summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java1642
1 files changed, 1642 insertions, 0 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java
new file mode 100644
index 000000000..5f2bf07c9
--- /dev/null
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java
@@ -0,0 +1,1642 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.cms.servlet.admin;
+
+
+import java.io.*;
+import java.util.*;
+import java.net.*;
+import java.util.*;
+import java.text.*;
+import java.math.*;
+import java.security.cert.*;
+import javax.servlet.*;
+import javax.servlet.http.*;
+import netscape.security.util.*;
+import netscape.security.x509.*;
+
+import com.netscape.certsrv.logging.*;
+import com.netscape.certsrv.common.*;
+import com.netscape.certsrv.base.*;
+import com.netscape.certsrv.apps.*;
+import com.netscape.certsrv.dbs.*;
+import com.netscape.certsrv.dbs.certdb.*;
+import com.netscape.certsrv.dbs.crldb.*;
+import com.netscape.certsrv.ldap.*;
+import com.netscape.certsrv.authentication.*;
+import com.netscape.certsrv.ca.*;
+import com.netscape.certsrv.apps.*;
+import com.netscape.cmsutil.util.*;
+import com.netscape.certsrv.request.IRequestListener;
+
+
+/**
+ * A class representings an administration servlet for Certificate
+ * Authority. This servlet is responsible to serve CA
+ * administrative operations such as configuration parameter
+ * updates.
+ *
+ * @version $Revision$, $Date$
+ */
+public class CAAdminServlet extends AdminServlet {
+
+ public final static String PROP_EMAIL_TEMPLATE = "emailTemplate";
+
+ private final static String INFO = "CAAdminServlet";
+
+ private final static String LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE =
+ "LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE_3";
+
+ private ICertificateAuthority mCA = null;
+ protected static final String PROP_ENABLED = "enabled";
+
+ /**
+ * Constructs CA servlet.
+ */
+ public CAAdminServlet() {
+ super();
+ }
+
+ /**
+ * Initializes this servlet.
+ */
+ public void init(ServletConfig config) throws ServletException {
+ super.init(config);
+ mCA = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ }
+
+ /**
+ * Returns serlvet information.
+ */
+ public String getServletInfo() {
+ return INFO;
+ }
+
+ /**
+ * Serves HTTP request. Each request is authenticated to
+ * the authenticate manager.
+ */
+ public void service(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ super.service(req, resp);
+
+ //get all operational flags
+ String op = req.getParameter(Constants.OP_TYPE);
+ String scope = req.getParameter(Constants.OP_SCOPE);
+
+ //check operational flags
+ if ((op == null) || (scope == null)) {
+ sendResponse(1, "Invalid Protocol", null, resp);
+ return;
+ }
+
+ super.authenticate(req);
+
+ try {
+ AUTHZ_RES_NAME = "certServer.ca.configuration";
+ if (scope.equals(ScopeDef.SC_EXTENDED_PLUGIN_INFO)) {
+ try {
+ mOp = "read";
+ if ((mToken = super.authorize(req)) == null) {
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
+ return;
+ }
+ getExtendedPluginInfo(req, resp);
+ return;
+ } catch (EBaseException e) {
+ sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
+ }
+ }
+
+ if (op.equals(OpDef.OP_READ)) {
+ mOp = "read";
+ if ((mToken = super.authorize(req)) == null) {
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
+ return;
+ }
+ if (scope.equals(ScopeDef.SC_GENERAL))
+ getGeneralConfig(req, resp);
+ else if (scope.equals(ScopeDef.SC_CONNECTOR))
+ getConnectorConfig(req, resp);
+ else if (scope.equals(ScopeDef.SC_CRLIPS))
+ getCRLIPsConfig(req, resp);
+ else if (scope.equals(ScopeDef.SC_CRL))
+ getCRLConfig(req, resp);
+ else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP))
+ getNotificationReqCompConfig(req, resp);
+ else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP))
+ getNotificationRevCompConfig(req, resp);
+ else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ))
+ getNotificationRIQConfig(req, resp);
+ else if (scope.equals(ScopeDef.SC_CRLEXTS_RULES))
+ getCRLExtsConfig(req, resp);
+ } else if (op.equals(OpDef.OP_MODIFY)) {
+ mOp = "modify";
+ if ((mToken = super.authorize(req)) == null) {
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
+ return;
+ }
+ if (scope.equals(ScopeDef.SC_GENERAL))
+ setGeneralConfig(req, resp);
+ else if (scope.equals(ScopeDef.SC_CONNECTOR))
+ setConnectorConfig(req, resp);
+ else if (scope.equals(ScopeDef.SC_CRLIPS))
+ setCRLIPsConfig(req, resp);
+ else if (scope.equals(ScopeDef.SC_CRL))
+ setCRLConfig(req, resp);
+ else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP))
+ setNotificationReqCompConfig(req, resp);
+ else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP))
+ setNotificationRevCompConfig(req, resp);
+ else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ))
+ setNotificationRIQConfig(req, resp);
+ else if (scope.equals(ScopeDef.SC_CRLEXTS_RULES))
+ setCRLExtsConfig(req, resp);
+ } else if (op.equals(OpDef.OP_SEARCH)) {
+ mOp = "read";
+ if ((mToken = super.authorize(req)) == null) {
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
+ return;
+ }
+ if (scope.equals(ScopeDef.SC_CRLEXTS_RULES))
+ listCRLExtsConfig(req, resp);
+ else if (scope.equals(ScopeDef.SC_CRLIPS))
+ listCRLIPsConfig(req, resp);
+ } else if (op.equals(OpDef.OP_ADD)) {
+ mOp = "modify";
+ if ((mToken = super.authorize(req)) == null) {
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
+ return;
+ }
+ if (scope.equals(ScopeDef.SC_CRLIPS))
+ addCRLIPsConfig(req, resp);
+ } else if (op.equals(OpDef.OP_DELETE)) {
+ mOp = "modify";
+ if ((mToken = super.authorize(req)) == null) {
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
+ return;
+ }
+ if (scope.equals(ScopeDef.SC_CRLIPS))
+ deleteCRLIPsConfig(req, resp);
+ } else {
+ sendResponse(1, "Unknown operation", null, resp);
+ }
+ } catch (Exception e) {
+ sendResponse(1, e.toString(), null, resp);
+ return;
+ }
+ }
+
+ /*==========================================================
+ * private methods
+ *==========================================================*/
+
+ /*
+ * handle request completion (cert issued) notification config requests
+ */
+ private void getNotificationCompConfig(HttpServletRequest req,
+ HttpServletResponse resp, IConfigStore rc) throws ServletException,
+ IOException, EBaseException {
+
+ NameValuePairs params = new NameValuePairs();
+ Enumeration e = req.getParameterNames();
+
+ while (e.hasMoreElements()) {
+ String name = (String) e.nextElement();
+
+ if (name.equals(Constants.OP_TYPE))
+ continue;
+ if (name.equals(Constants.RS_ID))
+ continue;
+ if (name.equals(Constants.OP_SCOPE))
+ continue;
+ if (name.equals(Constants.PR_ENABLE))
+ continue;
+ params.add(name, rc.getString(name, ""));
+ }
+
+ params.add(Constants.PR_ENABLE,
+ rc.getString(PROP_ENABLED, Constants.FALSE));
+ sendResponse(SUCCESS, null, params, resp);
+ }
+
+ private void getNotificationRevCompConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
+ IOException, EBaseException {
+
+ IConfigStore config = mCA.getConfigStore();
+ IConfigStore nc =
+ config.getSubStore(mCA.PROP_NOTIFY_SUBSTORE);
+ IConfigStore rc = nc.getSubStore(mCA.PROP_CERT_REVOKED_SUBSTORE);
+
+ getNotificationCompConfig(req, resp, rc);
+ }
+
+ private void getNotificationReqCompConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
+ IOException, EBaseException {
+
+ IConfigStore config = mCA.getConfigStore();
+ IConfigStore nc =
+ config.getSubStore(mCA.PROP_NOTIFY_SUBSTORE);
+ IConfigStore rc = nc.getSubStore(mCA.PROP_CERT_ISSUED_SUBSTORE);
+
+ getNotificationCompConfig(req, resp, rc);
+ }
+
+ /*
+ * handle getting request in queue notification config info
+ */
+ private void getNotificationRIQConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
+ IOException, EBaseException {
+
+ NameValuePairs params = new NameValuePairs();
+
+ IConfigStore config = mCA.getConfigStore();
+ IConfigStore nc =
+ config.getSubStore(mCA.PROP_NOTIFY_SUBSTORE);
+
+ IConfigStore riq = nc.getSubStore(mCA.PROP_REQ_IN_Q_SUBSTORE);
+
+ Enumeration e = req.getParameterNames();
+
+ while (e.hasMoreElements()) {
+ String name = (String) e.nextElement();
+
+ if (name.equals(Constants.OP_TYPE))
+ continue;
+ if (name.equals(Constants.RS_ID))
+ continue;
+ if (name.equals(Constants.OP_SCOPE))
+ continue;
+ if (name.equals(Constants.PR_ENABLE))
+ continue;
+ params.add(name, riq.getString(name, ""));
+ }
+
+ params.add(Constants.PR_ENABLE,
+ riq.getString(PROP_ENABLED, Constants.FALSE));
+ sendResponse(SUCCESS, null, params, resp);
+ }
+
+ /*
+ * handle setting request in queue notification config info
+ */
+ private void setNotificationRIQConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
+ IOException, EBaseException {
+ IConfigStore config = mCA.getConfigStore();
+ IConfigStore nc =
+ config.getSubStore(mCA.PROP_NOTIFY_SUBSTORE);
+
+ IConfigStore riq = nc.getSubStore(mCA.PROP_REQ_IN_Q_SUBSTORE);
+
+ //set rest of the parameters
+ Enumeration e = req.getParameterNames();
+
+ while (e.hasMoreElements()) {
+ String name = (String) e.nextElement();
+
+ if (name.equals(Constants.OP_TYPE))
+ continue;
+ if (name.equals(Constants.RS_ID))
+ continue;
+ if (name.equals(Constants.OP_SCOPE))
+ continue;
+ if (name.equals(Constants.PR_ENABLE))
+ continue;
+ String val = req.getParameter(name);
+
+ // if it's emailTemplate, check to see if the path exists
+ if (name.equalsIgnoreCase(PROP_EMAIL_TEMPLATE)) {
+ File template = new File(val);
+
+ if ((!template.exists()) || (!template.canRead())
+ || (template.isDirectory())) {
+ String error =
+ "Template: " + val + " does not exist or invalid";
+
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PATH"));
+
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"),
+ null, resp);
+ return;
+ }
+ }
+ riq.putString(name, val);
+ mCA.getRequestInQListener().set(name, val);
+ }
+
+ // set enable flag
+ String enabledString = req.getParameter(Constants.PR_ENABLE);
+
+ riq.putString(PROP_ENABLED, enabledString);
+ mCA.getRequestInQListener().set(PROP_ENABLED, enabledString);
+
+ commit(true);
+
+ sendResponse(SUCCESS, null, null, resp);
+ }
+
+ /*
+ * handle setting request complete notification config info
+ */
+ private void setNotificationCompConfig(HttpServletRequest req,
+ HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException,
+ IOException, EBaseException {
+
+ //set rest of the parameters
+ Enumeration e = req.getParameterNames();
+
+ while (e.hasMoreElements()) {
+ String name = (String) e.nextElement();
+
+ if (name.equals(Constants.OP_TYPE))
+ continue;
+ if (name.equals(Constants.RS_ID))
+ continue;
+ if (name.equals(Constants.OP_SCOPE))
+ continue;
+ if (name.equals(Constants.PR_ENABLE))
+ continue;
+ String val = req.getParameter(name);
+
+ // if it's emailTemplate, check to see if the path exists
+ if (name.equalsIgnoreCase(PROP_EMAIL_TEMPLATE)) {
+ File template = new File(val);
+
+ if ((!template.exists()) || (!template.canRead())
+ || (template.isDirectory())) {
+ String error =
+ "Template: " + val + " does not exist or invalid";
+
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PATH"));
+
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"),
+ null, resp);
+ return;
+ }
+ }
+ rc.putString(name, val);
+ thisListener.set(name, val);
+ }
+
+ // set enable flag
+ String enabledString = req.getParameter(Constants.PR_ENABLE);
+
+ rc.putString(PROP_ENABLED, enabledString);
+ thisListener.set(PROP_ENABLED, enabledString);
+
+ commit(true);
+
+ sendResponse(SUCCESS, null, null, resp);
+ }
+
+ private void setNotificationRevCompConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
+ IOException, EBaseException {
+ IConfigStore config = mCA.getConfigStore();
+ IConfigStore nc =
+ config.getSubStore(mCA.PROP_NOTIFY_SUBSTORE);
+
+ IConfigStore rc = nc.getSubStore(mCA.PROP_CERT_REVOKED_SUBSTORE);
+
+ setNotificationCompConfig(req, resp, rc, mCA.getCertRevokedListener());
+ }
+
+ private void setNotificationReqCompConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
+ IOException, EBaseException {
+ IConfigStore config = mCA.getConfigStore();
+ IConfigStore nc =
+ config.getSubStore(mCA.PROP_NOTIFY_SUBSTORE);
+
+ IConfigStore rc = nc.getSubStore(mCA.PROP_CERT_ISSUED_SUBSTORE);
+
+ setNotificationCompConfig(req, resp, rc, mCA.getCertIssuedListener());
+
+ }
+
+ private void listCRLIPsConfig(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
+ NameValuePairs params = new NameValuePairs();
+
+ Enumeration ips = mCA.getCRLIssuingPoints();
+
+ while (ips.hasMoreElements()) {
+ ICRLIssuingPoint ip = (ICRLIssuingPoint) ips.nextElement();
+
+ if (ip != null) {
+ String ipId = ip.getId();
+
+ if (ipId != null && ipId.length() > 0)
+ params.add(ipId, ip.getDescription());
+ params.add(ipId + "." + Constants.PR_ENABLED,
+ (Boolean.valueOf(ip.isCRLIssuingPointEnabled())).toString());
+ }
+ }
+
+ sendResponse(SUCCESS, null, params, resp);
+ }
+
+ private void getCRLIPsConfig(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
+ NameValuePairs params = new NameValuePairs();
+
+ String id = req.getParameter(Constants.RS_ID);
+
+ if (id != null && id.length() > 0) {
+ ICRLIssuingPoint ip = mCA.getCRLIssuingPoint(id);
+
+ if (ip != null) {
+
+ Enumeration e = req.getParameterNames();
+ String value = "";
+
+ while (e.hasMoreElements()) {
+ String name = (String) e.nextElement();
+
+ if (name.equals(Constants.PR_ENABLED)) {
+ if (ip.isCRLIssuingPointEnabled()) {
+ value = Constants.TRUE;
+ } else {
+ value = Constants.FALSE;
+ }
+ }
+ if (name.equals(Constants.PR_ID))
+ value = id;
+ if (name.equals(Constants.PR_DESCRIPTION))
+ value = ip.getDescription();
+ if (name.equals(Constants.PR_CLASS))
+ value = ip.getClass().getName();
+
+ params.add(name, value);
+ }
+ }
+ }
+ sendResponse(SUCCESS, null, params, resp);
+ }
+
+ /**
+ * Add CRL issuing points configuration
+ * <P>
+ *
+ * <ul>
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when
+ * configuring CRL profile (extensions, frequency, CRL format)
+ * </ul>
+ * @param req HTTP servlet request
+ * @param resp HTTP servlet response
+ * @exception ServletException a servlet error has occurred
+ * @exception IOException an input/output error has occurred
+ * @exception EBaseException an error has occurred
+ */
+ private void addCRLIPsConfig(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
+ String auditMessage = null;
+ String auditSubjectID = auditSubjectID();
+
+ // ensure that any low-level exceptions are reported
+ // to the signed audit log and stored as failures
+ try {
+ NameValuePairs params = new NameValuePairs();
+
+ String ipId = req.getParameter(Constants.PR_ID);
+
+ if (ipId == null || ipId.length() == 0) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, "Missing CRL IP name", null, resp);
+ return;
+ }
+ params.add(Constants.PR_ID, ipId);
+
+ String desc = req.getParameter(Constants.PR_DESCRIPTION);
+
+ if (desc == null) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, "Missing CRL IP description", null, resp);
+ return;
+ }
+ params.add(Constants.PR_DESCRIPTION, desc);
+
+ String sEnable = req.getParameter(Constants.PR_ENABLED);
+ boolean enable = true;
+
+ if (sEnable != null && sEnable.length() > 0 &&
+ sEnable.equalsIgnoreCase(Constants.FALSE)) {
+ enable = false;
+ params.add(Constants.PR_ENABLED, Constants.FALSE);
+ } else {
+ params.add(Constants.PR_ENABLED, Constants.TRUE);
+ }
+
+ IConfigStore crlSubStore =
+ mCA.getConfigStore().getSubStore(mCA.PROP_CRL_SUBSTORE);
+ Enumeration crlNames = crlSubStore.getSubStoreNames();
+
+ while (crlNames.hasMoreElements()) {
+ String name = (String) crlNames.nextElement();
+
+ if (ipId.equals(name)) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, ipId + " CRL IP already exists", null, resp);
+ return;
+ }
+ }
+ if (!mCA.addCRLIssuingPoint(crlSubStore, ipId, enable, desc)) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, "Cannot add or edit CRL IP", null, resp);
+ return;
+ }
+ commit(true);
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(SUCCESS, null, params, resp);
+ } catch (EBaseException eAudit1) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ // rethrow the specific exception to be handled later
+ throw eAudit1;
+ } catch (IOException eAudit2) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ // rethrow the specific exception to be handled later
+ throw eAudit2;
+ // } catch( ServletException eAudit3 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
+ }
+ }
+
+ /**
+ * Set CRL issuing points configuration
+ * <P>
+ *
+ * <ul>
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when
+ * configuring CRL profile (extensions, frequency, CRL format)
+ * </ul>
+ * @param req HTTP servlet request
+ * @param resp HTTP servlet response
+ * @exception ServletException a servlet error has occurred
+ * @exception IOException an input/output error has occurred
+ * @exception EBaseException an error has occurred
+ */
+ private void setCRLIPsConfig(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
+ String auditMessage = null;
+ String auditSubjectID = auditSubjectID();
+
+ // ensure that any low-level exceptions are reported
+ // to the signed audit log and stored as failures
+ try {
+ NameValuePairs params = new NameValuePairs();
+
+ String ipId = req.getParameter(Constants.PR_ID);
+
+ if (ipId == null || ipId.length() == 0) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, "Missing CRL IP name", null, resp);
+ return;
+ }
+ params.add(Constants.PR_ID, ipId);
+
+ String desc = req.getParameter(Constants.PR_DESCRIPTION);
+
+ if (desc == null) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, "Missing CRL IP description", null, resp);
+ return;
+ }
+ params.add(Constants.PR_DESCRIPTION, desc);
+
+ String sEnable = req.getParameter(Constants.PR_ENABLED);
+ boolean enable = true;
+
+ if (sEnable != null && sEnable.length() > 0 &&
+ sEnable.equalsIgnoreCase(Constants.FALSE)) {
+ enable = false;
+ params.add(Constants.PR_ENABLED, Constants.FALSE);
+ } else {
+ params.add(Constants.PR_ENABLED, Constants.TRUE);
+ }
+
+ IConfigStore crlSubStore =
+ mCA.getConfigStore().getSubStore(mCA.PROP_CRL_SUBSTORE);
+ boolean done = false;
+ Enumeration crlNames = crlSubStore.getSubStoreNames();
+
+ while (crlNames.hasMoreElements()) {
+ String name = (String) crlNames.nextElement();
+
+ if (ipId.equals(name)) {
+ ICRLIssuingPoint ip = mCA.getCRLIssuingPoint(ipId);
+
+ if (ip != null) {
+ ip.setDescription(desc);
+ ip.enableCRLIssuingPoint(enable);
+ }
+ IConfigStore c = crlSubStore.getSubStore(ipId);
+
+ if (c != null) {
+ c.putString(Constants.PR_DESCRIPTION, desc);
+ c.putString(Constants.PR_ENABLED,
+ (enable) ? Constants.TRUE : Constants.FALSE);
+ }
+ done = true;
+ break;
+ }
+ }
+ if (!done) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, "Missing CRL IP " + ipId, null, resp);
+ return;
+ }
+ commit(true);
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(SUCCESS, null, params, resp);
+ } catch (EBaseException eAudit1) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ // rethrow the specific exception to be handled later
+ throw eAudit1;
+ } catch (IOException eAudit2) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ // rethrow the specific exception to be handled later
+ throw eAudit2;
+ // } catch( ServletException eAudit3 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
+ }
+ }
+
+ /**
+ * Delete CRL issuing points configuration
+ * <P>
+ *
+ * <ul>
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when
+ * configuring CRL profile (extensions, frequency, CRL format)
+ * </ul>
+ * @param req HTTP servlet request
+ * @param resp HTTP servlet response
+ * @exception ServletException a servlet error has occurred
+ * @exception IOException an input/output error has occurred
+ * @exception EBaseException an error has occurred
+ */
+ private void deleteCRLIPsConfig(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
+ String auditMessage = null;
+ String auditSubjectID = auditSubjectID();
+
+ // ensure that any low-level exceptions are reported
+ // to the signed audit log and stored as failures
+ try {
+ NameValuePairs params = new NameValuePairs();
+
+ String id = req.getParameter(Constants.RS_ID);
+
+ if (id != null && id.length() > 0) {
+ IConfigStore crlSubStore =
+ mCA.getConfigStore().getSubStore(mCA.PROP_CRL_SUBSTORE);
+ boolean done = false;
+ Enumeration crlNames = crlSubStore.getSubStoreNames();
+
+ while (crlNames.hasMoreElements()) {
+ String name = (String) crlNames.nextElement();
+
+ if (id.equals(name)) {
+ mCA.deleteCRLIssuingPoint(crlSubStore, id);
+ done = true;
+ break;
+ }
+ }
+ if (!done) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(ERROR, "Missing CRL IP " + id, null, resp);
+ return;
+ }
+ commit(true);
+ }
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(SUCCESS, null, params, resp);
+ } catch (EBaseException eAudit1) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ // rethrow the specific exception to be handled later
+ throw eAudit1;
+ } catch (IOException eAudit2) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ // rethrow the specific exception to be handled later
+ throw eAudit2;
+ // } catch( ServletException eAudit3 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
+ }
+ }
+
+ private void getCRLExtsConfig(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
+ NameValuePairs params = new NameValuePairs();
+
+ String ipId = null;
+ Enumeration e = req.getParameterNames();
+
+ while (e.hasMoreElements()) {
+ String name = (String) e.nextElement();
+
+ if (name.equals(Constants.OP_TYPE))
+ continue;
+ if (name.equals(Constants.RS_ID))
+ continue;
+ if (name.equals(Constants.OP_SCOPE))
+ continue;
+ ipId = name;
+ }
+ if (ipId == null || ipId.length() <= 0) {
+ ipId = ICertificateAuthority.PROP_MASTER_CRL;
+ }
+
+ ICRLIssuingPoint ip = mCA.getCRLIssuingPoint(ipId);
+ ICMSCRLExtensions crlExts = ip.getCRLExtensions();
+ String id = req.getParameter(Constants.RS_ID);
+
+ if (id != null) {
+ params = crlExts.getConfigParams(id);
+ }
+
+ sendResponse(SUCCESS, null, params, resp);
+ }
+
+ /**
+ * Delete CRL extensions configuration
+ * <P>
+ *
+ * <ul>
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when
+ * configuring CRL profile (extensions, frequency, CRL format)
+ * </ul>
+ * @param req HTTP servlet request
+ * @param resp HTTP servlet response
+ * @exception ServletException a servlet error has occurred
+ * @exception IOException an input/output error has occurred
+ * @exception EBaseException an error has occurred
+ */
+ private void setCRLExtsConfig(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
+ String auditMessage = null;
+ String auditSubjectID = auditSubjectID();
+
+ // ensure that any low-level exceptions are reported
+ // to the signed audit log and stored as failures
+ try {
+ NameValuePairs params = new NameValuePairs();
+
+ String ipId = req.getParameter(Constants.PR_ID);
+
+ if (ipId == null || ipId.length() <= 0) {
+ ipId = ICertificateAuthority.PROP_MASTER_CRL;
+ }
+
+ ICRLIssuingPoint ip = mCA.getCRLIssuingPoint(ipId);
+ ICMSCRLExtensions crlExts = ip.getCRLExtensions();
+
+ IConfigStore config = mCA.getConfigStore();
+ IConfigStore crlsSubStore =
+ config.getSubStore(mCA.PROP_CRL_SUBSTORE);
+ IConfigStore crlSubStore = crlsSubStore.getSubStore(ipId);
+ IConfigStore crlExtsSubStore =
+ crlSubStore.getSubStore(mCA.PROP_CRLEXT_SUBSTORE);
+
+ String id = req.getParameter(Constants.RS_ID);
+
+ if (id != null) {
+ IConfigStore crlExtSubStore = crlExtsSubStore.getSubStore(id);
+
+ Enumeration e = req.getParameterNames();
+
+ while (e.hasMoreElements()) {
+ String name = (String) e.nextElement();
+
+ if (name.equals(Constants.OP_TYPE))
+ continue;
+ if (name.equals(Constants.RS_ID))
+ continue;
+ if (name.equals(Constants.OP_SCOPE))
+ continue;
+ if (name.equals(Constants.PR_CRLEXT_IMPL_NAME))
+ continue;
+ if (name.equals("RULENAME"))
+ continue;
+ String value = req.getParameter(name);
+
+ params.add(name, value);
+ }
+ crlExts.setConfigParams(id, params, crlExtSubStore);
+ commit(true);
+ ip.clearCRLCache();
+ ip.updateCRLCacheRepository();
+ }
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ sendResponse(SUCCESS, null, null, resp);
+ } catch (EBaseException eAudit1) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ // rethrow the specific exception to be handled later
+ throw eAudit1;
+ } catch (IOException eAudit2) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ // rethrow the specific exception to be handled later
+ throw eAudit2;
+ // } catch( ServletException eAudit3 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
+ }
+ }
+
+ private void listCRLExtsConfig(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
+ NameValuePairs params = new NameValuePairs();
+
+ String id = req.getParameter(Constants.PR_ID);
+
+ if (id == null || id.length() <= 0) {
+ id = mCA.PROP_MASTER_CRL;
+ }
+
+ IConfigStore config = mCA.getConfigStore();
+ IConfigStore crlsSubStore = config.getSubStore(mCA.PROP_CRL_SUBSTORE);
+ IConfigStore crlSubStore = crlsSubStore.getSubStore(id);
+ IConfigStore crlExtsSubStore = crlSubStore.getSubStore(mCA.PROP_CRLEXT_SUBSTORE);
+
+ if (crlExtsSubStore != null) {
+ Enumeration enumExts = crlExtsSubStore.getSubStoreNames();
+
+ while (enumExts.hasMoreElements()) {
+ String extName = (String) enumExts.nextElement();
+ boolean crlExtEnabled = false;
+ IConfigStore crlExtSubStore = crlExtsSubStore.getSubStore(extName);
+ Enumeration properties = crlExtSubStore.getPropertyNames();
+
+ while (properties.hasMoreElements()) {
+ String name = (String) properties.nextElement();
+
+ if (name.equals(Constants.PR_ENABLE)) {
+ crlExtEnabled = crlExtSubStore.getBoolean(name, false);
+ }
+ }
+ params.add(extName, extName + ";visible;" + ((crlExtEnabled) ? "enabled" : "disabled"));
+ }
+ }
+
+ sendResponse(SUCCESS, null, params, resp);
+ }
+
+ /**
+ * retrieve extended plugin info such as brief description,
+ * type info from CRL extensions
+ */
+ private void getExtendedPluginInfo(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
+ IOException, EBaseException {
+ String id = req.getParameter(Constants.RS_ID);
+ int colon = id.indexOf(':');
+
+ String implType = id.substring(0, colon);
+ String implName = id.substring(colon + 1);
+
+ NameValuePairs params =
+ getExtendedPluginInfo(getLocale(req), implType, implName);
+
+ sendResponse(SUCCESS, null, params, resp);
+ }
+
+ private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) {
+ IExtendedPluginInfo ext_info = null;
+ Object impl = null;
+
+ String ipId = null;
+ String name = null;
+
+ Enumeration ips = mCA.getCRLIssuingPoints();
+ if (ips.hasMoreElements()) {
+ ICRLIssuingPoint ip = (ICRLIssuingPoint) ips.nextElement();
+ if (ip != null) {
+ ipId = ip.getId();
+ }
+ }
+ if (ipId != null) {
+ ICRLIssuingPoint ip = mCA.getCRLIssuingPoint(ipId);
+ ICMSCRLExtensions crlExts = ip.getCRLExtensions();
+ name = crlExts.getClassPath(implName);
+ }
+ if (name != null) {
+ impl = getClassByNameAsExtendedPluginInfo(name);
+ }
+ if (impl != null) {
+ if (impl instanceof IExtendedPluginInfo) {
+ ext_info = (IExtendedPluginInfo) impl;
+ }
+ }
+
+ NameValuePairs nvps = null;
+
+ if (ext_info == null) {
+ nvps = new NameValuePairs();
+ } else {
+ nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale));
+ }
+
+ return nvps;
+ }
+
+ /**
+ * Set CRL configuration
+ * <P>
+ *
+ * <ul>
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when
+ * configuring CRL profile (extensions, frequency, CRL format)
+ * </ul>
+ * @param req HTTP servlet request
+ * @param resp HTTP servlet response
+ * @exception ServletException a servlet error has occurred
+ * @exception IOException an input/output error has occurred
+ * @exception EBaseException an error has occurred
+ */
+ private void setCRLConfig(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
+ String auditMessage = null;
+ String auditSubjectID = auditSubjectID();
+
+ // ensure that any low-level exceptions are reported
+ // to the signed audit log and stored as failures
+ try {
+ NameValuePairs params = new NameValuePairs();
+
+ String id = req.getParameter(Constants.RS_ID);
+
+ if (id == null || id.length() <= 0 ||
+ id.equals(Constants.RS_ID_CONFIG)) {
+ id = mCA.PROP_MASTER_CRL;
+ }
+ ICRLIssuingPoint ip = mCA.getCRLIssuingPoint(id);
+
+ //Save New Settings to the config file
+ IConfigStore config = mCA.getConfigStore();
+ IConfigStore crlsSubStore = config.getSubStore(mCA.PROP_CRL_SUBSTORE);
+ IConfigStore crlSubStore = crlsSubStore.getSubStore(id);
+
+ //set reset of the parameters
+ Enumeration e = req.getParameterNames();
+
+ while (e.hasMoreElements()) {
+ String name = (String) e.nextElement();
+
+ if (name.equals(Constants.OP_TYPE))
+ continue;
+ if (name.equals(Constants.RS_ID))
+ continue;
+ if (name.equals(Constants.OP_SCOPE))
+ continue;
+ if (name.equals(Constants.PR_ENABLE))
+ continue;
+ String value = req.getParameter(name);
+
+ params.add(name, value);
+ crlSubStore.putString(name, value);
+ }
+ boolean noRestart = ip.updateConfig(params);
+
+ commit(true);
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ if (noRestart)
+ sendResponse(SUCCESS, null, null, resp);
+ else
+ sendResponse(RESTART, null, null, resp);
+ } catch (EBaseException eAudit1) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ // rethrow the specific exception to be handled later
+ throw eAudit1;
+ } catch (IOException eAudit2) {
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
+
+ audit(auditMessage);
+
+ // rethrow the specific exception to be handled later
+ throw eAudit2;
+ // } catch( ServletException eAudit3 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
+ }
+ }
+
+ private void getCRLConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
+ IOException, EBaseException {
+
+ NameValuePairs params = new NameValuePairs();
+
+ String id = req.getParameter(Constants.RS_ID);
+
+ if (id == null || id.length() <= 0 ||
+ id.equals(Constants.RS_ID_CONFIG)) {
+ id = mCA.PROP_MASTER_CRL;
+ }
+ IConfigStore crlsSubStore =
+ mCA.getConfigStore().getSubStore(mCA.PROP_CRL_SUBSTORE);
+ IConfigStore crlSubStore = crlsSubStore.getSubStore(id);
+
+ Enumeration e = req.getParameterNames();
+
+ while (e.hasMoreElements()) {
+ String name = (String) e.nextElement();
+
+ if (name.equals(Constants.OP_TYPE))
+ continue;
+ if (name.equals(Constants.RS_ID))
+ continue;
+ if (name.equals(Constants.OP_SCOPE))
+ continue;
+ if (name.equals(Constants.PR_ENABLE))
+ continue;
+ params.add(name, crlSubStore.getString(name, ""));
+ }
+
+ getSigningAlgConfig(params);
+ sendResponse(SUCCESS, null, params, resp);
+ }
+
+ private void getConnectorConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
+ IOException, EBaseException {
+ IConfigStore caConfig = mCA.getConfigStore();
+ IConfigStore connectorConfig = caConfig.getSubStore("connector");
+ IConfigStore caConnectorConfig = null;
+
+ if (isKRAConnector(req)) {
+ caConnectorConfig = connectorConfig.getSubStore("KRA");
+ } else if (isCLAConnector(req)) {
+ caConnectorConfig = connectorConfig.getSubStore("CLA");
+ }
+
+ Enumeration enum1 = req.getParameterNames();
+ NameValuePairs params = new NameValuePairs();
+
+ if (caConnectorConfig != null) {
+ while (enum1.hasMoreElements()) {
+ String name = (String) enum1.nextElement();
+
+ if (name.equals(Constants.RS_ID))
+ continue;
+ if (name.equals(Constants.OP_SCOPE))
+ continue;
+ if (name.equals(Constants.OP_TYPE))
+ continue;
+
+ params.add(name, caConnectorConfig.getString(name, ""));
+ }
+ }
+ sendResponse(SUCCESS, null, params, resp);
+ }
+
+ private void setConnectorConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
+ IOException, EBaseException {
+
+ IConfigStore caConfig = mCA.getConfigStore();
+ IConfigStore connectorConfig = caConfig.getSubStore("connector");
+ IConfigStore caConnectorConfig = null;
+
+// String nickname = CMS.getServerCertNickname();
+
+ if (isKRAConnector(req)) {
+ caConnectorConfig = connectorConfig.getSubStore("KRA");
+ } else if (isCLAConnector(req)) {
+ caConnectorConfig = connectorConfig.getSubStore("CLA");
+ }
+
+ Enumeration enum1 = req.getParameterNames();
+
+ if (caConnectorConfig != null) {
+ while (enum1.hasMoreElements()) {
+ String name = (String) enum1.nextElement();
+
+ if (name.equals(Constants.OP_TYPE))
+ continue;
+ if (name.equals(Constants.RS_ID))
+ continue;
+ if (name.equals(Constants.OP_SCOPE))
+ continue;
+/*
+ if (name.equals("nickName")) {
+ caConnectorConfig.putString(name, nickname);
+ continue;
+ }
+*/
+ if (name.equals("host")) {
+ try {
+ Utils.checkHost(req.getParameter("host"));
+ } catch (UnknownHostException e) {
+ sendResponse(ERROR, "Unknown Host " + req.getParameter("host"), null, resp);
+ return;
+ }
+ }
+ caConnectorConfig.putString(name, req.getParameter(name));
+ }
+ }
+
+ commit(true);
+ sendResponse(RESTART, null, null, resp);
+ }
+
+ private boolean isKRAConnector(HttpServletRequest req) {
+ Enumeration enum1 = req.getParameterNames();
+
+ while (enum1.hasMoreElements()) {
+ String key = (String) enum1.nextElement();
+
+ if (key.equals("RS_ID")) {
+ String val = req.getParameter(key);
+
+ if (val.equals("Data Recovery Manager Connector"))
+ return true;
+ else
+ return false;
+ }
+ }
+ return false;
+ }
+
+ private boolean isCLAConnector(HttpServletRequest req) {
+ Enumeration enum1 = req.getParameterNames();
+
+ while (enum1.hasMoreElements()) {
+ String key = (String) enum1.nextElement();
+
+ if (key.equals("RS_ID")) {
+ String val = req.getParameter(key);
+
+ if (val.equals("Clone Master Manager Connector"))
+ return true;
+ else
+ return false;
+ }
+ }
+ return false;
+ }
+
+ private void getGeneralConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
+ IOException, EBaseException {
+
+ NameValuePairs params = new NameValuePairs();
+ String value = "false";
+
+ /*
+ ISubsystem eeGateway =
+ SubsystemRegistry.getInstance().get("eeGateway");
+ if (eeGateway != null) {
+ IConfigStore eeConfig = eeGateway.getConfigStore();
+ if (eeConfig != null)
+ value = eeConfig.getString("enabled", "true");
+ String ocspValue = "true";
+ ocspValue = eeConfig.getString("enableOCSP", "true");
+ params.add(Constants.PR_OCSP_ENABLED, ocspValue);
+ }
+ params.add(Constants.PR_EE_ENABLED, value);
+ */
+
+
+ IConfigStore caConfig = mCA.getConfigStore();
+
+ value = caConfig.getString(mCA.PROP_ENABLE_PAST_CATIME, "false");
+ params.add(Constants.PR_VALIDITY, value);
+
+ getSigningAlgConfig(params);
+ getSerialConfig(params);
+ getMaxSerialConfig(params);
+
+ sendResponse(SUCCESS, null, params, resp);
+ }
+
+ private void getSigningAlgConfig(NameValuePairs params) {
+ params.add(Constants.PR_DEFAULT_ALGORITHM,
+ mCA.getDefaultAlgorithm());
+ String[] algorithms = mCA.getCASigningAlgorithms();
+ StringBuffer algorStr = new StringBuffer();
+
+ for (int i = 0; i < algorithms.length; i++) {
+ if (i == 0)
+ algorStr.append(algorithms[i]);
+ else {
+ algorStr.append(":");
+ algorStr.append(algorithms[i]);
+ }
+ }
+ params.add(Constants.PR_ALL_ALGORITHMS, algorStr.toString());
+ }
+
+ private void getSerialConfig(NameValuePairs params) {
+ params.add(Constants.PR_SERIAL,
+ mCA.getStartSerial());
+ }
+
+ private void getMaxSerialConfig(NameValuePairs params) {
+ params.add(Constants.PR_MAXSERIAL,
+ mCA.getMaxSerial());
+ }
+
+ private void setGeneralConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
+ IOException, EBaseException {
+
+ ISubsystem eeGateway = null;
+
+ /*
+ ISubsystem eeGateway =
+ SubsystemRegistry.getInstance().get("eeGateway");
+ */
+ IConfigStore eeConfig = null;
+
+ if (eeGateway != null)
+ eeConfig = eeGateway.getConfigStore();
+ IConfigStore caConfig = mCA.getConfigStore();
+
+ Enumeration enum1 = req.getParameterNames();
+ boolean restart = false;
+
+ //mCA.setMaxSerial("");
+ while (enum1.hasMoreElements()) {
+ String key = (String) enum1.nextElement();
+ String value = req.getParameter(key);
+
+ if (key.equals(Constants.PR_EE_ENABLED)) {
+
+ /*
+ if (eeConfig != null) {
+ if (((EEGateway)eeGateway).isEnabled() &&
+ value.equals("false") ||
+ !((EEGateway)eeGateway).isEnabled() &&
+ value.equals("true")) {
+ restart=true;;
+ }
+ eeConfig.putString("enabled", value);
+ }
+ */
+ } else if (key.equals(Constants.PR_VALIDITY)) {
+ mCA.setValidity(value);
+ } else if (key.equals(Constants.PR_DEFAULT_ALGORITHM)) {
+ mCA.setDefaultAlgorithm(value);
+ } else if (key.equals(Constants.PR_SERIAL)) {
+ mCA.setStartSerial(value);
+ } else if (key.equals(Constants.PR_MAXSERIAL)) {
+ mCA.setMaxSerial(value);
+ }
+ }
+
+ commit(true);
+ if (restart)
+ sendResponse(RESTART, null, null, resp);
+ else
+ sendResponse(SUCCESS, null, null, resp);
+ }
+
+ /**
+ * Retrieves configuration parameters of certificate
+ * authority.
+ */
+ private synchronized void getConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
+ IOException, EBaseException {
+ // validate
+ super.getConfig(mCA.getConfigStore(), req, resp);
+ }
+
+ /**
+ * Sets configuration parameters of certificate
+ * authority.
+ */
+ private synchronized void setConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
+ IOException, EBaseException {
+ super.setConfig(mCA.getConfigStore(), req, resp);
+ // XXX - commit changes
+ }
+
+ /**
+ * Lists configuration store parameters.
+ */
+ private synchronized void listConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
+ IOException, EBaseException {
+ super.listConfig(mCA.getConfigStore(), req, resp);
+ }
+
+ /**
+ * Locks a request so that no one can modify it except
+ * owner.
+ */
+ private synchronized void lockRequest(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
+ IOException, EBaseException {
+ NameValuePairs params = new NameValuePairs();
+
+ // XXX
+ sendResponse(SUCCESS, null, params, resp);
+ }
+
+ /**
+ * Locks certificate record so that no one can
+ * modify it except owner.
+ */
+ private synchronized void lockCertRecord(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
+ IOException, EBaseException {
+ NameValuePairs params = new NameValuePairs();
+
+ sendResponse(SUCCESS, null, params, resp);
+ }
+
+ /**
+ * Modifies a cert record.
+ */
+ private synchronized void modifyCertRecord(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException,
+ IOException, EBaseException {
+ NameValuePairs params = new NameValuePairs();
+
+ // XXX
+ sendResponse(SUCCESS, null, params, resp);
+ }
+
+ private void log(int level, String msg) {
+ if (mLogger == null)
+ return;
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
+ level, "CAAdminServlet: " + msg);
+ }
+}
generated by cgit (git 2.34.1) at 2024-04-19 06:19:19 +0000