summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet
diff options
context:
space:
mode:
authormharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2009-05-07 22:37:08 +0000
committermharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2009-05-07 22:37:08 +0000
commit466202e75665108f5c51c5d602d2afaabed4a027 (patch)
tree9e953e972da8074d7fc4dfcc02f0d1a96f57db34 /pki/base/common/src/com/netscape/cms/servlet
parent2963ca4c6381e7a43fff0457fb0135476874830f (diff)
downloadpki-466202e75665108f5c51c5d602d2afaabed4a027.tar.gz
pki-466202e75665108f5c51c5d602d2afaabed4a027.tar.xz
pki-466202e75665108f5c51c5d602d2afaabed4a027.zip
Bugzilla Bug #492735 - Configuration wizard stores certain incorrect port
values within TPS "CS.cfg" . . . Bugzilla Bug #495597 - Unable to access Agent page using a configured CA/KRA containing an HSM git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@431 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java12
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java2
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java26
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java17
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java23
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java88
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java2
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java10
-rwxr-xr-xpki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java13
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java45
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java4
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java216
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java17
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java342
14 files changed, 572 insertions, 245 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java
index d2495c177..e8b0346a2 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java
@@ -176,7 +176,7 @@ public class AdminPanel extends WizardPanelBase {
String domainname = "";
try {
- domainname = cs.getString("preop.securitydomain.name", "");
+ domainname = cs.getString("securitydomain.name", "");
} catch (EBaseException e1) {}
context.put("securityDomain", domainname);
context.put("title", "Administrator");
@@ -286,8 +286,8 @@ public class AdminPanel extends WizardPanelBase {
}
} else {
try {
- ca_hostname = config.getString("preop.securitydomain.host", "");
- ca_port = config.getInteger("preop.securitydomain.httpsport");
+ ca_hostname = config.getString("securitydomain.host", "");
+ ca_port = config.getInteger("securitydomain.httpseeport");
} catch (Exception e) {
}
}
@@ -362,7 +362,7 @@ public class AdminPanel extends WizardPanelBase {
system.modifyGroup(group);
}
- String select = config.getString("preop.securitydomain.select", "");
+ String select = config.getString("securitydomain.select", "");
if (select.equals("new")) {
group = system.getGroupFromName("Security Domain Administrators");
if (!group.isMember(uid)) {
@@ -419,8 +419,8 @@ public class AdminPanel extends WizardPanelBase {
int sd_port = -1;
try {
- sd_hostname = config.getString("preop.securitydomain.host", "");
- sd_port = config.getInteger("preop.securitydomain.httpsport");
+ sd_hostname = config.getString("securitydomain.host", "");
+ sd_port = config.getInteger("securitydomain.httpseeport");
} catch (Exception e) {}
String profileId = HttpInput.getID(request, "profileId");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java
index b88898bec..b24341459 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java
@@ -70,7 +70,7 @@ public class AgentAuthenticatePanel extends WizardPanelBase {
// if we are root, no need to get the certificate chain.
try {
- String select = cs.getString("preop.securitydomain.select","");
+ String select = cs.getString("securitydomain.select","");
if (select.equals("new")) {
return true;
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java
index 1cf6d7421..316c5706d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java
@@ -110,10 +110,6 @@ public class CAInfoPanel extends WizardPanelBase {
CMS.debug("CAInfoPanel: display");
IConfigStore cs = CMS.getConfigStore();
- String sdcaHostname = "";
- String sdcaHttpPort = "";
- String othercaHostname = "";
- String othercaPort = "";
String hostname = "";
String httpport = "";
String httpsport = "";
@@ -153,6 +149,7 @@ public class CAInfoPanel extends WizardPanelBase {
}
String cstype = "CA";
+ String portType = "SecurePort";
/*
try {
@@ -161,7 +158,7 @@ public class CAInfoPanel extends WizardPanelBase {
*/
CMS.debug("CAInfoPanel: Ready to get url");
- Vector v = getUrlListFromSecurityDomain(cs, cstype);
+ Vector v = getUrlListFromSecurityDomain(cs, cstype, portType);
v.addElement("External CA");
StringBuffer list = new StringBuffer();
int size = v.size();
@@ -254,7 +251,7 @@ public class CAInfoPanel extends WizardPanelBase {
} else {
select = "sdca";
- // parse URL (CA1 - http://...)
+ // parse URL (CA1 - https://...)
url = url.substring(url.indexOf("https"));
urlx = new URL(url);
}
@@ -286,34 +283,35 @@ public class CAInfoPanel extends WizardPanelBase {
} catch (Exception e) {}
}
- private void sdca(HttpServletRequest request, Context context, String hostname, String httpPortStr) throws IOException {
+ private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException {
CMS.debug("CAInfoPanel update: this is the CA in the security domain.");
IConfigStore config = CMS.getConfigStore();
context.put("sdcaHostname", hostname);
- context.put("sdHttpPort", httpPortStr);
+ context.put("sdcaHttpsPort", httpsPortStr);
if (hostname == null || hostname.length() == 0) {
context.put("errorString", "Hostname is null");
throw new IOException("Hostname is null");
}
- int httpport = -1;
+ int httpsport = -1;
try {
- httpport = Integer.parseInt(httpPortStr);
+ httpsport = Integer.parseInt(httpsPortStr);
} catch (Exception e) {
CMS.debug(
- "CAInfoPanel update: Http port is not valid. Exception: "
+ "CAInfoPanel update: Https port is not valid. Exception: "
+ e.toString());
throw new IOException("Http Port is not valid.");
}
config.putString("preop.ca.hostname", hostname);
- config.putString("preop.ca.httpsport", httpPortStr);
+ config.putString("preop.ca.httpsport", httpsPortStr);
ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
- updateCertChain(config, "ca", hostname, httpport, true, context,
- certApprovalCallback);
+ updateCertChainUsingSecureEEPort( config, "ca", hostname,
+ httpsport, true, context,
+ certApprovalCallback );
}
/**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java
index 5fccf9004..339a92444 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java
@@ -139,12 +139,15 @@ public class CreateSubsystemPanel extends WizardPanelBase {
context.put("systemname", config.getString("preop.system.name"));
context.put("fullsystemname", config.getString("preop.system.fullname"));
context.put("machineName", config.getString("machineName"));
- context.put("https_port", CMS.getEESSLPort());
context.put("http_port", CMS.getEENonSSLPort());
+ context.put("https_agent_port", CMS.getAgentPort());
+ context.put("https_ee_port", CMS.getEESSLPort());
+ context.put("https_admin_port", CMS.getAdminPort());
} catch (EBaseException e) {
}
- Vector v = getMasterUrlListFromSecurityDomain(config, cstype);
+ Vector v = getMasterUrlListFromSecurityDomain( config, cstype,
+ "SecurePort" );
StringBuffer list = new StringBuffer();
int size = v.size();
for (int i = 0; i < size; i++) {
@@ -247,18 +250,18 @@ public class CreateSubsystemPanel extends WizardPanelBase {
URL u = new URL(url);
String host = u.getHost();
- int port = u.getPort();
+ int https_ee_port = u.getPort();
config.putString("preop.master.hostname", host);
- config.putInteger("preop.master.httpsport", port);
+ config.putInteger("preop.master.httpsport", https_ee_port);
ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
if (cstype.equals("ca")) {
- updateCertChain(config, "clone", host, port, true, context,
- certApprovalCallback);
+ updateCertChain( config, "clone", host, https_ee_port,
+ true, context, certApprovalCallback );
}
- getTokenInfo(config, cstype, host, port, true, context,
+ getTokenInfo(config, cstype, host, https_ee_port, true, context,
certApprovalCallback);
} else {
CMS.debug("CreateSubsystemPanel: invalid choice " + select);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java
index a27bcf09d..d4816bc9f 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java
@@ -94,7 +94,7 @@ public class DisplayCertChainPanel extends WizardPanelBase {
// if we are root, no need to get the certificate chain.
try {
- String select = cs.getString("preop.securitydomain.select","");
+ String select = cs.getString("securitydomain.select","");
String type = cs.getString("preop.subsystem.select", "");
String hierarchy = cs.getString("preop.hierarchy.select", "");
@@ -194,13 +194,26 @@ public class DisplayCertChainPanel extends WizardPanelBase {
int panel = getPanelNo()+1;
IConfigStore cs = CMS.getConfigStore();
try {
- String hostname = cs.getString("preop.securitydomain.host", "");
- int port = cs.getInteger("preop.securitydomain.httpsport", -1);
+ String sd_hostname = cs.getString("securitydomain.host", "");
+ int sd_port = cs.getInteger("securitydomain.httpsadminport", -1);
+ String cs_hostname = cs.getString("machineName", "");
+ int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1);
String subsystem = cs.getString("cs.type", "");
- String urlVal = "https://"+CMS.getEESSLHost()+":"+CMS.getEESSLPort()+"/"+toLowerCaseSubsystemType(subsystem)+"/admin/console/config/wizard?p="+panel+"&subsystem="+subsystem;
+ String urlVal = "https://"+cs_hostname+":"+cs_port+"/"+toLowerCaseSubsystemType(subsystem)+"/admin/console/config/wizard?p="+panel+"&subsystem="+subsystem;
String encodedValue = URLEncoder.encode(urlVal, "UTF-8");
- String sdurl = "https://"+hostname+":"+port+"/ca/ee/ca/securityDomainLogin?url="+encodedValue;
+ String sdurl = "https://"+sd_hostname+":"+sd_port+"/ca/admin/ca/securityDomainLogin?url="+encodedValue;
response.sendRedirect(sdurl);
+
+ // The user previously specified the CA Security Domain's
+ // SSL Admin port in the "Security Domain Panel";
+ // now retrieve this specified CA Security Domain's
+ // non-SSL EE, SSL Agent, and SSL EE ports:
+ cs.putString( "securitydomain.httpport",
+ getSecurityDomainPort( cs, "UnSecurePort" ) );
+ cs.putString("securitydomain.httpsagentport",
+ getSecurityDomainPort( cs, "SecureAgentPort" ) );
+ cs.putString("securitydomain.httpseeport",
+ getSecurityDomainPort( cs, "SecurePort" ) );
} catch (Exception ee) {
CMS.debug("DisplayCertChainPanel Exception="+ee.toString());
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
index 011be5861..1b657d28a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
@@ -53,6 +53,7 @@ public class DonePanel extends WizardPanelBase {
public static final Long MINUS_ONE = Long.valueOf(-1);
public static final String RESTART_SERVER_AFTER_CONFIGURATION =
"restart_server_after_configuration";
+ public static final String PKI_SECURITY_DOMAIN = "pki_security_domain";
public DonePanel() {}
@@ -166,8 +167,13 @@ public class DonePanel extends WizardPanelBase {
}
IConfigStore cs = CMS.getConfigStore();
+ String ownport = CMS.getEENonSSLPort();
String ownsport = CMS.getEESSLPort();
String ownhost = CMS.getEESSLHost();
+ String ownagentsport = CMS.getAgentPort();
+ String ownagenthost = CMS.getAgentHost();
+ String ownadminsport = CMS.getAdminPort();
+ String ownadminhost = CMS.getAdminHost();
String select = "";
String type = "";
@@ -189,8 +195,8 @@ public class DonePanel extends WizardPanelBase {
}
context.put("title", "Done");
context.put("panel", "admin/console/config/donepanel.vm");
- context.put("host", ownhost);
- context.put("port", ownsport);
+ context.put("host", ownadminhost);
+ context.put("port", ownadminsport);
String subsystemType = toLowerCaseSubsystemType(type);
context.put("systemType", subsystemType);
@@ -205,12 +211,14 @@ public class DonePanel extends WizardPanelBase {
} catch (Exception e) {
}
- String sd_port = "";
+ String sd_agent_port = "";
+ String sd_admin_port = "";
String sd_host = "";
String ca_host = "";
try {
- sd_host = cs.getString("preop.securitydomain.host", "");
- sd_port = cs.getString("preop.securitydomain.httpsport", "");
+ sd_host = cs.getString("securitydomain.host", "");
+ sd_agent_port = cs.getString("securitydomain.httpsagentport", "");
+ sd_admin_port = cs.getString("securitydomain.httpsadminport", "");
ca_host = cs.getString("preop.ca.hostname", "");
} catch (Exception e) {
}
@@ -225,7 +233,7 @@ public class DonePanel extends WizardPanelBase {
String instanceName = "";
String subsystemName = "";
try {
- sdtype = cs.getString("preop.securitydomain.select", "");
+ sdtype = cs.getString("securitydomain.select", "");
instanceName = cs.getString("instanceId", "");
subsystemName = cs.getString("preop.subsystem.name", "");
} catch (Exception e) {
@@ -237,7 +245,7 @@ public class DonePanel extends WizardPanelBase {
LDAPConnection conn = getLDAPConn(context);
String basedn = cs.getString("internaldb.basedn");
- String secdomain = cs.getString("preop.securitydomain.name");
+ String secdomain = cs.getString("securitydomain.name");
try {
// Create security domain ldap entry
@@ -288,6 +296,11 @@ public class DonePanel extends WizardPanelBase {
attrs.add(new LDAPAttribute("objectclass", "pkiSubsystem"));
attrs.add(new LDAPAttribute("Host", ownhost));
attrs.add(new LDAPAttribute("SecurePort", ownsport));
+ attrs.add(new LDAPAttribute("SecureAgentPort",
+ ownagentsport));
+ attrs.add(new LDAPAttribute("SecureAdminPort",
+ ownadminsport));
+ attrs.add(new LDAPAttribute("UnSecurePort", ownport));
attrs.add(new LDAPAttribute("Clone", "false"));
attrs.add(new LDAPAttribute("SubsystemName", subsystemName));
attrs.add(new LDAPAttribute("cn", cn));
@@ -304,10 +317,34 @@ public class DonePanel extends WizardPanelBase {
} catch (Exception e) {
CMS.debug("DonePanel display: "+e.toString());
}
+
+ int sd_admin_port_int = -1;
+ try {
+ sd_admin_port_int = Integer.parseInt( sd_admin_port );
+ } catch (Exception e) {
+ }
+
+ try {
+ // Fetch the "new" security domain and display it
+ CMS.debug( "Dump contents of new Security Domain . . ." );
+ String c = getDomainXML( sd_host, sd_admin_port_int, true );
+ } catch( Exception e ) {}
+
+ // Since this instance is a new Security Domain,
+ // create an empty file to designate this fact.
+ String security_domain = instanceRoot + "/conf/"
+ + PKI_SECURITY_DOMAIN;
+ if( !Utils.isNT() ) {
+ Utils.exec( "touch " + security_domain );
+ Utils.exec( "chmod 00660 " + security_domain );
+ }
+
} else { //existing domain
- int p = -1;
+ int sd_agent_port_int = -1;
+ int sd_admin_port_int = -1;
try {
- p = Integer.parseInt(sd_port);
+ sd_agent_port_int = Integer.parseInt(sd_agent_port);
+ sd_admin_port_int = Integer.parseInt(sd_admin_port);
} catch (Exception e) {
}
@@ -317,17 +354,31 @@ public class DonePanel extends WizardPanelBase {
cloneStr = "&clone=true";
else
cloneStr = "&clone=false";
- updateDomainXML(sd_host, p, true, "/ca/agent/ca/updateDomainXML",
- "list="+s+"&type="+type+"&host="+ownhost+"&name="+subsystemName+"&sport="+ownsport+"&dm=false"+cloneStr);
+ updateDomainXML( sd_host, sd_agent_port_int, true,
+ "/ca/agent/ca/updateDomainXML",
+ "list=" + s
+ + "&type=" + type
+ + "&host=" + ownhost
+ + "&name=" + subsystemName
+ + "&sport=" + ownsport
+ + "&dm=false" + cloneStr
+ + "&agentsport=" + ownagentsport
+ + "&adminsport=" + ownadminsport
+ + "&httpport=" + ownport );
+
+ // Fetch the "updated" security domain and display it
+ CMS.debug( "Dump contents of updated Security Domain . . ." );
+ String c = getDomainXML( sd_host, sd_admin_port_int, true );
} catch (Exception e) {
context.put("errorString", "Failed to update the security domain on the domain master.");
//return;
}
}
- // add service.securityDomainPort to CS.cfg in case pkiremove needs to remove system reference from the security domain
+ // add service.securityDomainPort to CS.cfg in case pkiremove
+ // needs to remove system reference from the security domain
try {
- cs.putString("service.securityDomainPort", ownsport);
+ cs.putString("service.securityDomainPort", ownagentsport);
cs.commit(false);
} catch (Exception e) {
CMS.debug("DonePanel: exception in adding service.securityDomainPort to CS.cfg" + e);
@@ -337,7 +388,7 @@ public class DonePanel extends WizardPanelBase {
// need to push connector information to the CA
if (type.equals("KRA") && !ca_host.equals("")) {
try {
- updateConnectorInfo(ownhost, ownsport, sd_host, sd_port);
+ updateConnectorInfo(ownagenthost, ownagentsport);
} catch (IOException e) {
context.put("errorString", "Failed to update connector information.");
return;
@@ -495,8 +546,8 @@ public class DonePanel extends WizardPanelBase {
try {
cahost = config.getString("preop.ca.hostname", "");
caport = config.getInteger("preop.ca.httpsport", -1);
- sdhost = config.getString("preop.securitydomain.host", "");
- sdport = config.getInteger("preop.securitydomain.httpsport", -1);
+ sdhost = config.getString("securitydomain.host", "");
+ sdport = config.getInteger("securitydomain.httpseeport", -1);
} catch (Exception e) {
}
@@ -589,8 +640,7 @@ public class DonePanel extends WizardPanelBase {
return "CA-" + host + "-" + port;
}
- private void updateConnectorInfo(String ownhost, String ownsport,
- String sd_host, String sd_port)
+ private void updateConnectorInfo(String ownagenthost, String ownagentsport)
throws IOException {
IConfigStore cs = CMS.getConfigStore();
int port = -1;
@@ -614,7 +664,7 @@ public class DonePanel extends WizardPanelBase {
} else {
CMS.debug("DonePanel: Transport certificate is being setup in " + url);
String session_id = CMS.getConfigSDSessionId();
- String content = "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host="+ownhost+"&ca.connector.KRA.port="+ownsport+"&ca.connector.KRA.transportCert="+URLEncoder.encode(transportCert)+"&sessionID="+session_id;
+ String content = "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host="+ownagenthost+"&ca.connector.KRA.port="+ownagentsport+"&ca.connector.KRA.transportCert="+URLEncoder.encode(transportCert)+"&sessionID="+session_id;
updateConnectorInfo(host, port, true, content);
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java
index ce9142ca7..b78b98b82 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java
@@ -126,7 +126,7 @@ public class GetCookie extends CMSServlet {
header.addStringValue("subsystem", subsystem);
header.addStringValue("url", url_e);
header.addStringValue("errorString", "Failed Authentication");
- String sdname = cs.getString("preop.securitydomain.name", "");
+ String sdname = cs.getString("securitydomain.name", "");
header.addStringValue("sdname", sdname);
CMS.debug("mErrorFormPath=" + mErrorFormPath);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java
index ef08b05cd..3f2ccc8c8 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java
@@ -133,8 +133,8 @@ public class ImportAdminCertPanel extends WizardPanelBase {
if (ca == null) {
if (type.equals("otherca")) {
try {
- caHost = cs.getString("preop.securitydomain.host", "");
- caPort = cs.getString("preop.securitydomain.httpsport", "");
+ caHost = cs.getString("securitydomain.host", "");
+ caPort = cs.getString("securitydomain.httpseeport", "");
} catch (Exception e) {}
} else if (type.equals("sdca")) {
try {
@@ -142,6 +142,12 @@ public class ImportAdminCertPanel extends WizardPanelBase {
caPort = cs.getString("preop.ca.httpsport", "");
} catch (Exception e) {}
}
+ } else {
+ // Provide default Security Domain values for 'caHost' and 'caPort'
+ try {
+ caHost = cs.getString("securitydomain.host", "");
+ caPort = cs.getString("securitydomain.httpseeport", "");
+ } catch (Exception e) {}
}
String pkcs7 = "";
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java
index 02614f2ec..3b76b6972 100755
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java
@@ -99,6 +99,10 @@ public class ImportCAChainPanel extends WizardPanelBase {
context.put("import", "true");
IConfigStore cs = CMS.getConfigStore();
+ try {
+ context.put("machineName", cs.getString("machineName"));
+ context.put("https_port", CMS.getEESSLPort());
+ } catch (EBaseException e) {}
ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca");
@@ -141,7 +145,12 @@ public class ImportCAChainPanel extends WizardPanelBase {
Context context) {
/* This should never be called */
- context.put("title", "Import CA's Certificate Chain");
- context.put("panel", "admin/console/config/importcachainpanel.vm");
+ IConfigStore cs = CMS.getConfigStore();
+ try {
+ context.put("machineName", cs.getString("machineName"));
+ context.put("https_port", CMS.getEESSLPort());
+ context.put("title", "Import CA's Certificate Chain");
+ context.put("panel", "admin/console/config/importcachainpanel.vm");
+ } catch (EBaseException e) {}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java
index 75a524e5a..8b5554593 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java
@@ -192,20 +192,20 @@ public class NamePanel extends WizardPanelBase {
}
try {
- domainname = config.getString("preop.securitydomain.name", "");
+ domainname = config.getString("securitydomain.name", "");
String certTags = config.getString("preop.cert.list");
// same token for now
String token = config.getString(PRE_CONF_CA_TOKEN);
StringTokenizer st = new StringTokenizer(certTags, ",");
- String domaintype = config.getString("preop.securitydomain.select");
+ String domaintype = config.getString("securitydomain.select");
int count = 0;
String host = "";
- int sport = -1;
+ int sd_admin_port = -1;
if (domaintype.equals("existing")) {
- host = config.getString("preop.securitydomain.host", "");
- sport = config.getInteger("preop.securitydomain.httpsport", -1);
- count = getSubsystemCount(host, sport, true, cstype);
+ host = config.getString("securitydomain.host", "");
+ sd_admin_port = config.getInteger("securitydomain.httpsadminport", -1);
+ count = getSubsystemCount(host, sd_admin_port, true, cstype);
}
while (st.hasMoreTokens()) {
@@ -237,7 +237,7 @@ public class NamePanel extends WizardPanelBase {
//o_sd is to add o=secritydomainname
boolean o_sd = config.getBoolean(PCERT_PREFIX + certTag +
"o_securitydomain", true);
- domainname = config.getString("preop.securitydomain.name", "");
+ domainname = config.getString("securitydomain.name", "");
CMS.debug("NamePanel: display() override is "+override);
CMS.debug("NamePanel: display() o_securitydomain is "+o_sd);
CMS.debug("NamePanel: display() domainname is "+domainname);
@@ -276,8 +276,8 @@ public class NamePanel extends WizardPanelBase {
CMS.debug("NamePanel: " + e.toString());
}
- CMS.debug("NamePanel: Ready to get urls");
- Vector v = getUrlListFromSecurityDomain(config, "CA");
+ CMS.debug("NamePanel: Ready to get SSL EE HTTPS urls");
+ Vector v = getUrlListFromSecurityDomain(config, "CA", "SecurePort");
v.addElement("External CA");
StringBuffer list = new StringBuffer();
int size = v.size();
@@ -416,10 +416,10 @@ public class NamePanel extends WizardPanelBase {
String profileId = config.getString(PCERT_PREFIX+certTag+".profile");
String session_id = CMS.getConfigSDSessionId();
String sd_hostname = "";
- int sd_port = -1;
+ int sd_ee_port = -1;
try {
- sd_hostname = config.getString("preop.securitydomain.host", "");
- sd_port = config.getInteger("preop.securitydomain.httpsport", -1);
+ sd_hostname = config.getString("securitydomain.host", "");
+ sd_ee_port = config.getInteger("securitydomain.httpseeport", -1);
} catch (Exception ee) {
CMS.debug("NamePanel: configCert() exception caught:"+ee.toString());
}
@@ -428,7 +428,7 @@ public class NamePanel extends WizardPanelBase {
String securePort = config.getString("service.securePort", "");
if (certTag.equals("subsystem")) {
String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId="+profileId+"&cert_request_type=pkcs10&cert_request="+URLEncoder.encode(pkcs10, "UTF-8")+"&xmlOutput=true&sessionID="+session_id;
- cert = CertUtil.createRemoteCert(sd_hostname, sd_port,
+ cert = CertUtil.createRemoteCert(sd_hostname, sd_ee_port,
content, response, this);
if (cert == null) {
throw new IOException("Error: remote certificate is null");
@@ -716,7 +716,7 @@ public class NamePanel extends WizardPanelBase {
} else {
CMS.debug("NamePanel: local CA selected");
select = "sdca";
- // parse URL (CA1 - http://...)
+ // parse URL (CA1 - https://...)
url = url.substring(url.indexOf("https"));
config.putString("preop.ca.url", url);
@@ -805,23 +805,23 @@ public class NamePanel extends WizardPanelBase {
CMS.debug("NamePanel: update() done");
}
- private void sdca(HttpServletRequest request, Context context, String hostname, String httpPortStr) throws IOException {
+ private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException {
CMS.debug("NamePanel update: this is the CA in the security domain.");
- CMS.debug("NamePanel update: selected CA hostname=" + hostname + " port=" + httpPortStr);
+ CMS.debug("NamePanel update: selected CA hostname=" + hostname + " port=" + httpsPortStr);
IConfigStore config = CMS.getConfigStore();
context.put("sdcaHostname", hostname);
- context.put("sdHttpPort", httpPortStr);
+ context.put("sdHttpPort", httpsPortStr);
if (hostname == null || hostname.length() == 0) {
context.put("errorString", "Hostname is null");
throw new IOException("Hostname is null");
}
- int httpport = -1;
+ int httpsport = -1;
try {
- httpport = Integer.parseInt(httpPortStr);
+ httpsport = Integer.parseInt(httpsPortStr);
} catch (Exception e) {
CMS.debug(
"NamePanel update: Http port is not valid. Exception: "
@@ -830,10 +830,11 @@ public class NamePanel extends WizardPanelBase {
}
config.putString("preop.ca.hostname", hostname);
- config.putString("preop.ca.httpsport", httpPortStr);
+ config.putString("preop.ca.httpsport", httpsPortStr);
ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
- updateCertChain(config, "ca", hostname, httpport, true, context,
- certApprovalCallback);
+ updateCertChainUsingSecureEEPort( config, "ca", hostname,
+ httpsport, true, context,
+ certApprovalCallback );
try {
CMS.debug("Importing CA chain");
importCertChain("ca");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java
index 13fb58ef9..9ae5689ad 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java
@@ -348,8 +348,8 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
String master_hostname = "";
int master_port = -1;
try {
- sd_hostname = config.getString("preop.securitydomain.host", "");
- sd_port = config.getInteger("preop.securitydomain.httpsport", -1);
+ sd_hostname = config.getString("securitydomain.host", "");
+ sd_port = config.getInteger("securitydomain.httpseeport", -1);
master_hostname = config.getString("preop.master.hostname", "");
master_port = config.getInteger("preop.master.httpsport", -1);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java
index 73ab1b07f..bb4dba978 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java
@@ -96,12 +96,14 @@ public class SecurityDomainPanel extends WizardPanelBase {
context.put("title", "Security Domain");
IConfigStore config = CMS.getConfigStore();
String errorString = "";
- String url = "";
+ String admin_url = "";
String name = "";
+ String cstype = "";
try {
- url = config.getString("preop.securitydomain.url", "");
+ admin_url = config.getString("preop.securitydomain.admin_url", "");
name = config.getString("preop.securitydomain.name", "");
+ cstype = config.getString("cs.type", "");
} catch (Exception e) {
CMS.debug(e.toString());
}
@@ -130,70 +132,60 @@ public class SecurityDomainPanel extends WizardPanelBase {
context.put("panelname", "Security Domain Configuration");
context.put("systemname", config.getString("preop.system.name"));
context.put("machineName", config.getString("machineName"));
- context.put("https_port", CMS.getEESSLPort());
- context.put("http_port", CMS.getEENonSSLPort());
+ context.put("http_ee_port", CMS.getEENonSSLPort());
+ context.put("https_agent_port", CMS.getAgentPort());
+ context.put("https_ee_port", CMS.getEESSLPort());
+ context.put("https_admin_port", CMS.getAdminPort());
+ context.put("sdomainAdminURL", admin_url);
} catch (EBaseException e) {}
context.put("panel", "admin/console/config/securitydomainpanel.vm");
context.put("errorString", errorString);
- if (url != null) {
- String r = null;
-
- try {
- URL u = new URL(url);
-
- String hostname = u.getHost();
- int port = u.getPort();
- ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
- r = pingCS(hostname, port, true, certApprovalCallback);
- } catch (Exception e) {
- CMS.debug("SecurityDomainPanel: exception caught: "+e.toString());
- }
-
- if (r != null) {
- CMS.debug("SecurityDomainPanel: pingCS returns: "+r);
- context.put("sdomainURL", url);
- } else {
- CMS.debug("SecurityDomainPanel: pingCS no successful response");
- context.put("sdomainURL", "");
- }
- }
-
- // from url, find hostname, if fully qualified, get network
+ // from admin_url, find hostname, if fully qualified, get network
// domain name and generate default security domain name
- if (name.equals("") && (url != null)) {
+ if (name.equals("") && (admin_url != null)) {
try {
- URL u = new URL(url);
+ URL u = new URL(admin_url);
String hostname = u.getHost();
StringTokenizer st = new StringTokenizer(hostname, ".");
- boolean first = true;
- int numTokens = st.countTokens();
- int count = 0;
- String defaultDomain = "";
- StringBuffer sb = new StringBuffer();
- while (st.hasMoreTokens()) {
- count++;
- String n = st.nextToken();
- if (first) { //skip the hostname
- first = false;
- continue;
+ boolean first = true;
+ int numTokens = st.countTokens();
+ int count = 0;
+ String defaultDomain = "";
+ StringBuffer sb = new StringBuffer();
+ while (st.hasMoreTokens()) {
+ count++;
+ String n = st.nextToken();
+ if (first) { //skip the hostname
+ first = false;
+ continue;
}
- if (count == numTokens) // skip the last element (e.g. com)
- continue;
- sb.append((defaultDomain.length()==0)? "":" ");
- sb.append(capitalize(n));
- }
- defaultDomain = sb.toString() + " "+ "Domain";
- name = defaultDomain;
- CMS.debug("SecurityDomainPanel: defaultDomain generated:"+ name);
+ if (count == numTokens) // skip the last element (e.g. com)
+ continue;
+ sb.append((defaultDomain.length()==0)? "":" ");
+ sb.append(capitalize(n));
+ }
+ defaultDomain = sb.toString() + " "+ "Domain";
+ name = defaultDomain;
+ CMS.debug("SecurityDomainPanel: defaultDomain generated:"+ name);
} catch (MalformedURLException e) {
errorString = "Malformed URL";
- // not being able to come up with default domain name is ok
+ // not being able to come up with default domain name is ok
}
}
context.put("sdomainName", name);
+
+ // Information for "existing" Security Domain CAs
+ String instanceId = "&lt;security_domain_instance_name&gt;";
+ String os = System.getProperty( "os.name" );
+ if( os.equalsIgnoreCase( "Linux" ) ) {
+ context.put( "initCommand", "/sbin/service " + instanceId );
+ } else {
+ /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */
+ context.put( "initCommand", "/etc/init.d/" + instanceId );
+ }
}
public static String capitalize(String s) {
@@ -219,10 +211,41 @@ public class SecurityDomainPanel extends WizardPanelBase {
throw new IOException("Missing name value for the security domain");
}
} else if (select.equals("existingdomain")) {
- String url = HttpInput.getURL(request, "sdomainURL");
- if (url == null || url.equals("")) {
- initParams(request, context);
- throw new IOException("Missing url value for the security domain");
+ CMS.debug( "SecurityDomainPanel: validating "
+ + "SSL Admin HTTPS . . ." );
+ String admin_url = HttpInput.getURL( request, "sdomainURL" );
+ if( admin_url == null || admin_url.equals("") ) {
+ initParams( request, context );
+ throw new IOException( "Missing SSL Admin HTTPS url value "
+ + "for the security domain" );
+ } else {
+ String r = null;
+
+ try {
+ URL u = new URL( admin_url );
+
+ String hostname = u.getHost();
+ int admin_port = u.getPort();
+ ConfigCertApprovalCallback
+ certApprovalCallback = new ConfigCertApprovalCallback();
+ r = pingCS( hostname, admin_port, true,
+ certApprovalCallback );
+ } catch( Exception e ) {
+ CMS.debug( "SecurityDomainPanel: exception caught: "
+ + e.toString() );
+ throw new IOException( "Illegal SSL Admin HTTPS url value "
+ + "for the security domain" );
+ }
+
+ if (r != null) {
+ CMS.debug("SecurityDomainPanel: pingAdminCS returns: "
+ + r );
+ context.put( "sdomainURL", admin_url );
+ } else {
+ CMS.debug( "SecurityDomainPanel: pingAdminCS "
+ + "no successful response for SSL Admin HTTPS" );
+ context.put( "sdomainURL", "" );
+ }
}
}
}
@@ -250,10 +273,10 @@ public class SecurityDomainPanel extends WizardPanelBase {
name = "";
context.put("sdomainName", name);
- String url = request.getParameter("sdomainURL");
- if (url == null)
- url = "";
- context.put("sdomainURL", url);
+ String admin_url = request.getParameter("sdomainURL");
+ if (admin_url == null)
+ admin_url = "";
+ context.put("sdomainURL", admin_url);
}
/**
@@ -274,22 +297,20 @@ public class SecurityDomainPanel extends WizardPanelBase {
if (select.equals("newdomain")) {
config.putString("preop.securitydomain.select", "new");
config.putString("securitydomain.select", "new");
- config.putString("preop.securitydomain.host",
- CMS.getEENonSSLHost());
+ config.putString("preop.securitydomain.name",
+ HttpInput.getDomainName(request, "sdomainName"));
+ config.putString("securitydomain.name",
+ HttpInput.getDomainName(request, "sdomainName"));
config.putString("securitydomain.host",
CMS.getEENonSSLHost());
- config.putString("preop.securitydomain.httpport",
- CMS.getEENonSSLPort());
config.putString("securitydomain.httpport",
CMS.getEENonSSLPort());
- config.putString("preop.securitydomain.httpsport",
- CMS.getEESSLPort());
- config.putString("securitydomain.httpsport",
+ config.putString("securitydomain.httpsagentport",
+ CMS.getAgentPort());
+ config.putString("securitydomain.httpseeport",
CMS.getEESSLPort());
- config.putString("preop.securitydomain.name",
- HttpInput.getDomainName(request, "sdomainName"));
- config.putString("securitydomain.name",
- HttpInput.getDomainName(request, "sdomainName"));
+ config.putString("securitydomain.httpsadminport",
+ CMS.getAdminPort());
// make sure the subsystem certificate is issued by the security
// domain
@@ -315,29 +336,25 @@ public class SecurityDomainPanel extends WizardPanelBase {
config.putString("preop.cert.subsystem.type", "remote");
config.putString("preop.cert.subsystem.profile", "caInternalAuthSubsystemCert");
- String url = HttpInput.getURL(request, "sdomainURL");
+ String admin_url = HttpInput.getURL(request, "sdomainURL");
String hostname = "";
- int port = -1;
+ int admin_port = -1;
- if (url != null) {
+ if( admin_url != null ) {
try {
- URL u = new URL(url);
+ URL admin_u = new URL( admin_url );
- hostname = u.getHost();
- port = u.getPort();
- } catch (MalformedURLException e) {
- errorString = "Malformed URL";
- throw new IOException(errorString);
+ hostname = admin_u.getHost();
+ admin_port = admin_u.getPort();
+ } catch( MalformedURLException e ) {
+ errorString = "Malformed SSL Admin HTTPS URL";
+ throw new IOException( errorString );
}
-
- context.put("sdomainURL", url);
- config.putString("preop.securitydomain.url", url);
- config.putString("preop.securitydomain.host", hostname);
- config.putString("securitydomain.host", hostname);
- config.putInteger("preop.securitydomain.httpsport", port);
- config.putInteger("securitydomain.httpsport", port);
- } else {
- config.putString("preop.securitydomain.url", "");
+
+ context.put( "sdomainURL", admin_url );
+ config.putString( "securitydomain.host", hostname );
+ config.putInteger( "securitydomain.httpsadminport",
+ admin_port );
}
try {
@@ -345,8 +362,8 @@ public class SecurityDomainPanel extends WizardPanelBase {
} catch (EBaseException e) {}
ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
- updateCertChain(config, "securitydomain", hostname, port, true,
- context, certApprovalCallback);
+ updateCertChain( config, "securitydomain", hostname, admin_port,
+ true, context, certApprovalCallback );
} else {
CMS.debug("SecurityDomainPanel: invalid choice " + select);
errorString = "Invalid choice";
@@ -369,7 +386,7 @@ public class SecurityDomainPanel extends WizardPanelBase {
}
/**
- * If validiate() returns false, this method will be called.
+ * If validate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
HttpServletResponse response,
@@ -381,9 +398,24 @@ public class SecurityDomainPanel extends WizardPanelBase {
}
try {
context.put("machineName", config.getString("machineName"));
- context.put("https_port", CMS.getEESSLPort());
- context.put("http_port", CMS.getEENonSSLPort());
+ context.put("http_ee_port", CMS.getEENonSSLPort());
+ context.put("https_agent_port", CMS.getAgentPort());
+ context.put("https_ee_port", CMS.getEESSLPort());
+ context.put("https_admin_port", CMS.getAdminPort());
+ context.put("sdomainAdminURL",
+ config.getString("preop.securitydomain.admin_url"));
} catch (EBaseException e) {}
+
+ // Information for "existing" Security Domain CAs
+ String instanceId = "&lt;security_domain_instance_name&gt;";
+ String os = System.getProperty( "os.name" );
+ if( os.equalsIgnoreCase( "Linux" ) ) {
+ context.put( "initCommand", "/sbin/service " + instanceId );
+ } else {
+ /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */
+ context.put( "initCommand", "/etc/init.d/" + instanceId );
+ }
+
context.put("title", "Security Domain");
context.put("panel", "admin/console/config/securitydomainpanel.vm");
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java
index 2b9f7328b..e96d82bb1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java
@@ -244,6 +244,9 @@ public class UpdateDomainXML extends CMSServlet {
String host = httpReq.getParameter("host");
String name = httpReq.getParameter("name");
String sport = httpReq.getParameter("sport");
+ String agentsport = httpReq.getParameter("agentsport");
+ String adminsport = httpReq.getParameter("adminsport");
+ String httpport = httpReq.getParameter("httpport");
String domainmgr = httpReq.getParameter("dm");
String clone = httpReq.getParameter("clone");
String operation = httpReq.getParameter("operation");
@@ -268,7 +271,7 @@ public class UpdateDomainXML extends CMSServlet {
ILdapConnFactory connFactory = null;
LDAPConnection conn = null;
String listName = type + "List";
- String cn = host + ":" + sport;
+ String cn = host + ":" + adminsport;
String dn = "cn=" + cn + ",cn=" + listName + ",ou=Security Domain," + basedn;
CMS.debug("UpdateDomainXML: updating LDAP entry: " + dn);
@@ -279,6 +282,9 @@ public class UpdateDomainXML extends CMSServlet {
attrs.add(new LDAPAttribute("cn", cn));
attrs.add(new LDAPAttribute("Host", host));
attrs.add(new LDAPAttribute("SecurePort", sport));
+ attrs.add(new LDAPAttribute("SecureAgentPort", agentsport));
+ attrs.add(new LDAPAttribute("SecureAdminPort", adminsport));
+ attrs.add(new LDAPAttribute("UnSecurePort", httpport));
attrs.add(new LDAPAttribute("DomainManager", domainmgr));
attrs.add(new LDAPAttribute("clone", clone));
attrs.add(new LDAPAttribute("SubsystemName", name));
@@ -286,7 +292,7 @@ public class UpdateDomainXML extends CMSServlet {
if ((operation != null) && (operation.equals("remove"))) {
status = remove_from_ldap(dn);
- String adminUserDN = "uid=" + type + "-" + host + "-" + sport + ",ou=People," + basedn;
+ String adminUserDN = "uid=" + type + "-" + host + "-" + adminsport + ",ou=People," + basedn;
if (status.equals(SUCCESS)) {
// remove the client cert for this subsystem's admin
status = remove_from_ldap(adminUserDN);
@@ -327,9 +333,9 @@ public class UpdateDomainXML extends CMSServlet {
Node nn = (Node) nodeList.item(i);
Vector v_name = parser.getValuesFromContainer(nn, "SubsystemName");
Vector v_host = parser.getValuesFromContainer(nn, "Host");
- Vector v_port = parser.getValuesFromContainer(nn, "SecurePort");
+ Vector v_adminport = parser.getValuesFromContainer(nn, "SecureAdminPort");
if ((v_name.elementAt(0).equals(name)) && (v_host.elementAt(0).equals(host))
- && (v_port.elementAt(0).equals(sport))) {
+ && (v_adminport.elementAt(0).equals(adminsport))) {
Node parent = nn.getParentNode();
Node remNode = parent.removeChild(nn);
count --;
@@ -342,6 +348,9 @@ public class UpdateDomainXML extends CMSServlet {
parser.addItemToContainer(parent, "SubsystemName", name);
parser.addItemToContainer(parent, "Host", host);
parser.addItemToContainer(parent, "SecurePort", sport);
+ parser.addItemToContainer(parent, "SecureAgentPort", agentsport);
+ parser.addItemToContainer(parent, "SecureAdminPort", adminsport);
+ parser.addItemToContainer(parent, "UnSecurePort", httpport);
parser.addItemToContainer(parent, "DomainManager", domainmgr);
parser.addItemToContainer(parent, "Clone", clone);
count ++;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java
index cd0630491..6ebdc9df3 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java
@@ -284,11 +284,11 @@ public class WizardPanelBase implements IWizardPanel {
}
}
- public int getSubsystemCount(String hostname, int port, boolean https,
- String type)
- throws IOException {
+ public int getSubsystemCount( String hostname, int https_admin_port,
+ boolean https, String type )
+ throws IOException {
CMS.debug("WizardPanelBase getSubsystemCount start");
- String c = getDomainXML(hostname, port, true);
+ String c = getDomainXML(hostname, https_admin_port, true);
if (c != null) {
try {
ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
@@ -327,12 +327,12 @@ public class WizardPanelBase implements IWizardPanel {
return -1;
}
- public String getDomainXML(String hostname, int port, boolean https)
- throws IOException {
+ public String getDomainXML( String hostname, int https_admin_port,
+ boolean https )
+ throws IOException {
CMS.debug("WizardPanelBase getDomainXML start");
- String c = getHttpResponse(hostname, port, https, "/ca/ee/ca/getDomainXML",
- null, null);
-
+ String c = getHttpResponse( hostname, https_admin_port, https,
+ "/ca/admin/ca/getDomainXML", null, null );
if (c != null) {
try {
ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
@@ -440,12 +440,16 @@ public class WizardPanelBase implements IWizardPanel {
}
}
- public String getCertChain(String hostname, int port, boolean https,
- ConfigCertApprovalCallback certApprovalCallback)
- throws IOException {
- CMS.debug("WizardPanelBase getCertChain start");
- String c = getHttpResponse(hostname, port, https,
- "/ca/ee/ca/getCertChain", null, null, certApprovalCallback);
+ public String getCertChainUsingSecureAdminPort( String hostname,
+ int https_admin_port,
+ boolean https,
+ ConfigCertApprovalCallback
+ certApprovalCallback )
+ throws IOException {
+ CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort start");
+ String c = getHttpResponse( hostname, https_admin_port, https,
+ "/ca/admin/ca/getCertChain", null, null,
+ certApprovalCallback );
if (c != null) {
try {
@@ -455,21 +459,21 @@ public class WizardPanelBase implements IWizardPanel {
try {
parser = new XMLObject(bis);
} catch (Exception e) {
- CMS.debug( "WizardPanelBase::getCertChain() - "
+ CMS.debug( "WizardPanelBase::getCertChainUsingSecureAdminPort() - "
+ "Exception="+e.toString() );
throw new IOException( e.toString() );
}
String status = parser.getValue("Status");
- CMS.debug("WizardPanelBase getCertChain: status=" + status);
+ CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort: status=" + status);
if (status.equals(SUCCESS)) {
String certchain = parser.getValue("ChainBase64");
certchain = CryptoUtil.normalizeCertStr(certchain);
CMS.debug(
- "WizardPanelBase getCertChain: certchain="
+ "WizardPanelBase getCertChainUsingSecureAdminPort: certchain="
+ certchain);
return certchain;
} else {
@@ -478,10 +482,63 @@ public class WizardPanelBase implements IWizardPanel {
throw new IOException(error);
}
} catch (IOException e) {
- CMS.debug("WizardPanelBase: getCertChain: " + e.toString());
+ CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: " + e.toString());
throw e;
} catch (Exception e) {
- CMS.debug("WizardPanelBase: getCertChain: " + e.toString());
+ CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: " + e.toString());
+ throw new IOException(e.toString());
+ }
+ }
+
+ return null;
+ }
+
+ public String getCertChainUsingSecureEEPort( String hostname,
+ int https_ee_port,
+ boolean https,
+ ConfigCertApprovalCallback
+ certApprovalCallback )
+ throws IOException {
+ CMS.debug("WizardPanelBase getCertChainUsingSecureEEPort start");
+ String c = getHttpResponse( hostname, https_ee_port, https,
+ "/ca/ee/ca/getCertChain", null, null,
+ certApprovalCallback );
+
+ if (c != null) {
+ try {
+ ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
+ XMLObject parser = null;
+
+ try {
+ parser = new XMLObject(bis);
+ } catch (Exception e) {
+ CMS.debug( "WizardPanelBase::getCertChainUsingSecureEEPort() - "
+ + "Exception="+e.toString() );
+ throw new IOException( e.toString() );
+ }
+
+ String status = parser.getValue("Status");
+
+ CMS.debug("WizardPanelBase getCertChainUsingSecureEEPort: status=" + status);
+
+ if (status.equals(SUCCESS)) {
+ String certchain = parser.getValue("ChainBase64");
+
+ certchain = CryptoUtil.normalizeCertStr(certchain);
+ CMS.debug(
+ "WizardPanelBase getCertChainUsingSecureEEPort: certchain="
+ + certchain);
+ return certchain;
+ } else {
+ String error = parser.getValue("Error");
+
+ throw new IOException(error);
+ }
+ } catch (IOException e) {
+ CMS.debug("WizardPanelBase: getCertChainUsingSecureEEPort: " + e.toString());
+ throw e;
+ } catch (Exception e) {
+ CMS.debug("WizardPanelBase: getCertChainUsingSecureEEPort: " + e.toString());
throw new IOException(e.toString());
}
}
@@ -860,15 +917,17 @@ public class WizardPanelBase implements IWizardPanel {
return c;
}
- public Vector getMasterUrlListFromSecurityDomain(IConfigStore config, String type) {
+ public Vector getMasterUrlListFromSecurityDomain( IConfigStore config,
+ String type,
+ String portType ) {
Vector v = new Vector();
try {
- String hostname = config.getString("preop.securitydomain.host");
- int httpsport = config.getInteger("preop.securitydomain.httpsport");
+ String hostname = config.getString("securitydomain.host");
+ int httpsadminport = config.getInteger("securitydomain.httpsadminport");
CMS.debug("Getting domain.xml from CA...");
- String c = getDomainXML(hostname, httpsport, true);
+ String c = getDomainXML(hostname, httpsadminport, true);
String list = "";
CMS.debug("Type " + type);
@@ -882,13 +941,23 @@ public class WizardPanelBase implements IWizardPanel {
list = "TKSList";
}
+ CMS.debug( "Getting " + portType + " from Security Domain ..." );
+ if( !portType.equals( "UnSecurePort" ) &&
+ !portType.equals( "SecureAgentPort" ) &&
+ !portType.equals( "SecurePort" ) &&
+ !portType.equals( "SecureAdminPort" ) ) {
+ CMS.debug( "getPortFromSecurityDomain: " +
+ "unknown port type " + portType );
+ return v;
+ }
+
ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
XMLObject parser = new XMLObject(bis);
Document doc = parser.getDocument();
NodeList nodeList = doc.getElementsByTagName(type);
// save domain name in cfg
- config.putString("preop.securitydomain.name",
+ config.putString("securitydomain.name",
parser.getValue("Name"));
int len = nodeList.getLength();
@@ -905,11 +974,13 @@ public class WizardPanelBase implements IWizardPanel {
Vector v_host = parser.getValuesFromContainer(nodeList.item(i),
"Host");
Vector v_port = parser.getValuesFromContainer(nodeList.item(i),
- "SecurePort");
+ portType);
- v.addElement(
- v_name.elementAt(0) + " - https://" + v_host.elementAt(0)
- + ":" + v_port.elementAt(0));
+ v.addElement( v_name.elementAt(0)
+ + " - https://"
+ + v_host.elementAt(0)
+ + ":"
+ + v_port.elementAt(0) );
}
} catch (Exception e) {
CMS.debug(e.toString());
@@ -918,18 +989,20 @@ public class WizardPanelBase implements IWizardPanel {
return v;
}
- public Vector getUrlListFromSecurityDomain(IConfigStore config, String type) {
+ public Vector getUrlListFromSecurityDomain( IConfigStore config,
+ String type,
+ String portType ) {
Vector v = new Vector();
try {
- String hostname = config.getString("preop.securitydomain.host");
- int httpsport = config.getInteger("preop.securitydomain.httpsport");
+ String hostname = config.getString("securitydomain.host");
+ int httpsadminport = config.getInteger("securitydomain.httpsadminport");
CMS.debug("Getting domain.xml from CA...");
- String c = getDomainXML(hostname, httpsport, true);
+ String c = getDomainXML(hostname, httpsadminport, true);
String list = "";
- CMS.debug("Type " + type);
+ CMS.debug("Subsystem Type " + type);
if (type.equals("CA")) {
list = "CAList";
} else if (type.equals("KRA")) {
@@ -940,13 +1013,23 @@ public class WizardPanelBase implements IWizardPanel {
list = "TKSList";
}
+ CMS.debug( "Getting " + portType + " from Security Domain ..." );
+ if( !portType.equals( "UnSecurePort" ) &&
+ !portType.equals( "SecureAgentPort" ) &&
+ !portType.equals( "SecurePort" ) &&
+ !portType.equals( "SecureAdminPort" ) ) {
+ CMS.debug( "getPortFromSecurityDomain: " +
+ "unknown port type " + portType );
+ return v;
+ }
+
ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
XMLObject parser = new XMLObject(bis);
Document doc = parser.getDocument();
NodeList nodeList = doc.getElementsByTagName(type);
// save domain name in cfg
- config.putString("preop.securitydomain.name",
+ config.putString("securitydomain.name",
parser.getValue("Name"));
int len = nodeList.getLength();
@@ -958,11 +1041,13 @@ public class WizardPanelBase implements IWizardPanel {
Vector v_host = parser.getValuesFromContainer(nodeList.item(i),
"Host");
Vector v_port = parser.getValuesFromContainer(nodeList.item(i),
- "SecurePort");
+ portType);
- v.addElement(
- v_name.elementAt(0) + " - https://" + v_host.elementAt(0)
- + ":" + v_port.elementAt(0));
+ v.addElement( v_name.elementAt(0)
+ + " - https://"
+ + v_host.elementAt(0)
+ + ":"
+ + v_port.elementAt(0) );
}
} catch (Exception e) {
CMS.debug(e.toString());
@@ -971,37 +1056,105 @@ public class WizardPanelBase implements IWizardPanel {
return v;
}
- public String pingCS(String hostname, int port, boolean https,
- SSLCertificateApprovalCallback certApprovalCallback)
+ public String getSecurityDomainPort( IConfigStore config,
+ String portType ) {
+ String port = new String();
+
+ try {
+ String hostname = config.getString( "securitydomain.host" );
+ int httpsadminport =
+ config.getInteger( "securitydomain.httpsadminport" );
+
+ CMS.debug( "Getting domain.xml from CA ..." );
+ String c = getDomainXML( hostname, httpsadminport, true );
+
+ CMS.debug( "Getting " + portType + " from Security Domain ..." );
+ if( !portType.equals( "UnSecurePort" ) &&
+ !portType.equals( "SecureAgentPort" ) &&
+ !portType.equals( "SecurePort" ) &&
+ !portType.equals( "SecureAdminPort" ) ) {
+ CMS.debug( "getPortFromSecurityDomain: " +
+ "unknown port type " + portType );
+ return "";
+ }
+
+ ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() );
+ XMLObject parser = new XMLObject( bis );
+ Document doc = parser.getDocument();
+ NodeList nodeList = doc.getElementsByTagName( "CA" );
+
+ int len = nodeList.getLength();
+ for( int i = 0; i < len; i++ ) {
+ Vector v_admin_port =
+ parser.getValuesFromContainer( nodeList.item(i),
+ "SecureAdminPort" );
+
+ Vector v_port = null;
+ if( portType.equals( "UnSecurePort" ) ) {
+ v_port = parser.getValuesFromContainer( nodeList.item(i),
+ "UnSecurePort" );
+ } else if( portType.equals( "SecureAgentPort" ) ) {
+ v_port = parser.getValuesFromContainer( nodeList.item(i),
+ "SecureAgentPort" );
+ } else if( portType.equals( "SecurePort" ) ) {
+ v_port = parser.getValuesFromContainer( nodeList.item(i),
+ "SecurePort" );
+ } else if( portType.equals( "SecureAdminPort" ) ) {
+ v_port = parser.getValuesFromContainer( nodeList.item(i),
+ "SecureAdminPort" );
+ }
+
+ if( ( v_port != null ) &&
+ ( v_admin_port.elementAt( 0 ).equals(
+ Integer.toString( httpsadminport ) ) ) ) {
+ port = v_port.elementAt( 0 ).toString();
+ break;
+ }
+ }
+ } catch (Exception e) {
+ CMS.debug( e.toString() );
+ }
+
+ return( port );
+ }
+
+ public String pingCS( String hostname, int port, boolean https,
+ SSLCertificateApprovalCallback certApprovalCallback )
throws IOException {
- CMS.debug("WizardPanelBase pingCS start");
- String c = getHttpResponse(hostname, port, https, "/ca/ee/ca/getStatus",
- null, null, certApprovalCallback);
+ CMS.debug( "WizardPanelBase pingCS: started" );
- if (c != null) {
+ String c = getHttpResponse( hostname, port, https,
+ "/ca/admin/ca/getStatus",
+ null, null, certApprovalCallback );
+
+ if( c != null ) {
try {
- ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
+ ByteArrayInputStream bis = new
+ ByteArrayInputStream( c.getBytes() );
XMLObject parser = null;
- String state = null;
+ String state = null;
try {
- parser = new XMLObject(bis);
- CMS.debug("WizardPanelBase pingCS: got XML parsed");
- state = parser.getValue("State");
+ parser = new XMLObject( bis );
+ CMS.debug( "WizardPanelBase pingCS: got XML parsed" );
+ state = parser.getValue( "State" );
- if (state != null)
- CMS.debug("WizardPanelBase pingCS: state=" + state);
+ if( state != null ) {
+ CMS.debug( "WizardPanelBase pingCS: state=" + state );
+ }
} catch (Exception e) {
- CMS.debug("WizardPanelBase: pingCS: parser failed" + e.toString());
- }
+ CMS.debug( "WizardPanelBase: pingCS: parser failed"
+ + e.toString() );
+ }
- return state;
- } catch (Exception e) {
- CMS.debug("WizardPanelBase: pingCS: " + e.toString());
- throw new IOException(e.toString());
+ return state;
+ } catch( Exception e ) {
+ CMS.debug( "WizardPanelBase: pingCS: " + e.toString() );
+ throw new IOException( e.toString() );
}
}
+ CMS.debug( "WizardPanelBase pingCS: stopped" );
return null;
}
@@ -1021,12 +1174,12 @@ public class WizardPanelBase implements IWizardPanel {
}
public void getTokenInfo(IConfigStore config, String type, String host,
- int port, boolean https, Context context,
+ int https_ee_port, boolean https, Context context,
ConfigCertApprovalCallback certApprovalCallback) throws IOException {
CMS.debug("WizardPanelBase getTokenInfo start");
String uri = "/"+type+"/ee/"+type+"/getTokenInfo";
CMS.debug("WizardPanelBase getTokenInfo: uri="+uri);
- String c = getHttpResponse(host, port, https, uri, null, null,
+ String c = getHttpResponse(host, https_ee_port, https, uri, null, null,
certApprovalCallback);
if (c != null) {
try {
@@ -1127,14 +1280,65 @@ public class WizardPanelBase implements IWizardPanel {
}
public void updateCertChain(IConfigStore config, String name, String host,
- int port, boolean https, Context context) throws IOException {
- updateCertChain(config, name, host, port, https, context, null);
+ int https_admin_port, boolean https, Context context) throws IOException {
+ updateCertChain( config, name, host, https_admin_port,
+ https, context, null );
}
public void updateCertChain(IConfigStore config, String name, String host,
- int port, boolean https, Context context,
+ int https_admin_port, boolean https, Context context,
ConfigCertApprovalCallback certApprovalCallback) throws IOException {
- String certchain = getCertChain(host, port, https, certApprovalCallback);
+ String certchain = getCertChainUsingSecureAdminPort( host,
+ https_admin_port,
+ https,
+ certApprovalCallback );
+ config.putString("preop."+name+".pkcs7", certchain);
+
+ byte[] decoded = CryptoUtil.base64Decode(certchain);
+ java.security.cert.X509Certificate[] b_certchain = null;
+
+ try {
+ b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded);
+ } catch (Exception e) {
+ context.put("errorString",
+ "Failed to get the certificate chain.");
+ return;
+ }
+
+ int size = 0;
+ if (b_certchain != null) {
+ size = b_certchain.length;
+ }
+ config.putInteger("preop."+name+".certchain.size", size);
+ for (int i = 0; i < size; i++) {
+ byte[] bb = null;
+
+ try {
+ bb = b_certchain[i].getEncoded();
+ } catch (Exception e) {
+ context.put("errorString",
+ "Failed to get the der-encoded certificate chain.");
+ return;
+ }
+ config.putString("preop."+name+".certchain." + i,
+ CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb)));
+ }
+
+ try {
+ config.commit(false);
+ } catch (EBaseException e) {
+ }
+ }
+
+ public void updateCertChainUsingSecureEEPort( IConfigStore config,
+ String name, String host,
+ int https_ee_port,
+ boolean https,
+ Context context,
+ ConfigCertApprovalCallback certApprovalCallback ) throws IOException {
+ String certchain = getCertChainUsingSecureEEPort( host, https_ee_port,
+ https,
+ certApprovalCallback);
config.putString("preop."+name+".pkcs7", certchain);
byte[] decoded = CryptoUtil.base64Decode(certchain);
@@ -1238,13 +1442,15 @@ public class WizardPanelBase implements IWizardPanel {
public void reloginSecurityDomain(HttpServletResponse response) {
IConfigStore cs = CMS.getConfigStore();
try {
- String hostname = cs.getString("preop.securitydomain.host", "");
- int port = cs.getInteger("preop.securitydomain.httpsport", -1);
+ String hostname = cs.getString("securitydomain.host", "");
+ int port = cs.getInteger("securitydomain.httpsadminport", -1);
+ String cs_hostname = cs.getString("machineName", "");
+ int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1);
int panel = getPanelNo();
String subsystem = cs.getString("cs.type", "");
- String urlVal = "https://"+CMS.getEESSLHost()+":"+CMS.getEESSLPort()+"/"+toLowerCaseSubsystemType(subsystem)+"/admin/console/config/wizard?p="+panel+"&subsystem="+subsystem;
+ String urlVal = "https://"+cs_hostname+":"+cs_port+"/"+toLowerCaseSubsystemType(subsystem)+"/admin/console/config/wizard?p="+panel+"&subsystem="+subsystem;
String encodedValue = URLEncoder.encode(urlVal, "UTF-8");
- String sdurl = "https://"+hostname+":"+port+"/ca/ee/ca/securityDomainLogin?url="+encodedValue;
+ String sdurl = "https://"+hostname+":"+port+"/ca/admin/ca/securityDomainLogin?url="+encodedValue;
response.sendRedirect(sdurl);
} catch (Exception e) {
CMS.debug("WizardPanelBase reloginSecurityDomain: Exception="+e.toString());
generated by cgit (git 2.34.1) at 2024-06-30 20:52:02 +0000