summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet
diff options
context:
space:
mode:
authoralee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2008-10-14 18:43:16 +0000
committeralee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2008-10-14 18:43:16 +0000
commit948bfc4c428b49d3931e2f037307e53d80fc77f0 (patch)
tree9da7df6c422bc4485ba7bc7dbc15bb1e4f3b1d18 /pki/base/common/src/com/netscape/cms/servlet
parente94a77f77f6020cd8557366b42017ef6d7f5f669 (diff)
downloadpki-948bfc4c428b49d3931e2f037307e53d80fc77f0.tar.gz
pki-948bfc4c428b49d3931e2f037307e53d80fc77f0.tar.xz
pki-948bfc4c428b49d3931e2f037307e53d80fc77f0.zip
bz223361 - security domains in ldap
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@127 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java164
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java145
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java33
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java313
4 files changed, 508 insertions, 147 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
index 28008a451..a4a0687a1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
@@ -34,6 +34,7 @@ import com.netscape.certsrv.dbs.crldb.*;
import com.netscape.certsrv.ocsp.*;
import com.netscape.certsrv.logging.*;
import com.netscape.cmsutil.util.Cert;
+import com.netscape.cmsutil.password.*;
import netscape.security.x509.*;
import netscape.ldap.*;
import java.net.*;
@@ -82,6 +83,69 @@ public class DonePanel extends WizardPanelBase {
return set;
}
+ private LDAPConnection getLDAPConn(Context context)
+ throws IOException
+ {
+ IConfigStore cs = CMS.getConfigStore();
+
+ String host = "";
+ String port = "";
+ String pwd = null;
+ String binddn = "";
+ String security = "";
+
+ IPasswordStore pwdStore = CMS.getPasswordStore();
+
+ if (pwdStore != null) {
+ CMS.debug("DonePanel: getLDAPConn: password store available");
+ pwd = pwdStore.getPassword("internaldb");
+ }
+
+ if ( pwd == null) {
+ throw new IOException("DonePanel: Failed to obtain password from password store");
+ }
+
+ try {
+ host = cs.getString("internaldb.ldapconn.host");
+ port = cs.getString("internaldb.ldapconn.port");
+ binddn = cs.getString("internaldb.ldapauth.bindDN");
+ security = cs.getString("internaldb.ldapconn.secureConn");
+ } catch (Exception e) {
+ CMS.debug("DonePanel: getLDAPConn" + e.toString());
+ throw new IOException(
+ "Failed to retrieve LDAP information from CS.cfg.");
+ }
+
+ int p = -1;
+
+ try {
+ p = Integer.parseInt(port);
+ } catch (Exception e) {
+ CMS.debug("DonePanel getLDAPConn: " + e.toString());
+ throw new IOException("Port is not valid");
+ }
+
+ LDAPConnection conn = null;
+ if (security.equals("true")) {
+ CMS.debug("DonePanel getLDAPConn: creating secure (SSL) connection for internal ldap");
+ conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
+ } else {
+ CMS.debug("DonePanel getLDAPConn: creating non-secure (non-SSL) connection for internal ldap");
+ conn = new LDAPConnection();
+ }
+
+ CMS.debug("DonePanel connecting to " + host + ":" + p);
+ try {
+ conn.connect(host, p, binddn, pwd);
+ } catch (LDAPException e) {
+ CMS.debug("DonePanel getLDAPConn: " + e.toString());
+ throw new IOException("Failed to connect to the internal database.");
+ }
+
+ return conn;
+ }
+
+
/**
* Display the panel.
*/
@@ -158,46 +222,72 @@ public class DonePanel extends WizardPanelBase {
String s = getSubsystemNodeName(type);
if (sdtype.equals("new")) {
try {
- String instanceRoot = cs.getString("instanceRoot", "");
- String domainxml = instanceRoot+"/conf/domain.xml";
- XMLObject obj = new XMLObject(new FileInputStream(domainxml));
- Node n = obj.getContainer(s);
- NodeList nlist = n.getChildNodes();
- String countS = "";
- Node countnode = null;
- for (int i=0; i<nlist.getLength(); i++) {
- Element nn = (Element)nlist.item(i);
- String tagname = nn.getTagName();
- if (tagname.equals("SubsystemCount")) {
- countnode = nn;
- NodeList nlist1 = nn.getChildNodes();
- Node nn1 = nlist1.item(0);
- countS = nn1.getNodeValue();
- break;
- }
+ LDAPConnection conn = getLDAPConn(context);
+
+ String basedn = cs.getString("internaldb.basedn");
+ String secdomain = cs.getString("preop.securitydomain.name");
+
+ try {
+ // Create security domain ldap entry
+ String dn = "ou=Security Domain," + basedn;
+ CMS.debug("DonePanel: creating ldap entry : " + dn);
+
+ LDAPEntry entry = null;
+ LDAPAttributeSet attrs = null;
+ attrs = new LDAPAttributeSet();
+ attrs.add(new LDAPAttribute("objectclass", "top"));
+ attrs.add(new LDAPAttribute("objectclass", "pkiSecurityDomain"));
+ attrs.add(new LDAPAttribute("name", secdomain));
+ attrs.add(new LDAPAttribute("ou", "Security Domain"));
+ entry = new LDAPEntry(dn, attrs);
+ conn.add(entry);
+ } catch (Exception e) {
+ CMS.debug("Unable to create security domain");
+ throw e;
}
- Node parent = obj.createContainer(n, type);
- obj.addItemToContainer(parent, "SubsystemName", subsystemName);
- obj.addItemToContainer(parent, "Host", sd_host);
- obj.addItemToContainer(parent, "SecurePort", sd_port);
- obj.addItemToContainer(parent, "DomainManager", "true");
- obj.addItemToContainer(parent, "Clone", "false");
-
- CMS.debug("DonePanel display: SubsystemCount="+countS);
- int count = 0;
+
+ try {
+ // create list containers
+ String clist[] = {"CAList", "OCSPList", "KRAList", "RAList", "TKSList", "TPSList"};
+ for (int i=0; i< clist.length; i++) {
+ LDAPEntry entry = null;
+ LDAPAttributeSet attrs = null;
+ String dn = "cn=" + clist[i] + ",ou=Security Domain," + basedn;
+ attrs = new LDAPAttributeSet();
+ attrs.add(new LDAPAttribute("objectclass", "top"));
+ attrs.add(new LDAPAttribute("objectclass", "pkiSecurityGroup"));
+ attrs.add(new LDAPAttribute("cn", clist[i]));
+ entry = new LDAPEntry(dn, attrs);
+ conn.add(entry);
+ }
+ } catch (Exception e) {
+ CMS.debug("Unable to create security domain list groups" );
+ throw e;
+ }
+
try {
- count = Integer.parseInt(countS);
- count++;
- } catch (Exception ee) {
+ // Add this host (only CA can create new domain)
+ String cn = ownhost + ":" + ownsport;
+ String dn = "cn=" + cn + ",cn=CAList,ou=Security Domain," + basedn;
+ LDAPEntry entry = null;
+ LDAPAttributeSet attrs = null;
+ attrs = new LDAPAttributeSet();
+ attrs.add(new LDAPAttribute("objectclass", "top"));
+ attrs.add(new LDAPAttribute("objectclass", "pkiSubsystem"));
+ attrs.add(new LDAPAttribute("Host", ownhost));
+ attrs.add(new LDAPAttribute("SecurePort", ownsport));
+ attrs.add(new LDAPAttribute("Clone", "false"));
+ attrs.add(new LDAPAttribute("SubsystemName", subsystemName));
+ attrs.add(new LDAPAttribute("cn", cn));
+ attrs.add(new LDAPAttribute("DomainManager", "true"));
+ entry = new LDAPEntry(dn, attrs);
+ conn.add(entry);
+ } catch (Exception e) {
+ CMS.debug("Unable to create host entry in security domain");
+ throw e;
}
-
- Node nn2 = n.removeChild(countnode);
- obj.addItemToContainer(n, "SubsystemCount", ""+count);
- CMS.debug("DonePanel display: finish updating domain.xml");
- byte[] b = obj.toByteArray();
- FileOutputStream fos = new FileOutputStream(domainxml);
- fos.write(b);
- fos.close();
+ cs.putString("securitydomain.store", "ldap");
+ CMS.debug("DonePanel display: finish updating domain info");
} catch (Exception e) {
CMS.debug("DonePanel display: "+e.toString());
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java
index 09fb91c6a..bd4d6b7ab 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java
@@ -82,39 +82,136 @@ public class GetDomainXML extends CMSServlet {
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
+ ServletContext context = cmsReq.getServletContext();
- String outputString = null;
-
- String path = CMS.getConfigStore().getString("instanceRoot", "")
- + "/conf/domain.xml";
-
- CMS.debug("GetDomainXML: got path=" + path);
+ String status = SUCCESS;
+ String basedn = null;
+ String secstore = null;
+ IConfigStore cs = CMS.getConfigStore();
try {
- CMS.debug("GetDomainXML: Reading domain.xml...");
- FileInputStream fis = new FileInputStream(path);
- int s = fis.available();
-
- CMS.debug("GetDomainXML: size " + s);
- byte buf[] = new byte[s];
-
- fis.read(buf, 0, s);
- fis.close();
- CMS.debug("GetDomainXML: Done Reading domain.xml...");
-
- XMLObject xmlObj = new XMLObject();
- Node root = xmlObj.createRoot("XMLResponse");
-
- xmlObj.addItemToContainer(root, "Status", SUCCESS);
- xmlObj.addItemToContainer(root, "DomainInfo", new String(buf));
- byte[] cb = xmlObj.toByteArray();
+ secstore = cs.getString("securitydomain.store");
+ basedn = cs.getString("internaldb.basedn");
+ }
+ catch (Exception e) {
+ CMS.debug("Unable to determine the security domain name or internal basedn. Please run the domaininfo migration script");
+ }
+ try {
+ XMLObject response = new XMLObject();
+ Node root = response.createRoot("XMLResponse");
+
+ if ((secstore != null) && (basedn != null) && (secstore.equals("ldap"))) {
+ ILdapConnFactory connFactory = null;
+ LDAPConnection conn = null;
+ try {
+ // get data from ldap
+ String[] entries = {};
+ String filter = "objectclass=*";
+ LDAPSearchConstraints cons = null;
+ String[] attrs = null;
+ String dn = "ou=Security Domain," + basedn;
+
+ IConfigStore ldapConfig = cs.getSubStore("internaldb");
+ connFactory = CMS.getLdapBoundConnFactory();
+ connFactory.init(ldapConfig);
+ conn = connFactory.getConn();
+
+ // get the security domain name
+ String secdomain = (String) conn.read(dn).getAttribute("name").getStringValues().nextElement();
+
+ XMLObject xmlObj = new XMLObject();
+ Node domainInfo = xmlObj.createRoot("DomainInfo");
+ xmlObj.addItemToContainer(domainInfo, "Name", secdomain);
+
+ // this should return CAList, KRAList etc.
+ LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter,
+ attrs, true, cons);
+
+ while (res.hasMoreElements()) {
+ int count = 0;
+ dn = res.next().getDN();
+ String listName = dn.substring(3, dn.indexOf(","));
+ String subType = listName.substring(0, listName.indexOf("List"));
+ Node listNode = xmlObj.createContainer(domainInfo, listName);
+
+ filter = "objectclass=pkiSubsystem";
+ LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_ONE, filter,
+ attrs, false, cons);
+ while (res2.hasMoreElements()) {
+ Node node = xmlObj.createContainer(listNode, subType);
+ LDAPEntry entry = res2.next();
+ LDAPAttributeSet entryAttrs = entry.getAttributeSet();
+ Enumeration attrsInSet = entryAttrs.getAttributes();
+ while (attrsInSet.hasMoreElements()) {
+ LDAPAttribute nextAttr = (LDAPAttribute) attrsInSet.nextElement();
+ String attrName = nextAttr.getName();
+ if ((! attrName.equals("cn")) && (! attrName.equals("objectClass"))) {
+ String attrValue = (String) nextAttr.getStringValues().nextElement();
+ xmlObj.addItemToContainer(node, securityDomainLDAPtoXML(attrName), attrValue);
+ }
+ }
+ count ++;
+ }
+ xmlObj.addItemToContainer(listNode, "SubsystemCount", Integer.toString(count));
+ }
+
+ // Add new xml object as string to response.
+ response.addItemToContainer(root, "DomainInfo", xmlObj.toXMLString());
+ }
+ catch (Exception e) {
+ CMS.debug("GetDomainXML: Failed to read domain.xml from ldap " + e.toString());
+ status = FAILED;
+ }
+ finally {
+ if ((conn != null) && (connFactory!= null)) {
+ CMS.debug("Releasing ldap connection");
+ connFactory.returnConn(conn);
+ }
+ }
+ }
+ else {
+ // get data from file store
+
+ String path = CMS.getConfigStore().getString("instanceRoot", "")
+ + "/conf/domain.xml";
+
+ CMS.debug("GetDomainXML: got path=" + path);
+
+ try {
+ CMS.debug("GetDomainXML: Reading domain.xml from file ...");
+ FileInputStream fis = new FileInputStream(path);
+ int s = fis.available();
+
+ CMS.debug("GetDomainXML: size " + s);
+ byte buf[] = new byte[s];
+
+ fis.read(buf, 0, s);
+ fis.close();
+ CMS.debug("GetDomainXML: Done Reading domain.xml...");
+
+ response.addItemToContainer(root, "DomainInfo", new String(buf));
+ }
+ catch (Exception e) {
+ CMS.debug("Failed to read domain.xml from file" + e.toString());
+ status = FAILED;
+ }
+ }
+
+ response.addItemToContainer(root, "Status", status);
+ byte[] cb = response.toByteArray();
outputResult(httpResp, "application/xml", cb);
+
} catch (Exception e) {
- CMS.debug("GetDomainXML: Failed to send the XML output");
+ CMS.debug("GetDomainXML: Failed to send the XML output" + e.toString());
}
}
+ protected String securityDomainLDAPtoXML(String attribute) {
+ if (attribute.equals("host")) return "Host";
+ else return attribute;
+ }
+
protected void setDefaultTemplates(ServletConfig sc) {}
protected void renderTemplate(
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java
index e5bf90343..830d346e9 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java
@@ -302,39 +302,6 @@ public class SecurityDomainPanel extends WizardPanelBase {
} catch (Exception e) {
}
- String domainxml = instanceRoot+"/conf/domain.xml";
-
- // generate security domain file
- try {
- XMLObject xmlObj = new XMLObject();
-
- CMS.debug("Building Domain Info...");
- Node root = xmlObj.createRoot("DomainInfo");
-
- xmlObj.addItemToContainer(root, "Name",
- HttpInput.getDomainName(request, "sdomainName"));
-
- // put our own info to the file (maybe we should do this later)
- Node kraList = xmlObj.createContainer(root, "KRAList");
- Node tpsList = xmlObj.createContainer(root, "TPSList");
- Node ocspList = xmlObj.createContainer(root, "OCSPList");
- Node raList = xmlObj.createContainer(root, "RAList");
- Node tksList = xmlObj.createContainer(root, "TKSList");
- Node caList = xmlObj.createContainer(root, "CAList");
- xmlObj.addItemToContainer(caList, "SubsystemCount", "0");
- xmlObj.addItemToContainer(tksList, "SubsystemCount", "0");
- xmlObj.addItemToContainer(raList, "SubsystemCount", "0");
- xmlObj.addItemToContainer(ocspList, "SubsystemCount", "0");
- xmlObj.addItemToContainer(tpsList, "SubsystemCount", "0");
- xmlObj.addItemToContainer(kraList, "SubsystemCount", "0");
-
- byte[] cb = xmlObj.toByteArray();
- FileOutputStream fos = new FileOutputStream(domainxml);
- fos.write(cb);
- fos.close();
- } catch (Exception e) {
- CMS.debug("Failed to send the XML output");
- }
} else if (select.equals("existingdomain")) {
config.putString("preop.securitydomain.select", "existing");
config.putString("securitydomain.select", "existing");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java
index 2102e2fb7..21cf773c8 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java
@@ -69,6 +69,120 @@ public class UpdateDomainXML extends CMSServlet {
CMS.debug("UpdateDomainXML: done initializing...");
}
+ private String remove_from_ldap(String dn) {
+ CMS.debug("UpdateDomainXML: delete_from_ldap: starting dn: " + dn);
+ String status = SUCCESS;
+ ILdapConnFactory connFactory = null;
+ LDAPConnection conn = null;
+ IConfigStore cs = CMS.getConfigStore();
+
+ try {
+ IConfigStore ldapConfig = cs.getSubStore("internaldb");
+ connFactory = CMS.getLdapBoundConnFactory();
+ connFactory.init(ldapConfig);
+ conn = connFactory.getConn();
+ conn.delete(dn);
+ } catch (LDAPException e) {
+ if (e.getLDAPResultCode() != LDAPException.NO_SUCH_OBJECT) {
+ status = FAILED;
+ CMS.debug("Failed to delete entry" + e.toString());
+ }
+ } catch (Exception e) {
+ CMS.debug("Failed to delete entry" + e.toString());
+ } finally {
+ try {
+ if ((conn != null) && (connFactory!= null)) {
+ CMS.debug("Releasing ldap connection");
+ connFactory.returnConn(conn);
+ }
+ }
+ catch (Exception e) {
+ CMS.debug("Error releasing the ldap connection" + e.toString());
+ }
+ }
+ return status;
+ }
+
+ private String modify_ldap(String dn, LDAPModification mod) {
+ CMS.debug("UpdateDomainXML: modify_ldap: starting dn: " + dn);
+ String status = SUCCESS;
+ ILdapConnFactory connFactory = null;
+ LDAPConnection conn = null;
+ IConfigStore cs = CMS.getConfigStore();
+
+ try {
+ IConfigStore ldapConfig = cs.getSubStore("internaldb");
+ connFactory = CMS.getLdapBoundConnFactory();
+ connFactory.init(ldapConfig);
+ conn = connFactory.getConn();
+ conn.modify(dn, mod);
+ } catch (LDAPException e) {
+ if (e.getLDAPResultCode() != LDAPException.NO_SUCH_OBJECT) {
+ status = FAILED;
+ CMS.debug("Failed to modify entry" + e.toString());
+ }
+ } catch (Exception e) {
+ CMS.debug("Failed to modify entry" + e.toString());
+ } finally {
+ try {
+ if ((conn != null) && (connFactory!= null)) {
+ CMS.debug("Releasing ldap connection");
+ connFactory.returnConn(conn);
+ }
+ }
+ catch (Exception e) {
+ CMS.debug("Error releasing the ldap connection" + e.toString());
+ }
+ }
+ return status;
+ }
+
+
+ private String add_to_ldap(LDAPEntry entry, String dn) {
+ CMS.debug("UpdateDomainXML: add_to_ldap: starting");
+ String status = SUCCESS;
+ ILdapConnFactory connFactory = null;
+ LDAPConnection conn = null;
+ IConfigStore cs = CMS.getConfigStore();
+
+ try {
+ IConfigStore ldapConfig = cs.getSubStore("internaldb");
+ connFactory = CMS.getLdapBoundConnFactory();
+ connFactory.init(ldapConfig);
+ conn = connFactory.getConn();
+ conn.add(entry);
+ } catch (LDAPException e) {
+ if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) {
+ CMS.debug("UpdateDomainXML: Entry already exists");
+ try {
+ conn.delete(dn);
+ conn.add(entry);
+ } catch (LDAPException ee) {
+ CMS.debug("UpdateDomainXML: Error when replacing existing entry "+ee.toString());
+ status = FAILED;
+ }
+ } else {
+ CMS.debug("UpdateDomainXML: Failed to update ldap domain info. Exception: "+e.toString());
+ status = FAILED;
+ }
+ } catch (Exception e) {
+ CMS.debug("Failed to add entry" + e.toString());
+ } finally {
+ try {
+ if ((conn != null) && (connFactory!= null)) {
+ CMS.debug("Releasing ldap connection");
+ connFactory.returnConn(conn);
+ }
+ }
+ catch (Exception e) {
+ CMS.debug("Error releasing the ldap connection" + e.toString());
+ }
+ }
+ return status;
+ }
+
+
+
/**
* Process the HTTP request.
* <ul>
@@ -79,6 +193,7 @@ public class UpdateDomainXML extends CMSServlet {
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
CMS.debug("UpdateDomainXML: processing...");
+ String status = SUCCESS;
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -114,80 +229,172 @@ public class UpdateDomainXML extends CMSServlet {
return;
}
- String path = CMS.getConfigStore().getString("instanceRoot", "")
- + "/conf/domain.xml";
+ String list = httpReq.getParameter("list");
+ String type = httpReq.getParameter("type");
+ String host = httpReq.getParameter("host");
+ String name = httpReq.getParameter("name");
+ String sport = httpReq.getParameter("sport");
+ String domainmgr = httpReq.getParameter("dm");
+ String clone = httpReq.getParameter("clone");
+ String operation = httpReq.getParameter("operation");
- CMS.debug("UpdateDomainXML: got path=" + path);
+ String basedn = null;
+ String secstore = null;
+
+ IConfigStore cs = CMS.getConfigStore();
try {
- // set info into domain.xml
- String list = httpReq.getParameter("list");
-
- String type = httpReq.getParameter("type");
- String host = httpReq.getParameter("host");
- String name = httpReq.getParameter("name");
- String sport = httpReq.getParameter("sport");
- String domainmgr = httpReq.getParameter("dm");
- String clone = httpReq.getParameter("clone");
-
- // insert info
- CMS.debug("UpdateDomainXML: Inserting new domain info");
- XMLObject parser = new XMLObject(new FileInputStream(path));
- Node n = parser.getContainer(list);
- Node parent = parser.createContainer(n, type);
- parser.addItemToContainer(parent, "SubsystemName", name);
- parser.addItemToContainer(parent, "Host", host);
- parser.addItemToContainer(parent, "SecurePort", sport);
- parser.addItemToContainer(parent, "DomainManager", domainmgr);
- parser.addItemToContainer(parent, "Clone", clone);
-
- String countS = "";
- NodeList nlist = n.getChildNodes();
- Node countnode = null;
- for (int i=0; i<nlist.getLength(); i++) {
- Element nn = (Element)nlist.item(i);
- String tagname = nn.getTagName();
- if (tagname.equals("SubsystemCount")) {
- countnode = nn;
- NodeList nlist1 = nn.getChildNodes();
- Node nn1 = nlist1.item(0);
- countS = nn1.getNodeValue();
- break;
- }
+ basedn = cs.getString("internaldb.basedn");
+ secstore = cs.getString("securitydomain.store");
+ }
+ catch (Exception e) {
+ CMS.debug("Unable to determine security domain name or basedn. Please run the domaininfo migration script");
+ }
+
+ if ((basedn != null) && (secstore != null) && (secstore.equals("ldap"))) {
+ // update in ldap
+
+ LDAPEntry entry = null;
+ ILdapConnFactory connFactory = null;
+ LDAPConnection conn = null;
+ String listName = type + "List";
+ String cn = host + ":" + sport;
+ String dn = "cn=" + cn + ",cn=" + listName + ",ou=Security Domain," + basedn;
+ CMS.debug("UpdateDomainXML: updating LDAP entry: " + dn);
+
+ LDAPAttributeSet attrs = null;
+ attrs = new LDAPAttributeSet();
+ attrs.add(new LDAPAttribute("objectclass", "top"));
+ attrs.add(new LDAPAttribute("objectclass", "pkiSubsystem"));
+ attrs.add(new LDAPAttribute("cn", cn));
+ attrs.add(new LDAPAttribute("Host", host));
+ attrs.add(new LDAPAttribute("SecurePort", sport));
+ attrs.add(new LDAPAttribute("DomainManager", domainmgr));
+ attrs.add(new LDAPAttribute("clone", clone));
+ attrs.add(new LDAPAttribute("SubsystemName", name));
+ entry = new LDAPEntry(dn, attrs);
+
+ if ((operation != null) && (operation.equals("remove"))) {
+ status = remove_from_ldap(dn);
+ String adminUserDN = "uid=" + type + "-" + host + "-" + sport + ",ou=People," + basedn;
+ if (status.equals(SUCCESS)) {
+ // remove the client cert for this subsystem's admin
+ status = remove_from_ldap(adminUserDN);
+ if (status.equals(SUCCESS)) {
+ // remove this user from the subsystem group
+ dn = "cn=Subsystem Group, ou=groups," + basedn;
+ LDAPModification mod = new LDAPModification(LDAPModification.DELETE,
+ new LDAPAttribute("uniqueMember", adminUserDN));
+ status = modify_ldap(dn, mod);
+ }
+ }
+ } else {
+ status = add_to_ldap(entry, dn);
}
- CMS.debug("UpdateDomainXML process: SubsystemCount="+countS);
- int count = 0;
+ }
+ else {
+ // update the domain.xml file
+ String path = CMS.getConfigStore().getString("instanceRoot", "")
+ + "/conf/domain.xml";
+
+ CMS.debug("UpdateDomainXML: got path=" + path);
+
try {
- count = Integer.parseInt(countS);
- count++;
- } catch (Exception ee) {
- }
+ // using domain.xml file
+ CMS.debug("UpdateDomainXML: Inserting new domain info");
+ XMLObject parser = new XMLObject(new FileInputStream(path));
+ Node n = parser.getContainer(list);
+ int count =0;
+
+ if ((operation != null) && (operation.equals("remove"))) {
+ // delete node
+ Document doc = parser.getDocument();
+ NodeList nodeList = doc.getElementsByTagName(type);
+ int len = nodeList.getLength();
+
+ for (int i = 0; i < len; i++) {
+ Node nn = (Node) nodeList.item(i);
+ Vector v_name = parser.getValuesFromContainer(nn, "SubsystemName");
+ Vector v_host = parser.getValuesFromContainer(nn, "Host");
+ Vector v_port = parser.getValuesFromContainer(nn, "SecurePort");
+ if ((v_name.elementAt(0).equals(name)) && (v_host.elementAt(0).equals(host))
+ && (v_port.elementAt(0).equals(sport))) {
+ Node parent = nn.getParentNode();
+ Node remNode = parent.removeChild(nn);
+ count --;
+ break;
+ }
+ }
+ } else {
+ // add node
+ Node parent = parser.createContainer(n, type);
+ parser.addItemToContainer(parent, "SubsystemName", name);
+ parser.addItemToContainer(parent, "Host", host);
+ parser.addItemToContainer(parent, "SecurePort", sport);
+ parser.addItemToContainer(parent, "DomainManager", domainmgr);
+ parser.addItemToContainer(parent, "Clone", clone);
+ count ++;
+ }
+ //update count
- Node nn2 = n.removeChild(countnode);
- parser.addItemToContainer(n, "SubsystemCount", ""+count);
+ String countS = "";
+ NodeList nlist = n.getChildNodes();
+ Node countnode = null;
+ for (int i=0; i<nlist.getLength(); i++) {
+ Element nn = (Element)nlist.item(i);
+ String tagname = nn.getTagName();
+ if (tagname.equals("SubsystemCount")) {
+ countnode = nn;
+ NodeList nlist1 = nn.getChildNodes();
+ Node nn1 = nlist1.item(0);
+ countS = nn1.getNodeValue();
+ break;
+ }
+ }
+
+ CMS.debug("UpdateDomainXML process: SubsystemCount="+countS);
+ try {
+ count += Integer.parseInt(countS);
+ } catch (Exception ee) {
+ }
- // recreate domain.xml
- CMS.debug("UpdateDomainXML: Recreating domain.xml");
- byte[] b = parser.toByteArray();
- FileOutputStream fos = new FileOutputStream(path);
- fos.write(b);
- fos.close();
+ Node nn2 = n.removeChild(countnode);
+ parser.addItemToContainer(n, "SubsystemCount", ""+count);
+ // recreate domain.xml
+ CMS.debug("UpdateDomainXML: Recreating domain.xml");
+ byte[] b = parser.toByteArray();
+ FileOutputStream fos = new FileOutputStream(path);
+ fos.write(b);
+ fos.close();
+ } catch (Exception e) {
+ CMS.debug("Failed to update domain.xml file" + e.toString());
+ status = FAILED;
+ }
+ }
+
+ try {
// send success status back to the requestor
CMS.debug("UpdateDomainXML: Sending response");
XMLObject xmlObj = new XMLObject();
Node root = xmlObj.createRoot("XMLResponse");
- xmlObj.addItemToContainer(root, "Status", SUCCESS);
+ xmlObj.addItemToContainer(root, "Status", status);
byte[] cb = xmlObj.toByteArray();
outputResult(httpResp, "application/xml", cb);
} catch (Exception e) {
- CMS.debug("UpdateDomainXML: Failed to send the XML output");
+ CMS.debug("UpdateDomainXML: Failed to send the XML output" + e.toString());
}
}
+ protected String securityDomainXMLtoLDAP(String xmltag) {
+ if (xmltag.equals("Host")) return "host";
+ else return xmltag;
+ }
+
+
protected void setDefaultTemplates(ServletConfig sc) {}
protected void renderTemplate(
generated by cgit (git 2.34.1) at 2024-07-06 17:28:17 +0000