From a4682ceae6774956461edd03b2485bbacea445f4 Mon Sep 17 00:00:00 2001 From: mharmsen Date: Tue, 4 Oct 2011 01:17:41 +0000 Subject: Bugzilla Bug #688225 - (dogtagIPAv2.1) TRACKER: of the Dogtag fixes for freeIPA 2.1 git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/tags/IPA_v2_RHEL_6_2_20111003@2252 c9f7a03b-bd48-0410-a16d-cbbf54688b0b --- .../cms/listeners/CertificateIssuedListener.java | 445 +++++++++++++++++++++ .../cms/listeners/CertificateRevokedListener.java | 439 ++++++++++++++++++++ .../netscape/cms/listeners/PinRemovalListener.java | 182 +++++++++ .../netscape/cms/listeners/RequestInQListener.java | 277 +++++++++++++ 4 files changed, 1343 insertions(+) create mode 100644 pki/base/common/src/com/netscape/cms/listeners/CertificateIssuedListener.java create mode 100644 pki/base/common/src/com/netscape/cms/listeners/CertificateRevokedListener.java create mode 100644 pki/base/common/src/com/netscape/cms/listeners/PinRemovalListener.java create mode 100644 pki/base/common/src/com/netscape/cms/listeners/RequestInQListener.java (limited to 'pki/base/common/src/com/netscape/cms/listeners') diff --git a/pki/base/common/src/com/netscape/cms/listeners/CertificateIssuedListener.java b/pki/base/common/src/com/netscape/cms/listeners/CertificateIssuedListener.java new file mode 100644 index 000000000..c9b4c4a7f --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/listeners/CertificateIssuedListener.java @@ -0,0 +1,445 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.listeners; + + +import java.io.File; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.apps.*; +import com.netscape.certsrv.listeners.*; +import com.netscape.certsrv.authority.*; +import com.netscape.certsrv.logging.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.profile.*; +import com.netscape.certsrv.notification.*; +import com.netscape.certsrv.apps.*; +import java.security.*; +import java.security.cert.*; +import java.io.IOException; +import java.util.*; +import netscape.security.x509.*; +import com.netscape.certsrv.common.*; +import java.text.DateFormat; + + +/** + * a listener for every completed enrollment request + *

+ * Here is a list of available $TOKENs for email notification + templates if certificate is successfully issued: + *

+ *

+ * Here is a list of available $TOKENs for email notification + templates if certificate request is rejected: + *

+ * + * @version $Revision$, $Date$ + */ +public class CertificateIssuedListener implements IRequestListener { + protected final static String PROP_CERT_ISSUED_SUBSTORE = "certIssued"; + protected static final String PROP_ENABLED = "enabled"; + protected final static String PROP_NOTIFY_SUBSTORE = "notification"; + + protected final static String PROP_SENDER_EMAIL = "senderEmail"; + protected final static String PROP_EMAIL_SUBJECT = "emailSubject"; + public final static String PROP_EMAIL_TEMPLATE = "emailTemplate"; + + protected final static String REJECT_FILE_NAME = "certRequestRejected"; + + private boolean mEnabled = false; + private ILogger mLogger = CMS.getLogger(); + private String mSenderEmail = null; + private String mSubject = null; + private String mSubject_Success = null; + private String mFormPath = null; + private String mRejectPath = null; + private Hashtable mContentParams = new Hashtable(); + + private ICertAuthority mSub = null; + private IConfigStore mConfig = null; + private DateFormat mDateFormat = null; + private ICertAuthority mSubsystem = null; + private String mHttpHost = null; + private String mHttpPort = null; + private RequestId mReqId = null; + + public CertificateIssuedListener() { + } + + public void init(ISubsystem sub, IConfigStore config) + throws EListenersException, EPropertyNotFound, EBaseException { + mSubsystem = (ICertAuthority) sub; + mConfig = mSubsystem.getConfigStore(); + + IConfigStore nc = mConfig.getSubStore(PROP_NOTIFY_SUBSTORE); + IConfigStore rc = nc.getSubStore(PROP_CERT_ISSUED_SUBSTORE); + + mEnabled = rc.getBoolean(PROP_ENABLED, false); + + mSenderEmail = rc.getString(PROP_SENDER_EMAIL); + if (mSenderEmail == null) { + throw new EListenersException(CMS.getLogMessage("NO_NOTIFY_SENDER_EMAIL_CONFIG_FOUND")); + } + + mFormPath = rc.getString(PROP_EMAIL_TEMPLATE); + String mDir = null; + + // figure out the reject email path: same dir as form path, + // same ending as form path + int ridx = mFormPath.lastIndexOf(File.separator); + + if (ridx == -1) { + CMS.debug("CertificateIssuedListener: file separator: " + File.separator + + + " not found. Use default /"); + ridx = mFormPath.lastIndexOf("/"); + mDir = mFormPath.substring(0, ridx + 1); + } else { + mDir = mFormPath.substring(0, ridx + + File.separator.length()); + } + CMS.debug("CertificateIssuedListener: template file directory: " + mDir); + mRejectPath = mDir + REJECT_FILE_NAME; + if (mFormPath.endsWith(".html")) + mRejectPath += ".html"; + else if (mFormPath.endsWith(".HTML")) + mRejectPath += ".HTML"; + else if (mFormPath.endsWith(".htm")) + mRejectPath += ".htm"; + else if (mFormPath.endsWith(".HTM")) + mRejectPath += ".HTM"; + + CMS.debug("CertificateIssuedListener: Reject file path: " + mRejectPath); + + mDateFormat = DateFormat.getDateTimeInstance(); + + mSubject_Success = rc.getString(PROP_EMAIL_SUBJECT, + "Your Certificate Request"); + mSubject = new String(mSubject_Success); + + // form the cert retrieval URL for the notification + mHttpHost = CMS.getEEHost(); + mHttpPort = CMS.getEESSLPort(); + + // register for this event listener + mSubsystem.registerRequestListener(this); + } + + public void accept(IRequest r) { + CMS.debug("CertificateIssuedListener: accept " + + r.getRequestId().toString()); + if (mEnabled != true) return; + + mSubject = mSubject_Success; + mReqId = r.getRequestId(); + // is it rejected? + String rs = r.getRequestStatus().toString(); + + if (rs.equals("rejected")) { + CMS.debug("CertificateIssuedListener: Request status: " + rs); + rejected(r); + return; + } + + CMS.debug("CertificateIssuedListener: accept check status "); + + // check if it is profile request + String profileId = r.getExtDataInString("profileId"); + + // check if request failed. + if (profileId == null) { + if (r.getExtDataInInteger(IRequest.RESULT) == null) + return; + if ((r.getExtDataInInteger(IRequest.RESULT)).equals(IRequest.RES_ERROR)) { + CMS.debug("CertificateIssuedListener: Request errored. " + + "No need to email notify for enrollment request id " + + mReqId); + return; + } + } + String requestType = r.getRequestType(); + + if (requestType.equals(IRequest.ENROLLMENT_REQUEST) || + requestType.equals(IRequest.RENEWAL_REQUEST)) { + CMS.debug("accept() enrollment/renewal request..."); + // Get the certificate from the request + X509CertImpl issuedCert[] = null; + + // handle profile-based enrollment's notification + if (profileId == null) { + issuedCert = r.getExtDataInCertArray(IRequest.ISSUED_CERTS); + } else { + issuedCert = new X509CertImpl[1]; + issuedCert[0] = + r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); + } + + if (issuedCert != null) { + CMS.debug("CertificateIssuedListener: Sending email notification.."); + + // do we have an email to send? + String mEmail = null; + IEmailResolverKeys keys = CMS.getEmailResolverKeys(); + + try { + keys.set(IEmailResolverKeys.KEY_REQUEST, r); + keys.set(IEmailResolverKeys.KEY_CERT, + issuedCert[0]); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString())); + } + + IEmailResolver er = CMS.getReqCertSANameEmailResolver(); + + try { + mEmail = er.getEmail(keys); + } catch (ENotificationException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION", + e.toString())); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION", + e.toString())); + } catch (Exception e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION", + e.toString())); + } + + // now we can mail + if ((mEmail != null) && (!mEmail.equals(""))) { + mailIt(mEmail, issuedCert); + } else { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("LISTENERS_CERT_ISSUED_NOTIFY_ERROR", + issuedCert[0].getSerialNumber().toString(), mReqId.toString())); + // send failure notification to "sender" + mSubject = "Certificate Issued notification undeliverable"; + mailIt(mSenderEmail, issuedCert); + } + } + } + } + + private void mailIt(String mEmail, X509CertImpl issuedCert[]) { + IMailNotification mn = CMS.getMailNotification(); + + mn.setFrom(mSenderEmail); + mn.setTo(mEmail); + mn.setSubject(mSubject); + + /* + * get template file from disk + */ + IEmailTemplate template = CMS.getEmailTemplate(mFormPath); + + /* + * parse and process the template + */ + if (template != null) { + if (!template.init()) { + return; + } + + buildContentParams(issuedCert, mEmail); + IEmailFormProcessor et = CMS.getEmailFormProcessor(); + String c = et.getEmailContent(template.toString(), mContentParams); + + if (template.isHTML()) { + mn.setContentType("text/html"); + } + mn.setContent(c); + } else { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("LISTENERS_CERT_ISSUED_TEMPLATE_ERROR", + issuedCert[0].getSerialNumber().toString(), mReqId.toString())); + + mn.setContent("Serial Number = " + + issuedCert[0].getSerialNumber() + + "; Request ID = " + mReqId); + } + + try { + mn.sendNotification(); + } catch (ENotificationException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); + + } catch (IOException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); + } + } + + private void rejected(IRequest r) { + // do we have an email to send? + String mEmail = null; + IEmailResolverKeys keys = CMS.getEmailResolverKeys(); + + try { + keys.set(IEmailResolverKeys.KEY_REQUEST, r); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString())); + } + + IEmailResolver er = CMS.getReqCertSANameEmailResolver(); + + try { + mEmail = er.getEmail(keys); + } catch (ENotificationException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); + } catch (Exception e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); + } + + // now we can mail + if ((mEmail != null) && !mEmail.equals("")) { + IMailNotification mn = CMS.getMailNotification(); + + mn.setFrom(mSenderEmail); + mn.setTo(mEmail); + mn.setSubject(mSubject); + + /* + * get rejection file from disk + */ + IEmailTemplate template = CMS.getEmailTemplate(mRejectPath); + + if (template != null) { + if (!template.init()) { + return; + } + + if (template.isHTML()) { + mn.setContentType("text/html"); + } + + // build some token data + mContentParams.put(IEmailFormProcessor.TOKEN_ID, + mConfig.getName()); + mReqId = r.getRequestId(); + mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_ID, + (Object) mReqId.toString()); + IEmailFormProcessor et = CMS.getEmailFormProcessor(); + String c = et.getEmailContent(template.toString(), mContentParams); + + mn.setContent(c); + } else { + log(ILogger.LL_FAILURE, CMS.getLogMessage("LISTENERS_CERT_ISSUED_REJECTION")); + mn.setContent("Your Certificate Request has been rejected. Please contact your administrator for assistance"); + } + + try { + mn.sendNotification(); + } catch (ENotificationException e) { + // already logged, lets audit + log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); + + } catch (IOException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); + } + } else { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("LISTENERS_CERT_ISSUED_REJECTION_NOTIFICATION", mReqId.toString())); + + } + } + + private void buildContentParams(X509CertImpl issuedCert[], String mEmail) { + mContentParams.put(IEmailFormProcessor.TOKEN_ID, + mConfig.getName()); + mContentParams.put(IEmailFormProcessor.TOKEN_SERIAL_NUM, + (Object) issuedCert[0].getSerialNumber().toString()); + mContentParams.put(IEmailFormProcessor.TOKEN_HEX_SERIAL_NUM, + (Object) Long.toHexString(issuedCert[0].getSerialNumber().longValue())); + mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_ID, + (Object) mReqId.toString()); + mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_HOST, + (Object) mHttpHost); + mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_PORT, + (Object) mHttpPort); + mContentParams.put(IEmailFormProcessor.TOKEN_ISSUER_DN, + (Object) issuedCert[0].getIssuerDN().toString()); + mContentParams.put(IEmailFormProcessor.TOKEN_SUBJECT_DN, + (Object) issuedCert[0].getSubjectDN().toString()); + + Date date = (Date) issuedCert[0].getNotAfter(); + + mContentParams.put(IEmailFormProcessor.TOKEN_NOT_AFTER, + mDateFormat.format(date)); + + date = (Date) issuedCert[0].getNotBefore(); + mContentParams.put(IEmailFormProcessor.TOKEN_NOT_BEFORE, + mDateFormat.format(date)); + + mContentParams.put(IEmailFormProcessor.TOKEN_SENDER_EMAIL, + (Object) mSenderEmail); + mContentParams.put(IEmailFormProcessor.TOKEN_RECIPIENT_EMAIL, + (Object) mEmail); + // ... and more + } + + /** + * sets the configurable parameters + */ + public void set(String name, String val) { + if (name.equalsIgnoreCase(PROP_ENABLED)) { + if (val.equalsIgnoreCase("true")) { + mEnabled = true; + } else { + mEnabled = false; + } + } else if (name.equalsIgnoreCase(PROP_SENDER_EMAIL)) { + mSenderEmail = val; + } else if (name.equalsIgnoreCase(PROP_EMAIL_SUBJECT)) { + mSubject_Success = val; + mSubject = mSubject_Success; + } else if (name.equalsIgnoreCase(PROP_EMAIL_TEMPLATE)) { + mFormPath = val; + } else { + log(ILogger.LL_FAILURE, CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET")); + } + } + + private void log(int level, String msg) { + if (mLogger == null) + return; + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, + level, msg); + } + +} diff --git a/pki/base/common/src/com/netscape/cms/listeners/CertificateRevokedListener.java b/pki/base/common/src/com/netscape/cms/listeners/CertificateRevokedListener.java new file mode 100644 index 000000000..5a1500587 --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/listeners/CertificateRevokedListener.java @@ -0,0 +1,439 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.listeners; + + +import java.io.File; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.apps.*; +import com.netscape.certsrv.listeners.*; +import com.netscape.certsrv.authority.*; +import com.netscape.certsrv.logging.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.notification.*; +import com.netscape.certsrv.apps.*; +import java.security.*; +import java.security.cert.*; +import java.io.IOException; +import java.util.*; +import netscape.security.x509.*; +import com.netscape.certsrv.common.*; +import java.text.DateFormat; +import com.netscape.certsrv.dbs.certdb.ICertificateRepository; +import com.netscape.certsrv.ca.*; + + +/** + * a listener for every completed enrollment request + *

+ * Here is a list of available $TOKENs for email notification + templates if certificate is successfully issued: + *

+ *

+ * Here is a list of available $TOKENs for email notification + templates if certificate request is revoked: + *

+ * + * @version $Revision$, $Date$ + */ +public class CertificateRevokedListener implements IRequestListener { + protected final static String PROP_CERT_ISSUED_SUBSTORE = "certRevoked"; + protected static final String PROP_ENABLED = "enabled"; + protected final static String PROP_NOTIFY_SUBSTORE = "notification"; + + protected final static String PROP_SENDER_EMAIL = "senderEmail"; + protected final static String PROP_EMAIL_SUBJECT = "emailSubject"; + public final static String PROP_EMAIL_TEMPLATE = "emailTemplate"; + + protected final static String REJECT_FILE_NAME = "certRequestRejected"; + + private boolean mEnabled = false; + private ILogger mLogger = CMS.getLogger(); + private String mSenderEmail = null; + private String mSubject = null; + private String mSubject_Success = null; + private String mFormPath = null; + private String mRejectPath = null; + private Hashtable mContentParams = new Hashtable(); + + private ICertAuthority mSub = null; + private IConfigStore mConfig = null; + private DateFormat mDateFormat = null; + private ICertAuthority mSubsystem = null; + private String mHttpHost = null; + private String mHttpPort = null; + private RequestId mReqId = null; + + public CertificateRevokedListener() { + } + + public void init(ISubsystem sub, IConfigStore config) + throws EListenersException, EPropertyNotFound, EBaseException { + mSubsystem = (ICertAuthority) sub; + mConfig = mSubsystem.getConfigStore(); + + IConfigStore nc = mConfig.getSubStore(PROP_NOTIFY_SUBSTORE); + IConfigStore rc = nc.getSubStore(PROP_CERT_ISSUED_SUBSTORE); + + mEnabled = rc.getBoolean(PROP_ENABLED, false); + + mSenderEmail = rc.getString(PROP_SENDER_EMAIL); + if (mSenderEmail == null) { + throw new EListenersException(CMS.getLogMessage("NO_NOTIFY_SENDER_EMAIL_CONFIG_FOUND")); + } + + mFormPath = rc.getString(PROP_EMAIL_TEMPLATE); + String mDir = null; + + // figure out the reject email path: same dir as form path, + // same ending as form path + int ridx = mFormPath.lastIndexOf(File.separator); + + if (ridx == -1) { + CMS.debug("CertificateRevokedListener: file separator: " + File.separator + + + " not found. Use default /"); + ridx = mFormPath.lastIndexOf("/"); + mDir = mFormPath.substring(0, ridx + 1); + } else { + mDir = mFormPath.substring(0, ridx + + File.separator.length()); + } + CMS.debug("CertificateRevokedListener: template file directory: " + mDir); + mRejectPath = mDir + REJECT_FILE_NAME; + if (mFormPath.endsWith(".html")) + mRejectPath += ".html"; + else if (mFormPath.endsWith(".HTML")) + mRejectPath += ".HTML"; + else if (mFormPath.endsWith(".htm")) + mRejectPath += ".htm"; + else if (mFormPath.endsWith(".HTM")) + mRejectPath += ".HTM"; + + CMS.debug("CertificateRevokedListener: Reject file path: " + mRejectPath); + + mDateFormat = DateFormat.getDateTimeInstance(); + + mSubject_Success = rc.getString(PROP_EMAIL_SUBJECT, + "Your Certificate Request"); + mSubject = new String(mSubject_Success); + + // form the cert retrieval URL for the notification + mHttpHost = CMS.getEEHost(); + mHttpPort = CMS.getEESSLPort(); + + // register for this event listener + mSubsystem.registerRequestListener(this); + } + + public void accept(IRequest r) { + if (mEnabled != true) return; + + mSubject = mSubject_Success; + mReqId = r.getRequestId(); + // is it revoked? + String rs = r.getRequestStatus().toString(); + String requestType = r.getRequestType(); + + if (requestType.equals(IRequest.REVOCATION_REQUEST) == false) + return; + if (rs.equals("complete") == false) { + CMS.debug("CertificateRevokedListener: Request status: " + rs); + //revoked(r); + return; + } + + // check if request failed. + if (r.getExtDataInInteger(IRequest.RESULT) == null) + return; + + if ((r.getExtDataInInteger(IRequest.RESULT)).equals(IRequest.RES_ERROR)) { + CMS.debug("CertificateRevokedListener: Request errored. " + + "No need to email notify for enrollment request id " + + mReqId); + return; + } + + if (requestType.equals(IRequest.REVOCATION_REQUEST)) { + CMS.debug("CertificateRevokedListener: accept() revocation request..."); + // Get the certificate from the request + //X509CertImpl issuedCert[] = + // (X509CertImpl[]) + RevokedCertImpl crlentries[] = + r.getExtDataInRevokedCertArray(IRequest.CERT_INFO); + + if (crlentries != null) { + CMS.debug("CertificateRevokedListener: Sending email notification.."); + + // do we have an email to send? + String mEmail = null; + IEmailResolverKeys keys = CMS.getEmailResolverKeys(); + + try { + keys.set(IEmailResolverKeys.KEY_REQUEST, r); + keys.set(IEmailResolverKeys.KEY_CERT, + crlentries[0]); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString())); + } + + IEmailResolver er = CMS.getReqCertSANameEmailResolver(); + + try { + mEmail = er.getEmail(keys); + } catch (ENotificationException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION", + e.toString())); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION", + e.toString())); + } catch (Exception e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION", + e.toString())); + } + + // now we can mail + if ((mEmail != null) && (!mEmail.equals(""))) { + mailIt(mEmail, crlentries); + } else { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("LISTENERS_CERT_ISSUED_NOTIFY_ERROR", + crlentries[0].getSerialNumber().toString(), mReqId.toString())); + // send failure notification to "sender" + mSubject = "Certificate Issued notification undeliverable"; + mailIt(mSenderEmail, crlentries); + } + } + } + } + + private void mailIt(String mEmail, RevokedCertImpl crlentries[]) { + IMailNotification mn = CMS.getMailNotification(); + + mn.setFrom(mSenderEmail); + mn.setTo(mEmail); + mn.setSubject(mSubject); + + /* + * get template file from disk + */ + IEmailTemplate template = CMS.getEmailTemplate(mFormPath); + + /* + * parse and process the template + */ + if (template != null) { + if (!template.init()) { + return; + } + + buildContentParams(crlentries, mEmail); + IEmailFormProcessor et = CMS.getEmailFormProcessor(); + String c = et.getEmailContent(template.toString(), mContentParams); + + if (template.isHTML()) { + mn.setContentType("text/html"); + } + mn.setContent(c); + } else { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("LISTENERS_CERT_ISSUED_TEMPLATE_ERROR", + crlentries[0].getSerialNumber().toString(), mReqId.toString())); + + mn.setContent("Serial Number = " + + crlentries[0].getSerialNumber() + + "; Request ID = " + mReqId); + } + + try { + mn.sendNotification(); + } catch (ENotificationException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); + + } catch (IOException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); + } + } + + private void revoked(IRequest r) { + // do we have an email to send? + String mEmail = null; + IEmailResolverKeys keys = CMS.getEmailResolverKeys(); + + try { + keys.set(IEmailResolverKeys.KEY_REQUEST, r); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString())); + } + + IEmailResolver er = CMS.getReqCertSANameEmailResolver(); + + try { + mEmail = er.getEmail(keys); + } catch (ENotificationException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); + } catch (Exception e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); + } + + // now we can mail + if ((mEmail != null) && !mEmail.equals("")) { + IMailNotification mn = CMS.getMailNotification(); + + mn.setFrom(mSenderEmail); + mn.setTo(mEmail); + mn.setSubject(mSubject); + + /* + * get rejection file from disk + */ + IEmailTemplate template = CMS.getEmailTemplate(mRejectPath); + + if (template != null) { + if (!template.init()) { + return; + } + + if (template.isHTML()) { + mn.setContentType("text/html"); + } + + // build some token data + mContentParams.put(IEmailFormProcessor.TOKEN_ID, + mConfig.getName()); + mReqId = r.getRequestId(); + mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_ID, + (Object) mReqId.toString()); + IEmailFormProcessor et = CMS.getEmailFormProcessor(); + String c = et.getEmailContent(template.toString(), mContentParams); + + mn.setContent(c); + } else { + log(ILogger.LL_FAILURE, CMS.getLogMessage("LISTENERS_CERT_ISSUED_REJECTION")); + mn.setContent("Your Certificate Request has been revoked. Please contact your administrator for assistance"); + } + + try { + mn.sendNotification(); + } catch (ENotificationException e) { + // already logged, lets audit + log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); + + } catch (IOException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); + } + } else { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("LISTENERS_CERT_ISSUED_REJECTION_NOTIFICATION", mReqId.toString())); + + } + } + + private void buildContentParams(RevokedCertImpl crlentries[], String mEmail) { + mContentParams.put(IEmailFormProcessor.TOKEN_ID, + mConfig.getName()); + mContentParams.put(IEmailFormProcessor.TOKEN_SERIAL_NUM, + (Object) crlentries[0].getSerialNumber().toString()); + mContentParams.put(IEmailFormProcessor.TOKEN_HEX_SERIAL_NUM, + (Object) Long.toHexString(crlentries[0].getSerialNumber().longValue())); + mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_ID, + (Object) mReqId.toString()); + mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_HOST, + (Object) mHttpHost); + mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_PORT, + (Object) mHttpPort); + + try { + RevokedCertImpl revCert = (RevokedCertImpl) crlentries[0]; + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateRepository certDB = ca.getCertificateRepository(); + X509Certificate cert = certDB.getX509Certificate(revCert.getSerialNumber()); + + mContentParams.put(IEmailFormProcessor.TOKEN_ISSUER_DN, + (Object) cert.getIssuerDN().toString()); + mContentParams.put(IEmailFormProcessor.TOKEN_SUBJECT_DN, + (Object) cert.getSubjectDN().toString()); + Date date = (Date) crlentries[0].getRevocationDate(); + + mContentParams.put(IEmailFormProcessor.TOKEN_REVOCATION_DATE, + mDateFormat.format(date)); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString())); + } + + mContentParams.put(IEmailFormProcessor.TOKEN_SENDER_EMAIL, + (Object) mSenderEmail); + mContentParams.put(IEmailFormProcessor.TOKEN_RECIPIENT_EMAIL, + (Object) mEmail); + // ... and more + } + + /** + * sets the configurable parameters + */ + public void set(String name, String val) { + if (name.equalsIgnoreCase(PROP_ENABLED)) { + if (val.equalsIgnoreCase("true")) { + mEnabled = true; + } else { + mEnabled = false; + } + } else if (name.equalsIgnoreCase(PROP_SENDER_EMAIL)) { + mSenderEmail = val; + } else if (name.equalsIgnoreCase(PROP_EMAIL_SUBJECT)) { + mSubject_Success = val; + mSubject = mSubject_Success; + } else if (name.equalsIgnoreCase(PROP_EMAIL_TEMPLATE)) { + mFormPath = val; + } else { + log(ILogger.LL_FAILURE, CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET")); + } + } + + private void log(int level, String msg) { + if (mLogger == null) + return; + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, + level, msg); + } + +} diff --git a/pki/base/common/src/com/netscape/cms/listeners/PinRemovalListener.java b/pki/base/common/src/com/netscape/cms/listeners/PinRemovalListener.java new file mode 100644 index 000000000..c678a4b4b --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/listeners/PinRemovalListener.java @@ -0,0 +1,182 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.listeners; + + +import java.io.File; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.listeners.*; +import com.netscape.certsrv.logging.*; +import com.netscape.certsrv.authority.*; +import com.netscape.certsrv.ldap.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.listeners.*; +import com.netscape.certsrv.notification.*; +import java.security.*; +import java.security.cert.*; +import java.io.IOException; +import java.util.*; +import netscape.security.x509.*; +import netscape.ldap.*; +import com.netscape.certsrv.common.*; +import java.text.DateFormat; +import com.netscape.certsrv.authentication.*; +import com.netscape.certsrv.apps.*; + + +/** + * This represnets a listener that removes pin from LDAP directory. + * + * @version $Revision$, $Date$ + */ +public class PinRemovalListener implements IRequestListener { + protected static final String PROP_ENABLED = "enabled"; + protected static final String PROP_LDAP = "ldap"; + protected static final String PROP_BASEDN = "ldap.basedn"; + protected static final String PROP_PINATTR = "pinAttr"; + + protected String mName = null; + protected String mImplName = null; + protected String mBaseDN = null; + protected String mPinAttr = null; + + private boolean mEnabled = false; + private ILogger mLogger = CMS.getLogger(); + private Hashtable mContentParams = new Hashtable(); + + private ICertAuthority mSub = null; + private IConfigStore mConfig = null; + private IConfigStore mLdapConfig = null; + private RequestId mReqId = null; + private ILdapConnFactory mConnFactory = null; + private LDAPConnection mRemovePinLdapConnection = null; + + public PinRemovalListener() { + } + + public String getName() { + return mName; + } + + public String getImplName() { + return mImplName; + } + + public IConfigStore getConfigStore() { + return mConfig; + } + + public void shutdown() { + } + + protected String[] configParams = { "a" }; + + public String[] getConfigParams() + throws EBaseException { + + if (1 == 2) throw new EBaseException(""); + return configParams; + } + + public void init(ISubsystem sub, IConfigStore config) throws EBaseException { + init(null, null, config); + } + + public void init(String name, String ImplName, IConfigStore config) + throws EBaseException { + mName = name; + mImplName = ImplName; + mConfig = config; + + mLdapConfig = mConfig.getSubStore(PROP_LDAP); + mConnFactory = CMS.getLdapBoundConnFactory(); + mConnFactory.init(mLdapConfig); + mRemovePinLdapConnection = mConnFactory.getConn(); + + mEnabled = mConfig.getBoolean(PROP_ENABLED, false); + mBaseDN = mConfig.getString(PROP_BASEDN, ""); + mPinAttr = mConfig.getString(PROP_PINATTR, "pin"); + + } + + public void accept(IRequest r) { + if (mEnabled != true) return; + + mReqId = r.getRequestId(); + + String rs = r.getRequestStatus().toString(); + + CMS.debug("PinRemovalListener: Request status: " + rs); + if (!rs.equals("complete")) { + CMS.debug("PinRemovalListener: - request not complete - not removing pin"); + return; + } + String requestType = r.getRequestType(); + + if (requestType.equals(IRequest.ENROLLMENT_REQUEST) || + requestType.equals(IRequest.RENEWAL_REQUEST)) { + + String uid = r.getExtDataInString( + IRequest.HTTP_PARAMS, "uid"); + + if (uid == null) { + log(ILogger.LL_INFO, "did not find UID parameter in this request"); + return; + } + + String userdn = null; + + try { + LDAPSearchResults res = mRemovePinLdapConnection.search(mBaseDN, + LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", null, false); + + if (!res.hasMoreElements()) { + log(ILogger.LL_SECURITY, "uid " + uid + " does not exist in the ldap " + + " server. Could not remove pin"); + return; + } + + LDAPEntry entry = (LDAPEntry) res.nextElement(); + + userdn = entry.getDN(); + + mRemovePinLdapConnection.modify(userdn, + new LDAPModification( + LDAPModification.DELETE, + new LDAPAttribute(mPinAttr))); + + log(ILogger.LL_INFO, "Removed pin for user \"" + userdn + "\""); + + } catch (LDAPException e) { + log(ILogger.LL_SECURITY, "could not remove pin for " + userdn); + } + + } + } + + private void log(int level, String msg) { + if (mLogger == null) + return; + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, + level, "PinRemovalListener: " + msg); + } + + public void set(String name, String val) { + } +} + diff --git a/pki/base/common/src/com/netscape/cms/listeners/RequestInQListener.java b/pki/base/common/src/com/netscape/cms/listeners/RequestInQListener.java new file mode 100644 index 000000000..3027415be --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/listeners/RequestInQListener.java @@ -0,0 +1,277 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.listeners; + + +import com.netscape.certsrv.apps.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.listeners.*; +import com.netscape.certsrv.authority.*; +import com.netscape.certsrv.logging.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.notification.*; +import com.netscape.certsrv.common.*; +import com.netscape.certsrv.apps.*; +import com.netscape.cms.profile.input.SubjectNameInput; +import com.netscape.cms.profile.input.SubmitterInfoInput; + +import java.io.IOException; +import java.util.*; + + +/** + * a listener for every request gets into the request queue. + *

+ * Here is a list of available $TOKENs for email notification templates: + *

+ * + */ +public class RequestInQListener implements IRequestListener { + protected static final String PROP_ENABLED = "enabled"; + protected final static String PROP_SENDER_EMAIL = "senderEmail"; + protected final static String PROP_RECVR_EMAIL = "recipientEmail"; + public final static String PROP_EMAIL_TEMPLATE = "emailTemplate"; + protected static final String PROP_EMAIL_SUBJECT = "emailSubject"; + + protected final static String PROP_NOTIFY_SUBSTORE = "notification"; + protected final static String PROP_REQ_IN_Q_SUBSTORE = "requestInQ"; + + private boolean mEnabled = false; + private ILogger mLogger = CMS.getLogger(); + private String mSenderEmail = null; + private String mRecipientEmail = null; + private String mEmailSubject = null; + private String mFormPath = null; + private IConfigStore mConfig = null; + private Hashtable mContentParams = new Hashtable(); + private String mId = "RequestInQListener"; + private ICertAuthority mSubsystem = null; + private String mHttpHost = null; + private String mAgentPort = null; + + /** + * Constructor + */ + public RequestInQListener() { + } + + /** + * initializes the listener from the configuration + */ + public void init(ISubsystem sub, IConfigStore config) + throws EListenersException, EPropertyNotFound, EBaseException { + + mSubsystem = (ICertAuthority) sub; + mConfig = mSubsystem.getConfigStore(); + + IConfigStore nc = mConfig.getSubStore(PROP_NOTIFY_SUBSTORE); + IConfigStore rq = nc.getSubStore(PROP_REQ_IN_Q_SUBSTORE); + + mEnabled = rq.getBoolean(PROP_ENABLED, false); + + mSenderEmail = rq.getString(PROP_SENDER_EMAIL); + if (mSenderEmail == null) { + throw new EListenersException(CMS.getLogMessage("NO_NOTIFY_SENDER_EMAIL_CONFIG_FOUND")); + } + mRecipientEmail = rq.getString(PROP_RECVR_EMAIL); + if (mRecipientEmail == null) { + throw new EListenersException(CMS.getLogMessage("NO_NOTIFY_RECVR_EMAIL_CONFIG_FOUND")); + } + + mEmailSubject = rq.getString(PROP_EMAIL_SUBJECT); + if (mEmailSubject == null) { + mEmailSubject = "Request in Queue"; + } + + mFormPath = rq.getString(PROP_EMAIL_TEMPLATE); + + // make available http host and port for forming url in templates + mHttpHost = CMS.getAgentHost(); + mAgentPort = CMS.getAgentPort(); + if (mAgentPort == null) + log(ILogger.LL_FAILURE, CMS.getLogMessage("LISTENERS_REQUEST_PORT_NOT_FOUND")); + else + CMS.debug("RequestInQuListener: agentport = " + mAgentPort); + + // register for this event listener + mSubsystem.registerPendingListener(this); + } + + /** + * carries out the operation when the listener is triggered. + * @param r IRequest structure holding the request information + * @see com.netscape.certsrv.request.IRequest + */ + public void accept(IRequest r) { + + if (mEnabled != true) return; + + // regardless of type of request...notify for everything + // no need for email resolver here... + IMailNotification mn = CMS.getMailNotification(); + + mn.setFrom(mSenderEmail); + mn.setTo(mRecipientEmail); + mn.setSubject(mEmailSubject + " (request id: " + + r.getRequestId() + ")"); + + /* + * get form file from disk + */ + IEmailTemplate template = CMS.getEmailTemplate(mFormPath); + + /* + * parse and process the template + */ + if (template != null) { + if (!template.init()) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("LISTENERS_TEMPLATE_NOT_INIT")); + return; + } + + buildContentParams(r); + IEmailFormProcessor et = CMS.getEmailFormProcessor(); + String c = et.getEmailContent(template.toString(), mContentParams); + + if (template.isHTML()) { + mn.setContentType("text/html"); + } + mn.setContent(c); + } else { + // log and mail + log(ILogger.LL_FAILURE, + CMS.getLogMessage("LISTENERS_TEMPLATE_NOT_GET")); + mn.setContent("Template not retrievable for Request in Queue notification"); + } + + try { + mn.sendNotification(); + } catch (ENotificationException e) { + // already logged, lets audit + mLogger.log(ILogger.EV_AUDIT, null, + ILogger.S_OTHER, + ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); + + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, + CMS.getLogMessage("LISTENERS_SEND_FAILED", e.toString())); + + } catch (IOException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("LISTENERS_SEND_FAILED", e.toString())); + } + } + + private void buildContentParams(IRequest r) { + mContentParams.clear(); + mContentParams.put(IEmailFormProcessor.TOKEN_ID, + mConfig.getName()); + Object val = null; + + String profileId = r.getExtDataInString("profileId"); + + if (profileId == null) { + val = r.getExtDataInString(IRequest.HTTP_PARAMS, "csrRequestorEmail"); + } else { + // use the submitter info if available, otherwise, use the + // subject name input email + val = r.getExtDataInString(SubmitterInfoInput.EMAIL); + + if ((val == null) || (((String) val).compareTo("") == 0)) { + val = r.getExtDataInString(SubjectNameInput.VAL_EMAIL); + } + } + if (val != null) + mContentParams.put(IEmailFormProcessor.TOKEN_REQUESTOR_EMAIL, + val); + + if (profileId == null) { + val = r.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); + } else { + val = profileId; + } + if (val != null) { + mContentParams.put(IEmailFormProcessor.TOKEN_CERT_TYPE, + val); + } + + RequestId reqId = r.getRequestId(); + + mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_ID, + (Object) reqId.toString()); + + mContentParams.put(IEmailFormProcessor.TOKEN_ID, mId); + + val = r.getRequestType(); + if (val != null) + mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_TYPE, + val); + + mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_HOST, + (Object) mHttpHost); + mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_PORT, + (Object) mAgentPort); + + mContentParams.put(IEmailFormProcessor.TOKEN_SENDER_EMAIL, + (Object) mSenderEmail); + mContentParams.put(IEmailFormProcessor.TOKEN_RECIPIENT_EMAIL, + (Object) mRecipientEmail); + } + + /** + * sets the configurable parameters + * @param name a String represents the name of the configuration parameter to be set + * @param val a String containing the value to be set for name + */ + public void set(String name, String val) { + if (name.equalsIgnoreCase(PROP_ENABLED)) { + if (val.equalsIgnoreCase("true")) { + mEnabled = true; + } else { + mEnabled = false; + } + } else if (name.equalsIgnoreCase(PROP_SENDER_EMAIL)) { + mSenderEmail = val; + } else if (name.equalsIgnoreCase(PROP_RECVR_EMAIL)) { + mRecipientEmail = val; + } else if (name.equalsIgnoreCase(PROP_EMAIL_SUBJECT)) { + mEmailSubject = val; + } else if (name.equalsIgnoreCase(PROP_EMAIL_TEMPLATE)) { + mFormPath = val; + } else { + log(ILogger.LL_FAILURE, CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET")); + } + } + + private void log(int level, String msg) { + if (mLogger == null) + return; + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, + level, msg); + } +} + -- cgit