[Pki-devel] [PATCH] 655 Replaced legacy HttpClient.
Endi Sukma Dewata
edewata at redhat.com
Wed Oct 21 15:49:40 UTC 2015
The ConfigurationUtils and CertUtil have been modified to use
PKIConnection which uses Apache HttpClient instead of the legacy
custom HttpClient. The POST request content is now created using
MultivaluedMap.
The PKIConnection has been modified to provide a get() method to
send an HTTP GET request. The post() method was modified to accept
a path parameter.
https://fedorahosted.org/pki/ticket/342
--
Endi S. Dewata
-------------- next part --------------
From c6a63324fdaea37fcc8f429a98bea753774f47cc Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata at redhat.com>
Date: Tue, 20 Oct 2015 21:07:33 +0200
Subject: [PATCH] Replaced legacy HttpClient.
The ConfigurationUtils and CertUtil have been modified to use
PKIConnection which uses Apache HttpClient instead of the legacy
custom HttpClient. The POST request content is now created using
MultivaluedMap.
The PKIConnection has been modified to provide a get() method to
send an HTTP GET request. The post() method was modified to accept
a path parameter.
https://fedorahosted.org/pki/ticket/342
---
.../com/netscape/certsrv/client/PKIConnection.java | 19 +-
.../cms/authentication/TokenAuthentication.java | 38 +-
.../com/netscape/cms/servlet/csadmin/CertUtil.java | 85 ++--
.../cms/servlet/csadmin/ConfigurationUtils.java | 431 ++++++++++-----------
.../dogtagpki/server/rest/SystemConfigService.java | 10 +-
5 files changed, 275 insertions(+), 308 deletions(-)
diff --git a/base/common/src/com/netscape/certsrv/client/PKIConnection.java b/base/common/src/com/netscape/certsrv/client/PKIConnection.java
index 85b6c208227c0f079e69abfab3a24d953bb26716..b3378b7714df5cbce079406e521883202af15f12 100644
--- a/base/common/src/com/netscape/certsrv/client/PKIConnection.java
+++ b/base/common/src/com/netscape/certsrv/client/PKIConnection.java
@@ -444,9 +444,22 @@ public class PKIConnection {
}
}
- public String post(MultivaluedMap<String, String> form) throws Exception {
- ResteasyWebTarget target = resteasyClient.target(config.getServerURI());
- return target.request().post(Entity.form(form), String.class);
+ public String get(String path) throws Exception {
+ String uri = config.getServerURI().toString();
+ if (path != null) {
+ uri += path;
+ }
+ ResteasyWebTarget target = resteasyClient.target(uri);
+ return target.request().get(String.class);
+ }
+
+ public String post(String path, MultivaluedMap<String, String> content) throws Exception {
+ String uri = config.getServerURI().toString();
+ if (path != null) {
+ uri += path;
+ }
+ ResteasyWebTarget target = resteasyClient.target(uri);
+ return target.request().post(Entity.form(content), String.class);
}
public File getOutput() {
diff --git a/base/server/cms/src/com/netscape/cms/authentication/TokenAuthentication.java b/base/server/cms/src/com/netscape/cms/authentication/TokenAuthentication.java
index 5eeddecb38c5a780fcab22a54dd9a13bdf88537c..ebda0b6209ebd5b4da91d872a0cb165385e26f46 100644
--- a/base/server/cms/src/com/netscape/cms/authentication/TokenAuthentication.java
+++ b/base/server/cms/src/com/netscape/cms/authentication/TokenAuthentication.java
@@ -18,11 +18,13 @@
package com.netscape.cms.authentication;
import java.io.ByteArrayInputStream;
-import java.io.IOException;
import java.util.Enumeration;
import java.util.Locale;
import java.util.Vector;
+import javax.ws.rs.core.MultivaluedHashMap;
+import javax.ws.rs.core.MultivaluedMap;
+
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.authentication.AuthToken;
import com.netscape.certsrv.authentication.EInvalidCredentials;
@@ -38,10 +40,7 @@ import com.netscape.certsrv.profile.IProfile;
import com.netscape.certsrv.profile.IProfileAuthenticator;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-import com.netscape.cmsutil.http.HttpClient;
-import com.netscape.cmsutil.http.HttpRequest;
-import com.netscape.cmsutil.http.HttpResponse;
-import com.netscape.cmsutil.http.JssSSLSocketFactory;
+import com.netscape.cms.servlet.csadmin.ConfigurationUtils;
import com.netscape.cmsutil.xml.XMLObject;
/**
@@ -138,7 +137,9 @@ public class TokenAuthentication implements IAuthManager,
int authEEPort = sconfig.getInteger("securitydomain.httpseeport");
String authURL = "/ca/admin/ca/tokenAuthenticate";
- String content = CRED_SESSION_ID + "=" + sessionId + "&hostname=" + givenHost;
+ MultivaluedMap<String, String> content = new MultivaluedHashMap<String, String>();
+ content.putSingle(CRED_SESSION_ID, sessionId);
+ content.putSingle("hostname", givenHost);
CMS.debug("TokenAuthentication: content=" + content);
String c = null;
@@ -158,7 +159,7 @@ public class TokenAuthentication implements IAuthManager,
authURL = "/ca/ee/ca/tokenAuthenticate";
try {
c = sendAuthRequest(authHost, authEEPort, authURL, content);
- } catch (IOException e1) {
+ } catch (Exception e1) {
CMS.debug("TokenAuthenticate: failed to contact EE host:port "
+ authHost + ":" + authAdminPort + " " + e1);
throw new EBaseException(e1.getMessage());
@@ -208,27 +209,10 @@ public class TokenAuthentication implements IAuthManager,
return authToken;
}
- private String sendAuthRequest(String authHost, int authPort, String authUrl, String content)
- throws IOException {
- HttpClient httpclient = new HttpClient();
- String c = null;
+ private String sendAuthRequest(String authHost, int authPort, String authUrl, MultivaluedMap<String, String> content)
+ throws Exception {
- JssSSLSocketFactory factory = new JssSSLSocketFactory();
- httpclient = new HttpClient(factory);
- httpclient.connect(authHost, authPort);
- HttpRequest httprequest = new HttpRequest();
- httprequest.setMethod(HttpRequest.POST);
- httprequest.setURI(authUrl);
- httprequest.setHeader("user-agent", "HTTPTool/1.0");
- httprequest.setHeader("content-length", "" + content.length());
- httprequest.setHeader("content-type",
- "application/x-www-form-urlencoded");
- httprequest.setContent(content);
-
- HttpResponse httpresponse = httpclient.send(httprequest);
- c = httpresponse.getContent();
-
- return c;
+ return ConfigurationUtils.post(authHost, authPort, true, authUrl, content, null, null);
}
/**
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
index a3be87c76a30ec89e7b5cf9670342b92c58a36c6..0df4b828b087769eee143c9e2f4cd45c8a3eb350 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
@@ -28,6 +28,7 @@ import java.util.Properties;
import java.util.Set;
import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.core.MultivaluedMap;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
@@ -35,6 +36,7 @@ import org.apache.velocity.context.Context;
import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.crypto.PrivateKey;
import org.mozilla.jss.crypto.X509Certificate;
+import org.xml.sax.SAXException;
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.ConflictingOperationException;
@@ -54,10 +56,6 @@ import com.netscape.certsrv.usrgrp.IGroup;
import com.netscape.certsrv.usrgrp.IUGSubsystem;
import com.netscape.certsrv.usrgrp.IUser;
import com.netscape.cmsutil.crypto.CryptoUtil;
-import com.netscape.cmsutil.http.HttpClient;
-import com.netscape.cmsutil.http.HttpRequest;
-import com.netscape.cmsutil.http.HttpResponse;
-import com.netscape.cmsutil.http.JssSSLSocketFactory;
import com.netscape.cmsutil.xml.XMLObject;
import netscape.security.pkcs.PKCS10;
@@ -72,67 +70,46 @@ public class CertUtil {
static final int LINE_COUNT = 76;
public static X509CertImpl createRemoteCert(String hostname,
- int port, String content, HttpServletResponse response)
- throws IOException {
- HttpClient httpclient = new HttpClient();
- String c = null;
- CMS.debug("CertUtil createRemoteCert: content " + content);
- try {
- JssSSLSocketFactory factory = new JssSSLSocketFactory();
+ int port, MultivaluedMap<String, String> content, HttpServletResponse response)
+ throws Exception {
- httpclient = new HttpClient(factory);
- httpclient.connect(hostname, port);
- HttpRequest httprequest = new HttpRequest();
+ CMS.debug("CertUtil: content: " + content);
- httprequest.setMethod(HttpRequest.POST);
- httprequest.setURI("/ca/ee/ca/profileSubmit");
- httprequest.setHeader("user-agent", "HTTPTool/1.0");
- httprequest.setHeader("content-length", "" + content.length());
- httprequest.setHeader("content-type",
- "application/x-www-form-urlencoded");
- httprequest.setContent(content);
- HttpResponse httpresponse = httpclient.send(httprequest);
-
- c = httpresponse.getContent();
- } catch (Exception e) {
- CMS.debug("CertUtil createRemoteCert: " + e.toString());
- throw new IOException(e.toString());
- }
+ String c = ConfigurationUtils.post(hostname, port, true, "/ca/ee/ca/profileSubmit", content, null, null);
if (c != null) {
+ ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
+ XMLObject parser;
try {
- ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
- XMLObject parser = null;
+ parser = new XMLObject(bis);
+ } catch (SAXException e) {
+ CMS.debug("CertUtil: Unable to parse XML response:");
+ CMS.debug(c);
+ CMS.debug(e);
+ throw e;
+ }
+
+ String status = parser.getValue("Status");
- try {
- parser = new XMLObject(bis);
- } catch (Exception e) {
- CMS.debug("CertUtil::createRemoteCert() - "
- + "Exception=" + e.toString());
- throw new IOException(e.toString());
- }
- String status = parser.getValue("Status");
+ CMS.debug("CertUtil: status: " + status);
+ if (!status.equals("0")) {
+ String error = parser.getValue("Error");
+ CMS.debug("CertUtil: error: " + error);
+ throw new IOException(error);
+ }
- CMS.debug("CertUtil createRemoteCert: status=" + status);
- if (!status.equals("0")) {
- String error = parser.getValue("Error");
- throw new IOException(error);
- }
+ String b64 = parser.getValue("b64");
- String b64 = parser.getValue("b64");
+ CMS.debug("CertUtil: cert: " + b64);
+ b64 = CryptoUtil.normalizeCertAndReq(b64);
+ byte[] b = CryptoUtil.base64Decode(b64);
- CMS.debug("CertUtil createRemoteCert: " + b64);
- b64 = CryptoUtil.normalizeCertAndReq(b64);
- byte[] b = CryptoUtil.base64Decode(b64);
+ return new X509CertImpl(b);
- return new X509CertImpl(b);
- } catch (Exception e) {
- CMS.debug("CertUtil createRemoteCert: " + e.toString());
- throw new IOException(e.toString());
- }
+ } else {
+ CMS.debug("CertUtil: Missing CA response");
+ throw new Exception("Missing CA response");
}
-
- return null;
}
public static String getPKCS10(IConfigStore config, String prefix,
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
index 4d362930374f15f4f1daa88e0aa4dc606b814340..0640f9b09b5696b5fc1bc0c650e40aaff3eed23b 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
@@ -28,7 +28,6 @@ import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintStream;
import java.math.BigInteger;
-import java.net.ConnectException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLEncoder;
@@ -149,10 +148,6 @@ import com.netscape.certsrv.usrgrp.IGroup;
import com.netscape.certsrv.usrgrp.IUGSubsystem;
import com.netscape.certsrv.usrgrp.IUser;
import com.netscape.cmsutil.crypto.CryptoUtil;
-import com.netscape.cmsutil.http.HttpClient;
-import com.netscape.cmsutil.http.HttpRequest;
-import com.netscape.cmsutil.http.HttpResponse;
-import com.netscape.cmsutil.http.JssSSLSocketFactory;
import com.netscape.cmsutil.ldap.LDAPUtil;
import com.netscape.cmsutil.xml.XMLObject;
@@ -220,95 +215,63 @@ public class ConfigurationUtils {
return rv;
}
- public static String getHttpResponse(String hostname, int port, boolean secure,
- String uri, String content, String clientnickname) throws IOException {
- return getHttpResponse(hostname, port, secure, uri, content, clientnickname, null);
+ public static String get(String hostname, int port, boolean secure,
+ String path, String clientnickname,
+ SSLCertificateApprovalCallback certApprovalCallback)
+ throws Exception {
+
+ String protocol = secure ? "https" : "http";
+ ClientConfig config = new ClientConfig();
+ config.setServerURI(protocol + "://" + hostname + ":" + port);
+ config.setCertNickname(clientnickname);
+
+ CMS.debug("ConfigurationUtils: GET " + config.getServerURI() + path);
+ PKIConnection connection = new PKIConnection(config);
+ return connection.get(path);
}
public static String post(String hostname, int port, boolean secure,
- String path, MultivaluedMap<String, String> map, String clientnickname,
+ String path, MultivaluedMap<String, String> content, String clientnickname,
SSLCertificateApprovalCallback certApprovalCallback)
throws Exception {
String protocol = secure ? "https" : "http";
ClientConfig config = new ClientConfig();
- config.setServerURI(protocol + "://" + hostname + ":" + port + path);
+ config.setServerURI(protocol + "://" + hostname + ":" + port);
config.setCertNickname(clientnickname);
- PKIClient client = new PKIClient(config, null);
- PKIConnection connection = client.getConnection();
- return connection.post(map);
- }
-
- //TODO - replace with Jack's connector code
- // or as we replace calls with restful calls, remove altogether
- public static String getHttpResponse(String hostname, int port, boolean secure,
- String uri, String content, String clientnickname,
- SSLCertificateApprovalCallback certApprovalCallback)
- throws IOException {
- HttpClient httpclient = null;
- String c = null;
-
- try {
- if (secure) {
- JssSSLSocketFactory factory = null;
- if (clientnickname != null && clientnickname.length() > 0)
- factory = new JssSSLSocketFactory(clientnickname);
- else
- factory = new JssSSLSocketFactory();
-
- httpclient = new HttpClient(factory, certApprovalCallback);
- } else {
- httpclient = new HttpClient();
- }
- httpclient.connect(hostname, port);
- HttpRequest httprequest = new HttpRequest();
-
- httprequest.setMethod(HttpRequest.POST);
- httprequest.setURI(uri);
- httprequest.setHeader("user-agent", "HTTPTool/1.0");
- httprequest.setHeader("content-type",
- "application/x-www-form-urlencoded");
- if (content != null && content.length() > 0) {
- String content_c = content;
- httprequest.setHeader("content-length", "" + content_c.length());
- httprequest.setContent(content_c);
- }
- HttpResponse httpresponse = httpclient.send(httprequest);
-
- c = httpresponse.getContent();
- //cfu
-
- } catch (ConnectException e) {
- CMS.debug("getHttpResponse: " + e.toString());
- throw new IOException("The server you tried to contact is not running.", e);
-
- } catch (Exception e) {
- CMS.debug("getHttpResponse: " + e.toString());
- throw new IOException(e.toString(), e);
-
- } finally {
- if (httpclient.connected()) {
- httpclient.disconnect();
- }
- }
-
- return c;
+ CMS.debug("ConfigurationUtils: POST " + config.getServerURI() + path);
+ PKIConnection connection = new PKIConnection(config);
+ return connection.post(path, content);
}
public static void importCertChain(String host, int port, String serverPath, String tag)
- throws IOException, SAXException, ParserConfigurationException, CertificateEncodingException,
- CertificateException, NotInitializedException, TokenException, EBaseException {
+ throws Exception {
+
IConfigStore cs = CMS.getConfigStore();
ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
- XMLObject parser = null;
- String c = ConfigurationUtils.getHttpResponse(host, port, true, serverPath, null, null,
+
+ String c = get(host, port, true, serverPath, null,
certApprovalCallback);
+
if (c != null) {
+
ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
- parser = new XMLObject(bis);
+
+ XMLObject parser;
+ try {
+ parser = new XMLObject(bis);
+ } catch (SAXException e) {
+ CMS.debug("ConfigurationUtils: Unable to parse XML response:");
+ CMS.debug(c);
+ CMS.debug(e);
+ throw e;
+ }
+
String certchain = parser.getValue("ChainBase64");
- if ((certchain != null) && (certchain.length() > 0)) {
+
+ if (certchain != null && certchain.length() > 0) {
+
certchain = CryptoUtil.normalizeCertStr(certchain);
cs.putString("preop." + tag + ".pkcs7", certchain);
@@ -320,6 +283,7 @@ public class ConfigurationUtils {
if (b_certchain != null) {
size = b_certchain.length;
}
+
cs.putInteger("preop." + tag + ".certchain.size", size);
for (int i = 0; i < size; i++) {
byte[] bb = b_certchain[i].getEncoded();
@@ -329,9 +293,11 @@ public class ConfigurationUtils {
cs.commit(false);
CryptoUtil.importCertificateChain(certchain);
+
} else {
throw new IOException("importCertChain: Security Domain response does not contain certificate chain");
}
+
} else {
throw new IOException("importCertChain: Failed to get response from security domain");
}
@@ -339,12 +305,6 @@ public class ConfigurationUtils {
public static String getInstallToken(String sdhost, int sdport, String user, String passwd) throws Exception {
IConfigStore cs = CMS.getConfigStore();
- boolean oldtoken = cs.getBoolean("cs.useOldTokenInterface", false);
-
- if (oldtoken) {
- CMS.debug("Getting old token");
- return ConfigurationUtils.getOldToken(sdhost, sdport, user, passwd);
- }
String csType = cs.getString("cs.type");
@@ -393,33 +353,16 @@ public class ConfigurationUtils {
+ CMS.getAdminPort() + "/ca/admin/console/config/wizard" +
"?p=5&subsystem=" + cs.getString("cs.type");
- MultivaluedMap<String, String> map = new MultivaluedHashMap<String, String>();
- map.putSingle("uid", user);
- map.putSingle("pwd", passwd);
- map.putSingle("url", subca_url);
+ MultivaluedMap<String, String> content = new MultivaluedHashMap<String, String>();
+ content.putSingle("uid", user);
+ content.putSingle("pwd", passwd);
+ content.putSingle("url", subca_url);
String body = post(sdhost, sdport, true, "/ca/admin/ca/getCookie",
- map, null, null);
+ content, null, null);
return getContentValue(body, "header.session_id");
}
- public static String getOldToken(String sdhost, int sdport, String user, String passwd) throws IOException,
- EPropertyNotFound, EBaseException, URISyntaxException {
- IConfigStore cs = CMS.getConfigStore();
-
- String subca_url = "https://" + CMS.getEEHost() + ":"
- + CMS.getAdminPort() + "/ca/admin/console/config/wizard" +
- "?p=5&subsystem=" + cs.getString("cs.type");
-
- String content = "uid=" + URLEncoder.encode(user, "UTF-8") + "&pwd=" + URLEncoder.encode(passwd, "UTF-8") +
- "&url=" + URLEncoder.encode(subca_url, "UTF-8");
-
- String response = ConfigurationUtils.getHttpResponse(sdhost, sdport, true,
- "/ca/admin/ca/getCookie", content, null);
-
- return getContentValue(response, "header.session_id");
- }
-
public static String getContentValue(String body, String header) {
StringTokenizer st = new StringTokenizer(body, "\n");
@@ -460,27 +403,32 @@ public class ConfigurationUtils {
}
public static String getDomainXML(String hostname, int https_admin_port, boolean https)
- throws IOException, SAXException, ParserConfigurationException {
- CMS.debug("getDomainXML start");
- String c = getHttpResponse(hostname, https_admin_port, https, "/ca/admin/ca/getDomainXML", null, null, null);
+ throws Exception {
+
+ CMS.debug("ConfigurationUtils: getting domain info");
+
+ String c = get(hostname, https_admin_port, https, "/ca/admin/ca/getDomainXML", null, null);
+
if (c != null) {
+
ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
XMLObject parser = null;
parser = new XMLObject(bis);
String status = parser.getValue("Status");
- CMS.debug("getDomainXML: status=" + status);
+ CMS.debug("ConfigurationUtils: status: " + status);
if (status.equals(SUCCESS)) {
String domainInfo = parser.getValue("DomainInfo");
- CMS.debug("getDomainXML: domainInfo=" + domainInfo);
+ CMS.debug("ConfigurationUtils: domain info: " + domainInfo);
return domainInfo;
+
} else {
String error = parser.getValue("Error");
throw new IOException(error);
}
-
}
+
return null;
}
@@ -516,7 +464,7 @@ public class ConfigurationUtils {
public static Vector<String> getUrlListFromSecurityDomain(IConfigStore config,
String type, String portType)
- throws EPropertyNotFound, EBaseException, IOException, SAXException, ParserConfigurationException {
+ throws Exception {
Vector<String> v = new Vector<String>();
String hostname = config.getString("securitydomain.host");
@@ -592,7 +540,7 @@ public class ConfigurationUtils {
}
public static void getConfigEntriesFromMaster()
- throws IOException, EBaseException, SAXException, ParserConfigurationException {
+ throws Exception {
IConfigStore config = CMS.getConfigStore();
String cstype = "";
@@ -606,16 +554,23 @@ public class ConfigurationUtils {
int master_port = config.getInteger("preop.master.httpsadminport", -1);
int master_ee_port = config.getInteger("preop.master.httpsport", -1);
- String content = "";
if (cstype.equals("ca") || cstype.equals("kra")) {
- content = "type=request&xmlOutput=true&sessionID=" + session_id;
- CMS.debug("http content=" + content);
+ MultivaluedMap<String, String> content = new MultivaluedHashMap<String, String>();
+ content.putSingle("type", "request");
+ content.putSingle("xmlOutput", "true");
+ content.putSingle("sessionID", session_id);
updateNumberRange(master_hostname, master_ee_port, master_port, true, content, "request");
- content = "type=serialNo&xmlOutput=true&sessionID=" + session_id;
+ content = new MultivaluedHashMap<String, String>();
+ content.putSingle("type", "serialNo");
+ content.putSingle("xmlOutput", "true");
+ content.putSingle("sessionID", session_id);
updateNumberRange(master_hostname, master_ee_port, master_port, true, content, "serialNo");
- content = "type=replicaId&xmlOutput=true&sessionID=" + session_id;
+ content = new MultivaluedHashMap<String, String>();
+ content.putSingle("type", "replicaId");
+ content.putSingle("xmlOutput", "true");
+ content.putSingle("sessionID", session_id);
updateNumberRange(master_hostname, master_ee_port, master_port, true, content, "replicaId");
}
@@ -657,12 +612,14 @@ public class ConfigurationUtils {
s1.append(",internaldb,internaldb.ldapauth,internaldb.ldapconn");
- content =
- "op=get&names=cloning.module.token,cloning.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,"
- + "internaldb.replication.password" + c1.toString()
- + "&substores=" + s1.toString()
- + "&xmlOutput=true&sessionID="
- + session_id;
+ MultivaluedMap<String, String> content = new MultivaluedHashMap<String, String>();
+ content.putSingle("op", "get");
+ content.putSingle("names", "cloning.module.token,cloning.token,instanceId,"
+ + "internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password" + c1);
+ content.putSingle("substores", s1.toString());
+ content.putSingle("xmlOutput", "true");
+ content.putSingle("sessionID", session_id);
+
boolean success = updateConfigEntries(master_hostname, master_port, true,
"/" + cstype + "/admin/" + cstype + "/getConfigEntries", content, config);
if (!success) {
@@ -674,8 +631,8 @@ public class ConfigurationUtils {
}
- public static void updateNumberRange(String hostname, int eePort, int adminPort, boolean https, String content,
- String type) throws IOException, EBaseException, SAXException, ParserConfigurationException {
+ public static void updateNumberRange(String hostname, int eePort, int adminPort, boolean https,
+ MultivaluedMap<String, String> content, String type) throws Exception {
CMS.debug("updateNumberRange start host=" + hostname + " adminPort=" + adminPort + " eePort=" + eePort);
IConfigStore cs = CMS.getConfigStore();
@@ -686,7 +643,7 @@ public class ConfigurationUtils {
String c = null;
XMLObject parser = null;
try {
- c = getHttpResponse(hostname, adminPort, https, serverPath, content, null, null);
+ c = post(hostname, adminPort, https, serverPath, content, null, null);
if (c == null || c.equals("")) {
CMS.debug("updateNumberRange: content is null.");
throw new IOException("The server you want to contact is not available");
@@ -696,12 +653,13 @@ public class ConfigurationUtils {
// when the admin servlet is unavailable, we return a badly formatted error page
// in that case, this will throw an exception and be passed into the catch block.
parser = new XMLObject(new ByteArrayInputStream(c.getBytes()));
+
} catch (Exception e) {
// for backward compatibility, try the old ee interface too
CMS.debug("updateNumberRange: Failed to contact master using admin port" + e);
CMS.debug("updateNumberRange: Attempting to contact master using EE port");
serverPath = "/" + cstype + "/ee/" + cstype + "/updateNumberRange";
- c = getHttpResponse(hostname, eePort, https, serverPath, content, null, null);
+ c = post(hostname, eePort, https, serverPath, content, null, null);
if (c == null || c.equals("")) {
CMS.debug("updateNumberRange: content is null.");
throw new IOException("The server you want to contact is not available", e);
@@ -730,8 +688,10 @@ public class ConfigurationUtils {
cs.putString("dbs.enableSerialManagement", "true");
cs.commit(false);
return;
+
} else if (status.equals(AUTH_FAILURE)) {
throw new EAuthException(AUTH_FAILURE);
+
} else {
String error = parser.getValue("Error");
throw new IOException(error);
@@ -739,10 +699,10 @@ public class ConfigurationUtils {
}
public static boolean updateConfigEntries(String hostname, int port, boolean https,
- String servlet, String uri, IConfigStore config)
- throws IOException, EBaseException, SAXException, ParserConfigurationException {
+ String servlet, MultivaluedMap<String, String> content, IConfigStore config)
+ throws Exception {
CMS.debug("updateConfigEntries start");
- String c = getHttpResponse(hostname, port, https, servlet, uri, null, null);
+ String c = post(hostname, port, https, servlet, content, null, null);
if (c != null) {
@@ -2426,7 +2386,7 @@ public class ConfigurationUtils {
}
public static int getSubsystemCount(String hostname, int https_admin_port,
- boolean https, String type) throws IOException, SAXException, ParserConfigurationException {
+ boolean https, String type) throws Exception {
CMS.debug("getSubsystemCount start");
String c = getDomainXML(hostname, https_admin_port, true);
if (c != null) {
@@ -2462,7 +2422,7 @@ public class ConfigurationUtils {
}
public static void configCert(HttpServletRequest request, HttpServletResponse response,
- Context context, Cert certObj) throws IOException {
+ Context context, Cert certObj) throws Exception {
IConfigStore config = CMS.getConfigStore();
String caType = certObj.getType();
@@ -2521,29 +2481,29 @@ public class ConfigurationUtils {
config.putString(subsystem + "." + certTag + ".certreq", pkcs10);
String profileId = config.getString(PCERT_PREFIX + certTag + ".profile");
String session_id = CMS.getConfigSDSessionId();
- String sd_hostname = "";
- int sd_ee_port = -1;
- try {
- sd_hostname = config.getString("securitydomain.host", "");
- sd_ee_port = config.getInteger("securitydomain.httpseeport", -1);
- } catch (Exception ee) {
- CMS.debug("configCert(): exception caught:" + ee.toString());
- }
String sysType = config.getString("cs.type", "");
String machineName = config.getString("machineName", "");
String securePort = config.getString("service.securePort", "");
+
if (certTag.equals("subsystem")) {
boolean standalone = config.getBoolean(sysType.toLowerCase() + ".standalone", false);
if (standalone) {
// Treat standalone subsystem the same as "otherca"
config.putString(subsystem + "." + certTag + ".cert",
"...paste certificate here...");
+
} else {
- String content =
- "requestor_name="
- + sysType + "-" + machineName + "-" + securePort + "&profileId=" + profileId
- + "&cert_request_type=pkcs10&cert_request=" + URLEncoder.encode(pkcs10, "UTF-8")
- + "&xmlOutput=true&sessionID=" + session_id;
+ String sd_hostname = config.getString("securitydomain.host", "");
+ int sd_ee_port = config.getInteger("securitydomain.httpseeport", -1);
+
+ MultivaluedMap<String, String> content = new MultivaluedHashMap<String, String>();
+ content.putSingle("requestor_name", sysType + "-" + machineName + "-" + securePort);
+ content.putSingle("profileId", profileId);
+ content.putSingle("cert_request_type", "pkcs10");
+ content.putSingle("cert_request", pkcs10);
+ content.putSingle("xmlOutput", "true");
+ content.putSingle("sessionID", session_id);
+
cert = CertUtil.createRemoteCert(sd_hostname, sd_ee_port,
content, response);
if (cert == null) {
@@ -2577,14 +2537,17 @@ public class ConfigurationUtils {
CertUtil.buildSANSSLserverURLExtension(config);
}
- String content =
- "requestor_name="
- + sysType + "-" + machineName + "-" + securePort + "&profileId=" + profileId
- + "&cert_request_type=pkcs10&cert_request=" + URLEncoder.encode(pkcs10, "UTF-8")
- + "&xmlOutput=true&sessionID=" + session_id
- + sslserver_extension;
+ MultivaluedMap<String, String> content = new MultivaluedHashMap<String, String>();
+ content.putSingle("requestor_name", sysType + "-" + machineName + "-" + securePort);
+ content.putSingle("profileId", profileId);
+ content.putSingle("cert_request_type", "pkcs10");
+ content.putSingle("cert_request", pkcs10);
+ content.putSingle("xmlOutput", "true");
+ content.putSingle("sessionID", session_id);
+
cert = CertUtil.createRemoteCert(ca_hostname, ca_port,
content, response);
+
if (cert == null) {
throw new IOException("Error: remote certificate is null");
}
@@ -2704,10 +2667,9 @@ public class ConfigurationUtils {
config.putString(subsystem + "." + certTag + ".cert", certs);
}
config.commit(false);
- } catch (IOException e) {
- throw e;
} catch (Exception e) {
CMS.debug("configCert() exception caught:" + e.toString());
+ throw e;
}
}
@@ -3595,8 +3557,7 @@ public class ConfigurationUtils {
}
public static String submitAdminCertRequest(String ca_hostname, int ca_port, String profileId,
- String certRequestType, String certRequest, String subjectDN) throws IOException, EBaseException,
- SAXException, ParserConfigurationException {
+ String certRequestType, String certRequest, String subjectDN) throws Exception {
IConfigStore config = CMS.getConfigStore();
if (profileId == null) {
@@ -3604,10 +3565,16 @@ public class ConfigurationUtils {
}
certRequest = URLEncoder.encode(certRequest, "UTF-8");
String session_id = CMS.getConfigSDSessionId();
- String content = "profileId=" + profileId + "&cert_request_type=" + certRequestType +
- "&cert_request=" + certRequest + "&xmlOutput=true&sessionID=" + session_id + "&subject=" + subjectDN;
- String c = getHttpResponse(ca_hostname, ca_port, true, "/ca/ee/ca/profileSubmit", content, null, null);
+ MultivaluedMap<String, String> content = new MultivaluedHashMap<String, String>();
+ content.putSingle("profileId", profileId);
+ content.putSingle("cert_request_type", certRequestType);
+ content.putSingle("cert_request", certRequest);
+ content.putSingle("xmlOutput", "true");
+ content.putSingle("sessionID", session_id);
+ content.putSingle("subject", subjectDN);
+
+ String c = post(ca_hostname, ca_port, true, "/ca/ee/ca/profileSubmit", content, null, null);
// retrieve the request Id and admin certificate
if (c != null) {
@@ -3714,8 +3681,8 @@ public class ConfigurationUtils {
// String c = getDomainXML(CMS.getEESSLHost(), Integer.parseInt(CMS.getAdminPort()), true);
}
- public static void updateSecurityDomain() throws IOException, SAXException, ParserConfigurationException,
- EPropertyNotFound, EBaseException {
+ public static void updateSecurityDomain() throws Exception {
+
IConfigStore cs = CMS.getConfigStore();
int sd_agent_port = cs.getInteger("securitydomain.httpsagentport");
@@ -3732,28 +3699,30 @@ public class ConfigurationUtils {
CMS.debug("Cloning a domain master");
}
- String cloneStr = select.equals("clone") ? "&clone=true" : "&clone=false";
- String domainMasterStr = cloneMaster ? "&dm=true" : "&dm=false";
- String eecaStr = (CMS.getEEClientAuthSSLPort() != null) ? "&eeclientauthsport=" + CMS.getEEClientAuthSSLPort()
- : "";
-
String url = "/ca/admin/ca/updateDomainXML";
- String content = "list=" + type + "List"
- + "&type=" + type
- + "&host=" + CMS.getEESSLHost()
- + "&name=" + subsystemName
- + "&sport=" + CMS.getEESSLPort()
- + domainMasterStr
- + cloneStr
- + "&agentsport=" + CMS.getAgentPort()
- + "&adminsport=" + CMS.getAdminPort()
- + eecaStr
- + "&httpport=" + CMS.getEENonSSLPort();
+
+ MultivaluedMap<String, String> content = new MultivaluedHashMap<String, String>();
+ content.putSingle("list", type + "List");
+ content.putSingle("type", type);
+ content.putSingle("host", CMS.getEESSLHost());
+ content.putSingle("name", subsystemName);
+ content.putSingle("sport", CMS.getEESSLPort());
+ content.putSingle("dm", cloneMaster ? "true" : "false");
+ content.putSingle("clone", select.equals("clone") ? "true" : "false");
+ content.putSingle("agentsport", CMS.getAgentPort());
+ content.putSingle("adminsport", CMS.getAdminPort());
+
+ if (CMS.getEEClientAuthSSLPort() != null) {
+ content.putSingle("eeclientauthsport", CMS.getEEClientAuthSSLPort());
+ }
+
+ content.putSingle("httpport", CMS.getEENonSSLPort());
try {
String session_id = CMS.getConfigSDSessionId();
- content += "&sessionID="+ session_id;
+ content.putSingle("sessionID", session_id);
updateDomainXML(sd_host, sd_admin_port, true, url, content, false);
+
} catch (Exception e) {
CMS.debug("updateSecurityDomain: failed to update security domain using admin port "
+ sd_admin_port + ": " + e);
@@ -3768,8 +3737,7 @@ public class ConfigurationUtils {
String c = getDomainXML(sd_host, sd_admin_port, true);
}
- public static boolean isSDHostDomainMaster(IConfigStore config) throws EPropertyNotFound, EBaseException,
- IOException, SAXException, ParserConfigurationException {
+ public static boolean isSDHostDomainMaster(IConfigStore config) throws Exception {
String dm = "false";
String hostname = config.getString("securitydomain.host");
@@ -3799,9 +3767,11 @@ public class ConfigurationUtils {
}
public static void updateDomainXML(String hostname, int port, boolean https,
- String servlet, String uri, boolean useClientAuth) throws IOException, EBaseException, SAXException,
- ParserConfigurationException {
+ String servlet, MultivaluedMap<String, String> content, boolean useClientAuth)
+ throws Exception {
+
CMS.debug("WizardPanelBase updateDomainXML start hostname=" + hostname + " port=" + port);
+
String c = null;
if (useClientAuth) {
IConfigStore cs = CMS.getConfigStore();
@@ -3815,10 +3785,12 @@ public class ConfigurationUtils {
}
CMS.debug("updateDomainXML() nickname=" + nickname);
- c = getHttpResponse(hostname, port, https, servlet, uri, nickname, null);
+ c = post(hostname, port, https, servlet, content, nickname, null);
+
} else {
- c = getHttpResponse(hostname, port, https, servlet, uri, null, null);
+ c = post(hostname, port, https, servlet, content, null, null);
}
+
if (c != null && !c.equals("")) {
ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
XMLObject obj = new XMLObject(bis);
@@ -3831,13 +3803,14 @@ public class ConfigurationUtils {
String error = obj.getValue("Error");
throw new IOException(error);
}
+
} else {
throw new IOException("Failed to get response when updating security domain");
}
}
public static void updateConnectorInfo(String ownagenthost, String ownagentsport)
- throws IOException, EBaseException, SAXException, ParserConfigurationException {
+ throws Exception {
IConfigStore cs = CMS.getConfigStore();
int port = -1;
String url = "";
@@ -3853,23 +3826,29 @@ public class ConfigurationUtils {
if (host == null) {
CMS.debug("updateConnectorInfo(): preop.ca.url is not defined. External CA selected. No transport certificate setup is required");
+
} else {
CMS.debug("updateConnectorInfo(): Transport certificate is being setup in " + url);
String session_id = CMS.getConfigSDSessionId();
- String content = "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30"
- + "&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host=" + ownagenthost
- + "&ca.connector.KRA.port=" + ownagentsport
- + "&ca.connector.KRA.transportCert=" + URLEncoder.encode(transportCert, "UTF-8")
- + "&sessionID=" + session_id;
+
+ MultivaluedMap<String, String> content = new MultivaluedHashMap<String, String>();
+ content.putSingle("ca.connector.KRA.enable", "true");
+ content.putSingle("ca.connector.KRA.local", "false");
+ content.putSingle("ca.connector.KRA.timeout", "30");
+ content.putSingle("ca.connector.KRA.uri", "/kra/agent/kra/connector");
+ content.putSingle("ca.connector.KRA.host", ownagenthost);
+ content.putSingle("ca.connector.KRA.port", ownagentsport);
+ content.putSingle("ca.connector.KRA.transportCert", transportCert);
+ content.putSingle("sessionID", session_id);
updateConnectorInfo(host, port, true, content);
}
}
public static void updateConnectorInfo(String host, int port, boolean https,
- String content) throws IOException, SAXException, ParserConfigurationException {
+ MultivaluedMap<String, String> content) throws Exception {
CMS.debug("updateConnectorInfo start");
- String c = getHttpResponse(host, port, https, "/ca/admin/ca/updateConnector", content, null, null);
+ String c = post(host, port, https, "/ca/admin/ca/updateConnector", content, null, null);
if (c != null) {
ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
XMLObject parser = null;
@@ -3883,8 +3862,7 @@ public class ConfigurationUtils {
}
}
- public static void setupClientAuthUser() throws EBaseException, CertificateException, IOException, SAXException,
- ParserConfigurationException, LDAPException {
+ public static void setupClientAuthUser() throws Exception {
IConfigStore cs = CMS.getConfigStore();
String host = cs.getString("preop.ca.hostname", "");
int port = cs.getInteger("preop.ca.httpsadminport", -1);
@@ -3939,9 +3917,12 @@ public class ConfigurationUtils {
}
public static String getSubsystemCert(String host, int port, boolean https)
- throws IOException, SAXException, ParserConfigurationException {
+ throws Exception {
+
CMS.debug("getSubsystemCert() start");
- String c = getHttpResponse(host, port, https, "/ca/admin/ca/getSubsystemCert", null, null, null);
+
+ String c = get(host, port, https, "/ca/admin/ca/getSubsystemCert", null, null);
+
if (c != null) {
ByteArrayInputStream bis =
new ByteArrayInputStream(c.getBytes());
@@ -3954,20 +3935,22 @@ public class ConfigurationUtils {
return null;
}
}
+
return null;
}
public static String getTransportCert(URI secdomainURI, URI kraUri)
- throws IOException, SAXException, ParserConfigurationException {
+ throws Exception {
CMS.debug("getTransportCert() start");
String sessionId = CMS.getConfigSDSessionId();
- String content = "&xmlOutput=true" +
- "&sessionID=" + sessionId +
- "&auth_hostname=" + secdomainURI.getHost() +
- "&auth_port=" + secdomainURI.getPort();
+ MultivaluedMap<String, String> content = new MultivaluedHashMap<String, String>();
+ content.putSingle("xmlOutput", "true");
+ content.putSingle("sessionID", sessionId);
+ content.putSingle("auth_hostname", secdomainURI.getHost());
+ content.putSingle("auth_port", secdomainURI.getPort() + "");
- String c = getHttpResponse(
+ String c = post(
kraUri.getHost(),
kraUri.getPort(),
true,
@@ -4089,17 +4072,22 @@ public class ConfigurationUtils {
}
}
- public static void updateOCSPConfig()
- throws IOException, EBaseException, SAXException, ParserConfigurationException {
+ public static void updateOCSPConfig() throws Exception {
+
IConfigStore config = CMS.getConfigStore();
String cahost = config.getString("preop.ca.hostname", "");
int caport = config.getInteger("preop.ca.httpsport", -1);
String ocsphost = CMS.getAgentHost();
int ocspport = Integer.parseInt(CMS.getAgentPort());
String session_id = CMS.getConfigSDSessionId();
- String content = "xmlOutput=true&sessionID=" + session_id + "&ocsp_host=" + ocsphost + "&ocsp_port=" + ocspport;
- String c = getHttpResponse(cahost, caport, true, "/ca/ee/ca/updateOCSPConfig", content, null, null);
+ MultivaluedMap<String, String> content = new MultivaluedHashMap<String, String>();
+ content.putSingle("xmlOutput", "true");
+ content.putSingle("sessionID", session_id);
+ content.putSingle("ocsp_host", ocsphost);
+ content.putSingle("ocsp_port", ocspport + "");
+
+ String c = post(cahost, caport, true, "/ca/ee/ca/updateOCSPConfig", content, null, null);
if (c == null || c.equals("")) {
CMS.debug("WizardPanelBase updateOCSPConfig: content is null.");
throw new IOException("The server you want to contact is not available");
@@ -4220,17 +4208,18 @@ public class ConfigurationUtils {
String sessionId = CMS.getConfigSDSessionId();
String subsystemName = cs.getString("preop.subsystem.name");
- String content = "uid=" + uid +
- "&xmlOutput=true" +
- "&sessionID=" + sessionId +
- "&auth_hostname=" + secdomainURI.getHost() +
- "&auth_port=" + secdomainURI.getPort() +
- "&certificate=" + URLEncoder.encode(getSubsystemCert(), "UTF-8") +
- "&name=" + subsystemName;
+ MultivaluedMap<String, String> content = new MultivaluedHashMap<String, String>();
+ content.putSingle("uid", uid);
+ content.putSingle("xmlOutput", "true");
+ content.putSingle("sessionID", sessionId);
+ content.putSingle("auth_hostname", secdomainURI.getHost());
+ content.putSingle("auth_port", secdomainURI.getPort() + "");
+ content.putSingle("certificate", getSubsystemCert());
+ content.putSingle("name", subsystemName);
String targetURL = "/" + targetType + "/admin/" + targetType + "/registerUser";
- String response = getHttpResponse(
+ String response = post(
targetURI.getHost(),
targetURI.getPort(),
true,
@@ -4240,6 +4229,7 @@ public class ConfigurationUtils {
if (response == null || response.equals("")) {
CMS.debug("registerUser: response is empty or null.");
throw new IOException("The server " + targetURI + "is not available");
+
} else {
CMS.debug("registerUser: response: " + response);
ByteArrayInputStream bis = new ByteArrayInputStream(response.getBytes());
@@ -4251,8 +4241,10 @@ public class ConfigurationUtils {
if (status.equals(SUCCESS)) {
CMS.debug("registerUser: Successfully added user " + uid + " to " + targetURI +
" using " + targetURL);
+
} else if (status.equals(AUTH_FAILURE)) {
throw new EAuthException(AUTH_FAILURE);
+
} else {
String error = parser.getValue("Error");
throw new IOException(error);
@@ -4266,16 +4258,17 @@ public class ConfigurationUtils {
+ "-" + cs.getString("service.securePort", "");
String sessionId = CMS.getConfigSDSessionId();
- String content = "name=" + name +
- "&xmlOutput=true" +
- "&sessionID=" + sessionId +
- "&auth_hostname=" + secdomainURI.getHost() +
- "&auth_port=" + secdomainURI.getPort() +
- "&certificate=" + URLEncoder.encode(transportCert, "UTF-8");
+ MultivaluedMap<String, String> content = new MultivaluedHashMap<String, String>();
+ content.putSingle("name", name);
+ content.putSingle("xmlOutput", "true");
+ content.putSingle("sessionID", sessionId);
+ content.putSingle("auth_hostname", secdomainURI.getHost());
+ content.putSingle("auth_port", secdomainURI.getPort() + "");
+ content.putSingle("certificate", transportCert);
String targetURL = "/tks/admin/tks/importTransportCert";
- String response = getHttpResponse(
+ String response = post(
targetURI.getHost(),
targetURI.getPort(),
true,
diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
index 50b2c16f653ef588229db657b23106b3752fd621..1467b5fbe66722231177973a2b3474c4989708a1 100644
--- a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
+++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
@@ -908,7 +908,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
String host;
int port;
try {
- CMS.debug("Resolving security domain URL" + securityDomainURL);
+ CMS.debug("Resolving security domain URL " + securityDomainURL);
secdomainURL = new URL(securityDomainURL);
host = secdomainURL.getHost();
port = secdomainURL.getPort();
@@ -932,8 +932,8 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
domainXML = ConfigurationUtils.getDomainXML(host, port, true);
ConfigurationUtils.getSecurityDomainPorts(domainXML, host, port);
} catch (Exception e) {
- e.printStackTrace();
- throw new PKIException("Failed to obtain security domain decriptor from security domain master: " + e);
+ CMS.debug(e);
+ throw new PKIException("Failed to obtain security domain decriptor from security domain master: " + e, e);
}
return domainXML;
}
@@ -943,8 +943,8 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
try {
ConfigurationUtils.importCertChain(host, port, "/ca/admin/ca/getCertChain", "securitydomain");
} catch (Exception e) {
- e.printStackTrace();
- throw new PKIException("Failed to import certificate chain from security domain master: " + e);
+ CMS.debug(e);
+ throw new PKIException("Failed to import certificate chain from security domain master: " + e, e);
}
}
--
2.4.3
More information about the Pki-devel
mailing list