From 33e21f6e9a78056ca03ae7181bd4cdf5a31d7c4b Mon Sep 17 00:00:00 2001 From: mharmsen Date: Sat, 30 May 2009 01:32:34 +0000 Subject: Bugzilla Bug #500733 - Subordinate CA - administrator certificate import fails (install wizard) git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@517 c9f7a03b-bd48-0410-a16d-cbbf54688b0b --- .../netscape/cms/servlet/csadmin/AdminPanel.java | 40 +++++++++++++++-- .../cms/servlet/csadmin/CreateSubsystemPanel.java | 7 ++- .../cms/servlet/csadmin/HierarchyPanel.java | 4 ++ .../cms/servlet/csadmin/ImportAdminCertPanel.java | 40 ++++++++++++++++- .../netscape/cms/servlet/csadmin/NamePanel.java | 12 ++++- .../cms/servlet/csadmin/WizardPanelBase.java | 51 ++++++++++++++++++++++ 6 files changed, 144 insertions(+), 10 deletions(-) (limited to 'pki/base/common/src/com/netscape/cms') diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java index e8b0346a2..0c9a24bff 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java @@ -140,9 +140,10 @@ public class AdminPanel extends WizardPanelBase { String info = ""; context.put("import", "true"); + String subsystemtype = ""; try { type = cs.getString("preop.ca.type", ""); - String subsystemtype = cs.getString("cs.type", ""); + subsystemtype = cs.getString("cs.type", ""); } catch (Exception e) {} if (isPanelDone()) { @@ -233,9 +234,14 @@ public class AdminPanel extends WizardPanelBase { context.put("import", "true"); String type = ""; + String subsystemtype = ""; + String security_domain_type = ""; + String selected_hierarchy = ""; try { type = config.getString(PRE_CA_TYPE, ""); - String subsystemtype = config.getString("cs.type", ""); + subsystemtype = config.getString("cs.type", ""); + security_domain_type = config.getString("securitydomain.select",""); + selected_hierarchy = config.getString("preop.hierarchy.select", ""); } catch (Exception e) {} ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca"); @@ -263,8 +269,17 @@ public class AdminPanel extends WizardPanelBase { throw e; } - if (ca != null) { - CMS.debug("AdminPanel update: this is CA subsystem"); + // REMINDER: This panel is NOT used by "clones" + if( ( ca != null ) && ( security_domain_type.equals( "new" ) ) ) { + if( selected_hierarchy.equals( "root" ) ) { + CMS.debug( "AdminPanel update: " + + "Root CA subsystem - " + + "(new Security Domain)" ); + } else { + CMS.debug( "AdminPanel update: " + + "Subordinate CA subsystem - " + + "(new Security Domain)" ); + } try { createAdminCertificate(request, response, context); @@ -278,6 +293,23 @@ public class AdminPanel extends WizardPanelBase { String ca_hostname = null; int ca_port = -1; + // REMINDER: This panel is NOT used by "clones" + if( subsystemtype.equals( "CA" ) ) { + if( selected_hierarchy.equals( "root" ) ) { + CMS.debug( "AdminPanel update: " + + "Root CA subsystem - " + + "(existing Security Domain)" ); + } else { + CMS.debug( "AdminPanel update: " + + "Subordinate CA subsystem - " + + "(existing Security Domain)" ); + } + } else { + CMS.debug( "AdminPanel update: " + + subsystemtype + + " subsystem" ); + } + if (type.equals("sdca")) { try { ca_hostname = config.getString("preop.ca.hostname"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java index 339a92444..7c9895e05 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java @@ -63,6 +63,7 @@ public class CreateSubsystemPanel extends WizardPanelBase { public void cleanUp() throws IOException { IConfigStore cs = CMS.getConfigStore(); cs.putString("preop.subsystem.select", ""); + cs.putString("subsystem.select", ""); } public boolean isPanelDone() { @@ -199,9 +200,10 @@ public class CreateSubsystemPanel extends WizardPanelBase { config.putString("preop.subsystem.name", HttpInput.getName(request, "subsystemName")); - if (select.equals("newsubsystem")) + if (select.equals("newsubsystem")) { config.putString("preop.subsystem.select", "new"); - else if (select.equals("clonesubsystem")) { + config.putString("subsystem.select", "New"); + } else if (select.equals("clonesubsystem")) { String cstype = ""; try { cstype = config.getString("cs.type", ""); @@ -211,6 +213,7 @@ public class CreateSubsystemPanel extends WizardPanelBase { cstype = toLowerCaseSubsystemType(cstype); config.putString("preop.subsystem.select", "clone"); + config.putString("subsystem.select", "Clone"); String lists = ""; try { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java index 37231edfa..ed552c9fa 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java @@ -77,6 +77,7 @@ public class HierarchyPanel extends WizardPanelBase { if (s != null && s.equals("clone")) { // mark this panel as done c.putString("preop.hierarchy.select","root"); + c.putString("hierarchy.select","Clone"); return true; } } catch (EBaseException e) { @@ -88,6 +89,7 @@ public class HierarchyPanel extends WizardPanelBase { public void cleanUp() throws IOException { IConfigStore cs = CMS.getConfigStore(); cs.putString("preop.hierarchy.select", ""); + cs.putString("hierarchy.select", ""); } public boolean isPanelDone() { @@ -171,6 +173,7 @@ public class HierarchyPanel extends WizardPanelBase { if (select.equals("root")) { config.putString("preop.hierarchy.select", "root"); + config.putString("hierarchy.select", "Root"); config.putString("preop.ca.type", "sdca"); try { config.commit(false); @@ -178,6 +181,7 @@ public class HierarchyPanel extends WizardPanelBase { } else if (select.equals("join")) { config.putString(PCERT_PREFIX + "signing.type", "remote"); config.putString("preop.hierarchy.select", "join"); + config.putString("hierarchy.select", "Subordinate"); } else { config.putString(PCERT_PREFIX + "signing.type", "remote"); CMS.debug("HierarchyPanel: invalid choice " + select); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java index 8c40c8d79..7487694df 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java @@ -138,8 +138,12 @@ public class ImportAdminCertPanel extends WizardPanelBase { } catch (Exception e) {} } else if (type.equals("sdca")) { try { + // If this code is selected (e. g. - Subordinate CAs + // that are NOT their own Security Domain), it MUST + // still pass the "httpsadminport" associated with the + // Security Domain CA as defined via the NamePanel. caHost = cs.getString("preop.ca.hostname", ""); - caPort = cs.getString("preop.ca.httpsport", ""); + caPort = cs.getString("preop.ca.httpsadminport", ""); } catch (Exception e) {} } } else { @@ -180,10 +184,14 @@ public class ImportAdminCertPanel extends WizardPanelBase { String type = ""; String subsystemtype = ""; + String security_domain_type = ""; + String selected_hierarchy = ""; try { type = cs.getString("preop.ca.type", ""); subsystemtype = cs.getString("cs.type", ""); + security_domain_type = cs.getString("securitydomain.select", ""); + selected_hierarchy = cs.getString("preop.hierarchy.select", ""); } catch (Exception e) {} ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem( @@ -198,9 +206,20 @@ public class ImportAdminCertPanel extends WizardPanelBase { X509CertImpl certs[] = new X509CertImpl[1]; - if (ca != null) { + // REMINDER: This panel is NOT used by "clones" + if( ( ca != null ) && ( security_domain_type.equals( "new" ) ) ) { String serialno = null; + if( selected_hierarchy.equals( "root" ) ) { + CMS.debug( "ImportAdminCertPanel update: " + + "Root CA subsystem - " + + "(new Security Domain)" ); + } else { + CMS.debug( "ImportAdminCertPanel update: " + + "Subordinate CA subsystem - " + + "(new Security Domain)" ); + } + try { serialno = cs.getString("preop.admincert.serialno.0"); } catch (Exception e) { @@ -218,6 +237,23 @@ public class ImportAdminCertPanel extends WizardPanelBase { } else { String dir = null; + // REMINDER: This panel is NOT used by "clones" + if( subsystemtype.equals( "CA" ) ) { + if( selected_hierarchy.equals( "root" ) ) { + CMS.debug( "ImportAdminCertPanel update: " + + "Root CA subsystem - " + + "(existing Security Domain)" ); + } else { + CMS.debug( "ImportAdminCertPanel update: " + + "Subordinate CA subsystem - " + + "(existing Security Domain)" ); + } + } else { + CMS.debug( "ImportAdminCertPanel update: " + + subsystemtype + + " subsystem" ); + } + try { dir = cs.getString("preop.admincert.b64", ""); CMS.debug("ImportAdminCertPanel update: dir=" + dir); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java index 8b5554593..8236ed378 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java @@ -808,6 +808,7 @@ public class NamePanel extends WizardPanelBase { private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException { CMS.debug("NamePanel update: this is the CA in the security domain."); CMS.debug("NamePanel update: selected CA hostname=" + hostname + " port=" + httpsPortStr); + String https_admin_port = ""; IConfigStore config = CMS.getConfigStore(); context.put("sdcaHostname", hostname); @@ -818,19 +819,26 @@ public class NamePanel extends WizardPanelBase { throw new IOException("Hostname is null"); } + // Retrieve the associated HTTPS Admin port so that it + // may be stored for use with ImportAdminCertPanel + https_admin_port = getSecurityDomainAdminPort( config, + hostname, + httpsPortStr ); + int httpsport = -1; try { httpsport = Integer.parseInt(httpsPortStr); } catch (Exception e) { CMS.debug( - "NamePanel update: Http port is not valid. Exception: " + "NamePanel update: Https port is not valid. Exception: " + e.toString()); - throw new IOException("Http Port is not valid."); + throw new IOException("Https Port is not valid."); } config.putString("preop.ca.hostname", hostname); config.putString("preop.ca.httpsport", httpsPortStr); + config.putString("preop.ca.httpsadminport", https_admin_port); ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); updateCertChainUsingSecureEEPort( config, "ca", hostname, httpsport, true, context, diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java index 1beac3776..529e493e8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java @@ -1058,6 +1058,57 @@ public class WizardPanelBase implements IWizardPanel { return v; } + // Given an HTTPS Hostname and EE port, + // retrieve the associated HTTPS Admin port + public String getSecurityDomainAdminPort( IConfigStore config, + String hostname, + String https_ee_port ) { + String https_admin_port = new String(); + + try { + String sd_hostname = config.getString( "securitydomain.host" ); + int sd_httpsadminport = + config.getInteger( "securitydomain.httpsadminport" ); + + CMS.debug( "Getting domain.xml from CA ..." ); + String c = getDomainXML( sd_hostname, sd_httpsadminport, true ); + + CMS.debug( "Getting associated HTTPS Admin port from " + + "HTTPS Hostname '" + hostname + + "' and EE port '" + https_ee_port + "'" ); + ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() ); + XMLObject parser = new XMLObject( bis ); + Document doc = parser.getDocument(); + NodeList nodeList = doc.getElementsByTagName( "CA" ); + + int len = nodeList.getLength(); + for( int i = 0; i < len; i++ ) { + Vector v_hostname = + parser.getValuesFromContainer( nodeList.item(i), + "Host" ); + + Vector v_https_ee_port = + parser.getValuesFromContainer( nodeList.item(i), + "SecurePort" ); + + Vector v_https_admin_port = + parser.getValuesFromContainer( nodeList.item(i), + "SecureAdminPort" ); + + if( v_hostname.elementAt( 0 ).equals( hostname ) && + v_https_ee_port.elementAt( 0 ).equals( https_ee_port ) ) { + https_admin_port = + v_https_admin_port.elementAt( 0 ).toString(); + break; + } + } + } catch (Exception e) { + CMS.debug( e.toString() ); + } + + return( https_admin_port ); + } + public String getSecurityDomainPort( IConfigStore config, String portType ) { String port = new String(); -- cgit