4 files changed, 162 insertions, 41 deletions

diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
index 89233bdc2..531fc212f 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
@@ -146,8 +146,7 @@ import com.netscape.certsrv.ldap.ILdapConnFactory;
 import com.netscape.certsrv.ocsp.IDefStore;
 import com.netscape.certsrv.ocsp.IOCSPAuthority;
 import com.netscape.certsrv.system.InstallToken;
-import com.netscape.certsrv.system.InstallTokenRequest;
-import com.netscape.certsrv.system.SystemConfigClient;
+import com.netscape.certsrv.system.SecurityDomainClient;
 import com.netscape.certsrv.usrgrp.EUsrGrpException;
 import com.netscape.certsrv.usrgrp.IGroup;
 import com.netscape.certsrv.usrgrp.IUGSubsystem;
@@ -322,17 +321,17 @@ public class ConfigurationUtils {
         }
         String csType = cs.getString("cs.type");
 
-        InstallTokenRequest data = new InstallTokenRequest(user, passwd, csType, CMS.getEEHost(), CMS.getAdminPort());
-
         ClientConfig config = new ClientConfig();
         config.setServerURI("https://" + sdhost + ":" + sdport + "/ca");
+        config.setUsername(user);
+        config.setPassword(passwd);
 
-        SystemConfigClient client = new SystemConfigClient(config);
+        SecurityDomainClient client = new SecurityDomainClient(config);
 
-        InstallToken token = null;
         try {
-            token = client.getInstallToken(data);
+            InstallToken token = client.getInstallToken(sdhost, csType);
             return token.getToken();
+
         } catch (ClientResponseFailure e) {
             if (e.getResponse().getResponseStatus() == Response.Status.NOT_FOUND) {
                 // try the old servlet
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java b/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java
new file mode 100644
index 000000000..f6cb4c638
--- /dev/null
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java
@@ -0,0 +1,112 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2012 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.cms.servlet.csadmin;
+
+import java.net.InetAddress;
+import java.util.Locale;
+import java.util.Random;
+
+import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.EPropertyNotFound;
+import com.netscape.certsrv.base.ISecurityDomainSessionTable;
+import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.base.UnauthorizedException;
+import com.netscape.certsrv.logging.ILogger;
+import com.netscape.certsrv.system.InstallToken;
+import com.netscape.cms.servlet.processors.Processor;
+
+/**
+ * @author Endi S. Dewata
+ */
+public class SecurityDomainProcessor extends Processor {
+
+    private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE =
+            "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
+
+    Random random = new Random();
+
+    public SecurityDomainProcessor(Locale locale) throws EPropertyNotFound, EBaseException {
+        super("securitydomain", locale);
+    }
+
+    public InstallToken getInstallToken(
+            String user,
+            String hostname,
+            String subsystem) throws EBaseException {
+
+        String groupname = ConfigurationUtils.getGroupName(user, subsystem);
+
+        if (groupname == null) {
+            String message = CMS.getLogMessage(
+                    LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
+                    user,
+                    ILogger.FAILURE,
+                    "Enterprise " + subsystem + " Administrators");
+            audit(message);
+
+            throw new UnauthorizedException("Access denied.");
+        }
+
+        String message = CMS.getLogMessage(
+                LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
+                user,
+                ILogger.SUCCESS,
+                groupname);
+        audit(message);
+
+        String ip = "";
+        try {
+            ip = InetAddress.getByName(hostname).getHostAddress();
+        } catch (Exception e) {
+            CMS.debug("Unable to determine IP address for "+hostname);
+        }
+
+        // assign cookie
+        Long num = random.nextLong();
+        String cookie = num.toString();
+
+        String auditParams = "operation;;issue_token+token;;" + cookie + "+ip;;" + ip +
+                      "+uid;;" + user + "+groupname;;" + groupname;
+
+        ISecurityDomainSessionTable ctable = CMS.getSecurityDomainSessionTable();
+        int status = ctable.addEntry(cookie, ip, user, groupname);
+
+        if (status == ISecurityDomainSessionTable.SUCCESS) {
+            message = CMS.getLogMessage(
+                               LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE,
+                               user,
+                               ILogger.SUCCESS,
+                               auditParams);
+            audit(message);
+
+        } else {
+            message = CMS.getLogMessage(
+                               LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE,
+                               user,
+                               ILogger.FAILURE,
+                               auditParams);
+            audit(message);
+
+            throw new PKIException("Failed to update security domain.");
+        }
+
+
+        return new InstallToken(cookie);
+    }
+}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainService.java b/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainService.java
new file mode 100644
index 000000000..3a2bac49c
--- /dev/null
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainService.java
@@ -0,0 +1,44 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2012 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.cms.servlet.csadmin;
+
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.system.InstallToken;
+import com.netscape.certsrv.system.SecurityDomainResource;
+import com.netscape.cms.servlet.base.PKIService;
+
+/**
+ * @author alee
+ */
+public class SecurityDomainService extends PKIService implements SecurityDomainResource {
+
+    @Override
+    public InstallToken getInstallToken(String hostname, String subsystem) {
+        try {
+            // Get uid from realm authentication.
+            String user = servletRequest.getUserPrincipal().getName();
+
+            SecurityDomainProcessor processor = new SecurityDomainProcessor(getLocale());
+            return processor.getInstallToken(user, hostname, subsystem);
+
+        } catch (EBaseException e) {
+            throw new PKIException(e.getMessage(), e);
+        }
+    }
+}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java
index 3bbe3ca80..8bc3c5946 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java
@@ -18,10 +18,8 @@
 package com.netscape.cms.servlet.csadmin;
 
 import java.math.BigInteger;
-import java.net.InetAddress;
 import java.net.MalformedURLException;
 import java.net.URL;
-import java.net.UnknownHostException;
 import java.security.NoSuchAlgorithmException;
 import java.util.Collection;
 import java.util.Enumeration;
@@ -46,7 +44,6 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.EPropertyNotFound;
 import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.ISecurityDomainSessionTable;
 import com.netscape.certsrv.base.PKIException;
 import com.netscape.certsrv.ca.ICertificateAuthority;
 import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
@@ -54,8 +51,6 @@ import com.netscape.certsrv.ocsp.IOCSPAuthority;
 import com.netscape.certsrv.system.ConfigurationRequest;
 import com.netscape.certsrv.system.ConfigurationResponse;
 import com.netscape.certsrv.system.DomainInfo;
-import com.netscape.certsrv.system.InstallToken;
-import com.netscape.certsrv.system.InstallTokenRequest;
 import com.netscape.certsrv.system.SystemCertData;
 import com.netscape.certsrv.system.SystemConfigResource;
 import com.netscape.certsrv.usrgrp.IUGSubsystem;
@@ -909,35 +904,6 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
     }
 
     @Override
-    public InstallToken getInstallToken(InstallTokenRequest data) {
-        // TODO Figure out how to do authentication here based on user/pass
-        // For now, allow all user/pass to be valid
-        CMS.debug("getInstallToken(): starting");
-        String user = data.getUser();
-        String host = data.getHost();
-        String subsystem = data.getSubsystem();
-        String groupname = ConfigurationUtils.getGroupName(user, subsystem);
-
-        // assign cookie
-        long num = random.nextLong();
-        String cookie = num + "";
-        ISecurityDomainSessionTable ctable = CMS.getSecurityDomainSessionTable();
-        String ip;
-        try {
-            ip = InetAddress.getByName(host).toString();
-        } catch (UnknownHostException e) {
-            throw new PKIException(Response.Status.BAD_REQUEST, "Unable to resolve host " + host +
-                    "to an IP address: " + e);
-        }
-        int index = ip.indexOf("/");
-        if (index > 0)  ip = ip.substring(index + 1);
-
-        ctable.addEntry(cookie, ip, user, groupname);
-
-        return new InstallToken(cookie);
-    }
-
-    @Override
     public DomainInfo getDomainInfo() {
         // TODO Auto-generated method stub for a RESTful method that returns the security domain
         return null;