// --- BEGIN COPYRIGHT BLOCK --- // This program is free software; you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation; version 2 of the License. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License along // with this program; if not, write to the Free Software Foundation, Inc., // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. // // (C) 2007 Red Hat, Inc. // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; import java.io.IOException; import java.math.BigInteger; import java.util.Enumeration; import java.util.Locale; import java.util.Vector; import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import netscape.security.x509.AlgorithmId; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.authorization.AuthzToken; import com.netscape.certsrv.authorization.EAuthzAccessDenied; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.ca.ICRLIssuingPoint; import com.netscape.certsrv.ca.ICertificateAuthority; import com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord; import com.netscape.certsrv.dbs.crldb.ICRLRepository; import com.netscape.certsrv.logging.ILogger; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; /** * Get detailed information about CA CRL processing * * @version $Revision$, $Date$ */ public class GetInfo extends CMSServlet { /** * */ private static final long serialVersionUID = 1909881831730252799L; private ICertificateAuthority mCA = null; /** * Constructs GetInfo servlet. */ public GetInfo() { super(); } /** * initialize the servlet. * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); if (mAuthority instanceof ICertificateAuthority) mCA = (ICertificateAuthority) mAuthority; // override success to do output our own template. mTemplates.remove(CMSRequest.SUCCESS); } /** * XXX Process the HTTP request. * * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); IAuthToken authToken = authenticate(cmsReq); AuthzToken authzToken = null; try { authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } EBaseException error = null; IArgBlock header = CMS.createArgBlock(); IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); String template = req.getParameter("template"); String formFile = ""; /* for (int i = 0; ((template != null) && (i < template.length())); i++) { char c = template.charAt(i); if (!Character.isLetterOrDigit(c) && c != '_' && c != '-') { template = null; break; } } */ if (template != null) { formFile = template + ".template"; } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1")); throw new ECMSGWException( CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } CMSTemplate form = null; Locale[] locale = new Locale[1]; CMS.debug("*** formFile = " + formFile); try { form = getTemplate(formFile, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formFile, e.toString())); throw new ECMSGWException( CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { process(argSet, header, req, resp, locale[0]); } catch (EBaseException e) { error = e; } try { ServletOutputStream out = resp.getOutputStream(); if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { outputXML(resp, argSet); } else { resp.setContentType("text/html"); form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } private void process(CMSTemplateParams argSet, IArgBlock header, HttpServletRequest req, HttpServletResponse resp, Locale locale) throws EBaseException { if (mCA != null) { String crlIssuingPoints = ""; String crlNumbers = ""; String deltaNumbers = ""; String crlSizes = ""; String deltaSizes = ""; String crlDescriptions = ""; StringBuffer crlSplits = new StringBuffer(); String recentChanges = ""; String crlTesting = ""; boolean isDeltaCRLEnabled = false; String masterHost = CMS.getConfigStore().getString("master.ca.agent.host", ""); String masterPort = CMS.getConfigStore().getString("master.ca.agent.port", ""); if (masterHost != null && masterHost.length() > 0 && masterPort != null && masterPort.length() > 0) { ICRLRepository crlRepository = mCA.getCRLRepository(); Vector ipNames = crlRepository.getIssuingPointsNames(); for (int i = 0; i < ipNames.size(); i++) { String ipName = ipNames.elementAt(i); ICRLIssuingPointRecord crlRecord = null; try { crlRecord = crlRepository.readCRLIssuingPointRecord(ipName); } catch (Exception e) { } if (crlRecord != null) { if (crlIssuingPoints.length() > 0) crlIssuingPoints += "+"; crlIssuingPoints += ipName; BigInteger crlNumber = crlRecord.getCRLNumber(); if (crlNumbers.length() > 0) crlNumbers += "+"; if (crlNumber != null) crlNumbers += crlNumber.toString(); if (crlSizes.length() > 0) crlSizes += "+"; crlSizes += ((crlRecord.getCRLSize() != null) ? crlRecord.getCRLSize().toString() : "-1"); if (deltaSizes.length() > 0) deltaSizes += "+"; long dSize = -1; if (crlRecord.getDeltaCRLSize() != null) dSize = crlRecord.getDeltaCRLSize().longValue(); deltaSizes += dSize; BigInteger deltaNumber = crlRecord.getDeltaCRLNumber(); if (deltaNumbers.length() > 0) deltaNumbers += "+"; if (deltaNumber != null && dSize > -1) { deltaNumbers += deltaNumber.toString(); isDeltaCRLEnabled |= true; } else { deltaNumbers += "0"; } if (recentChanges.length() > 0) recentChanges += "+"; recentChanges += "-, -, -"; if (crlTesting.length() > 0) crlTesting += "+"; crlTesting += "0"; } } } else { Enumeration ips = mCA.getCRLIssuingPoints(); while (ips.hasMoreElements()) { ICRLIssuingPoint ip = ips.nextElement(); if (ip.isCRLIssuingPointEnabled()) { if (crlIssuingPoints.length() > 0) crlIssuingPoints += "+"; crlIssuingPoints += ip.getId(); BigInteger crlNumber = ip.getCRLNumber(); if (crlNumbers.length() > 0) crlNumbers += "+"; if (crlNumber != null) crlNumbers += crlNumber.toString(); BigInteger deltaNumber = ip.getDeltaCRLNumber(); if (deltaNumbers.length() > 0) deltaNumbers += "+"; if (deltaNumber != null) deltaNumbers += deltaNumber.toString(); if (crlSizes.length() > 0) crlSizes += "+"; crlSizes += ip.getCRLSize(); if (deltaSizes.length() > 0) deltaSizes += "+"; deltaSizes += ip.getDeltaCRLSize(); if (crlDescriptions.length() > 0) crlDescriptions += "+"; crlDescriptions += ip.getDescription(); if (recentChanges.length() > 0) recentChanges += "+"; if (ip.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_PUBLISHING_STARTED) { recentChanges += "Publishing CRL #" + ip.getCRLNumber(); } else if (ip.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_STARTED) { recentChanges += "Creating CRL #" + ip.getNextCRLNumber(); } else { // ip.CRL_UPDATE_DONE recentChanges += ip.getNumberOfRecentlyRevokedCerts() + ", " + ip.getNumberOfRecentlyUnrevokedCerts() + ", " + ip.getNumberOfRecentlyExpiredCerts(); } isDeltaCRLEnabled |= ip.isDeltaCRLEnabled(); if (crlSplits.length() > 0) crlSplits.append("+"); Vector splits = ip.getSplitTimes(); for (int i = 0; i < splits.size(); i++) { crlSplits.append(splits.elementAt(i)); if (i + 1 < splits.size()) crlSplits.append(","); } if (crlTesting.length() > 0) crlTesting += "+"; crlTesting += ((ip.isCRLCacheTestingEnabled()) ? "1" : "0"); } } } header.addStringValue("crlIssuingPoints", crlIssuingPoints); header.addStringValue("crlDescriptions", crlDescriptions); header.addStringValue("crlNumbers", crlNumbers); header.addStringValue("deltaNumbers", deltaNumbers); header.addStringValue("crlSizes", crlSizes); header.addStringValue("deltaSizes", deltaSizes); header.addStringValue("crlSplits", crlSplits.toString()); header.addStringValue("crlTesting", crlTesting); header.addBooleanValue("isDeltaCRLEnabled", isDeltaCRLEnabled); header.addStringValue("master_host", masterHost); header.addStringValue("master_port", masterPort); header.addStringValue("masterCRLIssuingPoint", ICertificateAuthority.PROP_MASTER_CRL); ICRLIssuingPoint ip0 = mCA.getCRLIssuingPoint(ICertificateAuthority.PROP_MASTER_CRL); if (ip0 != null) { header.addStringValue("defaultAlgorithm", ip0.getSigningAlgorithm()); } if (recentChanges.length() > 0) header.addStringValue("recentChanges", recentChanges); String validAlgorithms = null; String[] allAlgorithms = mCA.getCASigningAlgorithms(); if (allAlgorithms == null) { CMS.debug("GetInfo: signing algorithms set to All algorithms"); allAlgorithms = AlgorithmId.ALL_SIGNING_ALGORITHMS; } for (int i = 0; i < allAlgorithms.length; i++) { if (i > 0) { validAlgorithms += "+" + allAlgorithms[i]; } else { validAlgorithms = allAlgorithms[i]; } } if (validAlgorithms != null) header.addStringValue("validAlgorithms", validAlgorithms); } return; } }