From 621d9e5c413e561293d7484b93882d985b3fe15f Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Sat, 24 Mar 2012 02:27:47 -0500 Subject: Removed unnecessary pki folder. Previously the source code was located inside a pki folder. This folder was created during svn migration and is no longer needed. This folder has now been removed and the contents have been moved up one level. Ticket #131 --- .../cms/servlet/csadmin/UpdateOCSPConfig.java | 182 +++++++++++++++++++++ 1 file changed, 182 insertions(+) create mode 100644 base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java (limited to 'base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java') diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java b/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java new file mode 100644 index 000000000..2d3e33f9a --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java @@ -0,0 +1,182 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.csadmin; + +import java.io.IOException; +import java.util.Locale; + +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.w3c.dom.Node; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.authentication.IAuthToken; +import com.netscape.certsrv.authorization.AuthzToken; +import com.netscape.certsrv.authorization.EAuthzAccessDenied; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.logging.ILogger; +import com.netscape.cms.servlet.base.CMSServlet; +import com.netscape.cms.servlet.base.UserInfo; +import com.netscape.cms.servlet.common.CMSRequest; +import com.netscape.cms.servlet.common.ICMSTemplateFiller; +import com.netscape.cmsutil.xml.XMLObject; + +public class UpdateOCSPConfig extends CMSServlet { + + /** + * + */ + private static final long serialVersionUID = 42812270761684404L; + private final static String SUCCESS = "0"; + private final static String FAILED = "1"; + private final static String AUTH_FAILURE = "2"; + + public UpdateOCSPConfig() { + super(); + } + + /** + * initialize the servlet. + * + * @param sc servlet configuration, read from the web.xml file + */ + public void init(ServletConfig sc) throws ServletException { + CMS.debug("UpdateOCSPConfig: initializing..."); + super.init(sc); + CMS.debug("UpdateOCSPConfig: done initializing..."); + } + + protected void process(CMSRequest cmsReq) throws EBaseException { + CMS.debug("UpdateOCSPConfig: processing..."); + + HttpServletRequest httpReq = cmsReq.getHttpReq(); + HttpServletResponse httpResp = cmsReq.getHttpResp(); + + CMS.debug("UpdateOCSPConfig process: authentication starts"); + IAuthToken authToken = authenticate(cmsReq); + if (authToken == null) { + CMS.debug("UpdateOCSPConfig process: authToken is null"); + outputError(httpResp, AUTH_FAILURE, "Error: not authenticated"); + } + + AuthzToken authzToken = null; + + try { + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); + } catch (EAuthzAccessDenied e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + outputError(httpResp, "Error: Not authorized"); + return; + } catch (Exception e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + outputError(httpResp, + "Error: Encountered problem during authorization."); + return; + } + if (authzToken == null) { + outputError(httpResp, "Error: Not authorized"); + return; + } + + IConfigStore cs = CMS.getConfigStore(); + String nickname = ""; + + // get nickname + try { + nickname = cs.getString("ca.subsystem.nickname", ""); + String tokenname = cs.getString("ca.subsystem.tokenname", ""); + if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) + nickname = tokenname + ":" + nickname; + } catch (Exception e) { + } + + CMS.debug("UpdateOCSPConfig process: nickname=" + nickname); + + String ocsphost = httpReq.getParameter("ocsp_host"); + String ocspport = httpReq.getParameter("ocsp_port"); + try { + cs.putString("ca.publish.enable", "true"); + cs.putString("ca.publish.publisher.instance.OCSPPublisher.host", + ocsphost); + cs.putString("ca.publish.publisher.instance.OCSPPublisher.port", + ocspport); + cs.putString("ca.publish.publisher.instance.OCSPPublisher.nickName", + nickname); + cs.putString("ca.publish.publisher.instance.OCSPPublisher.path", + "/ocsp/agent/ocsp/addCRL"); + cs.putString("ca.publish.publisher.instance.OCSPPublisher.pluginName", "OCSPPublisher"); + cs.putString("ca.publish.publisher.instance.OCSPPublisher.enableClientAuth", "true"); + cs.putString("ca.publish.rule.instance.ocsprule.enable", "true"); + cs.putString("ca.publish.rule.instance.ocsprule.mapper", "NoMap"); + cs.putString("ca.publish.rule.instance.ocsprule.pluginName", "Rule"); + cs.putString("ca.publish.rule.instance.ocsprule.publisher", + "OCSPPublisher"); + cs.putString("ca.publish.rule.instance.ocsprule.type", "crl"); + cs.commit(false); + // insert info + CMS.debug("UpdateOCSPConfig: Sending response"); + + // send success status back to the requestor + XMLObject xmlObj = new XMLObject(); + Node root = xmlObj.createRoot("XMLResponse"); + + xmlObj.addItemToContainer(root, "Status", SUCCESS); + byte[] cb = xmlObj.toByteArray(); + + outputResult(httpResp, "application/xml", cb); + } catch (Exception e) { + CMS.debug("UpdateOCSPConfig: Failed to update OCSP configuration. Exception: " + e.toString()); + outputError(httpResp, "Error: Failed to update OCSP configuration."); + } + } + + protected void setDefaultTemplates(ServletConfig sc) { + } + + protected void renderTemplate( + CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) + throws IOException {// do nothing + } + + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + } + + /** + * Retrieves locale based on the request. + */ + protected Locale getLocale(HttpServletRequest req) { + Locale locale = null; + String lang = req.getHeader("accept-language"); + + if (lang == null) { + // use server locale + locale = Locale.getDefault(); + } else { + locale = new Locale(UserInfo.getUserLanguage(lang), + UserInfo.getUserCountry(lang)); + } + return locale; + } +} -- cgit