From a4682ceae6774956461edd03b2485bbacea445f4 Mon Sep 17 00:00:00 2001 From: mharmsen Date: Tue, 4 Oct 2011 01:17:41 +0000 Subject: Bugzilla Bug #688225 - (dogtagIPAv2.1) TRACKER: of the Dogtag fixes for freeIPA 2.1 git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/tags/IPA_v2_RHEL_6_2_20111003@2252 c9f7a03b-bd48-0410-a16d-cbbf54688b0b --- .../cms/servlet/csadmin/WizardPanelBase.java | 1603 ++++++++++++++++++++ 1 file changed, 1603 insertions(+) create mode 100644 pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java (limited to 'pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java') diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java new file mode 100644 index 000000000..c34adc408 --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java @@ -0,0 +1,1603 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.csadmin; + + +import org.apache.velocity.context.Context; +import javax.servlet.http.*; +import javax.servlet.*; +import java.io.*; +import java.util.*; +import java.net.*; +import com.netscape.certsrv.apps.*; +import com.netscape.certsrv.property.*; +import com.netscape.certsrv.base.*; +import com.netscape.cms.servlet.wizard.*; +import com.netscape.cms.servlet.base.*; +import org.mozilla.jss.*; +import org.mozilla.jss.ssl.*; +import org.mozilla.jss.crypto.*; +import org.mozilla.jss.util.Base64OutputStream; +import org.mozilla.jss.pkcs11.*; +import netscape.security.x509.*; +import com.netscape.cmsutil.xml.*; +import com.netscape.cmsutil.http.*; +import org.w3c.dom.*; +import org.xml.sax.*; +import java.security.cert.*; +import java.security.*; +import netscape.ldap.*; + +import com.netscape.cmsutil.crypto.*; +import com.netscape.cms.servlet.wizard.*; + +public class WizardPanelBase implements IWizardPanel { + public static String PCERT_PREFIX = "preop.cert."; + public static String SUCCESS = "0"; + public static String FAILURE = "1"; + public static String AUTH_FAILURE = "2"; + + /** + * Definition for static variables in CS.cfg + */ + public static final String CONF_CA_CERT = "ca.signing.cert"; + public static final String CONF_CA_CERTREQ = "ca.signing.certreq"; + public static final String CONF_CA_CERTNICKNAME = "ca.signing.certnickname"; + + public static final String PRE_CONF_ADMIN_NAME = "preop.admin.name"; + public static final String PRE_CONF_AGENT_GROUP = "preop.admin.group"; + + /** + * Definition for "preop" static variables in CS.cfg + * -- "preop" config parameters should not assumed to exist after configuation + */ + + public static final String PRE_CONF_CA_TOKEN = "preop.module.token"; + public static final String PRE_CA_TYPE = "preop.ca.type"; + public static final String PRE_OTHER_CA = "otherca"; + public static final String PRE_ROOT_CA = "rootca"; + + private String mName = null; + private int mPanelNo = 0; + private String mId = null; + + /** + * Initializes this panel. + */ + public void init(ServletConfig config, int panelno) + throws ServletException + { + mPanelNo = panelno; + } + + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException + { + mPanelNo = panelno; + } + + /** + * Cleans up this panel so that isPanelDone() will return false. + */ + public void cleanUp() throws IOException { + } + + public String getName() { + return mName; + } + + public int getPanelNo() { + return mPanelNo; + } + + public void setPanelNo(int num) { + mPanelNo = num; + } + + public void setName(String name) { + mName = name; + } + + public void setId(String id) { + mId = id; + } + + public String getId() { + return mId; + } + + public PropertySet getUsage() { + PropertySet set = null; + + return set; + } + + /** + * Should we skip this panel? + */ + public boolean shouldSkip() { + return false; + } + + /** + * Is this panel done + */ + public boolean isPanelDone() { + return false; + } + + /** + * Show "Apply" button on frame? + */ + public boolean showApplyButton() { + return false; + } + + /** + * Is this a subPanel? + */ + public boolean isSubPanel() { + return false; + } + + public boolean isLoopbackPanel() { + return false; + } + + /** + * has subPanels? + */ + public boolean hasSubPanel() { + return false; + } + + /** + * Display the panel. + */ + public void display(HttpServletRequest request, + HttpServletResponse response, + Context context) {} + + /** + * Checks if the given parameters are valid. + */ + public void validate(HttpServletRequest request, + HttpServletResponse response, + Context context) throws IOException { + } + + /** + * Commit parameter changes + */ + public void update(HttpServletRequest request, + HttpServletResponse response, + Context context) throws IOException {} + + /** + * If validiate() returns false, this method will be called. + */ + public void displayError(HttpServletRequest request, + HttpServletResponse response, + Context context) {} + + /** + * Retrieves locale based on the request. + */ + public Locale getLocale(HttpServletRequest req) { + Locale locale = null; + String lang = req.getHeader("accept-language"); + + if (lang == null) { + // use server locale + locale = Locale.getDefault(); + } else { + locale = new Locale(UserInfo.getUserLanguage(lang), + UserInfo.getUserCountry(lang)); + } + return locale; + } + + public String getNickname(IConfigStore config, String certTag) { + String instanceID = ""; + + try { + instanceID = config.getString("instanceId", ""); + } catch (Exception e) {} + + String nickname = certTag + "Cert cert-" + instanceID; + String preferredNickname = null; + + try { + preferredNickname = config.getString( + PCERT_PREFIX + certTag + ".nickname", null); + } catch (Exception e) {} + + if (preferredNickname != null) { + nickname = preferredNickname; + } + return nickname; + } + + public void updateDomainXML(String hostname, int port, boolean https, + String servlet, String uri) throws IOException { + CMS.debug("WizardPanelBase updateDomainXML start hostname=" + hostname + " port=" + port); + IConfigStore cs = CMS.getConfigStore(); + String nickname = ""; + String tokenname = ""; + try { + nickname = cs.getString("preop.cert.subsystem.nickname", ""); + tokenname = cs.getString("preop.module.token", ""); + } catch (Exception e) {} + + if (!tokenname.equals("") && + !tokenname.equals("Internal Key Storage Token") && + !tokenname.equals("internal")) { + nickname = tokenname+":"+nickname; + } + + CMS.debug("WizardPanelBase updateDomainXML nickname=" + nickname); + CMS.debug("WizardPanelBase: start sending updateDomainXML request"); + String c = getHttpResponse(hostname, port, https, servlet, uri, nickname); + CMS.debug("WizardPanelBase: done sending updateDomainXML request"); + + if (c != null) { + try { + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + XMLObject obj = null; + try { + obj = new XMLObject(bis); + } catch (Exception e) { + CMS.debug( "WizardPanelBase::updateDomainXML() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); + } + + String status = obj.getValue("Status"); + CMS.debug("WizardPanelBase updateDomainXML: status=" + status); + + if (status.equals(SUCCESS)) { + return; + } else { + String error = obj.getValue("Error"); + throw new IOException(error); + } + } catch (IOException e) { + CMS.debug("WizardPanelBase: updateDomainXML: " + e.toString()); + throw e; + } catch (Exception e) { + CMS.debug("WizardPanelBase: updateDomainXML: " + e.toString()); + throw new IOException(e.toString()); + } + } + } + + public int getSubsystemCount( String hostname, int https_admin_port, + boolean https, String type ) + throws IOException { + CMS.debug("WizardPanelBase getSubsystemCount start"); + String c = getDomainXML(hostname, https_admin_port, true); + if (c != null) { + try { + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + XMLObject obj = new XMLObject(bis); + String containerName = type+"List"; + Node n = obj.getContainer(containerName); + NodeList nlist = n.getChildNodes(); + String countS = ""; + for (int i=0; i 0) + v = n2.item(0).getNodeValue(); + break; + } + } + + if (name.equals("internaldb.ldapconn.host")) { + config.putString("preop.internaldb.master.hostname", v); + } else if (name.equals("internaldb.ldapconn.port")) { + config.putString("preop.internaldb.master.port", v); + } else if (name.equals("internaldb.ldapauth.bindDN")) { + config.putString("preop.internaldb.master.binddn", v); + } else if (name.equals("internaldb.basedn")) { + config.putString(name, v); + config.putString("preop.internaldb.master.basedn", v); + } else if (name.equals("internaldb.ldapauth.password")) { + config.putString("preop.internaldb.master.bindpwd", v); + } else if (name.equals("internaldb.replication.password")) { + config.putString("preop.internaldb.master.replicationpwd", v); + } else if (name.equals("instanceId")) { + config.putString("preop.master.instanceId", v); + } else if (name.equals("cloning.cert.signing.nickname")) { + config.putString("preop.master.signing.nickname", v); + config.putString("preop.cert.signing.nickname", v); + } else if (name.equals("cloning.ocsp_signing.nickname")) { + config.putString("preop.master.ocsp_signing.nickname", v); + config.putString("preop.cert.ocsp_signing.nickname", v); + } else if (name.equals("cloning.subsystem.nickname")) { + config.putString("preop.master.subsystem.nickname", v); + config.putString("preop.cert.subsystem.nickname", v); + } else if (name.equals("cloning.transport.nickname")) { + config.putString("preop.master.transport.nickname", v); + config.putString("kra.transportUnit.nickName", v); + config.putString("preop.cert.transport.nickname", v); + } else if (name.equals("cloning.storage.nickname")) { + config.putString("preop.master.storage.nickname", v); + config.putString("kra.storageUnit.nickName", v); + config.putString("preop.cert.storage.nickname", v); + } else if (name.equals("cloning.audit_signing.nickname")) { + config.putString("preop.master.audit_signing.nickname", v); + config.putString("preop.cert.audit_signing.nickname", v); + config.putString(name, v); + } else if (name.startsWith("cloning.ca")) { + config.putString(name.replaceFirst("cloning", "preop"), v); + } else if (name.equals("cloning.signing.keyalgorithm")) { + config.putString(name.replaceFirst("cloning", "preop.cert"), v); + if (cstype.equals("CA")) { + config.putString("ca.crl.MasterCRL.signingAlgorithm", v); + config.putString("ca.signing.defaultSigningAlgorithm", v); + } else if (cstype.equals("OCSP")) { + config.putString("ocsp.signing.defaultSigningAlgorithm", v); + } + } else if (name.equals("cloning.transport.keyalgorithm")) { + config.putString(name.replaceFirst("cloning", "preop.cert"), v); + config.putString("kra.transportUnit.signingAlgorithm", v); + } else if (name.equals("cloning.ocsp_signing.keyalgorithm")) { + config.putString(name.replaceFirst("cloning", "preop.cert"), v); + if (cstype.equals("CA")) { + config.putString("ca.ocsp_signing.defaultSigningAlgorithm", v); + } + } else if (name.startsWith("cloning")) { + config.putString(name.replaceFirst("cloning", "preop.cert"), v); + } else { + config.putString(name, v); + } + } + + return true; + } else if (status.equals(AUTH_FAILURE)) { + reloginSecurityDomain(response); + return false; + } else { + String error = parser.getValue("Error"); + + throw new IOException(error); + } + } catch (IOException e) { + CMS.debug("WizardPanelBase: updateConfigEntries: " + e.toString()); + throw e; + } catch (Exception e) { + CMS.debug("WizardPanelBase: updateConfigEntries: " + e.toString()); + throw new IOException(e.toString()); + } + } + + return false; + } + + public boolean authenticate(String hostname, int port, boolean https, + String servlet, String uri) throws IOException { + CMS.debug("WizardPanelBase authenticate start"); + String c = getHttpResponse(hostname, port, https, servlet, uri, null); + IConfigStore cs = CMS.getConfigStore(); + + if (c != null) { + try { + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + XMLObject parser = null; + + try { + parser = new XMLObject(bis); + } catch (Exception e) { + CMS.debug( "WizardPanelBase::authenticate() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); + } + + String status = parser.getValue("Status"); + + CMS.debug("WizardPanelBase authenticate: status=" + status); + + if (status.equals(SUCCESS)) { + String cookie = parser.getValue("Cookie"); + cs.putString("preop.cookie", cookie); + return true; + } else { + String error = parser.getValue("Error"); + return false; + } + } catch (Exception e) { + CMS.debug("WizardPanelBase: authenticate: " + e.toString()); + throw new IOException(e.toString()); + } + } + + return false; + } + + public void updateOCSPConfig(String hostname, int port, boolean https, + String content, HttpServletResponse response) + throws IOException { + CMS.debug("WizardPanelBase updateOCSPConfig start"); + String c = getHttpResponse(hostname, port, https, + "/ca/ee/ca/updateOCSPConfig", content, null); + if (c == null || c.equals("")) { + CMS.debug("WizardPanelBase updateOCSPConfig: content is null."); + throw new IOException("The server you want to contact is not available"); + } else { + try { + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + XMLObject parser = null; + + try { + parser = new XMLObject(bis); + } catch (Exception e) { + CMS.debug( "WizardPanelBase::updateOCSPConfig() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); + } + + String status = parser.getValue("Status"); + + CMS.debug("WizardPanelBase updateOCSPConfig: status=" + status); + + if (status.equals(SUCCESS)) { + CMS.debug("WizardPanelBase updateOCSPConfig: Successfully update the OCSP configuration in the CA."); + } else if (status.equals(AUTH_FAILURE)) { + reloginSecurityDomain(response); + return; + } else { + String error = parser.getValue("Error"); + + throw new IOException(error); + } + } catch (IOException e) { + CMS.debug("WizardPanelBase updateOCSPConfig: " + e.toString()); + throw e; + } catch (Exception e) { + CMS.debug("WizardPanelBase updateOCSPConfig: " + e.toString()); + throw new IOException(e.toString()); + } + } + } + + public void updateNumberRange(String hostname, int port, boolean https, + String content, String type, HttpServletResponse response) + throws IOException { + CMS.debug("WizardPanelBase updateNumberRange start host=" + hostname + + " port=" + port); + IConfigStore cs = CMS.getConfigStore(); + String cstype = ""; + try { + cstype = cs.getString("cs.type", ""); + } catch (Exception e) { + } + + cstype = toLowerCaseSubsystemType(cstype); + String c = getHttpResponse(hostname, port, https, + "/"+cstype+"/ee/"+cstype+"/updateNumberRange", content, null); + if (c == null || c.equals("")) { + CMS.debug("WizardPanelBase updateNumberRange: content is null."); + throw new IOException("The server you want to contact is not available"); + } else { + CMS.debug("content="+c); + try { + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + XMLObject parser = null; + + try { + parser = new XMLObject(bis); + } catch (Exception e) { + CMS.debug( "WizardPanelBase::updateNumberRange() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); + } + + String status = parser.getValue("Status"); + + CMS.debug("WizardPanelBase updateNumberRange: status=" + status); + if (status.equals(SUCCESS)) { + String beginNum = parser.getValue("beginNumber"); + String endNum = parser.getValue("endNumber"); + if (type.equals("request")) { + cs.putString("dbs.beginRequestNumber", beginNum); + cs.putString("dbs.endRequestNumber", endNum); + } else if (type.equals("serialNo")) { + cs.putString("dbs.beginSerialNumber", beginNum); + cs.putString("dbs.endSerialNumber", endNum); + } else if (type.equals("replicaId")) { + cs.putString("dbs.beginReplicaNumber", beginNum); + cs.putString("dbs.endReplicaNumber", endNum); + } + // enable serial number management in clone + cs.putString("dbs.enableSerialManagement", "true"); + cs.commit(false); + } else if (status.equals(AUTH_FAILURE)) { + reloginSecurityDomain(response); + return; + } else { + String error = parser.getValue("Error"); + + throw new IOException(error); + } + } catch (IOException e) { + CMS.debug("WizardPanelBase: updateNumberRange: " + e.toString()); + CMS.debug(e); + throw e; + } catch (Exception e) { + CMS.debug("WizardPanelBase: updateNumberRange: " + e.toString()); + CMS.debug(e); + throw new IOException(e.toString()); + } + } + } + + public int getPort(String hostname, int port, boolean https, + String portServlet, boolean sport) + throws IOException { + CMS.debug("WizardPanelBase getPort start"); + String c = getHttpResponse(hostname, port, https, portServlet, + "secure=" + sport, null); + + if (c != null) { + try { + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + XMLObject parser = null; + + try { + parser = new XMLObject(bis); + } catch (Exception e) { + CMS.debug( "WizardPanelBase::getPort() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); + } + + String status = parser.getValue("Status"); + + CMS.debug("WizardPanelBase getPort: status=" + status); + + if (status.equals(SUCCESS)) { + String portStr = parser.getValue("Port"); + + port = Integer.parseInt(portStr); + return port; + } else { + String error = parser.getValue("Error"); + + throw new IOException(error); + } + } catch (IOException e) { + CMS.debug("WizardPanelBase: getPort: " + e.toString()); + throw e; + } catch (Exception e) { + CMS.debug("WizardPanelBase: getPort: " + e.toString()); + throw new IOException(e.toString()); + } + } + + return -1; + } + + public String getHttpResponse(String hostname, int port, boolean secure, + String uri, String content, String clientnickname) throws IOException { + return getHttpResponse(hostname, port, secure, uri, content, clientnickname, null); + } + + public String getHttpResponse(String hostname, int port, boolean secure, + String uri, String content, String clientnickname, + SSLCertificateApprovalCallback certApprovalCallback) + throws IOException { + HttpClient httpclient = null; + String c = null; + + try { + if (secure) { + JssSSLSocketFactory factory = null; + if (clientnickname != null && clientnickname.length() > 0) + factory = new JssSSLSocketFactory(clientnickname); + else + factory = new JssSSLSocketFactory(); + + httpclient = new HttpClient(factory, certApprovalCallback); + } else { + httpclient = new HttpClient(); + } + httpclient.connect(hostname, port); + HttpRequest httprequest = new HttpRequest(); + + httprequest.setMethod(HttpRequest.POST); + httprequest.setURI(uri); + // httprequest.setURI("/ca/ee/ca/ports"); + httprequest.setHeader("user-agent", "HTTPTool/1.0"); + // String content_c = "secure="+secure; + httprequest.setHeader("content-type", + "application/x-www-form-urlencoded"); + if (content != null && content.length() > 0) { + String content_c = content; + + httprequest.setHeader("content-length", "" + content_c.length()); + httprequest.setContent(content_c); + } + HttpResponse httpresponse = httpclient.send(httprequest); + + c = httpresponse.getContent(); + } catch (ConnectException e) { + CMS.debug("WizardPanelBase getHttpResponse: " + e.toString()); + throw new IOException("The server you tried to contact is not running."); + } catch (Exception e) { + CMS.debug("WizardPanelBase getHttpResponse: " + e.toString()); + throw new IOException(e.toString()); + } finally { + if (httpclient.connected()) { + httpclient.disconnect(); + } + } + + return c; + } + + public boolean isSDHostDomainMaster (IConfigStore config) { + String dm="false"; + try { + String hostname = config.getString("securitydomain.host"); + int httpsadminport = config.getInteger("securitydomain.httpsadminport"); + + CMS.debug("Getting domain.xml from CA..."); + String c = getDomainXML(hostname, httpsadminport, true); + + CMS.debug("Getting DomainMaster from security domain"); + + ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() ); + XMLObject parser = new XMLObject( bis ); + Document doc = parser.getDocument(); + NodeList nodeList = doc.getElementsByTagName( "CA" ); + + int len = nodeList.getLength(); + for( int i = 0; i < len; i++ ) { + Vector v_hostname = + parser.getValuesFromContainer( nodeList.item(i), + "Host" ); + + Vector v_https_admin_port = + parser.getValuesFromContainer( nodeList.item(i), + "SecureAdminPort" ); + + Vector v_domain_mgr = + parser.getValuesFromContainer( nodeList.item(i), + "DomainManager" ); + + if( v_hostname.elementAt( 0 ).equals( hostname ) && + v_https_admin_port.elementAt( 0 ).equals( Integer.toString(httpsadminport) ) ) { + dm = v_domain_mgr.elementAt( 0 ).toString(); + break; + } + } + } catch (Exception e) { + CMS.debug( e.toString() ); + } + return dm.equalsIgnoreCase("true"); + } + + public Vector getMasterUrlListFromSecurityDomain( IConfigStore config, + String type, + String portType ) { + Vector v = new Vector(); + + try { + String hostname = config.getString("securitydomain.host"); + int httpsadminport = config.getInteger("securitydomain.httpsadminport"); + + CMS.debug("Getting domain.xml from CA..."); + String c = getDomainXML(hostname, httpsadminport, true); + String list = ""; + + CMS.debug("Type " + type); + if (type.equals("CA")) { + list = "CAList"; + } else if (type.equals("KRA")) { + list = "KRAList"; + } else if (type.equals("OCSP")) { + list = "OCSPList"; + } else if (type.equals("TKS")) { + list = "TKSList"; + } + + CMS.debug( "Getting " + portType + " from Security Domain ..." ); + if( !portType.equals( "UnSecurePort" ) && + !portType.equals( "SecureAgentPort" ) && + !portType.equals( "SecurePort" ) && + !portType.equals( "SecureAdminPort" ) ) { + CMS.debug( "getPortFromSecurityDomain: " + + "unknown port type " + portType ); + return v; + } + + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + XMLObject parser = new XMLObject(bis); + Document doc = parser.getDocument(); + NodeList nodeList = doc.getElementsByTagName(type); + + // save domain name in cfg + config.putString("securitydomain.name", + parser.getValue("Name")); + + int len = nodeList.getLength(); + + CMS.debug("Len " + len); + for (int i = 0; i < len; i++) { + Vector v_clone = parser.getValuesFromContainer(nodeList.item(i), + "Clone"); + String clone = (String)v_clone.elementAt(0); + if (clone.equalsIgnoreCase("true")) + continue; + Vector v_name = parser.getValuesFromContainer(nodeList.item(i), + "SubsystemName"); + Vector v_host = parser.getValuesFromContainer(nodeList.item(i), + "Host"); + Vector v_port = parser.getValuesFromContainer(nodeList.item(i), + portType); + + v.addElement( v_name.elementAt(0) + + " - https://" + + v_host.elementAt(0) + + ":" + + v_port.elementAt(0) ); + } + } catch (Exception e) { + CMS.debug(e.toString()); + } + + return v; + } + + public Vector getUrlListFromSecurityDomain( IConfigStore config, + String type, + String portType ) { + Vector v = new Vector(); + + try { + String hostname = config.getString("securitydomain.host"); + int httpsadminport = config.getInteger("securitydomain.httpsadminport"); + + CMS.debug("Getting domain.xml from CA..."); + String c = getDomainXML(hostname, httpsadminport, true); + String list = ""; + + CMS.debug("Subsystem Type " + type); + if (type.equals("CA")) { + list = "CAList"; + } else if (type.equals("KRA")) { + list = "KRAList"; + } else if (type.equals("OCSP")) { + list = "OCSPList"; + } else if (type.equals("TKS")) { + list = "TKSList"; + } + + CMS.debug( "Getting " + portType + " from Security Domain ..." ); + if( !portType.equals( "UnSecurePort" ) && + !portType.equals( "SecureAgentPort" ) && + !portType.equals( "SecurePort" ) && + !portType.equals( "SecureAdminPort" ) ) { + CMS.debug( "getPortFromSecurityDomain: " + + "unknown port type " + portType ); + return v; + } + + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + XMLObject parser = new XMLObject(bis); + Document doc = parser.getDocument(); + NodeList nodeList = doc.getElementsByTagName(type); + + // save domain name in cfg + config.putString("securitydomain.name", + parser.getValue("Name")); + + int len = nodeList.getLength(); + + CMS.debug("Len " + len); + for (int i = 0; i < len; i++) { + Vector v_name = parser.getValuesFromContainer(nodeList.item(i), + "SubsystemName"); + Vector v_host = parser.getValuesFromContainer(nodeList.item(i), + "Host"); + Vector v_port = parser.getValuesFromContainer(nodeList.item(i), + portType); + Vector v_admin_port = parser.getValuesFromContainer(nodeList.item(i), + "SecureAdminPort"); + + if (v_host.elementAt(0).equals(hostname) && v_admin_port.elementAt(0).equals(new Integer(httpsadminport).toString())) { + // add security domain CA to the beginning of list + v.add( 0, v_name.elementAt(0) + + " - https://" + + v_host.elementAt(0) + + ":" + + v_port.elementAt(0) ); + } else { + v.addElement( v_name.elementAt(0) + + " - https://" + + v_host.elementAt(0) + + ":" + + v_port.elementAt(0) ); + } + } + } catch (Exception e) { + CMS.debug(e.toString()); + } + + return v; + } + + // Given an HTTPS Hostname and EE port, + // retrieve the associated HTTPS Admin port + public String getSecurityDomainAdminPort( IConfigStore config, + String hostname, + String https_ee_port, + String cstype ) { + String https_admin_port = new String(); + + try { + String sd_hostname = config.getString( "securitydomain.host" ); + int sd_httpsadminport = + config.getInteger( "securitydomain.httpsadminport" ); + + CMS.debug( "Getting domain.xml from CA ..." ); + String c = getDomainXML( sd_hostname, sd_httpsadminport, true ); + + CMS.debug( "Getting associated HTTPS Admin port from " + + "HTTPS Hostname '" + hostname + + "' and EE port '" + https_ee_port + "'" ); + ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() ); + XMLObject parser = new XMLObject( bis ); + Document doc = parser.getDocument(); + NodeList nodeList = doc.getElementsByTagName( cstype.toUpperCase() ); + + int len = nodeList.getLength(); + for( int i = 0; i < len; i++ ) { + Vector v_hostname = + parser.getValuesFromContainer( nodeList.item(i), + "Host" ); + + Vector v_https_ee_port = + parser.getValuesFromContainer( nodeList.item(i), + "SecurePort" ); + + Vector v_https_admin_port = + parser.getValuesFromContainer( nodeList.item(i), + "SecureAdminPort" ); + + if( v_hostname.elementAt( 0 ).equals( hostname ) && + v_https_ee_port.elementAt( 0 ).equals( https_ee_port ) ) { + https_admin_port = + v_https_admin_port.elementAt( 0 ).toString(); + break; + } + } + } catch (Exception e) { + CMS.debug( e.toString() ); + } + + return( https_admin_port ); + } + + public String getSecurityDomainPort( IConfigStore config, + String portType ) { + String port = new String(); + + try { + String hostname = config.getString( "securitydomain.host" ); + int httpsadminport = + config.getInteger( "securitydomain.httpsadminport" ); + + CMS.debug( "Getting domain.xml from CA ..." ); + String c = getDomainXML( hostname, httpsadminport, true ); + + CMS.debug( "Getting " + portType + " from Security Domain ..." ); + if( !portType.equals( "UnSecurePort" ) && + !portType.equals( "SecureAgentPort" ) && + !portType.equals( "SecurePort" ) && + !portType.equals( "SecureAdminPort" ) ) { + CMS.debug( "getPortFromSecurityDomain: " + + "unknown port type " + portType ); + return ""; + } + + ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() ); + XMLObject parser = new XMLObject( bis ); + Document doc = parser.getDocument(); + NodeList nodeList = doc.getElementsByTagName( "CA" ); + + int len = nodeList.getLength(); + for( int i = 0; i < len; i++ ) { + Vector v_admin_port = + parser.getValuesFromContainer( nodeList.item(i), + "SecureAdminPort" ); + + Vector v_port = null; + if( portType.equals( "UnSecurePort" ) ) { + v_port = parser.getValuesFromContainer( nodeList.item(i), + "UnSecurePort" ); + } else if( portType.equals( "SecureAgentPort" ) ) { + v_port = parser.getValuesFromContainer( nodeList.item(i), + "SecureAgentPort" ); + } else if( portType.equals( "SecurePort" ) ) { + v_port = parser.getValuesFromContainer( nodeList.item(i), + "SecurePort" ); + } else if( portType.equals( "SecureAdminPort" ) ) { + v_port = parser.getValuesFromContainer( nodeList.item(i), + "SecureAdminPort" ); + } + + if( ( v_port != null ) && + ( v_admin_port.elementAt( 0 ).equals( + Integer.toString( httpsadminport ) ) ) ) { + port = v_port.elementAt( 0 ).toString(); + break; + } + } + } catch (Exception e) { + CMS.debug( e.toString() ); + } + + return( port ); + } + + public String pingCS( String hostname, int port, boolean https, + SSLCertificateApprovalCallback certApprovalCallback ) + throws IOException { + CMS.debug( "WizardPanelBase pingCS: started" ); + + String c = getHttpResponse( hostname, port, https, + "/ca/admin/ca/getStatus", + null, null, certApprovalCallback ); + + if( c != null ) { + try { + ByteArrayInputStream bis = new + ByteArrayInputStream( c.getBytes() ); + XMLObject parser = null; + String state = null; + + try { + parser = new XMLObject( bis ); + CMS.debug( "WizardPanelBase pingCS: got XML parsed" ); + state = parser.getValue( "State" ); + + if( state != null ) { + CMS.debug( "WizardPanelBase pingCS: state=" + state ); + } + } catch (Exception e) { + CMS.debug( "WizardPanelBase: pingCS: parser failed" + + e.toString() ); + } + + return state; + } catch( Exception e ) { + CMS.debug( "WizardPanelBase: pingCS: " + e.toString() ); + throw new IOException( e.toString() ); + } + } + + CMS.debug( "WizardPanelBase pingCS: stopped" ); + return null; + } + + public String toLowerCaseSubsystemType(String s) { + String x = null; + if (s.equals("CA")) { + x = "ca"; + } else if (s.equals("KRA")) { + x = "kra"; + } else if (s.equals("OCSP")) { + x = "ocsp"; + } else if (s.equals("TKS")) { + x = "tks"; + } + + return x; + } + + public void getTokenInfo(IConfigStore config, String type, String host, + int https_ee_port, boolean https, Context context, + ConfigCertApprovalCallback certApprovalCallback) throws IOException { + CMS.debug("WizardPanelBase getTokenInfo start"); + String uri = "/"+type+"/ee/"+type+"/getTokenInfo"; + CMS.debug("WizardPanelBase getTokenInfo: uri="+uri); + String c = getHttpResponse(host, https_ee_port, https, uri, null, null, + certApprovalCallback); + if (c != null) { + try { + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + XMLObject parser = null; + + try { + parser = new XMLObject(bis); + } catch (Exception e) { + CMS.debug( "WizardPanelBase::getTokenInfo() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); + } + + String status = parser.getValue("Status"); + + CMS.debug("WizardPanelBase getTokenInfo: status=" + status); + + if (status.equals(SUCCESS)) { + Document doc = parser.getDocument(); + NodeList list = doc.getElementsByTagName("name"); + int len = list.getLength(); + for (int i=0; i 0) + v = n2.item(0).getNodeValue(); + break; + } + } + if (name.equals("cloning.signing.nickname")) { + config.putString("preop.master.signing.nickname", v); + config.putString(type + ".cert.signing.nickname", v); + config.putString(name, v); + } else if (name.equals("cloning.ocsp_signing.nickname")) { + config.putString("preop.master.ocsp_signing.nickname", v); + config.putString(type + ".cert.ocsp_signing.nickname", v); + config.putString(name, v); + } else if (name.equals("cloning.subsystem.nickname")) { + config.putString("preop.master.subsystem.nickname", v); + config.putString(type + ".cert.subsystem.nickname", v); + config.putString(name, v); + } else if (name.equals("cloning.transport.nickname")) { + config.putString("preop.master.transport.nickname", v); + config.putString("kra.transportUnit.nickName", v); + config.putString("kra.cert.transport.nickname", v); + config.putString(name, v); + } else if (name.equals("cloning.storage.nickname")) { + config.putString("preop.master.storage.nickname", v); + config.putString("kra.storageUnit.nickName", v); + config.putString("kra.cert.storage.nickname", v); + config.putString(name, v); + } else if (name.equals("cloning.audit_signing.nickname")) { + config.putString("preop.master.audit_signing.nickname", v); + config.putString(type + ".cert.audit_signing.nickname", v); + config.putString(name, v); + } else if (name.equals("cloning.module.token")) { + config.putString("preop.module.token", v); + } else if (name.startsWith("cloning.ca")) { + config.putString(name.replaceFirst("cloning", "preop"), v); + } else if (name.startsWith("cloning")) { + config.putString(name.replaceFirst("cloning", "preop.cert"), v); + } else { + config.putString(name, v); + } + } + } else { + String error = parser.getValue("Error"); + throw new IOException(error); + } + } catch (IOException e) { + CMS.debug("WizardPanelBase: getTokenInfo: " + e.toString()); + throw e; + } catch (Exception e) { + CMS.debug("WizardPanelBase: getTokenInfo: " + e.toString()); + throw new IOException(e.toString()); + } + } + } + + public void importCertChain(String id) throws IOException { + CMS.debug("DisplayCertChainPanel importCertChain"); + IConfigStore config = CMS.getConfigStore(); + String configName = "preop." + id + ".pkcs7"; + String pkcs7 = ""; + + try { + pkcs7 = config.getString(configName, ""); + } catch (Exception e) {} + + if (pkcs7.length() > 0) { + try { + CryptoUtil.importCertificateChain(pkcs7); + } catch (Exception e) { + CMS.debug("DisplayCertChainPanel importCertChain: Exception: "+e.toString()); + } + } + } + + public void updateCertChain(IConfigStore config, String name, String host, + int https_admin_port, boolean https, Context context) throws IOException { + updateCertChain( config, name, host, https_admin_port, + https, context, null ); + } + + public void updateCertChain(IConfigStore config, String name, String host, + int https_admin_port, boolean https, Context context, + ConfigCertApprovalCallback certApprovalCallback) throws IOException { + String certchain = getCertChainUsingSecureAdminPort( host, + https_admin_port, + https, + certApprovalCallback ); + config.putString("preop."+name+".pkcs7", certchain); + + byte[] decoded = CryptoUtil.base64Decode(certchain); + java.security.cert.X509Certificate[] b_certchain = null; + + try { + b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded); + } catch (Exception e) { + context.put("errorString", + "Failed to get the certificate chain."); + return; + } + + int size = 0; + if (b_certchain != null) { + size = b_certchain.length; + } + config.putInteger("preop."+name+".certchain.size", size); + for (int i = 0; i < size; i++) { + byte[] bb = null; + + try { + bb = b_certchain[i].getEncoded(); + } catch (Exception e) { + context.put("errorString", + "Failed to get the der-encoded certificate chain."); + return; + } + config.putString("preop."+name+".certchain." + i, + CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); + } + + try { + config.commit(false); + } catch (EBaseException e) { + } + } + + public void updateCertChainUsingSecureEEPort( IConfigStore config, + String name, String host, + int https_ee_port, + boolean https, + Context context, + ConfigCertApprovalCallback certApprovalCallback ) throws IOException { + String certchain = getCertChainUsingSecureEEPort( host, https_ee_port, + https, + certApprovalCallback); + config.putString("preop."+name+".pkcs7", certchain); + + byte[] decoded = CryptoUtil.base64Decode(certchain); + java.security.cert.X509Certificate[] b_certchain = null; + + try { + b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded); + } catch (Exception e) { + context.put("errorString", + "Failed to get the certificate chain."); + return; + } + + int size = 0; + if (b_certchain != null) { + size = b_certchain.length; + } + config.putInteger("preop."+name+".certchain.size", size); + for (int i = 0; i < size; i++) { + byte[] bb = null; + + try { + bb = b_certchain[i].getEncoded(); + } catch (Exception e) { + context.put("errorString", + "Failed to get the der-encoded certificate chain."); + return; + } + config.putString("preop."+name+".certchain." + i, + CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); + } + + try { + config.commit(false); + } catch (EBaseException e) { + } + } + + public void deleteCert(String tokenname, String nickname) { + try { + CryptoManager cm = CryptoManager.getInstance(); + CryptoToken tok = cm.getTokenByName(tokenname); + CryptoStore store = tok.getCryptoStore(); + String fullnickname = nickname; + if (!tokenname.equals("") && + !tokenname.equals("Internal Key Storage Token") && + !tokenname.equals("internal")) + fullnickname = tokenname+":"+nickname; + + CMS.debug("WizardPanelBase deleteCert: nickname="+fullnickname); + org.mozilla.jss.crypto.X509Certificate cert = cm.findCertByNickname(fullnickname); + + if (store instanceof PK11Store) { + CMS.debug("WizardPanelBase deleteCert: this is pk11store"); + PK11Store pk11store = (PK11Store)store; + pk11store.deleteCertOnly(cert); + CMS.debug("WizardPanelBase deleteCert: cert deleted successfully"); + } + } catch (Exception e) { + CMS.debug("WizardPanelBase deleteCert: Exception="+e.toString()); + } + } + + public void deleteEntries(LDAPSearchResults res, LDAPConnection conn, + String dn, String[] entries) { + String[] attrs = null; + LDAPSearchConstraints cons = null; + String filter = "objectclass=*"; + + try { + if (res.getCount() == 0) + return; + else { + while (res.hasMoreElements()) { + LDAPEntry entry = res.next(); + String dn1 = entry.getDN(); + LDAPSearchResults res1 = conn.search(dn1, 1, filter, attrs, true, cons); + deleteEntries(res1, conn, dn1, entries); + deleteEntry(conn, dn1, entries); + } + } + } catch (Exception ee) { + CMS.debug("WizardPanelBase deleteEntries: Exception="+ee.toString()); + } + } + + public void deleteEntry(LDAPConnection conn, String dn, String[] entries) { + try { + for (int i=0; i