diff options
Diffstat (limited to 'base/server')
8 files changed, 139 insertions, 15 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java index 30d908f2e..ded7c1eed 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java @@ -54,6 +54,8 @@ import java.util.Vector; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.ws.rs.core.MultivaluedHashMap; +import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.Response; import javax.xml.parsers.ParserConfigurationException; @@ -78,7 +80,6 @@ import netscape.security.x509.X509CertImpl; import netscape.security.x509.X509Key; import org.apache.velocity.context.Context; -import org.jboss.resteasy.client.ClientResponse; import org.jboss.resteasy.client.ClientResponseFailure; import org.mozilla.jss.CryptoManager; import org.mozilla.jss.CryptoManager.NicknameConflictException; @@ -213,8 +214,8 @@ public class ConfigurationUtils { return getHttpResponse(hostname, port, secure, uri, content, clientnickname, null); } - public static ClientResponse<String> getClientResponse(String hostname, int port, boolean secure, - String path, String content, String clientnickname, + public static String post(String hostname, int port, boolean secure, + String path, MultivaluedMap<String, String> map, String clientnickname, SSLCertificateApprovalCallback certApprovalCallback) throws Exception { @@ -225,9 +226,7 @@ public class ConfigurationUtils { PKIClient client = new PKIClient(config); PKIConnection connection = client.getConnection(); - ClientResponse<String> response = connection.post(content); - - return response; + return connection.post(map); } //TODO - replace with Jack's connector code @@ -328,6 +327,7 @@ public class ConfigurationUtils { boolean oldtoken = cs.getBoolean("cs.useOldTokenInterface", false); if (oldtoken) { + CMS.debug("Getting old token"); return ConfigurationUtils.getOldToken(sdhost, sdport, user, passwd); } @@ -361,9 +361,11 @@ public class ConfigurationUtils { return token.getToken(); } catch (ClientResponseFailure e) { + if (e.getResponse().getResponseStatus() == Response.Status.NOT_FOUND) { // try the old servlet String tokenString = getOldCookie(sdhost, sdport, user, passwd); + CMS.debug("Token: " + tokenString); return tokenString; } @@ -378,12 +380,13 @@ public class ConfigurationUtils { + CMS.getAdminPort() + "/ca/admin/console/config/wizard" + "?p=5&subsystem=" + cs.getString("cs.type"); - String content = "uid=" + URLEncoder.encode(user, "UTF-8") + "&pwd=" + URLEncoder.encode(passwd, "UTF-8") + - "&url=" + URLEncoder.encode(subca_url, "UTF-8"); + MultivaluedMap<String, String> map = new MultivaluedHashMap<String, String>(); + map.putSingle("uid", user); + map.putSingle("pwd", passwd); + map.putSingle("url", subca_url); - ClientResponse<String> response = getClientResponse(sdhost, sdport, true, "/ca/admin/ca/getCookie", - content, null, null); - String body = response.getEntity(); + String body = post(sdhost, sdport, true, "/ca/admin/ca/getCookie", + map, null, null); return getContentValue(body, "header.session_id"); } diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetCookie.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetCookie.java index b8030f01a..f86f2498c 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetCookie.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetCookie.java @@ -78,6 +78,15 @@ public class GetCookie extends CMSServlet { * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { + try { + processImpl(cmsReq); + } catch (Throwable t) { + CMS.debug(t); + throw t; + } + } + + protected void processImpl(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -93,7 +102,12 @@ public class GetCookie extends CMSServlet { Locale[] locale = new Locale[1]; String url = httpReq.getParameter("url"); - CMS.debug("GetCookie before auth, url =" + url); + CMS.debug("GetCookie before auth, url = " + url); + if (url == null) { + throw new ECMSGWException( + "GetCookie missing parameter: url"); + } + String url_e = ""; URL u = null; try { @@ -101,7 +115,7 @@ public class GetCookie extends CMSServlet { u = new URL(url_e); } catch (Exception eee) { throw new ECMSGWException( - "GetCookie missing parameter: url"); + "Unable to parse URL: " + url); } int index2 = url_e.indexOf("subsystem="); @@ -165,11 +179,13 @@ public class GetCookie extends CMSServlet { if (authToken != null) { String uid = authToken.getInString("uid"); + CMS.debug("UID: " + uid); String addr = ""; try { addr = u.getHost(); } catch (Exception e) { + CMS.debug(e); } try { @@ -177,6 +193,7 @@ public class GetCookie extends CMSServlet { InstallToken installToken = processor.getInstallToken(uid, addr, subsystem); String cookie = installToken.getToken(); + CMS.debug("Cookie: " + cookie); if (!url.startsWith("$")) { try { @@ -210,7 +227,7 @@ public class GetCookie extends CMSServlet { } } catch (Exception e) { - e.printStackTrace(); + CMS.debug(e); } } } diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java index 252a58472..a2c7b525b 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java @@ -118,7 +118,17 @@ public class SystemConfigService extends PKIService implements SystemConfigResou * @see com.netscape.cms.servlet.csadmin.SystemConfigurationResource#configure(com.netscape.cms.servlet.csadmin.data.ConfigurationData) */ @Override - public ConfigurationResponse configure(ConfigurationRequest data){ + public ConfigurationResponse configure(ConfigurationRequest data) { + try { + return configureImpl(data); + } catch (Throwable t) { + CMS.debug(t); + throw t; + } + } + + public ConfigurationResponse configureImpl(ConfigurationRequest data) { + if (csState.equals("1")) { throw new BadRequestException("System is already configured"); } @@ -915,6 +925,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou String securityDomainURL = data.getSecurityDomainUri(); if (securityDomainType.equals(ConfigurationRequest.NEW_DOMAIN)) { + CMS.debug("Creating new security domain"); cs.putString("preop.securitydomain.select", "new"); cs.putString("securitydomain.select", "new"); cs.putString("preop.securitydomain.name", securityDomainName); @@ -931,12 +942,15 @@ public class SystemConfigService extends PKIService implements SystemConfigResou cs.putString("preop.cert.subsystem.type", "local"); } cs.putString("preop.cert.subsystem.profile", "subsystemCert.profile"); + } else { + CMS.debug("Joining existing security domain"); cs.putString("preop.securitydomain.select", "existing"); cs.putString("securitydomain.select", "existing"); cs.putString("preop.cert.subsystem.type", "remote"); cs.putString("preop.cert.subsystem.profile", "caInternalAuthSubsystemCert"); + CMS.debug("Getting certificate chain"); // contact and log onto security domain URL secdomainURL; String host; @@ -953,6 +967,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou throw new PKIException("Failed to import certificate chain from security domain master: " + e); } + CMS.debug("Getting install token"); // log onto security domain and get token String user = data.getSecurityDomainUser(); String pass = data.getSecurityDomainPassword(); @@ -965,10 +980,12 @@ public class SystemConfigService extends PKIService implements SystemConfigResou } if (installToken == null) { + CMS.debug("Install token is null"); throw new PKIException("Failed to obtain installation token from security domain"); } CMS.setConfigSDSessionId(installToken); + CMS.debug("Getting domain XML"); try { domainXML = ConfigurationUtils.getDomainXML(host, port, true); ConfigurationUtils.getSecurityDomainPorts(domainXML, host, port); diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg index e60cb3a14..ea9c54019 100644 --- a/base/server/etc/default.cfg +++ b/base/server/etc/default.cfg @@ -342,6 +342,7 @@ pki_jackson_xc_jar=/usr/share/java/jackson/jackson-xc.jar # RESTEasy pki_resteasy_atom_provider_jar=%(resteasy_lib)s/resteasy-atom-provider.jar +pki_resteasy_client_jar=%(resteasy_lib)s/resteasy-client.jar pki_resteasy_jaxb_provider_jar=%(resteasy_lib)s/resteasy-jaxb-provider.jar pki_resteasy_jaxrs_api_jar=%(resteasy_lib)s/jaxrs-api.jar pki_resteasy_jaxrs_jar=%(resteasy_lib)s/resteasy-jaxrs.jar diff --git a/base/server/python/pki/server/deployment/scriptlets/instance_layout.py b/base/server/python/pki/server/deployment/scriptlets/instance_layout.py index 3dbf62363..83c101fa7 100644 --- a/base/server/python/pki/server/deployment/scriptlets/instance_layout.py +++ b/base/server/python/pki/server/deployment/scriptlets/instance_layout.py @@ -198,6 +198,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): os.path.join( deployer.master_dict['pki_tomcat_common_lib_path'], 'resteasy-atom-provider.jar')) + deployer.symlink.create(deployer.master_dict['pki_resteasy_client_jar'], + os.path.join( + deployer.master_dict['pki_tomcat_common_lib_path'], + 'resteasy-client.jar')) deployer.symlink.create(deployer.master_dict['pki_resteasy_jaxb_provider_jar'], os.path.join( deployer.master_dict['pki_tomcat_common_lib_path'], diff --git a/base/server/scripts/operations b/base/server/scripts/operations index 21b4748a0..bfd2de898 100644 --- a/base/server/scripts/operations +++ b/base/server/scripts/operations @@ -1239,6 +1239,7 @@ verify_symlinks() [ldapjdk.jar]=${java_dir}/ldapjdk.jar [pki-tomcat.jar]=${java_dir}/pki/pki-tomcat.jar [resteasy-atom-provider.jar]=${RESTEASY_LIB}/resteasy-atom-provider.jar + [resteasy-client.jar]=${RESTEASY_LIB}/resteasy-client.jar [resteasy-jaxb-provider.jar]=${RESTEASY_LIB}/resteasy-jaxb-provider.jar [resteasy-jaxrs.jar]=${RESTEASY_LIB}/resteasy-jaxrs.jar [resteasy-jackson-provider.jar]=${RESTEASY_LIB}/resteasy-jackson-provider.jar @@ -1275,6 +1276,7 @@ verify_symlinks() [ldapjdk.jar]=${java_dir}/ldapjdk.jar [pki-tomcat.jar]=${java_dir}/pki/pki-tomcat.jar [resteasy-atom-provider.jar]=${RESTEASY_LIB}/resteasy-atom-provider.jar + [resteasy-client.jar]=${RESTEASY_LIB}/resteasy-client.jar [resteasy-jaxb-provider.jar]=${RESTEASY_LIB}/resteasy-jaxb-provider.jar [resteasy-jaxrs.jar]=${RESTEASY_LIB}/resteasy-jaxrs.jar [resteasy-jackson-provider.jar]=${RESTEASY_LIB}/resteasy-jackson-provider.jar diff --git a/base/server/share/conf/pki.policy b/base/server/share/conf/pki.policy index 5ce07b2cf..6a1018825 100644 --- a/base/server/share/conf/pki.policy +++ b/base/server/share/conf/pki.policy @@ -162,6 +162,10 @@ grant codeBase "file:${RESTEASY_LIB}/resteasy-atom-provider.jar" { permission java.security.AllPermission; }; +grant codeBase "file:${RESTEASY_LIB}/resteasy-client.jar" { + permission java.security.AllPermission; +}; + grant codeBase "file:${RESTEASY_LIB}/resteasy-jaxb-provider.jar" { permission java.security.AllPermission; }; diff --git a/base/server/upgrade/10.1.99/03-AddedRESTEasyClient b/base/server/upgrade/10.1.99/03-AddedRESTEasyClient new file mode 100755 index 000000000..55bc8c367 --- /dev/null +++ b/base/server/upgrade/10.1.99/03-AddedRESTEasyClient @@ -0,0 +1,76 @@ +#!/usr/bin/python +# Authors: +# Endi S. Dewata <edewata@redhat.com> +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2014 Red Hat, Inc. +# All rights reserved. +# + +import grp +import os +import pwd +import re +import subprocess + +import pki.server.upgrade + + +class AddedRESTEasyClient(pki.server.upgrade.PKIServerUpgradeScriptlet): + + def __init__(self): + + self.message = 'Added RESTEasy client' + + def upgrade_instance(self, instance): + + # Tomcat common library + common_lib = os.path.join(instance.base_dir, 'common', 'lib') + + # Tomcat user and group + registry_file = os.path.join( + pki.server.REGISTRY_DIR, 'tomcat', instance.name, instance.name) + + with open(registry_file, "r") as registry: + lines = registry.readlines() + + for line in lines: + m = re.search('^PKI_USER=(.*)$', line) + if m: + user = m.group(1) + m = re.search('^PKI_GROUP=(.*)$', line) + if m: + group = m.group(1) + + uid = pwd.getpwnam(user).pw_uid + gid = grp.getgrnam(group).gr_gid + + # RESTEasy library + resteasy_lib = subprocess.check_output( + '. /etc/pki/pki.conf && echo $RESTEASY_LIB', + shell=True) + # workaround for pylint error E1103 + resteasy_lib = str(resteasy_lib).strip() + + # create new links + source = os.path.join(resteasy_lib, 'resteasy-client.jar') + link = os.path.join(common_lib, 'resteasy-client.jar') + self.create_link(source, link, uid, gid) + + def create_link(self, source, link, uid, gid): + + self.backup(link) + os.symlink(source, link) + os.lchown(link, uid, gid) |