diff options
Diffstat (limited to 'base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java')
| -rw-r--r-- | base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java | 1133 |
1 files changed, 38 insertions, 1095 deletions
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java b/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java index 276b76d4e..273e33173 100644 --- a/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java +++ b/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java @@ -19,33 +19,23 @@ package com.netscape.cms.servlet.csadmin; import java.io.ByteArrayInputStream; import java.io.IOException; -import java.net.ConnectException; import java.net.URLEncoder; +import java.security.cert.CertificateEncodingException; import java.util.Locale; -import java.util.StringTokenizer; -import java.util.Vector; import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; - -import netscape.ldap.LDAPConnection; -import netscape.ldap.LDAPDN; -import netscape.ldap.LDAPEntry; -import netscape.ldap.LDAPSearchConstraints; -import netscape.ldap.LDAPSearchResults; +import javax.xml.parsers.ParserConfigurationException; import org.apache.velocity.context.Context; -import org.mozilla.jss.CryptoManager; -import org.mozilla.jss.crypto.CryptoStore; -import org.mozilla.jss.crypto.CryptoToken; -import org.mozilla.jss.pkcs11.PK11Store; import org.mozilla.jss.ssl.SSLCertificateApprovalCallback; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; +import org.xml.sax.SAXException; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; @@ -55,10 +45,6 @@ import com.netscape.cms.servlet.base.UserInfo; import com.netscape.cms.servlet.wizard.IWizardPanel; import com.netscape.cms.servlet.wizard.WizardServlet; import com.netscape.cmsutil.crypto.CryptoUtil; -import com.netscape.cmsutil.http.HttpClient; -import com.netscape.cmsutil.http.HttpRequest; -import com.netscape.cmsutil.http.HttpResponse; -import com.netscape.cmsutil.http.JssSSLSocketFactory; import com.netscape.cmsutil.xml.XMLObject; public class WizardPanelBase implements IWizardPanel { @@ -228,290 +214,40 @@ public class WizardPanelBase implements IWizardPanel { return locale; } - public String getNickname(IConfigStore config, String certTag) { - String instanceID = ""; - - try { - instanceID = config.getString("instanceId", ""); - } catch (Exception e) { - } - - String nickname = certTag + "Cert cert-" + instanceID; - String preferredNickname = null; - - try { - preferredNickname = config.getString( - PCERT_PREFIX + certTag + ".nickname", null); - } catch (Exception e) { - } - - if (preferredNickname != null) { - nickname = preferredNickname; - } - return nickname; - } - - public void updateDomainXML(String hostname, int port, boolean https, - String servlet, String uri) throws IOException { - CMS.debug("WizardPanelBase updateDomainXML start hostname=" + hostname + " port=" + port); - IConfigStore cs = CMS.getConfigStore(); - String nickname = ""; - String tokenname = ""; - try { - nickname = cs.getString("preop.cert.subsystem.nickname", ""); - tokenname = cs.getString("preop.module.token", ""); - } catch (Exception e) { - } - - if (!tokenname.equals("") && - !tokenname.equals("Internal Key Storage Token") && - !tokenname.equals("internal")) { - nickname = tokenname + ":" + nickname; - } - - CMS.debug("WizardPanelBase updateDomainXML nickname=" + nickname); - CMS.debug("WizardPanelBase: start sending updateDomainXML request"); - String c = getHttpResponse(hostname, port, https, servlet, uri, nickname); - CMS.debug("WizardPanelBase: done sending updateDomainXML request"); - - if (c != null) { - try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); - XMLObject obj = null; - try { - obj = new XMLObject(bis); - } catch (Exception e) { - CMS.debug("WizardPanelBase::updateDomainXML() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); - } - - String status = obj.getValue("Status"); - CMS.debug("WizardPanelBase updateDomainXML: status=" + status); - - if (status.equals(SUCCESS)) { - return; - } else { - String error = obj.getValue("Error"); - throw new IOException(error); - } - } catch (IOException e) { - CMS.debug("WizardPanelBase: updateDomainXML: " + e.toString()); - throw e; - } catch (Exception e) { - CMS.debug("WizardPanelBase: updateDomainXML: " + e.toString()); - throw new IOException(e.toString()); - } - } - } - public int getSubsystemCount(String hostname, int https_admin_port, - boolean https, String type) - throws IOException { + boolean https, String type) throws IOException, SAXException, ParserConfigurationException { CMS.debug("WizardPanelBase getSubsystemCount start"); - String c = getDomainXML(hostname, https_admin_port, true); + String c = ConfigurationUtils.getDomainXML(hostname, https_admin_port, true); if (c != null) { - try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); - XMLObject obj = new XMLObject(bis); - String containerName = type + "List"; - Node n = obj.getContainer(containerName); - NodeList nlist = n.getChildNodes(); - String countS = ""; - for (int i = 0; i < nlist.getLength(); i++) { - Element nn = (Element) nlist.item(i); - String tagname = nn.getTagName(); - if (tagname.equals("SubsystemCount")) { - NodeList nlist1 = nn.getChildNodes(); - Node nn1 = nlist1.item(0); - countS = nn1.getNodeValue(); - break; - } - } - CMS.debug("WizardPanelBase getSubsystemCount: SubsystemCount=" + countS); - int num = 0; - - if (countS != null && !countS.equals("")) { - try { - num = Integer.parseInt(countS); - } catch (Exception ee) { - } + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + XMLObject obj = new XMLObject(bis); + String containerName = type + "List"; + Node n = obj.getContainer(containerName); + NodeList nlist = n.getChildNodes(); + String countS = ""; + for (int i = 0; i < nlist.getLength(); i++) { + Element nn = (Element) nlist.item(i); + String tagname = nn.getTagName(); + if (tagname.equals("SubsystemCount")) { + NodeList nlist1 = nn.getChildNodes(); + Node nn1 = nlist1.item(0); + countS = nn1.getNodeValue(); + break; } - - return num; - } catch (Exception e) { - CMS.debug("WizardPanelBase: getSubsystemCount: " + e.toString()); - throw new IOException(e.toString()); } - } - - return -1; - } - - public String getDomainXML(String hostname, int https_admin_port, - boolean https) - throws IOException { - CMS.debug("WizardPanelBase getDomainXML start"); - String c = getHttpResponse(hostname, https_admin_port, https, - "/ca/admin/ca/getDomainXML", null, null); - if (c != null) { - try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); - XMLObject parser = null; + CMS.debug("WizardPanelBase getSubsystemCount: SubsystemCount=" + countS); + int num = 0; + if (countS != null && !countS.equals("")) { try { - parser = new XMLObject(bis); - } catch (Exception e) { - CMS.debug("WizardPanelBase::getDomainXML() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); - } - - String status = parser.getValue("Status"); - - CMS.debug("WizardPanelBase getDomainXML: status=" + status); - - if (status.equals(SUCCESS)) { - String domainInfo = parser.getValue("DomainInfo"); - - CMS.debug( - "WizardPanelBase getDomainXML: domainInfo=" - + domainInfo); - return domainInfo; - } else { - String error = parser.getValue("Error"); - - throw new IOException(error); + num = Integer.parseInt(countS); + } catch (Exception ee) { } - } catch (IOException e) { - CMS.debug("WizardPanelBase: getDomainXML: " + e.toString()); - throw e; - } catch (Exception e) { - CMS.debug("WizardPanelBase: getDomainXML: " + e.toString()); - throw new IOException(e.toString()); } - } - - return null; - } - public String getSubsystemCert(String host, int port, boolean https) - throws IOException { - CMS.debug("WizardPanelBase getSubsystemCert start"); - String c = getHttpResponse(host, port, https, - "/ca/admin/ca/getSubsystemCert", null, null); - if (c != null) { - try { - ByteArrayInputStream bis = - new ByteArrayInputStream(c.getBytes()); - XMLObject parser = null; - try { - parser = new XMLObject(bis); - } catch (Exception e) { - CMS.debug("WizardPanelBase::getSubsystemCert() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); - } - String status = parser.getValue("Status"); - if (status.equals(SUCCESS)) { - String s = parser.getValue("Cert"); - return s; - } else - return null; - } catch (Exception e) { - } + return num; } - - return null; - } - - public void updateConnectorInfo(String host, int port, boolean https, - String content) throws IOException { - CMS.debug("WizardPanelBase updateConnectorInfo start"); - String c = getHttpResponse(host, port, https, - "/ca/admin/ca/updateConnector", content, null); - if (c != null) { - try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); - XMLObject parser = null; - - try { - parser = new XMLObject(bis); - } catch (Exception e) { - CMS.debug("WizardPanelBase::updateConnectorInfo() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); - } - - String status = parser.getValue("Status"); - - CMS.debug("WizardPanelBase updateConnectorInfo: status=" + status); - - if (!status.equals(SUCCESS)) { - String error = parser.getValue("Error"); - throw new IOException(error); - } - } catch (IOException e) { - CMS.debug("WizardPanelBase: updateConnectorInfo: " + e.toString()); - throw e; - } catch (Exception e) { - CMS.debug("WizardPanelBase: updateConnectorInfo: " + e.toString()); - throw new IOException(e.toString()); - } - } - } - - public String getCertChainUsingSecureAdminPort(String hostname, - int https_admin_port, - boolean https, - ConfigCertApprovalCallback - certApprovalCallback) - throws IOException { - CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort start"); - String c = getHttpResponse(hostname, https_admin_port, https, - "/ca/admin/ca/getCertChain", null, null, - certApprovalCallback); - - if (c != null) { - try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); - XMLObject parser = null; - - try { - parser = new XMLObject(bis); - } catch (Exception e) { - CMS.debug("WizardPanelBase::getCertChainUsingSecureAdminPort() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); - } - - String status = parser.getValue("Status"); - - CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort: status=" + status); - - if (status.equals(SUCCESS)) { - String certchain = parser.getValue("ChainBase64"); - - certchain = CryptoUtil.normalizeCertStr(certchain); - CMS.debug( - "WizardPanelBase getCertChainUsingSecureAdminPort: certchain=" - + certchain); - return certchain; - } else { - String error = parser.getValue("Error"); - - throw new IOException(error); - } - } catch (IOException e) { - CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: " + e.toString()); - throw e; - } catch (Exception e) { - CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: " + e.toString()); - throw new IOException(e.toString()); - } - } - - return null; + return -1; } public String getCertChainUsingSecureEEPort(String hostname, @@ -521,7 +257,7 @@ public class WizardPanelBase implements IWizardPanel { certApprovalCallback) throws IOException { CMS.debug("WizardPanelBase getCertChainUsingSecureEEPort start"); - String c = getHttpResponse(hostname, https_ee_port, https, + String c = ConfigurationUtils.getHttpResponse(hostname, https_ee_port, https, "/ca/ee/ca/getCertChain", null, null, certApprovalCallback); @@ -571,7 +307,7 @@ public class WizardPanelBase implements IWizardPanel { String servlet, String uri, IConfigStore config, HttpServletResponse response) throws IOException { CMS.debug("WizardPanelBase updateConfigEntries start"); - String c = getHttpResponse(hostname, port, https, servlet, uri, null); + String c = ConfigurationUtils.getHttpResponse(hostname, port, https, servlet, uri, null); if (c != null) { try { @@ -714,7 +450,7 @@ public class WizardPanelBase implements IWizardPanel { public boolean authenticate(String hostname, int port, boolean https, String servlet, String uri) throws IOException { CMS.debug("WizardPanelBase authenticate start"); - String c = getHttpResponse(hostname, port, https, servlet, uri, null); + String c = ConfigurationUtils.getHttpResponse(hostname, port, https, servlet, uri, null); IConfigStore cs = CMS.getConfigStore(); if (c != null) { @@ -750,518 +486,12 @@ public class WizardPanelBase implements IWizardPanel { return false; } - public void updateOCSPConfig(String hostname, int port, boolean https, - String content, HttpServletResponse response) - throws IOException { - CMS.debug("WizardPanelBase updateOCSPConfig start"); - String c = getHttpResponse(hostname, port, https, - "/ca/ee/ca/updateOCSPConfig", content, null); - if (c == null || c.equals("")) { - CMS.debug("WizardPanelBase updateOCSPConfig: content is null."); - throw new IOException("The server you want to contact is not available"); - } else { - try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); - XMLObject parser = null; - - try { - parser = new XMLObject(bis); - } catch (Exception e) { - CMS.debug("WizardPanelBase::updateOCSPConfig() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); - } - - String status = parser.getValue("Status"); - - CMS.debug("WizardPanelBase updateOCSPConfig: status=" + status); - - if (status.equals(SUCCESS)) { - CMS.debug("WizardPanelBase updateOCSPConfig: Successfully update the OCSP configuration in the CA."); - } else if (status.equals(AUTH_FAILURE)) { - reloginSecurityDomain(response); - return; - } else { - String error = parser.getValue("Error"); - - throw new IOException(error); - } - } catch (IOException e) { - CMS.debug("WizardPanelBase updateOCSPConfig: " + e.toString()); - throw e; - } catch (Exception e) { - CMS.debug("WizardPanelBase updateOCSPConfig: " + e.toString()); - throw new IOException(e.toString()); - } - } - } - - public void updateNumberRange(String hostname, int port, boolean https, - String content, String type, HttpServletResponse response) - throws IOException { - CMS.debug("WizardPanelBase updateNumberRange start host=" + hostname + - " port=" + port); - IConfigStore cs = CMS.getConfigStore(); - String cstype = ""; - try { - cstype = cs.getString("cs.type", ""); - } catch (Exception e) { - } - - cstype = toLowerCaseSubsystemType(cstype); - String c = getHttpResponse(hostname, port, https, - "/" + cstype + "/ee/" + cstype + "/updateNumberRange", content, null); - if (c == null || c.equals("")) { - CMS.debug("WizardPanelBase updateNumberRange: content is null."); - throw new IOException("The server you want to contact is not available"); - } else { - CMS.debug("content=" + c); - try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); - XMLObject parser = null; - - try { - parser = new XMLObject(bis); - } catch (Exception e) { - CMS.debug("WizardPanelBase::updateNumberRange() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); - } - - String status = parser.getValue("Status"); - - CMS.debug("WizardPanelBase updateNumberRange: status=" + status); - if (status.equals(SUCCESS)) { - String beginNum = parser.getValue("beginNumber"); - String endNum = parser.getValue("endNumber"); - if (type.equals("request")) { - cs.putString("dbs.beginRequestNumber", beginNum); - cs.putString("dbs.endRequestNumber", endNum); - } else if (type.equals("serialNo")) { - cs.putString("dbs.beginSerialNumber", beginNum); - cs.putString("dbs.endSerialNumber", endNum); - } else if (type.equals("replicaId")) { - cs.putString("dbs.beginReplicaNumber", beginNum); - cs.putString("dbs.endReplicaNumber", endNum); - } - // enable serial number management in clone - cs.putString("dbs.enableSerialManagement", "true"); - cs.commit(false); - } else if (status.equals(AUTH_FAILURE)) { - reloginSecurityDomain(response); - return; - } else { - String error = parser.getValue("Error"); - - throw new IOException(error); - } - } catch (IOException e) { - CMS.debug("WizardPanelBase: updateNumberRange: " + e.toString()); - CMS.debug(e); - throw e; - } catch (Exception e) { - CMS.debug("WizardPanelBase: updateNumberRange: " + e.toString()); - CMS.debug(e); - throw new IOException(e.toString()); - } - } - } - - public int getPort(String hostname, int port, boolean https, - String portServlet, boolean sport) - throws IOException { - CMS.debug("WizardPanelBase getPort start"); - String c = getHttpResponse(hostname, port, https, portServlet, - "secure=" + sport, null); - - if (c != null) { - try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); - XMLObject parser = null; - - try { - parser = new XMLObject(bis); - } catch (Exception e) { - CMS.debug("WizardPanelBase::getPort() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); - } - - String status = parser.getValue("Status"); - - CMS.debug("WizardPanelBase getPort: status=" + status); - - if (status.equals(SUCCESS)) { - String portStr = parser.getValue("Port"); - - port = Integer.parseInt(portStr); - return port; - } else { - String error = parser.getValue("Error"); - - throw new IOException(error); - } - } catch (IOException e) { - CMS.debug("WizardPanelBase: getPort: " + e.toString()); - throw e; - } catch (Exception e) { - CMS.debug("WizardPanelBase: getPort: " + e.toString()); - throw new IOException(e.toString()); - } - } - - return -1; - } - - public String getHttpResponse(String hostname, int port, boolean secure, - String uri, String content, String clientnickname) throws IOException { - return getHttpResponse(hostname, port, secure, uri, content, clientnickname, null); - } - - public String getHttpResponse(String hostname, int port, boolean secure, - String uri, String content, String clientnickname, - SSLCertificateApprovalCallback certApprovalCallback) - throws IOException { - HttpClient httpclient = null; - String c = null; - - try { - if (secure) { - JssSSLSocketFactory factory = null; - if (clientnickname != null && clientnickname.length() > 0) - factory = new JssSSLSocketFactory(clientnickname); - else - factory = new JssSSLSocketFactory(); - - httpclient = new HttpClient(factory, certApprovalCallback); - } else { - httpclient = new HttpClient(); - } - httpclient.connect(hostname, port); - HttpRequest httprequest = new HttpRequest(); - - httprequest.setMethod(HttpRequest.POST); - httprequest.setURI(uri); - // httprequest.setURI("/ca/ee/ca/ports"); - httprequest.setHeader("user-agent", "HTTPTool/1.0"); - // String content_c = "secure="+secure; - httprequest.setHeader("content-type", - "application/x-www-form-urlencoded"); - if (content != null && content.length() > 0) { - String content_c = content; - - httprequest.setHeader("content-length", "" + content_c.length()); - httprequest.setContent(content_c); - } - HttpResponse httpresponse = httpclient.send(httprequest); - - c = httpresponse.getContent(); - } catch (ConnectException e) { - CMS.debug("WizardPanelBase getHttpResponse: " + e.toString()); - throw new IOException("The server you tried to contact is not running."); - } catch (Exception e) { - CMS.debug("WizardPanelBase getHttpResponse: " + e.toString()); - throw new IOException(e.toString()); - } finally { - if (httpclient.connected()) { - httpclient.disconnect(); - } - } - - return c; - } - - public boolean isSDHostDomainMaster(IConfigStore config) { - String dm = "false"; - try { - String hostname = config.getString("securitydomain.host"); - int httpsadminport = config.getInteger("securitydomain.httpsadminport"); - - CMS.debug("Getting domain.xml from CA..."); - String c = getDomainXML(hostname, httpsadminport, true); - - CMS.debug("Getting DomainMaster from security domain"); - - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); - XMLObject parser = new XMLObject(bis); - Document doc = parser.getDocument(); - NodeList nodeList = doc.getElementsByTagName("CA"); - - int len = nodeList.getLength(); - for (int i = 0; i < len; i++) { - Vector<String> v_hostname = - parser.getValuesFromContainer(nodeList.item(i), - "Host"); - - Vector<String> v_https_admin_port = - parser.getValuesFromContainer(nodeList.item(i), - "SecureAdminPort"); - - Vector<String> v_domain_mgr = - parser.getValuesFromContainer(nodeList.item(i), - "DomainManager"); - - if (v_hostname.elementAt(0).equals(hostname) && - v_https_admin_port.elementAt(0).equals(Integer.toString(httpsadminport))) { - dm = v_domain_mgr.elementAt(0).toString(); - break; - } - } - } catch (Exception e) { - CMS.debug(e.toString()); - } - return dm.equalsIgnoreCase("true"); - } - - public Vector<String> getMasterUrlListFromSecurityDomain(IConfigStore config, - String type, - String portType) { - Vector<String> v = new Vector<String>(); - - try { - String hostname = config.getString("securitydomain.host"); - int httpsadminport = config.getInteger("securitydomain.httpsadminport"); - - CMS.debug("Getting domain.xml from CA..."); - String c = getDomainXML(hostname, httpsadminport, true); - - CMS.debug("Type " + type); - - CMS.debug("Getting " + portType + " from Security Domain ..."); - if (!portType.equals("UnSecurePort") && - !portType.equals("SecureAgentPort") && - !portType.equals("SecurePort") && - !portType.equals("SecureAdminPort")) { - CMS.debug("getPortFromSecurityDomain: " + - "unknown port type " + portType); - return v; - } - - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); - XMLObject parser = new XMLObject(bis); - Document doc = parser.getDocument(); - NodeList nodeList = doc.getElementsByTagName(type); - - // save domain name in cfg - config.putString("securitydomain.name", - parser.getValue("Name")); - - int len = nodeList.getLength(); - - CMS.debug("Len " + len); - for (int i = 0; i < len; i++) { - Vector<String> v_clone = parser.getValuesFromContainer(nodeList.item(i), - "Clone"); - String clone = v_clone.elementAt(0); - if (clone.equalsIgnoreCase("true")) - continue; - Vector<String> v_name = parser.getValuesFromContainer(nodeList.item(i), - "SubsystemName"); - Vector<String> v_host = parser.getValuesFromContainer(nodeList.item(i), - "Host"); - Vector<String> v_port = parser.getValuesFromContainer(nodeList.item(i), - portType); - - v.addElement(v_name.elementAt(0) - + " - https://" - + v_host.elementAt(0) - + ":" - + v_port.elementAt(0)); - } - } catch (Exception e) { - CMS.debug(e.toString()); - } - - return v; - } - - public Vector<String> getUrlListFromSecurityDomain(IConfigStore config, - String type, - String portType) { - Vector<String> v = new Vector<String>(); - - try { - String hostname = config.getString("securitydomain.host"); - int httpsadminport = config.getInteger("securitydomain.httpsadminport"); - - CMS.debug("Getting domain.xml from CA..."); - String c = getDomainXML(hostname, httpsadminport, true); - - CMS.debug("Getting " + portType + " from Security Domain ..."); - if (!portType.equals("UnSecurePort") && - !portType.equals("SecureAgentPort") && - !portType.equals("SecurePort") && - !portType.equals("SecureAdminPort")) { - CMS.debug("getPortFromSecurityDomain: " + - "unknown port type " + portType); - return v; - } - - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); - XMLObject parser = new XMLObject(bis); - Document doc = parser.getDocument(); - NodeList nodeList = doc.getElementsByTagName(type); - - // save domain name in cfg - config.putString("securitydomain.name", - parser.getValue("Name")); - - int len = nodeList.getLength(); - - CMS.debug("Len " + len); - for (int i = 0; i < len; i++) { - Vector<String> v_name = parser.getValuesFromContainer(nodeList.item(i), - "SubsystemName"); - Vector<String> v_host = parser.getValuesFromContainer(nodeList.item(i), - "Host"); - Vector<String> v_port = parser.getValuesFromContainer(nodeList.item(i), - portType); - Vector<String> v_admin_port = parser.getValuesFromContainer(nodeList.item(i), - "SecureAdminPort"); - - if (v_host.elementAt(0).equals(hostname) - && v_admin_port.elementAt(0).equals(new Integer(httpsadminport).toString())) { - // add security domain CA to the beginning of list - v.add(0, v_name.elementAt(0) - + " - https://" - + v_host.elementAt(0) - + ":" - + v_port.elementAt(0)); - } else { - v.addElement(v_name.elementAt(0) - + " - https://" - + v_host.elementAt(0) - + ":" - + v_port.elementAt(0)); - } - } - } catch (Exception e) { - CMS.debug(e.toString()); - } - - return v; - } - - // Given an HTTPS Hostname and EE port, - // retrieve the associated HTTPS Admin port - public String getSecurityDomainAdminPort(IConfigStore config, - String hostname, - String https_ee_port, - String cstype) { - String https_admin_port = new String(); - - try { - String sd_hostname = config.getString("securitydomain.host"); - int sd_httpsadminport = - config.getInteger("securitydomain.httpsadminport"); - - CMS.debug("Getting domain.xml from CA ..."); - String c = getDomainXML(sd_hostname, sd_httpsadminport, true); - - CMS.debug("Getting associated HTTPS Admin port from " + - "HTTPS Hostname '" + hostname + - "' and EE port '" + https_ee_port + "'"); - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); - XMLObject parser = new XMLObject(bis); - Document doc = parser.getDocument(); - NodeList nodeList = doc.getElementsByTagName(cstype.toUpperCase()); - - int len = nodeList.getLength(); - for (int i = 0; i < len; i++) { - Vector<String> v_hostname = - parser.getValuesFromContainer(nodeList.item(i), - "Host"); - - Vector<String> v_https_ee_port = - parser.getValuesFromContainer(nodeList.item(i), - "SecurePort"); - - Vector<String> v_https_admin_port = - parser.getValuesFromContainer(nodeList.item(i), - "SecureAdminPort"); - - if (v_hostname.elementAt(0).equals(hostname) && - v_https_ee_port.elementAt(0).equals(https_ee_port)) { - https_admin_port = - v_https_admin_port.elementAt(0).toString(); - break; - } - } - } catch (Exception e) { - CMS.debug(e.toString()); - } - - return (https_admin_port); - } - - public String getSecurityDomainPort(IConfigStore config, - String portType) { - String port = new String(); - - try { - String hostname = config.getString("securitydomain.host"); - int httpsadminport = - config.getInteger("securitydomain.httpsadminport"); - - CMS.debug("Getting domain.xml from CA ..."); - String c = getDomainXML(hostname, httpsadminport, true); - - CMS.debug("Getting " + portType + " from Security Domain ..."); - if (!portType.equals("UnSecurePort") && - !portType.equals("SecureAgentPort") && - !portType.equals("SecurePort") && - !portType.equals("SecureAdminPort")) { - CMS.debug("getPortFromSecurityDomain: " + - "unknown port type " + portType); - return ""; - } - - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); - XMLObject parser = new XMLObject(bis); - Document doc = parser.getDocument(); - NodeList nodeList = doc.getElementsByTagName("CA"); - - int len = nodeList.getLength(); - for (int i = 0; i < len; i++) { - Vector<String> v_admin_port = - parser.getValuesFromContainer(nodeList.item(i), - "SecureAdminPort"); - - Vector<String> v_port = null; - if (portType.equals("UnSecurePort")) { - v_port = parser.getValuesFromContainer(nodeList.item(i), - "UnSecurePort"); - } else if (portType.equals("SecureAgentPort")) { - v_port = parser.getValuesFromContainer(nodeList.item(i), - "SecureAgentPort"); - } else if (portType.equals("SecurePort")) { - v_port = parser.getValuesFromContainer(nodeList.item(i), - "SecurePort"); - } else if (portType.equals("SecureAdminPort")) { - v_port = parser.getValuesFromContainer(nodeList.item(i), - "SecureAdminPort"); - } - - if ((v_port != null) && - (v_admin_port.elementAt(0).equals( - Integer.toString(httpsadminport)))) { - port = v_port.elementAt(0).toString(); - break; - } - } - } catch (Exception e) { - CMS.debug(e.toString()); - } - - return (port); - } - public String pingCS(String hostname, int port, boolean https, SSLCertificateApprovalCallback certApprovalCallback) throws IOException { CMS.debug("WizardPanelBase pingCS: started"); - String c = getHttpResponse(hostname, port, https, + String c = ConfigurationUtils.getHttpResponse(hostname, port, https, "/ca/admin/ca/getStatus", null, null, certApprovalCallback); @@ -1296,315 +526,28 @@ public class WizardPanelBase implements IWizardPanel { return null; } - public String toLowerCaseSubsystemType(String s) { - String x = null; - if (s.equals("CA")) { - x = "ca"; - } else if (s.equals("KRA")) { - x = "kra"; - } else if (s.equals("OCSP")) { - x = "ocsp"; - } else if (s.equals("TKS")) { - x = "tks"; - } - - return x; - } - - public void getTokenInfo(IConfigStore config, String type, String host, - int https_ee_port, boolean https, Context context, - ConfigCertApprovalCallback certApprovalCallback) throws IOException { - CMS.debug("WizardPanelBase getTokenInfo start"); - String uri = "/" + type + "/ee/" + type + "/getTokenInfo"; - CMS.debug("WizardPanelBase getTokenInfo: uri=" + uri); - String c = getHttpResponse(host, https_ee_port, https, uri, null, null, - certApprovalCallback); - if (c != null) { - try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); - XMLObject parser = null; - - try { - parser = new XMLObject(bis); - } catch (Exception e) { - CMS.debug("WizardPanelBase::getTokenInfo() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); - } - - String status = parser.getValue("Status"); - - CMS.debug("WizardPanelBase getTokenInfo: status=" + status); - - if (status.equals(SUCCESS)) { - Document doc = parser.getDocument(); - NodeList list = doc.getElementsByTagName("name"); - int len = list.getLength(); - for (int i = 0; i < len; i++) { - Node n = list.item(i); - NodeList nn = n.getChildNodes(); - String name = nn.item(0).getNodeValue(); - Node parent = n.getParentNode(); - nn = parent.getChildNodes(); - int len1 = nn.getLength(); - String v = ""; - for (int j = 0; j < len1; j++) { - Node nv = nn.item(j); - String val = nv.getNodeName(); - if (val.equals("value")) { - NodeList n2 = nv.getChildNodes(); - if (n2.getLength() > 0) - v = n2.item(0).getNodeValue(); - break; - } - } - if (name.equals("cloning.signing.nickname")) { - config.putString("preop.master.signing.nickname", v); - config.putString(type + ".cert.signing.nickname", v); - config.putString(name, v); - } else if (name.equals("cloning.ocsp_signing.nickname")) { - config.putString("preop.master.ocsp_signing.nickname", v); - config.putString(type + ".cert.ocsp_signing.nickname", v); - config.putString(name, v); - } else if (name.equals("cloning.subsystem.nickname")) { - config.putString("preop.master.subsystem.nickname", v); - config.putString(type + ".cert.subsystem.nickname", v); - config.putString(name, v); - } else if (name.equals("cloning.transport.nickname")) { - config.putString("preop.master.transport.nickname", v); - config.putString("kra.transportUnit.nickName", v); - config.putString("kra.cert.transport.nickname", v); - config.putString(name, v); - } else if (name.equals("cloning.storage.nickname")) { - config.putString("preop.master.storage.nickname", v); - config.putString("kra.storageUnit.nickName", v); - config.putString("kra.cert.storage.nickname", v); - config.putString(name, v); - } else if (name.equals("cloning.audit_signing.nickname")) { - config.putString("preop.master.audit_signing.nickname", v); - config.putString(type + ".cert.audit_signing.nickname", v); - config.putString(name, v); - } else if (name.equals("cloning.module.token")) { - config.putString("preop.module.token", v); - } else if (name.startsWith("cloning.ca")) { - config.putString(name.replaceFirst("cloning", "preop"), v); - } else if (name.startsWith("cloning")) { - config.putString(name.replaceFirst("cloning", "preop.cert"), v); - } else { - config.putString(name, v); - } - } - - // reset nicknames for system cert verification - String token = config.getString("preop.module.token", - "Internal Key Storage Token"); - if (!token.equals("Internal Key Storage Token")) { - String certlist = config.getString("preop.cert.list"); - - StringTokenizer t1 = new StringTokenizer(certlist, ","); - while (t1.hasMoreTokens()) { - String tag = t1.nextToken(); - if (tag.equals("sslserver")) - continue; - config.putString(type + ".cert." + tag + ".nickname", - token + ":" + - config.getString(type + ".cert." + tag + ".nickname", "")); - } - } - } else { - String error = parser.getValue("Error"); - throw new IOException(error); - } - } catch (IOException e) { - CMS.debug("WizardPanelBase: getTokenInfo: " + e.toString()); - throw e; - } catch (Exception e) { - CMS.debug("WizardPanelBase: getTokenInfo: " + e.toString()); - throw new IOException(e.toString()); - } - } - } - - public void importCertChain(String id) throws IOException { - CMS.debug("DisplayCertChainPanel importCertChain"); - IConfigStore config = CMS.getConfigStore(); - String configName = "preop." + id + ".pkcs7"; - String pkcs7 = ""; - - try { - pkcs7 = config.getString(configName, ""); - } catch (Exception e) { - } - - if (pkcs7.length() > 0) { - try { - CryptoUtil.importCertificateChain(pkcs7); - } catch (Exception e) { - CMS.debug("DisplayCertChainPanel importCertChain: Exception: " + e.toString()); - } - } - } - - public void updateCertChain(IConfigStore config, String name, String host, - int https_admin_port, boolean https, Context context) throws IOException { - updateCertChain(config, name, host, https_admin_port, - https, context, null); - } - - public void updateCertChain(IConfigStore config, String name, String host, - int https_admin_port, boolean https, Context context, - ConfigCertApprovalCallback certApprovalCallback) throws IOException { - String certchain = getCertChainUsingSecureAdminPort(host, - https_admin_port, - https, - certApprovalCallback); + public void updateCertChainUsingSecureEEPort(IConfigStore config, String name, String host, + int https_ee_port, boolean https, Context context, ConfigCertApprovalCallback certApprovalCallback) + throws IOException, CertificateEncodingException, EBaseException { + String certchain = getCertChainUsingSecureEEPort(host, https_ee_port, https, certApprovalCallback); config.putString("preop." + name + ".pkcs7", certchain); byte[] decoded = CryptoUtil.base64Decode(certchain); - java.security.cert.X509Certificate[] b_certchain = null; - - try { - b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded); - } catch (Exception e) { - context.put("errorString", - "Failed to get the certificate chain."); - return; - } + java.security.cert.X509Certificate[] b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded); int size = 0; if (b_certchain != null) { size = b_certchain.length; } config.putInteger("preop." + name + ".certchain.size", size); - for (int i = 0; i < size; i++) { - byte[] bb = null; - - try { - bb = b_certchain[i].getEncoded(); - } catch (Exception e) { - context.put("errorString", - "Failed to get the der-encoded certificate chain."); - return; - } - config.putString("preop." + name + ".certchain." + i, - CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); - } - - try { - config.commit(false); - } catch (EBaseException e) { - } - } - - public void updateCertChainUsingSecureEEPort(IConfigStore config, - String name, String host, - int https_ee_port, - boolean https, - Context context, - ConfigCertApprovalCallback certApprovalCallback) throws IOException { - String certchain = getCertChainUsingSecureEEPort(host, https_ee_port, - https, - certApprovalCallback); - config.putString("preop." + name + ".pkcs7", certchain); - - byte[] decoded = CryptoUtil.base64Decode(certchain); - java.security.cert.X509Certificate[] b_certchain = null; - - try { - b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded); - } catch (Exception e) { - context.put("errorString", - "Failed to get the certificate chain."); - return; - } - int size = 0; - if (b_certchain != null) { - size = b_certchain.length; - } - config.putInteger("preop." + name + ".certchain.size", size); for (int i = 0; i < size; i++) { - byte[] bb = null; - - try { - bb = b_certchain[i].getEncoded(); - } catch (Exception e) { - context.put("errorString", - "Failed to get the der-encoded certificate chain."); - return; - } + byte[] bb = b_certchain[i].getEncoded(); config.putString("preop." + name + ".certchain." + i, CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); } - try { - config.commit(false); - } catch (EBaseException e) { - } - } - - public void deleteCert(String tokenname, String nickname) { - try { - CryptoManager cm = CryptoManager.getInstance(); - CryptoToken tok = cm.getTokenByName(tokenname); - CryptoStore store = tok.getCryptoStore(); - String fullnickname = nickname; - if (!tokenname.equals("") && - !tokenname.equals("Internal Key Storage Token") && - !tokenname.equals("internal")) - fullnickname = tokenname + ":" + nickname; - - CMS.debug("WizardPanelBase deleteCert: nickname=" + fullnickname); - org.mozilla.jss.crypto.X509Certificate cert = cm.findCertByNickname(fullnickname); - - if (store instanceof PK11Store) { - CMS.debug("WizardPanelBase deleteCert: this is pk11store"); - PK11Store pk11store = (PK11Store) store; - pk11store.deleteCertOnly(cert); - CMS.debug("WizardPanelBase deleteCert: cert deleted successfully"); - } - } catch (Exception e) { - CMS.debug("WizardPanelBase deleteCert: Exception=" + e.toString()); - } - } - - public void deleteEntries(LDAPSearchResults res, LDAPConnection conn, - String dn, String[] entries) { - String[] attrs = null; - LDAPSearchConstraints cons = null; - String filter = "objectclass=*"; - - try { - if (res.getCount() == 0) - return; - else { - while (res.hasMoreElements()) { - LDAPEntry entry = res.next(); - String dn1 = entry.getDN(); - LDAPSearchResults res1 = conn.search(dn1, 1, filter, attrs, true, cons); - deleteEntries(res1, conn, dn1, entries); - deleteEntry(conn, dn1, entries); - } - } - } catch (Exception ee) { - CMS.debug("WizardPanelBase deleteEntries: Exception=" + ee.toString()); - } - } - - public void deleteEntry(LDAPConnection conn, String dn, String[] entries) { - try { - for (int i = 0; i < entries.length; i++) { - if (LDAPDN.equals(dn, entries[i])) { - CMS.debug("WizardPanelBase deleteEntry: entry with this dn " + dn + " is not deleted."); - return; - } - } - - CMS.debug("WizardPanelBase deleteEntry: deleting dn=" + dn); - conn.delete(dn); - } catch (Exception e) { - CMS.debug("WizardPanelBase deleteEntry: Exception=" + e.toString()); - } + config.commit(false); } public void reloginSecurityDomain(HttpServletResponse response) { @@ -1618,7 +561,7 @@ public class WizardPanelBase implements IWizardPanel { String subsystem = cs.getString("cs.type", ""); String urlVal = "https://" - + cs_hostname + ":" + cs_port + "/" + toLowerCaseSubsystemType(subsystem) + + cs_hostname + ":" + cs_port + "/" + subsystem.toLowerCase() + "/admin/console/config/wizard?p=" + panel + "&subsystem=" + subsystem; String encodedValue = URLEncoder.encode(urlVal, "UTF-8"); String sdurl = "https://" + hostname + ":" + port + "/ca/admin/ca/securityDomainLogin?url=" + encodedValue; |