diff options
author | vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-08-23 18:37:28 +0000 |
---|---|---|
committer | vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-08-23 18:37:28 +0000 |
commit | dcbedb00e5fae3d56bf8091b54773b8f18d4d3ad (patch) | |
tree | ddaeb25344e5e2c1379cd588632a1a926de577ff /pki/base/common | |
parent | 216293aca940f20c72ad5a388f2926657acabe03 (diff) | |
download | pki-dcbedb00e5fae3d56bf8091b54773b8f18d4d3ad.tar.gz pki-dcbedb00e5fae3d56bf8091b54773b8f18d4d3ad.tar.xz pki-dcbedb00e5fae3d56bf8091b54773b8f18d4d3ad.zip |
Resolves #712931 - CS requires too many ports to be open in the FW
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2160 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/common')
6 files changed, 167 insertions, 51 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java index fe32ee799..8a730d519 100755 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java @@ -101,10 +101,12 @@ public class ImportCAChainPanel extends WizardPanelBase { IConfigStore cs = CMS.getConfigStore(); try { context.put("machineName", cs.getString("machineName")); - context.put("https_port", CMS.getEESSLPort()); - context.put("http_port", CMS.getEENonSSLPort()); - } catch (EBaseException e) {} - + context.put("https_port", cs.getString("pkicreate.ee_secure_port")); + context.put("http_port", cs.getString("pkicreate.unsecure_port")); + } catch (EBaseException e) { + CMS.debug("ImportCACertChain:display: Exception: " + e.toString()); + context.put("errorString", "Error loading values for Import CA Certificate Panel"); + } ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca"); @@ -150,8 +152,8 @@ public class ImportCAChainPanel extends WizardPanelBase { IConfigStore cs = CMS.getConfigStore(); try { context.put("machineName", cs.getString("machineName")); - context.put("https_port", CMS.getEESSLPort()); - context.put("http_port", CMS.getEENonSSLPort()); + context.put("https_port", cs.getString("pkicreate.ee_secure_port")); + context.put("http_port", cs.getString("pkicreate.unsecure_port")); context.put("title", "Import CA's Certificate Chain"); context.put("panel", "admin/console/config/importcachainpanel.vm"); } catch (EBaseException e) {} diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java index 848ffba6f..75e02a24b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java @@ -26,6 +26,7 @@ public class AdminRequestFilter implements Filter private static final String HTTPS_SCHEME = "https"; private static final String HTTPS_PORT = "https_port"; private static final String HTTPS_ROLE = "Admin"; + private static final String PROXY_PORT = "proxy_port"; private FilterConfig config; @@ -51,6 +52,7 @@ public class AdminRequestFilter implements Filter String request_port = null; String param_https_port = null; + String param_proxy_port = null; String msg = null; String param_active = null; @@ -84,22 +86,39 @@ public class AdminRequestFilter implements Filter return; } + param_proxy_port = config.getInitParameter(PROXY_PORT); + boolean bad_port = false; + // Compare the request and param "https" ports if( ! param_https_port.equals( request_port ) ) { - String uri = ((HttpServletRequest) request).getRequestURI(); - msg = "Use HTTPS port '" + param_https_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; - CMS.debug( filterName + ": " + msg ); - CMS.debug( filterName + ": uri is " + uri); - if ((param_active != null) &&(param_active.equals("false"))) { - CMS.debug("Filter is disabled .. continuing"); + String uri = ((HttpServletRequest) request).getRequestURI(); + if (param_proxy_port != null) { + if (!param_proxy_port.equals(request_port)) { + msg = "Use HTTPS port '" + param_https_port + + "' or proxy port '" + param_proxy_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; + bad_port = true; + } } else { - resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); - return; + msg = "Use HTTPS port '" + param_https_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; + bad_port = true; + } + if (bad_port) { + CMS.debug( filterName + ": " + msg ); + CMS.debug( filterName + ": uri is " + uri); + if ((param_active != null) &&(param_active.equals("false"))) { + CMS.debug("Filter is disabled .. continuing"); + } else { + resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); + return; + } } } } + // CMS.debug("Exiting the admin filter"); chain.doFilter( request, response ); diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java index e4d1bb3df..da16dc01d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java @@ -26,6 +26,7 @@ public class AgentRequestFilter implements Filter private static final String HTTPS_SCHEME = "https"; private static final String HTTPS_PORT = "https_port"; private static final String HTTPS_ROLE = "Agent"; + private static final String PROXY_PORT = "proxy_port"; private FilterConfig config; @@ -51,6 +52,7 @@ public class AgentRequestFilter implements Filter String request_port = null; String param_https_port = null; + String param_proxy_port = null; String msg = null; String param_active = null; @@ -85,19 +87,35 @@ public class AgentRequestFilter implements Filter return; } + param_proxy_port = config.getInitParameter(PROXY_PORT); + boolean bad_port = false; + // Compare the request and param "https" ports if( ! param_https_port.equals( request_port ) ) { String uri = ((HttpServletRequest) request).getRequestURI(); - msg = "Use HTTPS port '" + param_https_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; - CMS.debug( filterName + ": " + msg ); - CMS.debug( filterName + ": uri is " + uri); - if ((param_active != null) &&(param_active.equals("false"))) { - CMS.debug("Filter is disabled .. continuing"); + if (param_proxy_port != null) { + if (!param_proxy_port.equals(request_port)) { + msg = "Use HTTPS port '" + param_https_port + + "' or proxy port '" + param_proxy_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; + bad_port = true; + } } else { - resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); - return; + msg = "Use HTTPS port '" + param_https_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; + bad_port = true; + } + if (bad_port) { + CMS.debug( filterName + ": " + msg ); + CMS.debug( filterName + ": uri is " + uri); + if ((param_active != null) &&(param_active.equals("false"))) { + CMS.debug("Filter is disabled .. continuing"); + } else { + resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); + return; + } } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java index 6ed6617bc..3c11dbd55 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java @@ -26,6 +26,7 @@ public class EEClientAuthRequestFilter implements Filter private static final String HTTPS_SCHEME = "https"; private static final String HTTPS_PORT = "https_port"; private static final String HTTPS_ROLE = "EE Client Auth"; + private static final String PROXY_PORT = "proxy_port"; private FilterConfig config; @@ -53,6 +54,7 @@ public class EEClientAuthRequestFilter implements Filter String param_https_port = null; String msg = null; String param_active = null; + String param_proxy_port = null; // CMS.debug("Entering the EECA filter"); param_active = config.getInitParameter( "active"); @@ -84,19 +86,35 @@ public class EEClientAuthRequestFilter implements Filter return; } + param_proxy_port = config.getInitParameter(PROXY_PORT); + boolean bad_port = false; + // Compare the request and param "https" ports if( ! param_https_port.equals( request_port ) ) { String uri = ((HttpServletRequest) request).getRequestURI(); - msg = "Use HTTPS port '" + param_https_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; - CMS.debug( filterName + ": " + msg ); - CMS.debug( filterName + ": uri is " + msg); - if ((param_active != null) &&(param_active.equals("false"))) { - CMS.debug("Filter is disabled .. continuing"); + if (param_proxy_port != null) { + if (!param_proxy_port.equals(request_port)) { + msg = "Use HTTPS port '" + param_https_port + + "' or proxy port '" + param_proxy_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; + bad_port = true; + } } else { - resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); - return; + msg = "Use HTTPS port '" + param_https_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; + bad_port = true; + } + if (bad_port) { + CMS.debug( filterName + ": " + msg ); + CMS.debug( filterName + ": uri is " + uri); + if ((param_active != null) &&(param_active.equals("false"))) { + CMS.debug("Filter is disabled .. continuing"); + } else { + resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); + return; + } } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java index 23df05954..69634506e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java @@ -29,6 +29,8 @@ public class EERequestFilter implements Filter private static final String HTTPS_SCHEME = "https"; private static final String HTTPS_PORT = "https_port"; private static final String HTTPS_ROLE = "EE"; + private static final String PROXY_PORT = "proxy_port"; + private static final String PROXY_HTTP_PORT = "proxy_http_port"; private FilterConfig config; @@ -55,6 +57,8 @@ public class EERequestFilter implements Filter String request_port = null; String param_http_port = null; String param_https_port = null; + String param_proxy_port = null; + String param_proxy_http_port = null; String msg = null; String param_active = null; @@ -100,6 +104,10 @@ public class EERequestFilter implements Filter return; } + param_proxy_http_port = config.getInitParameter(PROXY_HTTP_PORT); + param_proxy_port = config.getInitParameter(PROXY_PORT); + boolean bad_port = false; + // If the scheme is "http", compare // the request and param "http" ports; // otherwise, if the scheme is "https", compare @@ -107,32 +115,61 @@ public class EERequestFilter implements Filter if( scheme.equals( HTTP_SCHEME ) ) { if( ! param_http_port.equals( request_port ) ) { String uri = ((HttpServletRequest) request).getRequestURI(); - msg = "Use HTTP port '" + param_http_port - + "' instead of '" + request_port - + "' when performing " + HTTP_ROLE + " tasks!"; - CMS.debug( filterName + ": " + msg ); - CMS.debug( filterName + ": uri is " + uri); - if ((param_active != null) &&(param_active.equals("false"))) { - CMS.debug("Filter is disabled .. continuing"); + if (param_proxy_http_port != null) { + if (!param_proxy_http_port.equals(request_port)) { + msg = "Use HTTP port '" + param_http_port + + "' or proxy port '" + param_proxy_http_port + + "' instead of '" + request_port + + "' when performing " + HTTP_ROLE + " tasks!"; + bad_port = true; + } } else { - resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); - return; + msg = "Use HTTP port '" + param_http_port + + "' instead of '" + request_port + + "' when performing " + HTTP_ROLE + " tasks!"; + bad_port = true; + } + if (bad_port) { + CMS.debug( filterName + ": " + msg ); + CMS.debug( filterName + ": uri is " + uri); + if ((param_active != null) &&(param_active.equals("false"))) { + CMS.debug("Filter is disabled .. continuing"); + } else { + resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); + return; + } } } } else if( scheme.equals( HTTPS_SCHEME ) ) { if( ! param_https_port.equals( request_port ) ) { - msg = "Use HTTPS port '" + param_https_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; - CMS.debug( filterName + ": " + msg ); - if ((param_active != null) &&(param_active.equals("false"))) { - CMS.debug("Filter is disabled .. continuing"); + String uri = ((HttpServletRequest) request).getRequestURI(); + if (param_proxy_port != null) { + if (!param_proxy_port.equals(request_port)) { + msg = "Use HTTPS port '" + param_https_port + + "' or proxy port '" + param_proxy_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; + bad_port = true; + } } else { - resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); - return; + msg = "Use HTTPS port '" + param_https_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; + bad_port = true; + } + if (bad_port) { + CMS.debug( filterName + ": " + msg ); + CMS.debug( filterName + ": uri is " + uri); + if ((param_active != null) &&(param_active.equals("false"))) { + CMS.debug("Filter is disabled .. continuing"); + } else { + resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); + return; + } } } } + } // CMS.debug("Exiting the EE filter"); diff --git a/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java b/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java index b9809043c..afaa5c9fc 100644 --- a/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java +++ b/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java @@ -323,6 +323,7 @@ public class CMSEngine implements ICMSEngine { } } parseServerXML(); + fixProxyPorts(); } /** @@ -543,6 +544,27 @@ public class CMSEngine implements ICMSEngine { } } + private void fixProxyPorts() throws EBaseException { + try { + String port = mConfig.getString("proxy.securePort", ""); + if (!port.equals("")) { + info[EE_SSL][PORT] = port; + info[ADMIN][PORT] = port; + info[AGENT][PORT] = port; + info[EE_CLIENT_AUTH_SSL][PORT] = port; + } + + port = mConfig.getString("proxy.unsecurePort", ""); + if (!port.equals("")) { + info[EE_NON_SSL][PORT] = port; + } + } catch (EBaseException e) { + CMS.debug("CMSEngine: fixProxyPorts exception: " + e.toString()); + throw e; + } + } + + public IConfigStore createFileConfigStore(String path) throws EBaseException { try { /* if the file is not there, create one */ |