diff options
author | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2008-10-14 18:43:16 +0000 |
---|---|---|
committer | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2008-10-14 18:43:16 +0000 |
commit | 948bfc4c428b49d3931e2f037307e53d80fc77f0 (patch) | |
tree | 9da7df6c422bc4485ba7bc7dbc15bb1e4f3b1d18 /pki/base/common/src/com/netscape/cms/servlet | |
parent | e94a77f77f6020cd8557366b42017ef6d7f5f669 (diff) | |
download | pki-948bfc4c428b49d3931e2f037307e53d80fc77f0.tar.gz pki-948bfc4c428b49d3931e2f037307e53d80fc77f0.tar.xz pki-948bfc4c428b49d3931e2f037307e53d80fc77f0.zip |
bz223361 - security domains in ldap
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@127 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet')
4 files changed, 508 insertions, 147 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java index 28008a451..a4a0687a1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java @@ -34,6 +34,7 @@ import com.netscape.certsrv.dbs.crldb.*; import com.netscape.certsrv.ocsp.*; import com.netscape.certsrv.logging.*; import com.netscape.cmsutil.util.Cert; +import com.netscape.cmsutil.password.*; import netscape.security.x509.*; import netscape.ldap.*; import java.net.*; @@ -82,6 +83,69 @@ public class DonePanel extends WizardPanelBase { return set; } + private LDAPConnection getLDAPConn(Context context) + throws IOException + { + IConfigStore cs = CMS.getConfigStore(); + + String host = ""; + String port = ""; + String pwd = null; + String binddn = ""; + String security = ""; + + IPasswordStore pwdStore = CMS.getPasswordStore(); + + if (pwdStore != null) { + CMS.debug("DonePanel: getLDAPConn: password store available"); + pwd = pwdStore.getPassword("internaldb"); + } + + if ( pwd == null) { + throw new IOException("DonePanel: Failed to obtain password from password store"); + } + + try { + host = cs.getString("internaldb.ldapconn.host"); + port = cs.getString("internaldb.ldapconn.port"); + binddn = cs.getString("internaldb.ldapauth.bindDN"); + security = cs.getString("internaldb.ldapconn.secureConn"); + } catch (Exception e) { + CMS.debug("DonePanel: getLDAPConn" + e.toString()); + throw new IOException( + "Failed to retrieve LDAP information from CS.cfg."); + } + + int p = -1; + + try { + p = Integer.parseInt(port); + } catch (Exception e) { + CMS.debug("DonePanel getLDAPConn: " + e.toString()); + throw new IOException("Port is not valid"); + } + + LDAPConnection conn = null; + if (security.equals("true")) { + CMS.debug("DonePanel getLDAPConn: creating secure (SSL) connection for internal ldap"); + conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + } else { + CMS.debug("DonePanel getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); + conn = new LDAPConnection(); + } + + CMS.debug("DonePanel connecting to " + host + ":" + p); + try { + conn.connect(host, p, binddn, pwd); + } catch (LDAPException e) { + CMS.debug("DonePanel getLDAPConn: " + e.toString()); + throw new IOException("Failed to connect to the internal database."); + } + + return conn; + } + + /** * Display the panel. */ @@ -158,46 +222,72 @@ public class DonePanel extends WizardPanelBase { String s = getSubsystemNodeName(type); if (sdtype.equals("new")) { try { - String instanceRoot = cs.getString("instanceRoot", ""); - String domainxml = instanceRoot+"/conf/domain.xml"; - XMLObject obj = new XMLObject(new FileInputStream(domainxml)); - Node n = obj.getContainer(s); - NodeList nlist = n.getChildNodes(); - String countS = ""; - Node countnode = null; - for (int i=0; i<nlist.getLength(); i++) { - Element nn = (Element)nlist.item(i); - String tagname = nn.getTagName(); - if (tagname.equals("SubsystemCount")) { - countnode = nn; - NodeList nlist1 = nn.getChildNodes(); - Node nn1 = nlist1.item(0); - countS = nn1.getNodeValue(); - break; - } + LDAPConnection conn = getLDAPConn(context); + + String basedn = cs.getString("internaldb.basedn"); + String secdomain = cs.getString("preop.securitydomain.name"); + + try { + // Create security domain ldap entry + String dn = "ou=Security Domain," + basedn; + CMS.debug("DonePanel: creating ldap entry : " + dn); + + LDAPEntry entry = null; + LDAPAttributeSet attrs = null; + attrs = new LDAPAttributeSet(); + attrs.add(new LDAPAttribute("objectclass", "top")); + attrs.add(new LDAPAttribute("objectclass", "pkiSecurityDomain")); + attrs.add(new LDAPAttribute("name", secdomain)); + attrs.add(new LDAPAttribute("ou", "Security Domain")); + entry = new LDAPEntry(dn, attrs); + conn.add(entry); + } catch (Exception e) { + CMS.debug("Unable to create security domain"); + throw e; } - Node parent = obj.createContainer(n, type); - obj.addItemToContainer(parent, "SubsystemName", subsystemName); - obj.addItemToContainer(parent, "Host", sd_host); - obj.addItemToContainer(parent, "SecurePort", sd_port); - obj.addItemToContainer(parent, "DomainManager", "true"); - obj.addItemToContainer(parent, "Clone", "false"); - - CMS.debug("DonePanel display: SubsystemCount="+countS); - int count = 0; + + try { + // create list containers + String clist[] = {"CAList", "OCSPList", "KRAList", "RAList", "TKSList", "TPSList"}; + for (int i=0; i< clist.length; i++) { + LDAPEntry entry = null; + LDAPAttributeSet attrs = null; + String dn = "cn=" + clist[i] + ",ou=Security Domain," + basedn; + attrs = new LDAPAttributeSet(); + attrs.add(new LDAPAttribute("objectclass", "top")); + attrs.add(new LDAPAttribute("objectclass", "pkiSecurityGroup")); + attrs.add(new LDAPAttribute("cn", clist[i])); + entry = new LDAPEntry(dn, attrs); + conn.add(entry); + } + } catch (Exception e) { + CMS.debug("Unable to create security domain list groups" ); + throw e; + } + try { - count = Integer.parseInt(countS); - count++; - } catch (Exception ee) { + // Add this host (only CA can create new domain) + String cn = ownhost + ":" + ownsport; + String dn = "cn=" + cn + ",cn=CAList,ou=Security Domain," + basedn; + LDAPEntry entry = null; + LDAPAttributeSet attrs = null; + attrs = new LDAPAttributeSet(); + attrs.add(new LDAPAttribute("objectclass", "top")); + attrs.add(new LDAPAttribute("objectclass", "pkiSubsystem")); + attrs.add(new LDAPAttribute("Host", ownhost)); + attrs.add(new LDAPAttribute("SecurePort", ownsport)); + attrs.add(new LDAPAttribute("Clone", "false")); + attrs.add(new LDAPAttribute("SubsystemName", subsystemName)); + attrs.add(new LDAPAttribute("cn", cn)); + attrs.add(new LDAPAttribute("DomainManager", "true")); + entry = new LDAPEntry(dn, attrs); + conn.add(entry); + } catch (Exception e) { + CMS.debug("Unable to create host entry in security domain"); + throw e; } - - Node nn2 = n.removeChild(countnode); - obj.addItemToContainer(n, "SubsystemCount", ""+count); - CMS.debug("DonePanel display: finish updating domain.xml"); - byte[] b = obj.toByteArray(); - FileOutputStream fos = new FileOutputStream(domainxml); - fos.write(b); - fos.close(); + cs.putString("securitydomain.store", "ldap"); + CMS.debug("DonePanel display: finish updating domain info"); } catch (Exception e) { CMS.debug("DonePanel display: "+e.toString()); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java index 09fb91c6a..bd4d6b7ab 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java @@ -82,39 +82,136 @@ public class GetDomainXML extends CMSServlet { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); + ServletContext context = cmsReq.getServletContext(); - String outputString = null; - - String path = CMS.getConfigStore().getString("instanceRoot", "") - + "/conf/domain.xml"; - - CMS.debug("GetDomainXML: got path=" + path); + String status = SUCCESS; + String basedn = null; + String secstore = null; + IConfigStore cs = CMS.getConfigStore(); try { - CMS.debug("GetDomainXML: Reading domain.xml..."); - FileInputStream fis = new FileInputStream(path); - int s = fis.available(); - - CMS.debug("GetDomainXML: size " + s); - byte buf[] = new byte[s]; - - fis.read(buf, 0, s); - fis.close(); - CMS.debug("GetDomainXML: Done Reading domain.xml..."); - - XMLObject xmlObj = new XMLObject(); - Node root = xmlObj.createRoot("XMLResponse"); - - xmlObj.addItemToContainer(root, "Status", SUCCESS); - xmlObj.addItemToContainer(root, "DomainInfo", new String(buf)); - byte[] cb = xmlObj.toByteArray(); + secstore = cs.getString("securitydomain.store"); + basedn = cs.getString("internaldb.basedn"); + } + catch (Exception e) { + CMS.debug("Unable to determine the security domain name or internal basedn. Please run the domaininfo migration script"); + } + try { + XMLObject response = new XMLObject(); + Node root = response.createRoot("XMLResponse"); + + if ((secstore != null) && (basedn != null) && (secstore.equals("ldap"))) { + ILdapConnFactory connFactory = null; + LDAPConnection conn = null; + try { + // get data from ldap + String[] entries = {}; + String filter = "objectclass=*"; + LDAPSearchConstraints cons = null; + String[] attrs = null; + String dn = "ou=Security Domain," + basedn; + + IConfigStore ldapConfig = cs.getSubStore("internaldb"); + connFactory = CMS.getLdapBoundConnFactory(); + connFactory.init(ldapConfig); + conn = connFactory.getConn(); + + // get the security domain name + String secdomain = (String) conn.read(dn).getAttribute("name").getStringValues().nextElement(); + + XMLObject xmlObj = new XMLObject(); + Node domainInfo = xmlObj.createRoot("DomainInfo"); + xmlObj.addItemToContainer(domainInfo, "Name", secdomain); + + // this should return CAList, KRAList etc. + LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter, + attrs, true, cons); + + while (res.hasMoreElements()) { + int count = 0; + dn = res.next().getDN(); + String listName = dn.substring(3, dn.indexOf(",")); + String subType = listName.substring(0, listName.indexOf("List")); + Node listNode = xmlObj.createContainer(domainInfo, listName); + + filter = "objectclass=pkiSubsystem"; + LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_ONE, filter, + attrs, false, cons); + while (res2.hasMoreElements()) { + Node node = xmlObj.createContainer(listNode, subType); + LDAPEntry entry = res2.next(); + LDAPAttributeSet entryAttrs = entry.getAttributeSet(); + Enumeration attrsInSet = entryAttrs.getAttributes(); + while (attrsInSet.hasMoreElements()) { + LDAPAttribute nextAttr = (LDAPAttribute) attrsInSet.nextElement(); + String attrName = nextAttr.getName(); + if ((! attrName.equals("cn")) && (! attrName.equals("objectClass"))) { + String attrValue = (String) nextAttr.getStringValues().nextElement(); + xmlObj.addItemToContainer(node, securityDomainLDAPtoXML(attrName), attrValue); + } + } + count ++; + } + xmlObj.addItemToContainer(listNode, "SubsystemCount", Integer.toString(count)); + } + + // Add new xml object as string to response. + response.addItemToContainer(root, "DomainInfo", xmlObj.toXMLString()); + } + catch (Exception e) { + CMS.debug("GetDomainXML: Failed to read domain.xml from ldap " + e.toString()); + status = FAILED; + } + finally { + if ((conn != null) && (connFactory!= null)) { + CMS.debug("Releasing ldap connection"); + connFactory.returnConn(conn); + } + } + } + else { + // get data from file store + + String path = CMS.getConfigStore().getString("instanceRoot", "") + + "/conf/domain.xml"; + + CMS.debug("GetDomainXML: got path=" + path); + + try { + CMS.debug("GetDomainXML: Reading domain.xml from file ..."); + FileInputStream fis = new FileInputStream(path); + int s = fis.available(); + + CMS.debug("GetDomainXML: size " + s); + byte buf[] = new byte[s]; + + fis.read(buf, 0, s); + fis.close(); + CMS.debug("GetDomainXML: Done Reading domain.xml..."); + + response.addItemToContainer(root, "DomainInfo", new String(buf)); + } + catch (Exception e) { + CMS.debug("Failed to read domain.xml from file" + e.toString()); + status = FAILED; + } + } + + response.addItemToContainer(root, "Status", status); + byte[] cb = response.toByteArray(); outputResult(httpResp, "application/xml", cb); + } catch (Exception e) { - CMS.debug("GetDomainXML: Failed to send the XML output"); + CMS.debug("GetDomainXML: Failed to send the XML output" + e.toString()); } } + protected String securityDomainLDAPtoXML(String attribute) { + if (attribute.equals("host")) return "Host"; + else return attribute; + } + protected void setDefaultTemplates(ServletConfig sc) {} protected void renderTemplate( diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java index e5bf90343..830d346e9 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java @@ -302,39 +302,6 @@ public class SecurityDomainPanel extends WizardPanelBase { } catch (Exception e) { } - String domainxml = instanceRoot+"/conf/domain.xml"; - - // generate security domain file - try { - XMLObject xmlObj = new XMLObject(); - - CMS.debug("Building Domain Info..."); - Node root = xmlObj.createRoot("DomainInfo"); - - xmlObj.addItemToContainer(root, "Name", - HttpInput.getDomainName(request, "sdomainName")); - - // put our own info to the file (maybe we should do this later) - Node kraList = xmlObj.createContainer(root, "KRAList"); - Node tpsList = xmlObj.createContainer(root, "TPSList"); - Node ocspList = xmlObj.createContainer(root, "OCSPList"); - Node raList = xmlObj.createContainer(root, "RAList"); - Node tksList = xmlObj.createContainer(root, "TKSList"); - Node caList = xmlObj.createContainer(root, "CAList"); - xmlObj.addItemToContainer(caList, "SubsystemCount", "0"); - xmlObj.addItemToContainer(tksList, "SubsystemCount", "0"); - xmlObj.addItemToContainer(raList, "SubsystemCount", "0"); - xmlObj.addItemToContainer(ocspList, "SubsystemCount", "0"); - xmlObj.addItemToContainer(tpsList, "SubsystemCount", "0"); - xmlObj.addItemToContainer(kraList, "SubsystemCount", "0"); - - byte[] cb = xmlObj.toByteArray(); - FileOutputStream fos = new FileOutputStream(domainxml); - fos.write(cb); - fos.close(); - } catch (Exception e) { - CMS.debug("Failed to send the XML output"); - } } else if (select.equals("existingdomain")) { config.putString("preop.securitydomain.select", "existing"); config.putString("securitydomain.select", "existing"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java index 2102e2fb7..21cf773c8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java @@ -69,6 +69,120 @@ public class UpdateDomainXML extends CMSServlet { CMS.debug("UpdateDomainXML: done initializing..."); } + private String remove_from_ldap(String dn) { + CMS.debug("UpdateDomainXML: delete_from_ldap: starting dn: " + dn); + String status = SUCCESS; + ILdapConnFactory connFactory = null; + LDAPConnection conn = null; + IConfigStore cs = CMS.getConfigStore(); + + try { + IConfigStore ldapConfig = cs.getSubStore("internaldb"); + connFactory = CMS.getLdapBoundConnFactory(); + connFactory.init(ldapConfig); + conn = connFactory.getConn(); + conn.delete(dn); + } catch (LDAPException e) { + if (e.getLDAPResultCode() != LDAPException.NO_SUCH_OBJECT) { + status = FAILED; + CMS.debug("Failed to delete entry" + e.toString()); + } + } catch (Exception e) { + CMS.debug("Failed to delete entry" + e.toString()); + } finally { + try { + if ((conn != null) && (connFactory!= null)) { + CMS.debug("Releasing ldap connection"); + connFactory.returnConn(conn); + } + } + catch (Exception e) { + CMS.debug("Error releasing the ldap connection" + e.toString()); + } + } + return status; + } + + private String modify_ldap(String dn, LDAPModification mod) { + CMS.debug("UpdateDomainXML: modify_ldap: starting dn: " + dn); + String status = SUCCESS; + ILdapConnFactory connFactory = null; + LDAPConnection conn = null; + IConfigStore cs = CMS.getConfigStore(); + + try { + IConfigStore ldapConfig = cs.getSubStore("internaldb"); + connFactory = CMS.getLdapBoundConnFactory(); + connFactory.init(ldapConfig); + conn = connFactory.getConn(); + conn.modify(dn, mod); + } catch (LDAPException e) { + if (e.getLDAPResultCode() != LDAPException.NO_SUCH_OBJECT) { + status = FAILED; + CMS.debug("Failed to modify entry" + e.toString()); + } + } catch (Exception e) { + CMS.debug("Failed to modify entry" + e.toString()); + } finally { + try { + if ((conn != null) && (connFactory!= null)) { + CMS.debug("Releasing ldap connection"); + connFactory.returnConn(conn); + } + } + catch (Exception e) { + CMS.debug("Error releasing the ldap connection" + e.toString()); + } + } + return status; + } + + + private String add_to_ldap(LDAPEntry entry, String dn) { + CMS.debug("UpdateDomainXML: add_to_ldap: starting"); + String status = SUCCESS; + ILdapConnFactory connFactory = null; + LDAPConnection conn = null; + IConfigStore cs = CMS.getConfigStore(); + + try { + IConfigStore ldapConfig = cs.getSubStore("internaldb"); + connFactory = CMS.getLdapBoundConnFactory(); + connFactory.init(ldapConfig); + conn = connFactory.getConn(); + conn.add(entry); + } catch (LDAPException e) { + if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) { + CMS.debug("UpdateDomainXML: Entry already exists"); + try { + conn.delete(dn); + conn.add(entry); + } catch (LDAPException ee) { + CMS.debug("UpdateDomainXML: Error when replacing existing entry "+ee.toString()); + status = FAILED; + } + } else { + CMS.debug("UpdateDomainXML: Failed to update ldap domain info. Exception: "+e.toString()); + status = FAILED; + } + } catch (Exception e) { + CMS.debug("Failed to add entry" + e.toString()); + } finally { + try { + if ((conn != null) && (connFactory!= null)) { + CMS.debug("Releasing ldap connection"); + connFactory.returnConn(conn); + } + } + catch (Exception e) { + CMS.debug("Error releasing the ldap connection" + e.toString()); + } + } + return status; + } + + + /** * Process the HTTP request. * <ul> @@ -79,6 +193,7 @@ public class UpdateDomainXML extends CMSServlet { */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateDomainXML: processing..."); + String status = SUCCESS; HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -114,80 +229,172 @@ public class UpdateDomainXML extends CMSServlet { return; } - String path = CMS.getConfigStore().getString("instanceRoot", "") - + "/conf/domain.xml"; + String list = httpReq.getParameter("list"); + String type = httpReq.getParameter("type"); + String host = httpReq.getParameter("host"); + String name = httpReq.getParameter("name"); + String sport = httpReq.getParameter("sport"); + String domainmgr = httpReq.getParameter("dm"); + String clone = httpReq.getParameter("clone"); + String operation = httpReq.getParameter("operation"); - CMS.debug("UpdateDomainXML: got path=" + path); + String basedn = null; + String secstore = null; + + IConfigStore cs = CMS.getConfigStore(); try { - // set info into domain.xml - String list = httpReq.getParameter("list"); - - String type = httpReq.getParameter("type"); - String host = httpReq.getParameter("host"); - String name = httpReq.getParameter("name"); - String sport = httpReq.getParameter("sport"); - String domainmgr = httpReq.getParameter("dm"); - String clone = httpReq.getParameter("clone"); - - // insert info - CMS.debug("UpdateDomainXML: Inserting new domain info"); - XMLObject parser = new XMLObject(new FileInputStream(path)); - Node n = parser.getContainer(list); - Node parent = parser.createContainer(n, type); - parser.addItemToContainer(parent, "SubsystemName", name); - parser.addItemToContainer(parent, "Host", host); - parser.addItemToContainer(parent, "SecurePort", sport); - parser.addItemToContainer(parent, "DomainManager", domainmgr); - parser.addItemToContainer(parent, "Clone", clone); - - String countS = ""; - NodeList nlist = n.getChildNodes(); - Node countnode = null; - for (int i=0; i<nlist.getLength(); i++) { - Element nn = (Element)nlist.item(i); - String tagname = nn.getTagName(); - if (tagname.equals("SubsystemCount")) { - countnode = nn; - NodeList nlist1 = nn.getChildNodes(); - Node nn1 = nlist1.item(0); - countS = nn1.getNodeValue(); - break; - } + basedn = cs.getString("internaldb.basedn"); + secstore = cs.getString("securitydomain.store"); + } + catch (Exception e) { + CMS.debug("Unable to determine security domain name or basedn. Please run the domaininfo migration script"); + } + + if ((basedn != null) && (secstore != null) && (secstore.equals("ldap"))) { + // update in ldap + + LDAPEntry entry = null; + ILdapConnFactory connFactory = null; + LDAPConnection conn = null; + String listName = type + "List"; + String cn = host + ":" + sport; + String dn = "cn=" + cn + ",cn=" + listName + ",ou=Security Domain," + basedn; + CMS.debug("UpdateDomainXML: updating LDAP entry: " + dn); + + LDAPAttributeSet attrs = null; + attrs = new LDAPAttributeSet(); + attrs.add(new LDAPAttribute("objectclass", "top")); + attrs.add(new LDAPAttribute("objectclass", "pkiSubsystem")); + attrs.add(new LDAPAttribute("cn", cn)); + attrs.add(new LDAPAttribute("Host", host)); + attrs.add(new LDAPAttribute("SecurePort", sport)); + attrs.add(new LDAPAttribute("DomainManager", domainmgr)); + attrs.add(new LDAPAttribute("clone", clone)); + attrs.add(new LDAPAttribute("SubsystemName", name)); + entry = new LDAPEntry(dn, attrs); + + if ((operation != null) && (operation.equals("remove"))) { + status = remove_from_ldap(dn); + String adminUserDN = "uid=" + type + "-" + host + "-" + sport + ",ou=People," + basedn; + if (status.equals(SUCCESS)) { + // remove the client cert for this subsystem's admin + status = remove_from_ldap(adminUserDN); + if (status.equals(SUCCESS)) { + // remove this user from the subsystem group + dn = "cn=Subsystem Group, ou=groups," + basedn; + LDAPModification mod = new LDAPModification(LDAPModification.DELETE, + new LDAPAttribute("uniqueMember", adminUserDN)); + status = modify_ldap(dn, mod); + } + } + } else { + status = add_to_ldap(entry, dn); } - CMS.debug("UpdateDomainXML process: SubsystemCount="+countS); - int count = 0; + } + else { + // update the domain.xml file + String path = CMS.getConfigStore().getString("instanceRoot", "") + + "/conf/domain.xml"; + + CMS.debug("UpdateDomainXML: got path=" + path); + try { - count = Integer.parseInt(countS); - count++; - } catch (Exception ee) { - } + // using domain.xml file + CMS.debug("UpdateDomainXML: Inserting new domain info"); + XMLObject parser = new XMLObject(new FileInputStream(path)); + Node n = parser.getContainer(list); + int count =0; + + if ((operation != null) && (operation.equals("remove"))) { + // delete node + Document doc = parser.getDocument(); + NodeList nodeList = doc.getElementsByTagName(type); + int len = nodeList.getLength(); + + for (int i = 0; i < len; i++) { + Node nn = (Node) nodeList.item(i); + Vector v_name = parser.getValuesFromContainer(nn, "SubsystemName"); + Vector v_host = parser.getValuesFromContainer(nn, "Host"); + Vector v_port = parser.getValuesFromContainer(nn, "SecurePort"); + if ((v_name.elementAt(0).equals(name)) && (v_host.elementAt(0).equals(host)) + && (v_port.elementAt(0).equals(sport))) { + Node parent = nn.getParentNode(); + Node remNode = parent.removeChild(nn); + count --; + break; + } + } + } else { + // add node + Node parent = parser.createContainer(n, type); + parser.addItemToContainer(parent, "SubsystemName", name); + parser.addItemToContainer(parent, "Host", host); + parser.addItemToContainer(parent, "SecurePort", sport); + parser.addItemToContainer(parent, "DomainManager", domainmgr); + parser.addItemToContainer(parent, "Clone", clone); + count ++; + } + //update count - Node nn2 = n.removeChild(countnode); - parser.addItemToContainer(n, "SubsystemCount", ""+count); + String countS = ""; + NodeList nlist = n.getChildNodes(); + Node countnode = null; + for (int i=0; i<nlist.getLength(); i++) { + Element nn = (Element)nlist.item(i); + String tagname = nn.getTagName(); + if (tagname.equals("SubsystemCount")) { + countnode = nn; + NodeList nlist1 = nn.getChildNodes(); + Node nn1 = nlist1.item(0); + countS = nn1.getNodeValue(); + break; + } + } + + CMS.debug("UpdateDomainXML process: SubsystemCount="+countS); + try { + count += Integer.parseInt(countS); + } catch (Exception ee) { + } - // recreate domain.xml - CMS.debug("UpdateDomainXML: Recreating domain.xml"); - byte[] b = parser.toByteArray(); - FileOutputStream fos = new FileOutputStream(path); - fos.write(b); - fos.close(); + Node nn2 = n.removeChild(countnode); + parser.addItemToContainer(n, "SubsystemCount", ""+count); + // recreate domain.xml + CMS.debug("UpdateDomainXML: Recreating domain.xml"); + byte[] b = parser.toByteArray(); + FileOutputStream fos = new FileOutputStream(path); + fos.write(b); + fos.close(); + } catch (Exception e) { + CMS.debug("Failed to update domain.xml file" + e.toString()); + status = FAILED; + } + } + + try { // send success status back to the requestor CMS.debug("UpdateDomainXML: Sending response"); XMLObject xmlObj = new XMLObject(); Node root = xmlObj.createRoot("XMLResponse"); - xmlObj.addItemToContainer(root, "Status", SUCCESS); + xmlObj.addItemToContainer(root, "Status", status); byte[] cb = xmlObj.toByteArray(); outputResult(httpResp, "application/xml", cb); } catch (Exception e) { - CMS.debug("UpdateDomainXML: Failed to send the XML output"); + CMS.debug("UpdateDomainXML: Failed to send the XML output" + e.toString()); } } + protected String securityDomainXMLtoLDAP(String xmltag) { + if (xmltag.equals("Host")) return "host"; + else return xmltag; + } + + protected void setDefaultTemplates(ServletConfig sc) {} protected void renderTemplate( |