public static void restUploadConfig(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ServletException { final PwmApplication pwmApplication = pwmRequest.getPwmApplication(); final PwmSession pwmSession = pwmRequest.getPwmSession(); final HttpServletRequest req = pwmRequest.getHttpServletRequest(); if (pwmApplication.getApplicationMode() == PwmApplication.MODE.RUNNING) { final String errorMsg = "config upload is not permitted when in running mode"; final ErrorInformation errorInformation = new ErrorInformation(PwmError.CONFIG_UPLOAD_FAILURE, errorMsg, new String[] {errorMsg}); pwmRequest.respondWithError(errorInformation, true); return; } if (ServletFileUpload.isMultipartContent(req)) { final InputStream uploadedFile = ServletHelper.readFileUpload(req, "uploadFile"); if (uploadedFile != null) { try { final StoredConfigurationImpl storedConfig = StoredConfigurationImpl.fromXml(uploadedFile); final List<String> configErrors = storedConfig.validateValues(); if (configErrors != null && !configErrors.isEmpty()) { throw new PwmOperationalException( new ErrorInformation(PwmError.CONFIG_FORMAT_ERROR, configErrors.get(0))); } writeConfig(ContextManager.getContextManager(req.getSession()), storedConfig); LOGGER.trace(pwmSession, "read config from file: " + storedConfig.toString()); final RestResultBean restResultBean = new RestResultBean(); restResultBean.setSuccessMessage("read message"); pwmRequest.getPwmResponse().outputJsonResult(restResultBean); req.getSession().invalidate(); } catch (PwmException e) { final RestResultBean restResultBean = RestResultBean.fromError(e.getErrorInformation(), pwmRequest); pwmRequest.getPwmResponse().outputJsonResult(restResultBean); LOGGER.error(pwmSession, e.getErrorInformation().toDebugStr()); } } else { final ErrorInformation errorInformation = new ErrorInformation( PwmError.CONFIG_UPLOAD_FAILURE, "error reading config file: no file present in upload"); final RestResultBean restResultBean = RestResultBean.fromError(errorInformation, pwmRequest); pwmRequest.getPwmResponse().outputJsonResult(restResultBean); LOGGER.error(pwmSession, errorInformation.toDebugStr()); } } }
private void restLdapHealth(final PwmRequest pwmRequest, final ConfigGuideBean configGuideBean) throws IOException, PwmUnrecoverableException { final Configuration tempConfiguration = new Configuration(configGuideBean.getStoredConfiguration()); final PwmApplication tempApplication = new PwmApplication.PwmEnvironment( tempConfiguration, pwmRequest.getPwmApplication().getApplicationPath()) .setApplicationMode(PwmApplication.MODE.NEW) .setInternalRuntimeInstance(true) .setWebInfPath(pwmRequest.getPwmApplication().getWebInfPath()) .createPwmApplication(); final LDAPStatusChecker ldapStatusChecker = new LDAPStatusChecker(); final List<HealthRecord> records = new ArrayList<>(); final LdapProfile ldapProfile = tempConfiguration.getDefaultLdapProfile(); switch (configGuideBean.getStep()) { case LDAP_SERVER: { try { checkLdapServer(configGuideBean); records.add(password.pwm.health.HealthRecord.forMessage(HealthMessage.LDAP_OK)); } catch (Exception e) { records.add( new HealthRecord( HealthStatus.WARN, HealthTopic.LDAP, "Can not connect to remote server: " + e.getMessage())); } } break; case LDAP_ADMIN: { records.addAll( ldapStatusChecker.checkBasicLdapConnectivity( tempApplication, tempConfiguration, ldapProfile, false)); if (records.isEmpty()) { records.add(password.pwm.health.HealthRecord.forMessage(HealthMessage.LDAP_OK)); } } break; case LDAP_CONTEXT: { records.addAll( ldapStatusChecker.checkBasicLdapConnectivity( tempApplication, tempConfiguration, ldapProfile, true)); if (records.isEmpty()) { records.add( new HealthRecord( HealthStatus.GOOD, HealthTopic.LDAP, "LDAP Contextless Login Root validated")); } try { final UserMatchViewerFunction userMatchViewerFunction = new UserMatchViewerFunction(); final Collection<UserIdentity> results = userMatchViewerFunction.discoverMatchingUsers( pwmRequest.getPwmApplication(), 2, configGuideBean.getStoredConfiguration(), PwmSetting.QUERY_MATCH_PWM_ADMIN, null); if (results.isEmpty()) { records.add( new HealthRecord(HealthStatus.WARN, HealthTopic.LDAP, "No matching admin users")); } else { records.add( new HealthRecord(HealthStatus.GOOD, HealthTopic.LDAP, "Admin group validated")); } } catch (PwmException e) { records.add( new HealthRecord( HealthStatus.WARN, HealthTopic.LDAP, "Error during admin group validation: " + e.getErrorInformation().toDebugStr())); } catch (Exception e) { records.add( new HealthRecord( HealthStatus.WARN, HealthTopic.LDAP, "Error during admin group validation: " + e.getMessage())); } } break; case LDAP_TESTUSER: { final String testUserValue = configGuideBean.getFormData().get(PARAM_LDAP_TEST_USER); if (testUserValue != null && !testUserValue.isEmpty()) { records.addAll( ldapStatusChecker.checkBasicLdapConnectivity( tempApplication, tempConfiguration, ldapProfile, false)); records.addAll( ldapStatusChecker.doLdapTestUserCheck( tempConfiguration, ldapProfile, tempApplication)); } else { records.add( new HealthRecord(HealthStatus.CAUTION, HealthTopic.LDAP, "No test user specified")); } } break; } HealthData jsonOutput = new HealthData(); jsonOutput.records = password.pwm.ws.server.rest.bean.HealthRecord.fromHealthRecords( records, pwmRequest.getLocale(), tempConfiguration); jsonOutput.timestamp = new Date(); jsonOutput.overall = HealthMonitor.getMostSevereHealthStatus(records).toString(); final RestResultBean restResultBean = new RestResultBean(); restResultBean.setData(jsonOutput); pwmRequest.outputJsonResult(restResultBean); }
@Override protected void processAction(final PwmRequest pwmRequest) throws ServletException, IOException, ChaiUnavailableException, PwmUnrecoverableException { final PwmSession pwmSession = pwmRequest.getPwmSession(); final PwmApplication pwmApplication = pwmRequest.getPwmApplication(); if ((pwmSession.getSessionBean(ConfigGuideBean.class)).getStep() == STEP.START) { pwmSession.clearSessionBeans(); pwmSession.getSessionStateBean().setTheme(null); } final ConfigGuideBean configGuideBean = pwmSession.getSessionBean(ConfigGuideBean.class); if (pwmApplication.getApplicationMode() != PwmApplication.MODE.NEW) { final ErrorInformation errorInformation = new ErrorInformation( PwmError.ERROR_SERVICE_NOT_AVAILABLE, "ConfigGuide unavailable unless in NEW mode"); LOGGER.error(pwmSession, errorInformation.toDebugStr()); pwmRequest.respondWithError(errorInformation); return; } if (!configGuideBean.getFormData().containsKey(PARAM_APP_SITEURL)) { final URI uri = URI.create(pwmRequest.getHttpServletRequest().getRequestURL().toString()); final int port = Helper.portForUriSchema(uri); final String newUri = uri.getScheme() + "://" + uri.getHost() + ":" + port + pwmRequest.getContextPath(); configGuideBean.getFormData().put(PARAM_APP_SITEURL, newUri); } pwmSession.setSessionTimeout( pwmRequest.getHttpServletRequest().getSession(), Integer.parseInt( pwmApplication.getConfig().readAppProperty(AppProperty.CONFIG_GUIDE_IDLE_TIMEOUT))); if (configGuideBean.getStep() == STEP.LDAP_CERT) { final String ldapServerString = ((List<String>) configGuideBean .getStoredConfiguration() .readSetting(PwmSetting.LDAP_SERVER_URLS, LDAP_PROFILE_KEY) .toNativeObject()) .get(0); try { final URI ldapServerUri = new URI(ldapServerString); if ("ldaps".equalsIgnoreCase(ldapServerUri.getScheme())) { configGuideBean.setLdapCertificates(X509Utils.readRemoteCertificates(ldapServerUri)); configGuideBean.setCertsTrustedbyKeystore( X509Utils.testIfLdapServerCertsInDefaultKeystore(ldapServerUri)); } else { configGuideBean.setLdapCertificates(null); configGuideBean.setCertsTrustedbyKeystore(false); } } catch (Exception e) { LOGGER.error("error reading/testing ldap server certificates: " + e.getMessage()); } } final ConfigGuideAction action = readProcessAction(pwmRequest); if (action != null) { pwmRequest.validatePwmFormID(); switch (action) { case ldapHealth: restLdapHealth(pwmRequest, configGuideBean); return; case updateForm: restUpdateLdapForm(pwmRequest, configGuideBean); return; case gotoStep: restGotoStep(pwmRequest, configGuideBean); return; case useConfiguredCerts: restUseConfiguredCerts(pwmRequest, configGuideBean); return; case uploadConfig: restUploadConfig(pwmRequest); return; case extendSchema: restExtendSchema(pwmRequest, configGuideBean); return; case viewAdminMatches: restViewAdminMatches(pwmRequest, configGuideBean); return; case browseLdap: restBrowseLdap(pwmRequest, configGuideBean); } } if (!pwmRequest.getPwmResponse().getHttpServletResponse().isCommitted()) { forwardToJSP(pwmRequest); } }