summaryrefslogtreecommitdiffstats
path: root/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java
diff options
context:
space:
mode:
Diffstat (limited to 'base/server/cms/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java')
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java375
1 files changed, 375 insertions, 0 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java
new file mode 100644
index 000000000..81c6e5ca3
--- /dev/null
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java
@@ -0,0 +1,375 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.cms.servlet.csadmin;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.util.Enumeration;
+import java.util.Locale;
+import java.util.StringTokenizer;
+import java.util.Vector;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import netscape.security.util.CertPrettyPrint;
+
+import org.apache.velocity.context.Context;
+
+import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.IConfigStore;
+import com.netscape.certsrv.ca.ICertificateAuthority;
+import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
+import com.netscape.certsrv.property.Descriptor;
+import com.netscape.certsrv.property.IDescriptor;
+import com.netscape.certsrv.property.PropertySet;
+import com.netscape.certsrv.util.HttpInput;
+import com.netscape.cms.servlet.wizard.WizardServlet;
+import com.netscape.cmsutil.crypto.CryptoUtil;
+
+public class CertRequestPanel extends WizardPanelBase {
+ private Vector<Cert> mCerts = null;
+
+ @SuppressWarnings("unused")
+ private WizardServlet mServlet;
+
+ public CertRequestPanel() {
+ }
+
+ /**
+ * Initializes this panel.
+ */
+ public void init(ServletConfig config, int panelno)
+ throws ServletException {
+ setPanelNo(panelno);
+ setName("Requests & Certificates");
+ }
+
+ public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
+ throws ServletException {
+ setPanelNo(panelno);
+ setName("Requests and Certificates");
+ mServlet = servlet;
+ setId(id);
+ }
+
+ // XXX how do you do this? There could be multiple certs.
+ public PropertySet getUsage() {
+ PropertySet set = new PropertySet();
+
+ Descriptor certDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */
+ null, /* no default parameters */
+ null);
+
+ set.add("cert", certDesc);
+
+ return set;
+ }
+
+ /**
+ * Show "Apply" button on frame?
+ */
+ public boolean showApplyButton() {
+ if (isPanelDone())
+ return false;
+ else
+ return true;
+ }
+
+ public void cleanUp() throws IOException {
+ IConfigStore cs = CMS.getConfigStore();
+ String list = "";
+ String tokenname = "";
+ try {
+ list = cs.getString("preop.cert.list", "");
+ tokenname = cs.getString("preop.module.token", "");
+ } catch (Exception e) {
+ }
+
+ ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(
+ ICertificateAuthority.ID);
+
+ if (ca != null) {
+ CMS.debug("CertRequestPanel cleanup: get certificate repository");
+ BigInteger beginS = null;
+ BigInteger endS = null;
+ String beginNum = "";
+ String endNum = "";
+ try {
+ beginNum = cs.getString("dbs.beginSerialNumber", "");
+ endNum = cs.getString("dbs.endSerialNumber", "");
+ if (!beginNum.equals(""))
+ beginS = new BigInteger(beginNum, 16);
+ if (!endNum.equals(""))
+ endS = new BigInteger(endNum, 16);
+ } catch (Exception e) {
+ }
+
+ ICertificateRepository cr = ca.getCertificateRepository();
+ if (cr != null) {
+ try {
+ cr.removeCertRecords(beginS, endS);
+ } catch (Exception e) {
+ CMS.debug("CertRequestPanel cleanUp exception in removing all objects: " + e.toString());
+ }
+
+ try {
+ cr.resetSerialNumber(new BigInteger(beginNum, 16));
+ } catch (Exception e) {
+ CMS.debug("CertRequestPanel cleanUp exception in resetting serial number: " + e.toString());
+ }
+ }
+ }
+
+ StringTokenizer st = new StringTokenizer(list, ",");
+ String nickname = "";
+ boolean enable = false;
+ while (st.hasMoreTokens()) {
+ String t = st.nextToken();
+
+ try {
+ enable = cs.getBoolean(PCERT_PREFIX + t + ".enable", true);
+ nickname = cs.getString(PCERT_PREFIX + t + ".nickname", "");
+ } catch (Exception e) {
+ }
+
+ if (!enable)
+ continue;
+
+ if (t.equals("sslserver"))
+ continue;
+
+ try {
+ if (ConfigurationUtils.findCertificate(tokenname, nickname)) {
+ CMS.debug("CertRequestPanel cleanup: deleting certificate (" + nickname + ").");
+ ConfigurationUtils.deleteCert(tokenname, nickname);
+ }
+ } catch (Exception e) {
+ CMS.debug("CertRequestPanel cleanup: failed to delete certificate ("
+ + nickname + "). Exception: " + e.toString());
+ }
+ }
+
+ try {
+ @SuppressWarnings("unused")
+ boolean done = cs.getBoolean("preop.CertRequestPanel.done"); // check for errors
+ cs.putBoolean("preop.CertRequestPanel.done", false);
+ cs.commit(false);
+ } catch (Exception e) {
+ }
+ }
+
+ public boolean isPanelDone() {
+ IConfigStore cs = CMS.getConfigStore();
+ try {
+ boolean s = cs.getBoolean("preop.CertRequestPanel.done",
+ false);
+
+ if (s != true) {
+ return false;
+ } else {
+ return true;
+ }
+ } catch (EBaseException e) {
+ }
+
+ return false;
+ }
+
+ public void getCert(IConfigStore config,
+ Context context, String certTag, Cert cert) {
+ try {
+
+ String subsystem = config.getString(PCERT_PREFIX + certTag + ".subsystem");
+ String certs = config.getString(subsystem + "." + certTag + ".cert", "");
+
+ if (cert != null) {
+ String certf = certs;
+
+ CMS.debug("CertRequestPanel getCert: certTag=" + certTag + " cert=" + certs);
+
+ //get and set formated cert
+ if (!certs.startsWith("...")) {
+ certf = CryptoUtil.certFormat(certs);
+ }
+ cert.setCert(certf);
+
+ //get and set cert pretty print
+ byte[] certb = CryptoUtil.base64Decode(certs);
+ CertPrettyPrint pp = new CertPrettyPrint(certb);
+ cert.setCertpp(pp.toString(Locale.getDefault()));
+ } else {
+ CMS.debug("CertRequestPanel::getCert() - cert is null!");
+ return;
+ }
+ String userfriendlyname = config.getString(
+ PCERT_PREFIX + certTag + ".userfriendlyname");
+
+ cert.setUserFriendlyName(userfriendlyname);
+ String type = config.getString(PCERT_PREFIX + certTag + ".type");
+
+ cert.setType(type);
+ String dn = config.getString(PCERT_PREFIX + certTag + ".dn");
+
+ cert.setDN(dn);
+ } catch (Exception e) {
+ CMS.debug("CertRequestPanel:getCert" + e.toString());
+ } // try
+ }
+
+ /**
+ * Display the panel.
+ */
+ public void display(HttpServletRequest request,
+ HttpServletResponse response,
+ Context context) {
+
+ CMS.debug("CertRequestPanel: display()");
+ context.put("title", "Requests and Certificates");
+
+ try {
+ mCerts = new Vector<Cert>();
+
+ IConfigStore config = CMS.getConfigStore();
+
+ String certTags = config.getString("preop.cert.list");
+ String csType = config.getString("cs.type");
+ StringTokenizer st = new StringTokenizer(certTags, ",");
+
+ while (st.hasMoreTokens()) {
+ String certTag = st.nextToken();
+
+ try {
+ String subsystem = config.getString(PCERT_PREFIX + certTag + ".subsystem");
+ String nickname = config.getString(subsystem + "." + certTag + ".nickname");
+ String tokenname = config.getString(subsystem + "." + certTag + ".tokenname");
+
+ Cert c = new Cert(tokenname, nickname, certTag);
+ ConfigurationUtils.handleCertRequest(config, certTag, c);
+
+ String type = config.getString(PCERT_PREFIX + certTag + ".type");
+ c.setType(type);
+
+ boolean enable = config.getBoolean(PCERT_PREFIX + certTag + ".enable", true);
+ c.setEnable(enable);
+ getCert(config, context, certTag, c);
+
+ c.setSubsystem(subsystem);
+ mCerts.addElement(c);
+
+ if (csType.equals("TPS") && certTag.equals("subsystem")) {
+ // update nicknames in case they have changed
+ if (!tokenname.isEmpty() && !tokenname.equals("internal")
+ && !tokenname.equals("Internal Key Storage Token"))
+ nickname = tokenname + ":" + nickname;
+
+ config.putString("conn.ca1.clientNickname", nickname);
+ config.putString("conn.drm1.clientNickname", nickname);
+ config.putString("conn.tks1.clientNickname", nickname);
+ }
+ } catch (Exception e) {
+ CMS.debug("CertRequestPanel:display() Exception caught: " + e.toString() +
+ " for certTag " + certTag);
+ }
+ }
+ } catch (Exception e) {
+ CMS.debug("CertRequestPanel:display() Exception caught: " + e.toString());
+ System.err.println("Exception caught: " + e.toString());
+
+ } // try
+
+ context.put("reqscerts", mCerts);
+ context.put("status", "display");
+ // context.put("status_token", "None");
+ context.put("panel", "admin/console/config/certrequestpanel.vm");
+
+ }
+
+ /**
+ * Checks if the given parameters are valid.
+ */
+ public void validate(HttpServletRequest request,
+ HttpServletResponse response,
+ Context context) throws IOException {
+ }
+
+ /**
+ * Commit parameter changes
+ */
+ public void update(HttpServletRequest request,
+ HttpServletResponse response,
+ Context context) throws IOException {
+ CMS.debug("CertRequestPanel: in update()");
+ boolean hasErr = false;
+ IConfigStore config = CMS.getConfigStore();
+
+ if (isPanelDone()) {
+ context.put("updateStatus", "success");
+ return;
+ }
+
+ Enumeration<Cert> c = mCerts.elements();
+ while (c.hasMoreElements()) {
+ Cert cert = c.nextElement();
+ if (hasErr) continue;
+
+ int ret=0;
+ try {
+ cert.setCert(HttpInput.getCert(request, cert.getCertTag()));
+ cert.setCertChain(HttpInput.getCertChain(request, cert.getCertTag() + "_cc"));
+
+ ret = ConfigurationUtils.handleCerts(cert);
+ ConfigurationUtils.setCertPermissions(cert.getCertTag());
+ } catch (Exception e) {
+ CMS.debug("Exception in configuring system certificate " + cert.getCertTag() + ": " + e);
+ e.printStackTrace();
+ hasErr = true;
+ }
+ if (ret != 0) {
+ CMS.debug("System certificates not configured " + cert.getCertTag());
+ }
+ }
+ // end new
+
+ if (!hasErr) {
+ try {
+ config.putBoolean("preop.CertRequestPanel.done", true);
+ config.commit(false);
+ } catch (EBaseException e) {
+ e.printStackTrace();
+ CMS.debug("Unable to commit changes to CS,cfg: " +e);
+ }
+ context.put("updateStatus", "success");
+ } else {
+ context.put("updateStatus", "failure");
+ }
+ }
+
+ /**
+ * If validate() returns false, this method will be called.
+ */
+ public void displayError(HttpServletRequest request,
+ HttpServletResponse response,
+ Context context) {
+ context.put("title", "Certificate Request");
+ context.put("panel", "admin/console/config/certrequestpanel.vm");
+ }
+}
generated by cgit (git 2.34.1) at 2024-06-11 00:19:34 +0000