summaryrefslogtreecommitdiffstats
path: root/base/common/src
diff options
context:
space:
mode:
Diffstat (limited to 'base/common/src')
-rw-r--r--base/common/src/com/netscape/certsrv/connector/IConnector.java5
-rw-r--r--base/common/src/com/netscape/certsrv/connector/IResender.java3
-rw-r--r--base/common/src/com/netscape/certsrv/system/KRAConnectorClient.java54
-rw-r--r--base/common/src/com/netscape/certsrv/system/KRAConnectorInfo.java184
-rw-r--r--base/common/src/com/netscape/certsrv/system/KRAConnectorResource.java55
-rw-r--r--base/common/src/com/netscape/cms/servlet/admin/KRAConnectorProcessor.java223
-rw-r--r--base/common/src/com/netscape/cms/servlet/admin/KRAConnectorService.java61
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java84
-rw-r--r--base/common/src/com/netscape/cmscore/connector/HttpConnector.java11
-rw-r--r--base/common/src/com/netscape/cmscore/connector/LocalConnector.java3
-rw-r--r--base/common/src/com/netscape/cmscore/connector/Resender.java68
11 files changed, 663 insertions, 88 deletions
diff --git a/base/common/src/com/netscape/certsrv/connector/IConnector.java b/base/common/src/com/netscape/certsrv/connector/IConnector.java
index 61001be5b..02e7231ab 100644
--- a/base/common/src/com/netscape/certsrv/connector/IConnector.java
+++ b/base/common/src/com/netscape/certsrv/connector/IConnector.java
@@ -58,4 +58,9 @@ public interface IConnector {
* Starts this connector.
*/
public void start();
+
+ /**
+ * Stop the connector.
+ */
+ public void stop();
}
diff --git a/base/common/src/com/netscape/certsrv/connector/IResender.java b/base/common/src/com/netscape/certsrv/connector/IResender.java
index b1cd6149e..0b643c272 100644
--- a/base/common/src/com/netscape/certsrv/connector/IResender.java
+++ b/base/common/src/com/netscape/certsrv/connector/IResender.java
@@ -36,4 +36,7 @@ public interface IResender extends Runnable {
*/
public void addRequest(IRequest r);
+ public void start(final String name);
+
+ public void stop();
}
diff --git a/base/common/src/com/netscape/certsrv/system/KRAConnectorClient.java b/base/common/src/com/netscape/certsrv/system/KRAConnectorClient.java
new file mode 100644
index 000000000..f7b2c7246
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/system/KRAConnectorClient.java
@@ -0,0 +1,54 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2013 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+package com.netscape.certsrv.system;
+import java.net.URISyntaxException;
+
+import com.netscape.certsrv.client.ClientConfig;
+import com.netscape.certsrv.client.PKIClient;
+import com.netscape.certsrv.client.PKIConnection;
+
+/**
+ * @author Ade Lee
+ */
+public class KRAConnectorClient extends PKIClient {
+ public KRAConnectorResource kraConnectorClient;
+
+ public KRAConnectorClient(PKIConnection connection) throws URISyntaxException {
+ super(connection);
+ init();
+ }
+
+ public KRAConnectorClient(ClientConfig config) throws URISyntaxException {
+ super(config);
+ init();
+ }
+
+ public void init() throws URISyntaxException {
+ kraConnectorClient = createProxy(KRAConnectorResource.class);
+ }
+
+ public void addConnector(KRAConnectorInfo info) {
+ kraConnectorClient.addConnector(info);
+ }
+
+ public void removeConnector(String host, String port) {
+ kraConnectorClient.removeConnector(host, port);
+ }
+
+}
diff --git a/base/common/src/com/netscape/certsrv/system/KRAConnectorInfo.java b/base/common/src/com/netscape/certsrv/system/KRAConnectorInfo.java
new file mode 100644
index 000000000..a8caca601
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/system/KRAConnectorInfo.java
@@ -0,0 +1,184 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2013 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.system;
+
+import java.io.ByteArrayOutputStream;
+
+import javax.ws.rs.core.MultivaluedMap;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.Marshaller;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+
+/**
+ * @author Ade Lee
+ */
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+public class KRAConnectorInfo {
+ private static final String HOST = "host";
+ private static final String PORT = "port";
+ private static final String TRANSPORT_CERT= "transportCert";
+ private static final String URI = "uri";
+ private static final String TIMEOUT = "timeout";
+ private static final String LOCAL = "local";
+ private static final String ENABLE = "enable";
+
+ @XmlElement
+ String host;
+
+ @XmlElement
+ String port;
+
+ @XmlElement
+ String transportCert;
+
+ @XmlElement
+ String uri;
+
+ @XmlElement
+ String timeout;
+
+ @XmlElement
+ String local;
+
+ @XmlElement
+ String enable;
+
+ public KRAConnectorInfo() {
+ // needed for jaxb
+ }
+
+ public KRAConnectorInfo(MultivaluedMap<String, String> form) {
+ host = form.getFirst(HOST);
+ port = form.getFirst(PORT);
+ transportCert = form.getFirst(TRANSPORT_CERT);
+ uri = form.getFirst(URI);
+ timeout = form.getFirst(TIMEOUT);
+ local = form.getFirst(LOCAL);
+ enable = form.getFirst(ENABLE);
+ }
+
+ public String getHost() {
+ return host;
+ }
+
+ public void setHost(String host) {
+ this.host = host;
+ }
+
+ public String getPort() {
+ return port;
+ }
+
+ public void setPort(String port) {
+ this.port = port;
+ }
+
+ public String getTransportCert() {
+ return transportCert;
+ }
+
+ public void setTransportCert(String transportCert) {
+ this.transportCert = transportCert;
+ }
+
+ public String getUri() {
+ return uri;
+ }
+
+ public void setUri(String uri) {
+ this.uri = uri;
+ }
+
+ public String getTimeout() {
+ return timeout;
+ }
+
+ public void setTimeout(String timeout) {
+ this.timeout = timeout;
+ }
+
+ public String getLocal() {
+ return local;
+ }
+
+ public void setLocal(String local) {
+ this.local = local;
+ }
+
+ public String getEnable() {
+ return enable;
+ }
+
+ public void setEnable(String enable) {
+ this.enable = enable;
+ }
+
+ public String toString() {
+ try {
+ JAXBContext context = JAXBContext.newInstance(KRAConnectorInfo.class);
+ Marshaller marshaller = context.createMarshaller();
+ marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
+
+ ByteArrayOutputStream stream = new ByteArrayOutputStream();
+
+ marshaller.marshal(this, stream);
+ return stream.toString();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ return null;
+ }
+
+ public static void main(String args[]) throws Exception {
+ KRAConnectorInfo info = new KRAConnectorInfo();
+ info.setEnable("true");
+ info.setHost("host1.example.com");
+ info.setLocal("false");
+ info.setPort("8443");
+ info.setTimeout("30");
+ info.setUri("");
+ info.setTransportCert(
+ "MIIDnDCCAoSgAwIBAgIBDzANBgkqhkiG9w0BAQsFADBGMSMwIQYDVQQKExpyZWRo" +
+ "YXQuY29tIFNlY3VyaXR5IERvbWFpbjEfMB0GA1UEAxMWQ0EgU2lnbmluZyBDZXJ0" +
+ "aWZpY2F0ZTAeFw0xMzAxMDkyMTE5MDBaFw0xNDEyMzAyMTE5MDBaMEkxIzAhBgNV" +
+ "BAoTGnJlZGhhdC5jb20gU2VjdXJpdHkgRG9tYWluMSIwIAYDVQQDExlEUk0gVHJh" +
+ "bnNwb3J0IENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC" +
+ "AQEAqayxDggWH9Cld0O/j+HDfv7cLQexYiaDq/sEcFPYkREGisaxZggiovqLfMkz" +
+ "rSjutVtHuIEb3pU9frHYUjskbzdMbeU3nqDnA/ZPUw+YJe/6l19AbieADVB/L+6p" +
+ "TkNMwS/xsQIRnalYW9R4rebw3WiwQFxVHIorGL9qxUS5d12uguJokH/CbIML9Pek" +
+ "NgAZRGx87J4UkqTe5FImuEX8EwVWoW8Huc8QDthk1w5osz3jOTefwrJBEiI54d9F" +
+ "hl4O8ckXfecCAPYfn0Mi54I1VAbSRZEiq6GJ/xrN1IwLkaG7EmXtLU2IkaMz62MJ" +
+ "UmgBrlrtRj1eyAXLGwS4Fh4NVwIDAQABo4GRMIGOMB8GA1UdIwQYMBaAFMjscbmB" +
+ "k0Gz2wVxGWkn9bjSA88wMEYGCCsGAQUFBwEBBDowODA2BggrBgEFBQcwAYYqaHR0" +
+ "cDovL2FsZWUtd29ya3BjLnJlZGhhdC5jb206ODI4MC9jYS9vY3NwMA4GA1UdDwEB" +
+ "/wQEAwIE8DATBgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEA" +
+ "gCCPZ5+pkxZDgKJpisJ8/5TfKtN/q5pO8CNKIM9Cz78ucGEaR2lzJVH5EOdO2ZM6" +
+ "y+5AhK2hcKifNI3DPAfYdYsSVBR6Mrij4/aAMZlqtKjlNs/LJ2TdKGRxxYsEAQL+" +
+ "OToCfXijDh0kzQ9oSII+9fBCWljkq/K89bSGcwR/y1v+ll+z9Wci+QAFKUzmqZyL" +
+ "eEbOOmYhgvVSnYV1XdB6lbWQOOdpytvECl1UaQUSsDfJkk8mH1Fkl0dnrChh7mXM" +
+ "2ZBYwBsI2DhAyWBKQgQfgxQwxmobbg6BVnn9/CW7gJ0Gwb+VJEvRtaBOnjliP74/" +
+ "Jb+fenCZE47zRNCDubBe+Q==");
+
+ System.out.println(info);
+ }
+}
+
diff --git a/base/common/src/com/netscape/certsrv/system/KRAConnectorResource.java b/base/common/src/com/netscape/certsrv/system/KRAConnectorResource.java
new file mode 100644
index 000000000..01f159e96
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/system/KRAConnectorResource.java
@@ -0,0 +1,55 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2013 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.system;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.FormParam;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.MultivaluedMap;
+
+import com.netscape.certsrv.acls.ACLMapping;
+
+/**
+ * @author Ade Lee
+ */
+@Path("admin/kraconnector")
+@ACLMapping("admin.kraconnector")
+public interface KRAConnectorResource {
+
+ @POST
+ @Path("add")
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
+ @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
+ public void addConnector(KRAConnectorInfo info);
+
+ @POST
+ @Path("add")
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
+ @Consumes({ MediaType.APPLICATION_FORM_URLENCODED })
+ public void addConnector(MultivaluedMap<String, String> form);
+
+ @POST
+ @Path("remove")
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
+ @Consumes({ MediaType.APPLICATION_FORM_URLENCODED })
+ public void removeConnector(@FormParam("host") String host, @FormParam("port") String port);
+
+}
diff --git a/base/common/src/com/netscape/cms/servlet/admin/KRAConnectorProcessor.java b/base/common/src/com/netscape/cms/servlet/admin/KRAConnectorProcessor.java
new file mode 100644
index 000000000..61536f346
--- /dev/null
+++ b/base/common/src/com/netscape/cms/servlet/admin/KRAConnectorProcessor.java
@@ -0,0 +1,223 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2013 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.cms.servlet.admin;
+
+import java.util.ArrayList;
+import java.util.Locale;
+
+import org.apache.commons.lang.StringUtils;
+
+import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.BadRequestException;
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.EPropertyNotFound;
+import com.netscape.certsrv.base.IConfigStore;
+import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.ca.ICAService;
+import com.netscape.certsrv.ca.ICertificateAuthority;
+import com.netscape.certsrv.connector.IConnector;
+import com.netscape.certsrv.system.KRAConnectorInfo;
+import com.netscape.cms.servlet.processors.Processor;
+
+/**
+ * @author Ade Lee
+ */
+public class KRAConnectorProcessor extends Processor {
+ private boolean connectorExists = false;
+
+ // Connector constants
+ public final static String PREFIX = "ca.connector.KRA";
+
+ public KRAConnectorProcessor(Locale locale) throws EPropertyNotFound, EBaseException {
+ super("kraconnector", locale);
+ ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+ ICAService caService = (ICAService)ca.getCAService();
+ connectorExists = (caService.getKRAConnector() != null)? true:false;
+ }
+
+ public void removeConnector(String newHost, String newPort) throws EPropertyNotFound, EBaseException {
+ if (! connectorExists) {
+ CMS.debug("removeConnector: no KRA connector exists, returning success");
+ return;
+ }
+
+ if ((newHost == null) || (newPort == null)) {
+ CMS.debug("removeConnector: malformed request. newHost or newPort is null");
+ throw new BadRequestException("Bad Request: KRA Host or Port not defined");
+ }
+ IConfigStore cs = CMS.getConfigStore();
+ String host = cs.getString(PREFIX + ".host");
+ String port = cs.getString(PREFIX + ".port");
+
+ if ((host == null) || (port == null)) {
+ CMS.debug("removeConnector: bad connector configuration - host or port are null");
+ throw new PKIException("Bad Connector configuration on this CA");
+ }
+
+ String hostport = newHost + ":" + newPort;
+ if ((host.equals(newHost)) && port.equals(newPort)) {
+ CMS.debug("removeConnector: Removing " + PREFIX + " substore");
+ cs.removeSubStore(PREFIX);
+ cs.commit(true);
+ deleteConnector();
+ } else if (host.indexOf(' ') != -1) { // host is a list
+ String[] hostList = host.trim().split(" ");
+ ArrayList<String> finalList = new ArrayList<String>();
+ for (String h : hostList) {
+ if (! h.equals(hostport)) {
+ finalList.add(h);
+ }
+ }
+ if (finalList.size() == hostList.length) {
+ CMS.debug("removeConnector: no connector for " + hostport + " exists. Returning success");
+ return;
+ }
+
+ CMS.debug("removeConnector: Removing " + hostport + " from " + PREFIX);
+
+ if (finalList.size() == 0) {
+ CMS.debug("removeConnector: Removing " + PREFIX + " substore");
+ cs.removeSubStore(PREFIX);
+ cs.commit(true);
+ deleteConnector();
+ } else if (finalList.size() == 1) {
+ cs.putString(PREFIX + ".host", finalList.get(0).split(":")[0]);
+ cs.putString(PREFIX + ".port", finalList.get(0).split(":")[1]);
+ cs.commit(true);
+ replaceConnector();
+ } else {
+ String finalString = StringUtils.join(finalList, " ");
+ cs.putString(PREFIX + ".host", finalString.trim());
+ cs.commit(true);
+ replaceConnector();
+ }
+ } else {
+ CMS.debug("removeConnector: no connector for " + hostport + " exists. Returning success");
+ }
+ }
+
+ public void stopConnector() {
+ ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+ ICAService caService = (ICAService)ca.getCAService();
+ IConnector kraConnector = caService.getKRAConnector();
+ if (kraConnector != null) {
+ kraConnector.stop();
+ }
+ }
+
+ public void startConnector() {
+ ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+ ICAService caService = (ICAService)ca.getCAService();
+ IConnector kraConnector = caService.getKRAConnector();
+ if (kraConnector != null) {
+ kraConnector.start();
+ }
+ }
+
+ public void replaceConnector() throws EBaseException {
+ // stop the old connector
+ stopConnector();
+
+ ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+ ICAService caService = (ICAService)ca.getCAService();
+ IConfigStore cs = CMS.getConfigStore();
+
+ IConnector kraConnector = caService.getConnector(cs.getSubStore(PREFIX));
+ caService.setKRAConnector(kraConnector);
+
+ startConnector();
+ }
+
+ public void deleteConnector() {
+ stopConnector();
+
+ ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+ ICAService caService = (ICAService)ca.getCAService();
+ caService.setKRAConnector(null);
+ }
+
+ public void addConnector(KRAConnectorInfo info) throws EPropertyNotFound, EBaseException {
+ IConfigStore cs = CMS.getConfigStore();
+ String newHost = info.getHost();
+ String newPort = info.getPort();
+ String newTransportCert = info.getTransportCert();
+
+ if ((newHost == null) || (newPort == null) || (newTransportCert == null)) {
+ CMS.debug("addConnector: malformed request. newHost, newPort or transport cert is null");
+ throw new BadRequestException("Bad Request: KRA host, port or transport cert not defined");
+ }
+
+ if (connectorExists) {
+ String host = cs.getString(PREFIX + ".host");
+ String port = cs.getString(PREFIX + ".port");
+
+ if ((!host.equals(newHost)) || (!port.equals(newPort))) { //existing connector is not the same
+
+ // check transport cert
+ String transportCert = cs.getString(PREFIX + ".transportCert");
+ if (!transportCert.equals(newTransportCert)) {
+ CMS.debug("addConnector: Connector is already defined");
+ throw new BadRequestException("KRA connector has already been defined for this CA");
+ }
+
+ String hostport = newHost + ":" + newPort;
+ if (host.indexOf(' ') != -1) { // host is a list
+ String[] hostList = host.trim().split(" ");
+ for (String h : hostList) {
+ if (h.equals(hostport)) {
+ CMS.debug("addConnector: connector for " + hostport +
+ " is already present. Returning success");
+ return;
+ }
+ }
+
+ CMS.debug("addConnector: adding " + hostport + " to KRA connector host list");
+ cs.putString(PREFIX + ".host", host + " " + hostport);
+ cs.commit(true);
+ replaceConnector();
+ return;
+ } else { // host is not a list, turn it into one
+ CMS.debug("addConnector: adding " + hostport + " to KRA connector");
+ cs.putString(PREFIX + ".host", host + ":" + port + " " + hostport);
+ cs.commit(true);
+ replaceConnector();
+ return;
+ }
+ }
+ }
+
+ // connector does not exist, or existing connector is the same host/port and we are replacing it
+ cs.putString(PREFIX + ".host", info.getHost());
+ cs.putString(PREFIX + ".port", info.getPort());
+ cs.putString(PREFIX + ".enable", info.getEnable() != null ? info.getEnable() : "true");
+ cs.putString(PREFIX + ".local", info.getLocal() != null ? info.getLocal(): "false");
+ cs.putString(PREFIX + ".timeout", info.getTimeout() != null ? info.getTimeout() : "30");
+ cs.putString(PREFIX + ".uri", info.getUri() != null ? info.getUri() : "/kra/agent/kra/connector");
+ cs.putString(PREFIX + ".transportCert", info.getTransportCert());
+
+ String nickname = cs.getString("ca.subsystem.nickname", "");
+ String tokenname = cs.getString("ca.subsystem.tokenname", "");
+ if (!tokenname.equals("Internal Key Storage Token"))
+ nickname = tokenname + ":" + nickname;
+ cs.putString(PREFIX + ".nickName", nickname);
+ cs.commit(true);
+
+ replaceConnector();
+ }
+
+}
diff --git a/base/common/src/com/netscape/cms/servlet/admin/KRAConnectorService.java b/base/common/src/com/netscape/cms/servlet/admin/KRAConnectorService.java
new file mode 100644
index 000000000..b1d0b07c2
--- /dev/null
+++ b/base/common/src/com/netscape/cms/servlet/admin/KRAConnectorService.java
@@ -0,0 +1,61 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2013 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.cms.servlet.admin;
+
+import javax.ws.rs.core.MultivaluedMap;
+
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.system.KRAConnectorInfo;
+import com.netscape.certsrv.system.KRAConnectorResource;
+import com.netscape.cms.servlet.base.PKIService;
+
+/**
+ * @author Ade Lee
+ */
+public class KRAConnectorService extends PKIService implements KRAConnectorResource {
+
+ @Override
+ public void addConnector(KRAConnectorInfo info) {
+ try {
+ KRAConnectorProcessor processor = new KRAConnectorProcessor(getLocale());
+ processor.addConnector(info);
+ } catch (EBaseException e) {
+ e.printStackTrace();
+ throw new PKIException(e.getMessage());
+ }
+ }
+
+ @Override
+ public void removeConnector(String host, String port) {
+ try {
+ KRAConnectorProcessor processor = new KRAConnectorProcessor(getLocale());
+ processor.removeConnector(host, port);
+ } catch (EBaseException e) {
+ e.printStackTrace();
+ throw new PKIException(e.getMessage());
+ }
+ }
+
+ @Override
+ public void addConnector(MultivaluedMap<String, String> form) {
+ KRAConnectorInfo info = new KRAConnectorInfo(form);
+ addConnector(info);
+ }
+
+}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java b/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java
index b62e184b7..b2d081f22 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java
@@ -18,7 +18,6 @@
package com.netscape.cms.servlet.csadmin;
import java.io.IOException;
-import java.util.Enumeration;
import java.util.Locale;
import javax.servlet.ServletConfig;
@@ -26,6 +25,7 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.jboss.resteasy.spi.BadRequestException;
import org.w3c.dom.Node;
import com.netscape.certsrv.apps.CMS;
@@ -33,11 +33,10 @@ import com.netscape.certsrv.authentication.IAuthToken;
import com.netscape.certsrv.authorization.AuthzToken;
import com.netscape.certsrv.authorization.EAuthzAccessDenied;
import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.ca.ICAService;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.connector.IConnector;
+import com.netscape.certsrv.base.PKIException;
import com.netscape.certsrv.logging.ILogger;
+import com.netscape.certsrv.system.KRAConnectorInfo;
+import com.netscape.cms.servlet.admin.KRAConnectorProcessor;
import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.base.UserInfo;
import com.netscape.cms.servlet.common.CMSRequest;
@@ -46,9 +45,6 @@ import com.netscape.cmsutil.xml.XMLObject;
public class UpdateConnector extends CMSServlet {
- /**
- *
- */
private static final long serialVersionUID = 972871860008509849L;
private final static String SUCCESS = "0";
private final static String FAILED = "1";
@@ -69,6 +65,18 @@ public class UpdateConnector extends CMSServlet {
CMS.debug("UpdateConnector: done initializing...");
}
+ public KRAConnectorInfo createConnectorInfo(HttpServletRequest httpReq) {
+ KRAConnectorInfo info = new KRAConnectorInfo();
+ info.setHost(httpReq.getParameter(KRAConnectorProcessor.PREFIX + ".host"));
+ info.setPort(httpReq.getParameter(KRAConnectorProcessor.PREFIX + ".port"));
+ info.setTimeout(httpReq.getParameter(KRAConnectorProcessor.PREFIX + ".timeout"));
+ info.setTransportCert(httpReq.getParameter(KRAConnectorProcessor.PREFIX + ".transportCert"));
+ info.setUri(httpReq.getParameter(KRAConnectorProcessor.PREFIX + ".uri"));
+ info.setLocal(httpReq.getParameter(KRAConnectorProcessor.PREFIX + ".local"));
+ info.setEnable(httpReq.getParameter(KRAConnectorProcessor.PREFIX + ".enable"));
+ return info;
+ }
+
/**
* Process the HTTP request.
*/
@@ -122,47 +130,15 @@ public class UpdateConnector extends CMSServlet {
return;
}
- // check if connector exists
- ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
- ICAService caService = (ICAService)ca.getCAService();
- boolean connectorExists = (caService.getKRAConnector() != null)? true:false;
- if (connectorExists) {
- CMS.debug("UpdateConnector: KRA connector already exists");
- } else {
- IConfigStore cs = CMS.getConfigStore();
-
- @SuppressWarnings("unchecked")
- Enumeration<String> list = httpReq.getParameterNames();
- while (list.hasMoreElements()) {
- String name = list.nextElement();
- String val = httpReq.getParameter(name);
- if (name != null && name.startsWith("ca.connector")) {
- CMS.debug("Adding connector update name=" + name + " val=" + val);
- cs.putString(name, val);
- } else {
- CMS.debug("Skipping connector update name=" + name + " val=" + val);
- }
- }
-
- try {
- String nickname = cs.getString("ca.subsystem.nickname", "");
- String tokenname = cs.getString("ca.subsystem.tokenname", "");
- if (!tokenname.equals("Internal Key Storage Token"))
- nickname = tokenname + ":" + nickname;
- cs.putString("ca.connector.KRA.nickName", nickname);
- cs.commit(false);
- } catch (Exception e) {
- }
-
- // start the connector
- try {
- IConnector kraConnector = caService.getConnector(
- cs.getSubStore("ca.connector.KRA"));
- caService.setKRAConnector(kraConnector);
- kraConnector.start();
- } catch (Exception e) {
- CMS.debug("Failed to start connector " + e);
- }
+ String status = SUCCESS;
+ String error = "";
+ KRAConnectorProcessor processor = new KRAConnectorProcessor(getLocale(httpReq));
+ KRAConnectorInfo info = createConnectorInfo(httpReq);
+ try {
+ processor.addConnector(info);
+ } catch (BadRequestException | PKIException e) {
+ status = FAILED;
+ error = e.getMessage();
}
// send success status back to the requestor
@@ -170,13 +146,13 @@ public class UpdateConnector extends CMSServlet {
CMS.debug("UpdateConnector: Sending response");
XMLObject xmlObj = new XMLObject();
Node root = xmlObj.createRoot("XMLResponse");
-
- if (connectorExists) {
- xmlObj.addItemToContainer(root, "Status", FAILED);
- xmlObj.addItemToContainer(root, "Error", "DRM connector already exists.");
- } else {
+ if (status.equals(SUCCESS)) {
xmlObj.addItemToContainer(root, "Status", SUCCESS);
+ } else {
+ xmlObj.addItemToContainer(root, "Status", FAILED);
+ xmlObj.addItemToContainer(root, "Error", error);
}
+
byte[] cb = xmlObj.toByteArray();
outputResult(httpResp, "application/xml", cb);
diff --git a/base/common/src/com/netscape/cmscore/connector/HttpConnector.java b/base/common/src/com/netscape/cmscore/connector/HttpConnector.java
index f947164d9..33b0d62b7 100644
--- a/base/common/src/com/netscape/cmscore/connector/HttpConnector.java
+++ b/base/common/src/com/netscape/cmscore/connector/HttpConnector.java
@@ -43,7 +43,6 @@ public class HttpConnector implements IConnector {
// XXX todo make this a pool.
// XXX use CMMF in the future.
protected IHttpConnection mConn = null;
- private Thread mResendThread = null;
private IResender mResender = null;
@SuppressWarnings("unused")
private int mTimeout;
@@ -73,7 +72,6 @@ public class HttpConnector implements IConnector {
// mConn = CMS.getHttpConnection(dest, mFactory);
// this will start resending past requests in parallel.
mResender = CMS.getResender(mSource, nickName, dest, resendInterval);
- mResendThread = new Thread(mResender, "HttpConnector");
}
// Inserted by beomsuk
@@ -98,7 +96,6 @@ public class HttpConnector implements IConnector {
// this will start resending past requests in parallel.
mResender = CMS.getResender(mSource, nickName, dest, resendInterval);
- mResendThread = new Thread(mResender, "HttpConnector");
}
// Insert end
@@ -202,7 +199,13 @@ public class HttpConnector implements IConnector {
}
public void start() {
- mResendThread.start();
+ CMS.debug("Starting HttpConnector resender thread");
+ mResender.start("HttpConnector");
+ }
+
+ public void stop() {
+ CMS.debug("Stopping HttpConnector resender thread");
+ mResender.stop();
}
}
diff --git a/base/common/src/com/netscape/cmscore/connector/LocalConnector.java b/base/common/src/com/netscape/cmscore/connector/LocalConnector.java
index c4eb78625..ba2db83a1 100644
--- a/base/common/src/com/netscape/cmscore/connector/LocalConnector.java
+++ b/base/common/src/com/netscape/cmscore/connector/LocalConnector.java
@@ -204,6 +204,9 @@ public class LocalConnector implements IConnector {
public void start() {
}
+ public void stop() {
+ }
+
protected void transferRequest(IRequest src, IRequest dest) {
RequestTransfer.transfer(src, dest);
}
diff --git a/base/common/src/com/netscape/cmscore/connector/Resender.java b/base/common/src/com/netscape/cmscore/connector/Resender.java
index e1b19749a..a949b993e 100644
--- a/base/common/src/com/netscape/cmscore/connector/Resender.java
+++ b/base/common/src/com/netscape/cmscore/connector/Resender.java
@@ -20,6 +20,10 @@ package com.netscape.cmscore.connector;
import java.io.IOException;
import java.util.Enumeration;
import java.util.Vector;
+import java.util.concurrent.Executors;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.ThreadFactory;
+import java.util.concurrent.TimeUnit;
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.authority.IAuthority;
@@ -40,14 +44,12 @@ import com.netscape.cmsutil.http.JssSSLSocketFactory;
* Default interval is 5 minutes.
*/
public class Resender implements IResender {
- public static final int SECOND = 1000; //milliseconds
- public static final int MINUTE = 60 * SECOND;
- public static final int HOUR = 60 * MINUTE;
- public static final int DAY = 24 * HOUR;
+ public static final int MINUTE = 60;
protected IAuthority mAuthority = null;
IRequestQueue mQueue = null;
protected IRemoteAuthority mDest = null;
+ ScheduledExecutorService executorService;
/* Vector of Request Id *Strings* */
protected Vector<String> mRequestIds = new Vector<String>();
@@ -55,6 +57,7 @@ public class Resender implements IResender {
protected HttpConnection mConn = null;
protected String mNickName = null;
+ protected boolean connected = false;
// default interval.
// XXX todo add another interval for requests unsent because server
@@ -66,9 +69,6 @@ public class Resender implements IResender {
mQueue = mAuthority.getRequestQueue();
mDest = dest;
mNickName = nickName;
-
- //mConn = new HttpConnection(dest,
- // new JssSSLSocketFactory(nickName));
}
public Resender(
@@ -77,11 +77,9 @@ public class Resender implements IResender {
mAuthority = authority;
mQueue = mAuthority.getRequestQueue();
mDest = dest;
+ mNickName = nickName;
if (interval > 0)
- mInterval = interval * SECOND; // interval specified in seconds.
-
- //mConn = new HttpConnection(dest,
- // new JssSSLSocketFactory(nickName));
+ mInterval = interval; // interval specified in seconds.
}
// must be done after a subsystem 'start' so queue is initialized.
@@ -93,9 +91,7 @@ public class Resender implements IResender {
while (list != null && list.hasMoreElements()) {
RequestId rid = list.nextRequestId();
-
- CMS.debug(
- "added request Id " + rid + " in init to resend queue.");
+ CMS.debug("added request Id " + rid + " in init to resend queue.");
// note these are added as strings
mRequestIds.addElement(rid.toString());
}
@@ -106,26 +102,38 @@ public class Resender implements IResender {
// note the request ids are added as strings.
mRequestIds.addElement(r.getRequestId().toString());
}
- CMS.debug(
- "added " + r.getRequestId() + " to resend queue");
+ CMS.debug("added " + r.getRequestId() + " to resend queue");
}
- public void run() {
-
- CMS.debug("Resender: In resender Thread run:");
- mConn = new HttpConnection(mDest,
- new JssSSLSocketFactory(mNickName));
- initRequests();
+ public void start(final String name) {
+ CMS.debug("Starting resender thread with interval " + mInterval);
- do {
- resend();
- try {
- Thread.sleep(mInterval);
- } catch (InterruptedException e) {
- mAuthority.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CONNECTOR_RESENDER_INTERRUPTED"));
- continue;
+ // schedule task to run immediately and repeat after specified interval
+ executorService = Executors.newSingleThreadScheduledExecutor(new ThreadFactory() {
+ public Thread newThread(Runnable r) {
+ return new Thread(r, name);
}
- } while (true);
+ });
+ executorService.scheduleWithFixedDelay(this, 0, mInterval, TimeUnit.SECONDS);
+
+ }
+
+ public void run() {
+ if (! CMS.isInRunningState())
+ return;
+
+ if (! connected) {
+ CMS.debug("Connecting ...");
+ mConn = new HttpConnection(mDest, new JssSSLSocketFactory(mNickName));
+ initRequests();
+ connected = true;
+ }
+ resend();
+ }
+
+ public void stop() {
+ // shutdown executorService without interrupting running task
+ if (executorService != null) executorService.shutdown();
}
private void resend() {