001: /**
002: *
003: * Licensed to the Apache Software Foundation (ASF) under one or more
004: * contributor license agreements. See the NOTICE file distributed with
005: * this work for additional information regarding copyright ownership.
006: * The ASF licenses this file to You under the Apache License, Version 2.0
007: * (the "License"); you may not use this file except in compliance with
008: * the License. You may obtain a copy of the License at
009: *
010: * http://www.apache.org/licenses/LICENSE-2.0
011: *
012: * Unless required by applicable law or agreed to in writing, software
013: * distributed under the License is distributed on an "AS IS" BASIS,
014: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015: * See the License for the specific language governing permissions and
016: * limitations under the License.
017: */package org.apache.geronimo.console.ca;
018:
019: import java.io.IOException;
020: import java.math.BigInteger;
021: import java.net.URI;
022: import java.text.DateFormat;
023: import java.text.SimpleDateFormat;
024: import java.util.Date;
025:
026: import javax.portlet.ActionRequest;
027: import javax.portlet.ActionResponse;
028: import javax.portlet.PortletException;
029: import javax.portlet.PortletRequest;
030: import javax.portlet.RenderRequest;
031: import javax.portlet.RenderResponse;
032:
033: import org.apache.commons.logging.Log;
034: import org.apache.commons.logging.LogFactory;
035: import org.apache.geronimo.console.MultiPageModel;
036: import org.apache.geronimo.console.util.PortletManager;
037: import org.apache.geronimo.gbean.AbstractName;
038: import org.apache.geronimo.gbean.GBeanData;
039: import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
040: import org.apache.geronimo.kernel.Naming;
041: import org.apache.geronimo.kernel.proxy.GeronimoManagedBean;
042: import org.apache.geronimo.kernel.repository.Artifact;
043: import org.apache.geronimo.management.geronimo.CertificationAuthority;
044: import org.apache.geronimo.management.geronimo.KeystoreInstance;
045: import org.apache.geronimo.security.ca.FileCertificateRequestStore;
046: import org.apache.geronimo.security.ca.FileCertificateStore;
047: import org.apache.geronimo.security.ca.GeronimoCertificationAuthority;
048: import org.apache.geronimo.system.serverinfo.ServerInfo;
049: import org.apache.geronimo.crypto.KeystoreUtil;
050:
051: /**
052: * Handler for the CA confirmation screen.
053: *
054: * @version $Rev: 617588 $ $Date: 2008-02-01 10:20:07 -0800 (Fri, 01 Feb 2008) $
055: */
056: public class ConfirmCAHandler extends BaseCAHandler {
057: private final static Log log = LogFactory
058: .getLog(ConfirmCAHandler.class);
059:
060: public ConfirmCAHandler() {
061: super (CONFIRM_CA_MODE, "/WEB-INF/view/ca/confirmCA.jsp");
062: }
063:
064: public String actionBeforeView(ActionRequest request,
065: ActionResponse response, MultiPageModel model)
066: throws PortletException, IOException {
067: String[] params = { ERROR_MSG, INFO_MSG, "caCN", "caOU", "caO",
068: "caL", "caST", "caC", "alias", "keyAlgorithm",
069: "keySize", "algorithm", "validFrom", "validTo", "sNo",
070: "password" };
071: for (int i = 0; i < params.length; ++i) {
072: String value = request.getParameter(params[i]);
073: if (value != null)
074: response.setRenderParameter(params[i], value);
075: }
076: return getMode();
077: }
078:
079: public void renderView(RenderRequest request,
080: RenderResponse response, MultiPageModel model)
081: throws PortletException, IOException {
082: String[] params = { ERROR_MSG, INFO_MSG, "caCN", "caOU", "caO",
083: "caL", "caST", "caC", "alias", "keyAlgorithm",
084: "keySize", "algorithm", "validFrom", "validTo", "sNo",
085: "password" };
086: for (int i = 0; i < params.length; ++i) {
087: String value = request.getParameter(params[i]);
088: if (value != null)
089: request.setAttribute(params[i], value);
090: }
091: }
092:
093: public String actionAfterView(ActionRequest request,
094: ActionResponse response, MultiPageModel model)
095: throws PortletException, IOException {
096: String caCN = request.getParameter("caCN");
097: String caOU = request.getParameter("caOU");
098: String caO = request.getParameter("caO");
099: String caL = request.getParameter("caL");
100: String caST = request.getParameter("caST");
101: String caC = request.getParameter("caC");
102: String alias = request.getParameter("alias");
103: String password = request.getParameter("password");
104: String keyAlgorithm = request.getParameter("keyAlgorithm");
105: String keySize = request.getParameter("keySize");
106: String algorithm = request.getParameter("algorithm");
107: String validFrom = request.getParameter("validFrom");
108: String validTo = request.getParameter("validTo");
109: String sNo = request.getParameter("sNo");
110: String errorMsg = null;
111:
112: try {
113: // Generate keypair
114: // Check if the key algorithm is same as defaultKeyAlgorithm (which is "RSA")
115: if (!defaultKeyAlgorithm.equalsIgnoreCase(keyAlgorithm)) {
116: throw new Exception("Key Algorithm '" + keyAlgorithm
117: + "' is not supported.");
118: }
119: // Create a KeystoreInstance and generate keypair
120: KeystoreInstance caKeystore = createCAKeystoreInstance(
121: request, password, KeystoreUtil.defaultType);
122: caKeystore.unlockKeystore(password.toCharArray());
123: caKeystore.generateKeyPair(alias, password.toCharArray(),
124: password.toCharArray(), keyAlgorithm, Integer
125: .parseInt(keySize), algorithm, 365, caCN,
126: caOU, caO, caL, caST, caC);
127: caKeystore.unlockPrivateKey(alias, password.toCharArray(),
128: password.toCharArray());
129:
130: // Create CertificationAuthority, CertificateStore and CertificateRequestStore GBeans
131: createCARelatedGBeans(request,
132: (GeronimoManagedBean) caKeystore,
133: defaultCAStoreDir, defaultCSRStoreDir);
134:
135: CertificationAuthority ca = getCertificationAuthority(request);
136: ca.unlock(password.toCharArray());
137:
138: // Certificate validity and serial number.
139: // Validity of these have been checked before loading the confirmation page.
140: Date validFromDate = null, validToDate = null;
141: DateFormat df = new SimpleDateFormat("MM/dd/yyyy");
142: validFromDate = df.parse(validFrom);
143: validToDate = df.parse(validTo);
144: BigInteger serialNum = new BigInteger(sNo);
145:
146: // Instruct the CA to issue a self-signed certificate.
147: ca.issueOwnCertificate(serialNum, validFromDate,
148: validToDate, algorithm);
149: // Publish the CA's certificate to CertificateStore.
150: getCertificateStore(request).storeCACertificate(
151: ca.getCertificate());
152:
153: // CA Setup is succeessful.
154: // Load a page to show CA details.
155: response.setRenderParameter(INFO_MSG,
156: "CA Setup is successful!");
157: log.info("CA Setup is successful.");
158:
159: return CADETAILS_MODE + BEFORE_ACTION;
160: } catch (Exception e) {
161: errorMsg = e.toString();
162: log.error("Errors in CA Setup process.", e);
163: }
164:
165: // An error occurred. Go back to CA details entry page so that user can correct the errors.
166: if (errorMsg != null)
167: response.setRenderParameter(ERROR_MSG, errorMsg);
168: return SETUPCA_MODE + BEFORE_ACTION;
169: }
170:
171: /**
172: * This method creates CerificationAuthority, CertificateStore and CertificateRequestStore GBeans. The GBeans are
173: * created and added to the same configuration containing the caKeystore GBean.
174: * @param request PortletRequest to execute any kernel api's
175: * @param caKeystore Keystore to be used by the CA
176: * @param certStorePath Path for CertificateStore directory. Note: This CA uses FileCertificateStore
177: * @param certReqStorePath Path for CertificateRequestStore directory: Note: This CA uses FileCertificateRequestStore
178: */
179: private void createCARelatedGBeans(PortletRequest request,
180: GeronimoManagedBean caKeystore, String certStorePath,
181: String certReqStorePath) {
182: // Get hold of configuration containing caKeystore GBean
183: AbstractName caKeystoreName = PortletManager.getNameFor(
184: request, caKeystore);
185: Artifact configurationId = PortletManager.getConfigurationFor(
186: request, caKeystoreName);
187: ServerInfo serverInfo = PortletManager
188: .getCurrentServer(request).getServerInfo();
189: AbstractName serverInfoName = PortletManager.getNameFor(
190: request, serverInfo);
191: Naming naming = PortletManager.getManagementHelper(request)
192: .getNaming();
193:
194: // Add a CertificateStore GBean
195: AbstractName certStoreName = naming.createSiblingName(
196: caKeystoreName, "geronimo-ca-cert-store",
197: NameFactory.CERTIFICATE_STORE);
198: GBeanData certStore = new GBeanData(certStoreName,
199: FileCertificateStore.GBEAN_INFO);
200: certStore.setAttribute("directoryPath", URI
201: .create(certStorePath));
202: certStore.setReferencePattern("ServerInfo", serverInfoName);
203: PortletManager.addGBeanToConfiguration(request,
204: configurationId, certStore, true);
205:
206: // Add a CertificateRequestStore GBean
207: AbstractName certReqStoreName = naming.createSiblingName(
208: caKeystoreName, "geronimo-ca-cert-req-store",
209: NameFactory.CERTIFICATE_REQUEST_STORE);
210: GBeanData certReqStore = new GBeanData(certReqStoreName,
211: FileCertificateRequestStore.GBEAN_INFO);
212: certReqStore.setAttribute("directoryPath", URI
213: .create(certReqStorePath));
214: certReqStore.setReferencePattern("ServerInfo", serverInfoName);
215: PortletManager.addGBeanToConfiguration(request,
216: configurationId, certReqStore, true);
217:
218: // Add a CertificationAuthority GBean
219: AbstractName caName = naming.createSiblingName(caKeystoreName,
220: "geronimo-ca", NameFactory.CERTIFICATION_AUTHORITY);
221: GBeanData ca = new GBeanData(caName,
222: GeronimoCertificationAuthority.GBEAN_INFO);
223: ca.setReferencePattern("ServerInfo", serverInfoName);
224: ca.setReferencePattern("KeystoreInstance", caKeystoreName);
225: ca.setReferencePattern("CertificateStore", certStoreName);
226: ca.setReferencePattern("CertificateRequestStore",
227: certReqStoreName);
228: PortletManager.addGBeanToConfiguration(request,
229: configurationId, ca, true);
230: }
231: }
|