diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java')
| -rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java | 993 |
1 files changed, 0 insertions, 993 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java deleted file mode 100644 index 916ab199b..000000000 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java +++ /dev/null @@ -1,993 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.csadmin; - -import java.io.FileOutputStream; -import java.io.IOException; -import java.io.PrintStream; -import java.net.URL; -import java.net.URLEncoder; -import java.util.Enumeration; -import java.util.StringTokenizer; -import java.util.Vector; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import netscape.security.x509.X509CertImpl; -import netscape.security.x509.X509Key; - -import org.apache.velocity.context.Context; - -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.base.ISubsystem; -import com.netscape.certsrv.ca.ICertificateAuthority; -import com.netscape.certsrv.property.Descriptor; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.property.PropertySet; -import com.netscape.certsrv.util.HttpInput; -import com.netscape.cms.servlet.wizard.WizardServlet; -import com.netscape.cmsutil.crypto.CryptoUtil; - -public class NamePanel extends WizardPanelBase { - private Vector<Cert> mCerts = null; - private WizardServlet mServlet = null; - - public NamePanel() { - } - - /** - * Initializes this panel. - */ - public void init(ServletConfig config, int panelno) - throws ServletException { - setPanelNo(panelno); - setName("Subject Names"); - } - - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { - setPanelNo(panelno); - setName("Subject Names"); - setId(id); - mServlet = servlet; - } - - /** - * Returns the usage.XXX usage needs to be made dynamic - */ - public PropertySet getUsage() { - PropertySet set = new PropertySet(); - - Descriptor caDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ - "CA Signing Certificate's DN"); - - set.add("caDN", caDN); - - Descriptor sslDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ - "SSL Server Certificate's DN"); - - set.add("sslDN", sslDN); - - Descriptor subsystemDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ - "CA Subsystem Certificate's DN"); - - set.add("subsystemDN", subsystemDN); - - Descriptor ocspDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ - "OCSP Signing Certificate's DN"); - - set.add("ocspDN", ocspDN); - - return set; - } - - public void cleanUp() throws IOException { - IConfigStore cs = CMS.getConfigStore(); - try { - @SuppressWarnings("unused") - boolean done = cs.getBoolean("preop.NamePanel.done"); // check for errors - cs.putBoolean("preop.NamePanel.done", false); - cs.commit(false); - } catch (Exception e) { - } - - String list = ""; - try { - list = cs.getString("preop.cert.list", ""); - } catch (Exception e) { - } - - StringTokenizer st = new StringTokenizer(list, ","); - while (st.hasMoreTokens()) { - String t = st.nextToken(); - cs.remove("preop.cert." + t + ".done"); - } - - try { - cs.commit(false); - } catch (Exception e) { - } - } - - public boolean isPanelDone() { - IConfigStore cs = CMS.getConfigStore(); - try { - boolean s = cs.getBoolean("preop.NamePanel.done", false); - if (s != true) { - return false; - } else { - return true; - } - } catch (EBaseException e) { - } - - return false; - } - - public String capitalize(String s) { - if (s.length() == 0) { - return s; - } else { - return s.substring(0, 1).toUpperCase() + s.substring(1); - } - } - - /** - * Display the panel. - */ - public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { - CMS.debug("NamePanel: display()"); - context.put("title", "Subject Names"); - - // update session id - String session_id = request.getParameter("session_id"); - if (session_id != null) { - CMS.debug("NamePanel setting session id."); - CMS.setConfigSDSessionId(session_id); - } - - mCerts = new Vector<Cert>(); - - String domainname = ""; - IConfigStore config = CMS.getConfigStore(); - String select = ""; - String hselect = ""; - String cstype = ""; - try { - //if CA, at the hierarchy panel, was it root or subord? - hselect = config.getString("preop.hierarchy.select", ""); - select = config.getString("preop.subsystem.select", ""); - cstype = config.getString("cs.type", ""); - context.put("select", select); - if (cstype.equals("CA") && hselect.equals("root")) { - CMS.debug("NamePanel ca is root"); - context.put("isRoot", "true"); - } else { - CMS.debug("NamePanel not ca or not root"); - context.put("isRoot", "false"); - } - } catch (Exception e) { - } - - try { - domainname = config.getString("securitydomain.name", ""); - - String certTags = config.getString("preop.cert.list"); - // same token for now - String token = config.getString(PRE_CONF_CA_TOKEN); - StringTokenizer st = new StringTokenizer(certTags, ","); - String domaintype = config.getString("securitydomain.select"); - int count = 0; - String host = ""; - int sd_admin_port = -1; - if (domaintype.equals("existing")) { - host = config.getString("securitydomain.host", ""); - sd_admin_port = config.getInteger("securitydomain.httpsadminport", -1); - count = getSubsystemCount(host, sd_admin_port, true, cstype); - } - - while (st.hasMoreTokens()) { - String certTag = st.nextToken(); - - CMS.debug("NamePanel: display() about to process certTag :" + certTag); - String nn = config.getString( - PCERT_PREFIX + certTag + ".nickname"); - Cert c = new Cert(token, nn, certTag); - String userfriendlyname = config.getString( - PCERT_PREFIX + certTag + ".userfriendlyname"); - String subsystem = config.getString( - PCERT_PREFIX + certTag + ".subsystem"); - - c.setUserFriendlyName(userfriendlyname); - - String type = config.getString(PCERT_PREFIX + certTag + ".type"); - c.setType(type); - boolean enable = config.getBoolean(PCERT_PREFIX + certTag + ".enable", true); - c.setEnable(enable); - - String cert = config.getString(subsystem + "." + certTag + ".cert", ""); - String certreq = - config.getString(subsystem + "." + certTag + ".certreq", ""); - - String dn = config.getString(PCERT_PREFIX + certTag + ".dn"); - boolean override = config.getBoolean(PCERT_PREFIX + certTag + - ".cncomponent.override", true); - //o_sd is to add o=secritydomainname - boolean o_sd = config.getBoolean(PCERT_PREFIX + certTag + - "o_securitydomain", true); - domainname = config.getString("securitydomain.name", ""); - CMS.debug("NamePanel: display() override is " + override); - CMS.debug("NamePanel: display() o_securitydomain is " + o_sd); - CMS.debug("NamePanel: display() domainname is " + domainname); - - boolean dnUpdated = false; - try { - dnUpdated = config.getBoolean(PCERT_PREFIX + certTag + ".updatedDN"); - } catch (Exception e) { - } - - try { - @SuppressWarnings("unused") - boolean done = config.getBoolean("preop.NamePanel.done"); // check for errors - c.setDN(dn); - } catch (Exception e) { - String instanceId = config.getString("service.instanceID", ""); - if (select.equals("clone") || dnUpdated) { - c.setDN(dn); - } else if (count != 0 && override && (cert.equals("") || certreq.equals(""))) { - CMS.debug("NamePanel subsystemCount = " + count); - c.setDN(dn + " " + count + - ((!instanceId.equals("")) ? (",OU=" + instanceId) : "") + - ((o_sd) ? (",O=" + domainname) : "")); - config.putBoolean(PCERT_PREFIX + certTag + ".updatedDN", true); - } else { - c.setDN(dn + - ((!instanceId.equals("")) ? (",OU=" + instanceId) : "") + - ((o_sd) ? (",O=" + domainname) : "")); - config.putBoolean(PCERT_PREFIX + certTag + ".updatedDN", true); - } - } - - mCerts.addElement(c); - CMS.debug( - "NamePanel: display() added cert to mCerts: certTag " - + certTag); - config.putString(PCERT_PREFIX + c.getCertTag() + ".dn", c.getDN()); - }// while - } catch (EBaseException e) { - CMS.debug("NamePanel: display() exception caught:" + e.toString()); - } catch (Exception e) { - CMS.debug("NamePanel: " + e.toString()); - } - - CMS.debug("NamePanel: Ready to get SSL EE HTTPS urls"); - Vector<String> v = getUrlListFromSecurityDomain(config, "CA", "SecurePort"); - v.addElement("External CA"); - StringBuffer list = new StringBuffer(); - int size = v.size(); - - for (int i = 0; i < size; i++) { - if (i == size - 1) { - list.append(v.elementAt(i)); - } else { - list.append(v.elementAt(i)); - list.append(","); - } - } - - try { - config.putString("preop.ca.list", list.toString()); - config.commit(false); - } catch (Exception e) { - } - - context.put("urls", v); - - context.put("certs", mCerts); - context.put("panel", "admin/console/config/namepanel.vm"); - context.put("errorString", ""); - - } - - /** - * Checks if the given parameters are valid. - */ - public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { - Enumeration<Cert> c = mCerts.elements(); - - while (c.hasMoreElements()) { - Cert cert = c.nextElement(); - // get the dn's and put in config - if (cert.isEnable()) { - String dn = HttpInput.getDN(request, cert.getCertTag()); - - if (dn == null || dn.length() == 0) { - context.put("updateStatus", "validate-failure"); - throw new IOException("Empty DN for " + cert.getUserFriendlyName()); - } - } - } // while - } - - /* - * update some parameters for clones - */ - public void updateCloneConfig(IConfigStore config) - throws EBaseException, IOException { - String cstype = config.getString("cs.type", null); - cstype = toLowerCaseSubsystemType(cstype); - if (cstype.equals("kra")) { - String token = config.getString(PRE_CONF_CA_TOKEN); - if (!token.equals("Internal Key Storage Token")) { - CMS.debug("NamePanel: updating configuration for KRA clone with hardware token"); - String subsystem = config.getString(PCERT_PREFIX + "storage.subsystem"); - String storageNickname = getNickname(config, "storage"); - String transportNickname = getNickname(config, "transport"); - - config.putString(subsystem + ".storageUnit.hardware", token); - config.putString(subsystem + ".storageUnit.nickName", token + ":" + storageNickname); - config.putString(subsystem + ".transportUnit.nickName", token + ":" + transportNickname); - config.commit(false); - } else { // software token - // parameters already set - } - } - - // audit signing cert - String audit_nn = config.getString(cstype + ".audit_signing" + ".nickname", ""); - String audit_tk = config.getString(cstype + ".audit_signing" + ".tokenname", ""); - if (!audit_tk.equals("Internal Key Storage Token") && !audit_tk.equals("")) { - config.putString("log.instance.SignedAudit.signedAuditCertNickname", - audit_tk + ":" + audit_nn); - } else { - config.putString("log.instance.SignedAudit.signedAuditCertNickname", - audit_nn); - } - } - - /* - * get some of the "preop" parameters to persisting parameters - */ - public void updateConfig(IConfigStore config, String certTag) - throws EBaseException, IOException { - String token = config.getString(PRE_CONF_CA_TOKEN); - String subsystem = config.getString(PCERT_PREFIX + certTag + ".subsystem"); - CMS.debug("NamePanel: subsystem " + subsystem); - String nickname = getNickname(config, certTag); - - CMS.debug("NamePanel: updateConfig() for certTag " + certTag); - // XXX these two are used throughout the CA so have to write them - // should change the entire system to use the uniformed names later - if (certTag.equals("signing") || certTag.equals("ocsp_signing")) { - CMS.debug("NamePanel: setting signing nickname=" + nickname); - config.putString(subsystem + "." + certTag + ".cacertnickname", nickname); - config.putString(subsystem + "." + certTag + ".certnickname", nickname); - } - - // if KRA, hardware token needs param "kra.storageUnit.hardware" in CS.cfg - String cstype = config.getString("cs.type", null); - cstype = toLowerCaseSubsystemType(cstype); - if (cstype.equals("kra")) { - if (!token.equals("Internal Key Storage Token")) { - if (certTag.equals("storage")) { - config.putString(subsystem + ".storageUnit.hardware", token); - config.putString(subsystem + ".storageUnit.nickName", token + ":" + nickname); - } else if (certTag.equals("transport")) { - config.putString(subsystem + ".transportUnit.nickName", token + ":" + nickname); - } - } else { // software token - if (certTag.equals("storage")) { - config.putString(subsystem + ".storageUnit.nickName", nickname); - } else if (certTag.equals("transport")) { - config.putString(subsystem + ".transportUnit.nickName", nickname); - } - } - } - - String serverCertNickname = nickname; - String path = CMS.getConfigStore().getString("instanceRoot", ""); - if (certTag.equals("sslserver")) { - if (!token.equals("Internal Key Storage Token")) { - serverCertNickname = token + ":" + nickname; - } - PrintStream ps = new PrintStream(new FileOutputStream(path + "/conf/serverCertNick.conf")); - ps.println(serverCertNickname); - ps.close(); - } - - config.putString(subsystem + "." + certTag + ".nickname", nickname); - config.putString(subsystem + "." + certTag + ".tokenname", token); - if (certTag.equals("audit_signing")) { - if (!token.equals("Internal Key Storage Token") && !token.equals("")) { - config.putString("log.instance.SignedAudit.signedAuditCertNickname", - token + ":" + nickname); - } else { - config.putString("log.instance.SignedAudit.signedAuditCertNickname", - nickname); - } - } - /* - config.putString(CERT_PREFIX + certTag + ".defaultSigningAlgorithm", - "SHA1withRSA"); - */ - - // for system certs verification - if (!token.equals("Internal Key Storage Token") && !token.equals("")) { - config.putString(subsystem + ".cert." + certTag + ".nickname", - token + ":" + nickname); - } else { - config.putString(subsystem + ".cert." + certTag + ".nickname", nickname); - } - - config.commit(false); - CMS.debug("NamePanel: updateConfig() done"); - } - - /** - * create and sign a cert locally (handles both "selfsign" and "local") - */ - public void configCert(HttpServletRequest request, - HttpServletResponse response, - Context context, Cert certObj) throws IOException { - CMS.debug("NamePanel: configCert called"); - - IConfigStore config = CMS.getConfigStore(); - String caType = certObj.getType(); - CMS.debug("NamePanel: in configCert caType is " + caType); - X509CertImpl cert = null; - String certTag = certObj.getCertTag(); - - try { - updateConfig(config, certTag); - if (caType.equals("remote")) { - String v = config.getString("preop.ca.type", ""); - - CMS.debug("NamePanel configCert: remote CA"); - String pkcs10 = CertUtil.getPKCS10(config, PCERT_PREFIX, - certObj, context); - certObj.setRequest(pkcs10); - String subsystem = config.getString( - PCERT_PREFIX + certTag + ".subsystem"); - config.putString(subsystem + "." + certTag + ".certreq", pkcs10); - String profileId = config.getString(PCERT_PREFIX + certTag + ".profile"); - String session_id = CMS.getConfigSDSessionId(); - String sd_hostname = ""; - int sd_ee_port = -1; - try { - sd_hostname = config.getString("securitydomain.host", ""); - sd_ee_port = config.getInteger("securitydomain.httpseeport", -1); - } catch (Exception ee) { - CMS.debug("NamePanel: configCert() exception caught:" + ee.toString()); - } - String sysType = config.getString("cs.type", ""); - String machineName = config.getString("machineName", ""); - String securePort = config.getString("service.securePort", ""); - if (certTag.equals("subsystem")) { - String content = - "requestor_name=" - + sysType + "-" + machineName + "-" + securePort + "&profileId=" + profileId - + "&cert_request_type=pkcs10&cert_request=" + URLEncoder.encode(pkcs10, "UTF-8") - + "&xmlOutput=true&sessionID=" + session_id; - cert = CertUtil.createRemoteCert(sd_hostname, sd_ee_port, - content, response, this); - if (cert == null) { - throw new IOException("Error: remote certificate is null"); - } - } else if (v.equals("sdca")) { - String ca_hostname = ""; - int ca_port = -1; - try { - ca_hostname = config.getString("preop.ca.hostname", ""); - ca_port = config.getInteger("preop.ca.httpsport", -1); - } catch (Exception ee) { - } - - String content = - "requestor_name=" - + sysType + "-" + machineName + "-" + securePort + "&profileId=" + profileId - + "&cert_request_type=pkcs10&cert_request=" + URLEncoder.encode(pkcs10, "UTF-8") - + "&xmlOutput=true&sessionID=" + session_id; - cert = CertUtil.createRemoteCert(ca_hostname, ca_port, - content, response, this); - if (cert == null) { - throw new IOException("Error: remote certificate is null"); - } - } else if (v.equals("otherca")) { - config.putString(subsystem + "." + certTag + ".cert", - "...paste certificate here..."); - } else { - CMS.debug("NamePanel: no preop.ca.type is provided"); - } - } else { // not remote CA, ie, self-signed or local - ISubsystem ca = CMS.getSubsystem(ICertificateAuthority.ID); - - if (ca == null) { - String s = PCERT_PREFIX + certTag + ".type"; - - CMS.debug( - "The value for " + s - + " should be remote, nothing else."); - throw new IOException( - "The value for " + s + " should be remote"); - } - - String pubKeyType = config.getString( - PCERT_PREFIX + certTag + ".keytype"); - if (pubKeyType.equals("rsa")) { - - String pubKeyModulus = config.getString( - PCERT_PREFIX + certTag + ".pubkey.modulus"); - String pubKeyPublicExponent = config.getString( - PCERT_PREFIX + certTag + ".pubkey.exponent"); - String subsystem = config.getString( - PCERT_PREFIX + certTag + ".subsystem"); - - if (certTag.equals("signing")) { - X509Key x509key = CryptoUtil.getPublicX509Key( - CryptoUtil.string2byte(pubKeyModulus), - CryptoUtil.string2byte(pubKeyPublicExponent)); - - cert = CertUtil.createLocalCert(config, x509key, - PCERT_PREFIX, certTag, caType, context); - } else { - String cacert = config.getString("ca.signing.cert", ""); - - if (cacert.equals("") || cacert.startsWith("...")) { - certObj.setCert( - "...certificate be generated internally..."); - config.putString(subsystem + "." + certTag + ".cert", - "...certificate be generated internally..."); - } else { - X509Key x509key = CryptoUtil.getPublicX509Key( - CryptoUtil.string2byte(pubKeyModulus), - CryptoUtil.string2byte(pubKeyPublicExponent)); - - cert = CertUtil.createLocalCert(config, x509key, - PCERT_PREFIX, certTag, caType, context); - } - } - } else if (pubKeyType.equals("ecc")) { - String pubKeyEncoded = config.getString( - PCERT_PREFIX + certTag + ".pubkey.encoded"); - String subsystem = config.getString( - PCERT_PREFIX + certTag + ".subsystem"); - - if (certTag.equals("signing")) { - - X509Key x509key = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded)); - cert = CertUtil.createLocalCert(config, x509key, - PCERT_PREFIX, certTag, caType, context); - } else { - String cacert = config.getString("ca.signing.cert", ""); - - if (cacert.equals("") || cacert.startsWith("...")) { - certObj.setCert( - "...certificate be generated internally..."); - config.putString(subsystem + "." + certTag + ".cert", - "...certificate be generated internally..."); - } else { - X509Key x509key = CryptoUtil.getPublicX509ECCKey( - CryptoUtil.string2byte(pubKeyEncoded)); - - cert = CertUtil.createLocalCert(config, x509key, - PCERT_PREFIX, certTag, caType, context); - } - } - } else { - // invalid key type - CMS.debug("Invalid key type " + pubKeyType); - } - if (cert != null) { - if (certTag.equals("subsystem")) - CertUtil.addUserCertificate(cert); - } - } // done self-signed or local - - if (cert != null) { - byte[] certb = cert.getEncoded(); - String certs = CryptoUtil.base64Encode(certb); - - // certObj.setCert(certs); - String subsystem = config.getString( - PCERT_PREFIX + certTag + ".subsystem"); - config.putString(subsystem + "." + certTag + ".cert", certs); - } - config.commit(false); - } catch (IOException e) { - throw e; - } catch (Exception e) { - CMS.debug("NamePanel configCert() exception caught:" + e.toString()); - } - } - - public void configCertWithTag(HttpServletRequest request, - HttpServletResponse response, - Context context, String tag) throws IOException { - CMS.debug("NamePanel: configCertWithTag start"); - Enumeration<Cert> c = mCerts.elements(); - IConfigStore config = CMS.getConfigStore(); - - while (c.hasMoreElements()) { - Cert cert = c.nextElement(); - String ct = cert.getCertTag(); - CMS.debug("NamePanel: configCertWithTag ct=" + ct + - " tag=" + tag); - if (ct.equals(tag)) { - try { - String nickname = HttpInput.getNickname(request, ct + "_nick"); - if (nickname != null) { - CMS.debug("configCertWithTag: Setting nickname for " + ct + " to " + nickname); - config.putString(PCERT_PREFIX + ct + ".nickname", nickname); - cert.setNickname(nickname); - config.commit(false); - } - String dn = HttpInput.getDN(request, ct); - if (dn != null) { - config.putString(PCERT_PREFIX + ct + ".dn", dn); - config.commit(false); - } - } catch (Exception e) { - CMS.debug("NamePanel: configCertWithTag: Exception in setting nickname for " - + ct + ": " + e.toString()); - } - - configCert(request, response, context, cert); - CMS.debug("NamePanel: configCertWithTag done with tag=" + tag); - return; - } - } - CMS.debug("NamePanel: configCertWithTag done"); - } - - private boolean inputChanged(HttpServletRequest request) - throws IOException { - IConfigStore config = CMS.getConfigStore(); - - boolean hasChanged = false; - try { - Enumeration<Cert> c = mCerts.elements(); - - while (c.hasMoreElements()) { - Cert cert = c.nextElement(); - String ct = cert.getCertTag(); - boolean enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true); - if (!enable) - continue; - - String olddn = config.getString(PCERT_PREFIX + cert.getCertTag() + ".dn", ""); - // get the dn's and put in config - String dn = HttpInput.getDN(request, cert.getCertTag()); - - if (!olddn.equals(dn)) - hasChanged = true; - - String oldnick = config.getString(PCERT_PREFIX + ct + ".nickname"); - String nick = HttpInput.getNickname(request, ct + "_nick"); - if (!oldnick.equals(nick)) - hasChanged = true; - - } - } catch (Exception e) { - } - - return hasChanged; - } - - public String getURL(HttpServletRequest request, IConfigStore config) { - String index = request.getParameter("urls"); - if (index == null) { - return null; - } - String url = ""; - if (index.startsWith("http")) { - // user may submit url directlry - url = index; - } else { - try { - int x = Integer.parseInt(index); - String list = config.getString("preop.ca.list", ""); - StringTokenizer tokenizer = new StringTokenizer(list, ","); - int counter = 0; - - while (tokenizer.hasMoreTokens()) { - url = tokenizer.nextToken(); - if (counter == x) { - break; - } - counter++; - } - } catch (Exception e) { - } - } - return url; - } - - /** - * Commit parameter changes - */ - public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { - CMS.debug("NamePanel: in update()"); - boolean hasErr = false; - - if (inputChanged(request)) { - mServlet.cleanUpFromPanel(mServlet.getPanelNo(request)); - } else if (isPanelDone()) { - context.put("updateStatus", "success"); - return; - } - - IConfigStore config = CMS.getConfigStore(); - - String hselect = ""; - ISubsystem subsystem = CMS.getSubsystem(ICertificateAuthority.ID); - try { - //if CA, at the hierarchy panel, was it root or subord? - hselect = config.getString("preop.hierarchy.select", ""); - String cstype = config.getString("preop.subsystem.select", ""); - if (cstype.equals("clone")) { - CMS.debug("NamePanel: clone configuration detected"); - // still need to handle SSL certificate - configCertWithTag(request, response, context, "sslserver"); - String url = getURL(request, config); - if (url != null && !url.equals("External CA")) { - // preop.ca.url and admin port are required for setting KRA connector - url = url.substring(url.indexOf("https")); - config.putString("preop.ca.url", url); - - URL urlx = new URL(url); - updateCloneSDCAInfo(request, context, urlx.getHost(), - Integer.toString(urlx.getPort())); - - } - updateCloneConfig(config); - CMS.debug("NamePanel: clone configuration done"); - context.put("updateStatus", "success"); - return; - } - } catch (Exception e) { - CMS.debug("NamePanel: configCertWithTag failure - " + e); - context.put("updateStatus", "failure"); - return; - } - - //if no hselect, then not CA - if (hselect.equals("") || hselect.equals("join")) { - String url = getURL(request, config); - - URL urlx = null; - - if (url.equals("External CA")) { - CMS.debug("NamePanel: external CA selected"); - config.putString("preop.ca.type", "otherca"); - if (subsystem != null) { - config.putString(PCERT_PREFIX + "signing.type", "remote"); - } - - config.putString("preop.ca.pkcs7", ""); - config.putInteger("preop.ca.certchain.size", 0); - context.put("check_otherca", "checked"); - CMS.debug("NamePanel: update: this is the external CA."); - } else { - CMS.debug("NamePanel: local CA selected"); - // parse URL (CA1 - https://...) - url = url.substring(url.indexOf("https")); - config.putString("preop.ca.url", url); - - urlx = new URL(url); - config.putString("preop.ca.type", "sdca"); - CMS.debug("NamePanel: update: this is a CA in the security domain."); - context.put("check_sdca", "checked"); - sdca(request, context, urlx.getHost(), - Integer.toString(urlx.getPort())); - if (subsystem != null) { - config.putString(PCERT_PREFIX + "signing.type", "remote"); - config.putString(PCERT_PREFIX + "signing.profile", - "caInstallCACert"); - } - } - - try { - config.commit(false); - } catch (Exception e) { - } - - } - - try { - - Enumeration<Cert> c = mCerts.elements(); - - while (c.hasMoreElements()) { - Cert cert = c.nextElement(); - String ct = cert.getCertTag(); - boolean enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true); - if (!enable) - continue; - - boolean certDone = config.getBoolean(PCERT_PREFIX + ct + ".done", false); - if (certDone) - continue; - - // get the nicknames and put in config - String nickname = HttpInput.getNickname(request, ct + "_nick"); - if (nickname != null) { - CMS.debug("NamePanel: update: Setting nickname for " + ct + " to " + nickname); - config.putString(PCERT_PREFIX + ct + ".nickname", nickname); - cert.setNickname(nickname); - } else { - nickname = cert.getNickname(); - } - - // get the dn's and put in config - String dn = HttpInput.getDN(request, ct); - - config.putString(PCERT_PREFIX + ct + ".dn", dn); - // commit here in case it changes - config.commit(false); - - try { - configCert(request, response, context, cert); - config.putBoolean("preop.cert." + cert.getCertTag() + ".done", - true); - config.commit(false); - } catch (Exception e) { - CMS.debug( - "NamePanel: update() exception caught:" - + e.toString()); - hasErr = true; - System.err.println("Exception caught: " + e.toString()); - } - - } // while - if (hasErr == false) { - config.putBoolean("preop.NamePanel.done", true); - config.commit(false); - } - - } catch (Exception e) { - CMS.debug("NamePanel: Exception caught: " + e.toString()); - System.err.println("Exception caught: " + e.toString()); - }// try - - try { - config.commit(false); - } catch (Exception e) { - } - - if (!hasErr) { - context.put("updateStatus", "success"); - } else { - context.put("updateStatus", "failure"); - } - CMS.debug("NamePanel: update() done"); - } - - private void updateCloneSDCAInfo(HttpServletRequest request, Context context, String hostname, String httpsPortStr) - throws IOException { - CMS.debug("NamePanel updateCloneSDCAInfo: selected CA hostname=" + hostname + " port=" + httpsPortStr); - String https_admin_port = ""; - IConfigStore config = CMS.getConfigStore(); - - if (hostname == null || hostname.length() == 0) { - context.put("errorString", "Hostname is null"); - throw new IOException("Hostname is null"); - } - - // Retrieve the associated HTTPS Admin port so that it - // may be stored for use with ImportAdminCertPanel - https_admin_port = getSecurityDomainAdminPort(config, - hostname, - httpsPortStr, - "CA"); - - try { - Integer.parseInt(httpsPortStr); // check for errors - } catch (Exception e) { - CMS.debug( - "NamePanel update: Https port is not valid. Exception: " - + e.toString()); - throw new IOException("Https Port is not valid."); - } - - config.putString("preop.ca.hostname", hostname); - config.putString("preop.ca.httpsport", httpsPortStr); - config.putString("preop.ca.httpsadminport", https_admin_port); - } - - private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr) - throws IOException { - CMS.debug("NamePanel update: this is the CA in the security domain."); - CMS.debug("NamePanel update: selected CA hostname=" + hostname + " port=" + httpsPortStr); - String https_admin_port = ""; - IConfigStore config = CMS.getConfigStore(); - - context.put("sdcaHostname", hostname); - context.put("sdHttpPort", httpsPortStr); - - if (hostname == null || hostname.length() == 0) { - context.put("errorString", "Hostname is null"); - throw new IOException("Hostname is null"); - } - - // Retrieve the associated HTTPS Admin port so that it - // may be stored for use with ImportAdminCertPanel - https_admin_port = getSecurityDomainAdminPort(config, - hostname, - httpsPortStr, - "CA"); - - int httpsport = -1; - - try { - httpsport = Integer.parseInt(httpsPortStr); - } catch (Exception e) { - CMS.debug( - "NamePanel update: Https port is not valid. Exception: " - + e.toString()); - throw new IOException("Https Port is not valid."); - } - - config.putString("preop.ca.hostname", hostname); - config.putString("preop.ca.httpsport", httpsPortStr); - config.putString("preop.ca.httpsadminport", https_admin_port); - ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - updateCertChainUsingSecureEEPort(config, "ca", hostname, - httpsport, true, context, - certApprovalCallback); - try { - CMS.debug("Importing CA chain"); - importCertChain("ca"); - } catch (Exception e1) { - CMS.debug("Failed in importing CA chain"); - } - } - - public void initParams(HttpServletRequest request, Context context) - throws IOException { - context.put("certs", mCerts); - } - - /** - * If validiate() returns false, this method will be called. - */ - public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) { - try { - initParams(request, context); - } catch (IOException e) { - } - context.put("title", "Subject Names"); - context.put("panel", "admin/console/config/namepanel.vm"); - } -} |