diff options
Diffstat (limited to 'base/common/src/com/netscape/cms/servlet')
4 files changed, 162 insertions, 41 deletions
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java index 89233bdc2..531fc212f 100644 --- a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java +++ b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java @@ -146,8 +146,7 @@ import com.netscape.certsrv.ldap.ILdapConnFactory; import com.netscape.certsrv.ocsp.IDefStore; import com.netscape.certsrv.ocsp.IOCSPAuthority; import com.netscape.certsrv.system.InstallToken; -import com.netscape.certsrv.system.InstallTokenRequest; -import com.netscape.certsrv.system.SystemConfigClient; +import com.netscape.certsrv.system.SecurityDomainClient; import com.netscape.certsrv.usrgrp.EUsrGrpException; import com.netscape.certsrv.usrgrp.IGroup; import com.netscape.certsrv.usrgrp.IUGSubsystem; @@ -322,17 +321,17 @@ public class ConfigurationUtils { } String csType = cs.getString("cs.type"); - InstallTokenRequest data = new InstallTokenRequest(user, passwd, csType, CMS.getEEHost(), CMS.getAdminPort()); - ClientConfig config = new ClientConfig(); config.setServerURI("https://" + sdhost + ":" + sdport + "/ca"); + config.setUsername(user); + config.setPassword(passwd); - SystemConfigClient client = new SystemConfigClient(config); + SecurityDomainClient client = new SecurityDomainClient(config); - InstallToken token = null; try { - token = client.getInstallToken(data); + InstallToken token = client.getInstallToken(sdhost, csType); return token.getToken(); + } catch (ClientResponseFailure e) { if (e.getResponse().getResponseStatus() == Response.Status.NOT_FOUND) { // try the old servlet diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java b/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java new file mode 100644 index 000000000..f6cb4c638 --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java @@ -0,0 +1,112 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2012 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.csadmin; + +import java.net.InetAddress; +import java.util.Locale; +import java.util.Random; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.EPropertyNotFound; +import com.netscape.certsrv.base.ISecurityDomainSessionTable; +import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.base.UnauthorizedException; +import com.netscape.certsrv.logging.ILogger; +import com.netscape.certsrv.system.InstallToken; +import com.netscape.cms.servlet.processors.Processor; + +/** + * @author Endi S. Dewata + */ +public class SecurityDomainProcessor extends Processor { + + private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = + "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; + + Random random = new Random(); + + public SecurityDomainProcessor(Locale locale) throws EPropertyNotFound, EBaseException { + super("securitydomain", locale); + } + + public InstallToken getInstallToken( + String user, + String hostname, + String subsystem) throws EBaseException { + + String groupname = ConfigurationUtils.getGroupName(user, subsystem); + + if (groupname == null) { + String message = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + user, + ILogger.FAILURE, + "Enterprise " + subsystem + " Administrators"); + audit(message); + + throw new UnauthorizedException("Access denied."); + } + + String message = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + user, + ILogger.SUCCESS, + groupname); + audit(message); + + String ip = ""; + try { + ip = InetAddress.getByName(hostname).getHostAddress(); + } catch (Exception e) { + CMS.debug("Unable to determine IP address for "+hostname); + } + + // assign cookie + Long num = random.nextLong(); + String cookie = num.toString(); + + String auditParams = "operation;;issue_token+token;;" + cookie + "+ip;;" + ip + + "+uid;;" + user + "+groupname;;" + groupname; + + ISecurityDomainSessionTable ctable = CMS.getSecurityDomainSessionTable(); + int status = ctable.addEntry(cookie, ip, user, groupname); + + if (status == ISecurityDomainSessionTable.SUCCESS) { + message = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, + user, + ILogger.SUCCESS, + auditParams); + audit(message); + + } else { + message = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, + user, + ILogger.FAILURE, + auditParams); + audit(message); + + throw new PKIException("Failed to update security domain."); + } + + + return new InstallToken(cookie); + } +} diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainService.java b/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainService.java new file mode 100644 index 000000000..3a2bac49c --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainService.java @@ -0,0 +1,44 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2012 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.csadmin; + +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.system.InstallToken; +import com.netscape.certsrv.system.SecurityDomainResource; +import com.netscape.cms.servlet.base.PKIService; + +/** + * @author alee + */ +public class SecurityDomainService extends PKIService implements SecurityDomainResource { + + @Override + public InstallToken getInstallToken(String hostname, String subsystem) { + try { + // Get uid from realm authentication. + String user = servletRequest.getUserPrincipal().getName(); + + SecurityDomainProcessor processor = new SecurityDomainProcessor(getLocale()); + return processor.getInstallToken(user, hostname, subsystem); + + } catch (EBaseException e) { + throw new PKIException(e.getMessage(), e); + } + } +} diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java index 3bbe3ca80..8bc3c5946 100644 --- a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java +++ b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java @@ -18,10 +18,8 @@ package com.netscape.cms.servlet.csadmin; import java.math.BigInteger; -import java.net.InetAddress; import java.net.MalformedURLException; import java.net.URL; -import java.net.UnknownHostException; import java.security.NoSuchAlgorithmException; import java.util.Collection; import java.util.Enumeration; @@ -46,7 +44,6 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.EPropertyNotFound; import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.base.ISecurityDomainSessionTable; import com.netscape.certsrv.base.PKIException; import com.netscape.certsrv.ca.ICertificateAuthority; import com.netscape.certsrv.dbs.certdb.ICertificateRepository; @@ -54,8 +51,6 @@ import com.netscape.certsrv.ocsp.IOCSPAuthority; import com.netscape.certsrv.system.ConfigurationRequest; import com.netscape.certsrv.system.ConfigurationResponse; import com.netscape.certsrv.system.DomainInfo; -import com.netscape.certsrv.system.InstallToken; -import com.netscape.certsrv.system.InstallTokenRequest; import com.netscape.certsrv.system.SystemCertData; import com.netscape.certsrv.system.SystemConfigResource; import com.netscape.certsrv.usrgrp.IUGSubsystem; @@ -909,35 +904,6 @@ public class SystemConfigService extends PKIService implements SystemConfigResou } @Override - public InstallToken getInstallToken(InstallTokenRequest data) { - // TODO Figure out how to do authentication here based on user/pass - // For now, allow all user/pass to be valid - CMS.debug("getInstallToken(): starting"); - String user = data.getUser(); - String host = data.getHost(); - String subsystem = data.getSubsystem(); - String groupname = ConfigurationUtils.getGroupName(user, subsystem); - - // assign cookie - long num = random.nextLong(); - String cookie = num + ""; - ISecurityDomainSessionTable ctable = CMS.getSecurityDomainSessionTable(); - String ip; - try { - ip = InetAddress.getByName(host).toString(); - } catch (UnknownHostException e) { - throw new PKIException(Response.Status.BAD_REQUEST, "Unable to resolve host " + host + - "to an IP address: " + e); - } - int index = ip.indexOf("/"); - if (index > 0) ip = ip.substring(index + 1); - - ctable.addEntry(cookie, ip, user, groupname); - - return new InstallToken(cookie); - } - - @Override public DomainInfo getDomainInfo() { // TODO Auto-generated method stub for a RESTful method that returns the security domain return null; |