-
- // ECDH needs "DERIVE" but no any kind of "SIGN"
- org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage ECDH_usages_mask[] = {
- org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN,
- org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER,
- };
-
- do {
- if (ct.equals("sslserver") && sslType.equalsIgnoreCase("ECDH")) {
- CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set properly with -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
- pair = CryptoUtil.generateECCKeyPair(token, curveName,
- null,
- ECDH_usages_mask, false, -1, -1);
- } else {
- if (ct.equals("sslserver")) {
- CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDHE. Make sure server.xml is set properly with +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
- }
- pair = CryptoUtil.generateECCKeyPair(token, curveName,
- null,
- usages_mask, false, -1, -1);
- }
-
- // XXX - store curve , w
- byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID();
- String kid = CryptoUtil.byte2string(id);
- config.putString(PCERT_PREFIX + ct + ".privkey.id", kid);
-
- // try to locate the private key
- org.mozilla.jss.crypto.PrivateKey privk =
- CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid));
- if (privk == null) {
- CMS.debug("Found bad ECC key id " + kid);
- pair = null;
- }
- } while (pair == null);
-
- CMS.debug("Public key class " + pair.getPublic().getClass().getName());
- byte encoded[] = pair.getPublic().getEncoded();
- config.putString(PCERT_PREFIX + ct + ".pubkey.encoded",
- CryptoUtil.byte2string(encoded));
-
- String keyAlgo = "";
- try {
- keyAlgo = config.getString(PCERT_PREFIX + ct + ".signingalgorithm");
- } catch (Exception e1) {
- }
-
- setSigningAlgorithm(ct, keyAlgo, config);
- }
-
- public void createRSAKeyPair(String token, int keysize, IConfigStore config, String ct)
- throws NoSuchAlgorithmException, NoSuchTokenException, TokenException,
- CryptoManager.NotInitializedException {
- /* generate key pair */
- KeyPair pair = null;
- do {
- pair = CryptoUtil.generateRSAKeyPair(token, keysize);
- byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID();
- String kid = CryptoUtil.byte2string(id);
- config.putString(PCERT_PREFIX + ct + ".privkey.id", kid);
- // try to locate the private key
- org.mozilla.jss.crypto.PrivateKey privk =
- CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid));
- if (privk == null) {
- CMS.debug("Found bad RSA key id " + kid);
- pair = null;
- }
- } while (pair == null);
-
- byte modulus[] = ((RSAPublicKey) pair.getPublic()).getModulus().toByteArray();
- byte exponent[] = ((RSAPublicKey) pair.getPublic()).getPublicExponent().toByteArray();
-
- config.putString(PCERT_PREFIX + ct + ".pubkey.modulus",
- CryptoUtil.byte2string(modulus));
- config.putString(PCERT_PREFIX + ct + ".pubkey.exponent",
- CryptoUtil.byte2string(exponent));
-
- String keyAlgo = "";
- try {
- keyAlgo = config.getString(PCERT_PREFIX + ct + ".signingalgorithm");
- } catch (Exception e1) {
- }
-
- setSigningAlgorithm(ct, keyAlgo, config);
- }
-
- public void setSigningAlgorithm(String ct, String keyAlgo, IConfigStore config) {
- String systemType = "";
- try {
- systemType = config.getString("preop.system.name");
- } catch (Exception e1) {
- }
- if (systemType.equalsIgnoreCase("CA")) {
- if (ct.equals("signing")) {
- config.putString("ca.signing.defaultSigningAlgorithm",
- keyAlgo);
- config.putString("ca.crl.MasterCRL.signingAlgorithm",
- keyAlgo);
- } else if (ct.equals("ocsp_signing")) {
- config.putString("ca.ocsp_signing.defaultSigningAlgorithm",
- keyAlgo);
- }
- } else if (systemType.equalsIgnoreCase("OCSP")) {
- if (ct.equals("signing")) {
- config.putString("ocsp.signing.defaultSigningAlgorithm",
- keyAlgo);
- }
- } else if (systemType.equalsIgnoreCase("KRA") ||
- systemType.equalsIgnoreCase("DRM")) {
- if (ct.equals("transport")) {
- config.putString("kra.transportUnit.signingAlgorithm", keyAlgo);
- }
- }
}
public void initParams(HttpServletRequest request, Context context)
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigurationResourceService.java b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigurationResourceService.java
index b2bb39fa9..8481de33a 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigurationResourceService.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigurationResourceService.java
@@ -677,7 +677,7 @@ public class SystemConfigurationResourceService extends CMSResourceService imple
}
} catch (Exception e) {
e.printStackTrace();
- throw new CMSException("Errors in updating nxt serial number ranges in DB: " + e);
+ throw new CMSException("Errors in updating next serial number ranges in DB: " + e);
}
}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java b/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java
index 276b76d4e..273e33173 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java
@@ -19,33 +19,23 @@ package com.netscape.cms.servlet.csadmin;
import java.io.ByteArrayInputStream;
import java.io.IOException;
-import java.net.ConnectException;
import java.net.URLEncoder;
+import java.security.cert.CertificateEncodingException;
import java.util.Locale;
-import java.util.StringTokenizer;
-import java.util.Vector;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPDN;
-import netscape.ldap.LDAPEntry;
-import netscape.ldap.LDAPSearchConstraints;
-import netscape.ldap.LDAPSearchResults;
+import javax.xml.parsers.ParserConfigurationException;
import org.apache.velocity.context.Context;
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.crypto.CryptoStore;
-import org.mozilla.jss.crypto.CryptoToken;
-import org.mozilla.jss.pkcs11.PK11Store;
import org.mozilla.jss.ssl.SSLCertificateApprovalCallback;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
+import org.xml.sax.SAXException;
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.EBaseException;
@@ -55,10 +45,6 @@ import com.netscape.cms.servlet.base.UserInfo;
import com.netscape.cms.servlet.wizard.IWizardPanel;
import com.netscape.cms.servlet.wizard.WizardServlet;
import com.netscape.cmsutil.crypto.CryptoUtil;
-import com.netscape.cmsutil.http.HttpClient;
-import com.netscape.cmsutil.http.HttpRequest;
-import com.netscape.cmsutil.http.HttpResponse;
-import com.netscape.cmsutil.http.JssSSLSocketFactory;
import com.netscape.cmsutil.xml.XMLObject;
public class WizardPanelBase implements IWizardPanel {
@@ -228,290 +214,40 @@ public class WizardPanelBase implements IWizardPanel {
return locale;
}
- public String getNickname(IConfigStore config, String certTag) {
- String instanceID = "";
-
- try {
- instanceID = config.getString("instanceId", "");
- } catch (Exception e) {
- }
-
- String nickname = certTag + "Cert cert-" + instanceID;
- String preferredNickname = null;
-
- try {
- preferredNickname = config.getString(
- PCERT_PREFIX + certTag + ".nickname", null);
- } catch (Exception e) {
- }
-
- if (preferredNickname != null) {
- nickname = preferredNickname;
- }
- return nickname;
- }
-
- public void updateDomainXML(String hostname, int port, boolean https,
- String servlet, String uri) throws IOException {
- CMS.debug("WizardPanelBase updateDomainXML start hostname=" + hostname + " port=" + port);
- IConfigStore cs = CMS.getConfigStore();
- String nickname = "";
- String tokenname = "";
- try {
- nickname = cs.getString("preop.cert.subsystem.nickname", "");
- tokenname = cs.getString("preop.module.token", "");
- } catch (Exception e) {
- }
-
- if (!tokenname.equals("") &&
- !tokenname.equals("Internal Key Storage Token") &&
- !tokenname.equals("internal")) {
- nickname = tokenname + ":" + nickname;
- }
-
- CMS.debug("WizardPanelBase updateDomainXML nickname=" + nickname);
- CMS.debug("WizardPanelBase: start sending updateDomainXML request");
- String c = getHttpResponse(hostname, port, https, servlet, uri, nickname);
- CMS.debug("WizardPanelBase: done sending updateDomainXML request");
-
- if (c != null) {
- try {
- ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
- XMLObject obj = null;
- try {
- obj = new XMLObject(bis);
- } catch (Exception e) {
- CMS.debug("WizardPanelBase::updateDomainXML() - "
- + "Exception=" + e.toString());
- throw new IOException(e.toString());
- }
-
- String status = obj.getValue("Status");
- CMS.debug("WizardPanelBase updateDomainXML: status=" + status);
-
- if (status.equals(SUCCESS)) {
- return;
- } else {
- String error = obj.getValue("Error");
- throw new IOException(error);
- }
- } catch (IOException e) {
- CMS.debug("WizardPanelBase: updateDomainXML: " + e.toString());
- throw e;
- } catch (Exception e) {
- CMS.debug("WizardPanelBase: updateDomainXML: " + e.toString());
- throw new IOException(e.toString());
- }
- }
- }
-
public int getSubsystemCount(String hostname, int https_admin_port,
- boolean https, String type)
- throws IOException {
+ boolean https, String type) throws IOException, SAXException, ParserConfigurationException {
CMS.debug("WizardPanelBase getSubsystemCount start");
- String c = getDomainXML(hostname, https_admin_port, true);
+ String c = ConfigurationUtils.getDomainXML(hostname, https_admin_port, true);
if (c != null) {
- try {
- ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
- XMLObject obj = new XMLObject(bis);
- String containerName = type + "List";
- Node n = obj.getContainer(containerName);
- NodeList nlist = n.getChildNodes();
- String countS = "";
- for (int i = 0; i < nlist.getLength(); i++) {
- Element nn = (Element) nlist.item(i);
- String tagname = nn.getTagName();
- if (tagname.equals("SubsystemCount")) {
- NodeList nlist1 = nn.getChildNodes();
- Node nn1 = nlist1.item(0);
- countS = nn1.getNodeValue();
- break;
- }
- }
- CMS.debug("WizardPanelBase getSubsystemCount: SubsystemCount=" + countS);
- int num = 0;
-
- if (countS != null && !countS.equals("")) {
- try {
- num = Integer.parseInt(countS);
- } catch (Exception ee) {
- }
+ ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
+ XMLObject obj = new XMLObject(bis);
+ String containerName = type + "List";
+ Node n = obj.getContainer(containerName);
+ NodeList nlist = n.getChildNodes();
+ String countS = "";
+ for (int i = 0; i < nlist.getLength(); i++) {
+ Element nn = (Element) nlist.item(i);
+ String tagname = nn.getTagName();
+ if (tagname.equals("SubsystemCount")) {
+ NodeList nlist1 = nn.getChildNodes();
+ Node nn1 = nlist1.item(0);
+ countS = nn1.getNodeValue();
+ break;
}
-
- return num;
- } catch (Exception e) {
- CMS.debug("WizardPanelBase: getSubsystemCount: " + e.toString());
- throw new IOException(e.toString());
}
- }
-
- return -1;
- }
-
- public String getDomainXML(String hostname, int https_admin_port,
- boolean https)
- throws IOException {
- CMS.debug("WizardPanelBase getDomainXML start");
- String c = getHttpResponse(hostname, https_admin_port, https,
- "/ca/admin/ca/getDomainXML", null, null);
- if (c != null) {
- try {
- ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
- XMLObject parser = null;
+ CMS.debug("WizardPanelBase getSubsystemCount: SubsystemCount=" + countS);
+ int num = 0;
+ if (countS != null && !countS.equals("")) {
try {
- parser = new XMLObject(bis);
- } catch (Exception e) {
- CMS.debug("WizardPanelBase::getDomainXML() - "
- + "Exception=" + e.toString());
- throw new IOException(e.toString());
- }
-
- String status = parser.getValue("Status");
-
- CMS.debug("WizardPanelBase getDomainXML: status=" + status);
-
- if (status.equals(SUCCESS)) {
- String domainInfo = parser.getValue("DomainInfo");
-
- CMS.debug(
- "WizardPanelBase getDomainXML: domainInfo="
- + domainInfo);
- return domainInfo;
- } else {
- String error = parser.getValue("Error");
-
- throw new IOException(error);
+ num = Integer.parseInt(countS);
+ } catch (Exception ee) {
}
- } catch (IOException e) {
- CMS.debug("WizardPanelBase: getDomainXML: " + e.toString());
- throw e;
- } catch (Exception e) {
- CMS.debug("WizardPanelBase: getDomainXML: " + e.toString());
- throw new IOException(e.toString());
}
- }
-
- return null;
- }
- public String getSubsystemCert(String host, int port, boolean https)
- throws IOException {
- CMS.debug("WizardPanelBase getSubsystemCert start");
- String c = getHttpResponse(host, port, https,
- "/ca/admin/ca/getSubsystemCert", null, null);
- if (c != null) {
- try {
- ByteArrayInputStream bis =
- new ByteArrayInputStream(c.getBytes());
- XMLObject parser = null;
- try {
- parser = new XMLObject(bis);
- } catch (Exception e) {
- CMS.debug("WizardPanelBase::getSubsystemCert() - "
- + "Exception=" + e.toString());
- throw new IOException(e.toString());
- }
- String status = parser.getValue("Status");
- if (status.equals(SUCCESS)) {
- String s = parser.getValue("Cert");
- return s;
- } else
- return null;
- } catch (Exception e) {
- }
+ return num;
}
-
- return null;
- }
-
- public void updateConnectorInfo(String host, int port, boolean https,
- String content) throws IOException {
- CMS.debug("WizardPanelBase updateConnectorInfo start");
- String c = getHttpResponse(host, port, https,
- "/ca/admin/ca/updateConnector", content, null);
- if (c != null) {
- try {
- ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
- XMLObject parser = null;
-
- try {
- parser = new XMLObject(bis);
- } catch (Exception e) {
- CMS.debug("WizardPanelBase::updateConnectorInfo() - "
- + "Exception=" + e.toString());
- throw new IOException(e.toString());
- }
-
- String status = parser.getValue("Status");
-
- CMS.debug("WizardPanelBase updateConnectorInfo: status=" + status);
-
- if (!status.equals(SUCCESS)) {
- String error = parser.getValue("Error");
- throw new IOException(error);
- }
- } catch (IOException e) {
- CMS.debug("WizardPanelBase: updateConnectorInfo: " + e.toString());
- throw e;
- } catch (Exception e) {
- CMS.debug("WizardPanelBase: updateConnectorInfo: " + e.toString());
- throw new IOException(e.toString());
- }
- }
- }
-
- public String getCertChainUsingSecureAdminPort(String hostname,
- int https_admin_port,
- boolean https,
- ConfigCertApprovalCallback
- certApprovalCallback)
- throws IOException {
- CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort start");
- String c = getHttpResponse(hostname, https_admin_port, https,
- "/ca/admin/ca/getCertChain", null, null,
- certApprovalCallback);
-
- if (c != null) {
- try {
- ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
- XMLObject parser = null;
-
- try {
- parser = new XMLObject(bis);
- } catch (Exception e) {
- CMS.debug("WizardPanelBase::getCertChainUsingSecureAdminPort() - "
- + "Exception=" + e.toString());
- throw new IOException(e.toString());
- }
-
- String status = parser.getValue("Status");
-
- CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort: status=" + status);
-
- if (status.equals(SUCCESS)) {
- String certchain = parser.getValue("ChainBase64");
-
- certchain = CryptoUtil.normalizeCertStr(certchain);
- CMS.debug(
- "WizardPanelBase getCertChainUsingSecureAdminPort: certchain="
- + certchain);
- return certchain;
- } else {
- String error = parser.getValue("Error");
-
- throw new IOException(error);
- }
- } catch (IOException e) {
- CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: " + e.toString());
- throw e;
- } catch (Exception e) {
- CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: " + e.toString());
- throw new IOException(e.toString());
- }
- }
-
- return null;
+ return -1;
}
public String getCertChainUsingSecureEEPort(String hostname,
@@ -521,7 +257,7 @@ public class WizardPanelBase implements IWizardPanel {
certApprovalCallback)
throws IOException {
CMS.debug("WizardPanelBase getCertChainUsingSecureEEPort start");
- String c = getHttpResponse(hostname, https_ee_port, https,
+ String c = ConfigurationUtils.getHttpResponse(hostname, https_ee_port, https,
"/ca/ee/ca/getCertChain", null, null,
certApprovalCallback);
@@ -571,7 +307,7 @@ public class WizardPanelBase implements IWizardPanel {
String servlet, String uri, IConfigStore config,
HttpServletResponse response) throws IOException {
CMS.debug("WizardPanelBase updateConfigEntries start");
- String c = getHttpResponse(hostname, port, https, servlet, uri, null);
+ String c = ConfigurationUtils.getHttpResponse(hostname, port, https, servlet, uri, null);
if (c != null) {
try {
@@ -714,7 +450,7 @@ public class WizardPanelBase implements IWizardPanel {
public boolean authenticate(String hostname, int port, boolean https,
String servlet, String uri) throws IOException {
CMS.debug("WizardPanelBase authenticate start");
- String c = getHttpResponse(hostname, port, https, servlet, uri, null);
+ String c = ConfigurationUtils.getHttpResponse(hostname, port, https, servlet, uri, null);
IConfigStore cs = CMS.getConfigStore();
if (c != null) {
@@ -750,518 +486,12 @@ public class WizardPanelBase implements IWizardPanel {
return false;
}
- public void updateOCSPConfig(String hostname, int port, boolean https,
- String content, HttpServletResponse response)
- throws IOException {
- CMS.debug("WizardPanelBase updateOCSPConfig start");
- String c = getHttpResponse(hostname, port, https,
- "/ca/ee/ca/updateOCSPConfig", content, null);
- if (c == null || c.equals("")) {
- CMS.debug("WizardPanelBase updateOCSPConfig: content is null.");
- throw new IOException("The server you want to contact is not available");
- } else {
- try {
- ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
- XMLObject parser = null;
-
- try {
- parser = new XMLObject(bis);
- } catch (Exception e) {
- CMS.debug("WizardPanelBase::updateOCSPConfig() - "
- + "Exception=" + e.toString());
- throw new IOException(e.toString());
- }
-
- String status = parser.getValue("Status");
-
- CMS.debug("WizardPanelBase updateOCSPConfig: status=" + status);
-
- if (status.equals(SUCCESS)) {
- CMS.debug("WizardPanelBase updateOCSPConfig: Successfully update the OCSP configuration in the CA.");
- } else if (status.equals(AUTH_FAILURE)) {
- reloginSecurityDomain(response);
- return;
- } else {
- String error = parser.getValue("Error");
-
- throw new IOException(error);
- }
- } catch (IOException e) {
- CMS.debug("WizardPanelBase updateOCSPConfig: " + e.toString());
- throw e;
- } catch (Exception e) {
- CMS.debug("WizardPanelBase updateOCSPConfig: " + e.toString());
- throw new IOException(e.toString());
- }
- }
- }
-
- public void updateNumberRange(String hostname, int port, boolean https,
- String content, String type, HttpServletResponse response)
- throws IOException {
- CMS.debug("WizardPanelBase updateNumberRange start host=" + hostname +
- " port=" + port);
- IConfigStore cs = CMS.getConfigStore();
- String cstype = "";
- try {
- cstype = cs.getString("cs.type", "");
- } catch (Exception e) {
- }
-
- cstype = toLowerCaseSubsystemType(cstype);
- String c = getHttpResponse(hostname, port, https,
- "/" + cstype + "/ee/" + cstype + "/updateNumberRange", content, null);
- if (c == null || c.equals("")) {
- CMS.debug("WizardPanelBase updateNumberRange: content is null.");
- throw new IOException("The server you want to contact is not available");
- } else {
- CMS.debug("content=" + c);
- try {
- ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
- XMLObject parser = null;
-
- try {
- parser = new XMLObject(bis);
- } catch (Exception e) {
- CMS.debug("WizardPanelBase::updateNumberRange() - "
- + "Exception=" + e.toString());
- throw new IOException(e.toString());
- }
-
- String status = parser.getValue("Status");
-
- CMS.debug("WizardPanelBase updateNumberRange: status=" + status);
- if (status.equals(SUCCESS)) {
- String beginNum = parser.getValue("beginNumber");
- String endNum = parser.getValue("endNumber");
- if (type.equals("request")) {
- cs.putString("dbs.beginRequestNumber", beginNum);
- cs.putString("dbs.endRequestNumber", endNum);
- } else if (type.equals("serialNo")) {
- cs.putString("dbs.beginSerialNumber", beginNum);
- cs.putString("dbs.endSerialNumber", endNum);
- } else if (type.equals("replicaId")) {
- cs.putString("dbs.beginReplicaNumber", beginNum);
- cs.putString("dbs.endReplicaNumber", endNum);
- }
- // enable serial number management in clone
- cs.putString("dbs.enableSerialManagement", "true");
- cs.commit(false);
- } else if (status.equals(AUTH_FAILURE)) {
- reloginSecurityDomain(response);
- return;
- } else {
- String error = parser.getValue("Error");
-
- throw new IOException(error);
- }
- } catch (IOException e) {
- CMS.debug("WizardPanelBase: updateNumberRange: " + e.toString());
- CMS.debug(e);
- throw e;
- } catch (Exception e) {
- CMS.debug("WizardPanelBase: updateNumberRange: " + e.toString());
- CMS.debug(e);
- throw new IOException(e.toString());
- }
- }
- }
-
- public int getPort(String hostname, int port, boolean https,
- String portServlet, boolean sport)
- throws IOException {
- CMS.debug("WizardPanelBase getPort start");
- String c = getHttpResponse(hostname, port, https, portServlet,
- "secure=" + sport, null);
-
- if (c != null) {
- try {
- ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
- XMLObject parser = null;
-
- try {
- parser = new XMLObject(bis);
- } catch (Exception e) {
- CMS.debug("WizardPanelBase::getPort() - "
- + "Exception=" + e.toString());
- throw new IOException(e.toString());
- }
-
- String status = parser.getValue("Status");
-
- CMS.debug("WizardPanelBase getPort: status=" + status);
-
- if (status.equals(SUCCESS)) {
- String portStr = parser.getValue("Port");
-
- port = Integer.parseInt(portStr);
- return port;
- } else {
- String error = parser.getValue("Error");
-
- throw new IOException(error);
- }
- } catch (IOException e) {
- CMS.debug("WizardPanelBase: getPort: " + e.toString());
- throw e;
- } catch (Exception e) {
- CMS.debug("WizardPanelBase: getPort: " + e.toString());
- throw new IOException(e.toString());
- }
- }
-
- return -1;
- }
-
- public String getHttpResponse(String hostname, int port, boolean secure,
- String uri, String content, String clientnickname) throws IOException {
- return getHttpResponse(hostname, port, secure, uri, content, clientnickname, null);
- }
-
- public String getHttpResponse(String hostname, int port, boolean secure,
- String uri, String content, String clientnickname,
- SSLCertificateApprovalCallback certApprovalCallback)
- throws IOException {
- HttpClient httpclient = null;
- String c = null;
-
- try {
- if (secure) {
- JssSSLSocketFactory factory = null;
- if (clientnickname != null && clientnickname.length() > 0)
- factory = new JssSSLSocketFactory(clientnickname);
- else
- factory = new JssSSLSocketFactory();
-
- httpclient = new HttpClient(factory, certApprovalCallback);
- } else {
- httpclient = new HttpClient();
- }
- httpclient.connect(hostname, port);
- HttpRequest httprequest = new HttpRequest();
-
- httprequest.setMethod(HttpRequest.POST);
- httprequest.setURI(uri);
- // httprequest.setURI("/ca/ee/ca/ports");
- httprequest.setHeader("user-agent", "HTTPTool/1.0");
- // String content_c = "secure="+secure;
- httprequest.setHeader("content-type",
- "application/x-www-form-urlencoded");
- if (content != null && content.length() > 0) {
- String content_c = content;
-
- httprequest.setHeader("content-length", "" + content_c.length());
- httprequest.setContent(content_c);
- }
- HttpResponse httpresponse = httpclient.send(httprequest);
-
- c = httpresponse.getContent();
- } catch (ConnectException e) {
- CMS.debug("WizardPanelBase getHttpResponse: " + e.toString());
- throw new IOException("The server you tried to contact is not running.");
- } catch (Exception e) {
- CMS.debug("WizardPanelBase getHttpResponse: " + e.toString());
- throw new IOException(e.toString());
- } finally {
- if (httpclient.connected()) {
- httpclient.disconnect();
- }
- }
-
- return c;
- }
-
- public boolean isSDHostDomainMaster(IConfigStore config) {
- String dm = "false";
- try {
- String hostname = config.getString("securitydomain.host");
- int httpsadminport = config.getInteger("securitydomain.httpsadminport");
-
- CMS.debug("Getting domain.xml from CA...");
- String c = getDomainXML(hostname, httpsadminport, true);
-
- CMS.debug("Getting DomainMaster from security domain");
-
- ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
- XMLObject parser = new XMLObject(bis);
- Document doc = parser.getDocument();
- NodeList nodeList = doc.getElementsByTagName("CA");
-
- int len = nodeList.getLength();
- for (int i = 0; i < len; i++) {
- Vector<String> v_hostname =
- parser.getValuesFromContainer(nodeList.item(i),
- "Host");
-
- Vector<String> v_https_admin_port =
- parser.getValuesFromContainer(nodeList.item(i),
- "SecureAdminPort");
-
- Vector<String> v_domain_mgr =
- parser.getValuesFromContainer(nodeList.item(i),
- "DomainManager");
-
- if (v_hostname.elementAt(0).equals(hostname) &&
- v_https_admin_port.elementAt(0).equals(Integer.toString(httpsadminport))) {
- dm = v_domain_mgr.elementAt(0).toString();
- break;
- }
- }
- } catch (Exception e) {
- CMS.debug(e.toString());
- }
- return dm.equalsIgnoreCase("true");
- }
-
- public Vector<String> getMasterUrlListFromSecurityDomain(IConfigStore config,
- String type,
- String portType) {
- Vector<String> v = new Vector<String>();
-
- try {
- String hostname = config.getString("securitydomain.host");
- int httpsadminport = config.getInteger("securitydomain.httpsadminport");
-
- CMS.debug("Getting domain.xml from CA...");
- String c = getDomainXML(hostname, httpsadminport, true);
-
- CMS.debug("Type " + type);
-
- CMS.debug("Getting " + portType + " from Security Domain ...");
- if (!portType.equals("UnSecurePort") &&
- !portType.equals("SecureAgentPort") &&
- !portType.equals("SecurePort") &&
- !portType.equals("SecureAdminPort")) {
- CMS.debug("getPortFromSecurityDomain: " +
- "unknown port type " + portType);
- return v;
- }
-
- ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
- XMLObject parser = new XMLObject(bis);
- Document doc = parser.getDocument();
- NodeList nodeList = doc.getElementsByTagName(type);
-
- // save domain name in cfg
- config.putString("securitydomain.name",
- parser.getValue("Name"));
-
- int len = nodeList.getLength();
-
- CMS.debug("Len " + len);
- for (int i = 0; i < len; i++) {
- Vector<String> v_clone = parser.getValuesFromContainer(nodeList.item(i),
- "Clone");
- String clone = v_clone.elementAt(0);
- if (clone.equalsIgnoreCase("true"))
- continue;
- Vector<String> v_name = parser.getValuesFromContainer(nodeList.item(i),
- "SubsystemName");
- Vector<String> v_host = parser.getValuesFromContainer(nodeList.item(i),
- "Host");
- Vector<String> v_port = parser.getValuesFromContainer(nodeList.item(i),
- portType);
-
- v.addElement(v_name.elementAt(0)
- + " - https://"
- + v_host.elementAt(0)
- + ":"
- + v_port.elementAt(0));
- }
- } catch (Exception e) {
- CMS.debug(e.toString());
- }
-
- return v;
- }
-
- public Vector<String> getUrlListFromSecurityDomain(IConfigStore config,
- String type,
- String portType) {
- Vector<String> v = new Vector<String>();
-
- try {
- String hostname = config.getString("securitydomain.host");
- int httpsadminport = config.getInteger("securitydomain.httpsadminport");
-
- CMS.debug("Getting domain.xml from CA...");
- String c = getDomainXML(hostname, httpsadminport, true);
-
- CMS.debug("Getting " + portType + " from Security Domain ...");
- if (!portType.equals("UnSecurePort") &&
- !portType.equals("SecureAgentPort") &&
- !portType.equals("SecurePort") &&
- !portType.equals("SecureAdminPort")) {
- CMS.debug("getPortFromSecurityDomain: " +
- "unknown port type " + portType);
- return v;
- }
-
- ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
- XMLObject parser = new XMLObject(bis);
- Document doc = parser.getDocument();
- NodeList nodeList = doc.getElementsByTagName(type);
-
- // save domain name in cfg
- config.putString("securitydomain.name",
- parser.getValue("Name"));
-
- int len = nodeList.getLength();
-
- CMS.debug("Len " + len);
- for (int i = 0; i < len; i++) {
- Vector<String> v_name = parser.getValuesFromContainer(nodeList.item(i),
- "SubsystemName");
- Vector<String> v_host = parser.getValuesFromContainer(nodeList.item(i),
- "Host");
- Vector<String> v_port = parser.getValuesFromContainer(nodeList.item(i),
- portType);
- Vector<String> v_admin_port = parser.getValuesFromContainer(nodeList.item(i),
- "SecureAdminPort");
-
- if (v_host.elementAt(0).equals(hostname)
- && v_admin_port.elementAt(0).equals(new Integer(httpsadminport).toString())) {
- // add security domain CA to the beginning of list
- v.add(0, v_name.elementAt(0)
- + " - https://"
- + v_host.elementAt(0)
- + ":"
- + v_port.elementAt(0));
- } else {
- v.addElement(v_name.elementAt(0)
- + " - https://"
- + v_host.elementAt(0)
- + ":"
- + v_port.elementAt(0));
- }
- }
- } catch (Exception e) {
- CMS.debug(e.toString());
- }
-
- return v;
- }
-
- // Given an HTTPS Hostname and EE port,
- // retrieve the associated HTTPS Admin port
- public String getSecurityDomainAdminPort(IConfigStore config,
- String hostname,
- String https_ee_port,
- String cstype) {
- String https_admin_port = new String();
-
- try {
- String sd_hostname = config.getString("securitydomain.host");
- int sd_httpsadminport =
- config.getInteger("securitydomain.httpsadminport");
-
- CMS.debug("Getting domain.xml from CA ...");
- String c = getDomainXML(sd_hostname, sd_httpsadminport, true);
-
- CMS.debug("Getting associated HTTPS Admin port from " +
- "HTTPS Hostname '" + hostname +
- "' and EE port '" + https_ee_port + "'");
- ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
- XMLObject parser = new XMLObject(bis);
- Document doc = parser.getDocument();
- NodeList nodeList = doc.getElementsByTagName(cstype.toUpperCase());
-
- int len = nodeList.getLength();
- for (int i = 0; i < len; i++) {
- Vector<String> v_hostname =
- parser.getValuesFromContainer(nodeList.item(i),
- "Host");
-
- Vector<String> v_https_ee_port =
- parser.getValuesFromContainer(nodeList.item(i),
- "SecurePort");
-
- Vector<String> v_https_admin_port =
- parser.getValuesFromContainer(nodeList.item(i),
- "SecureAdminPort");
-
- if (v_hostname.elementAt(0).equals(hostname) &&
- v_https_ee_port.elementAt(0).equals(https_ee_port)) {
- https_admin_port =
- v_https_admin_port.elementAt(0).toString();
- break;
- }
- }
- } catch (Exception e) {
- CMS.debug(e.toString());
- }
-
- return (https_admin_port);
- }
-
- public String getSecurityDomainPort(IConfigStore config,
- String portType) {
- String port = new String();
-
- try {
- String hostname = config.getString("securitydomain.host");
- int httpsadminport =
- config.getInteger("securitydomain.httpsadminport");
-
- CMS.debug("Getting domain.xml from CA ...");
- String c = getDomainXML(hostname, httpsadminport, true);
-
- CMS.debug("Getting " + portType + " from Security Domain ...");
- if (!portType.equals("UnSecurePort") &&
- !portType.equals("SecureAgentPort") &&
- !portType.equals("SecurePort") &&
- !portType.equals("SecureAdminPort")) {
- CMS.debug("getPortFromSecurityDomain: " +
- "unknown port type " + portType);
- return "";
- }
-
- ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
- XMLObject parser = new XMLObject(bis);
- Document doc = parser.getDocument();
- NodeList nodeList = doc.getElementsByTagName("CA");
-
- int len = nodeList.getLength();
- for (int i = 0; i < len; i++) {
- Vector<String> v_admin_port =
- parser.getValuesFromContainer(nodeList.item(i),
- "SecureAdminPort");
-
- Vector<String> v_port = null;
- if (portType.equals("UnSecurePort")) {
- v_port = parser.getValuesFromContainer(nodeList.item(i),
- "UnSecurePort");
- } else if (portType.equals("SecureAgentPort")) {
- v_port = parser.getValuesFromContainer(nodeList.item(i),
- "SecureAgentPort");
- } else if (portType.equals("SecurePort")) {
- v_port = parser.getValuesFromContainer(nodeList.item(i),
- "SecurePort");
- } else if (portType.equals("SecureAdminPort")) {
- v_port = parser.getValuesFromContainer(nodeList.item(i),
- "SecureAdminPort");
- }
-
- if ((v_port != null) &&
- (v_admin_port.elementAt(0).equals(
- Integer.toString(httpsadminport)))) {
- port = v_port.elementAt(0).toString();
- break;
- }
- }
- } catch (Exception e) {
- CMS.debug(e.toString());
- }
-
- return (port);
- }
-
public String pingCS(String hostname, int port, boolean https,
SSLCertificateApprovalCallback certApprovalCallback)
throws IOException {
CMS.debug("WizardPanelBase pingCS: started");
- String c = getHttpResponse(hostname, port, https,
+ String c = ConfigurationUtils.getHttpResponse(hostname, port, https,
"/ca/admin/ca/getStatus",
null, null, certApprovalCallback);
@@ -1296,315 +526,28 @@ public class WizardPanelBase implements IWizardPanel {
return null;
}
- public String toLowerCaseSubsystemType(String s) {
- String x = null;
- if (s.equals("CA")) {
- x = "ca";
- } else if (s.equals("KRA")) {
- x = "kra";
- } else if (s.equals("OCSP")) {
- x = "ocsp";
- } else if (s.equals("TKS")) {
- x = "tks";
- }
-
- return x;
- }
-
- public void getTokenInfo(IConfigStore config, String type, String host,
- int https_ee_port, boolean https, Context context,
- ConfigCertApprovalCallback certApprovalCallback) throws IOException {
- CMS.debug("WizardPanelBase getTokenInfo start");
- String uri = "/" + type + "/ee/" + type + "/getTokenInfo";
- CMS.debug("WizardPanelBase getTokenInfo: uri=" + uri);
- String c = getHttpResponse(host, https_ee_port, https, uri, null, null,
- certApprovalCallback);
- if (c != null) {
- try {
- ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
- XMLObject parser = null;
-
- try {
- parser = new XMLObject(bis);
- } catch (Exception e) {
- CMS.debug("WizardPanelBase::getTokenInfo() - "
- + "Exception=" + e.toString());
- throw new IOException(e.toString());
- }
-
- String status = parser.getValue("Status");
-
- CMS.debug("WizardPanelBase getTokenInfo: status=" + status);
-
- if (status.equals(SUCCESS)) {
- Document doc = parser.getDocument();
- NodeList list = doc.getElementsByTagName("name");
- int len = list.getLength();
- for (int i = 0; i < len; i++) {
- Node n = list.item(i);
- NodeList nn = n.getChildNodes();
- String name = nn.item(0).getNodeValue();
- Node parent = n.getParentNode();
- nn = parent.getChildNodes();
- int len1 = nn.getLength();
- String v = "";
- for (int j = 0; j < len1; j++) {
- Node nv = nn.item(j);
- String val = nv.getNodeName();
- if (val.equals("value")) {
- NodeList n2 = nv.getChildNodes();
- if (n2.getLength() > 0)
- v = n2.item(0).getNodeValue();
- break;
- }
- }
- if (name.equals("cloning.signing.nickname")) {
- config.putString("preop.master.signing.nickname", v);
- config.putString(type + ".cert.signing.nickname", v);
- config.putString(name, v);
- } else if (name.equals("cloning.ocsp_signing.nickname")) {
- config.putString("preop.master.ocsp_signing.nickname", v);
- config.putString(type + ".cert.ocsp_signing.nickname", v);
- config.putString(name, v);
- } else if (name.equals("cloning.subsystem.nickname")) {
- config.putString("preop.master.subsystem.nickname", v);
- config.putString(type + ".cert.subsystem.nickname", v);
- config.putString(name, v);
- } else if (name.equals("cloning.transport.nickname")) {
- config.putString("preop.master.transport.nickname", v);
- config.putString("kra.transportUnit.nickName", v);
- config.putString("kra.cert.transport.nickname", v);
- config.putString(name, v);
- } else if (name.equals("cloning.storage.nickname")) {
- config.putString("preop.master.storage.nickname", v);
- config.putString("kra.storageUnit.nickName", v);
- config.putString("kra.cert.storage.nickname", v);
- config.putString(name, v);
- } else if (name.equals("cloning.audit_signing.nickname")) {
- config.putString("preop.master.audit_signing.nickname", v);
- config.putString(type + ".cert.audit_signing.nickname", v);
- config.putString(name, v);
- } else if (name.equals("cloning.module.token")) {
- config.putString("preop.module.token", v);
- } else if (name.startsWith("cloning.ca")) {
- config.putString(name.replaceFirst("cloning", "preop"), v);
- } else if (name.startsWith("cloning")) {
- config.putString(name.replaceFirst("cloning", "preop.cert"), v);
- } else {
- config.putString(name, v);
- }
- }
-
- // reset nicknames for system cert verification
- String token = config.getString("preop.module.token",
- "Internal Key Storage Token");
- if (!token.equals("Internal Key Storage Token")) {
- String certlist = config.getString("preop.cert.list");
-
- StringTokenizer t1 = new StringTokenizer(certlist, ",");
- while (t1.hasMoreTokens()) {
- String tag = t1.nextToken();
- if (tag.equals("sslserver"))
- continue;
- config.putString(type + ".cert." + tag + ".nickname",
- token + ":" +
- config.getString(type + ".cert." + tag + ".nickname", ""));
- }
- }
- } else {
- String error = parser.getValue("Error");
- throw new IOException(error);
- }
- } catch (IOException e) {
- CMS.debug("WizardPanelBase: getTokenInfo: " + e.toString());
- throw e;
- } catch (Exception e) {
- CMS.debug("WizardPanelBase: getTokenInfo: " + e.toString());
- throw new IOException(e.toString());
- }
- }
- }
-
- public void importCertChain(String id) throws IOException {
- CMS.debug("DisplayCertChainPanel importCertChain");
- IConfigStore config = CMS.getConfigStore();
- String configName = "preop." + id + ".pkcs7";
- String pkcs7 = "";
-
- try {
- pkcs7 = config.getString(configName, "");
- } catch (Exception e) {
- }
-
- if (pkcs7.length() > 0) {
- try {
- CryptoUtil.importCertificateChain(pkcs7);
- } catch (Exception e) {
- CMS.debug("DisplayCertChainPanel importCertChain: Exception: " + e.toString());
- }
- }
- }
-
- public void updateCertChain(IConfigStore config, String name, String host,
- int https_admin_port, boolean https, Context context) throws IOException {
- updateCertChain(config, name, host, https_admin_port,
- https, context, null);
- }
-
- public void updateCertChain(IConfigStore config, String name, String host,
- int https_admin_port, boolean https, Context context,
- ConfigCertApprovalCallback certApprovalCallback) throws IOException {
- String certchain = getCertChainUsingSecureAdminPort(host,
- https_admin_port,
- https,
- certApprovalCallback);
+ public void updateCertChainUsingSecureEEPort(IConfigStore config, String name, String host,
+ int https_ee_port, boolean https, Context context, ConfigCertApprovalCallback certApprovalCallback)
+ throws IOException, CertificateEncodingException, EBaseException {
+ String certchain = getCertChainUsingSecureEEPort(host, https_ee_port, https, certApprovalCallback);
config.putString("preop." + name + ".pkcs7", certchain);
byte[] decoded = CryptoUtil.base64Decode(certchain);
- java.security.cert.X509Certificate[] b_certchain = null;
-
- try {
- b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded);
- } catch (Exception e) {
- context.put("errorString",
- "Failed to get the certificate chain.");
- return;
- }
+ java.security.cert.X509Certificate[] b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded);
int size = 0;
if (b_certchain != null) {
size = b_certchain.length;
}
config.putInteger("preop." + name + ".certchain.size", size);
- for (int i = 0; i < size; i++) {
- byte[] bb = null;
-
- try {
- bb = b_certchain[i].getEncoded();
- } catch (Exception e) {
- context.put("errorString",
- "Failed to get the der-encoded certificate chain.");
- return;
- }
- config.putString("preop." + name + ".certchain." + i,
- CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb)));
- }
-
- try {
- config.commit(false);
- } catch (EBaseException e) {
- }
- }
-
- public void updateCertChainUsingSecureEEPort(IConfigStore config,
- String name, String host,
- int https_ee_port,
- boolean https,
- Context context,
- ConfigCertApprovalCallback certApprovalCallback) throws IOException {
- String certchain = getCertChainUsingSecureEEPort(host, https_ee_port,
- https,
- certApprovalCallback);
- config.putString("preop." + name + ".pkcs7", certchain);
-
- byte[] decoded = CryptoUtil.base64Decode(certchain);
- java.security.cert.X509Certificate[] b_certchain = null;
-
- try {
- b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded);
- } catch (Exception e) {
- context.put("errorString",
- "Failed to get the certificate chain.");
- return;
- }
- int size = 0;
- if (b_certchain != null) {
- size = b_certchain.length;
- }
- config.putInteger("preop." + name + ".certchain.size", size);
for (int i = 0; i < size; i++) {
- byte[] bb = null;
-
- try {
- bb = b_certchain[i].getEncoded();
- } catch (Exception e) {
- context.put("errorString",
- "Failed to get the der-encoded certificate chain.");
- return;
- }
+ byte[] bb = b_certchain[i].getEncoded();
config.putString("preop." + name + ".certchain." + i,
CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb)));
}
- try {
- config.commit(false);
- } catch (EBaseException e) {
- }
- }
-
- public void deleteCert(String tokenname, String nickname) {
- try {
- CryptoManager cm = CryptoManager.getInstance();
- CryptoToken tok = cm.getTokenByName(tokenname);
- CryptoStore store = tok.getCryptoStore();
- String fullnickname = nickname;
- if (!tokenname.equals("") &&
- !tokenname.equals("Internal Key Storage Token") &&
- !tokenname.equals("internal"))
- fullnickname = tokenname + ":" + nickname;
-
- CMS.debug("WizardPanelBase deleteCert: nickname=" + fullnickname);
- org.mozilla.jss.crypto.X509Certificate cert = cm.findCertByNickname(fullnickname);
-
- if (store instanceof PK11Store) {
- CMS.debug("WizardPanelBase deleteCert: this is pk11store");
- PK11Store pk11store = (PK11Store) store;
- pk11store.deleteCertOnly(cert);
- CMS.debug("WizardPanelBase deleteCert: cert deleted successfully");
- }
- } catch (Exception e) {
- CMS.debug("WizardPanelBase deleteCert: Exception=" + e.toString());
- }
- }
-
- public void deleteEntries(LDAPSearchResults res, LDAPConnection conn,
- String dn, String[] entries) {
- String[] attrs = null;
- LDAPSearchConstraints cons = null;
- String filter = "objectclass=*";
-
- try {
- if (res.getCount() == 0)
- return;
- else {
- while (res.hasMoreElements()) {
- LDAPEntry entry = res.next();
- String dn1 = entry.getDN();
- LDAPSearchResults res1 = conn.search(dn1, 1, filter, attrs, true, cons);
- deleteEntries(res1, conn, dn1, entries);
- deleteEntry(conn, dn1, entries);
- }
- }
- } catch (Exception ee) {
- CMS.debug("WizardPanelBase deleteEntries: Exception=" + ee.toString());
- }
- }
-
- public void deleteEntry(LDAPConnection conn, String dn, String[] entries) {
- try {
- for (int i = 0; i < entries.length; i++) {
- if (LDAPDN.equals(dn, entries[i])) {
- CMS.debug("WizardPanelBase deleteEntry: entry with this dn " + dn + " is not deleted.");
- return;
- }
- }
-
- CMS.debug("WizardPanelBase deleteEntry: deleting dn=" + dn);
- conn.delete(dn);
- } catch (Exception e) {
- CMS.debug("WizardPanelBase deleteEntry: Exception=" + e.toString());
- }
+ config.commit(false);
}
public void reloginSecurityDomain(HttpServletResponse response) {
@@ -1618,7 +561,7 @@ public class WizardPanelBase implements IWizardPanel {
String subsystem = cs.getString("cs.type", "");
String urlVal =
"https://"
- + cs_hostname + ":" + cs_port + "/" + toLowerCaseSubsystemType(subsystem)
+ + cs_hostname + ":" + cs_port + "/" + subsystem.toLowerCase()
+ "/admin/console/config/wizard?p=" + panel + "&subsystem=" + subsystem;
String encodedValue = URLEncoder.encode(urlVal, "UTF-8");
String sdurl = "https://" + hostname + ":" + port + "/ca/admin/ca/securityDomainLogin?url=" + encodedValue;