From 6be1194058b64e24848b0f12eaa3d6cee0cadf2e Mon Sep 17 00:00:00 2001 From: Ade Lee Date: Wed, 28 Nov 2012 13:48:30 -0500 Subject: Common admin user: config servlet changes As oer review, changed useCommonAdmin to importAdminCert --- .../certsrv/system/ConfigurationRequest.java | 28 +++++++ .../cms/servlet/csadmin/SystemConfigService.java | 85 +++++++++++++--------- 2 files changed, 78 insertions(+), 35 deletions(-) diff --git a/base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java b/base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java index 444aa9a4c..217f84b90 100644 --- a/base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java +++ b/base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java @@ -70,6 +70,8 @@ public class ConfigurationRequest { private static final String ADMIN_SUBJECT_DN = "adminSubjectDN"; private static final String ADMIN_NAME = "adminName"; private static final String ADMIN_PROFILE_ID = "adminProfileID"; + private static final String IMPORT_ADMIN_CERT = "importAdminCert"; + private static final String ADMIN_CERT = "adminCert"; private static final String STEP_TWO = "stepTwo"; private static final String GENERATE_SERVER_CERT = "generateServerCert"; @@ -195,6 +197,12 @@ public class ConfigurationRequest { @XmlElement protected String adminProfileID; + @XmlElement(defaultValue = "false") + protected String importAdminCert; + + @XmlElement + protected String adminCert; + @XmlElement protected String stepTwo; @@ -244,6 +252,8 @@ public class ConfigurationRequest { adminSubjectDN = form.getFirst(ADMIN_SUBJECT_DN); adminName = form.getFirst(ADMIN_NAME); adminProfileID = form.getFirst(ADMIN_PROFILE_ID); + adminCert = form.getFirst(ADMIN_CERT); + importAdminCert = form.getFirst(IMPORT_ADMIN_CERT); stepTwo = form.getFirst(STEP_TWO); generateServerCert = form.getFirst(GENERATE_SERVER_CERT); } @@ -723,6 +733,22 @@ public class ConfigurationRequest { this.adminProfileID = adminProfileID; } + public String getImportAdminCert() { + return importAdminCert; + } + + public void setImportAdminCert(String importAdminCert) { + this.importAdminCert = importAdminCert; + } + + public String getAdminCert() { + return adminCert; + } + + public void setAdminCert(String adminCert) { + this.adminCert = adminCert; + } + public String getStepTwo() { return stepTwo; } @@ -787,6 +813,8 @@ public class ConfigurationRequest { ", adminSubjectDN=" + adminSubjectDN + ", adminName=" + adminName + ", adminProfileID=" + adminProfileID + + ", adminCert=" + adminCert + + ", importAdminCert=" + importAdminCert + ", generateServerCert=" + generateServerCert + ", stepTwo=" + stepTwo + "]"; } diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java index 31fcaac9d..e4f9445d3 100644 --- a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java +++ b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java @@ -72,7 +72,6 @@ public class SystemConfigService extends PKIService implements SystemConfigResou public static String SUCCESS = "0"; public static final String RESTART_SERVER_AFTER_CONFIGURATION = "restart_server_after_configuration"; - private Random random = null; public SystemConfigService() throws EPropertyNotFound, EBaseException { cs = CMS.getConfigStore(); @@ -83,7 +82,6 @@ public class SystemConfigService extends PKIService implements SystemConfigResou isMasterCA = true; } instanceRoot = cs.getString("instanceRoot"); - random = new Random(); } /* (non-Javadoc) @@ -598,31 +596,37 @@ public class SystemConfigService extends PKIService implements SystemConfigResou X509CertImpl admincerts[] = new X509CertImpl[1]; ConfigurationUtils.createAdmin(data.getAdminUID(), data.getAdminEmail(), data.getAdminName(), data.getAdminPassword()); - if (csType.equals("CA")) { - ConfigurationUtils.createAdminCertificate(data.getAdminCertRequest(), - data.getAdminCertRequestType(), data.getAdminSubjectDN()); - - String serialno = cs.getString("preop.admincert.serialno.0"); - ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(ICertificateAuthority.ID); - ICertificateRepository repo = ca.getCertificateRepository(); - admincerts[0] = repo.getX509Certificate(new BigInteger(serialno, 16)); + if (data.getImportAdminCert().equalsIgnoreCase("true")) { + String b64 = CryptoUtil.stripCertBrackets(data.getAdminCert().trim()); + byte[] b = CryptoUtil.base64Decode(b64); + admincerts[0] = new X509CertImpl(b); } else { - String type = cs.getString("preop.ca.type", ""); - String ca_hostname = ""; - int ca_port = -1; - if (type.equals("sdca")) { - ca_hostname = cs.getString("preop.ca.hostname"); - ca_port = cs.getInteger("preop.ca.httpsport"); + if (csType.equals("CA")) { + ConfigurationUtils.createAdminCertificate(data.getAdminCertRequest(), + data.getAdminCertRequestType(), data.getAdminSubjectDN()); + + String serialno = cs.getString("preop.admincert.serialno.0"); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(ICertificateAuthority.ID); + ICertificateRepository repo = ca.getCertificateRepository(); + admincerts[0] = repo.getX509Certificate(new BigInteger(serialno, 16)); } else { - ca_hostname = cs.getString("securitydomain.host", ""); - ca_port = cs.getInteger("securitydomain.httpseeport"); + String type = cs.getString("preop.ca.type", ""); + String ca_hostname = ""; + int ca_port = -1; + if (type.equals("sdca")) { + ca_hostname = cs.getString("preop.ca.hostname"); + ca_port = cs.getInteger("preop.ca.httpsport"); + } else { + ca_hostname = cs.getString("securitydomain.host", ""); + ca_port = cs.getInteger("securitydomain.httpseeport"); + } + String b64 = ConfigurationUtils.submitAdminCertRequest(ca_hostname, ca_port, + data.getAdminProfileID(), data.getAdminCertRequestType(), + data.getAdminCertRequest(), data.getAdminSubjectDN()); + b64 = CryptoUtil.stripCertBrackets(b64.trim()); + byte[] b = CryptoUtil.base64Decode(b64); + admincerts[0] = new X509CertImpl(b); } - String b64 = ConfigurationUtils.submitAdminCertRequest(ca_hostname, ca_port, - data.getAdminProfileID(), data.getAdminCertRequestType(), - data.getAdminCertRequest(), data.getAdminSubjectDN()); - b64 = CryptoUtil.stripCertBrackets(b64.trim()); - byte[] b = CryptoUtil.base64Decode(b64); - admincerts[0] = new X509CertImpl(b); } CMS.reinit(IUGSubsystem.ID); @@ -902,26 +906,37 @@ public class SystemConfigService extends PKIService implements SystemConfigResou } if (data.getIsClone().equals("false")) { - if ((data.getAdminUID() == null) || (data.getAdminUID().length()==0)) { + if ((data.getAdminUID() == null) || (data.getAdminUID().length() == 0)) { throw new PKIException(Response.Status.BAD_REQUEST, "Admin UID not provided"); } - if ((data.getAdminPassword() == null) || (data.getAdminPassword().length()==0)) { + if ((data.getAdminPassword() == null) || (data.getAdminPassword().length() == 0)) { throw new PKIException(Response.Status.BAD_REQUEST, "Admin Password not provided"); } - if ((data.getAdminEmail() == null) || (data.getAdminEmail().length()==0)) { + if ((data.getAdminEmail() == null) || (data.getAdminEmail().length() == 0)) { throw new PKIException(Response.Status.BAD_REQUEST, "Admin UID not provided"); } - if ((data.getAdminName() == null) || (data.getAdminName().length()==0)) { + if ((data.getAdminName() == null) || (data.getAdminName().length() == 0)) { throw new PKIException(Response.Status.BAD_REQUEST, "Admin name not provided"); } - if ((data.getAdminCertRequest() == null) || (data.getAdminCertRequest().length()==0)) { - throw new PKIException(Response.Status.BAD_REQUEST, "Admin cert request not provided"); - } - if ((data.getAdminCertRequestType() == null) || (data.getAdminCertRequestType().length()==0)) { - throw new PKIException(Response.Status.BAD_REQUEST, "Admin cert request type not provided"); + + if (data.getImportAdminCert() == null) { + data.setImportAdminCert("false"); } - if ((data.getAdminSubjectDN() == null) || (data.getAdminSubjectDN().length()==0)) { - throw new PKIException(Response.Status.BAD_REQUEST, "Admin subjectDN not provided"); + + if (data.getImportAdminCert().equalsIgnoreCase("true")) { + if (data.getAdminCert() == null) { + throw new PKIException(Response.Status.BAD_REQUEST, "Admin Cert not provided"); + } + } else { + if ((data.getAdminCertRequest() == null) || (data.getAdminCertRequest().length() == 0)) { + throw new PKIException(Response.Status.BAD_REQUEST, "Admin cert request not provided"); + } + if ((data.getAdminCertRequestType() == null) || (data.getAdminCertRequestType().length() == 0)) { + throw new PKIException(Response.Status.BAD_REQUEST, "Admin cert request type not provided"); + } + if ((data.getAdminSubjectDN() == null) || (data.getAdminSubjectDN().length() == 0)) { + throw new PKIException(Response.Status.BAD_REQUEST, "Admin subjectDN not provided"); + } } } -- cgit