diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java')
| -rw-r--r-- | pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java | 1915 |
1 files changed, 1915 insertions, 0 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java b/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java new file mode 100644 index 000000000..afaa5c9fc --- /dev/null +++ b/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java @@ -0,0 +1,1915 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cmscore.apps; + + +import java.util.*; +import java.math.*; +import java.text.*; +import java.io.*; +import java.util.Hashtable; +import java.util.Enumeration; +import java.util.Vector; +import java.util.Date; +import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; +import java.security.cert.X509CRL; + +import netscape.ldap.*; +import javax.servlet.*; +import javax.servlet.http.*; + +import com.netscape.cms.servlet.csadmin.*; +import com.netscape.cmsutil.net.*; +import netscape.security.extensions.*; +import netscape.security.x509.*; +import netscape.security.util.*; +import java.security.NoSuchAlgorithmException; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.policy.*; +import com.netscape.certsrv.password.*; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.base.ISubsystem; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.acls.*; +import com.netscape.certsrv.profile.IEnrollProfile; +import com.netscape.certsrv.dbs.certdb.*; +import com.netscape.certsrv.notification.*; +import com.netscape.certsrv.authority.*; +import com.netscape.certsrv.ldap.*; +import com.netscape.certsrv.connector.*; +import com.netscape.certsrv.logging.ELogException; +import com.netscape.certsrv.logging.ILogEvent; +import com.netscape.certsrv.logging.ILogQueue; +import com.netscape.certsrv.logging.ILogEventListener; +import com.netscape.certsrv.logging.ILogger; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.dbs.crldb.*; +import com.netscape.certsrv.dbs.repository.*; +import com.netscape.certsrv.ca.*; +import com.netscape.certsrv.ra.*; +import com.netscape.certsrv.kra.*; +import com.netscape.certsrv.common.Constants; +import com.netscape.certsrv.common.*; +import com.netscape.certsrv.apps.*; + +import com.netscape.cmscore.cert.CertPrettyPrint; +import com.netscape.cmscore.cert.CrlPrettyPrint; +import com.netscape.cmscore.cert.ExtPrettyPrint; +import com.netscape.cmscore.policy.*; +import com.netscape.cmscore.time.*; +import com.netscape.cmscore.ldapconn.*; +import com.netscape.cmscore.base.*; +import com.netscape.cmscore.util.Debug; +import com.netscape.cmscore.connector.*; +import com.netscape.cmscore.notification.*; +import com.netscape.cmscore.request.*; +import com.netscape.cmscore.cert.*; +import com.netscape.cmscore.logging.LogSubsystem; +import com.netscape.cmscore.logging.Logger; +import com.netscape.cmscore.logging.SignedAuditLogger; +import com.netscape.cmscore.util.OsSubsystem; +import com.netscape.cmscore.security.JssSubsystem; +import com.netscape.cmscore.dbs.DBSubsystem; +import com.netscape.cmscore.dbs.*; +import com.netscape.cmscore.authentication.*; +import com.netscape.cmscore.authorization.AuthzSubsystem; +import com.netscape.cmscore.usrgrp.UGSubsystem; +import com.netscape.cmscore.request.RequestSubsystem; +import com.netscape.cmscore.jobs.JobsScheduler; +import com.netscape.osutil.*; + +import com.netscape.cmscore.cert.OidLoaderSubsystem; +import com.netscape.cmscore.cert.X500NameSubsystem; + +import org.mozilla.jss.util.PasswordCallback; +import org.mozilla.jss.CryptoManager.CertificateUsage; +import netscape.security.pkcs.*; +import com.netscape.cmscore.security.*; +import com.netscape.cmscore.registry.*; +import com.netscape.cmsutil.password.*; +import org.w3c.dom.*; +import org.apache.xerces.parsers.DOMParser; + +public class CMSEngine implements ICMSEngine { + private static final String ID = "MAIN"; + + private static final String PROP_SUBSYSTEM = "subsystem"; + private static final String PROP_ID = "id"; + private static final String PROP_CLASS = "class"; + private static final String SERVER_XML = "server.xml"; + + public static final SubsystemRegistry mSSReg = SubsystemRegistry.getInstance(); + + public static String instanceDir; /* path to instance <server-root>/cert-<instance-name> */ + + private IConfigStore mConfig = null; + private ISubsystem mOwner = null; + private long mStartupTime = 0; + private boolean isStarted = false; + private StringBuffer mWarning = new StringBuffer(); + private ITimeSource mTimeSource = null; + private IPasswordStore mPasswordStore = null; + private WarningListener mWarningListener = null; + private ILogQueue mQueue = null; + private ISecurityDomainSessionTable mSecurityDomainSessionTable = null; + private String mConfigSDSessionId = null; + private Timer mSDTimer = null; + + // static subsystems - must be singletons + private static SubsystemInfo[] mStaticSubsystems = { + new SubsystemInfo( + Debug.ID, Debug.getInstance()), + new SubsystemInfo(LogSubsystem.ID, + LogSubsystem.getInstance()), + new SubsystemInfo( + OsSubsystem.ID, OsSubsystem.getInstance()), + new SubsystemInfo( + JssSubsystem.ID, JssSubsystem.getInstance()), + new SubsystemInfo( + DBSubsystem.ID, DBSubsystem.getInstance()), + new SubsystemInfo( + UGSubsystem.ID, UGSubsystem.getInstance()), + new SubsystemInfo( + PluginRegistry.ID, new PluginRegistry()), + new SubsystemInfo( + OidLoaderSubsystem.ID, OidLoaderSubsystem.getInstance()), + new SubsystemInfo( + X500NameSubsystem.ID, X500NameSubsystem.getInstance()), + // skip TP subsystem; + // problem in needing dbsubsystem in constructor. and it's not used. + new SubsystemInfo( + RequestSubsystem.ID, RequestSubsystem.getInstance()), + }; + + // dynamic subsystems are loaded at init time, not neccessarily singletons. + private static SubsystemInfo[] mDynSubsystems = null; + + // final static subsystems - must be singletons. + private static SubsystemInfo[] mFinalSubsystems = { + new SubsystemInfo( + AuthSubsystem.ID, AuthSubsystem.getInstance()), + new SubsystemInfo( + AuthzSubsystem.ID, AuthzSubsystem.getInstance()), + new SubsystemInfo( + JobsScheduler.ID, JobsScheduler.getInstance()), + }; + + private static final int IP = 0; + private static final int PORT = 1; + private static final int HOST = 2; + private static final int AGENT = 0; + private static final int ADMIN = 1; + private static final int EE_SSL = 2; + private static final int EE_NON_SSL = 3; + private static final int EE_CLIENT_AUTH_SSL = 4; + private static String mServerCertNickname = null; + private static String info[][] = { {null, null, null},//agent + {null, null, null},//admin + {null, null, null},//sslEE + {null, null, null},//non_sslEE + {null, null, null} //ssl_clientauth_EE + }; + + /** + * private constructor. + */ + public CMSEngine() { + } + + /** + * gets this ID + */ + public String getId() { + return ID; + } + + /** + * should never be called. returns error. + */ + public void setId(String id) throws EBaseException { + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_OPERATION")); + } + + /** + * Retrieves the instance roort path of this server. + */ + public String getInstanceDir() { + return instanceDir; + } + + public synchronized IPasswordStore getPasswordStore() { + // initialize the PasswordReader and PasswordWriter + try { + String pwdPath = mConfig.getString("passwordFile"); + if (mPasswordStore == null) { + CMS.debug("CMSEngine: getPasswordStore(): password store not initialized before."); + String pwdClass = mConfig.getString("passwordClass"); + + if (pwdClass != null) { + try { + mPasswordStore = (IPasswordStore)Class.forName(pwdClass).newInstance(); + } catch (Exception e) { + CMS.debug("CMSEngine: getPasswordStore(): password store initialization failure:" + e.toString()); + } + } + } else { + CMS.debug("CMSEngine: getPasswordStore(): password store initialized before."); + } + + // have to initialize it because other places don't always + mPasswordStore.init(pwdPath); + CMS.debug("CMSEngine: getPasswordStore(): password store initialized."); + } catch (Exception e) { + CMS.debug("CMSEngine: getPasswordStore(): failure:" + e.toString()); + } + + return mPasswordStore; + } + + /** + * initialize all static, dynamic and final static subsystems. + * @param owner null + * @param config main config store. + * @exception EBaseException if any error occur in subsystems during + * initialization. + */ + public void init(ISubsystem owner, IConfigStore config) + throws EBaseException { + mOwner = owner; + mConfig = config; + int state = mConfig.getInteger("cs.state"); + String sd = mConfig.getString("securitydomain.select", ""); + // my default is 1 day + String flush_timeout = config.getString("securitydomain.flushinterval", "86400000"); + String secdomain_source = config.getString("securitydomain.source", "memory"); + String secdomain_check_interval = config.getString("securitydomain.checkinterval", "5000"); + + if (secdomain_source.equals("ldap")) { + mSecurityDomainSessionTable = new LDAPSecurityDomainSessionTable((new Long(flush_timeout)).longValue()); + } else { + mSecurityDomainSessionTable = new SecurityDomainSessionTable((new Long(flush_timeout)).longValue()); + } + + mSDTimer = new Timer(); + SessionTimer timertask = new SessionTimer(mSecurityDomainSessionTable); + if ((state != 1) || (sd.equals("existing"))) { + // for non-security domain hosts or if not yet configured, + // do not check session domain table + } else { + mSDTimer.schedule(timertask, 5, (new Long(secdomain_check_interval)).longValue()); + } + + String tsClass = config.getString("timeSourceClass", null); + + if (tsClass != null) { + try { + mTimeSource = (ITimeSource) + Class.forName(tsClass).newInstance(); + } catch (Exception e) { + // nothing to do + } + } + if (mTimeSource == null) { + // if time source is not set, set it to simple time source + mTimeSource = new SimpleTimeSource(); + } + + instanceDir = config.getString("instanceRoot"); + + loadDynSubsystems(); + + java.security.Security.addProvider( + new netscape.security.provider.CMS()); + + mSSReg.put(ID, this); + initSubsystems(mStaticSubsystems, false); + + // Once the log subsystem is initialized, we + // want to register a listener to catch + // all the warning message so that we can + // display them in the console. + mQueue = Logger.getLogger().getLogQueue(); + mWarningListener = new WarningListener(mWarning); + mQueue.addLogEventListener(mWarningListener); + + initSubsystems(mDynSubsystems, true); + initSubsystems(mFinalSubsystems, false); + + CMS.debug("Java version=" + (String)System.getProperty("java.version")); + java.security.Provider ps[] = java.security.Security.getProviders(); + + if (ps == null || ps.length <= 0) { + CMS.debug("CMSEngine: Java Security Provider NONE"); + } else { + for (int x = 0; x < ps.length; x++) { + CMS.debug("CMSEngine: Java Security Provider " + x + " class=" + ps[x]); + } + } + parseServerXML(); + fixProxyPorts(); + } + + /** + * Parse ACL resource attributes + * @param resACLs same format as the resourceACLs attribute: + * <PRE> + * <resource name>:<permission1,permission2,...permissionn>: + * <allow|deny> (<subset of the permission set>) <evaluator expression> + * </PRE> + * @exception EACLsException ACL related parsing errors for resACLs + * @return an ACL instance built from the parsed resACLs + */ + public IACL parseACL(String resACLs) throws EACLsException { + if (resACLs == null) { + throw new EACLsException(CMS.getUserMessage("CMS_ACL_NULL_VALUE", "resACLs")); + } + + ACL acl = null; + Vector rights = null; + int idx1 = resACLs.indexOf(":"); + + if (idx1 <= 0) { + acl = new ACL(resACLs, rights, resACLs); + } else { + // getting resource id + String resource = resACLs.substring(0, idx1); + + if (resource == null) { + String infoMsg = "resource not specified in resourceACLS attribute:" + + resACLs; + + String[] params = new String[2]; + + params[0] = resACLs; + params[1] = infoMsg; + throw new EACLsException(CMS.getUserMessage("CMS_ACL_PARSING_ERROR", params)); + } + + // getting list of applicable rights + String st = resACLs.substring(idx1 + 1); + int idx2 = st.indexOf(":"); + String rightsString = null; + + if (idx2 != -1) + rightsString = st.substring(0, idx2); + else { + String infoMsg = + "rights not specified in resourceACLS attribute:" + resACLs; + String[] params = new String[2]; + + params[0] = resACLs; + params[1] = infoMsg; + throw new EACLsException(CMS.getUserMessage("CMS_ACL_PARSING_ERROR", params)); + } + + if (rightsString != null) { + rights = new Vector(); + StringTokenizer rtok = new StringTokenizer(rightsString, ","); + + while (rtok.hasMoreTokens()) { + rights.addElement(rtok.nextToken()); + } + } + + acl = new ACL(resource, rights, resACLs); + + String stx = st.substring(idx2 + 1); + int idx3 = stx.indexOf(":"); + String aclStr = stx.substring(0, idx3); + + // getting list of acl entries + if (aclStr != null) { + StringTokenizer atok = new StringTokenizer(aclStr, ";"); + + if (atok == null) { + throw new EACLsException(CMS.getUserMessage("CMS_ACL_NULL_VALUE", "atok")); + } + + while (atok.hasMoreTokens()) { + String acs = (String) atok.nextToken(); + + // construct ACL entry + ACLEntry entry = ACLEntry.parseACLEntry(acl, acs); + + if (entry == null) { + String infoMsg = "parseACLEntry() call failed"; + String[] params = new String[2]; + + params[0] = "ACLEntry = " + acs; + params[1] = infoMsg; + throw new EACLsException(CMS.getUserMessage("CMS_ACL_PARSING_ERROR", params)); + } + + entry.setACLEntryString(acs); + acl.addEntry(entry); + } + } else { + // fine + String infoMsg = "acls not specified in resourceACLS attribute:" + + + resACLs; + + String[] params = new String[2]; + + params[0] = resACLs; + params[1] = infoMsg; + throw new EACLsException(CMS.getUserMessage("CMS_ACL_PARSING_ERROR", params)); + } + + // getting description + String desc = stx.substring(idx3 + 1); + + acl.setDescription(desc); + } + + return (acl); + } + + /** + * Parse server.xml to get the ports and IPs + */ + private void parseServerXML() { + try { + String instanceRoot = mConfig.getString("instanceRoot"); + String path = instanceRoot+File.separator+"conf"+File.separator+SERVER_XML; + DOMParser parser = new DOMParser(); + parser.parse(path); + NodeList nodes = parser.getDocument().getElementsByTagName("Connector"); + String parentName=""; + String name=""; + String port=""; + for (int i=0; i<nodes.getLength(); i++) { + Element n = (Element)nodes.item(i); + + parentName = ""; + Element p = (Element) n.getParentNode(); + if(p != null) { + parentName = p.getAttribute("name"); + } + name = n.getAttribute("name"); + port = n.getAttribute("port"); + + // The "server.xml" file is parsed from top-to-bottom, and + // supports BOTH "Port Separation" (the new default method) + // as well as "Shared Ports" (the old legacy method). Since + // both methods must be supported, the file structure MUST + // conform to ONE AND ONLY ONE of the following formats: + // + // Port Separation: + // + // <Catalina> + // ... + // <!-- Port Separation: Unsecure Port --> + // <Connector name="Unsecure" . . . + // ... + // <!-- Port Separation: Agent Secure Port --> + // <Connector name="Agent" . . . + // ... + // <!-- Port Separation: Admin Secure Port --> + // <Connector name="Admin" . . . + // ... + // <!-- Port Separation: EE Secure Port --> + // <Connector name="EE" . . . + // ... + // </Catalina> + // + // + // Shared Ports: + // + // <Catalina> + // ... + // <!-- Shared Ports: Unsecure Port --> + // <Connector name="Unsecure" . . . + // ... + // <!-- Shared Ports: Agent, EE, and Admin Secure Port --> + // <Connector name="Secure" . . . + // ... + // <!-- + // <Connector name="Unused" . . . + // --> + // ... + // <!-- + // <Connector name="Unused" . . . + // --> + // ... + // </Catalina> + // + if ( parentName.equals("Catalina")) { + if( name.equals( "Unsecure" ) ) { + // Port Separation: Unsecure Port + // OR + // Shared Ports: Unsecure Port + info[EE_NON_SSL][PORT] = port; + } else if( name.equals( "Agent" ) ) { + // Port Separation: Agent Secure Port + info[AGENT][PORT] = port; + } else if( name.equals( "Admin" ) ) { + // Port Separation: Admin Secure Port + info[ADMIN][PORT] = port; + } else if( name.equals( "EE" ) ) { + // Port Separation: EE Secure Port + info[EE_SSL][PORT] = port; + } else if( name.equals( "EEClientAuth" ) ) { + // Port Separation: EE Client Auth Secure Port + info[EE_CLIENT_AUTH_SSL][PORT] = port; + } else if( name.equals( "Secure" ) ) { + // Shared Ports: Agent, EE, and Admin Secure Port + info[AGENT][PORT] = port; + info[ADMIN][PORT] = port; + info[EE_SSL][PORT] = port; + info[EE_CLIENT_AUTH_SSL][PORT] = port; + } + } + } + + } catch (Exception e) { + CMS.debug("CMSEngine: parseServerXML exception: " + e.toString()); + } + } + + private void fixProxyPorts() throws EBaseException { + try { + String port = mConfig.getString("proxy.securePort", ""); + if (!port.equals("")) { + info[EE_SSL][PORT] = port; + info[ADMIN][PORT] = port; + info[AGENT][PORT] = port; + info[EE_CLIENT_AUTH_SSL][PORT] = port; + } + + port = mConfig.getString("proxy.unsecurePort", ""); + if (!port.equals("")) { + info[EE_NON_SSL][PORT] = port; + } + } catch (EBaseException e) { + CMS.debug("CMSEngine: fixProxyPorts exception: " + e.toString()); + throw e; + } + } + + + public IConfigStore createFileConfigStore(String path) throws EBaseException { + try { + /* if the file is not there, create one */ + File f = new File(path); + if (!f.exists()) { + f.createNewFile(); + } + } catch (Exception e) { + } + + + return new FileConfigStore(path); + } + + public IArgBlock createArgBlock() { + return new ArgBlock(); + } + + public IArgBlock createArgBlock(Hashtable httpReq) { + return new ArgBlock(httpReq); + } + + public IArgBlock createArgBlock(String realm, Hashtable httpReq) { + return new ArgBlock(realm, httpReq); + } + + public boolean isPreOpMode() { + if (getCSState() == CMS.PRE_OP_MODE) + return true; + return false; + } + + public boolean isRunningMode() { + if (getCSState() == CMS.RUNNING_MODE) + return true; + return false; + } + + public void setCSState(int mode) { + mConfig.putInteger("cs.state", mode); + } + + public int getCSState() { + int mode = 0; + try { + mode = mConfig.getInteger("cs.state"); + } catch (Exception e) { + } + return mode; + } + + public IRepositoryRecord createRepositoryRecord() { + return new RepositoryRecord(); + } + + public ICRLIssuingPointRecord createCRLIssuingPointRecord(String + id, BigInteger crlNumber, Long crlSize, Date thisUpdate, Date nextUpdate) { + return new CRLIssuingPointRecord(id, crlNumber, crlSize, thisUpdate, nextUpdate); + } + + public ISecurityDomainSessionTable getSecurityDomainSessionTable() { + return mSecurityDomainSessionTable; + } + + public String getCRLIssuingPointRecordName() { + return CRLIssuingPointRecord.class.getName(); + } + + public String getEEHost() { + String host = ""; + try { + host = mConfig.getString("machineName"); + } catch (Exception e) { + } + return host; + } + + public String getEENonSSLHost() { + String host = ""; + try { + host = mConfig.getString("machineName"); + } catch (Exception e) { + } + return host; + } + + public String getEENonSSLIP() { + return info[EE_NON_SSL][IP]; + } + + public String getEENonSSLPort() { + return info[EE_NON_SSL][PORT]; + } + + public String getEESSLHost() { + String host = ""; + try { + host = mConfig.getString("machineName"); + } catch (Exception e) { + } + return host; + } + + public String getEESSLIP() { + return info[EE_SSL][IP]; + } + + public String getEESSLPort() { + return info[EE_SSL][PORT]; + } + + public String getEEClientAuthSSLPort() { + return info[EE_CLIENT_AUTH_SSL][PORT]; + } + + public String getAgentHost() { + String host = ""; + try { + host = mConfig.getString("machineName"); + } catch (Exception e) { + } + return host; + } + + public String getAgentIP() { + return info[AGENT][IP]; + } + + public String getAgentPort() { + return info[AGENT][PORT]; + } + + public String getAdminHost() { + String host = ""; + try { + host = mConfig.getString("machineName"); + } catch (Exception e) { + } + return host; + } + + public String getAdminIP() { + return info[ADMIN][IP]; + } + + public String getAdminPort() { + return info[ADMIN][PORT]; + } + + public IHttpConnection getHttpConnection(IRemoteAuthority authority, + ISocketFactory factory) { + return new HttpConnection(authority, factory); + } + + public IHttpConnection getHttpConnection(IRemoteAuthority authority, + ISocketFactory factory, int timeout) { + return new HttpConnection(authority, factory, timeout); + } + + public IResender getResender(IAuthority authority, String nickname, + IRemoteAuthority remote, int interval) { + return new Resender(authority, nickname, remote, interval); + } + + public IPKIMessage getHttpPKIMessage() { + return new HttpPKIMessage(); + } + + public ILdapConnInfo getLdapConnInfo(IConfigStore config) + throws EBaseException, ELdapException { + return new LdapConnInfo(config); + } + + public LDAPSSLSocketFactoryExt getLdapJssSSLSocketFactory( + String certNickname) { + return new LdapJssSSLSocketFactory(certNickname); + } + + public LDAPSSLSocketFactoryExt getLdapJssSSLSocketFactory() { + return new LdapJssSSLSocketFactory(); + } + + public ILdapAuthInfo getLdapAuthInfo() { + return new LdapAuthInfo(); + } + + public ILdapConnFactory getLdapBoundConnFactory() + throws ELdapException { + return new LdapBoundConnFactory(); + } + + public ILdapConnFactory getLdapAnonConnFactory() + throws ELdapException { + return new LdapAnonConnFactory(); + } + + public IRequestEncoder getHttpRequestEncoder() { + return new HttpRequestEncoder(); + } + + public Enumeration getSubsystemNames() { + return mSSReg.keys(); + } + + public Enumeration getSubsystems() { + return mSSReg.elements(); + } + + public ISubsystem getSubsystem(String name) { + return (ISubsystem) mSSReg.get(name); + } + + /** + * initialize an array of subsystem info. + */ + private void initSubsystems(SubsystemInfo[] sslist, boolean doSetId) + throws EBaseException { + if (sslist == null) + return; + for (int i = 0; i < sslist.length; i++) { + initSubsystem(sslist[i], doSetId); + } + } + + /** + * load dynamic subsystems + */ + private void loadDynSubsystems() + throws EBaseException { + IConfigStore ssconfig = mConfig.getSubStore(PROP_SUBSYSTEM); + + // count number of dyn loaded subsystems. + Enumeration ssnames = ssconfig.getSubStoreNames(); + int nsubsystems = 0; + + for (nsubsystems = 0; ssnames.hasMoreElements(); nsubsystems++) + ssnames.nextElement(); + if (Debug.ON) { + Debug.trace(nsubsystems + " dyn subsystems loading.."); + } + if (nsubsystems == 0) + return; + + // load dyn subsystems. + mDynSubsystems = new SubsystemInfo[nsubsystems]; + ssnames = ssconfig.getSubStoreNames(); + for (int i = 0; i < mDynSubsystems.length; i++) { + IConfigStore config = + ssconfig.getSubStore(String.valueOf(i)); + String id = config.getString(PROP_ID); + String classname = config.getString(PROP_CLASS); + ISubsystem ss = null; + + try { + ss = (ISubsystem) Class.forName(classname).newInstance(); + } catch (InstantiationException e) { + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_LOAD_FAILED_1", id, e.toString())); + } catch (IllegalAccessException e) { + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_LOAD_FAILED_1", id, e.toString())); + } catch (ClassNotFoundException e) { + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_LOAD_FAILED_1", id, e.toString())); + } + mDynSubsystems[i] = new SubsystemInfo(id, ss); + Debug.trace("loaded dyn subsystem " + id); + } + } + + public LDAPConnection getBoundConnection(String host, int port, + int version, LDAPSSLSocketFactoryExt fac, String bindDN, + String bindPW) throws LDAPException + { + return new LdapBoundConnection(host, port, version, fac, + bindDN, bindPW); + } + + /** + * initialize a subsystem + */ + private void initSubsystem(SubsystemInfo ssinfo, boolean doSetId) + throws EBaseException { + String id = ssinfo.mId; + ISubsystem ss = ssinfo.mInstance; + IConfigStore ssConfig = mConfig.getSubStore(id); + + CMS.debug("CMSEngine: initSubsystem id=" + id); + if (doSetId) + ss.setId(id); + CMS.debug("CMSEngine: ready to init id=" + id); + ss.init(this, ssConfig); + // add to id - subsystem hash table. + CMS.debug("CMSEngine: done init id=" + id); + mSSReg.put(id, ss); + CMS.debug("CMSEngine: initialized " + id); + + if(id.equals("ca") || id.equals("ocsp") || + id.equals("kra") || id.equals("tks")) { + CMS.debug("CMSEngine::initSubsystem " + id + " Java subsytem about to calculate serverCertNickname. "); + // get SSL server nickname + IConfigStore serverCertStore = mConfig.getSubStore(id + "." + "sslserver"); + if (serverCertStore != null && serverCertStore.size() > 0) { + String nickName = serverCertStore.getString("nickname"); + String tokenName = serverCertStore.getString("tokenname"); + if (tokenName != null && tokenName.length() > 0 && + nickName != null && nickName.length() > 0) { + CMS.setServerCertNickname(tokenName, nickName); + CMS.debug("Subsystem " + id + " init sslserver: tokenName:"+tokenName+" nickName:"+nickName); + } else if (nickName != null && nickName.length() > 0) { + CMS.setServerCertNickname(nickName); + CMS.debug("Subsystem " + id + " init sslserver: nickName:"+nickName); + } else { + CMS.debug("Subsystem " + id + " init error: SSL server certificate nickname is not available."); + } + } + } + } + + public void reinit(String id) throws EBaseException { + ISubsystem system = getSubsystem(id); + IConfigStore cs = mConfig.getSubStore(id); + system.init(this, cs); + } + + /** + * Starts up all subsystems. subsystems must be initialized. + * @exception EBaseException if any subsystem fails to startup. + */ + public void startup() throws EBaseException { + //OsSubsystem.nativeExit(0); + startupSubsystems(mStaticSubsystems); + if (mDynSubsystems != null) + startupSubsystems(mDynSubsystems); + startupSubsystems(mFinalSubsystems); + + // global admin servlet. (anywhere else more fit for this ?) + + mStartupTime = System.currentTimeMillis(); + + mQueue.removeLogEventListener(mWarningListener); + if (!mWarning.toString().equals("")) { + System.out.println(Constants.SERVER_STARTUP_WARNING_MESSAGE + mWarning); + } + + // check serial number ranges if a CA/KRA + ICertificateAuthority ca = (ICertificateAuthority) getSubsystem("ca"); + if ((ca != null) && !isPreOpMode()) { + CMS.debug("CMSEngine: checking request serial number ranges for the CA"); + ca.getRequestQueue().getRequestRepository().checkRanges(); + + CMS.debug("CMSEngine: checking certificate serial number ranges"); + ca.getCertificateRepository().checkRanges(); + } + + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) getSubsystem("kra"); + if ((kra != null) && !isPreOpMode()) { + CMS.debug("CMSEngine: checking request serial number ranges for the KRA"); + kra.getRequestQueue().getRequestRepository().checkRanges(); + + CMS.debug("CMSEngine: checking key serial number ranges"); + kra.getKeyRepository().checkRanges(); + } + + /*LogDoc + * + * @phase server startup + * @reason all subsystems are initialized and started. + */ + Logger.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_ADMIN, + ILogger.LL_INFO, CMS.getLogMessage("SERVER_STARTUP")); + System.out.println(Constants.SERVER_STARTUP_MESSAGE); + isStarted = true; + + } + + public boolean isInRunningState() { + return isStarted; + } + + public byte[] getPKCS7(Locale locale, IRequest req) { + try { + X509CertImpl cert = req.getExtDataInCert( + IEnrollProfile.REQUEST_ISSUED_CERT); + if (cert == null) + return null; + + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem("ca"); + CertificateChain cachain = ca.getCACertChain(); + X509Certificate[] cacerts = cachain.getChain(); + + X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; + int m = 1, n = 0; + + for (; n < cacerts.length; m++, n++) { + userChain[m] = (X509CertImpl) cacerts[n]; + } + + userChain[0] = cert; + PKCS7 p7 = new PKCS7(new AlgorithmId[0], + new ContentInfo(new byte[0]), + userChain, + new SignerInfo[0]); + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + + p7.encodeSignedData(bos); + return bos.toByteArray(); + } catch (Exception e) { + return null; + } + } + + public String getServerCertNickname() { + return mServerCertNickname; + } + + public void setServerCertNickname(String tokenName, String + nickName) { + String newName = null; + + if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME) || + tokenName.equalsIgnoreCase("Internal Key Storage Token")) + newName = nickName; + else { + if (tokenName.equals("") && nickName.equals("")) + return; // not sure the logic + else + newName = tokenName + ":" + nickName; + } + setServerCertNickname(newName); + } + + public void setServerCertNickname(String newName) { + // modify server.xml +/* + String filePrefix = instanceDir + File.separator + + "config" + File.separator; + String orig = filePrefix + "server.xml"; + String dest = filePrefix + "server.xml.bak"; + String newF = filePrefix + "server.xml.new"; + + // save the old copy + Utils.copy(orig, dest); + + BufferedReader in1 = null; + PrintWriter out1 = null; + + try { + in1 = new BufferedReader(new FileReader(dest)); + out1 = new PrintWriter( + new BufferedWriter(new FileWriter(newF))); + String line = ""; + + while (in1.ready()) { + line = in1.readLine(); + if (line != null) + out1.println(lineParsing(line, newName)); + } + + out1.close(); + in1.close(); + } catch (Exception eee) { + Logger.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_ADMIN, + ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", eee.toString())); + } + + File file = new File(newF); + File nfile = new File(orig); + + try { + boolean success = file.renameTo(nfile); + + if (!success) { + if (Utils.isNT()) { + // NT is very picky on the path + Utils.exec("copy " + + file.getAbsolutePath().replace('/', '\\') + " " + + nfile.getAbsolutePath().replace('/', '\\')); + } else { + Utils.exec("cp " + file.getAbsolutePath() + " " + + nfile.getAbsolutePath()); + } + } + } catch (Exception exx) { + Logger.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_ADMIN, + ILogger.LL_FAILURE, "CMSEngine: Error " + exx.toString()); + } + // update "cache" for CMS.getServerCertNickname() +*/ + mServerCertNickname = newName; + } + + private String lineParsing(String input, String newName) { + //<SSLPARAMS servercertnickname="Server-Cert cert-firefly" + int index = input.indexOf("servercertnickname"); + + if (index >= 0) { + String str = input.substring(index + 20); + int index2 = str.indexOf("\""); + String newLine = input.substring(0, index + 20) + + newName + str.substring(index2); + + return newLine; + } else { + return input; + } + } + + public String getFingerPrint(Certificate cert) + throws CertificateEncodingException, NoSuchAlgorithmException { + return CertUtils.getFingerPrint(cert); + } + + public String getFingerPrints(Certificate cert) + throws NoSuchAlgorithmException, CertificateEncodingException { + return CertUtils.getFingerPrints(cert); + } + + public String getFingerPrints(byte[] certDer) + throws NoSuchAlgorithmException { + return CertUtils.getFingerPrints(certDer); + } + + public String getUserMessage(Locale locale, String msgID, String params[]) { + // if locale is null, try to get it out from session context + if (locale == null) { + SessionContext sc = SessionContext.getExistingContext(); + + if (sc != null) + locale = (Locale) sc.get(SessionContext.LOCALE); + } + ResourceBundle rb = null; + + if (locale == null) { + rb = ResourceBundle.getBundle( + "UserMessages", Locale.ENGLISH); + } else { + rb = ResourceBundle.getBundle( + "UserMessages", locale); + } + String msg = rb.getString(msgID); + + if (params == null) + return msg; + MessageFormat mf = new MessageFormat(msg); + + return mf.format(params); + } + + public String getUserMessage(Locale locale, String msgID) { + return getUserMessage(locale, msgID, (String[]) null); + } + + public String getUserMessage(Locale locale, String msgID, String p1) { + String params[] = { p1 }; + + return getUserMessage(locale, msgID, params); + } + + public String getUserMessage(Locale locale, String msgID, String p1, String p2) { + String params[] = { p1, p2 }; + + return getUserMessage(locale, msgID, params); + } + + public String getUserMessage(Locale locale, String msgID, + String p1, String p2, String p3) { + String params[] = { p1, p2, p3 }; + + return getUserMessage(locale, msgID, params); + } + + public String getLogMessage(String msgID, String params[]) { + ResourceBundle rb = ResourceBundle.getBundle( + "LogMessages"); + String msg = rb.getString(msgID); + + if (params == null) + return msg; + MessageFormat mf = new MessageFormat(msg); + + return mf.format(params); + } + + public void debug(byte data[]) { + if (!debugOn()) { + // this helps to not saving stuff to file when debug + // is disable + return; + } + Debug.print(data); + } + + public void debug(int level, String msg) { + if (!debugOn()) { + // this helps to not saving stuff to file when debug + // is disable + return; + } + Debug.trace(level, msg); + } + + public void debug(String msg) { + if (!debugOn()) { + // this helps to not saving stuff to file when debug + // is disable + return; + } + Debug.trace(msg); + } + + public void debug(Throwable e) { + if (!debugOn()) { + // this helps to not saving stuff to file when debug + // is disable + return; + } + Debug.printStackTrace(e); + } + + public boolean debugOn() { + return Debug.on(); + } + + public void debugStackTrace() { + Debug.printStackTrace(); + } + + public void traceHashKey(String type, String key) { + Debug.traceHashKey(type, key); + } + public void traceHashKey(String type, String key, String val) { + Debug.traceHashKey(type, key, val); + } + public void traceHashKey(String type, String key, String val, String def) { + Debug.traceHashKey(type, key, val, def); + } + + + public String getLogMessage(String msgID) { + return getLogMessage(msgID, (String[]) null); + } + + public String getLogMessage(String msgID, String p1) { + String params[] = { p1 }; + + return getLogMessage(msgID, params); + } + + public String getLogMessage(String msgID, String p1, String p2) { + String params[] = { p1, p2 }; + + return getLogMessage(msgID, params); + } + + public String getLogMessage(String msgID, String p1, String p2, String p3) { + String params[] = { p1, p2, p3 }; + + return getLogMessage(msgID, params); + } + + public String getLogMessage(String msgID, String p1, String p2, String p3, String p4) { + String params[] = { p1, p2, p3, p4 }; + + return getLogMessage(msgID, params); + } + + public String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5) { + String params[] = { p1, p2, p3, p4, p5 }; + + return getLogMessage(msgID, params); + } + + public String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6) { + String params[] = { p1, p2, p3, p4, p5, p6 }; + + return getLogMessage(msgID, params); + } + + public String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, String p7) { + String params[] = { p1, p2, p3, p4, p5, p6, p7 }; + + return getLogMessage(msgID, params); + } + + public String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, String p7, String p8) { + String params[] = { p1, p2, p3, p4, p5, p6, p7, p8 }; + + return getLogMessage(msgID, params); + } + + public String getLogMessage(String msgID, String p1, String p2, String p3, String p4, String p5, String p6, String p7, String p8, String p9) { + String params[] = { p1, p2, p3, p4, p5, p6, p7, p8, p9 }; + + return getLogMessage(msgID, params); + } + + public void getSubjAltNameConfigDefaultParams(String name, + Vector params) { + GeneralNameUtil.SubjAltNameGN.getDefaultParams(name, params); + } + + public void getSubjAltNameConfigExtendedPluginInfo(String name, + Vector params) { + GeneralNameUtil.SubjAltNameGN.getExtendedPluginInfo(name, params); + } + + public ISubjAltNameConfig createSubjAltNameConfig(String name, IConfigStore config, boolean isValueConfigured) throws EBaseException { + return new GeneralNameUtil.SubjAltNameGN(name, config, isValueConfigured); + } + + public GeneralName form_GeneralNameAsConstraints(String generalNameChoice, String value) throws EBaseException { + return GeneralNameUtil.form_GeneralNameAsConstraints(generalNameChoice, value); + } + + public GeneralName form_GeneralName(String generalNameChoice, + String value) throws EBaseException { + return GeneralNameUtil.form_GeneralName(generalNameChoice, value); + } + + public void getGeneralNameConfigDefaultParams(String name, + boolean isValueConfigured, Vector params) { + GeneralNameUtil.GeneralNameConfig.getDefaultParams(name, isValueConfigured, params); + } + + public void getGeneralNamesConfigDefaultParams(String name, + boolean isValueConfigured, Vector params) { + GeneralNameUtil.GeneralNamesConfig.getDefaultParams(name, isValueConfigured, params); + } + + public void getGeneralNameConfigExtendedPluginInfo(String name, + boolean isValueConfigured, Vector info) { + GeneralNameUtil.GeneralNameConfig.getExtendedPluginInfo(name, isValueConfigured, info); + } + + public void getGeneralNamesConfigExtendedPluginInfo(String name, + boolean isValueConfigured, Vector info) { + GeneralNameUtil.GeneralNamesConfig.getExtendedPluginInfo(name, isValueConfigured, info); + } + + public IGeneralNamesConfig createGeneralNamesConfig(String name, + IConfigStore config, boolean isValueConfigured, + boolean isPolicyEnabled) throws EBaseException { + return new GeneralNameUtil.GeneralNamesConfig(name, config, isValueConfigured, isPolicyEnabled); + } + + public IGeneralNameAsConstraintsConfig createGeneralNameAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured, + boolean isPolicyEnabled) throws EBaseException { + return new GeneralNameUtil.GeneralNameAsConstraintsConfig(name, config, isValueConfigured, isPolicyEnabled); + } + + public IGeneralNamesAsConstraintsConfig createGeneralNamesAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured, + boolean isPolicyEnabled) throws EBaseException { + return new GeneralNameUtil.GeneralNamesAsConstraintsConfig(name, config, isValueConfigured, isPolicyEnabled); + } + + public ObjectIdentifier checkOID(String attrName, String value) + throws EBaseException { + return CertUtils.checkOID(attrName, value); + } + + public String BtoA(byte data[]) { + return OSUtil.BtoA(data); + } + + public byte[] AtoB(String data) { + return OSUtil.AtoB(data); + } + + public String getEncodedCert(X509Certificate cert) { + try { + return + "-----BEGIN CERTIFICATE-----\n" + + CMS.BtoA(cert.getEncoded()) + + "\n-----END CERTIFICATE-----\n"; + } catch (Exception e) { + return null; + } + } + + public boolean verifySystemCerts() { + return CertUtils.verifySystemCerts(); + } + + public boolean verifySystemCertByTag(String tag) { + return CertUtils.verifySystemCertByTag(tag); + } + + public boolean verifySystemCertByNickname(String nickname, String certificateUsage) { + return CertUtils.verifySystemCertByNickname(nickname, certificateUsage); + } + + public CertificateUsage getCertificateUsage(String certusage) { + return CertUtils.getCertificateUsage(certusage); + } + + public boolean isSigningCert(X509Certificate cert) { + return CertUtils.isSigningCert((X509CertImpl) cert); + } + + public boolean isEncryptionCert(X509Certificate cert) { + return CertUtils.isEncryptionCert((X509CertImpl) cert); + } + + public X509CertInfo getDefaultX509CertInfo() { + return new CertInfo(); + } + + public IEmailResolverKeys getEmailResolverKeys() { + return new EmailResolverKeys(); + } + + public IEmailResolver getReqCertSANameEmailResolver() { + return new ReqCertSANameEmailResolver(); + } + + public IEmailFormProcessor getEmailFormProcessor() { + return new EmailFormProcessor(); + } + + public IEmailTemplate getEmailTemplate(String path) { + return new EmailTemplate(path); + } + + public IMailNotification getMailNotification() { + try { + String className = mConfig.getString("notificationClassName", + "com.netscape.cms.notification.MailNotification"); + IMailNotification notification = (IMailNotification) + Class.forName(className).newInstance(); + + return notification; + } catch (Exception e) { + return null; + } + } + + public IPrettyPrintFormat getPrettyPrintFormat(String delimiter) { + return new com.netscape.cmscore.cert.PrettyPrintFormat(delimiter); + } + + public IExtPrettyPrint getExtPrettyPrint(Extension e, int indent) { + return new ExtPrettyPrint(e, indent); + } + + public ICertPrettyPrint getCertPrettyPrint(X509Certificate cert) { + return new CertPrettyPrint(cert); + } + + public ICRLPrettyPrint getCRLPrettyPrint(X509CRL crl) { + return new CrlPrettyPrint((X509CRLImpl) crl); + } + + public ICRLPrettyPrint getCRLCachePrettyPrint(ICRLIssuingPoint ip) { + return new CrlCachePrettyPrint(ip); + } + + public IPasswordCheck getPasswordChecker() { + try { + String className = mConfig.getString("passwordCheckerClass", + "com.netscape.cms.password.PasswordChecker"); + IPasswordCheck check = (IPasswordCheck) + Class.forName(className).newInstance(); + + return check; + } catch (Exception e) { + return null; + } + } + + public ILogger getLogger() { + return Logger.getLogger(); + } + + public ILogger getSignedAuditLogger() { + return SignedAuditLogger.getLogger(); + } + + /** + * starts up subsystems in a subsystem list.. + */ + private void startupSubsystems(SubsystemInfo[] sslist) + throws EBaseException { + ISubsystem ss = null; + + for (int i = 0; i < sslist.length; i++) { + CMS.debug("CMSEngine: " + sslist[i].mId + " startup start"); + ss = sslist[i].mInstance; + ss.startup(); + CMS.debug("CMSEngine: " + sslist[i].mId + " startup done"); + } + } + + public void disableRequests() { + CommandQueue.mShuttingDown = true; + } + + public boolean areRequestsDisabled() { + return CommandQueue.mShuttingDown; + } + + public void terminateRequests() { + java.util.Enumeration e = CommandQueue.mCommandQueue.keys(); + + while (e.hasMoreElements()) { + Object thisRequest = e.nextElement(); + + HttpServlet thisServlet = (HttpServlet) CommandQueue.mCommandQueue.get(thisRequest); + + if (thisServlet != null) { + CommandQueue.mCommandQueue.remove((Object) thisRequest); + thisServlet.destroy(); + } + } + } + public static boolean isNT() { + return (File.separator.equals("\\")); + } + + private static void shutdownHttpServer() { + + try { + String cmds[] = null; + String cmd = "stop-cert"; + if (isNT()) { + // NT + cmds = new String[3]; + cmds[0] = "cmd"; + cmds[1] = "/c"; + cmds[2] = instanceDir +"\\" + cmd; + } else { + // UNIX + cmds = new String[3]; + cmds[0] = "/bin/sh"; + cmds[1] = "-c"; + cmds[2] = instanceDir +"/" +cmd; + } + + Process process = Runtime.getRuntime().exec(cmds); + + + process.waitFor(); + + BufferedReader pOut = null; + String l = null; + } catch (Exception e) { + + } + } // end shutdownHttpServer + /** + * Shuts down subsystems in backwards order + * exceptions are ignored. process exists at end to force exit. + */ + public void shutdown() { + Logger.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_ADMIN, + ILogger.LL_INFO, Constants.SERVER_SHUTDOWN_MESSAGE); + + CMS.debug("CMSEngine.shutdown()"); + +/* + CommandQueue commandQueue = new CommandQueue(); + Thread t1 = new Thread(commandQueue); + + t1.setDaemon(true); + t1.start(); + + // wait for command queue to emptied before proceeding to shutting down subsystems + Date time = new Date(); + long startTime = time.getTime(); + long timeOut = time.getTime(); + + while (t1.isAlive() && ((timeOut - startTime) < (60 * 1000))) //wait for 1 minute + { + try { + Thread.currentThread().sleep(5000); // sleep for 5 sec + }catch (java.lang.InterruptedException e) { + } + timeOut = time.getTime(); + } + terminateRequests(); +*/ + + shutdownSubsystems(mFinalSubsystems); + shutdownSubsystems(mDynSubsystems); + shutdownSubsystems(mStaticSubsystems); + + System.exit(0); + } + + /** + * Shuts down subsystems in backwards order + * exceptions are ignored. process exists at end to force exit. + * Added extra call to shutdown the web server. + */ + + public void forceShutdown() { + + Logger.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_ADMIN, + ILogger.LL_INFO, Constants.SERVER_SHUTDOWN_MESSAGE); + + CMS.debug("CMSEngine.forceShutdown()"); + + CommandQueue commandQueue = new CommandQueue(); + Thread t1 = new Thread(commandQueue); + + t1.setDaemon(true); + t1.start(); + + // wait for command queue to emptied before proceeding to shutting down subsystems + Date time = new Date(); + long startTime = time.getTime(); + long timeOut = time.getTime(); + + while (t1.isAlive() && ((timeOut - startTime) < (60 * 1000))) //wait for 1 minute + { + try { + Thread.currentThread().sleep(5000); // sleep for 5 sec + }catch (java.lang.InterruptedException e) { + } + timeOut = time.getTime(); + } + terminateRequests(); + + shutdownSubsystems(mFinalSubsystems); + shutdownSubsystems(mDynSubsystems); + shutdownSubsystems(mStaticSubsystems); + shutdownHttpServer(); + + } + + /** + * shuts down a subsystem list in reverse order. + */ + private void shutdownSubsystems(SubsystemInfo[] sslist) { + if (sslist == null) + return; + + for (int i = sslist.length - 1; i >= 0; i--) { + if (sslist[i] != null && sslist[i].mInstance != null) + { + sslist[i].mInstance.shutdown(); + } + } + } + + /** + * returns the main config store + */ + public IConfigStore getConfigStore() { + return mConfig; + } + + /** + * get time server started up + */ + public long getStartupTime() { + return mStartupTime; + } + + public void putPasswordCache(String tag, String pw) { + try { + PWsdrCache pwc = new PWsdrCache(); + pwc.addEntry(tag, pw); + } catch (EBaseException e) { + // intercept this for now -- don't want to change the callers + Logger.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SDR_ADD_ERROR", e.toString())); + } + } + + public PasswordCallback getPasswordCallback() { + return new PWCBsdr(); + } + + public int getpid() { + return OsSubsystem.getpid(); + } + + public Date getCurrentDate() { + if (mTimeSource == null) { + return new Date(); + } + return mTimeSource.getCurrentDate(); + } + + public void setConfigSDSessionId(String val) { + mConfigSDSessionId = val; + } + + public String getConfigSDSessionId() { + return mConfigSDSessionId; + } + + public static void upgradeConfig(IConfigStore c) + throws EBaseException { + String version = c.getString("cms.version", "pre4.2"); + + if (version.equals("4.22")) { + Upgrade.perform422to45(c); + }else if (version.equals("4.2")) { + // SUPPORT UPGRADE FROM 4.2 to 4.2 (SP2) + Upgrade.perform42to422(c); + Upgrade.perform422to45(c); + } else { + // ONLY SUPPORT UPGRADE FROM 4.2 to 4.2 (SP2) + /** + if (!version.equals("pre4.2")) + return; + + Upgrade.perform(c); + **/ + } + } + + public ICommandQueue getCommandQueue() { + return new CommandQueue(); + } + + private ICertificateRepository getCertDB() { + ICertificateRepository certDB = null; + + try { + ICertificateAuthority ca = (ICertificateAuthority) + SubsystemRegistry.getInstance().get("ca"); + + if (ca != null) { + certDB = (ICertificateRepository) ca.getCertificateRepository(); + } + } catch (Exception e) { + CMS.debug("CMSEngine: " + CMS.getLogMessage("CMSCORE_AUTH_AGENT_CERT_REPO")); + } + + return certDB; + } + + private IRequestQueue getReqQueue() { + IRequestQueue queue = null; + + try { + IRegistrationAuthority ra = (IRegistrationAuthority) + SubsystemRegistry.getInstance().get("ra"); + + if (ra != null) { + queue = ra.getRequestQueue(); + } + + } catch (Exception e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AGENT_REQUEST_QUEUE")); + } + + return queue; + } + + private VerifiedCerts mVCList = null; + private int mVCListSize = 0; + + public void setListOfVerifiedCerts(int size, long interval, long unknownStateInterval) { + if (size > 0 && mVCListSize == 0) { + mVCListSize = size; + mVCList = new VerifiedCerts(size, interval, unknownStateInterval); + } + } + + public boolean isRevoked(X509Certificate[] certificates) { + boolean revoked = false; + + if (certificates != null) { + X509CertImpl cert = (X509CertImpl) certificates[0]; + + int result = VerifiedCert.UNKNOWN; + + if (mVCList != null) { + result = mVCList.check(cert); + } + if (result != VerifiedCert.REVOKED && + result != VerifiedCert.NOT_REVOKED && + result != VerifiedCert.CHECKED) { + + CertificateRepository certDB = (CertificateRepository) getCertDB(); + + if (certDB != null) { + try { + if (certDB.isCertificateRevoked(cert) != null) { + revoked = true; + if (mVCList != null) + mVCList.update(cert, VerifiedCert.REVOKED); + } else { + if (mVCList != null) + mVCList.update(cert, VerifiedCert.NOT_REVOKED); + } + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AGENT_REVO_STATUS")); + } + } else { + IRequestQueue queue = getReqQueue(); + + if (queue != null) { + IRequest checkRevReq = null; + + try { + checkRevReq = queue.newRequest(CertRequestConstants.GETREVOCATIONINFO_REQUEST); + checkRevReq.setExtData(IRequest.REQ_TYPE, + CertRequestConstants.GETREVOCATIONINFO_REQUEST); + checkRevReq.setExtData(IRequest.REQUESTOR_TYPE, + IRequest.REQUESTOR_RA); + + X509CertImpl agentCerts[] = new X509CertImpl[certificates.length]; + + for (int i = 0; i < certificates.length; i++) { + agentCerts[i] = (X509CertImpl) certificates[i]; + } + checkRevReq.setExtData(IRequest.ISSUED_CERTS, agentCerts); + + queue.processRequest(checkRevReq); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AGENT_PROCESS_CHECKING")); + } + + RequestStatus status = checkRevReq.getRequestStatus(); + + if (status == RequestStatus.COMPLETE) { + Enumeration enum1 = checkRevReq.getExtDataKeys(); + + while (enum1.hasMoreElements()) { + String name = (String) enum1.nextElement(); + + if (name.equals(IRequest.REVOKED_CERTS)) { + revoked = true; + if (mVCList != null) + mVCList.update(cert, VerifiedCert.REVOKED); + } + } + if (revoked == false) { + if (mVCList != null) + mVCList.update(cert, VerifiedCert.NOT_REVOKED); + } + + } else { + if (mVCList != null) + mVCList.update(cert, VerifiedCert.CHECKED); + } + } + } + } else if (result == VerifiedCert.REVOKED) { + revoked = true; + } + } + + return revoked; + } + + private void log(int level, String msg) { + Logger.getLogger().log(ILogger.EV_SYSTEM, null, + ILogger.S_AUTHENTICATION, level, msg); + } +} + + +class WarningListener implements ILogEventListener { + private StringBuffer mSB = null; + + public WarningListener(StringBuffer sb) { + mSB = sb; + } + + public void log(ILogEvent event) throws ELogException { + String str = event.toString(); + + // start.cc and restart.cc does not like carriage + // return. They are the programs that pass the + // log messages to the console + str = str.replace('\n', ' '); + if (event.getLevel() == ILogger.LL_FAILURE) { + mSB.append("FAILURE: " + str + "|"); + } + if (event.getLevel() == ILogger.LL_WARN) { + mSB.append("WARNING: " + str + "|"); + } + } + + public void flush() { + } + + public void shutdown() { + } + + public IConfigStore getConfigStore() { + return null; + } + + public void init(ISubsystem owner, IConfigStore config) + throws EBaseException { + } + + public void startup() { + } + + /** + * Retrieve last "maxLine" number of system log with log lever >"level" + * and from source "source". If the parameter is omitted. All entries + * are sent back. + */ + public synchronized NameValuePairs retrieveLogContent(Hashtable req) throws ServletException, + IOException, EBaseException { + return null; + } + + /** + * Retrieve log file list. + */ + public synchronized NameValuePairs retrieveLogList(Hashtable req) throws ServletException, + IOException, EBaseException { + return null; + } + + public String getImplName() { + return "ConsoleLog"; + } + + public String getDescription() { + return "ConsoleLog"; + } + + public Vector getDefaultParams() { + Vector v = new Vector(); + + return v; + } + + public Vector getInstanceParams() { + Vector v = new Vector(); + + return v; + } +} + + +class SubsystemInfo { + public final String mId; + public final ISubsystem mInstance; + public SubsystemInfo(String id, ISubsystem ssInstance) { + mId = id; + mInstance = ssInstance; + } + +} + |