diff options
Diffstat (limited to 'base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java')
-rw-r--r-- | base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java | 296 |
1 files changed, 296 insertions, 0 deletions
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java new file mode 100644 index 000000000..03233042c --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java @@ -0,0 +1,296 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.csadmin; + +import java.io.FileNotFoundException; +import java.io.IOException; + +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.velocity.context.Context; +import org.mozilla.jss.CryptoManager; +import org.mozilla.jss.crypto.CryptoToken; +import org.mozilla.jss.util.IncorrectPasswordException; +import org.mozilla.jss.util.Password; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.property.Descriptor; +import com.netscape.certsrv.property.IDescriptor; +import com.netscape.certsrv.property.PropertySet; +import com.netscape.certsrv.util.HttpInput; +import com.netscape.cms.servlet.wizard.WizardServlet; +import com.netscape.cmsutil.password.PlainPasswordReader; +import com.netscape.cmsutil.password.PlainPasswordWriter; + +public class ConfigHSMLoginPanel extends WizardPanelBase { + private CryptoManager mCryptoManager = null; + private String mPwdFilePath = ""; + + public ConfigHSMLoginPanel() { + } + + public void init(ServletConfig config, int panelno) throws ServletException { + try { + mCryptoManager = CryptoManager.getInstance(); + mPwdFilePath = CMS.getConfigStore().getString( + "passwordFile"); + } catch (Exception e) { + CMS.debug("ConfigHSMLoginPanel: " + e.toString()); + } + setPanelNo(panelno); + setName("ConfigHSMLogin"); + } + + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) throws ServletException { + try { + mCryptoManager = CryptoManager.getInstance(); + mPwdFilePath = CMS.getConfigStore().getString( + "passwordFile"); + } catch (Exception e) { + CMS.debug("ConfigHSMLoginPanel: " + e.toString()); + } + setPanelNo(panelno); + setName("ConfigHSMLogin"); + setId(id); + } + + public void cleanUp() throws IOException { + } + + public boolean isPanelDone() { + return true; + } + + public boolean isSubPanel() { + return true; + } + + public boolean isLoopbackPanel() { + return true; + } + + public void display(HttpServletRequest request, + HttpServletResponse response, + Context context) { + + CMS.debug("ConfigHSMLoginPanel: in display()"); + context.put("title", "Security Module Login"); + + // get token selected to be logged in + String tokName = null; + tokName = HttpInput.getTokenName(request, "SecToken"); + + if (tokName != null) { + CMS.debug("ConfigHSMLoginPanel: selected token name= " + tokName); + } else { + CMS.debug("ConfigHSMLoginPanel: missing SecToken name"); + context.put("error", "noTokenName"); + context.put("panel", "admin/console/config/config_hsmloginpanel.vm"); + return; + } + CryptoToken token = null; + + try { + token = mCryptoManager.getTokenByName(tokName); + } catch (Exception e) { + CMS.debug( + "ConfigHSMLoginPanel: getTokenByName() failed: " + + e.toString()); + context.put("error", "tokenNotFound:" + tokName); + context.put("panel", "admin/console/config/config_hsmloginpanel.vm"); + return; + } + // first see if password in password file, try to login + PlainPasswordReader pr = new PlainPasswordReader(); + + try { + pr.init(mPwdFilePath); + } catch (Exception e) { + // is ok to not have it + CMS.debug("ConfigHSMLoginPanel: passwrd file path: " + e.toString()); + } + CMS.debug("ConfigHSMLoginPanel: checking if passwd in cache"); + String tokPwd = pr.getPassword("hardware-" + tokName); + + boolean loggedIn = false; + + if (tokPwd == null) { + CMS.debug("ConfigHSMLoginPanel: passwd not in cache"); + } else { + loggedIn = loginToken(token, tokPwd, context); + } + + if (!loggedIn) { + context.put("status", "display"); + } + context.put("panel", "admin/console/config/config_hsmloginpanel.vm"); + context.put("SecToken", tokName); + } + + // if logged in successfully, returns true + private boolean loginToken(CryptoToken token, String tokPwd, Context context) { + boolean rv = true; + Password password = null; + + password = new Password(tokPwd.toCharArray()); + + try { + if (token.passwordIsInitialized()) { + CMS.debug( + "ConfigHSMLoginPanel: loginToken():token password is initialized"); + if (!token.isLoggedIn()) { + CMS.debug( + "ConfigHSMLoginPanel: loginToken():Token is not logged in, try it"); + token.login(password); + context.put("status", "justLoggedIn"); + } else { + CMS.debug( + "ConfigHSMLoginPanel:Token has already logged on"); + context.put("status", "alreadyLoggedIn"); + } + } else { + CMS.debug( + "ConfigHSMLoginPanel: loginToken():Token password not initialized"); + context.put("status", "tokenPasswordNotInitialized"); + rv = false; + } + + } catch (IncorrectPasswordException e) { + context.put("status", "incorrectPassword"); + context.put("errorString", e.toString()); + CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString()); + rv = false; + } catch (Exception e) { + CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString()); + context.put("errorString", e.toString()); + rv = false; + } + return rv; + } + + // XXX how do you do this? + public PropertySet getUsage() { + PropertySet set = new PropertySet(); + + Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE, "", "", null); /* no default parameters */ + + set.add( + "choice", choiceDesc); + + return set; + } + + /** + * Checks if the given parameters are valid. + */ + public void validate(HttpServletRequest request, + HttpServletResponse response, + Context context) throws IOException { + } + + public void update(HttpServletRequest request, + HttpServletResponse response, + Context context) { + + CMS.debug("ConfigHSMLoginPanel: in update()"); + + String uTokName = null; + String uPasswd = null; + try { + uTokName = HttpInput.getTokenName(request, "uTokName"); + uPasswd = HttpInput.getPassword(request, "__uPasswd"); + } catch (Exception e) { + } + + if (uPasswd == null) { + CMS.debug("ConfigHSMLoginPanel: password not found"); + context.put("error", "no password"); + context.put("panel", "admin/console/config/config_hsmloginpanel.vm"); + context.put("updateStatus", "no password"); + return; + } else { + CMS.debug("ConfigHSMLoginPanel: got password"); + + CryptoToken token = null; + + try { + token = mCryptoManager.getTokenByName(uTokName); + } catch (Exception e) { + CMS.debug( + "ConfigHSMLoginPanel: getTokenByName() failed: " + + e.toString()); + context.put("error", "tokenNotFound:" + uTokName); + } + + try { + if (loginToken(token, uPasswd, context) == false) { + CMS.debug( + "ConfigHSMLoginPanel:loginToken failed for " + + uTokName); + context.put("error", "tokenLoginFailed"); + context.put("updateStatus", "login failed"); + context.put("panel", + "admin/console/config/config_hsmloginpanel.vm"); + return; + } + CMS.debug( + "ConfigHSMLoginPanel: update(): just logged in successfully"); + PlainPasswordWriter pw = new PlainPasswordWriter(); + + pw.init(mPwdFilePath); + pw.putPassword("hardware-" + uTokName, uPasswd); + pw.commit(); + + } catch (FileNotFoundException e) { + CMS.debug( + "ConfigHSMLoginPanel: update(): Exception caught: " + + e.toString() + " writing to " + mPwdFilePath); + CMS.debug( + "ConfigHSMLoginPanel: update(): password not written to cache"); + System.err.println("Exception caught: " + e.toString()); + context.put("error", "Exception:" + e.toString()); + } catch (Exception e) { + CMS.debug( + "ConfigHSMLoginPanel: update(): Exception caught: " + + e.toString()); + System.err.println("Exception caught: " + e.toString()); + context.put("error", "Exception:" + e.toString()); + } + + } // found password + + context.put("panel", "admin/console/config/config_hsmloginpanel.vm"); + context.put("status", "update"); + context.put("error", ""); + context.put("updateStatus", "success"); + + } + + /** + * If validiate() returns false, this method will be called. + */ + public void displayError(HttpServletRequest request, + HttpServletResponse response, + Context context) { + context.put("title", "Security Module Login"); + context.put("panel", "admin/console/config/config_hsmloginpanel.vm"); + } +} |