summaryrefslogtreecommitdiffstats
path: root/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java
diff options
context:
space:
mode:
Diffstat (limited to 'base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java')
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java280
1 files changed, 279 insertions, 1 deletions
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java b/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java
index f6cb4c638..97e9d41b7 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java
@@ -17,28 +17,57 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
+import java.io.StringWriter;
import java.net.InetAddress;
+import java.util.Enumeration;
import java.util.Locale;
import java.util.Random;
+import java.util.Vector;
+
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.OutputKeys;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import netscape.ldap.LDAPAttribute;
+import netscape.ldap.LDAPAttributeSet;
+import netscape.ldap.LDAPConnection;
+import netscape.ldap.LDAPEntry;
+import netscape.ldap.LDAPSearchConstraints;
+import netscape.ldap.LDAPSearchResults;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.EPropertyNotFound;
+import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.base.ISecurityDomainSessionTable;
import com.netscape.certsrv.base.PKIException;
import com.netscape.certsrv.base.UnauthorizedException;
+import com.netscape.certsrv.ldap.ILdapConnFactory;
import com.netscape.certsrv.logging.ILogger;
+import com.netscape.certsrv.system.DomainInfo;
import com.netscape.certsrv.system.InstallToken;
+import com.netscape.certsrv.system.SecurityDomainHost;
+import com.netscape.certsrv.system.SecurityDomainSubsystem;
import com.netscape.cms.servlet.processors.Processor;
+import com.netscape.cmsutil.xml.XMLObject;
/**
* @author Endi S. Dewata
*/
public class SecurityDomainProcessor extends Processor {
- private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE =
+ public final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE =
"LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
+ public final static String[] TYPES = { "CA", "KRA", "OCSP", "TKS", "RA", "TPS" };
+
Random random = new Random();
public SecurityDomainProcessor(Locale locale) throws EPropertyNotFound, EBaseException {
@@ -109,4 +138,253 @@ public class SecurityDomainProcessor extends Processor {
return new InstallToken(cookie);
}
+
+ public DomainInfo getDomainInfo() throws EBaseException {
+
+ ILdapConnFactory connFactory = null;
+ LDAPConnection conn = null;
+
+ try {
+ LDAPSearchConstraints cons = null;
+ String[] attrs = null;
+
+ IConfigStore cs = CMS.getConfigStore();
+ String basedn = cs.getString("internaldb.basedn");
+ String dn = "ou=Security Domain," + basedn;
+ String filter = "objectclass=pkiSecurityGroup";
+
+ IConfigStore ldapConfig = cs.getSubStore("internaldb");
+ connFactory = CMS.getLdapBoundConnFactory();
+ connFactory.init(ldapConfig);
+ conn = connFactory.getConn();
+
+ // get the security domain name
+ String name = (String) conn.read(dn).getAttribute("name").getStringValues().nextElement();
+ CMS.debug("SecurityDomainProcessor: name: "+name);
+
+ DomainInfo domain = new DomainInfo();
+ domain.setName(name);
+
+ // this should return CAList, KRAList etc.
+ LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter,
+ attrs, true, cons);
+
+ while (res.hasMoreElements()) {
+ dn = res.next().getDN();
+ String listName = dn.substring(3, dn.indexOf(","));
+ String subType = listName.substring(0, listName.indexOf("List"));
+ CMS.debug("SecurityDomainProcessor: subtype: "+subType);
+
+ filter = "objectclass=pkiSubsystem";
+ LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_ONE, filter,
+ attrs, false, cons);
+
+ while (res2.hasMoreElements()) {
+ LDAPEntry entry = res2.next();
+ CMS.debug("SecurityDomainProcessor: - "+entry.getDN());
+
+ SecurityDomainHost host = new SecurityDomainHost();
+
+ LDAPAttributeSet entryAttrs = entry.getAttributeSet();
+
+ @SuppressWarnings("unchecked")
+ Enumeration<LDAPAttribute> attrsInSet = entryAttrs.getAttributes();
+ while (attrsInSet.hasMoreElements()) {
+ LDAPAttribute nextAttr = attrsInSet.nextElement();
+ String attrName = nextAttr.getName();
+ String attrValue = (String) nextAttr.getStringValues().nextElement();
+ CMS.debug("SecurityDomainProcessor: - "+attrName+": "+attrValue);
+
+ if ("SubsystemName".equalsIgnoreCase(attrName)) {
+ host.setId(attrValue);
+
+ } else if ("Host".equalsIgnoreCase(attrName)) {
+ host.setHostname(attrValue);
+
+ } else if ("SecurePort".equalsIgnoreCase(attrName)) {
+ host.setSecurePort(attrValue);
+
+ } else if ("Clone".equalsIgnoreCase(attrName)) {
+ host.setClone(attrValue);
+
+ } else if ("DomainManager".equalsIgnoreCase(attrName)) {
+ host.setDomainManager(attrValue);
+
+ } else if ("UnSecurePort".equalsIgnoreCase(attrName)) {
+ host.setPort(attrValue);
+
+ } else if ("SecureAgentPort".equalsIgnoreCase(attrName)) {
+ host.setSecureAgentPort(attrValue);
+
+ } else if ("SecureAdminPort".equalsIgnoreCase(attrName)) {
+ host.setSecureAdminPort(attrValue);
+
+ } else if ("SecureEEClientAuthPort".equalsIgnoreCase(attrName)) {
+ host.setSecureEEClientAuthPort(attrValue);
+ }
+ }
+
+ domain.addHost(subType, host);
+ }
+ }
+
+ return domain;
+
+ } catch (Exception e) {
+ CMS.debug("SecurityDomainProcessor: Failed to read domain info from ldap " + e);
+ throw new EBaseException(e.getMessage(), e);
+
+ } finally {
+ if (conn != null && connFactory != null) {
+ CMS.debug("Releasing ldap connection");
+ connFactory.returnConn(conn);
+ }
+ }
+ }
+
+ public XMLObject getDomainXML() throws EBaseException, ParserConfigurationException {
+ return convertDomainInfoToXMLObject(getDomainInfo());
+ }
+
+ public static XMLObject convertDomainInfoToXMLObject(DomainInfo domain) throws ParserConfigurationException {
+
+ XMLObject xmlObject = new XMLObject();
+
+ Node domainInfo = xmlObject.createRoot("DomainInfo");
+ xmlObject.addItemToContainer(domainInfo, "Name", domain.getName());
+
+ for (String subType : TYPES) {
+ SecurityDomainSubsystem subsystem = domain.getSubsystem(subType);
+ Node listNode = xmlObject.createContainer(domainInfo, subType+"List");
+
+ int counter;
+ if (subsystem == null) {
+ counter = 0;
+
+ } else {
+ counter = subsystem.getHosts().length;
+
+ for (SecurityDomainHost host : subsystem.getHosts()) {
+ Node node = xmlObject.createContainer(listNode, subType);
+
+ String value = host.getHostname();
+ if (value != null) xmlObject.addItemToContainer(node, "Host", value);
+
+ value = host.getSecurePort();
+ if (value != null) xmlObject.addItemToContainer(node, "SecurePort", value);
+
+ value = host.getSecureAgentPort();
+ if (value != null) xmlObject.addItemToContainer(node, "SecureAgentPort", value);
+
+ value = host.getSecureAdminPort();
+ if (value != null) xmlObject.addItemToContainer(node, "SecureAdminPort", value);
+
+ value = host.getSecureEEClientAuthPort();
+ if (value != null) xmlObject.addItemToContainer(node, "SecureEEClientAuthPort", value);
+
+ value = host.getPort();
+ if (value != null) xmlObject.addItemToContainer(node, "UnSecurePort", value);
+
+ value = host.getClone();
+ if (value != null) xmlObject.addItemToContainer(node, "Clone", value);
+
+ value = host.getId();
+ if (value != null) xmlObject.addItemToContainer(node, "SubsystemName", value);
+
+ value = host.getDomainManager();
+ if (value != null) xmlObject.addItemToContainer(node, "DomainManager", value);
+ }
+ }
+
+ xmlObject.addItemToContainer(
+ listNode, "SubsystemCount", Integer.toString(counter));
+ }
+
+ return xmlObject;
+ }
+
+ public static DomainInfo convertXMLObjectToDomainInfo(XMLObject xmlObject) {
+
+ DomainInfo domain = new DomainInfo();
+ Document doc = xmlObject.getDocument();
+ Node rootNode = doc.getFirstChild();
+
+ Vector<String> values = xmlObject.getValuesFromContainer(rootNode, "Name");
+ if (!values.isEmpty()) domain.setName(values.firstElement());
+
+ for (String type : TYPES) {
+ NodeList hosts = doc.getElementsByTagName(type);
+ for (int j=0; j<hosts.getLength(); j++) {
+ Node hostNode = hosts.item(j);
+ SecurityDomainHost host = new SecurityDomainHost();
+
+ values = xmlObject.getValuesFromContainer(hostNode, "SubsystemName");
+ if (!values.isEmpty()) host.setId(values.firstElement());
+
+ values = xmlObject.getValuesFromContainer(hostNode, "Host");
+ if (!values.isEmpty()) host.setHostname(values.firstElement());
+
+ values = xmlObject.getValuesFromContainer(hostNode, "SecurePort");
+ if (!values.isEmpty()) host.setSecurePort(values.firstElement());
+
+ values = xmlObject.getValuesFromContainer(hostNode, "Clone");
+ if (!values.isEmpty()) host.setClone(values.firstElement());
+
+ values = xmlObject.getValuesFromContainer(hostNode, "DomainManager");
+ if (!values.isEmpty()) host.setDomainManager(values.firstElement());
+
+ values = xmlObject.getValuesFromContainer(hostNode, "UnSecurePort");
+ if (!values.isEmpty()) host.setPort(values.firstElement());
+
+ values = xmlObject.getValuesFromContainer(hostNode, "SecureAgentPort");
+ if (!values.isEmpty()) host.setSecureAgentPort(values.firstElement());
+
+ values = xmlObject.getValuesFromContainer(hostNode, "SecureAdminPort");
+ if (!values.isEmpty()) host.setSecureAdminPort(values.firstElement());
+
+ values = xmlObject.getValuesFromContainer(hostNode, "SecureEEClientAuthPort");
+ if (!values.isEmpty()) host.setSecureEEClientAuthPort(values.firstElement());
+
+ domain.addHost(type, host);
+ }
+ }
+
+ return domain;
+ }
+
+ public static void main(String args[]) throws Exception {
+
+ DomainInfo before = new DomainInfo();
+ before.setName("EXAMPLE");
+
+ SecurityDomainHost host = new SecurityDomainHost();
+ host.setId("CA localhost:8443");
+ host.setHostname("localhost");
+ host.setPort("8080");
+ host.setSecurePort("8443");
+ host.setDomainManager("TRUE");
+
+ before.addHost("CA", host);
+
+ System.out.println("Before:");
+ System.out.println(before);
+
+ XMLObject xmlObject = convertDomainInfoToXMLObject(before);
+ Document document = xmlObject.getDocument();
+
+ Transformer transformer = TransformerFactory.newInstance().newTransformer();
+ transformer.setOutputProperty(OutputKeys.INDENT, "yes");
+ transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
+
+ StringWriter sw = new StringWriter();
+ transformer.transform(new DOMSource(document), new StreamResult(sw));
+
+ System.out.println("Domain XML:");
+ System.out.println(sw);
+
+ DomainInfo after = convertXMLObjectToDomainInfo(xmlObject);
+
+ System.out.println("After:");
+ System.out.println(after);
+ }
}
generated by cgit (git 2.34.1) at 2024-04-26 01:01:28 +0000