1 files changed, 289 insertions, 0 deletions
diff --git a/base/ra/lib/perl/PKI/RA/CAInfoPanel.pm b/base/ra/lib/perl/PKI/RA/CAInfoPanel.pm
new file mode 100755
index 000000000..4cc65e5cf
--- /dev/null
+++ b/base/ra/lib/perl/PKI/RA/CAInfoPanel.pm
@@ -0,0 +1,289 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+#
+#
+#
+
+use strict;
+use warnings;
+use PKI::RA::GlobalVar;
+use PKI::RA::Common;
+use URI::URL;
+
+package PKI::RA::CAInfoPanel;
+$PKI::RA::CAInfoPanel::VERSION = '1.00';
+
+use PKI::RA::BasePanel;
+our @ISA = qw(PKI::RA::BasePanel);
+
+our $cert_header="-----BEGIN CERTIFICATE-----";
+our $cert_footer="-----END CERTIFICATE-----";
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&PKI::RA::Common::no;
+    $self->{"getPanelNo"} = &PKI::RA::Common::r(4);
+    $self->{"getName"} = &PKI::RA::Common::r("CA Information");
+    $self->{"vmfile"} = "cainfopanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::RA::Wizard::debug_log("CAInfoPanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::RA::Wizard::debug_log("CAInfoPanel: update");
+
+    my $count = $q->param('urls');
+    &PKI::RA::Wizard::debug_log("CAInfoPanel: update - got urls = $count");
+
+    &PKI::RA::Wizard::debug_log("CAInfoPanel: update - selected ca= $count");
+    
+    my $instanceID = $::config->get("service.instanceID");
+    my $host = "";
+    my $https_ee_port = "";
+    my $https_agent_port = "";
+    my $https_admin_port = "";
+    my $domain_xml = "";
+
+    if ($count =~ /http/) {
+      my $info = new URI::URL($count);
+      $host = $info->host;
+      $https_ee_port = $info->port;
+      $domain_xml = get_domain_xml($host, $https_ee_port);
+      if ($domain_xml eq "") {
+          $::symbol{errorString} = "missing security domain.  CA must be installed prior to RA installation";
+          return 0;
+      }
+
+      $https_agent_port = get_secure_agent_port_from_domain_xml($domain_xml, $host, $https_ee_port); 
+      $https_admin_port = get_secure_admin_port_from_domain_xml($domain_xml, $host, $https_ee_port);
+
+      if(($https_admin_port eq "") || ($https_agent_port eq "")) {
+          $::symbol{errorString} = "missing secure CA admin or agent port.  CA must be installed prior to RA installation";
+          return 0;
+      }
+    } else {
+      $host = $::config->get("preop.securitydomain.ca$count.host");
+      $https_ee_port = $::config->get("preop.securitydomain.ca$count.secureport");
+      $https_agent_port = $::config->get("preop.securitydomain.ca$count.secureagentport");
+      $https_admin_port = $::config->get("preop.securitydomain.ca$count.secureadminport");
+    }
+
+    if (($host eq "") || ($https_ee_port eq "") || ($https_admin_port eq "") || ($https_agent_port eq "")) {
+      $::symbol{errorString} = "no CA found.  CA must be installed prior to RA installation";
+      return 0;
+    }
+
+    &PKI::RA::Wizard::debug_log("CAInfoPanel: update - host= $host, https_ee_port= $https_ee_port");
+
+    $::config->put("preop.cainfo.select", "https://$host:$https_admin_port");
+    my $serverCertNickName = $::config->get("preop.cert.sslserver.nickname");
+
+    my $subsystemCertNickName = $::config->get("preop.cert.subsystem.nickname");
+    $::config->put("conn.ca1.clientNickname", $subsystemCertNickName);
+    $::config->put("conn.ca1.hostport", $host . ":" . $https_ee_port);
+    $::config->put("conn.ca1.hostagentport", $host . ":" . $https_agent_port);
+    $::config->put("conn.ca1.hostadminport", $host . ":" . $https_admin_port);
+
+    $::config->commit();
+
+    # connect to the CA, and retrieve the CA certificate
+    &PKI::RA::Wizard::debug_log("CAInfoPanel: update connecting to CA and retrieve cert chain");
+    my $instanceDir = $::config->get("service.instanceDir");
+    my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
+    $db_password =~ s/\n$//g;
+    my $tmpfile = "/tmp/ca-$$";
+    system("/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$serverCertNickName\" -r \"/ca/ee/ca/getCertChain\" $host:$https_ee_port > $tmpfile");
+    my $cmd = `cat $tmpfile`;
+    system("rm $tmpfile");
+    my $caCert;
+    if ($cmd =~ /\<ChainBase64\>(.*)\<\/ChainBase64\>/) {
+        $caCert =  $1;
+        &PKI::RA::Wizard::debug_log("CAInfoPanel: ca= $caCert");
+    }
+    if ($caCert eq "") {
+        &PKI::RA::Wizard::debug_log("CAInfoPanel: update no cert chain found");
+        return 0;
+    }
+    open(F, ">$instanceDir/conf/caCertChain2.txt");
+    print F $cert_header."\n".$caCert."\n".$cert_footer;
+    close(F);
+
+    &PKI::RA::Wizard::debug_log("CAInfoPanel: update retrieve cert chain done");
+
+    #import cert chain
+    system("p7tool -d $instanceDir/alias -p $instanceDir/conf/chain2cert -a -i $instanceDir/conf/caCertChain2.txt -o $instanceDir/conf/CAchain2_pp.txt");
+        my $r =  $? >> 8;
+    my $failed = $? & 127;
+    if (($r > 0) && ($r < 10) && !$failed)  {
+        my $i = 0;
+        while ($i ne $r) {
+          my $tmp = `certutil -d $instanceDir/alias -D -n "Trusted CA c2cert$i"`;
+          $tmp = `certutil -d $instanceDir/alias -A -f $instanceDir/conf/.pwfile -n "Trusted CA c2cert$i"  -t "CT,C,C" -i $instanceDir/conf/chain2cert$i.der`;
+          $i++;
+        }
+    }
+
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::RA::Wizard::debug_log("CAInfoPanel: display");
+
+    $::symbol{urls}        = [];
+#    unshift(@{$::symbol{urls}}, "External CA");
+    my $count = 0;
+    my $first = 1;
+    my $list = "";
+    while (1) {
+      my $host = $::config->get("preop.securitydomain.ca$count.host");
+      if ($host eq "") {
+        goto DONE;
+      }
+      my $https_ee_port = $::config->get("preop.securitydomain.ca$count.secureport");
+      my $name = $::config->get("preop.securitydomain.ca$count.subsystemname");
+      my $item = $name . " - https://" . $host . ":" . $https_ee_port;
+#      my $item = "https://" . $host . ":" . $https_ee_port;
+#      unshift(@{$::symbol{urls}}, $item);
+      $::symbol{urls}[$count++] = $item;
+      if ($first eq 1) {
+          $list = $item;
+          $first = 0;
+      } else {
+          $list = $list.",".$item;
+      }
+    }
+DONE:
+#    $list = $list.",External CA";
+    $::config->put("preop.ca.list", $list);
+    
+    $::symbol{urls_size}   = $count;
+    if ($count eq 0) {
+      $::symbol{errorString} = "no CA found. CA, TKS, and optionally DRM must be installed prior to RA installation";
+      return 0;
+    }
+    return 1;
+}
+
+sub get_domain_xml
+{
+    my $host = $1;
+    my $https_ee_port = $2;
+
+    # get the domain xml
+    # e. g. - https://water.sfbay.redhat.com:9445/ca/admin/ca/getDomainXML
+
+    my $nickname = $::config->get("preop.cert.sslserver.nickname");
+    my $instanceID = $::config->get("service.instanceID");
+    my $instanceDir = $::config->get("service.instanceDir");
+    my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
+    $db_password =~ s/\n$//g;
+
+    my $sd_host = $::config->get("securitydomain.host");
+    my $sd_admin_port = $::config->get("securitydomain.httpsadminport");
+    my $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`;
+
+    $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/;
+    $content = $1;
+    return $content;
+}
+
+sub get_secure_admin_port_from_domain_xml
+{
+    my $content = $1;
+    my $host = $2;
+    my $https_ee_port = $3;
+
+    # Retrieve the secure admin port corresponding
+    # to the selected host and secure ee port.
+    my $parser = XML::Simple->new();
+    my $response = $parser->XMLin($content);
+    my $xml = $parser->XMLin( $response->{'DomainInfo'},
+                              ForceArray => 1 );
+    my $https_admin_port = "";
+    my $count = 0;
+    foreach my $c (@{$xml->{'CAList'}[0]->{'CA'}}) {
+      if( ( $host eq $c->{'Host'}[0] ) &&
+          ( $https_ee_port eq $c->{'SecurePort'}[0] ) ) {
+          $https_admin_port = https_$c->{'SecureAdminPort'}[0];
+      }
+
+      $count++;
+    }
+
+    return $https_admin_port;
+}
+
+sub get_secure_agent_port_from_domain_xml
+{
+    my $content = $1;
+    my $host = $2;
+    my $https_ee_port = $3;
+
+    # Retrieve the secure agent port corresponding
+    # to the selected host and secure ee port.
+    my $parser = XML::Simple->new();
+    my $response = $parser->XMLin($content);
+    my $xml = $parser->XMLin( $response->{'DomainInfo'},
+                              ForceArray => 1 );
+    my $https_agent_port = "";
+    my $count = 0;
+    foreach my $c (@{$xml->{'CAList'}[0]->{'CA'}}) {
+      if( ( $host eq $c->{'Host'}[0] ) &&
+          ( $https_ee_port eq $c->{'SecurePort'}[0] ) ) {
+          $https_agent_port = https_$c->{'SecureAgentPort'}[0];
+      }
+
+      $count++;
+    }
+
+    return $https_agent_port;
+}
+
+1;