예제 #1
0
  public void update(HttpServletRequest request, HttpServletResponse response, Context context)
      throws IOException {
    IConfigStore config = CMS.getConfigStore();
    String subsystemNick;
    try {
      subsystemNick = config.getString("preop.cert.subsystem.nickname");
    } catch (EBaseException e1) {
      e1.printStackTrace();
      throw new IOException("Failed to get subsystem certificate nickname");
    }

    String url = HttpInput.getString(request, "urls");
    URI caUri = null;
    String parsedURI = url.substring(url.lastIndexOf("http"));
    try {
      caUri = new URI(parsedURI);
    } catch (URISyntaxException e) {
      throw new IOException("Invalid URI " + parsedURI);
    }

    // TODO: get installer from session
    TPSInstaller installer = new TPSInstaller();
    installer.configureCAConnector(caUri, subsystemNick);

    String host = caUri.getHost();
    int port = caUri.getPort();

    // Note -
    // list contains EE port. If admin port is different, it needs to
    // be obtained from security domain and used to get the cert chain

    /* int admin_port = ConfigurationUtils.getPortFromSecurityDomain(domainXML,
            host, port, "CA", "SecurePort", "SecureAdminPort");
    */

    try {
      ConfigurationUtils.importCertChain(host, port, "/ca/admin/ca/getCertChain", "ca");
    } catch (CertificateException
        | SAXException
        | ParserConfigurationException
        | NotInitializedException
        | TokenException
        | EBaseException e) {
      e.printStackTrace();
      throw new IOException("Failed to import certificate chain from CA");
    }

    context.put("updateStatus", "success");
  }
예제 #2
0
파일: GetPk12.java 프로젝트: encukou/pki
  /**
   * Process the HTTP request.
   *
   * <ul>
   *   <li>http.param recoveryID ID of request to recover
   * </ul>
   *
   * @param cmsReq the object holding the request and response information
   */
  public void process(CMSRequest cmsReq) throws EBaseException {

    HttpServletRequest req = cmsReq.getHttpReq();
    HttpServletResponse resp = cmsReq.getHttpResp();
    String auditMessage = null;
    String recoveryID = null;
    String agent = null;

    IAuthToken authToken = authenticate(cmsReq);

    AuthzToken authzToken = null;

    try {
      authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, "download");
    } catch (EAuthzAccessDenied e) {
      log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
    } catch (Exception e) {
      log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
    }

    if (authzToken == null) {
      cmsReq.setStatus(ICMSRequest.UNAUTHORIZED);
      return;
    }

    CMSTemplate form = null;
    Locale[] locale = new Locale[1];

    try {
      form = getTemplate(mFormPath, req, locale);
    } catch (IOException e) {
      log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
      throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
    }

    cmsReq.setStatus(ICMSRequest.SUCCESS);
    IArgBlock header = CMS.createArgBlock();
    IArgBlock fixed = CMS.createArgBlock();
    CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);

    // get status and populate argSet
    try {
      recoveryID = req.getParameter("recoveryID");

      header.addStringValue("recoveryID", recoveryID);

      Hashtable<String, Object> params = mService.getRecoveryParams(recoveryID);

      if (params == null) {
        log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID));
        throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID));
      }

      // only the init DRM agent can get the pkcs12
      SessionContext sContext = SessionContext.getContext();
      if (sContext != null) {
        agent = (String) sContext.get(SessionContext.USER_ID);
      }

      if (agent == null) {
        CMS.debug("GetPk12::process() - agent is null!");
        throw new EBaseException("agent is null");
      }

      String initAgent = (String) params.get("agent");

      if (!agent.equals(initAgent)) {
        log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSGW_INVALID_AGENT_3", recoveryID, initAgent));

        throw new ECMSGWException(
            CMS.getUserMessage("CMS_GW_INVALID_AGENT", agent, initAgent, recoveryID));
      }

      header.addStringValue("serialNumber", (String) params.get("keyID"));

      // got all approval, return pk12
      byte pkcs12[] = ((IKeyRecoveryAuthority) mService).getPk12(recoveryID);

      if (pkcs12 != null) {
        mService.destroyRecoveryParams(recoveryID);
        try {
          resp.setContentType("application/x-pkcs12");
          resp.getOutputStream().write(pkcs12);
          mRenderResult = false;

          auditMessage =
              CMS.getLogMessage(
                  LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,
                  agent,
                  ILogger.SUCCESS,
                  recoveryID,
                  "");

          audit(auditMessage);

          return;
        } catch (IOException e) {
          header.addStringValue(
              OUT_ERROR, CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
        }
      } else if (((IKeyRecoveryAuthority) mService).getError(recoveryID) != null) {
        // error in recovery process
        header.addStringValue(OUT_ERROR, ((IKeyRecoveryAuthority) mService).getError(recoveryID));
      } else {
        // pk12 hasn't been created yet. Shouldn't get here
      }
    } catch (EBaseException e) {
      header.addStringValue(OUT_ERROR, e.toString(locale[0]));
    }

    if ((agent != null) && (recoveryID != null)) {
      auditMessage =
          CMS.getLogMessage(
              LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,
              agent,
              ILogger.FAILURE,
              recoveryID,
              "");

      audit(auditMessage);
    }

    try {
      ServletOutputStream out = resp.getOutputStream();

      resp.setContentType("text/html");
      form.renderOutput(out, argSet);
    } catch (IOException e) {
      log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
      throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
    }

    cmsReq.setStatus(ICMSRequest.SUCCESS);
  }