public boolean isPanelDone() { IConfigStore cs = CMS.getConfigStore(); try { String s = cs.getString("preop.cainfo.select", ""); if (s != null && !s.isEmpty()) { return true; } } catch (EBaseException e) { } return false; }
public void update(HttpServletRequest request, HttpServletResponse response, Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); String subsystemNick; try { subsystemNick = config.getString("preop.cert.subsystem.nickname"); } catch (EBaseException e1) { e1.printStackTrace(); throw new IOException("Failed to get subsystem certificate nickname"); } String url = HttpInput.getString(request, "urls"); URI caUri = null; String parsedURI = url.substring(url.lastIndexOf("http")); try { caUri = new URI(parsedURI); } catch (URISyntaxException e) { throw new IOException("Invalid URI " + parsedURI); } // TODO: get installer from session TPSInstaller installer = new TPSInstaller(); installer.configureCAConnector(caUri, subsystemNick); String host = caUri.getHost(); int port = caUri.getPort(); // Note - // list contains EE port. If admin port is different, it needs to // be obtained from security domain and used to get the cert chain /* int admin_port = ConfigurationUtils.getPortFromSecurityDomain(domainXML, host, port, "CA", "SecurePort", "SecureAdminPort"); */ try { ConfigurationUtils.importCertChain(host, port, "/ca/admin/ca/getCertChain", "ca"); } catch (CertificateException | SAXException | ParserConfigurationException | NotInitializedException | TokenException | EBaseException e) { e.printStackTrace(); throw new IOException("Failed to import certificate chain from CA"); } context.put("updateStatus", "success"); }
/** * Process the HTTP request. * * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain * <li>http.param op 'displayIND' - display pretty-print of certificate chain components * </ul> * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateDomainXML: processing..."); String status = SUCCESS; String status2 = SUCCESS; HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); CMS.debug("UpdateDomainXML process: authentication starts"); IAuthToken authToken = null; try { authToken = authenticate(cmsReq); } catch (Exception e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated", null); return; } if (authToken == null) { CMS.debug("UpdateDomainXML process: authToken is null"); outputError(httpResp, AUTH_FAILURE, "Error: not authenticated", null); return; } CMS.debug("UpdateDomainXML process: authentication done"); AuthzToken authzToken = null; try { authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, "modify"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Encountered problem during authorization."); return; } if (authzToken == null) { CMS.debug("UpdateDomainXML process: authorization error"); outputError(httpResp, "Error: Not authorized"); return; } String list = httpReq.getParameter("list"); String type = httpReq.getParameter("type"); String host = httpReq.getParameter("host"); String name = httpReq.getParameter("name"); String sport = httpReq.getParameter("sport"); String agentsport = httpReq.getParameter("agentsport"); String adminsport = httpReq.getParameter("adminsport"); String eecaport = httpReq.getParameter("eeclientauthsport"); String httpport = httpReq.getParameter("httpport"); String domainmgr = httpReq.getParameter("dm"); String clone = httpReq.getParameter("clone"); String operation = httpReq.getParameter("operation"); // ensure required parameters are present // especially important for DS syntax checking String missing = ""; if ((host == null) || host.equals("")) { missing += " host "; } if ((name == null) || name.equals("")) { missing += " name "; } if ((sport == null) || sport.equals("")) { missing += " sport "; } if ((type == null) || type.equals("")) { missing += " type "; } if ((clone == null) || clone.equals("")) { clone = "false"; } if (!missing.equals("")) { CMS.debug( "UpdateDomainXML process: required parameters:" + missing + "not provided in request"); outputError(httpResp, "Error: required parameters: " + missing + "not provided in request"); return; } String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditParams = "host;;" + host + "+name;;" + name + "+sport;;" + sport + "+clone;;" + clone + "+type;;" + type; if (operation != null) { auditParams += "+operation;;" + operation; } else { auditParams += "+operation;;add"; } String basedn = null; String secstore = null; IConfigStore cs = CMS.getConfigStore(); try { basedn = cs.getString("internaldb.basedn"); secstore = cs.getString("securitydomain.store"); } catch (Exception e) { CMS.debug( "Unable to determine security domain name or basedn. Please run the domaininfo migration script"); } if ((basedn != null) && (secstore != null) && (secstore.equals("ldap"))) { // update in ldap LDAPEntry entry = null; String listName = type + "List"; String cn = host + ":"; if ((adminsport != null) && (adminsport != "")) { cn += adminsport; } else { cn += sport; } String dn = "cn=" + cn + ",cn=" + listName + ",ou=Security Domain," + basedn; CMS.debug("UpdateDomainXML: updating LDAP entry: " + dn); LDAPAttributeSet attrs = null; attrs = new LDAPAttributeSet(); attrs.add(new LDAPAttribute("objectclass", "top")); attrs.add(new LDAPAttribute("objectclass", "pkiSubsystem")); attrs.add(new LDAPAttribute("cn", cn)); attrs.add(new LDAPAttribute("Host", host)); attrs.add(new LDAPAttribute("SecurePort", sport)); if ((agentsport != null) && (!agentsport.equals(""))) { attrs.add(new LDAPAttribute("SecureAgentPort", agentsport)); } if ((adminsport != null) && (!adminsport.equals(""))) { attrs.add(new LDAPAttribute("SecureAdminPort", adminsport)); } if ((httpport != null) && (!httpport.equals(""))) { attrs.add(new LDAPAttribute("UnSecurePort", httpport)); } if ((eecaport != null) && (!eecaport.equals(""))) { attrs.add(new LDAPAttribute("SecureEEClientAuthPort", eecaport)); } if ((domainmgr != null) && (!domainmgr.equals(""))) { attrs.add(new LDAPAttribute("DomainManager", domainmgr.toUpperCase())); } attrs.add(new LDAPAttribute("clone", clone.toUpperCase())); attrs.add(new LDAPAttribute("SubsystemName", name)); entry = new LDAPEntry(dn, attrs); if ((operation != null) && (operation.equals("remove"))) { status = remove_from_ldap(dn); String adminUserDN; if ((agentsport != null) && (!agentsport.equals(""))) { adminUserDN = "uid=" + type + "-" + host + "-" + agentsport + ",ou=People," + basedn; } else { adminUserDN = "uid=" + type + "-" + host + "-" + sport + ",ou=People," + basedn; } String userAuditParams = "Scope;;users+Operation;;OP_DELETE+source;;UpdateDomainXML" + "+resource;;" + adminUserDN; if (status.equals(SUCCESS)) { // remove the user for this subsystem's admin status2 = remove_from_ldap(adminUserDN); if (status2.equals(SUCCESS)) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, ILogger.SUCCESS, userAuditParams); audit(auditMessage); // remove this user from the subsystem group userAuditParams = "Scope;;groups+Operation;;OP_DELETE_USER" + "+source;;UpdateDomainXML" + "+resource;;Subsystem Group+user;;" + adminUserDN; dn = "cn=Subsystem Group, ou=groups," + basedn; LDAPModification mod = new LDAPModification( LDAPModification.DELETE, new LDAPAttribute("uniqueMember", adminUserDN)); status2 = modify_ldap(dn, mod); if (status2.equals(SUCCESS)) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, ILogger.SUCCESS, userAuditParams); } else { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, ILogger.FAILURE, userAuditParams); } audit(auditMessage); } else { // error deleting user auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, ILogger.FAILURE, userAuditParams); audit(auditMessage); } } } else { status = add_to_ldap(entry, dn); } } else { // update the domain.xml file String path = CMS.getConfigStore().getString("instanceRoot", "") + "/conf/domain.xml"; CMS.debug("UpdateDomainXML: got path=" + path); try { // using domain.xml file CMS.debug("UpdateDomainXML: Inserting new domain info"); XMLObject parser = new XMLObject(new FileInputStream(path)); Node n = parser.getContainer(list); int count = 0; if ((operation != null) && (operation.equals("remove"))) { // delete node Document doc = parser.getDocument(); NodeList nodeList = doc.getElementsByTagName(type); int len = nodeList.getLength(); for (int i = 0; i < len; i++) { Node nn = nodeList.item(i); Vector<String> v_name = parser.getValuesFromContainer(nn, "SubsystemName"); Vector<String> v_host = parser.getValuesFromContainer(nn, "Host"); Vector<String> v_adminport = parser.getValuesFromContainer(nn, "SecureAdminPort"); if ((v_name.elementAt(0).equals(name)) && (v_host.elementAt(0).equals(host)) && (v_adminport.elementAt(0).equals(adminsport))) { Node parent = nn.getParentNode(); parent.removeChild(nn); count--; break; } } } else { // add node Node parent = parser.createContainer(n, type); parser.addItemToContainer(parent, "SubsystemName", name); parser.addItemToContainer(parent, "Host", host); parser.addItemToContainer(parent, "SecurePort", sport); parser.addItemToContainer(parent, "SecureAgentPort", agentsport); parser.addItemToContainer(parent, "SecureAdminPort", adminsport); parser.addItemToContainer(parent, "SecureEEClientAuthPort", eecaport); parser.addItemToContainer(parent, "UnSecurePort", httpport); parser.addItemToContainer(parent, "DomainManager", domainmgr.toUpperCase()); parser.addItemToContainer(parent, "Clone", clone.toUpperCase()); count++; } // update count String countS = ""; NodeList nlist = n.getChildNodes(); Node countnode = null; for (int i = 0; i < nlist.getLength(); i++) { Element nn = (Element) nlist.item(i); String tagname = nn.getTagName(); if (tagname.equals("SubsystemCount")) { countnode = nn; NodeList nlist1 = nn.getChildNodes(); Node nn1 = nlist1.item(0); countS = nn1.getNodeValue(); break; } } CMS.debug("UpdateDomainXML process: SubsystemCount=" + countS); try { count += Integer.parseInt(countS); } catch (Exception ee) { } n.removeChild(countnode); parser.addItemToContainer(n, "SubsystemCount", "" + count); // recreate domain.xml CMS.debug("UpdateDomainXML: Recreating domain.xml"); byte[] b = parser.toByteArray(); FileOutputStream fos = new FileOutputStream(path); fos.write(b); fos.close(); } catch (Exception e) { CMS.debug("Failed to update domain.xml file" + e.toString()); status = FAILED; } } if (status.equals(SUCCESS)) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, auditSubjectID, ILogger.SUCCESS, auditParams); } else { // what if already exists or already deleted auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, auditSubjectID, ILogger.FAILURE, auditParams); } audit(auditMessage); if (status.equals(SUCCESS) && status2.equals(SUCCESS)) { status = SUCCESS; } else { status = FAILED; } try { // send success status back to the requestor CMS.debug("UpdateDomainXML: Sending response"); XMLObject xmlObj = new XMLObject(); Node root = xmlObj.createRoot("XMLResponse"); xmlObj.addItemToContainer(root, "Status", status); byte[] cb = xmlObj.toByteArray(); outputResult(httpResp, "application/xml", cb); } catch (Exception e) { CMS.debug("UpdateDomainXML: Failed to send the XML output" + e.toString()); } }
public CAApplication() { // account classes.add(AccountService.class); // installer classes.add(CAInstallerService.class); // sub-ca management classes.add(AuthorityService.class); // certs and requests classes.add(CertService.class); classes.add(CertRequestService.class); // profile management classes.add(ProfileService.class); // selftests classes.add(SelfTestService.class); // user and group management classes.add(GroupService.class); classes.add(UserService.class); // system certs classes.add(SystemCertService.class); // kra connector classes.add(KRAConnectorService.class); // features classes.add(FeatureService.class); // security domain IConfigStore cs = CMS.getConfigStore(); // check server state int state; try { state = cs.getInteger("cs.state"); } catch (EBaseException e) { CMS.debug(e); throw new RuntimeException(e); } // if server is configured, check security domain selection if (state == 1) { String select; try { select = cs.getString("securitydomain.select"); } catch (EBaseException e) { CMS.debug(e); throw new RuntimeException(e); } // if it's a new security domain, register the service if ("new".equals(select)) { classes.add(SecurityDomainService.class); } } // exception mapper classes.add(PKIExceptionMapper.class); // interceptors singletons.add(new SessionContextInterceptor()); singletons.add(new AuthMethodInterceptor()); singletons.add(new ACLInterceptor()); singletons.add(new MessageFormatInterceptor()); }