summaryrefslogtreecommitdiffstats
path: root/base/common
diff options
context:
space:
mode:
Diffstat (limited to 'base/common')
-rw-r--r--base/common/src/com/netscape/certsrv/system/InstallToken.java7
-rw-r--r--base/common/src/com/netscape/certsrv/system/InstallTokenRequest.java99
-rw-r--r--base/common/src/com/netscape/certsrv/system/SecurityDomainClient.java42
-rw-r--r--base/common/src/com/netscape/certsrv/system/SecurityDomainResource.java38
-rw-r--r--base/common/src/com/netscape/certsrv/system/SystemConfigClient.java4
-rw-r--r--base/common/src/com/netscape/certsrv/system/SystemConfigResource.java6
-rw-r--r--base/common/src/com/netscape/cms/authorization/AAclAuthz.java4
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java13
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java112
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainService.java44
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java34
11 files changed, 248 insertions, 155 deletions
diff --git a/base/common/src/com/netscape/certsrv/system/InstallToken.java b/base/common/src/com/netscape/certsrv/system/InstallToken.java
index aa34893a1..06accc3f2 100644
--- a/base/common/src/com/netscape/certsrv/system/InstallToken.java
+++ b/base/common/src/com/netscape/certsrv/system/InstallToken.java
@@ -14,7 +14,7 @@
//
// (C) 2012 Red Hat, Inc.
// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
+// --- END COPYRIGHT BLOCK ---
package com.netscape.certsrv.system;
import javax.xml.bind.annotation.XmlAccessType;
@@ -26,16 +26,17 @@ import javax.xml.bind.annotation.XmlRootElement;
* @author alee
*
*/
-@XmlRootElement(name="CertData")
+@XmlRootElement(name="InstallToken")
@XmlAccessorType(XmlAccessType.FIELD)
public class InstallToken {
+
@XmlElement
private String token;
public InstallToken(String token) {
this.token = token;
}
-
+
public InstallToken() {
// required by jaxb
}
diff --git a/base/common/src/com/netscape/certsrv/system/InstallTokenRequest.java b/base/common/src/com/netscape/certsrv/system/InstallTokenRequest.java
deleted file mode 100644
index bc000a96a..000000000
--- a/base/common/src/com/netscape/certsrv/system/InstallTokenRequest.java
+++ /dev/null
@@ -1,99 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2012 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.certsrv.system;
-
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlRootElement;
-import javax.xml.bind.annotation.XmlAccessType;
-
-/**
- * @author alee
- *
- */
-@XmlRootElement(name="InstallTokenRequest")
-@XmlAccessorType(XmlAccessType.FIELD)
-public class InstallTokenRequest {
- @XmlElement
- private String user;
-
- @XmlElement
- private String password;
-
- @XmlElement
- private String subsystem;
-
- @XmlElement
- private String host;
-
- @XmlElement
- private String port;
-
- public InstallTokenRequest(String user, String password, String subsystem, String host, String port) {
- this.user = user;
- this.password = password;
- this.subsystem = subsystem;
- this.host = host;
- this.port = port;
- }
-
- public InstallTokenRequest() {
- // required for jaxb
- }
-
- public String getUser() {
- return user;
- }
-
- public void setUser(String user) {
- this.user = user;
- }
-
- public String getPassword() {
- return password;
- }
-
- public void setPassword(String password) {
- this.password = password;
- }
-
- public String getSubsystem() {
- return subsystem;
- }
-
- public void setSubsystem(String subsystem) {
- this.subsystem = subsystem;
- }
-
- public String getHost() {
- return host;
- }
-
- public void setHost(String host) {
- this.host = host;
- }
-
- public String getPort() {
- return port;
- }
-
- public void setPort(String port) {
- this.port = port;
- }
-
-}
diff --git a/base/common/src/com/netscape/certsrv/system/SecurityDomainClient.java b/base/common/src/com/netscape/certsrv/system/SecurityDomainClient.java
new file mode 100644
index 000000000..fd7eb342b
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/system/SecurityDomainClient.java
@@ -0,0 +1,42 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2012 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.system;
+
+import java.net.URISyntaxException;
+
+import com.netscape.certsrv.client.ClientConfig;
+import com.netscape.certsrv.client.PKIClient;
+
+
+/**
+ * @author alee
+ */
+public class SecurityDomainClient extends PKIClient {
+
+ private SecurityDomainResource client;
+
+ public SecurityDomainClient(ClientConfig config) throws URISyntaxException {
+ super(config);
+
+ client = createProxy(SecurityDomainResource.class);
+ }
+
+ public InstallToken getInstallToken(String hostname, String subsystem) {
+ return client.getInstallToken(hostname, subsystem);
+ }
+}
diff --git a/base/common/src/com/netscape/certsrv/system/SecurityDomainResource.java b/base/common/src/com/netscape/certsrv/system/SecurityDomainResource.java
new file mode 100644
index 000000000..41bbf779e
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/system/SecurityDomainResource.java
@@ -0,0 +1,38 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2012 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.system;
+
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.MediaType;
+
+/**
+ * @author alee
+ */
+@Path("securityDomain")
+public interface SecurityDomainResource {
+
+ @GET
+ @Path("installToken")
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
+ public InstallToken getInstallToken(
+ @QueryParam("hostname") String hostname,
+ @QueryParam("subsystem") String subsystem);
+}
diff --git a/base/common/src/com/netscape/certsrv/system/SystemConfigClient.java b/base/common/src/com/netscape/certsrv/system/SystemConfigClient.java
index 876ed9bac..fd14bbe19 100644
--- a/base/common/src/com/netscape/certsrv/system/SystemConfigClient.java
+++ b/base/common/src/com/netscape/certsrv/system/SystemConfigClient.java
@@ -40,8 +40,4 @@ public class SystemConfigClient extends PKIClient {
public ConfigurationResponse configure(ConfigurationRequest data) {
return configClient.configure(data);
}
-
- public InstallToken getInstallToken(InstallTokenRequest data) {
- return configClient.getInstallToken(data);
- }
}
diff --git a/base/common/src/com/netscape/certsrv/system/SystemConfigResource.java b/base/common/src/com/netscape/certsrv/system/SystemConfigResource.java
index 4ecafc6f7..ca06ededb 100644
--- a/base/common/src/com/netscape/certsrv/system/SystemConfigResource.java
+++ b/base/common/src/com/netscape/certsrv/system/SystemConfigResource.java
@@ -44,12 +44,6 @@ public interface SystemConfigResource {
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public ConfigurationResponse configure(ConfigurationRequest data);
- @POST
- @Path("installToken")
- @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
- @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
- public InstallToken getInstallToken(InstallTokenRequest data);
-
@GET
@Path("domainInfo")
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
diff --git a/base/common/src/com/netscape/cms/authorization/AAclAuthz.java b/base/common/src/com/netscape/cms/authorization/AAclAuthz.java
index b47956fb3..089cca9be 100644
--- a/base/common/src/com/netscape/cms/authorization/AAclAuthz.java
+++ b/base/common/src/com/netscape/cms/authorization/AAclAuthz.java
@@ -521,7 +521,7 @@ public abstract class AAclAuthz {
log(ILogger.LL_INFO, infoMsg);
return;
} else {
- Object[] params = new Object[2];
+ String[] params = new String[2];
params[0] = name;
params[1] = perm;
@@ -530,7 +530,7 @@ public abstract class AAclAuthz {
CMS.getLogMessage("AUTHZ_EVALUATOR_ACCESS_DENIED", name, perm));
throw new EACLsException(CMS.getUserMessage("CMS_ACL_NO_PERMISSION",
- (String[]) params));
+ params));
}
}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
index 89233bdc2..531fc212f 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
@@ -146,8 +146,7 @@ import com.netscape.certsrv.ldap.ILdapConnFactory;
import com.netscape.certsrv.ocsp.IDefStore;
import com.netscape.certsrv.ocsp.IOCSPAuthority;
import com.netscape.certsrv.system.InstallToken;
-import com.netscape.certsrv.system.InstallTokenRequest;
-import com.netscape.certsrv.system.SystemConfigClient;
+import com.netscape.certsrv.system.SecurityDomainClient;
import com.netscape.certsrv.usrgrp.EUsrGrpException;
import com.netscape.certsrv.usrgrp.IGroup;
import com.netscape.certsrv.usrgrp.IUGSubsystem;
@@ -322,17 +321,17 @@ public class ConfigurationUtils {
}
String csType = cs.getString("cs.type");
- InstallTokenRequest data = new InstallTokenRequest(user, passwd, csType, CMS.getEEHost(), CMS.getAdminPort());
-
ClientConfig config = new ClientConfig();
config.setServerURI("https://" + sdhost + ":" + sdport + "/ca");
+ config.setUsername(user);
+ config.setPassword(passwd);
- SystemConfigClient client = new SystemConfigClient(config);
+ SecurityDomainClient client = new SecurityDomainClient(config);
- InstallToken token = null;
try {
- token = client.getInstallToken(data);
+ InstallToken token = client.getInstallToken(sdhost, csType);
return token.getToken();
+
} catch (ClientResponseFailure e) {
if (e.getResponse().getResponseStatus() == Response.Status.NOT_FOUND) {
// try the old servlet
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java b/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java
new file mode 100644
index 000000000..f6cb4c638
--- /dev/null
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java
@@ -0,0 +1,112 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2012 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.cms.servlet.csadmin;
+
+import java.net.InetAddress;
+import java.util.Locale;
+import java.util.Random;
+
+import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.EPropertyNotFound;
+import com.netscape.certsrv.base.ISecurityDomainSessionTable;
+import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.base.UnauthorizedException;
+import com.netscape.certsrv.logging.ILogger;
+import com.netscape.certsrv.system.InstallToken;
+import com.netscape.cms.servlet.processors.Processor;
+
+/**
+ * @author Endi S. Dewata
+ */
+public class SecurityDomainProcessor extends Processor {
+
+ private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE =
+ "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
+
+ Random random = new Random();
+
+ public SecurityDomainProcessor(Locale locale) throws EPropertyNotFound, EBaseException {
+ super("securitydomain", locale);
+ }
+
+ public InstallToken getInstallToken(
+ String user,
+ String hostname,
+ String subsystem) throws EBaseException {
+
+ String groupname = ConfigurationUtils.getGroupName(user, subsystem);
+
+ if (groupname == null) {
+ String message = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
+ user,
+ ILogger.FAILURE,
+ "Enterprise " + subsystem + " Administrators");
+ audit(message);
+
+ throw new UnauthorizedException("Access denied.");
+ }
+
+ String message = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
+ user,
+ ILogger.SUCCESS,
+ groupname);
+ audit(message);
+
+ String ip = "";
+ try {
+ ip = InetAddress.getByName(hostname).getHostAddress();
+ } catch (Exception e) {
+ CMS.debug("Unable to determine IP address for "+hostname);
+ }
+
+ // assign cookie
+ Long num = random.nextLong();
+ String cookie = num.toString();
+
+ String auditParams = "operation;;issue_token+token;;" + cookie + "+ip;;" + ip +
+ "+uid;;" + user + "+groupname;;" + groupname;
+
+ ISecurityDomainSessionTable ctable = CMS.getSecurityDomainSessionTable();
+ int status = ctable.addEntry(cookie, ip, user, groupname);
+
+ if (status == ISecurityDomainSessionTable.SUCCESS) {
+ message = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE,
+ user,
+ ILogger.SUCCESS,
+ auditParams);
+ audit(message);
+
+ } else {
+ message = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE,
+ user,
+ ILogger.FAILURE,
+ auditParams);
+ audit(message);
+
+ throw new PKIException("Failed to update security domain.");
+ }
+
+
+ return new InstallToken(cookie);
+ }
+}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainService.java b/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainService.java
new file mode 100644
index 000000000..3a2bac49c
--- /dev/null
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainService.java
@@ -0,0 +1,44 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2012 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.cms.servlet.csadmin;
+
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.system.InstallToken;
+import com.netscape.certsrv.system.SecurityDomainResource;
+import com.netscape.cms.servlet.base.PKIService;
+
+/**
+ * @author alee
+ */
+public class SecurityDomainService extends PKIService implements SecurityDomainResource {
+
+ @Override
+ public InstallToken getInstallToken(String hostname, String subsystem) {
+ try {
+ // Get uid from realm authentication.
+ String user = servletRequest.getUserPrincipal().getName();
+
+ SecurityDomainProcessor processor = new SecurityDomainProcessor(getLocale());
+ return processor.getInstallToken(user, hostname, subsystem);
+
+ } catch (EBaseException e) {
+ throw new PKIException(e.getMessage(), e);
+ }
+ }
+}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java
index 3bbe3ca80..8bc3c5946 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java
@@ -18,10 +18,8 @@
package com.netscape.cms.servlet.csadmin;
import java.math.BigInteger;
-import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.URL;
-import java.net.UnknownHostException;
import java.security.NoSuchAlgorithmException;
import java.util.Collection;
import java.util.Enumeration;
@@ -46,7 +44,6 @@ import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.EPropertyNotFound;
import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.ISecurityDomainSessionTable;
import com.netscape.certsrv.base.PKIException;
import com.netscape.certsrv.ca.ICertificateAuthority;
import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
@@ -54,8 +51,6 @@ import com.netscape.certsrv.ocsp.IOCSPAuthority;
import com.netscape.certsrv.system.ConfigurationRequest;
import com.netscape.certsrv.system.ConfigurationResponse;
import com.netscape.certsrv.system.DomainInfo;
-import com.netscape.certsrv.system.InstallToken;
-import com.netscape.certsrv.system.InstallTokenRequest;
import com.netscape.certsrv.system.SystemCertData;
import com.netscape.certsrv.system.SystemConfigResource;
import com.netscape.certsrv.usrgrp.IUGSubsystem;
@@ -909,35 +904,6 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
}
@Override
- public InstallToken getInstallToken(InstallTokenRequest data) {
- // TODO Figure out how to do authentication here based on user/pass
- // For now, allow all user/pass to be valid
- CMS.debug("getInstallToken(): starting");
- String user = data.getUser();
- String host = data.getHost();
- String subsystem = data.getSubsystem();
- String groupname = ConfigurationUtils.getGroupName(user, subsystem);
-
- // assign cookie
- long num = random.nextLong();
- String cookie = num + "";
- ISecurityDomainSessionTable ctable = CMS.getSecurityDomainSessionTable();
- String ip;
- try {
- ip = InetAddress.getByName(host).toString();
- } catch (UnknownHostException e) {
- throw new PKIException(Response.Status.BAD_REQUEST, "Unable to resolve host " + host +
- "to an IP address: " + e);
- }
- int index = ip.indexOf("/");
- if (index > 0) ip = ip.substring(index + 1);
-
- ctable.addEntry(cookie, ip, user, groupname);
-
- return new InstallToken(cookie);
- }
-
- @Override
public DomainInfo getDomainInfo() {
// TODO Auto-generated method stub for a RESTful method that returns the security domain
return null;