summaryrefslogtreecommitdiffstats
path: root/pki/base/common
diff options
context:
space:
mode:
authormharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2009-05-30 01:32:34 +0000
committermharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2009-05-30 01:32:34 +0000
commit33e21f6e9a78056ca03ae7181bd4cdf5a31d7c4b (patch)
tree117da62f23b2ffe3ca7692e261442837c5338622 /pki/base/common
parent720381acc9bb84cf2d771adfc9758f28b1369e6a (diff)
downloadpki-33e21f6e9a78056ca03ae7181bd4cdf5a31d7c4b.tar.gz
pki-33e21f6e9a78056ca03ae7181bd4cdf5a31d7c4b.tar.xz
pki-33e21f6e9a78056ca03ae7181bd4cdf5a31d7c4b.zip
Bugzilla Bug #500733 - Subordinate CA - administrator certificate import fails
(install wizard) git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@517 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/common')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java40
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java7
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java4
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java40
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java12
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java51
6 files changed, 144 insertions, 10 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java
index e8b0346a2..0c9a24bff 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java
@@ -140,9 +140,10 @@ public class AdminPanel extends WizardPanelBase {
String info = "";
context.put("import", "true");
+ String subsystemtype = "";
try {
type = cs.getString("preop.ca.type", "");
- String subsystemtype = cs.getString("cs.type", "");
+ subsystemtype = cs.getString("cs.type", "");
} catch (Exception e) {}
if (isPanelDone()) {
@@ -233,9 +234,14 @@ public class AdminPanel extends WizardPanelBase {
context.put("import", "true");
String type = "";
+ String subsystemtype = "";
+ String security_domain_type = "";
+ String selected_hierarchy = "";
try {
type = config.getString(PRE_CA_TYPE, "");
- String subsystemtype = config.getString("cs.type", "");
+ subsystemtype = config.getString("cs.type", "");
+ security_domain_type = config.getString("securitydomain.select","");
+ selected_hierarchy = config.getString("preop.hierarchy.select", "");
} catch (Exception e) {}
ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca");
@@ -263,8 +269,17 @@ public class AdminPanel extends WizardPanelBase {
throw e;
}
- if (ca != null) {
- CMS.debug("AdminPanel update: this is CA subsystem");
+ // REMINDER: This panel is NOT used by "clones"
+ if( ( ca != null ) && ( security_domain_type.equals( "new" ) ) ) {
+ if( selected_hierarchy.equals( "root" ) ) {
+ CMS.debug( "AdminPanel update: "
+ + "Root CA subsystem - "
+ + "(new Security Domain)" );
+ } else {
+ CMS.debug( "AdminPanel update: "
+ + "Subordinate CA subsystem - "
+ + "(new Security Domain)" );
+ }
try {
createAdminCertificate(request, response, context);
@@ -278,6 +293,23 @@ public class AdminPanel extends WizardPanelBase {
String ca_hostname = null;
int ca_port = -1;
+ // REMINDER: This panel is NOT used by "clones"
+ if( subsystemtype.equals( "CA" ) ) {
+ if( selected_hierarchy.equals( "root" ) ) {
+ CMS.debug( "AdminPanel update: "
+ + "Root CA subsystem - "
+ + "(existing Security Domain)" );
+ } else {
+ CMS.debug( "AdminPanel update: "
+ + "Subordinate CA subsystem - "
+ + "(existing Security Domain)" );
+ }
+ } else {
+ CMS.debug( "AdminPanel update: "
+ + subsystemtype
+ + " subsystem" );
+ }
+
if (type.equals("sdca")) {
try {
ca_hostname = config.getString("preop.ca.hostname");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java
index 339a92444..7c9895e05 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java
@@ -63,6 +63,7 @@ public class CreateSubsystemPanel extends WizardPanelBase {
public void cleanUp() throws IOException {
IConfigStore cs = CMS.getConfigStore();
cs.putString("preop.subsystem.select", "");
+ cs.putString("subsystem.select", "");
}
public boolean isPanelDone() {
@@ -199,9 +200,10 @@ public class CreateSubsystemPanel extends WizardPanelBase {
config.putString("preop.subsystem.name",
HttpInput.getName(request, "subsystemName"));
- if (select.equals("newsubsystem"))
+ if (select.equals("newsubsystem")) {
config.putString("preop.subsystem.select", "new");
- else if (select.equals("clonesubsystem")) {
+ config.putString("subsystem.select", "New");
+ } else if (select.equals("clonesubsystem")) {
String cstype = "";
try {
cstype = config.getString("cs.type", "");
@@ -211,6 +213,7 @@ public class CreateSubsystemPanel extends WizardPanelBase {
cstype = toLowerCaseSubsystemType(cstype);
config.putString("preop.subsystem.select", "clone");
+ config.putString("subsystem.select", "Clone");
String lists = "";
try {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java
index 37231edfa..ed552c9fa 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java
@@ -77,6 +77,7 @@ public class HierarchyPanel extends WizardPanelBase {
if (s != null && s.equals("clone")) {
// mark this panel as done
c.putString("preop.hierarchy.select","root");
+ c.putString("hierarchy.select","Clone");
return true;
}
} catch (EBaseException e) {
@@ -88,6 +89,7 @@ public class HierarchyPanel extends WizardPanelBase {
public void cleanUp() throws IOException {
IConfigStore cs = CMS.getConfigStore();
cs.putString("preop.hierarchy.select", "");
+ cs.putString("hierarchy.select", "");
}
public boolean isPanelDone() {
@@ -171,6 +173,7 @@ public class HierarchyPanel extends WizardPanelBase {
if (select.equals("root")) {
config.putString("preop.hierarchy.select", "root");
+ config.putString("hierarchy.select", "Root");
config.putString("preop.ca.type", "sdca");
try {
config.commit(false);
@@ -178,6 +181,7 @@ public class HierarchyPanel extends WizardPanelBase {
} else if (select.equals("join")) {
config.putString(PCERT_PREFIX + "signing.type", "remote");
config.putString("preop.hierarchy.select", "join");
+ config.putString("hierarchy.select", "Subordinate");
} else {
config.putString(PCERT_PREFIX + "signing.type", "remote");
CMS.debug("HierarchyPanel: invalid choice " + select);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java
index 8c40c8d79..7487694df 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java
@@ -138,8 +138,12 @@ public class ImportAdminCertPanel extends WizardPanelBase {
} catch (Exception e) {}
} else if (type.equals("sdca")) {
try {
+ // If this code is selected (e. g. - Subordinate CAs
+ // that are NOT their own Security Domain), it MUST
+ // still pass the "httpsadminport" associated with the
+ // Security Domain CA as defined via the NamePanel.
caHost = cs.getString("preop.ca.hostname", "");
- caPort = cs.getString("preop.ca.httpsport", "");
+ caPort = cs.getString("preop.ca.httpsadminport", "");
} catch (Exception e) {}
}
} else {
@@ -180,10 +184,14 @@ public class ImportAdminCertPanel extends WizardPanelBase {
String type = "";
String subsystemtype = "";
+ String security_domain_type = "";
+ String selected_hierarchy = "";
try {
type = cs.getString("preop.ca.type", "");
subsystemtype = cs.getString("cs.type", "");
+ security_domain_type = cs.getString("securitydomain.select", "");
+ selected_hierarchy = cs.getString("preop.hierarchy.select", "");
} catch (Exception e) {}
ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(
@@ -198,9 +206,20 @@ public class ImportAdminCertPanel extends WizardPanelBase {
X509CertImpl certs[] = new X509CertImpl[1];
- if (ca != null) {
+ // REMINDER: This panel is NOT used by "clones"
+ if( ( ca != null ) && ( security_domain_type.equals( "new" ) ) ) {
String serialno = null;
+ if( selected_hierarchy.equals( "root" ) ) {
+ CMS.debug( "ImportAdminCertPanel update: "
+ + "Root CA subsystem - "
+ + "(new Security Domain)" );
+ } else {
+ CMS.debug( "ImportAdminCertPanel update: "
+ + "Subordinate CA subsystem - "
+ + "(new Security Domain)" );
+ }
+
try {
serialno = cs.getString("preop.admincert.serialno.0");
} catch (Exception e) {
@@ -218,6 +237,23 @@ public class ImportAdminCertPanel extends WizardPanelBase {
} else {
String dir = null;
+ // REMINDER: This panel is NOT used by "clones"
+ if( subsystemtype.equals( "CA" ) ) {
+ if( selected_hierarchy.equals( "root" ) ) {
+ CMS.debug( "ImportAdminCertPanel update: "
+ + "Root CA subsystem - "
+ + "(existing Security Domain)" );
+ } else {
+ CMS.debug( "ImportAdminCertPanel update: "
+ + "Subordinate CA subsystem - "
+ + "(existing Security Domain)" );
+ }
+ } else {
+ CMS.debug( "ImportAdminCertPanel update: "
+ + subsystemtype
+ + " subsystem" );
+ }
+
try {
dir = cs.getString("preop.admincert.b64", "");
CMS.debug("ImportAdminCertPanel update: dir=" + dir);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java
index 8b5554593..8236ed378 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java
@@ -808,6 +808,7 @@ public class NamePanel extends WizardPanelBase {
private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException {
CMS.debug("NamePanel update: this is the CA in the security domain.");
CMS.debug("NamePanel update: selected CA hostname=" + hostname + " port=" + httpsPortStr);
+ String https_admin_port = "";
IConfigStore config = CMS.getConfigStore();
context.put("sdcaHostname", hostname);
@@ -818,19 +819,26 @@ public class NamePanel extends WizardPanelBase {
throw new IOException("Hostname is null");
}
+ // Retrieve the associated HTTPS Admin port so that it
+ // may be stored for use with ImportAdminCertPanel
+ https_admin_port = getSecurityDomainAdminPort( config,
+ hostname,
+ httpsPortStr );
+
int httpsport = -1;
try {
httpsport = Integer.parseInt(httpsPortStr);
} catch (Exception e) {
CMS.debug(
- "NamePanel update: Http port is not valid. Exception: "
+ "NamePanel update: Https port is not valid. Exception: "
+ e.toString());
- throw new IOException("Http Port is not valid.");
+ throw new IOException("Https Port is not valid.");
}
config.putString("preop.ca.hostname", hostname);
config.putString("preop.ca.httpsport", httpsPortStr);
+ config.putString("preop.ca.httpsadminport", https_admin_port);
ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
updateCertChainUsingSecureEEPort( config, "ca", hostname,
httpsport, true, context,
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java
index 1beac3776..529e493e8 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java
@@ -1058,6 +1058,57 @@ public class WizardPanelBase implements IWizardPanel {
return v;
}
+ // Given an HTTPS Hostname and EE port,
+ // retrieve the associated HTTPS Admin port
+ public String getSecurityDomainAdminPort( IConfigStore config,
+ String hostname,
+ String https_ee_port ) {
+ String https_admin_port = new String();
+
+ try {
+ String sd_hostname = config.getString( "securitydomain.host" );
+ int sd_httpsadminport =
+ config.getInteger( "securitydomain.httpsadminport" );
+
+ CMS.debug( "Getting domain.xml from CA ..." );
+ String c = getDomainXML( sd_hostname, sd_httpsadminport, true );
+
+ CMS.debug( "Getting associated HTTPS Admin port from " +
+ "HTTPS Hostname '" + hostname +
+ "' and EE port '" + https_ee_port + "'" );
+ ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() );
+ XMLObject parser = new XMLObject( bis );
+ Document doc = parser.getDocument();
+ NodeList nodeList = doc.getElementsByTagName( "CA" );
+
+ int len = nodeList.getLength();
+ for( int i = 0; i < len; i++ ) {
+ Vector v_hostname =
+ parser.getValuesFromContainer( nodeList.item(i),
+ "Host" );
+
+ Vector v_https_ee_port =
+ parser.getValuesFromContainer( nodeList.item(i),
+ "SecurePort" );
+
+ Vector v_https_admin_port =
+ parser.getValuesFromContainer( nodeList.item(i),
+ "SecureAdminPort" );
+
+ if( v_hostname.elementAt( 0 ).equals( hostname ) &&
+ v_https_ee_port.elementAt( 0 ).equals( https_ee_port ) ) {
+ https_admin_port =
+ v_https_admin_port.elementAt( 0 ).toString();
+ break;
+ }
+ }
+ } catch (Exception e) {
+ CMS.debug( e.toString() );
+ }
+
+ return( https_admin_port );
+ }
+
public String getSecurityDomainPort( IConfigStore config,
String portType ) {
String port = new String();