diff options
Diffstat (limited to 'pki/base/common')
15 files changed, 573 insertions, 246 deletions
diff --git a/pki/base/common/src/com/netscape/cms/authentication/TokenAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/TokenAuthentication.java index 0171df6be..298fd43c3 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/TokenAuthentication.java +++ b/pki/base/common/src/com/netscape/cms/authentication/TokenAuthentication.java @@ -141,7 +141,7 @@ public class TokenAuthentication implements IAuthManager, String sessionId = (String)authCred.get(CRED_SESSION_ID); String givenHost = (String)authCred.get("clientHost"); String auth_host = sconfig.getString("securitydomain.host"); - int auth_port = sconfig.getInteger("securitydomain.httpsport"); + int auth_port = sconfig.getInteger("securitydomain.httpseeport"); HttpClient httpclient = new HttpClient(); String c = null; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java index d2495c177..e8b0346a2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java @@ -176,7 +176,7 @@ public class AdminPanel extends WizardPanelBase { String domainname = ""; try { - domainname = cs.getString("preop.securitydomain.name", ""); + domainname = cs.getString("securitydomain.name", ""); } catch (EBaseException e1) {} context.put("securityDomain", domainname); context.put("title", "Administrator"); @@ -286,8 +286,8 @@ public class AdminPanel extends WizardPanelBase { } } else { try { - ca_hostname = config.getString("preop.securitydomain.host", ""); - ca_port = config.getInteger("preop.securitydomain.httpsport"); + ca_hostname = config.getString("securitydomain.host", ""); + ca_port = config.getInteger("securitydomain.httpseeport"); } catch (Exception e) { } } @@ -362,7 +362,7 @@ public class AdminPanel extends WizardPanelBase { system.modifyGroup(group); } - String select = config.getString("preop.securitydomain.select", ""); + String select = config.getString("securitydomain.select", ""); if (select.equals("new")) { group = system.getGroupFromName("Security Domain Administrators"); if (!group.isMember(uid)) { @@ -419,8 +419,8 @@ public class AdminPanel extends WizardPanelBase { int sd_port = -1; try { - sd_hostname = config.getString("preop.securitydomain.host", ""); - sd_port = config.getInteger("preop.securitydomain.httpsport"); + sd_hostname = config.getString("securitydomain.host", ""); + sd_port = config.getInteger("securitydomain.httpseeport"); } catch (Exception e) {} String profileId = HttpInput.getID(request, "profileId"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java index b88898bec..b24341459 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java @@ -70,7 +70,7 @@ public class AgentAuthenticatePanel extends WizardPanelBase { // if we are root, no need to get the certificate chain. try { - String select = cs.getString("preop.securitydomain.select",""); + String select = cs.getString("securitydomain.select",""); if (select.equals("new")) { return true; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java index 1cf6d7421..316c5706d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java @@ -110,10 +110,6 @@ public class CAInfoPanel extends WizardPanelBase { CMS.debug("CAInfoPanel: display"); IConfigStore cs = CMS.getConfigStore(); - String sdcaHostname = ""; - String sdcaHttpPort = ""; - String othercaHostname = ""; - String othercaPort = ""; String hostname = ""; String httpport = ""; String httpsport = ""; @@ -153,6 +149,7 @@ public class CAInfoPanel extends WizardPanelBase { } String cstype = "CA"; + String portType = "SecurePort"; /* try { @@ -161,7 +158,7 @@ public class CAInfoPanel extends WizardPanelBase { */ CMS.debug("CAInfoPanel: Ready to get url"); - Vector v = getUrlListFromSecurityDomain(cs, cstype); + Vector v = getUrlListFromSecurityDomain(cs, cstype, portType); v.addElement("External CA"); StringBuffer list = new StringBuffer(); int size = v.size(); @@ -254,7 +251,7 @@ public class CAInfoPanel extends WizardPanelBase { } else { select = "sdca"; - // parse URL (CA1 - http://...) + // parse URL (CA1 - https://...) url = url.substring(url.indexOf("https")); urlx = new URL(url); } @@ -286,34 +283,35 @@ public class CAInfoPanel extends WizardPanelBase { } catch (Exception e) {} } - private void sdca(HttpServletRequest request, Context context, String hostname, String httpPortStr) throws IOException { + private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException { CMS.debug("CAInfoPanel update: this is the CA in the security domain."); IConfigStore config = CMS.getConfigStore(); context.put("sdcaHostname", hostname); - context.put("sdHttpPort", httpPortStr); + context.put("sdcaHttpsPort", httpsPortStr); if (hostname == null || hostname.length() == 0) { context.put("errorString", "Hostname is null"); throw new IOException("Hostname is null"); } - int httpport = -1; + int httpsport = -1; try { - httpport = Integer.parseInt(httpPortStr); + httpsport = Integer.parseInt(httpsPortStr); } catch (Exception e) { CMS.debug( - "CAInfoPanel update: Http port is not valid. Exception: " + "CAInfoPanel update: Https port is not valid. Exception: " + e.toString()); throw new IOException("Http Port is not valid."); } config.putString("preop.ca.hostname", hostname); - config.putString("preop.ca.httpsport", httpPortStr); + config.putString("preop.ca.httpsport", httpsPortStr); ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - updateCertChain(config, "ca", hostname, httpport, true, context, - certApprovalCallback); + updateCertChainUsingSecureEEPort( config, "ca", hostname, + httpsport, true, context, + certApprovalCallback ); } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java index 5fccf9004..339a92444 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java @@ -139,12 +139,15 @@ public class CreateSubsystemPanel extends WizardPanelBase { context.put("systemname", config.getString("preop.system.name")); context.put("fullsystemname", config.getString("preop.system.fullname")); context.put("machineName", config.getString("machineName")); - context.put("https_port", CMS.getEESSLPort()); context.put("http_port", CMS.getEENonSSLPort()); + context.put("https_agent_port", CMS.getAgentPort()); + context.put("https_ee_port", CMS.getEESSLPort()); + context.put("https_admin_port", CMS.getAdminPort()); } catch (EBaseException e) { } - Vector v = getMasterUrlListFromSecurityDomain(config, cstype); + Vector v = getMasterUrlListFromSecurityDomain( config, cstype, + "SecurePort" ); StringBuffer list = new StringBuffer(); int size = v.size(); for (int i = 0; i < size; i++) { @@ -247,18 +250,18 @@ public class CreateSubsystemPanel extends WizardPanelBase { URL u = new URL(url); String host = u.getHost(); - int port = u.getPort(); + int https_ee_port = u.getPort(); config.putString("preop.master.hostname", host); - config.putInteger("preop.master.httpsport", port); + config.putInteger("preop.master.httpsport", https_ee_port); ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); if (cstype.equals("ca")) { - updateCertChain(config, "clone", host, port, true, context, - certApprovalCallback); + updateCertChain( config, "clone", host, https_ee_port, + true, context, certApprovalCallback ); } - getTokenInfo(config, cstype, host, port, true, context, + getTokenInfo(config, cstype, host, https_ee_port, true, context, certApprovalCallback); } else { CMS.debug("CreateSubsystemPanel: invalid choice " + select); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java index a27bcf09d..d4816bc9f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java @@ -94,7 +94,7 @@ public class DisplayCertChainPanel extends WizardPanelBase { // if we are root, no need to get the certificate chain. try { - String select = cs.getString("preop.securitydomain.select",""); + String select = cs.getString("securitydomain.select",""); String type = cs.getString("preop.subsystem.select", ""); String hierarchy = cs.getString("preop.hierarchy.select", ""); @@ -194,13 +194,26 @@ public class DisplayCertChainPanel extends WizardPanelBase { int panel = getPanelNo()+1; IConfigStore cs = CMS.getConfigStore(); try { - String hostname = cs.getString("preop.securitydomain.host", ""); - int port = cs.getInteger("preop.securitydomain.httpsport", -1); + String sd_hostname = cs.getString("securitydomain.host", ""); + int sd_port = cs.getInteger("securitydomain.httpsadminport", -1); + String cs_hostname = cs.getString("machineName", ""); + int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1); String subsystem = cs.getString("cs.type", ""); - String urlVal = "https://"+CMS.getEESSLHost()+":"+CMS.getEESSLPort()+"/"+toLowerCaseSubsystemType(subsystem)+"/admin/console/config/wizard?p="+panel+"&subsystem="+subsystem; + String urlVal = "https://"+cs_hostname+":"+cs_port+"/"+toLowerCaseSubsystemType(subsystem)+"/admin/console/config/wizard?p="+panel+"&subsystem="+subsystem; String encodedValue = URLEncoder.encode(urlVal, "UTF-8"); - String sdurl = "https://"+hostname+":"+port+"/ca/ee/ca/securityDomainLogin?url="+encodedValue; + String sdurl = "https://"+sd_hostname+":"+sd_port+"/ca/admin/ca/securityDomainLogin?url="+encodedValue; response.sendRedirect(sdurl); + + // The user previously specified the CA Security Domain's + // SSL Admin port in the "Security Domain Panel"; + // now retrieve this specified CA Security Domain's + // non-SSL EE, SSL Agent, and SSL EE ports: + cs.putString( "securitydomain.httpport", + getSecurityDomainPort( cs, "UnSecurePort" ) ); + cs.putString("securitydomain.httpsagentport", + getSecurityDomainPort( cs, "SecureAgentPort" ) ); + cs.putString("securitydomain.httpseeport", + getSecurityDomainPort( cs, "SecurePort" ) ); } catch (Exception ee) { CMS.debug("DisplayCertChainPanel Exception="+ee.toString()); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java index 011be5861..1b657d28a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java @@ -53,6 +53,7 @@ public class DonePanel extends WizardPanelBase { public static final Long MINUS_ONE = Long.valueOf(-1); public static final String RESTART_SERVER_AFTER_CONFIGURATION = "restart_server_after_configuration"; + public static final String PKI_SECURITY_DOMAIN = "pki_security_domain"; public DonePanel() {} @@ -166,8 +167,13 @@ public class DonePanel extends WizardPanelBase { } IConfigStore cs = CMS.getConfigStore(); + String ownport = CMS.getEENonSSLPort(); String ownsport = CMS.getEESSLPort(); String ownhost = CMS.getEESSLHost(); + String ownagentsport = CMS.getAgentPort(); + String ownagenthost = CMS.getAgentHost(); + String ownadminsport = CMS.getAdminPort(); + String ownadminhost = CMS.getAdminHost(); String select = ""; String type = ""; @@ -189,8 +195,8 @@ public class DonePanel extends WizardPanelBase { } context.put("title", "Done"); context.put("panel", "admin/console/config/donepanel.vm"); - context.put("host", ownhost); - context.put("port", ownsport); + context.put("host", ownadminhost); + context.put("port", ownadminsport); String subsystemType = toLowerCaseSubsystemType(type); context.put("systemType", subsystemType); @@ -205,12 +211,14 @@ public class DonePanel extends WizardPanelBase { } catch (Exception e) { } - String sd_port = ""; + String sd_agent_port = ""; + String sd_admin_port = ""; String sd_host = ""; String ca_host = ""; try { - sd_host = cs.getString("preop.securitydomain.host", ""); - sd_port = cs.getString("preop.securitydomain.httpsport", ""); + sd_host = cs.getString("securitydomain.host", ""); + sd_agent_port = cs.getString("securitydomain.httpsagentport", ""); + sd_admin_port = cs.getString("securitydomain.httpsadminport", ""); ca_host = cs.getString("preop.ca.hostname", ""); } catch (Exception e) { } @@ -225,7 +233,7 @@ public class DonePanel extends WizardPanelBase { String instanceName = ""; String subsystemName = ""; try { - sdtype = cs.getString("preop.securitydomain.select", ""); + sdtype = cs.getString("securitydomain.select", ""); instanceName = cs.getString("instanceId", ""); subsystemName = cs.getString("preop.subsystem.name", ""); } catch (Exception e) { @@ -237,7 +245,7 @@ public class DonePanel extends WizardPanelBase { LDAPConnection conn = getLDAPConn(context); String basedn = cs.getString("internaldb.basedn"); - String secdomain = cs.getString("preop.securitydomain.name"); + String secdomain = cs.getString("securitydomain.name"); try { // Create security domain ldap entry @@ -288,6 +296,11 @@ public class DonePanel extends WizardPanelBase { attrs.add(new LDAPAttribute("objectclass", "pkiSubsystem")); attrs.add(new LDAPAttribute("Host", ownhost)); attrs.add(new LDAPAttribute("SecurePort", ownsport)); + attrs.add(new LDAPAttribute("SecureAgentPort", + ownagentsport)); + attrs.add(new LDAPAttribute("SecureAdminPort", + ownadminsport)); + attrs.add(new LDAPAttribute("UnSecurePort", ownport)); attrs.add(new LDAPAttribute("Clone", "false")); attrs.add(new LDAPAttribute("SubsystemName", subsystemName)); attrs.add(new LDAPAttribute("cn", cn)); @@ -304,10 +317,34 @@ public class DonePanel extends WizardPanelBase { } catch (Exception e) { CMS.debug("DonePanel display: "+e.toString()); } + + int sd_admin_port_int = -1; + try { + sd_admin_port_int = Integer.parseInt( sd_admin_port ); + } catch (Exception e) { + } + + try { + // Fetch the "new" security domain and display it + CMS.debug( "Dump contents of new Security Domain . . ." ); + String c = getDomainXML( sd_host, sd_admin_port_int, true ); + } catch( Exception e ) {} + + // Since this instance is a new Security Domain, + // create an empty file to designate this fact. + String security_domain = instanceRoot + "/conf/" + + PKI_SECURITY_DOMAIN; + if( !Utils.isNT() ) { + Utils.exec( "touch " + security_domain ); + Utils.exec( "chmod 00660 " + security_domain ); + } + } else { //existing domain - int p = -1; + int sd_agent_port_int = -1; + int sd_admin_port_int = -1; try { - p = Integer.parseInt(sd_port); + sd_agent_port_int = Integer.parseInt(sd_agent_port); + sd_admin_port_int = Integer.parseInt(sd_admin_port); } catch (Exception e) { } @@ -317,17 +354,31 @@ public class DonePanel extends WizardPanelBase { cloneStr = "&clone=true"; else cloneStr = "&clone=false"; - updateDomainXML(sd_host, p, true, "/ca/agent/ca/updateDomainXML", - "list="+s+"&type="+type+"&host="+ownhost+"&name="+subsystemName+"&sport="+ownsport+"&dm=false"+cloneStr); + updateDomainXML( sd_host, sd_agent_port_int, true, + "/ca/agent/ca/updateDomainXML", + "list=" + s + + "&type=" + type + + "&host=" + ownhost + + "&name=" + subsystemName + + "&sport=" + ownsport + + "&dm=false" + cloneStr + + "&agentsport=" + ownagentsport + + "&adminsport=" + ownadminsport + + "&httpport=" + ownport ); + + // Fetch the "updated" security domain and display it + CMS.debug( "Dump contents of updated Security Domain . . ." ); + String c = getDomainXML( sd_host, sd_admin_port_int, true ); } catch (Exception e) { context.put("errorString", "Failed to update the security domain on the domain master."); //return; } } - // add service.securityDomainPort to CS.cfg in case pkiremove needs to remove system reference from the security domain + // add service.securityDomainPort to CS.cfg in case pkiremove + // needs to remove system reference from the security domain try { - cs.putString("service.securityDomainPort", ownsport); + cs.putString("service.securityDomainPort", ownagentsport); cs.commit(false); } catch (Exception e) { CMS.debug("DonePanel: exception in adding service.securityDomainPort to CS.cfg" + e); @@ -337,7 +388,7 @@ public class DonePanel extends WizardPanelBase { // need to push connector information to the CA if (type.equals("KRA") && !ca_host.equals("")) { try { - updateConnectorInfo(ownhost, ownsport, sd_host, sd_port); + updateConnectorInfo(ownagenthost, ownagentsport); } catch (IOException e) { context.put("errorString", "Failed to update connector information."); return; @@ -495,8 +546,8 @@ public class DonePanel extends WizardPanelBase { try { cahost = config.getString("preop.ca.hostname", ""); caport = config.getInteger("preop.ca.httpsport", -1); - sdhost = config.getString("preop.securitydomain.host", ""); - sdport = config.getInteger("preop.securitydomain.httpsport", -1); + sdhost = config.getString("securitydomain.host", ""); + sdport = config.getInteger("securitydomain.httpseeport", -1); } catch (Exception e) { } @@ -589,8 +640,7 @@ public class DonePanel extends WizardPanelBase { return "CA-" + host + "-" + port; } - private void updateConnectorInfo(String ownhost, String ownsport, - String sd_host, String sd_port) + private void updateConnectorInfo(String ownagenthost, String ownagentsport) throws IOException { IConfigStore cs = CMS.getConfigStore(); int port = -1; @@ -614,7 +664,7 @@ public class DonePanel extends WizardPanelBase { } else { CMS.debug("DonePanel: Transport certificate is being setup in " + url); String session_id = CMS.getConfigSDSessionId(); - String content = "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host="+ownhost+"&ca.connector.KRA.port="+ownsport+"&ca.connector.KRA.transportCert="+URLEncoder.encode(transportCert)+"&sessionID="+session_id; + String content = "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host="+ownagenthost+"&ca.connector.KRA.port="+ownagentsport+"&ca.connector.KRA.transportCert="+URLEncoder.encode(transportCert)+"&sessionID="+session_id; updateConnectorInfo(host, port, true, content); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java index ce9142ca7..b78b98b82 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java @@ -126,7 +126,7 @@ public class GetCookie extends CMSServlet { header.addStringValue("subsystem", subsystem); header.addStringValue("url", url_e); header.addStringValue("errorString", "Failed Authentication"); - String sdname = cs.getString("preop.securitydomain.name", ""); + String sdname = cs.getString("securitydomain.name", ""); header.addStringValue("sdname", sdname); CMS.debug("mErrorFormPath=" + mErrorFormPath); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java index ef08b05cd..3f2ccc8c8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java @@ -133,8 +133,8 @@ public class ImportAdminCertPanel extends WizardPanelBase { if (ca == null) { if (type.equals("otherca")) { try { - caHost = cs.getString("preop.securitydomain.host", ""); - caPort = cs.getString("preop.securitydomain.httpsport", ""); + caHost = cs.getString("securitydomain.host", ""); + caPort = cs.getString("securitydomain.httpseeport", ""); } catch (Exception e) {} } else if (type.equals("sdca")) { try { @@ -142,6 +142,12 @@ public class ImportAdminCertPanel extends WizardPanelBase { caPort = cs.getString("preop.ca.httpsport", ""); } catch (Exception e) {} } + } else { + // Provide default Security Domain values for 'caHost' and 'caPort' + try { + caHost = cs.getString("securitydomain.host", ""); + caPort = cs.getString("securitydomain.httpseeport", ""); + } catch (Exception e) {} } String pkcs7 = ""; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java index 02614f2ec..3b76b6972 100755 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java @@ -99,6 +99,10 @@ public class ImportCAChainPanel extends WizardPanelBase { context.put("import", "true"); IConfigStore cs = CMS.getConfigStore(); + try { + context.put("machineName", cs.getString("machineName")); + context.put("https_port", CMS.getEESSLPort()); + } catch (EBaseException e) {} ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca"); @@ -141,7 +145,12 @@ public class ImportCAChainPanel extends WizardPanelBase { Context context) { /* This should never be called */ - context.put("title", "Import CA's Certificate Chain"); - context.put("panel", "admin/console/config/importcachainpanel.vm"); + IConfigStore cs = CMS.getConfigStore(); + try { + context.put("machineName", cs.getString("machineName")); + context.put("https_port", CMS.getEESSLPort()); + context.put("title", "Import CA's Certificate Chain"); + context.put("panel", "admin/console/config/importcachainpanel.vm"); + } catch (EBaseException e) {} } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java index 75a524e5a..8b5554593 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java @@ -192,20 +192,20 @@ public class NamePanel extends WizardPanelBase { } try { - domainname = config.getString("preop.securitydomain.name", ""); + domainname = config.getString("securitydomain.name", ""); String certTags = config.getString("preop.cert.list"); // same token for now String token = config.getString(PRE_CONF_CA_TOKEN); StringTokenizer st = new StringTokenizer(certTags, ","); - String domaintype = config.getString("preop.securitydomain.select"); + String domaintype = config.getString("securitydomain.select"); int count = 0; String host = ""; - int sport = -1; + int sd_admin_port = -1; if (domaintype.equals("existing")) { - host = config.getString("preop.securitydomain.host", ""); - sport = config.getInteger("preop.securitydomain.httpsport", -1); - count = getSubsystemCount(host, sport, true, cstype); + host = config.getString("securitydomain.host", ""); + sd_admin_port = config.getInteger("securitydomain.httpsadminport", -1); + count = getSubsystemCount(host, sd_admin_port, true, cstype); } while (st.hasMoreTokens()) { @@ -237,7 +237,7 @@ public class NamePanel extends WizardPanelBase { //o_sd is to add o=secritydomainname boolean o_sd = config.getBoolean(PCERT_PREFIX + certTag + "o_securitydomain", true); - domainname = config.getString("preop.securitydomain.name", ""); + domainname = config.getString("securitydomain.name", ""); CMS.debug("NamePanel: display() override is "+override); CMS.debug("NamePanel: display() o_securitydomain is "+o_sd); CMS.debug("NamePanel: display() domainname is "+domainname); @@ -276,8 +276,8 @@ public class NamePanel extends WizardPanelBase { CMS.debug("NamePanel: " + e.toString()); } - CMS.debug("NamePanel: Ready to get urls"); - Vector v = getUrlListFromSecurityDomain(config, "CA"); + CMS.debug("NamePanel: Ready to get SSL EE HTTPS urls"); + Vector v = getUrlListFromSecurityDomain(config, "CA", "SecurePort"); v.addElement("External CA"); StringBuffer list = new StringBuffer(); int size = v.size(); @@ -416,10 +416,10 @@ public class NamePanel extends WizardPanelBase { String profileId = config.getString(PCERT_PREFIX+certTag+".profile"); String session_id = CMS.getConfigSDSessionId(); String sd_hostname = ""; - int sd_port = -1; + int sd_ee_port = -1; try { - sd_hostname = config.getString("preop.securitydomain.host", ""); - sd_port = config.getInteger("preop.securitydomain.httpsport", -1); + sd_hostname = config.getString("securitydomain.host", ""); + sd_ee_port = config.getInteger("securitydomain.httpseeport", -1); } catch (Exception ee) { CMS.debug("NamePanel: configCert() exception caught:"+ee.toString()); } @@ -428,7 +428,7 @@ public class NamePanel extends WizardPanelBase { String securePort = config.getString("service.securePort", ""); if (certTag.equals("subsystem")) { String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId="+profileId+"&cert_request_type=pkcs10&cert_request="+URLEncoder.encode(pkcs10, "UTF-8")+"&xmlOutput=true&sessionID="+session_id; - cert = CertUtil.createRemoteCert(sd_hostname, sd_port, + cert = CertUtil.createRemoteCert(sd_hostname, sd_ee_port, content, response, this); if (cert == null) { throw new IOException("Error: remote certificate is null"); @@ -716,7 +716,7 @@ public class NamePanel extends WizardPanelBase { } else { CMS.debug("NamePanel: local CA selected"); select = "sdca"; - // parse URL (CA1 - http://...) + // parse URL (CA1 - https://...) url = url.substring(url.indexOf("https")); config.putString("preop.ca.url", url); @@ -805,23 +805,23 @@ public class NamePanel extends WizardPanelBase { CMS.debug("NamePanel: update() done"); } - private void sdca(HttpServletRequest request, Context context, String hostname, String httpPortStr) throws IOException { + private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException { CMS.debug("NamePanel update: this is the CA in the security domain."); - CMS.debug("NamePanel update: selected CA hostname=" + hostname + " port=" + httpPortStr); + CMS.debug("NamePanel update: selected CA hostname=" + hostname + " port=" + httpsPortStr); IConfigStore config = CMS.getConfigStore(); context.put("sdcaHostname", hostname); - context.put("sdHttpPort", httpPortStr); + context.put("sdHttpPort", httpsPortStr); if (hostname == null || hostname.length() == 0) { context.put("errorString", "Hostname is null"); throw new IOException("Hostname is null"); } - int httpport = -1; + int httpsport = -1; try { - httpport = Integer.parseInt(httpPortStr); + httpsport = Integer.parseInt(httpsPortStr); } catch (Exception e) { CMS.debug( "NamePanel update: Http port is not valid. Exception: " @@ -830,10 +830,11 @@ public class NamePanel extends WizardPanelBase { } config.putString("preop.ca.hostname", hostname); - config.putString("preop.ca.httpsport", httpPortStr); + config.putString("preop.ca.httpsport", httpsPortStr); ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - updateCertChain(config, "ca", hostname, httpport, true, context, - certApprovalCallback); + updateCertChainUsingSecureEEPort( config, "ca", hostname, + httpsport, true, context, + certApprovalCallback ); try { CMS.debug("Importing CA chain"); importCertChain("ca"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java index 13fb58ef9..9ae5689ad 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java @@ -348,8 +348,8 @@ public class RestoreKeyCertPanel extends WizardPanelBase { String master_hostname = ""; int master_port = -1; try { - sd_hostname = config.getString("preop.securitydomain.host", ""); - sd_port = config.getInteger("preop.securitydomain.httpsport", -1); + sd_hostname = config.getString("securitydomain.host", ""); + sd_port = config.getInteger("securitydomain.httpseeport", -1); master_hostname = config.getString("preop.master.hostname", ""); master_port = config.getInteger("preop.master.httpsport", -1); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java index 73ab1b07f..bb4dba978 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java @@ -96,12 +96,14 @@ public class SecurityDomainPanel extends WizardPanelBase { context.put("title", "Security Domain"); IConfigStore config = CMS.getConfigStore(); String errorString = ""; - String url = ""; + String admin_url = ""; String name = ""; + String cstype = ""; try { - url = config.getString("preop.securitydomain.url", ""); + admin_url = config.getString("preop.securitydomain.admin_url", ""); name = config.getString("preop.securitydomain.name", ""); + cstype = config.getString("cs.type", ""); } catch (Exception e) { CMS.debug(e.toString()); } @@ -130,70 +132,60 @@ public class SecurityDomainPanel extends WizardPanelBase { context.put("panelname", "Security Domain Configuration"); context.put("systemname", config.getString("preop.system.name")); context.put("machineName", config.getString("machineName")); - context.put("https_port", CMS.getEESSLPort()); - context.put("http_port", CMS.getEENonSSLPort()); + context.put("http_ee_port", CMS.getEENonSSLPort()); + context.put("https_agent_port", CMS.getAgentPort()); + context.put("https_ee_port", CMS.getEESSLPort()); + context.put("https_admin_port", CMS.getAdminPort()); + context.put("sdomainAdminURL", admin_url); } catch (EBaseException e) {} context.put("panel", "admin/console/config/securitydomainpanel.vm"); context.put("errorString", errorString); - if (url != null) { - String r = null; - - try { - URL u = new URL(url); - - String hostname = u.getHost(); - int port = u.getPort(); - ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - r = pingCS(hostname, port, true, certApprovalCallback); - } catch (Exception e) { - CMS.debug("SecurityDomainPanel: exception caught: "+e.toString()); - } - - if (r != null) { - CMS.debug("SecurityDomainPanel: pingCS returns: "+r); - context.put("sdomainURL", url); - } else { - CMS.debug("SecurityDomainPanel: pingCS no successful response"); - context.put("sdomainURL", ""); - } - } - - // from url, find hostname, if fully qualified, get network + // from admin_url, find hostname, if fully qualified, get network // domain name and generate default security domain name - if (name.equals("") && (url != null)) { + if (name.equals("") && (admin_url != null)) { try { - URL u = new URL(url); + URL u = new URL(admin_url); String hostname = u.getHost(); StringTokenizer st = new StringTokenizer(hostname, "."); - boolean first = true; - int numTokens = st.countTokens(); - int count = 0; - String defaultDomain = ""; - StringBuffer sb = new StringBuffer(); - while (st.hasMoreTokens()) { - count++; - String n = st.nextToken(); - if (first) { //skip the hostname - first = false; - continue; + boolean first = true; + int numTokens = st.countTokens(); + int count = 0; + String defaultDomain = ""; + StringBuffer sb = new StringBuffer(); + while (st.hasMoreTokens()) { + count++; + String n = st.nextToken(); + if (first) { //skip the hostname + first = false; + continue; } - if (count == numTokens) // skip the last element (e.g. com) - continue; - sb.append((defaultDomain.length()==0)? "":" "); - sb.append(capitalize(n)); - } - defaultDomain = sb.toString() + " "+ "Domain"; - name = defaultDomain; - CMS.debug("SecurityDomainPanel: defaultDomain generated:"+ name); + if (count == numTokens) // skip the last element (e.g. com) + continue; + sb.append((defaultDomain.length()==0)? "":" "); + sb.append(capitalize(n)); + } + defaultDomain = sb.toString() + " "+ "Domain"; + name = defaultDomain; + CMS.debug("SecurityDomainPanel: defaultDomain generated:"+ name); } catch (MalformedURLException e) { errorString = "Malformed URL"; - // not being able to come up with default domain name is ok + // not being able to come up with default domain name is ok } } context.put("sdomainName", name); + + // Information for "existing" Security Domain CAs + String instanceId = "<security_domain_instance_name>"; + String os = System.getProperty( "os.name" ); + if( os.equalsIgnoreCase( "Linux" ) ) { + context.put( "initCommand", "/sbin/service " + instanceId ); + } else { + /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ + context.put( "initCommand", "/etc/init.d/" + instanceId ); + } } public static String capitalize(String s) { @@ -219,10 +211,41 @@ public class SecurityDomainPanel extends WizardPanelBase { throw new IOException("Missing name value for the security domain"); } } else if (select.equals("existingdomain")) { - String url = HttpInput.getURL(request, "sdomainURL"); - if (url == null || url.equals("")) { - initParams(request, context); - throw new IOException("Missing url value for the security domain"); + CMS.debug( "SecurityDomainPanel: validating " + + "SSL Admin HTTPS . . ." ); + String admin_url = HttpInput.getURL( request, "sdomainURL" ); + if( admin_url == null || admin_url.equals("") ) { + initParams( request, context ); + throw new IOException( "Missing SSL Admin HTTPS url value " + + "for the security domain" ); + } else { + String r = null; + + try { + URL u = new URL( admin_url ); + + String hostname = u.getHost(); + int admin_port = u.getPort(); + ConfigCertApprovalCallback + certApprovalCallback = new ConfigCertApprovalCallback(); + r = pingCS( hostname, admin_port, true, + certApprovalCallback ); + } catch( Exception e ) { + CMS.debug( "SecurityDomainPanel: exception caught: " + + e.toString() ); + throw new IOException( "Illegal SSL Admin HTTPS url value " + + "for the security domain" ); + } + + if (r != null) { + CMS.debug("SecurityDomainPanel: pingAdminCS returns: " + + r ); + context.put( "sdomainURL", admin_url ); + } else { + CMS.debug( "SecurityDomainPanel: pingAdminCS " + + "no successful response for SSL Admin HTTPS" ); + context.put( "sdomainURL", "" ); + } } } } @@ -250,10 +273,10 @@ public class SecurityDomainPanel extends WizardPanelBase { name = ""; context.put("sdomainName", name); - String url = request.getParameter("sdomainURL"); - if (url == null) - url = ""; - context.put("sdomainURL", url); + String admin_url = request.getParameter("sdomainURL"); + if (admin_url == null) + admin_url = ""; + context.put("sdomainURL", admin_url); } /** @@ -274,22 +297,20 @@ public class SecurityDomainPanel extends WizardPanelBase { if (select.equals("newdomain")) { config.putString("preop.securitydomain.select", "new"); config.putString("securitydomain.select", "new"); - config.putString("preop.securitydomain.host", - CMS.getEENonSSLHost()); + config.putString("preop.securitydomain.name", + HttpInput.getDomainName(request, "sdomainName")); + config.putString("securitydomain.name", + HttpInput.getDomainName(request, "sdomainName")); config.putString("securitydomain.host", CMS.getEENonSSLHost()); - config.putString("preop.securitydomain.httpport", - CMS.getEENonSSLPort()); config.putString("securitydomain.httpport", CMS.getEENonSSLPort()); - config.putString("preop.securitydomain.httpsport", - CMS.getEESSLPort()); - config.putString("securitydomain.httpsport", + config.putString("securitydomain.httpsagentport", + CMS.getAgentPort()); + config.putString("securitydomain.httpseeport", CMS.getEESSLPort()); - config.putString("preop.securitydomain.name", - HttpInput.getDomainName(request, "sdomainName")); - config.putString("securitydomain.name", - HttpInput.getDomainName(request, "sdomainName")); + config.putString("securitydomain.httpsadminport", + CMS.getAdminPort()); // make sure the subsystem certificate is issued by the security // domain @@ -315,29 +336,25 @@ public class SecurityDomainPanel extends WizardPanelBase { config.putString("preop.cert.subsystem.type", "remote"); config.putString("preop.cert.subsystem.profile", "caInternalAuthSubsystemCert"); - String url = HttpInput.getURL(request, "sdomainURL"); + String admin_url = HttpInput.getURL(request, "sdomainURL"); String hostname = ""; - int port = -1; + int admin_port = -1; - if (url != null) { + if( admin_url != null ) { try { - URL u = new URL(url); + URL admin_u = new URL( admin_url ); - hostname = u.getHost(); - port = u.getPort(); - } catch (MalformedURLException e) { - errorString = "Malformed URL"; - throw new IOException(errorString); + hostname = admin_u.getHost(); + admin_port = admin_u.getPort(); + } catch( MalformedURLException e ) { + errorString = "Malformed SSL Admin HTTPS URL"; + throw new IOException( errorString ); } - - context.put("sdomainURL", url); - config.putString("preop.securitydomain.url", url); - config.putString("preop.securitydomain.host", hostname); - config.putString("securitydomain.host", hostname); - config.putInteger("preop.securitydomain.httpsport", port); - config.putInteger("securitydomain.httpsport", port); - } else { - config.putString("preop.securitydomain.url", ""); + + context.put( "sdomainURL", admin_url ); + config.putString( "securitydomain.host", hostname ); + config.putInteger( "securitydomain.httpsadminport", + admin_port ); } try { @@ -345,8 +362,8 @@ public class SecurityDomainPanel extends WizardPanelBase { } catch (EBaseException e) {} ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - updateCertChain(config, "securitydomain", hostname, port, true, - context, certApprovalCallback); + updateCertChain( config, "securitydomain", hostname, admin_port, + true, context, certApprovalCallback ); } else { CMS.debug("SecurityDomainPanel: invalid choice " + select); errorString = "Invalid choice"; @@ -369,7 +386,7 @@ public class SecurityDomainPanel extends WizardPanelBase { } /** - * If validiate() returns false, this method will be called. + * If validate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, HttpServletResponse response, @@ -381,9 +398,24 @@ public class SecurityDomainPanel extends WizardPanelBase { } try { context.put("machineName", config.getString("machineName")); - context.put("https_port", CMS.getEESSLPort()); - context.put("http_port", CMS.getEENonSSLPort()); + context.put("http_ee_port", CMS.getEENonSSLPort()); + context.put("https_agent_port", CMS.getAgentPort()); + context.put("https_ee_port", CMS.getEESSLPort()); + context.put("https_admin_port", CMS.getAdminPort()); + context.put("sdomainAdminURL", + config.getString("preop.securitydomain.admin_url")); } catch (EBaseException e) {} + + // Information for "existing" Security Domain CAs + String instanceId = "<security_domain_instance_name>"; + String os = System.getProperty( "os.name" ); + if( os.equalsIgnoreCase( "Linux" ) ) { + context.put( "initCommand", "/sbin/service " + instanceId ); + } else { + /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ + context.put( "initCommand", "/etc/init.d/" + instanceId ); + } + context.put("title", "Security Domain"); context.put("panel", "admin/console/config/securitydomainpanel.vm"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java index 2b9f7328b..e96d82bb1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java @@ -244,6 +244,9 @@ public class UpdateDomainXML extends CMSServlet { String host = httpReq.getParameter("host"); String name = httpReq.getParameter("name"); String sport = httpReq.getParameter("sport"); + String agentsport = httpReq.getParameter("agentsport"); + String adminsport = httpReq.getParameter("adminsport"); + String httpport = httpReq.getParameter("httpport"); String domainmgr = httpReq.getParameter("dm"); String clone = httpReq.getParameter("clone"); String operation = httpReq.getParameter("operation"); @@ -268,7 +271,7 @@ public class UpdateDomainXML extends CMSServlet { ILdapConnFactory connFactory = null; LDAPConnection conn = null; String listName = type + "List"; - String cn = host + ":" + sport; + String cn = host + ":" + adminsport; String dn = "cn=" + cn + ",cn=" + listName + ",ou=Security Domain," + basedn; CMS.debug("UpdateDomainXML: updating LDAP entry: " + dn); @@ -279,6 +282,9 @@ public class UpdateDomainXML extends CMSServlet { attrs.add(new LDAPAttribute("cn", cn)); attrs.add(new LDAPAttribute("Host", host)); attrs.add(new LDAPAttribute("SecurePort", sport)); + attrs.add(new LDAPAttribute("SecureAgentPort", agentsport)); + attrs.add(new LDAPAttribute("SecureAdminPort", adminsport)); + attrs.add(new LDAPAttribute("UnSecurePort", httpport)); attrs.add(new LDAPAttribute("DomainManager", domainmgr)); attrs.add(new LDAPAttribute("clone", clone)); attrs.add(new LDAPAttribute("SubsystemName", name)); @@ -286,7 +292,7 @@ public class UpdateDomainXML extends CMSServlet { if ((operation != null) && (operation.equals("remove"))) { status = remove_from_ldap(dn); - String adminUserDN = "uid=" + type + "-" + host + "-" + sport + ",ou=People," + basedn; + String adminUserDN = "uid=" + type + "-" + host + "-" + adminsport + ",ou=People," + basedn; if (status.equals(SUCCESS)) { // remove the client cert for this subsystem's admin status = remove_from_ldap(adminUserDN); @@ -327,9 +333,9 @@ public class UpdateDomainXML extends CMSServlet { Node nn = (Node) nodeList.item(i); Vector v_name = parser.getValuesFromContainer(nn, "SubsystemName"); Vector v_host = parser.getValuesFromContainer(nn, "Host"); - Vector v_port = parser.getValuesFromContainer(nn, "SecurePort"); + Vector v_adminport = parser.getValuesFromContainer(nn, "SecureAdminPort"); if ((v_name.elementAt(0).equals(name)) && (v_host.elementAt(0).equals(host)) - && (v_port.elementAt(0).equals(sport))) { + && (v_adminport.elementAt(0).equals(adminsport))) { Node parent = nn.getParentNode(); Node remNode = parent.removeChild(nn); count --; @@ -342,6 +348,9 @@ public class UpdateDomainXML extends CMSServlet { parser.addItemToContainer(parent, "SubsystemName", name); parser.addItemToContainer(parent, "Host", host); parser.addItemToContainer(parent, "SecurePort", sport); + parser.addItemToContainer(parent, "SecureAgentPort", agentsport); + parser.addItemToContainer(parent, "SecureAdminPort", adminsport); + parser.addItemToContainer(parent, "UnSecurePort", httpport); parser.addItemToContainer(parent, "DomainManager", domainmgr); parser.addItemToContainer(parent, "Clone", clone); count ++; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java index cd0630491..6ebdc9df3 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java @@ -284,11 +284,11 @@ public class WizardPanelBase implements IWizardPanel { } } - public int getSubsystemCount(String hostname, int port, boolean https, - String type) - throws IOException { + public int getSubsystemCount( String hostname, int https_admin_port, + boolean https, String type ) + throws IOException { CMS.debug("WizardPanelBase getSubsystemCount start"); - String c = getDomainXML(hostname, port, true); + String c = getDomainXML(hostname, https_admin_port, true); if (c != null) { try { ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); @@ -327,12 +327,12 @@ public class WizardPanelBase implements IWizardPanel { return -1; } - public String getDomainXML(String hostname, int port, boolean https) - throws IOException { + public String getDomainXML( String hostname, int https_admin_port, + boolean https ) + throws IOException { CMS.debug("WizardPanelBase getDomainXML start"); - String c = getHttpResponse(hostname, port, https, "/ca/ee/ca/getDomainXML", - null, null); - + String c = getHttpResponse( hostname, https_admin_port, https, + "/ca/admin/ca/getDomainXML", null, null ); if (c != null) { try { ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); @@ -440,12 +440,16 @@ public class WizardPanelBase implements IWizardPanel { } } - public String getCertChain(String hostname, int port, boolean https, - ConfigCertApprovalCallback certApprovalCallback) - throws IOException { - CMS.debug("WizardPanelBase getCertChain start"); - String c = getHttpResponse(hostname, port, https, - "/ca/ee/ca/getCertChain", null, null, certApprovalCallback); + public String getCertChainUsingSecureAdminPort( String hostname, + int https_admin_port, + boolean https, + ConfigCertApprovalCallback + certApprovalCallback ) + throws IOException { + CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort start"); + String c = getHttpResponse( hostname, https_admin_port, https, + "/ca/admin/ca/getCertChain", null, null, + certApprovalCallback ); if (c != null) { try { @@ -455,21 +459,21 @@ public class WizardPanelBase implements IWizardPanel { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::getCertChain() - " + CMS.debug( "WizardPanelBase::getCertChainUsingSecureAdminPort() - " + "Exception="+e.toString() ); throw new IOException( e.toString() ); } String status = parser.getValue("Status"); - CMS.debug("WizardPanelBase getCertChain: status=" + status); + CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort: status=" + status); if (status.equals(SUCCESS)) { String certchain = parser.getValue("ChainBase64"); certchain = CryptoUtil.normalizeCertStr(certchain); CMS.debug( - "WizardPanelBase getCertChain: certchain=" + "WizardPanelBase getCertChainUsingSecureAdminPort: certchain=" + certchain); return certchain; } else { @@ -478,10 +482,63 @@ public class WizardPanelBase implements IWizardPanel { throw new IOException(error); } } catch (IOException e) { - CMS.debug("WizardPanelBase: getCertChain: " + e.toString()); + CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: " + e.toString()); throw e; } catch (Exception e) { - CMS.debug("WizardPanelBase: getCertChain: " + e.toString()); + CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: " + e.toString()); + throw new IOException(e.toString()); + } + } + + return null; + } + + public String getCertChainUsingSecureEEPort( String hostname, + int https_ee_port, + boolean https, + ConfigCertApprovalCallback + certApprovalCallback ) + throws IOException { + CMS.debug("WizardPanelBase getCertChainUsingSecureEEPort start"); + String c = getHttpResponse( hostname, https_ee_port, https, + "/ca/ee/ca/getCertChain", null, null, + certApprovalCallback ); + + if (c != null) { + try { + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + XMLObject parser = null; + + try { + parser = new XMLObject(bis); + } catch (Exception e) { + CMS.debug( "WizardPanelBase::getCertChainUsingSecureEEPort() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); + } + + String status = parser.getValue("Status"); + + CMS.debug("WizardPanelBase getCertChainUsingSecureEEPort: status=" + status); + + if (status.equals(SUCCESS)) { + String certchain = parser.getValue("ChainBase64"); + + certchain = CryptoUtil.normalizeCertStr(certchain); + CMS.debug( + "WizardPanelBase getCertChainUsingSecureEEPort: certchain=" + + certchain); + return certchain; + } else { + String error = parser.getValue("Error"); + + throw new IOException(error); + } + } catch (IOException e) { + CMS.debug("WizardPanelBase: getCertChainUsingSecureEEPort: " + e.toString()); + throw e; + } catch (Exception e) { + CMS.debug("WizardPanelBase: getCertChainUsingSecureEEPort: " + e.toString()); throw new IOException(e.toString()); } } @@ -860,15 +917,17 @@ public class WizardPanelBase implements IWizardPanel { return c; } - public Vector getMasterUrlListFromSecurityDomain(IConfigStore config, String type) { + public Vector getMasterUrlListFromSecurityDomain( IConfigStore config, + String type, + String portType ) { Vector v = new Vector(); try { - String hostname = config.getString("preop.securitydomain.host"); - int httpsport = config.getInteger("preop.securitydomain.httpsport"); + String hostname = config.getString("securitydomain.host"); + int httpsadminport = config.getInteger("securitydomain.httpsadminport"); CMS.debug("Getting domain.xml from CA..."); - String c = getDomainXML(hostname, httpsport, true); + String c = getDomainXML(hostname, httpsadminport, true); String list = ""; CMS.debug("Type " + type); @@ -882,13 +941,23 @@ public class WizardPanelBase implements IWizardPanel { list = "TKSList"; } + CMS.debug( "Getting " + portType + " from Security Domain ..." ); + if( !portType.equals( "UnSecurePort" ) && + !portType.equals( "SecureAgentPort" ) && + !portType.equals( "SecurePort" ) && + !portType.equals( "SecureAdminPort" ) ) { + CMS.debug( "getPortFromSecurityDomain: " + + "unknown port type " + portType ); + return v; + } + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject parser = new XMLObject(bis); Document doc = parser.getDocument(); NodeList nodeList = doc.getElementsByTagName(type); // save domain name in cfg - config.putString("preop.securitydomain.name", + config.putString("securitydomain.name", parser.getValue("Name")); int len = nodeList.getLength(); @@ -905,11 +974,13 @@ public class WizardPanelBase implements IWizardPanel { Vector v_host = parser.getValuesFromContainer(nodeList.item(i), "Host"); Vector v_port = parser.getValuesFromContainer(nodeList.item(i), - "SecurePort"); + portType); - v.addElement( - v_name.elementAt(0) + " - https://" + v_host.elementAt(0) - + ":" + v_port.elementAt(0)); + v.addElement( v_name.elementAt(0) + + " - https://" + + v_host.elementAt(0) + + ":" + + v_port.elementAt(0) ); } } catch (Exception e) { CMS.debug(e.toString()); @@ -918,18 +989,20 @@ public class WizardPanelBase implements IWizardPanel { return v; } - public Vector getUrlListFromSecurityDomain(IConfigStore config, String type) { + public Vector getUrlListFromSecurityDomain( IConfigStore config, + String type, + String portType ) { Vector v = new Vector(); try { - String hostname = config.getString("preop.securitydomain.host"); - int httpsport = config.getInteger("preop.securitydomain.httpsport"); + String hostname = config.getString("securitydomain.host"); + int httpsadminport = config.getInteger("securitydomain.httpsadminport"); CMS.debug("Getting domain.xml from CA..."); - String c = getDomainXML(hostname, httpsport, true); + String c = getDomainXML(hostname, httpsadminport, true); String list = ""; - CMS.debug("Type " + type); + CMS.debug("Subsystem Type " + type); if (type.equals("CA")) { list = "CAList"; } else if (type.equals("KRA")) { @@ -940,13 +1013,23 @@ public class WizardPanelBase implements IWizardPanel { list = "TKSList"; } + CMS.debug( "Getting " + portType + " from Security Domain ..." ); + if( !portType.equals( "UnSecurePort" ) && + !portType.equals( "SecureAgentPort" ) && + !portType.equals( "SecurePort" ) && + !portType.equals( "SecureAdminPort" ) ) { + CMS.debug( "getPortFromSecurityDomain: " + + "unknown port type " + portType ); + return v; + } + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject parser = new XMLObject(bis); Document doc = parser.getDocument(); NodeList nodeList = doc.getElementsByTagName(type); // save domain name in cfg - config.putString("preop.securitydomain.name", + config.putString("securitydomain.name", parser.getValue("Name")); int len = nodeList.getLength(); @@ -958,11 +1041,13 @@ public class WizardPanelBase implements IWizardPanel { Vector v_host = parser.getValuesFromContainer(nodeList.item(i), "Host"); Vector v_port = parser.getValuesFromContainer(nodeList.item(i), - "SecurePort"); + portType); - v.addElement( - v_name.elementAt(0) + " - https://" + v_host.elementAt(0) - + ":" + v_port.elementAt(0)); + v.addElement( v_name.elementAt(0) + + " - https://" + + v_host.elementAt(0) + + ":" + + v_port.elementAt(0) ); } } catch (Exception e) { CMS.debug(e.toString()); @@ -971,37 +1056,105 @@ public class WizardPanelBase implements IWizardPanel { return v; } - public String pingCS(String hostname, int port, boolean https, - SSLCertificateApprovalCallback certApprovalCallback) + public String getSecurityDomainPort( IConfigStore config, + String portType ) { + String port = new String(); + + try { + String hostname = config.getString( "securitydomain.host" ); + int httpsadminport = + config.getInteger( "securitydomain.httpsadminport" ); + + CMS.debug( "Getting domain.xml from CA ..." ); + String c = getDomainXML( hostname, httpsadminport, true ); + + CMS.debug( "Getting " + portType + " from Security Domain ..." ); + if( !portType.equals( "UnSecurePort" ) && + !portType.equals( "SecureAgentPort" ) && + !portType.equals( "SecurePort" ) && + !portType.equals( "SecureAdminPort" ) ) { + CMS.debug( "getPortFromSecurityDomain: " + + "unknown port type " + portType ); + return ""; + } + + ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() ); + XMLObject parser = new XMLObject( bis ); + Document doc = parser.getDocument(); + NodeList nodeList = doc.getElementsByTagName( "CA" ); + + int len = nodeList.getLength(); + for( int i = 0; i < len; i++ ) { + Vector v_admin_port = + parser.getValuesFromContainer( nodeList.item(i), + "SecureAdminPort" ); + + Vector v_port = null; + if( portType.equals( "UnSecurePort" ) ) { + v_port = parser.getValuesFromContainer( nodeList.item(i), + "UnSecurePort" ); + } else if( portType.equals( "SecureAgentPort" ) ) { + v_port = parser.getValuesFromContainer( nodeList.item(i), + "SecureAgentPort" ); + } else if( portType.equals( "SecurePort" ) ) { + v_port = parser.getValuesFromContainer( nodeList.item(i), + "SecurePort" ); + } else if( portType.equals( "SecureAdminPort" ) ) { + v_port = parser.getValuesFromContainer( nodeList.item(i), + "SecureAdminPort" ); + } + + if( ( v_port != null ) && + ( v_admin_port.elementAt( 0 ).equals( + Integer.toString( httpsadminport ) ) ) ) { + port = v_port.elementAt( 0 ).toString(); + break; + } + } + } catch (Exception e) { + CMS.debug( e.toString() ); + } + + return( port ); + } + + public String pingCS( String hostname, int port, boolean https, + SSLCertificateApprovalCallback certApprovalCallback ) throws IOException { - CMS.debug("WizardPanelBase pingCS start"); - String c = getHttpResponse(hostname, port, https, "/ca/ee/ca/getStatus", - null, null, certApprovalCallback); + CMS.debug( "WizardPanelBase pingCS: started" ); - if (c != null) { + String c = getHttpResponse( hostname, port, https, + "/ca/admin/ca/getStatus", + null, null, certApprovalCallback ); + + if( c != null ) { try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + ByteArrayInputStream bis = new + ByteArrayInputStream( c.getBytes() ); XMLObject parser = null; - String state = null; + String state = null; try { - parser = new XMLObject(bis); - CMS.debug("WizardPanelBase pingCS: got XML parsed"); - state = parser.getValue("State"); + parser = new XMLObject( bis ); + CMS.debug( "WizardPanelBase pingCS: got XML parsed" ); + state = parser.getValue( "State" ); - if (state != null) - CMS.debug("WizardPanelBase pingCS: state=" + state); + if( state != null ) { + CMS.debug( "WizardPanelBase pingCS: state=" + state ); + } } catch (Exception e) { - CMS.debug("WizardPanelBase: pingCS: parser failed" + e.toString()); - } + CMS.debug( "WizardPanelBase: pingCS: parser failed" + + e.toString() ); + } - return state; - } catch (Exception e) { - CMS.debug("WizardPanelBase: pingCS: " + e.toString()); - throw new IOException(e.toString()); + return state; + } catch( Exception e ) { + CMS.debug( "WizardPanelBase: pingCS: " + e.toString() ); + throw new IOException( e.toString() ); } } + CMS.debug( "WizardPanelBase pingCS: stopped" ); return null; } @@ -1021,12 +1174,12 @@ public class WizardPanelBase implements IWizardPanel { } public void getTokenInfo(IConfigStore config, String type, String host, - int port, boolean https, Context context, + int https_ee_port, boolean https, Context context, ConfigCertApprovalCallback certApprovalCallback) throws IOException { CMS.debug("WizardPanelBase getTokenInfo start"); String uri = "/"+type+"/ee/"+type+"/getTokenInfo"; CMS.debug("WizardPanelBase getTokenInfo: uri="+uri); - String c = getHttpResponse(host, port, https, uri, null, null, + String c = getHttpResponse(host, https_ee_port, https, uri, null, null, certApprovalCallback); if (c != null) { try { @@ -1127,14 +1280,65 @@ public class WizardPanelBase implements IWizardPanel { } public void updateCertChain(IConfigStore config, String name, String host, - int port, boolean https, Context context) throws IOException { - updateCertChain(config, name, host, port, https, context, null); + int https_admin_port, boolean https, Context context) throws IOException { + updateCertChain( config, name, host, https_admin_port, + https, context, null ); } public void updateCertChain(IConfigStore config, String name, String host, - int port, boolean https, Context context, + int https_admin_port, boolean https, Context context, ConfigCertApprovalCallback certApprovalCallback) throws IOException { - String certchain = getCertChain(host, port, https, certApprovalCallback); + String certchain = getCertChainUsingSecureAdminPort( host, + https_admin_port, + https, + certApprovalCallback ); + config.putString("preop."+name+".pkcs7", certchain); + + byte[] decoded = CryptoUtil.base64Decode(certchain); + java.security.cert.X509Certificate[] b_certchain = null; + + try { + b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded); + } catch (Exception e) { + context.put("errorString", + "Failed to get the certificate chain."); + return; + } + + int size = 0; + if (b_certchain != null) { + size = b_certchain.length; + } + config.putInteger("preop."+name+".certchain.size", size); + for (int i = 0; i < size; i++) { + byte[] bb = null; + + try { + bb = b_certchain[i].getEncoded(); + } catch (Exception e) { + context.put("errorString", + "Failed to get the der-encoded certificate chain."); + return; + } + config.putString("preop."+name+".certchain." + i, + CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); + } + + try { + config.commit(false); + } catch (EBaseException e) { + } + } + + public void updateCertChainUsingSecureEEPort( IConfigStore config, + String name, String host, + int https_ee_port, + boolean https, + Context context, + ConfigCertApprovalCallback certApprovalCallback ) throws IOException { + String certchain = getCertChainUsingSecureEEPort( host, https_ee_port, + https, + certApprovalCallback); config.putString("preop."+name+".pkcs7", certchain); byte[] decoded = CryptoUtil.base64Decode(certchain); @@ -1238,13 +1442,15 @@ public class WizardPanelBase implements IWizardPanel { public void reloginSecurityDomain(HttpServletResponse response) { IConfigStore cs = CMS.getConfigStore(); try { - String hostname = cs.getString("preop.securitydomain.host", ""); - int port = cs.getInteger("preop.securitydomain.httpsport", -1); + String hostname = cs.getString("securitydomain.host", ""); + int port = cs.getInteger("securitydomain.httpsadminport", -1); + String cs_hostname = cs.getString("machineName", ""); + int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1); int panel = getPanelNo(); String subsystem = cs.getString("cs.type", ""); - String urlVal = "https://"+CMS.getEESSLHost()+":"+CMS.getEESSLPort()+"/"+toLowerCaseSubsystemType(subsystem)+"/admin/console/config/wizard?p="+panel+"&subsystem="+subsystem; + String urlVal = "https://"+cs_hostname+":"+cs_port+"/"+toLowerCaseSubsystemType(subsystem)+"/admin/console/config/wizard?p="+panel+"&subsystem="+subsystem; String encodedValue = URLEncoder.encode(urlVal, "UTF-8"); - String sdurl = "https://"+hostname+":"+port+"/ca/ee/ca/securityDomainLogin?url="+encodedValue; + String sdurl = "https://"+hostname+":"+port+"/ca/admin/ca/securityDomainLogin?url="+encodedValue; response.sendRedirect(sdurl); } catch (Exception e) { CMS.debug("WizardPanelBase reloginSecurityDomain: Exception="+e.toString()); |